Edit tour

Windows Analysis Report
https://shoutout.wix.com/so/6aOvZIbaa/c?w=6l54s-JK7hLIg5qMcUMduwHAiQQEhSb_lSGP5TtpgAA.eyJ1IjoiaHR0cHM6Ly9oYW5kYm9va2luYy13dml5YS5mb3Jtc3RhY2suY29tL2Zvcm1zL2hhbmRib29rX2luYyIsInIiOiJhNjAxNmI4ZC1kMDMwLTRmMDQtOThjMy1mMjYxOGY0ZDg1ZWMiLCJtIjoibWFpbCIsImMiOiJlZjMwYzlkNC01ZTJhLTRjMjItYWQyZS1kN2JhOTQwYjMyYz

Overview

General Information

Sample URL:https://shoutout.wix.com/so/6aOvZIbaa/c?w=6l54s-JK7hLIg5qMcUMduwHAiQQEhSb_lSGP5TtpgAA.eyJ1IjoiaHR0cHM6Ly9oYW5kYm9va2luYy13dml5YS5mb3Jtc3RhY2suY29tL2Zvcm1zL2hhbmRib29rX2luYyIsInIiOiJhNjAxNmI4ZC1kMDMwLT
Analysis ID:1439861
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 6156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://shoutout.wix.com/so/6aOvZIbaa/c?w=6l54s-JK7hLIg5qMcUMduwHAiQQEhSb_lSGP5TtpgAA.eyJ1IjoiaHR0cHM6Ly9oYW5kYm9va2luYy13dml5YS5mb3Jtc3RhY2suY29tL2Zvcm1zL2hhbmRib29rX2luYyIsInIiOiJhNjAxNmI4ZC1kMDMwLTRmMDQtOThjMy1mMjYxOGY0ZDg1ZWMiLCJtIjoibWFpbCIsImMiOiJlZjMwYzlkNC01ZTJhLTRjMjItYWQyZS1kN2JhOTQwYjMyYzkifQ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6740 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1964,i,780211566171461481,6419157893894462519,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://shoutout.wix.com/so/6aOvZIbaa/c?w=6l54s-JK7hLIg5qMcUMduwHAiQQEhSb_lSGP5TtpgAA.eyJ1IjoiaHR0cHM6Ly9oYW5kYm9va2luYy13dml5YS5mb3Jtc3RhY2suY29tL2Zvcm1zL2hhbmRib29rX2luYyIsInIiOiJhNjAxNmI4ZC1kMDMwLTRmMDQtOThjMy1mMjYxOGY0ZDg1ZWMiLCJtIjoibWFpbCIsImMiOiJlZjMwYzlkNC01ZTJhLTRjMjItYWQyZS1kN2JhOTQwYjMyYzkifQHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 23.221.246.93:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.221.246.93:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.246.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.246.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.246.93
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.246.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.246.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.246.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.246.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.246.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.246.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.246.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.246.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.246.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.246.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.246.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.246.93
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.246.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.246.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.246.93
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: global trafficHTTP traffic detected: GET /so/6aOvZIbaa/c?w=6l54s-JK7hLIg5qMcUMduwHAiQQEhSb_lSGP5TtpgAA.eyJ1IjoiaHR0cHM6Ly9oYW5kYm9va2luYy13dml5YS5mb3Jtc3RhY2suY29tL2Zvcm1zL2hhbmRib29rX2luYyIsInIiOiJhNjAxNmI4ZC1kMDMwLTRmMDQtOThjMy1mMjYxOGY0ZDg1ZWMiLCJtIjoibWFpbCIsImMiOiJlZjMwYzlkNC01ZTJhLTRjMjItYWQyZS1kN2JhOTQwYjMyYzkifQ HTTP/1.1Host: shoutout.wix.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: shoutout.wix.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://shoutout.wix.com/so/6aOvZIbaa/c?w=6l54s-JK7hLIg5qMcUMduwHAiQQEhSb_lSGP5TtpgAA.eyJ1IjoiaHR0cHM6Ly9oYW5kYm9va2luYy13dml5YS5mb3Jtc3RhY2suY29tL2Zvcm1zL2hhbmRib29rX2luYyIsInIiOiJhNjAxNmI4ZC1kMDMwLTRmMDQtOThjMy1mMjYxOGY0ZDg1ZWMiLCJtIjoibWFpbCIsImMiOiJlZjMwYzlkNC01ZTJhLTRjMjItYWQyZS1kN2JhOTQwYjMyYzkifQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=1715375467|BEmRVCs4eiPB
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: shoutout.wix.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=1715375467|BEmRVCs4eiPB
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oX5WCZpb4pMetc3&MD=xPs25fbd HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oX5WCZpb4pMetc3&MD=xPs25fbd HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficDNS traffic detected: DNS query: shoutout.wix.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Fri, 10 May 2024 21:11:07 GMTcontent-type: application/json;charset=utf-8set-cookie: XSRF-TOKEN=1715375467|BEmRVCs4eiPB;Path=/;Domain=.wix.com;Secure;SameSite=Nonecache-control: no-cachevary: Accept-Encodingx-seen-by: oDbbMvfdXCdtsgjD2KgaM8iHE4dbw+wewoJ5nvKoyjE=,m0j2EEknGIVUW/liY8BLLsZQEcjKcfEGnwQ6ei6CLSx9UuJLvoOY0uBy3RuVN3og,++r5XCRb/6cYf+PEtyYPdDFu7vOUOdVud5mWngWZDCZEQfi00LSS7LJu7sdkoLsDaB5TC/oISOf+QVeiq+ePXg==,r6yY0ta7bIKrqK70x072leNKJwoMV94H/RNCTpq2TmM=,ha2BjfnpoaWsa89DnyiXUGyl7mkogojdegmHsLblCIpYgeUJqUXtid+86vZww+nL,EJPgQkiJ1uIii9vVxis+2pJ41qCXhxlztrX5bhzsTe6a0EMuuDJTK3Dbv3DmRhSoBNNsDL8s++o7dxytS/cGGQ==x-wix-request-id: 1715375467.4605840757128428678server: Pepyakax-content-type-options: nosniffstrict-transport-security: max-age=120 ; includeSubDomainsvia: 1.1 googleglb-x-seen-by: wMMTADooq5AJ3cFomJ/MuXOQWGce7NCZXKms1ErOpBs=Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: closeTransfer-Encoding: chunked
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownHTTPS traffic detected: 23.221.246.93:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.221.246.93:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: classification engineClassification label: clean0.win@14/11@6/4
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://shoutout.wix.com/so/6aOvZIbaa/c?w=6l54s-JK7hLIg5qMcUMduwHAiQQEhSb_lSGP5TtpgAA.eyJ1IjoiaHR0cHM6Ly9oYW5kYm9va2luYy13dml5YS5mb3Jtc3RhY2suY29tL2Zvcm1zL2hhbmRib29rX2luYyIsInIiOiJhNjAxNmI4ZC1kMDMwLTRmMDQtOThjMy1mMjYxOGY0ZDg1ZWMiLCJtIjoibWFpbCIsImMiOiJlZjMwYzlkNC01ZTJhLTRjMjItYWQyZS1kN2JhOTQwYjMyYzkifQ
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1964,i,780211566171461481,6419157893894462519,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1964,i,780211566171461481,6419157893894462519,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1439861 URL: https://shoutout.wix.com/so... Startdate: 10/05/2024 Architecture: WINDOWS Score: 0 5 chrome.exe 9 2->5         started        dnsIp3 11 192.168.2.16, 138, 443, 49696 unknown unknown 5->11 13 239.255.255.250 unknown Reserved 5->13 8 chrome.exe 5->8         started        process4 dnsIp5 15 www.google.com 142.250.191.100, 443, 49709, 49718 GOOGLEUS United States 8->15 17 glb-editor.wix.com 34.149.206.255, 443, 49704, 49706 ATGS-MMD-ASUS United States 8->17 19 3 other IPs or domains 8->19

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://shoutout.wix.com/so/6aOvZIbaa/c?w=6l54s-JK7hLIg5qMcUMduwHAiQQEhSb_lSGP5TtpgAA.eyJ1IjoiaHR0cHM6Ly9oYW5kYm9va2luYy13dml5YS5mb3Jtc3RhY2suY29tL2Zvcm1zL2hhbmRib29rX2luYyIsInIiOiJhNjAxNmI4ZC1kMDMwLTRmMDQtOThjMy1mMjYxOGY0ZDg1ZWMiLCJtIjoibWFpbCIsImMiOiJlZjMwYzlkNC01ZTJhLTRjMjItYWQyZS1kN2JhOTQwYjMyYzkifQ0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
glb-editor.wix.com
34.149.206.255
truefalse
    high
    www.google.com
    142.250.191.100
    truefalse
      high
      shoutout.wix.com
      unknown
      unknownfalse
        high
        NameMaliciousAntivirus DetectionReputation
        https://shoutout.wix.com/so/6aOvZIbaa/c?w=6l54s-JK7hLIg5qMcUMduwHAiQQEhSb_lSGP5TtpgAA.eyJ1IjoiaHR0cHM6Ly9oYW5kYm9va2luYy13dml5YS5mb3Jtc3RhY2suY29tL2Zvcm1zL2hhbmRib29rX2luYyIsInIiOiJhNjAxNmI4ZC1kMDMwLTRmMDQtOThjMy1mMjYxOGY0ZDg1ZWMiLCJtIjoibWFpbCIsImMiOiJlZjMwYzlkNC01ZTJhLTRjMjItYWQyZS1kN2JhOTQwYjMyYzkifQfalse
          high
          https://shoutout.wix.com/favicon.icofalse
            high
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            239.255.255.250
            unknownReserved
            unknownunknownfalse
            142.250.191.100
            www.google.comUnited States
            15169GOOGLEUSfalse
            34.149.206.255
            glb-editor.wix.comUnited States
            2686ATGS-MMD-ASUSfalse
            IP
            192.168.2.16
            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1439861
            Start date and time:2024-05-10 23:10:34 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 3m 30s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsinteractivecookbook.jbs
            Sample URL:https://shoutout.wix.com/so/6aOvZIbaa/c?w=6l54s-JK7hLIg5qMcUMduwHAiQQEhSb_lSGP5TtpgAA.eyJ1IjoiaHR0cHM6Ly9oYW5kYm9va2luYy13dml5YS5mb3Jtc3RhY2suY29tL2Zvcm1zL2hhbmRib29rX2luYyIsInIiOiJhNjAxNmI4ZC1kMDMwLTRmMDQtOThjMy1mMjYxOGY0ZDg1ZWMiLCJtIjoibWFpbCIsImMiOiJlZjMwYzlkNC01ZTJhLTRjMjItYWQyZS1kN2JhOTQwYjMyYzkifQ
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:12
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:CLEAN
            Classification:clean0.win@14/11@6/4
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 0
            • Number of non-executed functions: 0
            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 142.250.190.131, 142.250.190.46, 142.250.112.84, 34.104.35.123, 142.250.190.67, 142.250.190.14
            • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information
            • VT rate limit hit for: https://shoutout.wix.com/so/6aOvZIbaa/c?w=6l54s-JK7hLIg5qMcUMduwHAiQQEhSb_lSGP5TtpgAA.eyJ1IjoiaHR0cHM6Ly9oYW5kYm9va2luYy13dml5YS5mb3Jtc3RhY2suY29tL2Zvcm1zL2hhbmRib29rX2luYyIsInIiOiJhNjAxNmI4ZC1kMDMwLTRmMDQtOThjMy1mMjYxOGY0ZDg1ZWMiLCJtIjoibWFpbCIsImMiOiJlZjMwYzlkNC01ZTJhLTRjMjItYWQyZS1kN2JhOTQwYjMyYzkifQ
            No simulations
            No context
            No context
            No context
            No context
            No context
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 10 20:11:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2673
            Entropy (8bit):3.9874266051560943
            Encrypted:false
            SSDEEP:48:8Bd5ThFpHYZidAKZdA1FehwiZUklqehay+3:8tvc9y
            MD5:9F57E18C721857907A648664076B8149
            SHA1:FD5AF53F596CEC8E5AB1EDAFC576B320BE06345C
            SHA-256:F55598168ADBBC01056ABF4EEC5B9BD3780E707AA56794A160F52BDBC784BCCD
            SHA-512:662E68F3BB7306BE44AC24AB0C49C9FF2DA0896B3FEC7495818C9EFBE8D0E77E1EACBAFC23DB3B8F720E2795AEEB53A375B3437D730200A4CD08FF61F10FFB6E
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,.....U......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XW.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xc.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xc.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xc............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xe............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............T......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 10 20:11:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2675
            Entropy (8bit):4.00325788543279
            Encrypted:false
            SSDEEP:48:82d5ThFpHYZidAKZdA1seh/iZUkAQkqehty+2:8AvS9Qgy
            MD5:D17CDC4637E0AEF7BE01C6BC9C210506
            SHA1:8166140BE783A18001C50353B800DF8DE3743FAF
            SHA-256:FEAEE23E50101181F120015F8B7B7A17A80AF02D82C3D5260D30066642EF5616
            SHA-512:B570F74BB6CA280DD04FB85FA79514D59448EDEB7BBCD4944F59FD322C0F454B811172EE63F3BEBAA64ADA33B183182E411EE416BAB4A9AF61101739A68EE932
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,....i.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XW.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xc.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xc.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xc............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xe............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............T......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2689
            Entropy (8bit):4.0100713235629994
            Encrypted:false
            SSDEEP:48:8Od5ThFAHYZidAKZdA14meh7sFiZUkmgqeh7sDy+BX:84vNnxy
            MD5:DCEF2CD61D60AAD2ECA13F936B190906
            SHA1:839A21F4C4053C7D35A826FBD147B180FB12BCB5
            SHA-256:4AE803D9173F8D0B4AD3F9FAFDD72EEEBABF19B5A1D373139AA8FED87A6C0E4C
            SHA-512:463A8A4DFE0DA880901F45369C336349B971EB7B19780AEE73D530A8338D801EC06DD3FC78A7C7E6BBCF3151B051C5C75B8AD11FCF5FA5CABE6F56E0277557BE
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XW.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xc.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xc.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xc............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............T......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 10 20:11:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2677
            Entropy (8bit):4.001779467148793
            Encrypted:false
            SSDEEP:48:8Ld5ThFpHYZidAKZdA1TehDiZUkwqehpy+R:8fvJ7y
            MD5:A96525C56C64769F3531EB6138F9D68D
            SHA1:280E0ABA7FB929239D7823C65854DB9F66DC658D
            SHA-256:B442F6D3FA51C6303B2386B0573424468B2EF526FF47A5E793F011434307A5BC
            SHA-512:70243655BDA459B83C29D7EA8366FC8FC1F479E28CAAE6B365265A2C0EA4909639EC056B9676F7812BDA3A704D04012F05CDE422987DF6496E6E7F74CDAF6183
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,.....>......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XW.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xc.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xc.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xc............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xe............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............T......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 10 20:11:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2677
            Entropy (8bit):3.9896318524588636
            Encrypted:false
            SSDEEP:48:8Nd5ThFpHYZidAKZdA1dehBiZUk1W1qehHy+C:85vZ9ny
            MD5:A5A5719481EAAD560381379B3E2F8421
            SHA1:3B32D8414D81701302ACAFD80FD74C172940392C
            SHA-256:732664FCEBE0CE02CAD47EA3FD631C8F6BEF706EB422D368488C2814B825E4B8
            SHA-512:0FA9D65CD0B7E4CEBA2B2D7F1435104E50C837C2F9388E5FEA50B61AB51416353F15FCCF18E4FD15EE6C29AAAA32E53CA60882D0F518C7CDD1BA6FD065F631A7
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XW.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xc.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xc.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xc............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xe............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............T......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 10 20:11:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2679
            Entropy (8bit):3.9997950022709023
            Encrypted:false
            SSDEEP:48:80Fd5ThFpHYZidAKZdA1duTeehOuTbbiZUk5OjqehOuTbxy+yT+:80xvhTfTbxWOvTbxy7T
            MD5:DBE930B560FB9BE3C600D8C85E93719C
            SHA1:3A47F2D8BB02D3FE91083C36D92D4D8849CA8A32
            SHA-256:DC7479FE38D336BFB601F4B098D30FE49C38D0B78B8A72784E8A9E8B0185EFEF
            SHA-512:F9C01214B4B548D2A2458D3A9678599B0D5744B7EDEC64671B5755366ECF444F1EE88FF11EE3FDFA4404199BC17A91597C68B4045A6EBE2A9EA697CF6C548704
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,....W......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XW.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xc.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xc.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xc............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xe............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............T......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
            Category:downloaded
            Size (bytes):3477
            Entropy (8bit):7.62062671084744
            Encrypted:false
            SSDEEP:48:YL08hg30XQD/GJi0h9Gen8dh1eViQuAGalNf4geuwo/BsR6:YL08hgkQbl0h9H8QViTlS4pPol
            MD5:F4FEB61D53BC0DE67557513853FA54F1
            SHA1:C1219A3DA6D6130C9CA4F3E52F96A91077B16041
            SHA-256:295A1F6F927FD11A3842A4C9F508B4152ECA150CB4C54D6CFB64736FAD659B80
            SHA-512:20CE839D90305E05F2EC9EC322AE660F8D43DDD2705F67269B2231F0150575A168B7B33B22C813609BCB7E111F0B97ECC475BCCB53DB0283ACC4A9FB2774E833
            Malicious:false
            Reputation:low
            URL:https://shoutout.wix.com/favicon.ico
            Preview:.PNG........IHDR.............R.l.....sRGB........OIDATx^...8..C.@...`....h.x..5.R.K................s..B&...8...4....._>..v.S..n......2.....{...'.....t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m.:..?........>}.ts.......[....?../_.4.?~...m..k.\...>..T...y.|.....{.....~..}.....'O..{.........wstt....."...{..../&.Q.._....E..w..iNNNJ\2u.u..A0~.!._.z. )K../_6..?.L.\.....s..#.7n.....}/^..'.TC...6....\7o.\.k<z.:6.?...........S.x.\w..........t.N.7..I.@_.zu.>@75..|..`.......J...f../....cO.:....T.=_......K.q@2 )..o.Y". ...].7d..t..ec....8..B.y.|.yKJB.........V.>mw...W;s.LR.@&..J20.h...qn.}..^.N......(..X...]D...._.6..J..W.>....v..!...c*(.q....r..o
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
            Category:dropped
            Size (bytes):3477
            Entropy (8bit):7.62062671084744
            Encrypted:false
            SSDEEP:48:YL08hg30XQD/GJi0h9Gen8dh1eViQuAGalNf4geuwo/BsR6:YL08hgkQbl0h9H8QViTlS4pPol
            MD5:F4FEB61D53BC0DE67557513853FA54F1
            SHA1:C1219A3DA6D6130C9CA4F3E52F96A91077B16041
            SHA-256:295A1F6F927FD11A3842A4C9F508B4152ECA150CB4C54D6CFB64736FAD659B80
            SHA-512:20CE839D90305E05F2EC9EC322AE660F8D43DDD2705F67269B2231F0150575A168B7B33B22C813609BCB7E111F0B97ECC475BCCB53DB0283ACC4A9FB2774E833
            Malicious:false
            Reputation:low
            Preview:.PNG........IHDR.............R.l.....sRGB........OIDATx^...8..C.@...`....h.x..5.R.K................s..B&...8...4....._>..v.S..n......2.....{...'.....t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m..p.H{..H.........t.m.:..?........>}.ts.......[....?../_.4.?~...m..k.\...>..T...y.|.....{.....~..}.....'O..{.........wstt....."...{..../&.Q.._....E..w..iNNNJ\2u.u..A0~.!._.z. )K../_6..?.L.\.....s..#.7n.....}/^..'.TC...6....\7o.\.k<z.:6.?...........S.x.\w..........t.N.7..I.@_.zu.>@75..|..`.......J...f../....cO.:....T.=_......K.q@2 )..o.Y". ...].7d..t..ec....8..B.y.|.yKJB.........V.>mw...W;s.LR.@&..J20.h...qn.}..^.N......(..X...]D...._.6..J..W.>....v..!...c*(.q....r..o
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:JSON data
            Category:downloaded
            Size (bytes):200
            Entropy (8bit):5.2639618154094325
            Encrypted:false
            SSDEEP:6:YAqISEnEWFSkaSLNOWvwhBIyxjR1ZllCuFDKexPAatZ5:YZITn/FNnhwhBI0t1ZllCuFDKeeatZ5
            MD5:CC1B41E5559C63581526135988D7DF9A
            SHA1:90482300AEC737A0C16386A8FDE503B2AA947524
            SHA-256:2914A7B5EE011C4D01E74D1279A770021DBA93FCB97DC9B6BF878E32D7946E13
            SHA-512:E94934E723E86DADA271BA50997D0E712A1E88ED8A0134D56665ECC0F86BF0AB0467FF4FC8EF8C9BCACCE03C6D3DE415AD0ADD50205BFACC8AB9D5EAA4119634
            Malicious:false
            Reputation:low
            URL:https://shoutout.wix.com/so/6aOvZIbaa/c?w=6l54s-JK7hLIg5qMcUMduwHAiQQEhSb_lSGP5TtpgAA.eyJ1IjoiaHR0cHM6Ly9oYW5kYm9va2luYy13dml5YS5mb3Jtc3RhY2suY29tL2Zvcm1zL2hhbmRib29rX2luYyIsInIiOiJhNjAxNmI4ZC1kMDMwLTRmMDQtOThjMy1mMjYxOGY0ZDg1ZWMiLCJtIjoibWFpbCIsImMiOiJlZjMwYzlkNC01ZTJhLTRjMjItYWQyZS1kN2JhOTQwYjMyYzkifQ
            Preview:{"errorCode":-1001,"errorDescription":"[business][RECOVERABLE][ShoutOut] c.w.s.i.e.IdentityNotFoundException - account [7db09a46-9865-42e4-888a-5bed25fa62d2] not found","success":false,"payload":null}
            No static file info

            Download Network PCAP: filteredfull

            • Total Packets: 117
            • 443 (HTTPS)
            • 80 (HTTP)
            • 53 (DNS)
            TimestampSource PortDest PortSource IPDest IP
            May 10, 2024 23:11:06.996704102 CEST49704443192.168.2.1634.149.206.255
            May 10, 2024 23:11:06.996711016 CEST4434970434.149.206.255192.168.2.16
            May 10, 2024 23:11:06.996762037 CEST49704443192.168.2.1634.149.206.255
            May 10, 2024 23:11:06.999695063 CEST49704443192.168.2.1634.149.206.255
            May 10, 2024 23:11:06.999708891 CEST4434970434.149.206.255192.168.2.16
            May 10, 2024 23:11:07.241626978 CEST4434970434.149.206.255192.168.2.16
            May 10, 2024 23:11:07.242614985 CEST49704443192.168.2.1634.149.206.255
            May 10, 2024 23:11:07.242630005 CEST4434970434.149.206.255192.168.2.16
            May 10, 2024 23:11:07.243751049 CEST4434970434.149.206.255192.168.2.16
            May 10, 2024 23:11:07.243803978 CEST49704443192.168.2.1634.149.206.255
            May 10, 2024 23:11:07.245563984 CEST49704443192.168.2.1634.149.206.255
            May 10, 2024 23:11:07.245649099 CEST4434970434.149.206.255192.168.2.16
            May 10, 2024 23:11:07.245681047 CEST49704443192.168.2.1634.149.206.255
            May 10, 2024 23:11:07.286196947 CEST49704443192.168.2.1634.149.206.255
            May 10, 2024 23:11:07.286210060 CEST4434970434.149.206.255192.168.2.16
            May 10, 2024 23:11:07.333162069 CEST49704443192.168.2.1634.149.206.255
            May 10, 2024 23:11:07.645798922 CEST4434970434.149.206.255192.168.2.16
            May 10, 2024 23:11:07.645940065 CEST4434970434.149.206.255192.168.2.16
            May 10, 2024 23:11:07.646008968 CEST49704443192.168.2.1634.149.206.255
            May 10, 2024 23:11:07.646887064 CEST49704443192.168.2.1634.149.206.255
            May 10, 2024 23:11:07.646924019 CEST4434970434.149.206.255192.168.2.16
            May 10, 2024 23:11:07.705497026 CEST49706443192.168.2.1634.149.206.255
            May 10, 2024 23:11:07.705533981 CEST4434970634.149.206.255192.168.2.16
            May 10, 2024 23:11:07.705610037 CEST49706443192.168.2.1634.149.206.255
            May 10, 2024 23:11:07.705856085 CEST49706443192.168.2.1634.149.206.255
            May 10, 2024 23:11:07.705868959 CEST4434970634.149.206.255192.168.2.16
            May 10, 2024 23:11:07.943219900 CEST4434970634.149.206.255192.168.2.16
            May 10, 2024 23:11:07.943608046 CEST49706443192.168.2.1634.149.206.255
            May 10, 2024 23:11:07.943625927 CEST4434970634.149.206.255192.168.2.16
            May 10, 2024 23:11:07.943977118 CEST4434970634.149.206.255192.168.2.16
            May 10, 2024 23:11:07.944314003 CEST49706443192.168.2.1634.149.206.255
            May 10, 2024 23:11:07.944374084 CEST4434970634.149.206.255192.168.2.16
            May 10, 2024 23:11:07.944490910 CEST49706443192.168.2.1634.149.206.255
            May 10, 2024 23:11:07.988118887 CEST4434970634.149.206.255192.168.2.16
            May 10, 2024 23:11:08.264621019 CEST4434970634.149.206.255192.168.2.16
            May 10, 2024 23:11:08.264662981 CEST4434970634.149.206.255192.168.2.16
            May 10, 2024 23:11:08.264692068 CEST4434970634.149.206.255192.168.2.16
            May 10, 2024 23:11:08.264750004 CEST49706443192.168.2.1634.149.206.255
            May 10, 2024 23:11:08.264769077 CEST4434970634.149.206.255192.168.2.16
            May 10, 2024 23:11:08.264813900 CEST49706443192.168.2.1634.149.206.255
            May 10, 2024 23:11:08.269330025 CEST4434970634.149.206.255192.168.2.16
            May 10, 2024 23:11:08.269386053 CEST4434970634.149.206.255192.168.2.16
            May 10, 2024 23:11:08.269448042 CEST49706443192.168.2.1634.149.206.255
            May 10, 2024 23:11:08.270896912 CEST49706443192.168.2.1634.149.206.255
            May 10, 2024 23:11:08.270911932 CEST4434970634.149.206.255192.168.2.16
            May 10, 2024 23:11:08.396795988 CEST49708443192.168.2.1634.149.206.255
            May 10, 2024 23:11:08.396831989 CEST4434970834.149.206.255192.168.2.16
            May 10, 2024 23:11:08.396935940 CEST49708443192.168.2.1634.149.206.255
            May 10, 2024 23:11:08.397188902 CEST49708443192.168.2.1634.149.206.255
            May 10, 2024 23:11:08.397205114 CEST4434970834.149.206.255192.168.2.16
            May 10, 2024 23:11:08.634185076 CEST4434970834.149.206.255192.168.2.16
            May 10, 2024 23:11:08.634571075 CEST49708443192.168.2.1634.149.206.255
            May 10, 2024 23:11:08.634604931 CEST4434970834.149.206.255192.168.2.16
            May 10, 2024 23:11:08.635677099 CEST4434970834.149.206.255192.168.2.16
            May 10, 2024 23:11:08.635766983 CEST49708443192.168.2.1634.149.206.255
            May 10, 2024 23:11:08.636171103 CEST49708443192.168.2.1634.149.206.255
            May 10, 2024 23:11:08.636245012 CEST4434970834.149.206.255192.168.2.16
            May 10, 2024 23:11:08.636374950 CEST49708443192.168.2.1634.149.206.255
            May 10, 2024 23:11:08.636387110 CEST4434970834.149.206.255192.168.2.16
            May 10, 2024 23:11:08.690145016 CEST49708443192.168.2.1634.149.206.255
            May 10, 2024 23:11:08.954020977 CEST4434970834.149.206.255192.168.2.16
            May 10, 2024 23:11:08.954082966 CEST4434970834.149.206.255192.168.2.16
            May 10, 2024 23:11:08.954112053 CEST4434970834.149.206.255192.168.2.16
            May 10, 2024 23:11:08.954231024 CEST49708443192.168.2.1634.149.206.255
            May 10, 2024 23:11:08.954256058 CEST4434970834.149.206.255192.168.2.16
            May 10, 2024 23:11:08.954309940 CEST49708443192.168.2.1634.149.206.255
            May 10, 2024 23:11:08.955039978 CEST49708443192.168.2.1634.149.206.255
            May 10, 2024 23:11:08.955090046 CEST4434970834.149.206.255192.168.2.16
            May 10, 2024 23:11:08.955158949 CEST49708443192.168.2.1634.149.206.255
            May 10, 2024 23:11:09.816857100 CEST49673443192.168.2.16204.79.197.203
            May 10, 2024 23:11:10.122188091 CEST49673443192.168.2.16204.79.197.203
            May 10, 2024 23:11:10.730135918 CEST49673443192.168.2.16204.79.197.203
            May 10, 2024 23:11:11.753643990 CEST49709443192.168.2.16142.250.191.100
            May 10, 2024 23:11:11.753681898 CEST44349709142.250.191.100192.168.2.16
            May 10, 2024 23:11:11.753753901 CEST49709443192.168.2.16142.250.191.100
            May 10, 2024 23:11:11.754045010 CEST49709443192.168.2.16142.250.191.100
            May 10, 2024 23:11:11.754065990 CEST44349709142.250.191.100192.168.2.16
            May 10, 2024 23:11:11.937165022 CEST49673443192.168.2.16204.79.197.203
            May 10, 2024 23:11:11.991117954 CEST44349709142.250.191.100192.168.2.16
            May 10, 2024 23:11:11.991574049 CEST49709443192.168.2.16142.250.191.100
            May 10, 2024 23:11:11.991591930 CEST44349709142.250.191.100192.168.2.16
            May 10, 2024 23:11:11.992599010 CEST44349709142.250.191.100192.168.2.16
            May 10, 2024 23:11:11.992697954 CEST49709443192.168.2.16142.250.191.100
            May 10, 2024 23:11:11.993968010 CEST49709443192.168.2.16142.250.191.100
            May 10, 2024 23:11:11.994033098 CEST44349709142.250.191.100192.168.2.16
            May 10, 2024 23:11:12.047163010 CEST49709443192.168.2.16142.250.191.100
            May 10, 2024 23:11:12.047184944 CEST44349709142.250.191.100192.168.2.16
            May 10, 2024 23:11:12.095149994 CEST49709443192.168.2.16142.250.191.100
            May 10, 2024 23:11:14.347181082 CEST49673443192.168.2.16204.79.197.203
            May 10, 2024 23:11:16.159171104 CEST49713443192.168.2.1623.221.246.93
            May 10, 2024 23:11:16.159224987 CEST4434971323.221.246.93192.168.2.16
            May 10, 2024 23:11:16.159324884 CEST49713443192.168.2.1623.221.246.93
            May 10, 2024 23:11:16.161036015 CEST49713443192.168.2.1623.221.246.93
            May 10, 2024 23:11:16.161057949 CEST4434971323.221.246.93192.168.2.16
            May 10, 2024 23:11:16.321968079 CEST49714443192.168.2.1640.127.169.103
            May 10, 2024 23:11:16.322021008 CEST4434971440.127.169.103192.168.2.16
            May 10, 2024 23:11:16.322181940 CEST49714443192.168.2.1640.127.169.103
            May 10, 2024 23:11:16.323514938 CEST49714443192.168.2.1640.127.169.103
            May 10, 2024 23:11:16.323543072 CEST4434971440.127.169.103192.168.2.16
            May 10, 2024 23:11:16.389556885 CEST4434971323.221.246.93192.168.2.16
            May 10, 2024 23:11:16.389741898 CEST49713443192.168.2.1623.221.246.93
            May 10, 2024 23:11:16.392971992 CEST49713443192.168.2.1623.221.246.93
            May 10, 2024 23:11:16.392985106 CEST4434971323.221.246.93192.168.2.16
            May 10, 2024 23:11:16.393403053 CEST4434971323.221.246.93192.168.2.16
            May 10, 2024 23:11:16.437788010 CEST49713443192.168.2.1623.221.246.93
            May 10, 2024 23:11:16.480123997 CEST4434971323.221.246.93192.168.2.16
            May 10, 2024 23:11:16.617147923 CEST4434971323.221.246.93192.168.2.16
            May 10, 2024 23:11:16.617228031 CEST4434971323.221.246.93192.168.2.16
            May 10, 2024 23:11:16.617285967 CEST49713443192.168.2.1623.221.246.93
            May 10, 2024 23:11:16.617371082 CEST49713443192.168.2.1623.221.246.93
            May 10, 2024 23:11:16.617391109 CEST4434971323.221.246.93192.168.2.16
            May 10, 2024 23:11:16.617407084 CEST49713443192.168.2.1623.221.246.93
            May 10, 2024 23:11:16.617412090 CEST4434971323.221.246.93192.168.2.16
            May 10, 2024 23:11:16.662542105 CEST49715443192.168.2.1623.221.246.93
            May 10, 2024 23:11:16.662587881 CEST4434971523.221.246.93192.168.2.16
            May 10, 2024 23:11:16.662669897 CEST49715443192.168.2.1623.221.246.93
            May 10, 2024 23:11:16.663074017 CEST49715443192.168.2.1623.221.246.93
            May 10, 2024 23:11:16.663094997 CEST4434971523.221.246.93192.168.2.16
            May 10, 2024 23:11:16.886406898 CEST4434971523.221.246.93192.168.2.16
            May 10, 2024 23:11:16.886504889 CEST49715443192.168.2.1623.221.246.93
            May 10, 2024 23:11:16.887752056 CEST49715443192.168.2.1623.221.246.93
            May 10, 2024 23:11:16.887764931 CEST4434971523.221.246.93192.168.2.16
            May 10, 2024 23:11:16.888047934 CEST4434971523.221.246.93192.168.2.16
            May 10, 2024 23:11:16.889142036 CEST49715443192.168.2.1623.221.246.93
            May 10, 2024 23:11:16.934832096 CEST4434971440.127.169.103192.168.2.16
            May 10, 2024 23:11:16.934910059 CEST49714443192.168.2.1640.127.169.103
            May 10, 2024 23:11:16.936110020 CEST4434971523.221.246.93192.168.2.16
            May 10, 2024 23:11:16.937868118 CEST49714443192.168.2.1640.127.169.103
            May 10, 2024 23:11:16.937872887 CEST4434971440.127.169.103192.168.2.16
            May 10, 2024 23:11:16.938129902 CEST4434971440.127.169.103192.168.2.16
            May 10, 2024 23:11:16.991142988 CEST49714443192.168.2.1640.127.169.103
            May 10, 2024 23:11:17.004232883 CEST49714443192.168.2.1640.127.169.103
            May 10, 2024 23:11:17.052133083 CEST4434971440.127.169.103192.168.2.16
            May 10, 2024 23:11:17.123476028 CEST4434971523.221.246.93192.168.2.16
            May 10, 2024 23:11:17.123557091 CEST4434971523.221.246.93192.168.2.16
            May 10, 2024 23:11:17.123641014 CEST49715443192.168.2.1623.221.246.93
            May 10, 2024 23:11:17.124697924 CEST49715443192.168.2.1623.221.246.93
            May 10, 2024 23:11:17.124720097 CEST4434971523.221.246.93192.168.2.16
            May 10, 2024 23:11:17.124732971 CEST49715443192.168.2.1623.221.246.93
            May 10, 2024 23:11:17.124737978 CEST4434971523.221.246.93192.168.2.16
            May 10, 2024 23:11:17.525094986 CEST4434971440.127.169.103192.168.2.16
            May 10, 2024 23:11:17.525130987 CEST4434971440.127.169.103192.168.2.16
            May 10, 2024 23:11:17.525139093 CEST4434971440.127.169.103192.168.2.16
            May 10, 2024 23:11:17.525177002 CEST4434971440.127.169.103192.168.2.16
            May 10, 2024 23:11:17.525202036 CEST4434971440.127.169.103192.168.2.16
            May 10, 2024 23:11:17.525211096 CEST4434971440.127.169.103192.168.2.16
            May 10, 2024 23:11:17.525221109 CEST49714443192.168.2.1640.127.169.103
            May 10, 2024 23:11:17.525243998 CEST4434971440.127.169.103192.168.2.16
            May 10, 2024 23:11:17.525254965 CEST4434971440.127.169.103192.168.2.16
            May 10, 2024 23:11:17.525279999 CEST49714443192.168.2.1640.127.169.103
            May 10, 2024 23:11:17.525310040 CEST4434971440.127.169.103192.168.2.16
            May 10, 2024 23:11:17.525327921 CEST49714443192.168.2.1640.127.169.103
            May 10, 2024 23:11:17.525366068 CEST49714443192.168.2.1640.127.169.103
            May 10, 2024 23:11:17.538789034 CEST49714443192.168.2.1640.127.169.103
            May 10, 2024 23:11:17.538810015 CEST4434971440.127.169.103192.168.2.16
            May 10, 2024 23:11:17.538831949 CEST49714443192.168.2.1640.127.169.103
            May 10, 2024 23:11:17.538839102 CEST4434971440.127.169.103192.168.2.16
            May 10, 2024 23:11:17.980638027 CEST49678443192.168.2.1620.189.173.10
            May 10, 2024 23:11:18.284197092 CEST49678443192.168.2.1620.189.173.10
            May 10, 2024 23:11:18.890194893 CEST49678443192.168.2.1620.189.173.10
            May 10, 2024 23:11:19.161192894 CEST49673443192.168.2.16204.79.197.203
            May 10, 2024 23:11:20.099210024 CEST49678443192.168.2.1620.189.173.10
            May 10, 2024 23:11:21.984093904 CEST44349709142.250.191.100192.168.2.16
            May 10, 2024 23:11:21.984178066 CEST44349709142.250.191.100192.168.2.16
            May 10, 2024 23:11:21.984324932 CEST49709443192.168.2.16142.250.191.100
            May 10, 2024 23:11:22.448417902 CEST4968080192.168.2.16192.229.211.108
            May 10, 2024 23:11:22.512213945 CEST49678443192.168.2.1620.189.173.10
            May 10, 2024 23:11:22.752238989 CEST4968080192.168.2.16192.229.211.108
            May 10, 2024 23:11:23.089900970 CEST49709443192.168.2.16142.250.191.100
            May 10, 2024 23:11:23.089924097 CEST44349709142.250.191.100192.168.2.16
            May 10, 2024 23:11:23.360291004 CEST4968080192.168.2.16192.229.211.108
            May 10, 2024 23:11:24.574217081 CEST4968080192.168.2.16192.229.211.108
            May 10, 2024 23:11:26.986244917 CEST4968080192.168.2.16192.229.211.108
            May 10, 2024 23:11:27.322304010 CEST49678443192.168.2.1620.189.173.10
            May 10, 2024 23:11:28.775248051 CEST49673443192.168.2.16204.79.197.203
            May 10, 2024 23:11:31.795277119 CEST4968080192.168.2.16192.229.211.108
            May 10, 2024 23:11:36.928316116 CEST49678443192.168.2.1620.189.173.10
            May 10, 2024 23:11:41.398358107 CEST4968080192.168.2.16192.229.211.108
            May 10, 2024 23:11:53.665497065 CEST4969680192.168.2.1672.21.81.240
            May 10, 2024 23:11:53.665601969 CEST4969780192.168.2.1672.21.81.240
            May 10, 2024 23:11:53.774759054 CEST804969672.21.81.240192.168.2.16
            May 10, 2024 23:11:53.774785042 CEST804969772.21.81.240192.168.2.16
            May 10, 2024 23:11:53.774856091 CEST4969680192.168.2.1672.21.81.240
            May 10, 2024 23:11:53.774873972 CEST4969780192.168.2.1672.21.81.240
            May 10, 2024 23:11:53.883397102 CEST49716443192.168.2.1640.127.169.103
            May 10, 2024 23:11:53.883433104 CEST4434971640.127.169.103192.168.2.16
            May 10, 2024 23:11:53.883553982 CEST49716443192.168.2.1640.127.169.103
            May 10, 2024 23:11:53.883949041 CEST49716443192.168.2.1640.127.169.103
            May 10, 2024 23:11:53.883961916 CEST4434971640.127.169.103192.168.2.16
            May 10, 2024 23:11:54.489651918 CEST4434971640.127.169.103192.168.2.16
            May 10, 2024 23:11:54.489823103 CEST49716443192.168.2.1640.127.169.103
            May 10, 2024 23:11:54.491784096 CEST49716443192.168.2.1640.127.169.103
            May 10, 2024 23:11:54.491797924 CEST4434971640.127.169.103192.168.2.16
            May 10, 2024 23:11:54.492093086 CEST4434971640.127.169.103192.168.2.16
            May 10, 2024 23:11:54.493767977 CEST49716443192.168.2.1640.127.169.103
            May 10, 2024 23:11:54.540116072 CEST4434971640.127.169.103192.168.2.16
            May 10, 2024 23:11:55.085585117 CEST4434971640.127.169.103192.168.2.16
            May 10, 2024 23:11:55.085608006 CEST4434971640.127.169.103192.168.2.16
            May 10, 2024 23:11:55.085622072 CEST4434971640.127.169.103192.168.2.16
            May 10, 2024 23:11:55.085701942 CEST49716443192.168.2.1640.127.169.103
            May 10, 2024 23:11:55.085728884 CEST4434971640.127.169.103192.168.2.16
            May 10, 2024 23:11:55.085751057 CEST4434971640.127.169.103192.168.2.16
            May 10, 2024 23:11:55.085813999 CEST49716443192.168.2.1640.127.169.103
            May 10, 2024 23:11:55.089087963 CEST49716443192.168.2.1640.127.169.103
            May 10, 2024 23:11:55.089102030 CEST4434971640.127.169.103192.168.2.16
            May 10, 2024 23:11:55.089121103 CEST49716443192.168.2.1640.127.169.103
            May 10, 2024 23:11:55.089127064 CEST4434971640.127.169.103192.168.2.16
            May 10, 2024 23:12:11.699729919 CEST49718443192.168.2.16142.250.191.100
            May 10, 2024 23:12:11.699774981 CEST44349718142.250.191.100192.168.2.16
            May 10, 2024 23:12:11.699898005 CEST49718443192.168.2.16142.250.191.100
            May 10, 2024 23:12:11.700136900 CEST49718443192.168.2.16142.250.191.100
            May 10, 2024 23:12:11.700149059 CEST44349718142.250.191.100192.168.2.16
            May 10, 2024 23:12:11.746443033 CEST49688443192.168.2.16204.79.197.200
            May 10, 2024 23:12:11.987557888 CEST44349718142.250.191.100192.168.2.16
            May 10, 2024 23:12:11.987893105 CEST49718443192.168.2.16142.250.191.100
            May 10, 2024 23:12:11.987920046 CEST44349718142.250.191.100192.168.2.16
            May 10, 2024 23:12:11.988277912 CEST44349718142.250.191.100192.168.2.16
            May 10, 2024 23:12:11.988607883 CEST49718443192.168.2.16142.250.191.100
            May 10, 2024 23:12:11.988692045 CEST44349718142.250.191.100192.168.2.16
            May 10, 2024 23:12:12.033389091 CEST49718443192.168.2.16142.250.191.100
            May 10, 2024 23:12:21.934149981 CEST44349718142.250.191.100192.168.2.16
            May 10, 2024 23:12:21.934226990 CEST44349718142.250.191.100192.168.2.16
            May 10, 2024 23:12:21.934344053 CEST49718443192.168.2.16142.250.191.100
            May 10, 2024 23:12:23.095997095 CEST49718443192.168.2.16142.250.191.100
            May 10, 2024 23:12:23.096028090 CEST44349718142.250.191.100192.168.2.16
            May 10, 2024 23:12:45.395812035 CEST4969980192.168.2.16192.229.211.108
            May 10, 2024 23:12:45.505063057 CEST8049699192.229.211.108192.168.2.16
            May 10, 2024 23:12:45.505170107 CEST4969980192.168.2.16192.229.211.108
            TimestampSource PortDest PortSource IPDest IP
            May 10, 2024 23:11:06.842248917 CEST5368953192.168.2.161.1.1.1
            May 10, 2024 23:11:06.842431068 CEST5980053192.168.2.161.1.1.1
            May 10, 2024 23:11:06.936152935 CEST53600441.1.1.1192.168.2.16
            May 10, 2024 23:11:06.953027964 CEST53598001.1.1.1192.168.2.16
            May 10, 2024 23:11:06.953656912 CEST53536891.1.1.1192.168.2.16
            May 10, 2024 23:11:06.958477974 CEST53567221.1.1.1192.168.2.16
            May 10, 2024 23:11:07.642287016 CEST53498971.1.1.1192.168.2.16
            May 10, 2024 23:11:08.281311989 CEST5113253192.168.2.161.1.1.1
            May 10, 2024 23:11:08.281498909 CEST6264753192.168.2.161.1.1.1
            May 10, 2024 23:11:08.392648935 CEST53511321.1.1.1192.168.2.16
            May 10, 2024 23:11:08.396178007 CEST53626471.1.1.1192.168.2.16
            May 10, 2024 23:11:11.640347004 CEST5164353192.168.2.161.1.1.1
            May 10, 2024 23:11:11.640578985 CEST5166853192.168.2.161.1.1.1
            May 10, 2024 23:11:11.751950979 CEST53516681.1.1.1192.168.2.16
            May 10, 2024 23:11:11.752615929 CEST53516431.1.1.1192.168.2.16
            May 10, 2024 23:11:24.707195044 CEST53635711.1.1.1192.168.2.16
            May 10, 2024 23:11:43.443274021 CEST53646161.1.1.1192.168.2.16
            May 10, 2024 23:12:06.020838022 CEST53605031.1.1.1192.168.2.16
            May 10, 2024 23:12:06.901540041 CEST53632391.1.1.1192.168.2.16
            May 10, 2024 23:12:14.149048090 CEST138138192.168.2.16192.168.2.255
            May 10, 2024 23:12:35.168931007 CEST53590591.1.1.1192.168.2.16
            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            May 10, 2024 23:11:06.842248917 CEST192.168.2.161.1.1.10x813fStandard query (0)shoutout.wix.comA (IP address)IN (0x0001)false
            May 10, 2024 23:11:06.842431068 CEST192.168.2.161.1.1.10xff30Standard query (0)shoutout.wix.com65IN (0x0001)false
            May 10, 2024 23:11:08.281311989 CEST192.168.2.161.1.1.10xe041Standard query (0)shoutout.wix.comA (IP address)IN (0x0001)false
            May 10, 2024 23:11:08.281498909 CEST192.168.2.161.1.1.10xd599Standard query (0)shoutout.wix.com65IN (0x0001)false
            May 10, 2024 23:11:11.640347004 CEST192.168.2.161.1.1.10x95cStandard query (0)www.google.comA (IP address)IN (0x0001)false
            May 10, 2024 23:11:11.640578985 CEST192.168.2.161.1.1.10xb750Standard query (0)www.google.com65IN (0x0001)false
            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            May 10, 2024 23:11:06.953027964 CEST1.1.1.1192.168.2.160xff30No error (0)shoutout.wix.comverticals.wix.comCNAME (Canonical name)IN (0x0001)false
            May 10, 2024 23:11:06.953027964 CEST1.1.1.1192.168.2.160xff30No error (0)verticals.wix.comeditor.wix.comCNAME (Canonical name)IN (0x0001)false
            May 10, 2024 23:11:06.953027964 CEST1.1.1.1192.168.2.160xff30No error (0)editor.wix.comglb-editor.wix.comCNAME (Canonical name)IN (0x0001)false
            May 10, 2024 23:11:06.953656912 CEST1.1.1.1192.168.2.160x813fNo error (0)shoutout.wix.comverticals.wix.comCNAME (Canonical name)IN (0x0001)false
            May 10, 2024 23:11:06.953656912 CEST1.1.1.1192.168.2.160x813fNo error (0)verticals.wix.comeditor.wix.comCNAME (Canonical name)IN (0x0001)false
            May 10, 2024 23:11:06.953656912 CEST1.1.1.1192.168.2.160x813fNo error (0)editor.wix.comglb-editor.wix.comCNAME (Canonical name)IN (0x0001)false
            May 10, 2024 23:11:06.953656912 CEST1.1.1.1192.168.2.160x813fNo error (0)glb-editor.wix.com34.149.206.255A (IP address)IN (0x0001)false
            May 10, 2024 23:11:08.392648935 CEST1.1.1.1192.168.2.160xe041No error (0)shoutout.wix.comverticals.wix.comCNAME (Canonical name)IN (0x0001)false
            May 10, 2024 23:11:08.392648935 CEST1.1.1.1192.168.2.160xe041No error (0)verticals.wix.comeditor.wix.comCNAME (Canonical name)IN (0x0001)false
            May 10, 2024 23:11:08.392648935 CEST1.1.1.1192.168.2.160xe041No error (0)editor.wix.comglb-editor.wix.comCNAME (Canonical name)IN (0x0001)false
            May 10, 2024 23:11:08.392648935 CEST1.1.1.1192.168.2.160xe041No error (0)glb-editor.wix.com34.149.206.255A (IP address)IN (0x0001)false
            May 10, 2024 23:11:08.396178007 CEST1.1.1.1192.168.2.160xd599No error (0)shoutout.wix.comverticals.wix.comCNAME (Canonical name)IN (0x0001)false
            May 10, 2024 23:11:08.396178007 CEST1.1.1.1192.168.2.160xd599No error (0)verticals.wix.comeditor.wix.comCNAME (Canonical name)IN (0x0001)false
            May 10, 2024 23:11:08.396178007 CEST1.1.1.1192.168.2.160xd599No error (0)editor.wix.comglb-editor.wix.comCNAME (Canonical name)IN (0x0001)false
            May 10, 2024 23:11:11.751950979 CEST1.1.1.1192.168.2.160xb750No error (0)www.google.com65IN (0x0001)false
            May 10, 2024 23:11:11.752615929 CEST1.1.1.1192.168.2.160x95cNo error (0)www.google.com142.250.191.100A (IP address)IN (0x0001)false
            • shoutout.wix.com
            • https:
            • fs.microsoft.com
            • slscr.update.microsoft.com
            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.164970434.149.206.2554436740C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-05-10 21:11:07 UTC938OUTGET /so/6aOvZIbaa/c?w=6l54s-JK7hLIg5qMcUMduwHAiQQEhSb_lSGP5TtpgAA.eyJ1IjoiaHR0cHM6Ly9oYW5kYm9va2luYy13dml5YS5mb3Jtc3RhY2suY29tL2Zvcm1zL2hhbmRib29rX2luYyIsInIiOiJhNjAxNmI4ZC1kMDMwLTRmMDQtOThjMy1mMjYxOGY0ZDg1ZWMiLCJtIjoibWFpbCIsImMiOiJlZjMwYzlkNC01ZTJhLTRjMjItYWQyZS1kN2JhOTQwYjMyYzkifQ HTTP/1.1
            Host: shoutout.wix.com
            Connection: keep-alive
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            sec-ch-ua-platform: "Windows"
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Sec-Fetch-Site: none
            Sec-Fetch-Mode: navigate
            Sec-Fetch-User: ?1
            Sec-Fetch-Dest: document
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-05-10 21:11:07 UTC1001INHTTP/1.1 404 Not Found
            date: Fri, 10 May 2024 21:11:07 GMT
            content-type: application/json;charset=utf-8
            set-cookie: XSRF-TOKEN=1715375467|BEmRVCs4eiPB;Path=/;Domain=.wix.com;Secure;SameSite=None
            cache-control: no-cache
            vary: Accept-Encoding
            x-seen-by: oDbbMvfdXCdtsgjD2KgaM8iHE4dbw+wewoJ5nvKoyjE=,m0j2EEknGIVUW/liY8BLLsZQEcjKcfEGnwQ6ei6CLSx9UuJLvoOY0uBy3RuVN3og,++r5XCRb/6cYf+PEtyYPdDFu7vOUOdVud5mWngWZDCZEQfi00LSS7LJu7sdkoLsDaB5TC/oISOf+QVeiq+ePXg==,r6yY0ta7bIKrqK70x072leNKJwoMV94H/RNCTpq2TmM=,ha2BjfnpoaWsa89DnyiXUGyl7mkogojdegmHsLblCIpYgeUJqUXtid+86vZww+nL,EJPgQkiJ1uIii9vVxis+2pJ41qCXhxlztrX5bhzsTe6a0EMuuDJTK3Dbv3DmRhSoBNNsDL8s++o7dxytS/cGGQ==
            x-wix-request-id: 1715375467.4605840757128428678
            server: Pepyaka
            x-content-type-options: nosniff
            strict-transport-security: max-age=120 ; includeSubDomains
            via: 1.1 google
            glb-x-seen-by: wMMTADooq5AJ3cFomJ/MuXOQWGce7NCZXKms1ErOpBs=
            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
            Connection: close
            Transfer-Encoding: chunked
            2024-05-10 21:11:07 UTC211INData Raw: 63 38 0d 0a 7b 22 65 72 72 6f 72 43 6f 64 65 22 3a 2d 31 30 30 31 2c 22 65 72 72 6f 72 44 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 5b 62 75 73 69 6e 65 73 73 5d 5b 52 45 43 4f 56 45 52 41 42 4c 45 5d 5b 53 68 6f 75 74 4f 75 74 5d 20 63 2e 77 2e 73 2e 69 2e 65 2e 49 64 65 6e 74 69 74 79 4e 6f 74 46 6f 75 6e 64 45 78 63 65 70 74 69 6f 6e 20 2d 20 61 63 63 6f 75 6e 74 20 5b 37 64 62 30 39 61 34 36 2d 39 38 36 35 2d 34 32 65 34 2d 38 38 38 61 2d 35 62 65 64 32 35 66 61 36 32 64 32 5d 20 6e 6f 74 20 66 6f 75 6e 64 22 2c 22 73 75 63 63 65 73 73 22 3a 66 61 6c 73 65 2c 22 70 61 79 6c 6f 61 64 22 3a 6e 75 6c 6c 7d 0d 0a 30 0d 0a 0d 0a
            Data Ascii: c8{"errorCode":-1001,"errorDescription":"[business][RECOVERABLE][ShoutOut] c.w.s.i.e.IdentityNotFoundException - account [7db09a46-9865-42e4-888a-5bed25fa62d2] not found","success":false,"payload":null}0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.164970634.149.206.2554436740C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-05-10 21:11:07 UTC911OUTGET /favicon.ico HTTP/1.1
            Host: shoutout.wix.com
            Connection: keep-alive
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            sec-ch-ua-platform: "Windows"
            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
            Sec-Fetch-Site: same-origin
            Sec-Fetch-Mode: no-cors
            Sec-Fetch-Dest: image
            Referer: https://shoutout.wix.com/so/6aOvZIbaa/c?w=6l54s-JK7hLIg5qMcUMduwHAiQQEhSb_lSGP5TtpgAA.eyJ1IjoiaHR0cHM6Ly9oYW5kYm9va2luYy13dml5YS5mb3Jtc3RhY2suY29tL2Zvcm1zL2hhbmRib29rX2luYyIsInIiOiJhNjAxNmI4ZC1kMDMwLTRmMDQtOThjMy1mMjYxOGY0ZDg1ZWMiLCJtIjoibWFpbCIsImMiOiJlZjMwYzlkNC01ZTJhLTRjMjItYWQyZS1kN2JhOTQwYjMyYzkifQ
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            Cookie: XSRF-TOKEN=1715375467|BEmRVCs4eiPB
            2024-05-10 21:11:08 UTC633INHTTP/1.1 200 OK
            date: Fri, 10 May 2024 21:11:08 GMT
            content-type: image/x-icon
            Content-Length: 3477
            last-modified: Thu, 07 Sep 2023 20:31:01 GMT
            etag: "64fa3305-d95"
            x-seen-by: oDbbMvfdXCdtsgjD2KgaM8iHE4dbw+wewoJ5nvKoyjE=,m0j2EEknGIVUW/liY8BLLsZceaXrH9bpWAOkFMPzqaGWWveFEnegpnkLxzZh8fhS
            server: Pepyaka
            x-wix-request-id: 1715375468.16358429952174521398
            x-content-type-options: nosniff
            accept-ranges: bytes
            strict-transport-security: max-age=120 ; includeSubDomains
            via: 1.1 google
            glb-x-seen-by: wMMTADooq5AJ3cFomJ/MuXOQWGce7NCZXKms1ErOpBs=
            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
            Connection: close
            2024-05-10 21:11:08 UTC622INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c0 00 00 00 c0 08 06 00 00 00 52 dc 6c 07 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 0d 4f 49 44 41 54 78 5e ed 9d 89 ad d5 38 18 85 43 07 40 05 f0 1a 60 a9 00 a8 00 68 00 78 05 b0 35 c0 52 00 4b 03 8f a5 00 96 06 80 0a 80 0a 80 0e a0 82 b9 a3 73 a5 8c 42 26 89 cf ef 38 89 af ce b1 34 1a a1 97 9b f8 5f 3e fb fc 76 96 53 bb dd 6e d7 b8 d9 03 9a 1e d8 9d 32 00 9a 91 b7 d5 7b 0f 18 00 27 82 b4 07 0c 80 74 f8 6d bc 01 70 0e 48 7b c0 00 48 87 df c6 1b 00 e7 80 b4 07 0c 80 74 f8 6d bc 01 70 0e 48 7b c0 00 48 87 df c6 1b 00 e7 80 b4 07 0c 80 74 f8 6d bc 01 70 0e 48 7b c0 00 48 87 df c6 1b 00 e7 80 b4 07 0c 80 74 f8 6d bc 01 70 0e 48 7b c0 00 48 87 df c6 1b 00 e7 80 b4 07 0c 80 74 f8 6d bc 01 70 0e 48 7b
            Data Ascii: PNGIHDRRlsRGBOIDATx^8C@`hx5RKsB&84_>vSn2{'tmpH{HtmpH{HtmpH{HtmpH{HtmpH{
            2024-05-10 21:11:08 UTC1255INData Raw: 1f 83 bf ff fd fb 77 73 74 74 f4 d7 f5 fa 07 22 06 e8 c3 bd 7b f7 9a 8b 17 2f 26 fb 51 e2 80 d7 af 5f ef fd d1 f7 45 ff dc 77 ee dc 69 4e 4e 4e 4a 5c 32 75 8e 75 00 80 41 30 7e a8 21 01 5f bd 7a d5 20 29 4b b6 97 2f 5f 36 8f 1f 3f 9e 4c 02 5c 0f d7 fd fc f9 73 f1 eb 23 c8 37 6e dc f8 0b fc ae 7d 2f 5e bc d8 27 df 54 43 e2 c3 86 a1 36 05 00 8e 07 5c 37 6f de a4 5c 8a 6b 3c 7a f4 88 3a 36 e7 a0 9f 3f 7f ee fb 02 9f a4 1a ec fa f4 e9 53 f1 78 8c 5c 77 1d 00 90 8c f7 ef df 1f b5 bd 74 12 4e 01 37 d6 89 92 49 80 40 5f bd 7a 75 12 3e 40 37 35 fb a4 7c 96 02 60 b7 db ed 93 0e b3 0f d3 4a da df bd 1e 66 a3 cb 97 2f 8f 0e 04 dd 63 4f 9d 3a b5 1f 0c 97 54 05 3d 5f ac 03 00 12 e2 d2 a5 4b 93 71 40 32 20 29 e6 b6 9c e4 6f af 59 22 09 20 f5 90 fc 5d c9 37 64 13 12 74
            Data Ascii: wstt"{/&Q_EwiNNNJ\2uuA0~!_z )K/_6?L\s#7n}/^'TC6\7o\k<z:6?Sx\wtN7I@_zu>@75|`Jf/cO:T=_Kq@2 )oY" ]7dt
            2024-05-10 21:11:08 UTC1255INData Raw: 31 45 74 64 03 ac 26 00 72 56 85 0e 48 fa 6c 0f 00 7a c0 8c e2 43 cb 98 ec ec c1 48 8f 39 52 8c 99 3d 52 cb a8 43 73 3a 53 9b 2c 55 04 77 fb 03 08 ce 9e 3d 9b 7c 9d 4d fb 9b b1 1b e6 4a eb 96 82 e7 db 4e 02 b1 c5 d6 d0 12 e2 9c a4 ed 3b 2f 17 26 76 03 6c 6a 15 6a 2c 90 b5 00 80 19 14 2b 65 6c c3 80 80 a7 bc 2a bc e5 61 cc 84 6d 01 60 02 3d b4 0a 33 47 b6 f4 3d 91 2b a7 58 08 99 5b 29 fa 7d 62 fc b2 f4 0c 80 7e e3 55 2a dd 17 fa 32 20 40 16 e2 69 af 03 69 db 02 90 bb 21 56 fa 91 c6 9c f3 31 10 e6 26 e9 d6 00 40 fa e0 15 2a a9 17 99 0d 25 39 ea 00 bc f4 2b f5 e2 df 4a 00 d9 16 00 38 21 9a 7c b9 d0 4c 39 3c e7 11 49 a6 7e 61 56 a1 6a ac 01 d8 d5 ad 31 9f 1e 90 14 da 1e 80 68 f2 cd b9 03 74 2c 60 ac 9c 69 f7 24 96 80 b0 db b7 2d 67 00 d6 b6 d4 08 7e 20 52 68
            Data Ascii: 1Etd&rVHlzCH9R=RCs:S,Uw=|MJN;/&vljj,+el*am`=3G=+X[)}b~U*2 @ii!V1&@*%9+J8!|L9<I~aVj1ht,`i$-g~ Rh
            2024-05-10 21:11:08 UTC345INData Raw: ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01
            Data Ascii: ~o09 ~o09 ~o09 ~o09 ~o09 ~o09 ~o09 ~o09 ~o09 ~o09 ~o09


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.164970834.149.206.2554436740C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-05-10 21:11:08 UTC395OUTGET /favicon.ico HTTP/1.1
            Host: shoutout.wix.com
            Connection: keep-alive
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: */*
            Sec-Fetch-Site: none
            Sec-Fetch-Mode: cors
            Sec-Fetch-Dest: empty
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            Cookie: XSRF-TOKEN=1715375467|BEmRVCs4eiPB
            2024-05-10 21:11:08 UTC633INHTTP/1.1 200 OK
            date: Fri, 10 May 2024 21:11:08 GMT
            content-type: image/x-icon
            Content-Length: 3477
            last-modified: Thu, 07 Sep 2023 20:40:40 GMT
            etag: "64fa3548-d95"
            x-seen-by: vmPhUNXuQemvc7fjBI8NWewfbs+7qUVAqsIx00yI78k=,m0j2EEknGIVUW/liY8BLLrS05hBBS9A501v3s0sLQFmWWveFEnegpnkLxzZh8fhS
            server: Pepyaka
            x-wix-request-id: 1715375468.85458418413547011625
            x-content-type-options: nosniff
            accept-ranges: bytes
            strict-transport-security: max-age=120 ; includeSubDomains
            via: 1.1 google
            glb-x-seen-by: wMMTADooq5AJ3cFomJ/MuXOQWGce7NCZXKms1ErOpBs=
            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
            Connection: close
            2024-05-10 21:11:08 UTC622INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c0 00 00 00 c0 08 06 00 00 00 52 dc 6c 07 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 0d 4f 49 44 41 54 78 5e ed 9d 89 ad d5 38 18 85 43 07 40 05 f0 1a 60 a9 00 a8 00 68 00 78 05 b0 35 c0 52 00 4b 03 8f a5 00 96 06 80 0a 80 0a 80 0e a0 82 b9 a3 73 a5 8c 42 26 89 cf ef 38 89 af ce b1 34 1a a1 97 9b f8 5f 3e fb fc 76 96 53 bb dd 6e d7 b8 d9 03 9a 1e d8 9d 32 00 9a 91 b7 d5 7b 0f 18 00 27 82 b4 07 0c 80 74 f8 6d bc 01 70 0e 48 7b c0 00 48 87 df c6 1b 00 e7 80 b4 07 0c 80 74 f8 6d bc 01 70 0e 48 7b c0 00 48 87 df c6 1b 00 e7 80 b4 07 0c 80 74 f8 6d bc 01 70 0e 48 7b c0 00 48 87 df c6 1b 00 e7 80 b4 07 0c 80 74 f8 6d bc 01 70 0e 48 7b c0 00 48 87 df c6 1b 00 e7 80 b4 07 0c 80 74 f8 6d bc 01 70 0e 48 7b
            Data Ascii: PNGIHDRRlsRGBOIDATx^8C@`hx5RKsB&84_>vSn2{'tmpH{HtmpH{HtmpH{HtmpH{HtmpH{
            2024-05-10 21:11:08 UTC1255INData Raw: 1f 83 bf ff fd fb 77 73 74 74 f4 d7 f5 fa 07 22 06 e8 c3 bd 7b f7 9a 8b 17 2f 26 fb 51 e2 80 d7 af 5f ef fd d1 f7 45 ff dc 77 ee dc 69 4e 4e 4e 4a 5c 32 75 8e 75 00 80 41 30 7e a8 21 01 5f bd 7a d5 20 29 4b b6 97 2f 5f 36 8f 1f 3f 9e 4c 02 5c 0f d7 fd fc f9 73 f1 eb 23 c8 37 6e dc f8 0b fc ae 7d 2f 5e bc d8 27 df 54 43 e2 c3 86 a1 36 05 00 8e 07 5c 37 6f de a4 5c 8a 6b 3c 7a f4 88 3a 36 e7 a0 9f 3f 7f ee fb 02 9f a4 1a ec fa f4 e9 53 f1 78 8c 5c 77 1d 00 90 8c f7 ef df 1f b5 bd 74 12 4e 01 37 d6 89 92 49 80 40 5f bd 7a 75 12 3e 40 37 35 fb a4 7c 96 02 60 b7 db ed 93 0e b3 0f d3 4a da df bd 1e 66 a3 cb 97 2f 8f 0e 04 dd 63 4f 9d 3a b5 1f 0c 97 54 05 3d 5f ac 03 00 12 e2 d2 a5 4b 93 71 40 32 20 29 e6 b6 9c e4 6f af 59 22 09 20 f5 90 fc 5d c9 37 64 13 12 74
            Data Ascii: wstt"{/&Q_EwiNNNJ\2uuA0~!_z )K/_6?L\s#7n}/^'TC6\7o\k<z:6?Sx\wtN7I@_zu>@75|`Jf/cO:T=_Kq@2 )oY" ]7dt
            2024-05-10 21:11:08 UTC1255INData Raw: 31 45 74 64 03 ac 26 00 72 56 85 0e 48 fa 6c 0f 00 7a c0 8c e2 43 cb 98 ec ec c1 48 8f 39 52 8c 99 3d 52 cb a8 43 73 3a 53 9b 2c 55 04 77 fb 03 08 ce 9e 3d 9b 7c 9d 4d fb 9b b1 1b e6 4a eb 96 82 e7 db 4e 02 b1 c5 d6 d0 12 e2 9c a4 ed 3b 2f 17 26 76 03 6c 6a 15 6a 2c 90 b5 00 80 19 14 2b 65 6c c3 80 80 a7 bc 2a bc e5 61 cc 84 6d 01 60 02 3d b4 0a 33 47 b6 f4 3d 91 2b a7 58 08 99 5b 29 fa 7d 62 fc b2 f4 0c 80 7e e3 55 2a dd 17 fa 32 20 40 16 e2 69 af 03 69 db 02 90 bb 21 56 fa 91 c6 9c f3 31 10 e6 26 e9 d6 00 40 fa e0 15 2a a9 17 99 0d 25 39 ea 00 bc f4 2b f5 e2 df 4a 00 d9 16 00 38 21 9a 7c b9 d0 4c 39 3c e7 11 49 a6 7e 61 56 a1 6a ac 01 d8 d5 ad 31 9f 1e 90 14 da 1e 80 68 f2 cd b9 03 74 2c 60 ac 9c 69 f7 24 96 80 b0 db b7 2d 67 00 d6 b6 d4 08 7e 20 52 68
            Data Ascii: 1Etd&rVHlzCH9R=RCs:S,Uw=|MJN;/&vljj,+el*am`=3G=+X[)}b~U*2 @ii!V1&@*%9+J8!|L9<I~aVj1ht,`i$-g~ Rh
            2024-05-10 21:11:08 UTC345INData Raw: ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01 03 20 1d 7e 1b 6f 00 9c 03 d2 1e 30 00 d2 e1 b7 f1 06 c0 39 20 ed 01
            Data Ascii: ~o09 ~o09 ~o09 ~o09 ~o09 ~o09 ~o09 ~o09 ~o09 ~o09 ~o09


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            3192.168.2.164971323.221.246.93443
            TimestampBytes transferredDirectionData
            2024-05-10 21:11:16 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-05-10 21:11:16 UTC467INHTTP/1.1 200 OK
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            Content-Type: application/octet-stream
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            Server: ECAcc (chd/079C)
            X-CID: 11
            X-Ms-ApiVersion: Distribute 1.2
            X-Ms-Region: prod-eus-z1
            Cache-Control: public, max-age=121952
            Date: Fri, 10 May 2024 21:11:16 GMT
            Connection: close
            X-CID: 2


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            4192.168.2.164971523.221.246.93443
            TimestampBytes transferredDirectionData
            2024-05-10 21:11:16 UTC239OUTGET /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
            Range: bytes=0-2147483646
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-05-10 21:11:17 UTC870INHTTP/1.1 206 Partial Content
            Accept-Ranges: bytes
            ApiVersion: Distribute 1.1
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            Server: ECAcc (chd/0778)
            X-CID: 11
            X-CCC: US
            X-Azure-Ref-OriginShield: Ref A: 52EA27DBDE0C4533B819423583F6692E Ref B: CH1AA2040902052 Ref C: 2023-07-09T23:10:08Z
            X-MSEdge-Ref: Ref A: 528BB8D443C042AA9AEA4EC3F75C7762 Ref B: CHI30EDGE0111 Ref C: 2023-07-09T23:11:11Z
            Content-Type: application/octet-stream
            X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
            Cache-Control: public, max-age=121935
            Date: Fri, 10 May 2024 21:11:17 GMT
            Content-Range: bytes 0-54/55
            Content-Length: 55
            Connection: close
            X-CID: 2
            2024-05-10 21:11:17 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
            Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            5192.168.2.164971440.127.169.103443
            TimestampBytes transferredDirectionData
            2024-05-10 21:11:17 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oX5WCZpb4pMetc3&MD=xPs25fbd HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
            Host: slscr.update.microsoft.com
            2024-05-10 21:11:17 UTC560INHTTP/1.1 200 OK
            Cache-Control: no-cache
            Pragma: no-cache
            Content-Type: application/octet-stream
            Expires: -1
            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
            ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
            MS-CorrelationId: ffd39a31-2f95-4c68-9655-e9609dbc5bb5
            MS-RequestId: ae4d060c-fe3d-47f1-93f8-0a6b8f90fc1e
            MS-CV: R5BENETEpE6oro4q.0
            X-Microsoft-SLSClientCache: 2880
            Content-Disposition: attachment; filename=environment.cab
            X-Content-Type-Options: nosniff
            Date: Fri, 10 May 2024 21:11:16 GMT
            Connection: close
            Content-Length: 24490
            2024-05-10 21:11:17 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
            Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
            2024-05-10 21:11:17 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
            Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            6192.168.2.164971640.127.169.103443
            TimestampBytes transferredDirectionData
            2024-05-10 21:11:54 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oX5WCZpb4pMetc3&MD=xPs25fbd HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
            Host: slscr.update.microsoft.com
            2024-05-10 21:11:55 UTC560INHTTP/1.1 200 OK
            Cache-Control: no-cache
            Pragma: no-cache
            Content-Type: application/octet-stream
            Expires: -1
            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
            ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
            MS-CorrelationId: 687bcefc-4658-4ed9-906a-36775fd206fb
            MS-RequestId: a515df26-06a5-43c7-b1ac-21ab4ef26d75
            MS-CV: 77NOBjhZ1kSR9NLG.0
            X-Microsoft-SLSClientCache: 2160
            Content-Disposition: attachment; filename=environment.cab
            X-Content-Type-Options: nosniff
            Date: Fri, 10 May 2024 21:11:54 GMT
            Connection: close
            Content-Length: 25457
            2024-05-10 21:11:55 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
            Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
            2024-05-10 21:11:55 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
            Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


            050100s020406080100

            Click to jump to process

            050100s0.0020406080100MB

            Click to jump to process

            Click to jump to process

            Target ID:0
            Start time:23:11:05
            Start date:10/05/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://shoutout.wix.com/so/6aOvZIbaa/c?w=6l54s-JK7hLIg5qMcUMduwHAiQQEhSb_lSGP5TtpgAA.eyJ1IjoiaHR0cHM6Ly9oYW5kYm9va2luYy13dml5YS5mb3Jtc3RhY2suY29tL2Zvcm1zL2hhbmRib29rX2luYyIsInIiOiJhNjAxNmI4ZC1kMDMwLTRmMDQtOThjMy1mMjYxOGY0ZDg1ZWMiLCJtIjoibWFpbCIsImMiOiJlZjMwYzlkNC01ZTJhLTRjMjItYWQyZS1kN2JhOTQwYjMyYzkifQ
            Imagebase:0x7ff7f9810000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            Target ID:1
            Start time:23:11:05
            Start date:10/05/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1964,i,780211566171461481,6419157893894462519,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Imagebase:0x7ff7f9810000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            No disassembly