Windows Analysis Report
http://www.cpcheckme.com

Overview

General Information

Sample URL:	http://www.cpcheckme.com
Analysis ID:	1445862
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected Powershell download and execute

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Downloads executable code via HTTP

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops files with a non-matching file extension (content does not match file extension)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTML page contains hidden URLs or javascript code

HTTP GET or POST without a user agent

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

PE file overlay found

Queries the volume information (name, serial number etc) of a device

Stores files to the Windows start menu directory

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

Antivirus detection for URL or domain

Source: http://www.cpcheckme.com/checkme/rest/test/getScanTypesDetails?ts=1716391642957	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/test/getScanStatus?ts=1716391676043&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/test/getExcludedEmails?ts=1716391642959	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/endpoint/p	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/endpoint/start	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/vendor.16be15e20a43eba17559.js	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/assets/libs/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/endpoint/starte	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/test/getAllTests?ts=1716391619429&category=	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/test/getScanStatus?ts=1716391670793&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2	Avira URL Cloud: Label: malware

HTML page contains hidden URLs or javascript code

Source: http://www.cpcheckme.com/checkme/

HTTP Parser: Base64 decoded: http://www.cpcheckme.com:80

Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=11wz3iwh9xgn	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=l5a3zuoxr6a	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=l5a3zuoxr6a	HTTP Parser: No favicon

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\LICENSE.txt

Jump to behavior

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49807 version: TLS 1.2

Source:	Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.0.dr
Source:	Binary string: D:\src\EP_CheckMe_V_GALLIUM_POST_CL_VS13\Src\CheckMeAgent\obj\Release\CheckMeAgent.pdb source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AB67000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr
Source:	Binary string: D:\src\EP_CheckMe_V_GALLIUM_POST_CL_VS13\Src\CheckMeAgent\obj\Release\CheckMeAgent.pdbP\| source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AB67000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr

Networking

Yara detected Generic Downloader

Source: Yara match	File source: 15.0.cpcheckme_yt22zMIg.exe.22b8aa40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\Downloads\Unconfirmed 6574.crdownload, type: DROPPED
Source: Yara match	File source: dropped/chromecache_176, type: DROPPED

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.16:62127 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:62339 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56727 -> 1.1.1.1:53

Downloads executable code via HTTP

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 22 May 2024 15:27:41 GMTContent-Type: application/octet-streamContent-Length: 1216832Connection: keep-aliveContent-Disposition: attachment; filename="cpcheckme_yt22zMIg.exe"Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 87 1d 78 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 5e 12 00 00 08 00 00 00 00 00 00 7a 7c 12 00 00 20 00 00 00 80 12 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 12 00 00 02 00 00 a6 93 12 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 28 7c 12 00 4f 00 00 00 00 80 12 00 f8 05 00 00 00 00 00 00 00 00 00 00 00 68 12 00 40 29 00 00 00 a0 12 00 0c 00 00 00 f0 7a 12 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 80 5c 12 00 00 20 00 00 00 5e 12 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f8 05 00 00 00 80 12 00 00 06 00 00 00 60 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 12 00 00 02 00 00 00 66 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5c 7c 12 00 00 00 00 00 48 00 00 00 02 00 05 00 2c 9a 00 00 4c 0d 01 00 01 00 00 00 04 00 00 06 78 a7 01 00 78 d3 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 04 00 6b 00 00 00 01 00 00 11 28 2e 00 00 06 17 17 28 1a 00 00 06 6f 2f 00 00 06 28 2e 00 00 06 17 72 01 00 00 70 28 01 00 00 2b 6f 33 00 00 06 02 28 0d 02 00 06 0a 06 2c 08 06 6f 4f 01 00 06 2c 0c 28 e1 00 00 06 6f e3 00 00 06 de 26 28 e1 00 00 06 06 6f e2 00 00 06 de 0f 0b 28 2e 00 00 06 1a 07 6f 32 00 00 06 de 00 28 2e 00 00 06 6f 31 00 00 06 2a 00 01 10 00 00 00 00 00 00 51 51 00 0f 11 00 00 01 13 30 05 00 84 00 00 00 02 00 00 11 28 2e 00 00 06 17 17 28 1a 00 00 06 6f 2f 00 00 06 28 2e 00 00 06 17 72 92 00 00 70 28 01 00 00 2b 6f 33 00 00 06 7e 1e 00 00 0a 0a 7e 1e 00 00 0a 0b 7e 1e 00 00 0a 0c 72 2f 01 00 70 0c 72 a9 01 00 70 0a 72 19 02 00 70 0b 73 bf 00 00 06 25 08 6f c6 00 00 06 06 07 6f ca 00 00 06 28 2e 00 00 06 17 72 81 02 00 70 06 07 28 1f 00 00 0a 28 01 00 00 2b 6f 33 00 00 06 28 2e 00 00 06 6f 31 00 00 06 2a 1e 02 28 20 00 00 0a 2a 1e 02 28 01 00 00 06 2a ae 7e 01 00 00 04 2d 1e 72 b7 02 00 70 d0 04 00 00 02 28 21 00 00 0a 6f 22 00 00 0a 73 23 00 00 0a 80 01 00 00 04 7

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.96.89
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	HTTP traffic detected: GET /ajax/libs/bluebird/3.3.5/bluebird.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js?render=explicit HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/checkpoint-theme-v2/images/parsley.png HTTP/1.1Host: www.checkpoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/checkpoint-theme-v2/images/parsley.png HTTP/1.1Host: www.checkpoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=FmAnyWgMhHnay6U&MD=oYOMN+rE HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=11wz3iwh9xgn HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=8k85QBI-qzxmenDv318AZH30 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=11wz3iwh9xgnAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/bg/cF9tiRHt4BzQa_gljZbyGUbjFHSRXJeGZWCTLs0pBwQ.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=11wz3iwh9xgnAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=l5a3zuoxr6a HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/reload?k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AOG1W2WMBU3Lx0soNhShTRFwELDfLwcuwdnkZ9CgIoYm0zp46CK031UHe6slDJOYHtKJUib-89BCs-dJrXG-9oE
Source: global traffic	HTTP traffic detected: GET /js/bg/y5IoXjo-_eM__FZ7BqlwDG0FWQvBnHNJLFAhT4QXhzA.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMObAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/userverify?k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AOG1W2WMBU3Lx0soNhShTRFwELDfLwcuwdnkZ9CgIoYm0zp46CK031UHe6slDJOYHtKJUib-89BCs-dJrXG-9oE
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=FmAnyWgMhHnay6U&MD=oYOMN+rE HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /checkme/ HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=9VZIGm90wfRnifjzbdjTPIdUF6UPW54l7ByzRbnFxTDnL98T7H9Eur6V4lniC5gF19ETotJESA6AHSfP4x4ciKKTv+20fajq6tfw9MvvZN9EQL1oXFLTVActPyOu
Source: global traffic	HTTP traffic detected: GET /checkme/assets/libs/fontawesome/css/font-awesome.min.css HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=20Ns1cykc2joaI0uxHJEMYgvGGHUue2tmpaEEXhEwxhv4HNw4ZZKMPAXVTAz9RSIPkfkOMp6Jt2LO8GXwX6ZGNx80WapsoBvhtPVs185fTTCt9rjgfcmGdeqPTBh
Source: global traffic	HTTP traffic detected: GET /checkme/vendor.16be15e20a43eba17559.js HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=20Ns1cykc2joaI0uxHJEMYgvGGHUue2tmpaEEXhEwxhv4HNw4ZZKMPAXVTAz9RSIPkfkOMp6Jt2LO8GXwX6ZGNx80WapsoBvhtPVs185fTTCt9rjgfcmGdeqPTBh
Source: global traffic	HTTP traffic detected: GET /checkme/bundle.16be15e20a43eba17559.js HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=20Ns1cykc2joaI0uxHJEMYgvGGHUue2tmpaEEXhEwxhv4HNw4ZZKMPAXVTAz9RSIPkfkOMp6Jt2LO8GXwX6ZGNx80WapsoBvhtPVs185fTTCt9rjgfcmGdeqPTBh
Source: global traffic	HTTP traffic detected: GET /check/testsAssets/instant_checkup.js?v=0.6652561465103368 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=hgou4MgWyuf1NbxB58p0H24yiV8HjvF4TXMdYeCCY4/W+fPDj1b5HkRAWWgeorZvRW/BM00Apj7x+C8RBFRquQVELDEB/a/egyaCG+1E3tzH/Yfp3YLoph15T1jP
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanTypesDetails?ts=1716391619425 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=rNwJ/gw1aCiGSddXo8tle6DTKjzDDrGTr1FsZcdttAgmUPmQlXsIxDRdIMU85JI0wKEYqybpebD1dufFxwO59QWmgjB4zQvAXsHzCTnadZq9W152JyctXaTLr4Or
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getAllTests?ts=1716391619429&category= HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=rNwJ/gw1aCiGSddXo8tle6DTKjzDDrGTr1FsZcdttAgmUPmQlXsIxDRdIMU85JI0wKEYqybpebD1dufFxwO59QWmgjB4zQvAXsHzCTnadZq9W152JyctXaTLr4Or
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getExcludedEmails?ts=1716391619429 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=rNwJ/gw1aCiGSddXo8tle6DTKjzDDrGTr1FsZcdttAgmUPmQlXsIxDRdIMU85JI0wKEYqybpebD1dufFxwO59QWmgjB4zQvAXsHzCTnadZq9W152JyctXaTLr4Or
Source: global traffic	HTTP traffic detected: GET /checkme/fonts/din.woff?v=1.0.0 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveOrigin: http://www.cpcheckme.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=rNwJ/gw1aCiGSddXo8tle6DTKjzDDrGTr1FsZcdttAgmUPmQlXsIxDRdIMU85JI0wKEYqybpebD1dufFxwO59QWmgjB4zQvAXsHzCTnadZq9W152JyctXaTLr4Or
Source: global traffic	HTTP traffic detected: GET /checkme/assets/libs/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveOrigin: http://www.cpcheckme.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/assets/libs/fontawesome/css/font-awesome.min.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=rNwJ/gw1aCiGSddXo8tle6DTKjzDDrGTr1FsZcdttAgmUPmQlXsIxDRdIMU85JI0wKEYqybpebD1dufFxwO59QWmgjB4zQvAXsHzCTnadZq9W152JyctXaTLr4Or
Source: global traffic	HTTP traffic detected: GET /checkme/rest/utils/getCaptchaType HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=fQ1vuCAQ+LX5fP9FFpX4jdqnMkhiJvjU3nvRj5GtmZ1hggHpUKlLmknHsxzKLxUo0skpUvNrqdMIjwyKtJS7T38Vlg2znlGzG4Ypo11dfhg4GJMJ1SR3ctSOwdvL
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getAllTests?ts=1716391619429&category= HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=Gd1uru2VcjlY0Je0e4n8PoEib9ijlg60pKhAZhVIahgFZjZa4+48AVW7q6KoX90AeJDkkWwwBcgaoTr8RoVTKs204AJgEPQ+gL0mR1quQXA7PYaVUT1d0tixllPV
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanTypesDetails?ts=1716391619425 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=fQ1vuCAQ+LX5fP9FFpX4jdqnMkhiJvjU3nvRj5GtmZ1hggHpUKlLmknHsxzKLxUo0skpUvNrqdMIjwyKtJS7T38Vlg2znlGzG4Ypo11dfhg4GJMJ1SR3ctSOwdvL
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getExcludedEmails?ts=1716391619429 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=0mYBx9525ryXtIoqeRqKbJeZKPWEHu74769q2/P/0rN0jCrBXwkvsh1iHvz66BNYG2PgBlt8EEIkoOwHqxZuE1UA1bCeqI+XBChklCloRHSo5d4L1vPJDqnTmwM7
Source: global traffic	HTTP traffic detected: GET /checkme/rest/utils/getCaptchaType HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=O+UvY6TXnA9rmHnE72bgdMFFYpRam+J/trsVh2XJULbxW4Ij5wItM9iFOrFSWTfNnmS5qPz4cgn3K41atTYm6lzHDVpi6unFvi+2XvwUl9hPhO4/G+FkZjtvBfNS
Source: global traffic	HTTP traffic detected: GET /checkme/ HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=oZwKzeTpVngadSgeD4roJp3GVgWR3NzYjEQPnSG6Zu1xS2uZQirezWaTe/9AcIMkybv5PxLV5mic9qBNHt4TY8wyIM9Wc4WkDqhvVYs0ktGiOIUTKWAu9I9YqTxjIf-None-Match: W/"3971-1684859588000"If-Modified-Since: Tue, 23 May 2023 16:33:08 GMT
Source: global traffic	HTTP traffic detected: GET /check/testsAssets/instant_checkup.js?v=0.6537682150719368 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=OwocWPpZs5cdNA0YDmhebwepfiq1p6/4VMaaW37qnkp+q4fj95+8PSwINOLtf1mdvOf1D7REgn5mVAZr8l+unKdwXyocn3Ycu2jaq+iEhdf37h4/X5lgG5KVoodp
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanTypesDetails?ts=1716391642957 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=OwocWPpZs5cdNA0YDmhebwepfiq1p6/4VMaaW37qnkp+q4fj95+8PSwINOLtf1mdvOf1D7REgn5mVAZr8l+unKdwXyocn3Ycu2jaq+iEhdf37h4/X5lgG5KVoodp
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getAllTests?ts=1716391642959&category= HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=OwocWPpZs5cdNA0YDmhebwepfiq1p6/4VMaaW37qnkp+q4fj95+8PSwINOLtf1mdvOf1D7REgn5mVAZr8l+unKdwXyocn3Ycu2jaq+iEhdf37h4/X5lgG5KVoodp
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getExcludedEmails?ts=1716391642959 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=OwocWPpZs5cdNA0YDmhebwepfiq1p6/4VMaaW37qnkp+q4fj95+8PSwINOLtf1mdvOf1D7REgn5mVAZr8l+unKdwXyocn3Ycu2jaq+iEhdf37h4/X5lgG5KVoodp
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanTypesDetails?ts=1716391642957 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=cFGMXUN96TLXW7m1KAtQw1o0Wwl0SflKhVow0etQKvxcO8SPmedQnvmG0pYlGn5m7IXRRjFKDNYyMhf+fwOGNYF9NXBlLcPjP7nQ/QIglWbIdJrzhSWiiNfg6CY9
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getExcludedEmails?ts=1716391642959 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=cFGMXUN96TLXW7m1KAtQw1o0Wwl0SflKhVow0etQKvxcO8SPmedQnvmG0pYlGn5m7IXRRjFKDNYyMhf+fwOGNYF9NXBlLcPjP7nQ/QIglWbIdJrzhSWiiNfg6CY9
Source: global traffic	HTTP traffic detected: GET /checkme/rest/utils/getCaptchaType HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=cFGMXUN96TLXW7m1KAtQw1o0Wwl0SflKhVow0etQKvxcO8SPmedQnvmG0pYlGn5m7IXRRjFKDNYyMhf+fwOGNYF9NXBlLcPjP7nQ/QIglWbIdJrzhSWiiNfg6CY9
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getAllTests?ts=1716391642959&category= HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=rpr0HGgZy2f2qU8vDNGoQSh6GHnqTarq6xQSJE6AOHCZ09cWRqa779g0z4awQzetbO0uf1i5awVAgmHuuJ3mr/qFt3/s5fm0K/2JNco9Q8wEjLjyLNKYSXTZO+TC
Source: global traffic	HTTP traffic detected: GET /checkme/rest/utils/getCaptchaType HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=nqkbPslmcaeQsyH/RXSyBsP3XeMuXx/24eOvbCdyloxX4y39vVy5M+M4WV5Diegpp2TD86Rax9syCzIfd325AlbkkOH7t/nbwbrY7fAL0umo2f2g/sIpzgq803iS
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/startScan HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=sc8NwWVq+v4WUX8RsnnqqQjt23RnYsJWdQGvOmPVSOjA9+AMus/hV7yrMIehIaJULtIV8pppvOplgNrGLLRr2lylZJWL/W5STfBjbguv9QM7Ad0tbXdaYI21Lg7W
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/updateStatuses HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=jMrsGMf4HBXr3E8kN3u1knV6ORUbOzYHexJToT6pYanc7EwjCLlIunqEls3kew9A2JhXDg2hjSNTbamGtJqEPTE09X6hz0rmhDdHstrEOzA1ADhSzxn+cukEu0d7
Source: global traffic	HTTP traffic detected: GET /cpcheckme.exe?uid=yt22zMIg HTTP/1.1Host: cpcheckmefiles-lb-1966426125.eu-west-1.elb.amazonaws.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391665606&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=i558L86v2j8D6ongz1E93KPCv88l5W+UelXAcR9Awmxn9haPtL4kuJjUF3Fg/FBPKJuGqgv2P8PZ6olc1W7shLsOwqbdLt1kSM1wGpZH7cvDodAllhAXS1XpbbIA
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391665606&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=x3L0QCYDVkvVRNRGzz0BKBrIucCZorXH9VrET52jl7rscxdCRRTtIQ85NnLZq4kRx187ftH75xALeZe6QGiG5t8nL02KsMevp3/rItyCVg1IftkfQnGRjS5mT/i3
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391670793&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=+ESM9fTkWMrifQjs9xv+BOBt/iuLeuxrfpoWLjmjaDSaaH8mm4pCvt7kWQQwWRNseD7JSDCSggFLIBec9CyRekMU/HT+p1E6Z4D+MfAZnJUgwqi5eWfIQg/wGcY4
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391670793&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=fS0XR/8MNPGNfiCAn31eT9IrVnRLIezYwWqrKxPzDiDg+LZ4xO3UcbHm0ihfvVzDjWUSQxTFNzH/1eV870hDvARBw3FH/+3NIHFHKy2nHiCUGA4E8z5Gba1X/uFp
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391676043&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=DrxrrxdYOi18LtQfPSo+DNSPBORE7Z70/qW66K1uH+SlmoEJwoLcrASiouRyKNERRBOSQyLwIxy3uWFuFF54uCu9Q51TqG/+gnnnuOa9wcYZmfOvHQjc2zgP6JXF
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391676043&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=qHNXzFQPR8bUEUBeimgOzm3UX2HL/a3tLkxZjxG2G2tIzw9oQBZAtu0/QXva+/qPH9OzUbc0rQcrpbDEap0ZEKrCCDYv96kGcf0ImmPp9anA5VY+y8HdyXW+9dfZ
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391681227&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; AWSALB=wiUJTf+Zln1u9bnrCjRfGvCWkbzer2LZ/9+ZIyESVk5xNHvIgLPX1SstXDNLZp03vt0q+HsRdDV9ckccZqApd1qjH4No4QnMruPPcqGt5FAmYZFdxIGO/4Yjp7CY
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391681227&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; AWSALB=I8BfgbBPrnfAuyYj8Y2QYwDDgLbx4qdg0ehvojFdl9FxCozEKMBDB44icljiAClTZfRDxBZ6+ZVHDSlu3QnVJyYo3NnNZwNs/8EPmUNj1SasgjZ3Zb/WCF2FWtNg

Source: chromecache_155.1.dr	String found in binary or memory: L.getElementsByTagName("iframe"),oa=R.length,ka=0;ka<oa;ka++)if(!v&&c(R[ka],E.xe)){pI("https://www.youtube.com/iframe_api");v=!0;break}})}}else I(u.vtp_gtmOnSuccess)}var q=["www.youtube.com","www.youtube-nocookie.com"],r={UNSTARTED:-1,ENDED:0,PLAYING:1,PAUSED:2,BUFFERING:3,CUED:5},t,v=!1;Z.__ytl=n;Z.__ytl.D="ytl";Z.__ytl.isVendorTemplate=!0;Z.__ytl.priorityOverride=0;Z.__ytl.isInfrastructure=!1; equals www.youtube.com (Youtube)
Source: chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: Math.round(p);u["gtm.videoCurrentTime"]=Math.round(q);u["gtm.videoElapsedTime"]=Math.round(f);u["gtm.videoPercent"]=r;u["gtm.videoVisible"]=t;return u},bk:function(){e=Db()},pd:function(){d()}}};var hc=ma(["data-gtm-yt-inspected-"]),CC=["www.youtube.com","www.youtube-nocookie.com"],DC,EC=!1; equals www.youtube.com (Youtube)
Source: chromecache_190.1.dr	String found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var h=kA(a,c,e);O(121);if("https://www.facebook.com/tr/"===h["gtm.elementUrl"])return O(122),!0;if(d&&f){for(var m=Nb(b,g.length),n=0;n<g.length;++n)g[n](h,m);return m.done}for(var p=0;p<g.length;++p)g[p](h,function(){});return!0},nA=function(){var a=[],b=function(c){return tb(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
Source: chromecache_190.1.dr	String found in binary or memory: e\|\|f\|\|g.length\|\|h.length))return;var n={Wg:d,Ug:e,Vg:f,Lh:g,Mh:h,xe:m,Ab:b},p=G.YT,q=function(){KC(n)};if(p)return p.ready&&p.ready(q),b;var r=G.onYouTubeIframeAPIReady;G.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=H.getElementsByTagName("script"),v=t.length,u=0;u<v;u++){var w=t[u].getAttribute("src");if(NC(w,"iframe_api")\|\|NC(w,"player_api"))return b}for(var y=H.getElementsByTagName("iframe"),x=y.length,B=0;B<x;B++)if(!EC&&LC(y[B],n.xe))return xc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_155.1.dr	String found in binary or memory: function(h){return h.form===g})};return{store:function(g,h){var m=f(g);m?m.button=h:e.push({form:g,button:h})},get:function(g){var h=f(g);return h?h.button:null}}}function d(e,f,g,h,m){var n=Iz("fsl",g?"nv.mwt":"mwt",0),p;p=g?Iz("fsl","nv.ids",[]):Iz("fsl","ids",[]);if(!p.length)return!0;var q=Nz(e,"gtm.formSubmit",p),r=e.action;r&&r.tagName&&(r=e.cloneNode(!1).action);q["gtm.elementUrl"]=r;O(121);if("https://www.facebook.com/tr/"===r)return O(122),!0;m&&(q["gtm.formSubmitElement"]=m);if(h&&n){if(!tI(q, equals www.facebook.com (Facebook)
Source: chromecache_200.1.dr	String found in binary or memory: return b}AC.K="internal.enableAutoEventOnTimer";var hc=ma(["data-gtm-yt-inspected-"]),CC=["www.youtube.com","www.youtube-nocookie.com"],DC,EC=!1; equals www.youtube.com (Youtube)
Source: chromecache_190.1.dr	String found in binary or memory: var PB=function(a,b,c,d,e){var f=Iz("fsl",c?"nv.mwt":"mwt",0),g;g=c?Iz("fsl","nv.ids",[]):Iz("fsl","ids",[]);if(!g.length)return!0;var h=Nz(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);O(121);if("https://www.facebook.com/tr/"===m)return O(122),!0;h["gtm.elementUrl"]=m;h["gtm.formCanceled"]=c;null!=a.getAttribute("name")&&(h["gtm.interactedFormName"]=a.getAttribute("name"));e&&(h["gtm.formSubmitElement"]=e,h["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!uy(h,vy(b, equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.cpcheckme.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: sc1.checkpoint.com
Source: global traffic	DNS traffic detected: DNS query: www.checkpoint.com
Source: global traffic	DNS traffic detected: DNS query: cpcheckmefiles-lb-1966426125.eu-west-1.elb.amazonaws.com

Source: unknown

HTTP traffic detected: POST /recaptcha/api2/reload?k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb HTTP/1.1Host: www.google.comConnection: keep-aliveContent-Length: 9078sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-protobufferAccept: */*Origin: https://www.google.comX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMObAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_194.1.dr	String found in binary or memory: http://api.jqueryui.com/category/ui-core/
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: chromecache_176.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD01000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCA5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB53000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBB5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD57000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD35000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC75000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC53000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB93000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCEB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCD9000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBF6000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCCD000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCAB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD63000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBDD000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD23000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC2B000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBBB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB5F000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB65000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dualstack.elb-ireland1-1194672184.eu-west-1.elb.amazonaws.com
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/1.asp?FileName=a.pdf&AppID=2&MainID=9&SecID=9&MinID=2
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/1.asp?src=file.jpg&fltr
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/1.asp?xss=%3Cscript%3Ealert%28%221%22%29%3C%2Fscript%3E
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/blockchain.txt
Source: chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/check/testsAssets/post.html
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/e.bz2
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/e.txt
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/e.zip
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/exploit_page_buffer.html
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/getcfg.php?SERVICES=DEVICE.LOG&x=y&AUTHORIZED_GROUP=1
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/win7_64bit_big.com
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/win7_64bit_big.pdf
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/win7_64bit_big.zip
Source: chromecache_189.1.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_189.1.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://hot-emailer.ru/favicon.ico
Source: chromecache_194.1.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_194.1.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_194.1.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_177.1.dr	String found in binary or memory: http://localhost:8282/check/testsAssets/instant_checkup.js
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://login.msa.akadns6.net/favicon.ico
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://proxy.my-addr.com/favicon.ico
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://s3-eu-west-1.amazonaws.com/cp-chk-files/win7_64bit_big_enc.zip
Source: chromecache_180.1.dr, chromecache_175.1.dr, chromecache_130.1.dr, chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/Anonymizer_Usage.svg
Source: chromecache_180.1.dr, chromecache_175.1.dr, chromecache_130.1.dr, chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/Data_Leakage.svg
Source: chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/Malware_Infection.svg
Source: chromecache_180.1.dr, chromecache_175.1.dr, chromecache_130.1.dr, chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/Persistence_Threat.svg
Source: chromecache_180.1.dr, chromecache_175.1.dr, chromecache_130.1.dr, chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/Ransomware_Attack.svg
Source: chromecache_180.1.dr, chromecache_175.1.dr, chromecache_130.1.dr, chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/Zero_Day.svg
Source: chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/browser.svg
Source: chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/command_and_control_communication_64.svg
Source: chromecache_136.1.dr, chromecache_193.1.dr, chromecache_151.1.dr, chromecache_183.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/SVG/Cloud_Icon.svg
Source: chromecache_136.1.dr, chromecache_193.1.dr, chromecache_151.1.dr, chromecache_183.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/SVG/Endpoint_Icon.svg
Source: chromecache_136.1.dr, chromecache_193.1.dr, chromecache_151.1.dr, chromecache_183.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/SVG/Mobile_Icon.svg
Source: chromecache_136.1.dr, chromecache_193.1.dr, chromecache_151.1.dr, chromecache_183.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/SVG/Network_Icon.svg
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CA23000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CAE4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CA23000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CA23000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CAE4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/CheckMeAgent.Engine.WebApi
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CABB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://site-to-meet.com/favicon.ico
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD01000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCA5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB53000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBCD000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBB5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD57000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD35000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC75000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC53000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB93000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD47000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCEB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CABB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCF1000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCD9000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD13000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC43000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBF6000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCCD000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCAB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD63000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.cpcheckme.com
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CABB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2361345704.0000022BA508B000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: http://www.cpcheckme.com/checkme/rest/endpoint/
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCA5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBB5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB93000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCEB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCD9000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD63000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB25000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB43000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD1D000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC2B000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB5F000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC4D000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CAE4000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBD7000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD85000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD0D000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD73000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD51000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCFB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC13000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.cpcheckme.com/checkme/rest/endpoint/p
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.cpcheckme.com/checkme/rest/endpoint/start
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2361345704.0000022BA506F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cpcheckme.com/checkme/rest/endpoint/starte
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2361345704.0000022BA506F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cpcheckme.com/checkme/rest/endpoint/startse
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://www.fkiinqdfc9un.xyz/login/assets/img/fav.ico
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://www.jewelsyz.com/favicon.ico
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: http://www.threat-cloud.com/config.php
Source: chromecache_176.1.dr	String found in binary or memory: http://www.threat-cloud.com/test/files/HighConfidenceBot.html
Source: sets.json.0.dr	String found in binary or memory: https://abczdrowie.pl
Source: chromecache_200.1.dr, chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_200.1.dr, chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: sets.json.0.dr	String found in binary or memory: https://alice.tw
Source: chromecache_144.1.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: sets.json.0.dr	String found in binary or memory: https://autobild.de
Source: sets.json.0.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.0.dr	String found in binary or memory: https://bild.de
Source: sets.json.0.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.0.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.0.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.0.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.0.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.0.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.0.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.0.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.dr	String found in binary or memory: https://cardsayings.net
Source: chromecache_200.1.dr, chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_177.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/bluebird/3.3.5/bluebird.min.js
Source: sets.json.0.dr	String found in binary or memory: https://chennien.com
Source: sets.json.0.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.0.dr	String found in binary or memory: https://clmbtech.com
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: sets.json.0.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.0.dr	String found in binary or memory: https://computerbild.de
Source: chromecache_155.1.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: sets.json.0.dr	String found in binary or memory: https://cookreactor.com
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: sets.json.0.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.0.dr	String found in binary or memory: https://desimartini.com
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: sets.json.0.dr	String found in binary or memory: https://dewarmsteweek.be
Source: LICENSE.txt.0.dr	String found in binary or memory: https://easylist.to/)
Source: sets.json.0.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.0.dr	String found in binary or memory: https://een.be
Source: sets.json.0.dr	String found in binary or memory: https://efront.com
Source: sets.json.0.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.0.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.0.dr	String found in binary or memory: https://ella.sv
Source: sets.json.0.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.0.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.dr	String found in binary or memory: https://fakt.pl
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: https://files.cpcheckme.com/check/testsAssets/post.html
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: https://files.cpcheckme.com/e.zip
Source: sets.json.0.dr	String found in binary or memory: https://finn.no
Source: sets.json.0.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.0.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://gettalkdesk.com
Source: chromecache_194.1.dr	String found in binary or memory: https://github.com/ded/bowser
Source: LICENSE.txt.0.dr	String found in binary or memory: https://github.com/easylist)
Source: chromecache_194.1.dr	String found in binary or memory: https://github.com/jsstyles/css-vendor
Source: chromecache_155.1.dr	String found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: sets.json.0.dr	String found in binary or memory: https://gliadomain.com
Source: chromecache_155.1.dr	String found in binary or memory: https://google.com
Source: chromecache_155.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net
Source: sets.json.0.dr	String found in binary or memory: https://grid.id
Source: sets.json.0.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.0.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.0.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.0.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://hapara.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.global
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.0.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.0.dr	String found in binary or memory: https://hearty.app
Source: sets.json.0.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.0.dr	String found in binary or memory: https://hearty.me
Source: sets.json.0.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.0.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.0.dr	String found in binary or memory: https://hj.rs
Source: sets.json.0.dr	String found in binary or memory: https://hjck.com
Source: sets.json.0.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.0.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.0.dr	String found in binary or memory: https://iolam.it
Source: sets.json.0.dr	String found in binary or memory: https://ishares.com
Source: sets.json.0.dr	String found in binary or memory: https://jagran.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.0.dr	String found in binary or memory: https://kompas.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.0.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.0.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.0.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.0.dr	String found in binary or memory: https://libero.it
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.0.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.0.dr	String found in binary or memory: https://livemint.com
Source: sets.json.0.dr	String found in binary or memory: https://max.auto
Source: sets.json.0.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.0.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.0.dr	String found in binary or memory: https://money.pl
Source: sets.json.0.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://nacion.com
Source: sets.json.0.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.co
Source: sets.json.0.dr	String found in binary or memory: https://nien.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.org
Source: sets.json.0.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.dr	String found in binary or memory: https://o2.pl
Source: sets.json.0.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.0.dr	String found in binary or memory: https://onet.pl
Source: sets.json.0.dr	String found in binary or memory: https://ottplay.com
Source: chromecache_190.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_200.1.dr, chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: sets.json.0.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.dr	String found in binary or memory: https://phonandroid.com
Source: chromecache_140.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: sets.json.0.dr	String found in binary or memory: https://player.pl
Source: sets.json.0.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.0.dr	String found in binary or memory: https://poalim.site
Source: sets.json.0.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.0.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.0.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.0.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://radio1.be
Source: sets.json.0.dr	String found in binary or memory: https://radio2.be
Source: sets.json.0.dr	String found in binary or memory: https://reactor.cc
Source: chromecache_140.1.dr	String found in binary or memory: https://recaptcha.net
Source: sets.json.0.dr	String found in binary or memory: https://repid.org
Source: sets.json.0.dr	String found in binary or memory: https://reshim.org
Source: sets.json.0.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws3nvtvt.com
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: https://s3.us-east-2.amazonaws.com/cpcheckmefiles/files/Malware.enc
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: https://s3.us-east-2.amazonaws.com/cpcheckmefiles/files/Ransom.enc
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: https://s3.us-east-2.amazonaws.com/cpcheckmefiles/files/antex_test_x64.enc
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: https://s3.us-east-2.amazonaws.com/cpcheckmefiles/files/antex_test_x86.enc
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: https://s3.us-east-2.amazonaws.com/cpcheckmefiles/files/win7_64bit_big.enc
Source: sets.json.0.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.0.dr	String found in binary or memory: https://samayam.com
Source: chromecache_177.1.dr	String found in binary or memory: https://sc1.checkpoint.com/ThreatPortal/assets/images/Browser_message.png
Source: chromecache_177.1.dr	String found in binary or memory: https://sc1.checkpoint.com/uc/images/favicons/favicon.ico
Source: chromecache_155.1.dr	String found in binary or memory: https://script.crazyegg.com/pages/scripts/
Source: sets.json.0.dr	String found in binary or memory: https://shock.co
Source: sets.json.0.dr	String found in binary or memory: https://smoney.vn
Source: chromecache_155.1.dr	String found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js
Source: sets.json.0.dr	String found in binary or memory: https://songshare.com
Source: sets.json.0.dr	String found in binary or memory: https://songstats.com
Source: sets.json.0.dr	String found in binary or memory: https://sporza.be
Source: sets.json.0.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: chromecache_155.1.dr	String found in binary or memory: https://static.ads-twitter.com/uwt.js
Source: chromecache_200.1.dr, chromecache_190.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_144.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: sets.json.0.dr	String found in binary or memory: https://stripe.com
Source: sets.json.0.dr	String found in binary or memory: https://stripe.network
Source: sets.json.0.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.0.dr	String found in binary or memory: https://supereva.it
Source: chromecache_140.1.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_144.1.dr	String found in binary or memory: https://tagassistant.google.com/
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskstgid.com
Source: chromecache_200.1.dr, chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://td.doubleclick.net
Source: sets.json.0.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.0.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.0.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.0.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.0.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://tvid.in
Source: sets.json.0.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.0.dr	String found in binary or memory: https://unotv.com
Source: sets.json.0.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.0.dr	String found in binary or memory: https://vrt.be
Source: sets.json.0.dr	String found in binary or memory: https://vwo.com
Source: sets.json.0.dr	String found in binary or memory: https://welt.de
Source: sets.json.0.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.dr	String found in binary or memory: https://wildix.com
Source: sets.json.0.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.0.dr	String found in binary or memory: https://wingify.com
Source: sets.json.0.dr	String found in binary or memory: https://wordle.at
Source: sets.json.0.dr	String found in binary or memory: https://wp.pl
Source: sets.json.0.dr	String found in binary or memory: https://wpext.pl
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://www.apache.org/licenses/
Source: sets.json.0.dr	String found in binary or memory: https://www.asadcdn.com
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: https://www.checkpoint.com
Source: chromecache_177.1.dr, chromecache_155.1.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_144.1.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_144.1.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_144.1.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_190.1.dr	String found in binary or memory: https://www.google.com
Source: chromecache_144.1.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_177.1.dr	String found in binary or memory: https://www.google.com/chrome/
Source: chromecache_177.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?render=explicit
Source: chromecache_174.1.dr, chromecache_162.1.dr, chromecache_140.1.dr, chromecache_128.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_190.1.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_155.1.dr	String found in binary or memory: https://www.googletagmanager.com/a?
Source: chromecache_144.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_177.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: chromecache_177.1.dr	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-5JCRGP
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__.
Source: chromecache_174.1.dr, chromecache_163.1.dr, chromecache_128.1.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__en.js
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: https://www.invincibull.io/wp-content/uploads/cropped-vince-favicon-512x512-32x32.jpg
Source: chromecache_200.1.dr, chromecache_190.1.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_177.1.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/
Source: chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://www.youtube.com/iframe_api
Source: sets.json.0.dr	String found in binary or memory: https://ya.ru
Source: sets.json.0.dr	String found in binary or memory: https://zalo.me
Source: sets.json.0.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://zingmp3.vn

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 56737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56737
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49807 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\Google.Widevine.CDM.dll	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\LICENSE.txt	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\Filtering Rules	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\manifest.fingerprint	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_1996_953561296

Jump to behavior

PE file contains more sections than normal

Source: Google.Widevine.CDM.dll.0.dr

Static PE information: Number of sections : 12 > 10

PE file does not import any functions

Source: c06b9dbc-dc73-4ca5-8be7-44a4c0c2d82b.tmp.0.dr

Static PE information: No import functions for PE file found

PE file overlay found

Source: c06b9dbc-dc73-4ca5-8be7-44a4c0c2d82b.tmp.0.dr

Static PE information: Data appended to the last section found

Source: Unconfirmed 6574.crdownload.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: chromecache_176.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal60.troj.evad.win@25/158@32/13

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe

Mutant created: NULL

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe

File created: c:\temp\CheckMe.log

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.cpcheckme.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1956,i,12651588172182524890,15873818534290352819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5184 --field-trial-handle=1956,i,12651588172182524890,15873818534290352819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe "C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1956,i,12651588172182524890,15873818534290352819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5184 --field-trial-handle=1956,i,12651588172182524890,15873818534290352819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: iertutil.dll	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.0.dr
Source:	Binary string: D:\src\EP_CheckMe_V_GALLIUM_POST_CL_VS13\Src\CheckMeAgent\obj\Release\CheckMeAgent.pdb source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AB67000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr
Source:	Binary string: D:\src\EP_CheckMe_V_GALLIUM_POST_CL_VS13\Src\CheckMeAgent\obj\Release\CheckMeAgent.pdbP\| source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AB67000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr

PE file contains an invalid checksum

Source: c06b9dbc-dc73-4ca5-8be7-44a4c0c2d82b.tmp.0.dr

Static PE information: real checksum: 0x1293a6 should be: 0x2fa7

PE file contains sections with non-standard names

Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .00cfg
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .gxfg
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .retplne
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .voltbl
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Code function: 15_2_00007FFEBC7F2A37 pushad ; ret	15_2_00007FFEBC7F2A43
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Code function: 15_2_00007FFEBC7F1664 push ss; iretd	15_2_00007FFEBC7F1667
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Code function: 15_2_00007FFEBC7F7782 pushad ; ret	15_2_00007FFEBC7F77AD
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Code function: 15_2_00007FFEBC7F03AD push E95E4B53h; ret	15_2_00007FFEBC7F03B9

Source: Unconfirmed 6574.crdownload.0.dr	Static PE information: section name: .text entropy: 7.745054109162031
Source: chromecache_176.1.dr	Static PE information: section name: .text entropy: 7.745054109162031

Drops PE files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 6574.crdownload	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe (copy)	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\c06b9dbc-dc73-4ca5-8be7-44a4c0c2d82b.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\Google.Widevine.CDM.dll	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 176	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\Google.Widevine.CDM.dll

Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 176
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 176			Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\LICENSE.txt

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Memory allocated: 22B8AE90000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Memory allocated: 22BA4860000 memory reserve \| memory write watch			Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599888	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599775	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599665	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599553	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599426	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599298	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599186	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599073	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598963	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598851	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598739	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598613	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598486	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598374	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598262	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598150	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598040	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597929	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597817	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597673	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597561	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597448	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597338	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597226	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597116	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597006	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596879	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596751	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596639	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596531	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596420	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596308	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596196	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596084	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595956	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595829	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595701	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595589	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595477	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595366	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595255	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595127	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595015	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594904	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594792	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594680	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594568	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594440	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594328	Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe

Window / User API: threadDelayed 9843

Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -5534023222112862s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599888s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6500	Thread sleep count: 9843 > 30	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599775s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599665s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599553s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599426s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599298s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599186s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599073s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598963s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598851s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598739s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598613s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598486s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598374s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598262s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598150s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598040s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597929s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597817s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597673s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597561s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597448s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597338s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597226s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597116s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597006s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596879s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596751s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596639s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596531s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596420s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596308s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596196s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596084s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595956s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595829s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595701s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595589s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595477s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595366s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595255s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595127s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595015s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -594904s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -594792s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -594680s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -594568s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -594440s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -594328s >= -30000s	Jump to behavior

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599888	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599775	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599665	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599553	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599426	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599298	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599186	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599073	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598963	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598851	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598739	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598613	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598486	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598374	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598262	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598150	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598040	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597929	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597817	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597673	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597561	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597448	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597338	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597226	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597116	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597006	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596879	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596751	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596639	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596531	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596420	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596308	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596196	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596084	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595956	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595829	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595701	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595589	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595477	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595366	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595255	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595127	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595015	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594904	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594792	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594680	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594568	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594440	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594328	Jump to behavior

Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2351903030.0000022B8ACD2000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: cpcheckme_yt22zMIg.exe PID: 8176, type: MEMORYSTR

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Queries volume information: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	unknown	United States	15169	GOOGLEUS	false
216.58.212.164	unknown	United States	15169	GOOGLEUS	false
52.213.172.255	unknown	United States	16509	AMAZON-02US	false
34.251.116.243	unknown	United States	16509	AMAZON-02US	false
52.49.232.14	dualstack.elb-ireland1-1194672184.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
18.66.147.106	unknown	United States	3	MIT-GATEWAYSUS	false
18.66.147.95	d4epvaz4tpdrm.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.17
192.168.2.16
192.168.2.18

Contacted Domains

Name	IP	Active
d4epvaz4tpdrm.cloudfront.net	18.66.147.95	true
cdnjs.cloudflare.com	104.17.25.14	true
dualstack.elb-ireland1-1194672184.eu-west-1.elb.amazonaws.com	52.49.232.14	true
www.google.com	172.217.18.4	true
cpcheckmefiles-lb-1966426125.eu-west-1.elb.amazonaws.com	52.213.222.12	true
sc1.checkpoint.com	unknown	unknown
www.cpcheckme.com	unknown	unknown
www.checkpoint.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.cpcheckme.com/checkme/rest/test/getScanTypesDetails?ts=1716391642957	false	Avira URL Cloud: malware	unknown
http://www.cpcheckme.com/checkme/rest/test/getScanStatus?ts=1716391676043&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2	false	Avira URL Cloud: malware	unknown
http://www.cpcheckme.com/checkme/rest/test/getExcludedEmails?ts=1716391642959	false	Avira URL Cloud: malware	unknown
about:blank	false	Avira URL Cloud: safe	unknown
http://www.cpcheckme.com/check/testsAssets/instant_checkup.js?v=0.6652561465103368	false	Avira URL Cloud: safe	unknown
http://www.cpcheckme.com/checkme/rest/endpoint/start	false	Avira URL Cloud: malware	unknown
http://www.cpcheckme.com/checkme/vendor.16be15e20a43eba17559.js	false	Avira URL Cloud: malware	unknown
https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb	false		unknown
http://www.cpcheckme.com/checkme/assets/libs/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0	false	Avira URL Cloud: malware	unknown
http://www.cpcheckme.com/checkme/rest/test/getAllTests?ts=1716391619429&category=	false	Avira URL Cloud: malware	unknown
http://www.cpcheckme.com/checkme/rest/test/getScanStatus?ts=1716391670793&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2	false	Avira URL Cloud: malware	unknown

AV Detection

Antivirus detection for URL or domain

Source: http://www.cpcheckme.com/checkme/rest/test/getScanTypesDetails?ts=1716391642957	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/test/getScanStatus?ts=1716391676043&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/test/getExcludedEmails?ts=1716391642959	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/endpoint/p	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/endpoint/start	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/vendor.16be15e20a43eba17559.js	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/assets/libs/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/endpoint/starte	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/test/getAllTests?ts=1716391619429&category=	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/test/getScanStatus?ts=1716391670793&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2	Avira URL Cloud: Label: malware

HTML page contains hidden URLs or javascript code

Source: http://www.cpcheckme.com/checkme/

HTTP Parser: Base64 decoded: http://www.cpcheckme.com:80

Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=11wz3iwh9xgn	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=l5a3zuoxr6a	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=l5a3zuoxr6a	HTTP Parser: No favicon

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\LICENSE.txt

Jump to behavior

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49807 version: TLS 1.2

Source:	Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.0.dr
Source:	Binary string: D:\src\EP_CheckMe_V_GALLIUM_POST_CL_VS13\Src\CheckMeAgent\obj\Release\CheckMeAgent.pdb source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AB67000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr
Source:	Binary string: D:\src\EP_CheckMe_V_GALLIUM_POST_CL_VS13\Src\CheckMeAgent\obj\Release\CheckMeAgent.pdbP\| source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AB67000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr

Networking

Yara detected Generic Downloader

Source: Yara match	File source: 15.0.cpcheckme_yt22zMIg.exe.22b8aa40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\Downloads\Unconfirmed 6574.crdownload, type: DROPPED
Source: Yara match	File source: dropped/chromecache_176, type: DROPPED

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.16:62127 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:62339 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56727 -> 1.1.1.1:53

Downloads executable code via HTTP

Source: global traffic

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.96.89
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	HTTP traffic detected: GET /ajax/libs/bluebird/3.3.5/bluebird.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js?render=explicit HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/checkpoint-theme-v2/images/parsley.png HTTP/1.1Host: www.checkpoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/checkpoint-theme-v2/images/parsley.png HTTP/1.1Host: www.checkpoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=FmAnyWgMhHnay6U&MD=oYOMN+rE HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=11wz3iwh9xgn HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=8k85QBI-qzxmenDv318AZH30 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=11wz3iwh9xgnAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/bg/cF9tiRHt4BzQa_gljZbyGUbjFHSRXJeGZWCTLs0pBwQ.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=11wz3iwh9xgnAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=l5a3zuoxr6a HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/reload?k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AOG1W2WMBU3Lx0soNhShTRFwELDfLwcuwdnkZ9CgIoYm0zp46CK031UHe6slDJOYHtKJUib-89BCs-dJrXG-9oE
Source: global traffic	HTTP traffic detected: GET /js/bg/y5IoXjo-_eM__FZ7BqlwDG0FWQvBnHNJLFAhT4QXhzA.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMObAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/userverify?k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AOG1W2WMBU3Lx0soNhShTRFwELDfLwcuwdnkZ9CgIoYm0zp46CK031UHe6slDJOYHtKJUib-89BCs-dJrXG-9oE
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=FmAnyWgMhHnay6U&MD=oYOMN+rE HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /checkme/ HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=9VZIGm90wfRnifjzbdjTPIdUF6UPW54l7ByzRbnFxTDnL98T7H9Eur6V4lniC5gF19ETotJESA6AHSfP4x4ciKKTv+20fajq6tfw9MvvZN9EQL1oXFLTVActPyOu
Source: global traffic	HTTP traffic detected: GET /checkme/assets/libs/fontawesome/css/font-awesome.min.css HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=20Ns1cykc2joaI0uxHJEMYgvGGHUue2tmpaEEXhEwxhv4HNw4ZZKMPAXVTAz9RSIPkfkOMp6Jt2LO8GXwX6ZGNx80WapsoBvhtPVs185fTTCt9rjgfcmGdeqPTBh
Source: global traffic	HTTP traffic detected: GET /checkme/vendor.16be15e20a43eba17559.js HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=20Ns1cykc2joaI0uxHJEMYgvGGHUue2tmpaEEXhEwxhv4HNw4ZZKMPAXVTAz9RSIPkfkOMp6Jt2LO8GXwX6ZGNx80WapsoBvhtPVs185fTTCt9rjgfcmGdeqPTBh
Source: global traffic	HTTP traffic detected: GET /checkme/bundle.16be15e20a43eba17559.js HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=20Ns1cykc2joaI0uxHJEMYgvGGHUue2tmpaEEXhEwxhv4HNw4ZZKMPAXVTAz9RSIPkfkOMp6Jt2LO8GXwX6ZGNx80WapsoBvhtPVs185fTTCt9rjgfcmGdeqPTBh
Source: global traffic	HTTP traffic detected: GET /check/testsAssets/instant_checkup.js?v=0.6652561465103368 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=hgou4MgWyuf1NbxB58p0H24yiV8HjvF4TXMdYeCCY4/W+fPDj1b5HkRAWWgeorZvRW/BM00Apj7x+C8RBFRquQVELDEB/a/egyaCG+1E3tzH/Yfp3YLoph15T1jP
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanTypesDetails?ts=1716391619425 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=rNwJ/gw1aCiGSddXo8tle6DTKjzDDrGTr1FsZcdttAgmUPmQlXsIxDRdIMU85JI0wKEYqybpebD1dufFxwO59QWmgjB4zQvAXsHzCTnadZq9W152JyctXaTLr4Or
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getAllTests?ts=1716391619429&category= HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=rNwJ/gw1aCiGSddXo8tle6DTKjzDDrGTr1FsZcdttAgmUPmQlXsIxDRdIMU85JI0wKEYqybpebD1dufFxwO59QWmgjB4zQvAXsHzCTnadZq9W152JyctXaTLr4Or
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getExcludedEmails?ts=1716391619429 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=rNwJ/gw1aCiGSddXo8tle6DTKjzDDrGTr1FsZcdttAgmUPmQlXsIxDRdIMU85JI0wKEYqybpebD1dufFxwO59QWmgjB4zQvAXsHzCTnadZq9W152JyctXaTLr4Or
Source: global traffic	HTTP traffic detected: GET /checkme/fonts/din.woff?v=1.0.0 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveOrigin: http://www.cpcheckme.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=rNwJ/gw1aCiGSddXo8tle6DTKjzDDrGTr1FsZcdttAgmUPmQlXsIxDRdIMU85JI0wKEYqybpebD1dufFxwO59QWmgjB4zQvAXsHzCTnadZq9W152JyctXaTLr4Or
Source: global traffic	HTTP traffic detected: GET /checkme/assets/libs/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveOrigin: http://www.cpcheckme.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/assets/libs/fontawesome/css/font-awesome.min.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=rNwJ/gw1aCiGSddXo8tle6DTKjzDDrGTr1FsZcdttAgmUPmQlXsIxDRdIMU85JI0wKEYqybpebD1dufFxwO59QWmgjB4zQvAXsHzCTnadZq9W152JyctXaTLr4Or
Source: global traffic	HTTP traffic detected: GET /checkme/rest/utils/getCaptchaType HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=fQ1vuCAQ+LX5fP9FFpX4jdqnMkhiJvjU3nvRj5GtmZ1hggHpUKlLmknHsxzKLxUo0skpUvNrqdMIjwyKtJS7T38Vlg2znlGzG4Ypo11dfhg4GJMJ1SR3ctSOwdvL
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getAllTests?ts=1716391619429&category= HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=Gd1uru2VcjlY0Je0e4n8PoEib9ijlg60pKhAZhVIahgFZjZa4+48AVW7q6KoX90AeJDkkWwwBcgaoTr8RoVTKs204AJgEPQ+gL0mR1quQXA7PYaVUT1d0tixllPV
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanTypesDetails?ts=1716391619425 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=fQ1vuCAQ+LX5fP9FFpX4jdqnMkhiJvjU3nvRj5GtmZ1hggHpUKlLmknHsxzKLxUo0skpUvNrqdMIjwyKtJS7T38Vlg2znlGzG4Ypo11dfhg4GJMJ1SR3ctSOwdvL
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getExcludedEmails?ts=1716391619429 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=0mYBx9525ryXtIoqeRqKbJeZKPWEHu74769q2/P/0rN0jCrBXwkvsh1iHvz66BNYG2PgBlt8EEIkoOwHqxZuE1UA1bCeqI+XBChklCloRHSo5d4L1vPJDqnTmwM7
Source: global traffic	HTTP traffic detected: GET /checkme/rest/utils/getCaptchaType HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=O+UvY6TXnA9rmHnE72bgdMFFYpRam+J/trsVh2XJULbxW4Ij5wItM9iFOrFSWTfNnmS5qPz4cgn3K41atTYm6lzHDVpi6unFvi+2XvwUl9hPhO4/G+FkZjtvBfNS
Source: global traffic	HTTP traffic detected: GET /checkme/ HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=oZwKzeTpVngadSgeD4roJp3GVgWR3NzYjEQPnSG6Zu1xS2uZQirezWaTe/9AcIMkybv5PxLV5mic9qBNHt4TY8wyIM9Wc4WkDqhvVYs0ktGiOIUTKWAu9I9YqTxjIf-None-Match: W/"3971-1684859588000"If-Modified-Since: Tue, 23 May 2023 16:33:08 GMT
Source: global traffic	HTTP traffic detected: GET /check/testsAssets/instant_checkup.js?v=0.6537682150719368 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=OwocWPpZs5cdNA0YDmhebwepfiq1p6/4VMaaW37qnkp+q4fj95+8PSwINOLtf1mdvOf1D7REgn5mVAZr8l+unKdwXyocn3Ycu2jaq+iEhdf37h4/X5lgG5KVoodp
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanTypesDetails?ts=1716391642957 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=OwocWPpZs5cdNA0YDmhebwepfiq1p6/4VMaaW37qnkp+q4fj95+8PSwINOLtf1mdvOf1D7REgn5mVAZr8l+unKdwXyocn3Ycu2jaq+iEhdf37h4/X5lgG5KVoodp
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getAllTests?ts=1716391642959&category= HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=OwocWPpZs5cdNA0YDmhebwepfiq1p6/4VMaaW37qnkp+q4fj95+8PSwINOLtf1mdvOf1D7REgn5mVAZr8l+unKdwXyocn3Ycu2jaq+iEhdf37h4/X5lgG5KVoodp
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getExcludedEmails?ts=1716391642959 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=OwocWPpZs5cdNA0YDmhebwepfiq1p6/4VMaaW37qnkp+q4fj95+8PSwINOLtf1mdvOf1D7REgn5mVAZr8l+unKdwXyocn3Ycu2jaq+iEhdf37h4/X5lgG5KVoodp
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanTypesDetails?ts=1716391642957 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=cFGMXUN96TLXW7m1KAtQw1o0Wwl0SflKhVow0etQKvxcO8SPmedQnvmG0pYlGn5m7IXRRjFKDNYyMhf+fwOGNYF9NXBlLcPjP7nQ/QIglWbIdJrzhSWiiNfg6CY9
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getExcludedEmails?ts=1716391642959 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=cFGMXUN96TLXW7m1KAtQw1o0Wwl0SflKhVow0etQKvxcO8SPmedQnvmG0pYlGn5m7IXRRjFKDNYyMhf+fwOGNYF9NXBlLcPjP7nQ/QIglWbIdJrzhSWiiNfg6CY9
Source: global traffic	HTTP traffic detected: GET /checkme/rest/utils/getCaptchaType HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=cFGMXUN96TLXW7m1KAtQw1o0Wwl0SflKhVow0etQKvxcO8SPmedQnvmG0pYlGn5m7IXRRjFKDNYyMhf+fwOGNYF9NXBlLcPjP7nQ/QIglWbIdJrzhSWiiNfg6CY9
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getAllTests?ts=1716391642959&category= HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=rpr0HGgZy2f2qU8vDNGoQSh6GHnqTarq6xQSJE6AOHCZ09cWRqa779g0z4awQzetbO0uf1i5awVAgmHuuJ3mr/qFt3/s5fm0K/2JNco9Q8wEjLjyLNKYSXTZO+TC
Source: global traffic	HTTP traffic detected: GET /checkme/rest/utils/getCaptchaType HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=nqkbPslmcaeQsyH/RXSyBsP3XeMuXx/24eOvbCdyloxX4y39vVy5M+M4WV5Diegpp2TD86Rax9syCzIfd325AlbkkOH7t/nbwbrY7fAL0umo2f2g/sIpzgq803iS
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/startScan HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=sc8NwWVq+v4WUX8RsnnqqQjt23RnYsJWdQGvOmPVSOjA9+AMus/hV7yrMIehIaJULtIV8pppvOplgNrGLLRr2lylZJWL/W5STfBjbguv9QM7Ad0tbXdaYI21Lg7W
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/updateStatuses HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=jMrsGMf4HBXr3E8kN3u1knV6ORUbOzYHexJToT6pYanc7EwjCLlIunqEls3kew9A2JhXDg2hjSNTbamGtJqEPTE09X6hz0rmhDdHstrEOzA1ADhSzxn+cukEu0d7
Source: global traffic	HTTP traffic detected: GET /cpcheckme.exe?uid=yt22zMIg HTTP/1.1Host: cpcheckmefiles-lb-1966426125.eu-west-1.elb.amazonaws.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391665606&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=i558L86v2j8D6ongz1E93KPCv88l5W+UelXAcR9Awmxn9haPtL4kuJjUF3Fg/FBPKJuGqgv2P8PZ6olc1W7shLsOwqbdLt1kSM1wGpZH7cvDodAllhAXS1XpbbIA
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391665606&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=x3L0QCYDVkvVRNRGzz0BKBrIucCZorXH9VrET52jl7rscxdCRRTtIQ85NnLZq4kRx187ftH75xALeZe6QGiG5t8nL02KsMevp3/rItyCVg1IftkfQnGRjS5mT/i3
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391670793&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=+ESM9fTkWMrifQjs9xv+BOBt/iuLeuxrfpoWLjmjaDSaaH8mm4pCvt7kWQQwWRNseD7JSDCSggFLIBec9CyRekMU/HT+p1E6Z4D+MfAZnJUgwqi5eWfIQg/wGcY4
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391670793&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=fS0XR/8MNPGNfiCAn31eT9IrVnRLIezYwWqrKxPzDiDg+LZ4xO3UcbHm0ihfvVzDjWUSQxTFNzH/1eV870hDvARBw3FH/+3NIHFHKy2nHiCUGA4E8z5Gba1X/uFp
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391676043&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=DrxrrxdYOi18LtQfPSo+DNSPBORE7Z70/qW66K1uH+SlmoEJwoLcrASiouRyKNERRBOSQyLwIxy3uWFuFF54uCu9Q51TqG/+gnnnuOa9wcYZmfOvHQjc2zgP6JXF
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391676043&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=qHNXzFQPR8bUEUBeimgOzm3UX2HL/a3tLkxZjxG2G2tIzw9oQBZAtu0/QXva+/qPH9OzUbc0rQcrpbDEap0ZEKrCCDYv96kGcf0ImmPp9anA5VY+y8HdyXW+9dfZ
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391681227&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; AWSALB=wiUJTf+Zln1u9bnrCjRfGvCWkbzer2LZ/9+ZIyESVk5xNHvIgLPX1SstXDNLZp03vt0q+HsRdDV9ckccZqApd1qjH4No4QnMruPPcqGt5FAmYZFdxIGO/4Yjp7CY
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391681227&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; AWSALB=I8BfgbBPrnfAuyYj8Y2QYwDDgLbx4qdg0ehvojFdl9FxCozEKMBDB44icljiAClTZfRDxBZ6+ZVHDSlu3QnVJyYo3NnNZwNs/8EPmUNj1SasgjZ3Zb/WCF2FWtNg

Source: chromecache_155.1.dr	String found in binary or memory: L.getElementsByTagName("iframe"),oa=R.length,ka=0;ka<oa;ka++)if(!v&&c(R[ka],E.xe)){pI("https://www.youtube.com/iframe_api");v=!0;break}})}}else I(u.vtp_gtmOnSuccess)}var q=["www.youtube.com","www.youtube-nocookie.com"],r={UNSTARTED:-1,ENDED:0,PLAYING:1,PAUSED:2,BUFFERING:3,CUED:5},t,v=!1;Z.__ytl=n;Z.__ytl.D="ytl";Z.__ytl.isVendorTemplate=!0;Z.__ytl.priorityOverride=0;Z.__ytl.isInfrastructure=!1; equals www.youtube.com (Youtube)
Source: chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: Math.round(p);u["gtm.videoCurrentTime"]=Math.round(q);u["gtm.videoElapsedTime"]=Math.round(f);u["gtm.videoPercent"]=r;u["gtm.videoVisible"]=t;return u},bk:function(){e=Db()},pd:function(){d()}}};var hc=ma(["data-gtm-yt-inspected-"]),CC=["www.youtube.com","www.youtube-nocookie.com"],DC,EC=!1; equals www.youtube.com (Youtube)
Source: chromecache_190.1.dr	String found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var h=kA(a,c,e);O(121);if("https://www.facebook.com/tr/"===h["gtm.elementUrl"])return O(122),!0;if(d&&f){for(var m=Nb(b,g.length),n=0;n<g.length;++n)g[n](h,m);return m.done}for(var p=0;p<g.length;++p)g[p](h,function(){});return!0},nA=function(){var a=[],b=function(c){return tb(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
Source: chromecache_190.1.dr	String found in binary or memory: e\|\|f\|\|g.length\|\|h.length))return;var n={Wg:d,Ug:e,Vg:f,Lh:g,Mh:h,xe:m,Ab:b},p=G.YT,q=function(){KC(n)};if(p)return p.ready&&p.ready(q),b;var r=G.onYouTubeIframeAPIReady;G.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=H.getElementsByTagName("script"),v=t.length,u=0;u<v;u++){var w=t[u].getAttribute("src");if(NC(w,"iframe_api")\|\|NC(w,"player_api"))return b}for(var y=H.getElementsByTagName("iframe"),x=y.length,B=0;B<x;B++)if(!EC&&LC(y[B],n.xe))return xc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_155.1.dr	String found in binary or memory: function(h){return h.form===g})};return{store:function(g,h){var m=f(g);m?m.button=h:e.push({form:g,button:h})},get:function(g){var h=f(g);return h?h.button:null}}}function d(e,f,g,h,m){var n=Iz("fsl",g?"nv.mwt":"mwt",0),p;p=g?Iz("fsl","nv.ids",[]):Iz("fsl","ids",[]);if(!p.length)return!0;var q=Nz(e,"gtm.formSubmit",p),r=e.action;r&&r.tagName&&(r=e.cloneNode(!1).action);q["gtm.elementUrl"]=r;O(121);if("https://www.facebook.com/tr/"===r)return O(122),!0;m&&(q["gtm.formSubmitElement"]=m);if(h&&n){if(!tI(q, equals www.facebook.com (Facebook)
Source: chromecache_200.1.dr	String found in binary or memory: return b}AC.K="internal.enableAutoEventOnTimer";var hc=ma(["data-gtm-yt-inspected-"]),CC=["www.youtube.com","www.youtube-nocookie.com"],DC,EC=!1; equals www.youtube.com (Youtube)
Source: chromecache_190.1.dr	String found in binary or memory: var PB=function(a,b,c,d,e){var f=Iz("fsl",c?"nv.mwt":"mwt",0),g;g=c?Iz("fsl","nv.ids",[]):Iz("fsl","ids",[]);if(!g.length)return!0;var h=Nz(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);O(121);if("https://www.facebook.com/tr/"===m)return O(122),!0;h["gtm.elementUrl"]=m;h["gtm.formCanceled"]=c;null!=a.getAttribute("name")&&(h["gtm.interactedFormName"]=a.getAttribute("name"));e&&(h["gtm.formSubmitElement"]=e,h["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!uy(h,vy(b, equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.cpcheckme.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: sc1.checkpoint.com
Source: global traffic	DNS traffic detected: DNS query: www.checkpoint.com
Source: global traffic	DNS traffic detected: DNS query: cpcheckmefiles-lb-1966426125.eu-west-1.elb.amazonaws.com

Source: unknown

Source: chromecache_194.1.dr	String found in binary or memory: http://api.jqueryui.com/category/ui-core/
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: chromecache_176.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD01000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCA5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB53000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBB5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD57000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD35000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC75000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC53000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB93000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCEB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCD9000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBF6000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCCD000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCAB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD63000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBDD000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD23000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC2B000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBBB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB5F000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB65000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dualstack.elb-ireland1-1194672184.eu-west-1.elb.amazonaws.com
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/1.asp?FileName=a.pdf&AppID=2&MainID=9&SecID=9&MinID=2
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/1.asp?src=file.jpg&fltr
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/1.asp?xss=%3Cscript%3Ealert%28%221%22%29%3C%2Fscript%3E
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/blockchain.txt
Source: chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/check/testsAssets/post.html
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/e.bz2
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/e.txt
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/e.zip
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/exploit_page_buffer.html
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/getcfg.php?SERVICES=DEVICE.LOG&x=y&AUTHORIZED_GROUP=1
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/win7_64bit_big.com
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/win7_64bit_big.pdf
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/win7_64bit_big.zip
Source: chromecache_189.1.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_189.1.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://hot-emailer.ru/favicon.ico
Source: chromecache_194.1.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_194.1.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_194.1.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_177.1.dr	String found in binary or memory: http://localhost:8282/check/testsAssets/instant_checkup.js
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://login.msa.akadns6.net/favicon.ico
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://proxy.my-addr.com/favicon.ico
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://s3-eu-west-1.amazonaws.com/cp-chk-files/win7_64bit_big_enc.zip
Source: chromecache_180.1.dr, chromecache_175.1.dr, chromecache_130.1.dr, chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/Anonymizer_Usage.svg
Source: chromecache_180.1.dr, chromecache_175.1.dr, chromecache_130.1.dr, chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/Data_Leakage.svg
Source: chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/Malware_Infection.svg
Source: chromecache_180.1.dr, chromecache_175.1.dr, chromecache_130.1.dr, chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/Persistence_Threat.svg
Source: chromecache_180.1.dr, chromecache_175.1.dr, chromecache_130.1.dr, chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/Ransomware_Attack.svg
Source: chromecache_180.1.dr, chromecache_175.1.dr, chromecache_130.1.dr, chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/Zero_Day.svg
Source: chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/browser.svg
Source: chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/command_and_control_communication_64.svg
Source: chromecache_136.1.dr, chromecache_193.1.dr, chromecache_151.1.dr, chromecache_183.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/SVG/Cloud_Icon.svg
Source: chromecache_136.1.dr, chromecache_193.1.dr, chromecache_151.1.dr, chromecache_183.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/SVG/Endpoint_Icon.svg
Source: chromecache_136.1.dr, chromecache_193.1.dr, chromecache_151.1.dr, chromecache_183.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/SVG/Mobile_Icon.svg
Source: chromecache_136.1.dr, chromecache_193.1.dr, chromecache_151.1.dr, chromecache_183.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/SVG/Network_Icon.svg
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CA23000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CAE4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CA23000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CA23000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CAE4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/CheckMeAgent.Engine.WebApi
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CABB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://site-to-meet.com/favicon.ico
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD01000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCA5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB53000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBCD000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBB5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD57000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD35000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC75000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC53000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB93000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD47000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCEB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CABB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCF1000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCD9000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD13000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC43000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBF6000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCCD000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCAB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD63000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.cpcheckme.com
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CABB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2361345704.0000022BA508B000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: http://www.cpcheckme.com/checkme/rest/endpoint/
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCA5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBB5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB93000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCEB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCD9000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD63000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB25000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB43000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD1D000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC2B000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB5F000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC4D000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CAE4000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBD7000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD85000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD0D000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD73000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD51000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCFB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC13000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.cpcheckme.com/checkme/rest/endpoint/p
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.cpcheckme.com/checkme/rest/endpoint/start
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2361345704.0000022BA506F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cpcheckme.com/checkme/rest/endpoint/starte
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2361345704.0000022BA506F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cpcheckme.com/checkme/rest/endpoint/startse
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://www.fkiinqdfc9un.xyz/login/assets/img/fav.ico
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://www.jewelsyz.com/favicon.ico
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: http://www.threat-cloud.com/config.php
Source: chromecache_176.1.dr	String found in binary or memory: http://www.threat-cloud.com/test/files/HighConfidenceBot.html
Source: sets.json.0.dr	String found in binary or memory: https://abczdrowie.pl
Source: chromecache_200.1.dr, chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_200.1.dr, chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: sets.json.0.dr	String found in binary or memory: https://alice.tw
Source: chromecache_144.1.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: sets.json.0.dr	String found in binary or memory: https://autobild.de
Source: sets.json.0.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.0.dr	String found in binary or memory: https://bild.de
Source: sets.json.0.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.0.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.0.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.0.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.0.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.0.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.0.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.0.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.dr	String found in binary or memory: https://cardsayings.net
Source: chromecache_200.1.dr, chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_177.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/bluebird/3.3.5/bluebird.min.js
Source: sets.json.0.dr	String found in binary or memory: https://chennien.com
Source: sets.json.0.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.0.dr	String found in binary or memory: https://clmbtech.com
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: sets.json.0.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.0.dr	String found in binary or memory: https://computerbild.de
Source: chromecache_155.1.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: sets.json.0.dr	String found in binary or memory: https://cookreactor.com
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: sets.json.0.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.0.dr	String found in binary or memory: https://desimartini.com
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: sets.json.0.dr	String found in binary or memory: https://dewarmsteweek.be
Source: LICENSE.txt.0.dr	String found in binary or memory: https://easylist.to/)
Source: sets.json.0.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.0.dr	String found in binary or memory: https://een.be
Source: sets.json.0.dr	String found in binary or memory: https://efront.com
Source: sets.json.0.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.0.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.0.dr	String found in binary or memory: https://ella.sv
Source: sets.json.0.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.0.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.dr	String found in binary or memory: https://fakt.pl
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: https://files.cpcheckme.com/check/testsAssets/post.html
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: https://files.cpcheckme.com/e.zip
Source: sets.json.0.dr	String found in binary or memory: https://finn.no
Source: sets.json.0.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.0.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://gettalkdesk.com
Source: chromecache_194.1.dr	String found in binary or memory: https://github.com/ded/bowser
Source: LICENSE.txt.0.dr	String found in binary or memory: https://github.com/easylist)
Source: chromecache_194.1.dr	String found in binary or memory: https://github.com/jsstyles/css-vendor
Source: chromecache_155.1.dr	String found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: sets.json.0.dr	String found in binary or memory: https://gliadomain.com
Source: chromecache_155.1.dr	String found in binary or memory: https://google.com
Source: chromecache_155.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net
Source: sets.json.0.dr	String found in binary or memory: https://grid.id
Source: sets.json.0.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.0.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.0.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.0.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://hapara.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.global
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.0.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.0.dr	String found in binary or memory: https://hearty.app
Source: sets.json.0.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.0.dr	String found in binary or memory: https://hearty.me
Source: sets.json.0.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.0.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.0.dr	String found in binary or memory: https://hj.rs
Source: sets.json.0.dr	String found in binary or memory: https://hjck.com
Source: sets.json.0.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.0.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.0.dr	String found in binary or memory: https://iolam.it
Source: sets.json.0.dr	String found in binary or memory: https://ishares.com
Source: sets.json.0.dr	String found in binary or memory: https://jagran.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.0.dr	String found in binary or memory: https://kompas.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.0.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.0.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.0.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.0.dr	String found in binary or memory: https://libero.it
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.0.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.0.dr	String found in binary or memory: https://livemint.com
Source: sets.json.0.dr	String found in binary or memory: https://max.auto
Source: sets.json.0.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.0.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.0.dr	String found in binary or memory: https://money.pl
Source: sets.json.0.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://nacion.com
Source: sets.json.0.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.co
Source: sets.json.0.dr	String found in binary or memory: https://nien.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.org
Source: sets.json.0.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.dr	String found in binary or memory: https://o2.pl
Source: sets.json.0.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.0.dr	String found in binary or memory: https://onet.pl
Source: sets.json.0.dr	String found in binary or memory: https://ottplay.com
Source: chromecache_190.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_200.1.dr, chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: sets.json.0.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.dr	String found in binary or memory: https://phonandroid.com
Source: chromecache_140.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: sets.json.0.dr	String found in binary or memory: https://player.pl
Source: sets.json.0.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.0.dr	String found in binary or memory: https://poalim.site
Source: sets.json.0.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.0.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.0.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.0.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://radio1.be
Source: sets.json.0.dr	String found in binary or memory: https://radio2.be
Source: sets.json.0.dr	String found in binary or memory: https://reactor.cc
Source: chromecache_140.1.dr	String found in binary or memory: https://recaptcha.net
Source: sets.json.0.dr	String found in binary or memory: https://repid.org
Source: sets.json.0.dr	String found in binary or memory: https://reshim.org
Source: sets.json.0.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws3nvtvt.com
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: https://s3.us-east-2.amazonaws.com/cpcheckmefiles/files/Malware.enc
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: https://s3.us-east-2.amazonaws.com/cpcheckmefiles/files/Ransom.enc
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: https://s3.us-east-2.amazonaws.com/cpcheckmefiles/files/antex_test_x64.enc
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: https://s3.us-east-2.amazonaws.com/cpcheckmefiles/files/antex_test_x86.enc
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: https://s3.us-east-2.amazonaws.com/cpcheckmefiles/files/win7_64bit_big.enc
Source: sets.json.0.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.0.dr	String found in binary or memory: https://samayam.com
Source: chromecache_177.1.dr	String found in binary or memory: https://sc1.checkpoint.com/ThreatPortal/assets/images/Browser_message.png
Source: chromecache_177.1.dr	String found in binary or memory: https://sc1.checkpoint.com/uc/images/favicons/favicon.ico
Source: chromecache_155.1.dr	String found in binary or memory: https://script.crazyegg.com/pages/scripts/
Source: sets.json.0.dr	String found in binary or memory: https://shock.co
Source: sets.json.0.dr	String found in binary or memory: https://smoney.vn
Source: chromecache_155.1.dr	String found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js
Source: sets.json.0.dr	String found in binary or memory: https://songshare.com
Source: sets.json.0.dr	String found in binary or memory: https://songstats.com
Source: sets.json.0.dr	String found in binary or memory: https://sporza.be
Source: sets.json.0.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: chromecache_155.1.dr	String found in binary or memory: https://static.ads-twitter.com/uwt.js
Source: chromecache_200.1.dr, chromecache_190.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_144.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: sets.json.0.dr	String found in binary or memory: https://stripe.com
Source: sets.json.0.dr	String found in binary or memory: https://stripe.network
Source: sets.json.0.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.0.dr	String found in binary or memory: https://supereva.it
Source: chromecache_140.1.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_144.1.dr	String found in binary or memory: https://tagassistant.google.com/
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskstgid.com
Source: chromecache_200.1.dr, chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://td.doubleclick.net
Source: sets.json.0.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.0.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.0.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.0.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.0.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://tvid.in
Source: sets.json.0.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.0.dr	String found in binary or memory: https://unotv.com
Source: sets.json.0.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.0.dr	String found in binary or memory: https://vrt.be
Source: sets.json.0.dr	String found in binary or memory: https://vwo.com
Source: sets.json.0.dr	String found in binary or memory: https://welt.de
Source: sets.json.0.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.dr	String found in binary or memory: https://wildix.com
Source: sets.json.0.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.0.dr	String found in binary or memory: https://wingify.com
Source: sets.json.0.dr	String found in binary or memory: https://wordle.at
Source: sets.json.0.dr	String found in binary or memory: https://wp.pl
Source: sets.json.0.dr	String found in binary or memory: https://wpext.pl
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://www.apache.org/licenses/
Source: sets.json.0.dr	String found in binary or memory: https://www.asadcdn.com
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: https://www.checkpoint.com
Source: chromecache_177.1.dr, chromecache_155.1.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_144.1.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_144.1.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_144.1.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_190.1.dr	String found in binary or memory: https://www.google.com
Source: chromecache_144.1.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_177.1.dr	String found in binary or memory: https://www.google.com/chrome/
Source: chromecache_177.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?render=explicit
Source: chromecache_174.1.dr, chromecache_162.1.dr, chromecache_140.1.dr, chromecache_128.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_190.1.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_155.1.dr	String found in binary or memory: https://www.googletagmanager.com/a?
Source: chromecache_144.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_177.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: chromecache_177.1.dr	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-5JCRGP
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__.
Source: chromecache_174.1.dr, chromecache_163.1.dr, chromecache_128.1.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__en.js
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: https://www.invincibull.io/wp-content/uploads/cropped-vince-favicon-512x512-32x32.jpg
Source: chromecache_200.1.dr, chromecache_190.1.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_177.1.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/
Source: chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://www.youtube.com/iframe_api
Source: sets.json.0.dr	String found in binary or memory: https://ya.ru
Source: sets.json.0.dr	String found in binary or memory: https://zalo.me
Source: sets.json.0.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://zingmp3.vn

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 56737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56737
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49807 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\Google.Widevine.CDM.dll	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\LICENSE.txt	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\Filtering Rules	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\manifest.fingerprint	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_1996_953561296

Jump to behavior

PE file contains more sections than normal

Source: Google.Widevine.CDM.dll.0.dr

Static PE information: Number of sections : 12 > 10

PE file does not import any functions

Source: c06b9dbc-dc73-4ca5-8be7-44a4c0c2d82b.tmp.0.dr

Static PE information: No import functions for PE file found

PE file overlay found

Source: c06b9dbc-dc73-4ca5-8be7-44a4c0c2d82b.tmp.0.dr

Static PE information: Data appended to the last section found

Source: Unconfirmed 6574.crdownload.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: chromecache_176.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal60.troj.evad.win@25/158@32/13

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe

Mutant created: NULL

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe

File created: c:\temp\CheckMe.log

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.cpcheckme.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1956,i,12651588172182524890,15873818534290352819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5184 --field-trial-handle=1956,i,12651588172182524890,15873818534290352819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe "C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1956,i,12651588172182524890,15873818534290352819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5184 --field-trial-handle=1956,i,12651588172182524890,15873818534290352819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: iertutil.dll	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.0.dr
Source:	Binary string: D:\src\EP_CheckMe_V_GALLIUM_POST_CL_VS13\Src\CheckMeAgent\obj\Release\CheckMeAgent.pdb source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AB67000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr
Source:	Binary string: D:\src\EP_CheckMe_V_GALLIUM_POST_CL_VS13\Src\CheckMeAgent\obj\Release\CheckMeAgent.pdbP\| source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AB67000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr

PE file contains an invalid checksum

Source: c06b9dbc-dc73-4ca5-8be7-44a4c0c2d82b.tmp.0.dr

Static PE information: real checksum: 0x1293a6 should be: 0x2fa7

PE file contains sections with non-standard names

Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .00cfg
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .gxfg
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .retplne
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .voltbl
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Code function: 15_2_00007FFEBC7F2A37 pushad ; ret	15_2_00007FFEBC7F2A43
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Code function: 15_2_00007FFEBC7F1664 push ss; iretd	15_2_00007FFEBC7F1667
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Code function: 15_2_00007FFEBC7F7782 pushad ; ret	15_2_00007FFEBC7F77AD
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Code function: 15_2_00007FFEBC7F03AD push E95E4B53h; ret	15_2_00007FFEBC7F03B9

Source: Unconfirmed 6574.crdownload.0.dr	Static PE information: section name: .text entropy: 7.745054109162031
Source: chromecache_176.1.dr	Static PE information: section name: .text entropy: 7.745054109162031

Drops PE files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 6574.crdownload	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe (copy)	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\c06b9dbc-dc73-4ca5-8be7-44a4c0c2d82b.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\Google.Widevine.CDM.dll	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 176	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\Google.Widevine.CDM.dll

Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 176
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 176			Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\LICENSE.txt

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Memory allocated: 22B8AE90000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Memory allocated: 22BA4860000 memory reserve \| memory write watch			Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599888	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599775	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599665	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599553	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599426	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599298	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599186	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599073	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598963	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598851	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598739	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598613	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598486	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598374	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598262	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598150	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598040	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597929	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597817	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597673	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597561	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597448	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597338	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597226	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597116	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597006	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596879	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596751	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596639	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596531	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596420	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596308	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596196	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596084	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595956	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595829	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595701	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595589	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595477	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595366	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595255	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595127	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595015	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594904	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594792	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594680	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594568	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594440	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594328	Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe

Window / User API: threadDelayed 9843

Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -5534023222112862s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599888s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6500	Thread sleep count: 9843 > 30	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599775s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599665s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599553s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599426s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599298s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599186s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599073s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598963s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598851s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598739s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598613s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598486s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598374s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598262s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598150s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598040s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597929s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597817s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597673s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597561s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597448s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597338s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597226s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597116s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597006s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596879s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596751s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596639s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596531s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596420s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596308s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596196s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596084s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595956s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595829s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595701s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595589s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595477s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595366s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595255s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595127s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595015s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -594904s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -594792s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -594680s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -594568s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -594440s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -594328s >= -30000s	Jump to behavior

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599888	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599775	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599665	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599553	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599426	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599298	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599186	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599073	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598963	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598851	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598739	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598613	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598486	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598374	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598262	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598150	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598040	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597929	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597817	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597673	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597561	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597448	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597338	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597226	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597116	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597006	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596879	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596751	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596639	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596531	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596420	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596308	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596196	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596084	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595956	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595829	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595701	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595589	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595477	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595366	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595255	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595127	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595015	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594904	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594792	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594680	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594568	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594440	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594328	Jump to behavior

Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2351903030.0000022B8ACD2000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: cpcheckme_yt22zMIg.exe PID: 8176, type: MEMORYSTR

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Queries volume information: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	1445862
Product:	CloudBasic
Start time:	17:25:58
Start date:	22.05.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 14:26:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	365F4FE88A0AFC8FBA4426551DC63F1E	DB704F496C8723E57D402D63F0ED749AB797C6C1	AF04CF078B198BC827DA831452B1BE528893AB151E146A5EC8D76C72550D4D9B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 14:26:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	E16CD4307CE7388BB0B115E3D3653547	2CA681FA55BDB33E835931A79C4C9C0C7136E382	BF6FF3C51EB26ACF8438F0F79DCC03F55F51715AF68EFF16FEB137738ABF34F1
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	BD49D74E32D0BEBE2B9CFC8FFA1E579A	DB1DD367D7972542473853B47D63EE394EFD7394	E575EC8720F6833E4F746F66AD886AB7B6E2114F360F70EF9F2FF762DB8D5A16
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 14:26:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	CADE8425A771320AB327D3E454A9F718	68D6D0907ACD0E527D635F45E5E0A2E14B547394	CD269E2005AD52730EB98C5D93818F22D536E944FF3DB09F1EFDBC93C42AE70E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 14:26:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	D2705BED86C9DCD9A90C0E71F9C482F5	FF98B33732F1F80AA79413C0439E4E566F960A7C	392DEA09C3C276D8DF9CDF372B43EA1DA0DE8F2BFB5FAFDBEAB764B44E59F34B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 14:26:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F94A10F7B5E2BA1B4BABD1A849680B68	D16228E843AB29F6FBD631AE064374F1FDEEB747	FA0558EF9A6D7E588493619C582F8E211033A3750151CB00D5774D811CE36CA5
C:\Users\user\Downloads\Unconfirmed 6574.crdownload	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	1F5E1935BC678EA70274516D5FA9C7A0	11D6155F2AF9B0E1E512FBB97CE132B1D522482D	6917CA89ECDFD69C9EE45E98C3F20E9C8C7C311F8479735E4BB6B44C8C6456D4
C:\Users\user\Downloads\c06b9dbc-dc73-4ca5-8be7-44a4c0c2d82b.tmp	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	DD9EA680FBC85CB17AB33453ED4413CE	A0EC3A43FDD052C4BC48333306DCF297034131B8	A9B3C1088F827685BA0639E0D5CA831F2199A9A2FD1297BCACD9F91FF51D39D6
C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe (copy)	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	1F5E1935BC678EA70274516D5FA9C7A0	11D6155F2AF9B0E1E512FBB97CE132B1D522482D	6917CA89ECDFD69C9EE45E98C3F20E9C8C7C311F8479735E4BB6B44C8C6456D4
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\Google.Widevine.CDM.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	477C17B6448695110B4D227664AA3C48	949FF1136E0971A0176F6ADEA8ADCC0DD6030F22	CB190E7D1B002A3050705580DD51EBA895A19EB09620BDD48D63085D5D88031E
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\_metadata\verified_contents.json	JSON data	3E839BA4DA1FFCE29A543C5756A19BDF	D8D84AC06C3BA27CCEF221C6F188042B741D2B91	43DAA4139D3ED90F4B4635BD4D32346EB8E8528D0D5332052FCDA8F7860DB729
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\manifest.fingerprint	ASCII text, with no line terminators	D30A5BBC00F7334EEDE0795D147B2E80	78F3A6995856854CAD0C524884F74E182F9C3C57	A08C1BC41DE319392676C7389048D8B1C7424C4B74D2F6466BCF5732B8D86642
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\manifest.json	JSON data	BBC03E9C7C5944E62EFC9C660B7BD2B6	83F161E3F49B64553709994B048D9F597CDE3DC6	6CCE5AD8D496BC5179FA84AF8AFC568EEBA980D8A75058C6380B64FB42298C28
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\LICENSE	ASCII text	EE002CB9E51BB8DFA89640A406A1090A	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\_metadata\verified_contents.json	JSON data	884209DC825F17BCF6433F2DD3C7E6FD	A38A1A859C781FD6F7BD52CFD62CE685CA5A910D	B62C892D3B126AD917D30310BD400C333029727C88140E9C9E6420AE3E26DEED
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\manifest.fingerprint	ASCII text, with no line terminators	12E4B45B481A49CB9793C4EB9EEB686D	8A1C3CD932D7441ACA1FDA1B077BFFAC53067E6A	0B26105D6FCD078FC074E3F43012735C3C9D62E20B3C4DB205DEA4A8841ACE18
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\manifest.json	JSON data	96644BF9C61D98F0ABBCB29D385C4DF2	83F15025C8B68D609DC3653517B224C8AED08602	2D6F188933F762A98D6F5796438D63D1415F3661D04522C32900984440297F80
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\sets.json	JSON data	94679DFD3B9168DAA5214E36B8E12730	DE6965B81658AD978483F3A809641C66C2A92D12	83D4ABA459DB56533A15A34889D633A5EB0AE6CFB90483D5BC60FC6CA72AC7D3
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\Filtering Rules	data	6274A7426421914C19502CBE0FE28CA0	E4D1C702CA1B5497A3ABCDD9495A5D0758F19FFC	AE2FD01D2908591E0F39343A5B4A78BAA8E7D6CAC9D78BA79C502FE0A15CE3EE
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\LICENSE.txt	ASCII text, with CRLF line terminators	D33AAA5246E1CE0A94FA15BA0C407AE2	11D197ACB61361657D638154A9416DC3249EC9FB	1D4FF95CE9C6E21FE4A4FF3B41E7A0DF88638DD449D909A7B46974D3DFAB7311
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\_metadata\verified_contents.json	JSON data	9595F2EA36EF722F875DE37BAC248BFE	1F676CCD0DEE25DFF34C4820A5C5FB1474DE94F4	5227D3F5D7F4F9014250D9E8FBF833E342A0ECC74C00EEBBD11A02310586FA1E
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\manifest.fingerprint	ASCII text, with no line terminators	97A21B537A496DDB93F258BE89D5157E	640FAB7CC72FF72C1DAE9F94D4D3B45E9D07CCE3	6FA60CD5A6A1B84DFBB38135B514BB7973ED1C648D47F308848EE67590A5A44C
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\manifest.json	JSON data	4C30F6704085B87B66DCE75A22809259	8953EE0F49416C23CAA82CDD0ACDACC750D1D713	0152E17E94788E5C3FF124F2906D1D95DC6F8B894CC27EC114B0E73BF6DA54F9
C:\temp\CheckMe.log	ASCII text, with CRLF, LF line terminators	A85BD0997F1545ED54718ED54BC4D10D	AA8EB8688D45118CDA258D1E97D6092914A13173	38148781C013C9B976C29A6DA474BB887E8E7D5E4174F473242DDEC7F96CC689
Chrome Cache Entry: 122	ASCII text, with no line terminators	7D62FD4AB71AAC7C09EA028963838C9D	6E6C46E5AC289D3BF0548C1A365943BCD61927A1	7F5456A68F35ECAE4CCE7AFBEFC9D17CEBBFF5C5FFB8978498A6252BC3CFDFBD
Chrome Cache Entry: 123	ASCII text, with no line terminators	7D62FD4AB71AAC7C09EA028963838C9D	6E6C46E5AC289D3BF0548C1A365943BCD61927A1	7F5456A68F35ECAE4CCE7AFBEFC9D17CEBBFF5C5FFB8978498A6252BC3CFDFBD
Chrome Cache Entry: 124	ASCII text, with very long lines (17631)	E9E9D7EE7ADA5A79D306AF16CAA43F52	1485A8FAC351BCA5DB929BF10179B6D5765E6F08	705F6D8911EDE01CD06BF8258D96F21946E31474915C97866560932ECD290704
Chrome Cache Entry: 125	PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced	DD29705C1877BCB40BBF8DBB66BAB584	077233300BE5B1E6E73CE258F02AE8A03FC4ED44	8CDE03A4484A2199B4145EE9D3EA4285B5027C950157434A45CA8005733D893C
Chrome Cache Entry: 126	SVG Scalable Vector Graphics image	FF2818A9B8880B1F87724D720764C8E6	EB4196387DE23AC5171A21F02BB7730884B83786	FEB6EE7ED67B61028028B7C0F0C28E44A83DEE40A5A5D5047E8F212D80824F2B
Chrome Cache Entry: 127	PNG image data, 3000 x 1461, 4-bit colormap, non-interlaced	CA7D6FA7A5578C3D682B1AF16BC226EC	10276AB86BE1BAB22ECDCB4017DDDF8E7242CED6	03A104613123AE3E659DC75C171C97B609EAEC9DEB0C21AAE52CA1912C0D8656
Chrome Cache Entry: 128	ASCII text, with very long lines (1414), with no line terminators	024900245BBD3BB2CD090B319D14BFB3	77C88F25D4D6FFCF5733C0BB1C38BEEE0A38D0F9	DA5D2500C897EC87981F47C882418910C35B86DAC26339280DAF59D503A0FBDC
Chrome Cache Entry: 129	SVG Scalable Vector Graphics image	19157E6B814D4627A80A1989238E5F7E	C68CF881596F326698E849178E07E1703D6DE055	4E79B64AF37043CEF4A87C45AF46DBCC98D004DC1E93DA3EF6DA9403E3FEC066
Chrome Cache Entry: 130	JSON data	D6546600B4B1BC189F83E03ABD9B628D	62A156DFB5FB8E1A7B393B91239D8D68FDD4E7E2	7515AD8DD9A470E3C895BB688DBD43644F66648E1D017EAA03CCB783B22D221F
Chrome Cache Entry: 131	ASCII text, with very long lines (32032)	1D70B55C12567BA1B59630E3D0EA638F	B7F1E911A3C0E8C87E25ED31A15902B3AEE7DB5D	3409D936CE5EC37BDD18BFF5A2ACE6B5DF27CB5AEC26F198FC09AA49EEFC66A1
Chrome Cache Entry: 132	JSON data	BD8238FA41D8C923506BCFC6BC3EC7FD	3A9E851BFC0F9D3DE1C00C4629BE2DDA29F8C5EB	C12F36582EFD1066712DA817C1482C8D0199F64359D9D1B1BE22464C19F0FF78
Chrome Cache Entry: 133	JSON data	306B050AFA47E234A795D34E0A47DB05	967A2BD2D6A9974C9DAB0AED728239D2A5C670EB	9F41267F2996F0B85A9C2D81C2F23D6D774849EB2D1F96668ABF7E0C50855479
Chrome Cache Entry: 134	PNG image data, 1030 x 227, 8-bit/color RGB, non-interlaced	339B38E28C4E7A7B9F613A387163E3E7	C443CE12A005FE839E5F9B77A2118864958D5AC5	9255D499780F3BC98C6440124F1C5A66F0156811897A918A782B196424A1478E
Chrome Cache Entry: 135	PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced	DD29705C1877BCB40BBF8DBB66BAB584	077233300BE5B1E6E73CE258F02AE8A03FC4ED44	8CDE03A4484A2199B4145EE9D3EA4285B5027C950157434A45CA8005733D893C
Chrome Cache Entry: 136	JSON data	13DA00B1199157304E64DF53EAE031A2	7D71F9D59A25EF65EF15BE57862397DCD3BAAE47	3B78318EFDF2097EBBBE0F959B20353133FA744B3132C91813C7E79AD6FB177C
Chrome Cache Entry: 137	MS Windows icon resource - 1 icon, 48x46, 32 bits/pixel	9682E4AD174AF8319F3C149002FC0BBF	8048EC786FF36BF7BE2E3DB02BC9E0D267BD72A2	78BD48391C96C6AC257E74E109783CC2750B39EA144A849F8D830F4F8F279267
Chrome Cache Entry: 138	PNG image data, 3000 x 1461, 4-bit colormap, non-interlaced	CA7D6FA7A5578C3D682B1AF16BC226EC	10276AB86BE1BAB22ECDCB4017DDDF8E7242CED6	03A104613123AE3E659DC75C171C97B609EAEC9DEB0C21AAE52CA1912C0D8656
Chrome Cache Entry: 139	PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced	DFA47D79789F0A2728BB5F373AA906D6	4585027368EFAE6BFFE5622A03DE6385196ED329	04312FE9F3F40B601743BE54EA758109C26DCE08A2F5AF5DB7A641E93AAD218E
Chrome Cache Entry: 140	ASCII text, with very long lines (678)	2976EE1346F476EF821A24E820DE8EFE	D8A3EAB47B8B5A991CFC046FBD93D293C5776884	7A86A2EB9FE176A0E5F88A81F7170A8AEA01AD4AB9949E68682CCD0664C9FF2B
Chrome Cache Entry: 141	MS Windows icon resource - 1 icon, 48x46, 32 bits/pixel	9682E4AD174AF8319F3C149002FC0BBF	8048EC786FF36BF7BE2E3DB02BC9E0D267BD72A2	78BD48391C96C6AC257E74E109783CC2750B39EA144A849F8D830F4F8F279267
Chrome Cache Entry: 142	JSON data	306B050AFA47E234A795D34E0A47DB05	967A2BD2D6A9974C9DAB0AED728239D2A5C670EB	9F41267F2996F0B85A9C2D81C2F23D6D774849EB2D1F96668ABF7E0C50855479
Chrome Cache Entry: 143	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	0F2A4639B8A4CB30C76E8333C00D30A6	57E273A270BB864970D747C74B3F0A7C8E515B13	44B988703019CD6BFA86C91840FECF2A42B611B364E3EEA2F4EB63BF62714E98
Chrome Cache Entry: 144	ASCII text, with very long lines (2343)	575B5480531DA4D14E7453E2016FE0BC	E5C5F3134FE29E60B591C87EA85951F0AEA36EE1	DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
Chrome Cache Entry: 145	Web Open Font Format (Version 2), TrueType, length 77160, version 4.459	AF7AE505A9EED503F8B8E6982036873E	D6F48CBA7D076FB6F2FD6BA993A75B9DC1ECBF0C	2ADEFCBC041E7D18FCF2D417879DC5A09997AA64D675B7A3C4B6CE33DA13F3FE
Chrome Cache Entry: 146	PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced	DD29705C1877BCB40BBF8DBB66BAB584	077233300BE5B1E6E73CE258F02AE8A03FC4ED44	8CDE03A4484A2199B4145EE9D3EA4285B5027C950157434A45CA8005733D893C
Chrome Cache Entry: 147	SVG Scalable Vector Graphics image	711DACF6F403CB7B13B42F0E5EB4D681	AC4ADA1EBFC6C94B96EA1ABBB12B1CD995E2D053	15C169C8A601FC7BE5E85E3EB321758F01B305D5D83F1211F7C9AF964B74BBFE
Chrome Cache Entry: 148	ASCII text, with very long lines (56401), with no line terminators	5208F5E6C617977A89CF80522B53A899	6869036A2ED590AAEEEEAB433BE01967549A44D0	487D9C5DEF62BC08F6C5D65273F9AAECE71F070134169A6A6BC365055BE5A92D
Chrome Cache Entry: 149	SVG Scalable Vector Graphics image	C219375DB29151912146AE3835A67B24	62BEF7717B9BFF97CFBD379BE7808848F0B76449	3E9502E83FBDD0A4F14C770CB77778ACB40C2151F91F5F8E8C4BB1543B96AD50
Chrome Cache Entry: 150	SVG Scalable Vector Graphics image	6386E92BB71360015223B94D884AE1BC	BDA5237425E525EFE2FA1EEAAEE0BDBC12355590	A9D9657A813A465198381B07592C542B05F70C0343D0FA6B975A0D3B815571AE
Chrome Cache Entry: 151	JSON data	13DA00B1199157304E64DF53EAE031A2	7D71F9D59A25EF65EF15BE57862397DCD3BAAE47	3B78318EFDF2097EBBBE0F959B20353133FA744B3132C91813C7E79AD6FB177C
Chrome Cache Entry: 152	SVG Scalable Vector Graphics image	711DACF6F403CB7B13B42F0E5EB4D681	AC4ADA1EBFC6C94B96EA1ABBB12B1CD995E2D053	15C169C8A601FC7BE5E85E3EB321758F01B305D5D83F1211F7C9AF964B74BBFE
Chrome Cache Entry: 153	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	88E0F42C9FA4F94AA8BCD54D1685C180	5AD9D47A49B82718BAA3BE88550A0B3350270C42	89C62095126FCA89EA1511CF35B49B8306162946B0C26D6F60C5506C51D85992
Chrome Cache Entry: 154	JSON data	306B050AFA47E234A795D34E0A47DB05	967A2BD2D6A9974C9DAB0AED728239D2A5C670EB	9F41267F2996F0B85A9C2D81C2F23D6D774849EB2D1F96668ABF7E0C50855479
Chrome Cache Entry: 155	ASCII text, with very long lines (38441)	B5DE5E12565109B0BF8E1857EFC9E52E	811A92CFF0A76ACC4F80E33590DC6D10CD4BB5D3	834F17658FAD4122EE1032A2EACEC7C0E6B5E6685518D1230060E5BDF1B586DA
Chrome Cache Entry: 156	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	07BF314AAB04047B9E9A959EE6F63DA3	17BEF6602672E2FD9956381E01356245144003E5	55EAF62CB05DA20088DC12B39D7D254D046CB1FD61DDF3AE641F1439EFD0A5EE
Chrome Cache Entry: 157	ASCII text, with no line terminators	CC7819055CDE3194BB3B136BAD5CF58D	47C1F11ED4D1AAD1A1B674BDA71A89D4FF562D55	610C35CE19AB75F358432D6EE59584307AE486C4040D336D1D80C5CE7016E2AF
Chrome Cache Entry: 158	HTML document, ASCII text	B54D0452E2FDB8C0D91C455D1C5495F9	DDD85730B9CB4CB9905B1D7E7643F595D2F33CB8	F4138D99EC6E17514BB87CEEAD1C1D2A204219C970864FC85BFF00949EE18082
Chrome Cache Entry: 159	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
Chrome Cache Entry: 160	SVG Scalable Vector Graphics image	19AAA5DA56FFE44A5FE5B8362EFA8CBE	EC8D0522B5E9124FE515A6A8D27DF9856319FD5E	5E98114E161A04831765FBC092BF4D1963C1FE4346AD8119C261AE1F7C00B29C
Chrome Cache Entry: 161	SVG Scalable Vector Graphics image	FF2818A9B8880B1F87724D720764C8E6	EB4196387DE23AC5171A21F02BB7730884B83786	FEB6EE7ED67B61028028B7C0F0C28E44A83DEE40A5A5D5047E8F212D80824F2B
Chrome Cache Entry: 162	ASCII text, with very long lines (678)	2976EE1346F476EF821A24E820DE8EFE	D8A3EAB47B8B5A991CFC046FBD93D293C5776884	7A86A2EB9FE176A0E5F88A81F7170A8AEA01AD4AB9949E68682CCD0664C9FF2B
Chrome Cache Entry: 163	ASCII text, with no line terminators	B68491F0AF12652D4BF70548EB3CAB91	A7103556529249A3820E61AD204CBCDBB24C46D0	D89AFD88C75D56B0D38DB378BAA170B9A7D9286FFDD45171D56DD6973ED4219B
Chrome Cache Entry: 164	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
Chrome Cache Entry: 165	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	0F2A4639B8A4CB30C76E8333C00D30A6	57E273A270BB864970D747C74B3F0A7C8E515B13	44B988703019CD6BFA86C91840FECF2A42B611B364E3EEA2F4EB63BF62714E98
Chrome Cache Entry: 166	SVG Scalable Vector Graphics image	6386E92BB71360015223B94D884AE1BC	BDA5237425E525EFE2FA1EEAAEE0BDBC12355590	A9D9657A813A465198381B07592C542B05F70C0343D0FA6B975A0D3B815571AE
Chrome Cache Entry: 167	PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced	DFA47D79789F0A2728BB5F373AA906D6	4585027368EFAE6BFFE5622A03DE6385196ED329	04312FE9F3F40B601743BE54EA758109C26DCE08A2F5AF5DB7A641E93AAD218E
Chrome Cache Entry: 168	PNG image data, 750 x 300, 8-bit/color RGB, non-interlaced	80E02824D81329FEAC7011D5C1C550FE	05A99AC39861085271187F95EF64E2ED76610466	ED59843AE18E16AB5A2EF2CA8095FAD23ABBADC5717A3D43CBFEA024882FC480
Chrome Cache Entry: 169	PNG image data, 750 x 300, 8-bit/color RGB, non-interlaced	80E02824D81329FEAC7011D5C1C550FE	05A99AC39861085271187F95EF64E2ED76610466	ED59843AE18E16AB5A2EF2CA8095FAD23ABBADC5717A3D43CBFEA024882FC480
Chrome Cache Entry: 170	C source, ASCII text, with very long lines (595)	69D9C94A41EB557B2AC98A9D6C4C7C9A	0044F245B7EA092D2B1D8BEE581662D17387AB8A	FB4BCA5908196B54CF61083E4431DB0E27AC3D8D5641EB9AE39DD53F81CA9E78
Chrome Cache Entry: 171	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	07BF314AAB04047B9E9A959EE6F63DA3	17BEF6602672E2FD9956381E01356245144003E5	55EAF62CB05DA20088DC12B39D7D254D046CB1FD61DDF3AE641F1439EFD0A5EE
Chrome Cache Entry: 172	C source, ASCII text, with very long lines (595)	69D9C94A41EB557B2AC98A9D6C4C7C9A	0044F245B7EA092D2B1D8BEE581662D17387AB8A	FB4BCA5908196B54CF61083E4431DB0E27AC3D8D5641EB9AE39DD53F81CA9E78
Chrome Cache Entry: 173	ASCII text, with no line terminators	CC7819055CDE3194BB3B136BAD5CF58D	47C1F11ED4D1AAD1A1B674BDA71A89D4FF562D55	610C35CE19AB75F358432D6EE59584307AE486C4040D336D1D80C5CE7016E2AF
Chrome Cache Entry: 174	ASCII text, with very long lines (1416), with no line terminators	9FF5277AB63DF118ECE76E7C672328D0	5408944B407B1B3F54D6F73C84C7276B0958CE6D	C19F442B5181514B2B025D32E9C8A41C54121D4F6F5C79E3A0F01E9317300490
Chrome Cache Entry: 175	JSON data	8C872142ECB44089C74A82CA34602AEB	B133C52BAFDF4114EDC56D56E7F3D4E73235FB76	75EDFB2E1AA0C0BD917B911921C2EDBAC84B0607DF2ABA487159EDA7FECA2C10
Chrome Cache Entry: 176	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	1F5E1935BC678EA70274516D5FA9C7A0	11D6155F2AF9B0E1E512FBB97CE132B1D522482D	6917CA89ECDFD69C9EE45E98C3F20E9C8C7C311F8479735E4BB6B44C8C6456D4
Chrome Cache Entry: 177	HTML document, ASCII text	6427AC014E2CEFE3F62DCD725AF2B56C	EAC611A641B068DB8A90743ABF5C1A908E89DE78	AFF6F11F4A2311E198C96429EC4FA86A43C8AA93A91D7133FF8528791DCCC0C5
Chrome Cache Entry: 178	ASCII text, with no line terminators	AFB69DF47958EB78B4E941270772BD6A	D9FE9A625E906FF25C1F165E7872B1D9C731E78E	874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
Chrome Cache Entry: 179	Web Open Font Format, TrueType, length 23790, version 0.0	7F2D8EDC948D4D63EF7EC492F4F94649	7976D1459ACF651B019220DA470457B6CF64F569	0DBE8985AFA96651D09789D79F6C4F67FF6CFD4F894656E77074F16D78500ED4
Chrome Cache Entry: 180	JSON data	E0153FC7DDF337C307D053091BAB9487	0F8930000CA3A310E8554E02B0160E6076FB9049	203BADB20D9302A8709ADCA048857877193CEEF10FE4C5B37B8DC642A968460B
Chrome Cache Entry: 181	ASCII text, with no line terminators	1869D56535E8B1449A6DA54FF5E11F50	C271B656DEDB85A67DB52B58A06C052FE2EE23CC	77AAF105C28C4C82EA7B2E0627B92FDFF753C249771E7D2AB4A6F7EC6A5F400F
Chrome Cache Entry: 182	PNG image data, 1030 x 227, 8-bit/color RGB, non-interlaced	339B38E28C4E7A7B9F613A387163E3E7	C443CE12A005FE839E5F9B77A2118864958D5AC5	9255D499780F3BC98C6440124F1C5A66F0156811897A918A782B196424A1478E
Chrome Cache Entry: 183	JSON data	13DA00B1199157304E64DF53EAE031A2	7D71F9D59A25EF65EF15BE57862397DCD3BAAE47	3B78318EFDF2097EBBBE0F959B20353133FA744B3132C91813C7E79AD6FB177C
Chrome Cache Entry: 184	Web Open Font Format (Version 2), TrueType, length 15552, version 1.0	285467176F7FE6BB6A9C6873B3DAD2CC	EA04E4FF5142DDD69307C183DEF721A160E0A64E	5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
Chrome Cache Entry: 185	ASCII text, with no line terminators	1869D56535E8B1449A6DA54FF5E11F50	C271B656DEDB85A67DB52B58A06C052FE2EE23CC	77AAF105C28C4C82EA7B2E0627B92FDFF753C249771E7D2AB4A6F7EC6A5F400F
Chrome Cache Entry: 186	SVG Scalable Vector Graphics image	19157E6B814D4627A80A1989238E5F7E	C68CF881596F326698E849178E07E1703D6DE055	4E79B64AF37043CEF4A87C45AF46DBCC98D004DC1E93DA3EF6DA9403E3FEC066
Chrome Cache Entry: 187	ASCII text, with very long lines (17624)	91E5187DC56211830D5D7BD63B096444	09ECA6E4AC580A1DF7D32072C5DD607026AF2406	CB92285E3A3EFDE33FFC567B06A9700C6D05590BC19C73492C50214F84178730
Chrome Cache Entry: 188	PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced	DD29705C1877BCB40BBF8DBB66BAB584	077233300BE5B1E6E73CE258F02AE8A03FC4ED44	8CDE03A4484A2199B4145EE9D3EA4285B5027C950157434A45CA8005733D893C
Chrome Cache Entry: 189	ASCII text, with very long lines (30837)	269550530CC127B6AA5A35925A7DE6CE	512C7D79033E3028A9BE61B540CF1A6870C896F8	799AEB25CC0373FDEE0E1B1DB7AD6C2F6A0E058DFADAA3379689F583213190BD
Chrome Cache Entry: 190	ASCII text, with very long lines (7711)	67D2B04DF637C46B9D6050424F051EE7	285EE37965579C0E73CA0BCEE89515C840654CA6	24E25FFA16C94F166AAE7F2B5290A00A2A4819B447E3675F8DD82956759968A5
Chrome Cache Entry: 191	SVG Scalable Vector Graphics image	7C7294B8BAA2AEA0D19BE208A3AC18E9	35E5CE95DD2A52048E924D3BCE4F95CC8281CFBC	A5AA5F4941CBFCA09167990619C1A4441E2876C01A7EB07FE5E781DEDB8A7905
Chrome Cache Entry: 192	SVG Scalable Vector Graphics image	7C7294B8BAA2AEA0D19BE208A3AC18E9	35E5CE95DD2A52048E924D3BCE4F95CC8281CFBC	A5AA5F4941CBFCA09167990619C1A4441E2876C01A7EB07FE5E781DEDB8A7905
Chrome Cache Entry: 193	JSON data	13DA00B1199157304E64DF53EAE031A2	7D71F9D59A25EF65EF15BE57862397DCD3BAAE47	3B78318EFDF2097EBBBE0F959B20353133FA744B3132C91813C7E79AD6FB177C
Chrome Cache Entry: 194	Unicode text, UTF-8 text, with very long lines (32039)	5AC48AD714CD3AD3E9C2E645B4AB763C	4CB37218AD55B549D6DA050C7FD336D1F9AE730B	7DC42EECC32D18806DBC0C27B9BA80AE9E4161C8C1A4694E084945382E550ADF
Chrome Cache Entry: 195	ASCII text, with very long lines (32016), with escape sequences	8CD0E255DBBFD2FA415ED2D0FBFD76CA	2FFEE49DF6F50BB9DE46E13FE2CD06D0A9E2EFC8	D9B2FE47829128AD00AD322CE1773F608AD6F2F2C6C92B6508284A221056CCA0
Chrome Cache Entry: 196	SVG Scalable Vector Graphics image	C219375DB29151912146AE3835A67B24	62BEF7717B9BFF97CFBD379BE7808848F0B76449	3E9502E83FBDD0A4F14C770CB77778ACB40C2151F91F5F8E8C4BB1543B96AD50
Chrome Cache Entry: 197	SVG Scalable Vector Graphics image	654751A7B01F0CE1CF14D64B3F112582	AC292263D14437F3C9946FDBD6FEC0F80848B72E	6FC9039C758F455E195A8CBE31A073CEA81F888F21969574A1EFE2BBDC5E575D
Chrome Cache Entry: 198	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0	5D4AEB4E5F5EF754E307D7FFAEF688BD	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
Chrome Cache Entry: 199	SVG Scalable Vector Graphics image	19AAA5DA56FFE44A5FE5B8362EFA8CBE	EC8D0522B5E9124FE515A6A8D27DF9856319FD5E	5E98114E161A04831765FBC092BF4D1963C1FE4346AD8119C261AE1F7C00B29C
Chrome Cache Entry: 200	ASCII text, with very long lines (4242)	314F3F270EBB997117C7C03CFA2054C8	89596C531B639BD7342E93A13A547639297C9AC1	781B692A8E6B5A144CFAFBC80EC83AE3F164906EC65CE807909041602FAAA199
Chrome Cache Entry: 201	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	88E0F42C9FA4F94AA8BCD54D1685C180	5AD9D47A49B82718BAA3BE88550A0B3350270C42	89C62095126FCA89EA1511CF35B49B8306162946B0C26D6F60C5506C51D85992
Chrome Cache Entry: 202	SVG Scalable Vector Graphics image	654751A7B01F0CE1CF14D64B3F112582	AC292263D14437F3C9946FDBD6FEC0F80848B72E	6FC9039C758F455E195A8CBE31A073CEA81F888F21969574A1EFE2BBDC5E575D
Chrome Cache Entry: 203	JSON data	306B050AFA47E234A795D34E0A47DB05	967A2BD2D6A9974C9DAB0AED728239D2A5C670EB	9F41267F2996F0B85A9C2D81C2F23D6D774849EB2D1F96668ABF7E0C50855479

Windows Analysis Report
http://www.cpcheckme.com

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://www.cpcheckme.com

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://www.cpcheckme.com