Edit tour

Windows Analysis Report
http://www.cpcheckme.com

Overview

General Information

Sample URL:	http://www.cpcheckme.com
Analysis ID:	1445862
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected Powershell download and execute

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Downloads executable code via HTTP

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops files with a non-matching file extension (content does not match file extension)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTML page contains hidden URLs or javascript code

HTTP GET or POST without a user agent

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

PE file overlay found

Queries the volume information (name, serial number etc) of a device

Stores files to the Windows start menu directory

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1996 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.cpcheckme.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3608 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1956,i,12651588172182524890,15873818534290352819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7748 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5184 --field-trial-handle=1956,i,12651588172182524890,15873818534290352819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

rundll32.exe (PID: 8084 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

cpcheckme_yt22zMIg.exe (PID: 8176 cmdline: "C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe" MD5: 1F5E1935BC678EA70274516D5FA9C7A0)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\Downloads\Unconfirmed 6574.crdownload	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
dropped/chromecache_176	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: cpcheckme_yt22zMIg.exe PID: 8176	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
15.0.cpcheckme_yt22zMIg.exe.22b8aa40000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security

HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 22 May 2024 15:27:41 GMTContent-Type: application/octet-streamContent-Length: 1216832Connection: keep-aliveContent-Disposition: attachment; filename="cpcheckme_yt22zMIg.exe"Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 87 1d 78 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 5e 12 00 00 08 00 00 00 00 00 00 7a 7c 12 00 00 20 00 00 00 80 12 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 12 00 00 02 00 00 a6 93 12 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 28 7c 12 00 4f 00 00 00 00 80 12 00 f8 05 00 00 00 00 00 00 00 00 00 00 00 68 12 00 40 29 00 00 00 a0 12 00 0c 00 00 00 f0 7a 12 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 80 5c 12 00 00 20 00 00 00 5e 12 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f8 05 00 00 00 80 12 00 00 06 00 00 00 60 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 12 00 00 02 00 00 00 66 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5c 7c 12 00 00 00 00 00 48 00 00 00 02 00 05 00 2c 9a 00 00 4c 0d 01 00 01 00 00 00 04 00 00 06 78 a7 01 00 78 d3 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 04 00 6b 00 00 00 01 00 00 11 28 2e 00 00 06 17 17 28 1a 00 00 06 6f 2f 00 00 06 28 2e 00 00 06 17 72 01 00 00 70 28 01 00 00 2b 6f 33 00 00 06 02 28 0d 02 00 06 0a 06 2c 08 06 6f 4f 01 00 06 2c 0c 28 e1 00 00 06 6f e3 00 00 06 de 26 28 e1 00 00 06 06 6f e2 00 00 06 de 0f 0b 28 2e 00 00 06 1a 07 6f 32 00 00 06 de 00 28 2e 00 00 06 6f 31 00 00 06 2a 00 01 10 00 00 00 00 00 00 51 51 00 0f 11 00 00 01 13 30 05 00 84 00 00 00 02 00 00 11 28 2e 00 00 06 17 17 28 1a 00 00 06 6f 2f 00 00 06 28 2e 00 00 06 17 72 92 00 00 70 28 01 00 00 2b 6f 33 00 00 06 7e 1e 00 00 0a 0a 7e 1e 00 00 0a 0b 7e 1e 00 00 0a 0c 72 2f 01 00 70 0c 72 a9 01 00 70 0a 72 19 02 00 70 0b 73 bf 00 00 06 25 08 6f c6 00 00 06 06 07 6f ca 00 00 06 28 2e 00 00 06 17 72 81 02 00 70 06 07 28 1f 00 00 0a 28 01 00 00 2b 6f 33 00 00 06 28 2e 00 00 06 6f 31 00 00 06 2a 1e 02 28 20 00 00 0a 2a 1e 02 28 01 00 00 06 2a ae 7e 01 00 00 04 2d 1e 72 b7 02 00 70 d0 04 00 00 02 28 21 00 00 0a 6f 22 00 00 0a 73 23 00 00 0a 80 01 00 00 04 7

Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /checkme/rest/endpoint/start HTTP/1.1Content-Type: application/jsonHost: www.cpcheckme.comCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 20Connection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.96.89
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	HTTP traffic detected: GET /ajax/libs/bluebird/3.3.5/bluebird.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js?render=explicit HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/checkpoint-theme-v2/images/parsley.png HTTP/1.1Host: www.checkpoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/checkpoint-theme-v2/images/parsley.png HTTP/1.1Host: www.checkpoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=FmAnyWgMhHnay6U&MD=oYOMN+rE HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=11wz3iwh9xgn HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=8k85QBI-qzxmenDv318AZH30 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=11wz3iwh9xgnAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/bg/cF9tiRHt4BzQa_gljZbyGUbjFHSRXJeGZWCTLs0pBwQ.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=11wz3iwh9xgnAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=l5a3zuoxr6a HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/reload?k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AOG1W2WMBU3Lx0soNhShTRFwELDfLwcuwdnkZ9CgIoYm0zp46CK031UHe6slDJOYHtKJUib-89BCs-dJrXG-9oE
Source: global traffic	HTTP traffic detected: GET /js/bg/y5IoXjo-_eM__FZ7BqlwDG0FWQvBnHNJLFAhT4QXhzA.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMObAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/userverify?k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AOG1W2WMBU3Lx0soNhShTRFwELDfLwcuwdnkZ9CgIoYm0zp46CK031UHe6slDJOYHtKJUib-89BCs-dJrXG-9oE
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=FmAnyWgMhHnay6U&MD=oYOMN+rE HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /checkme/ HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=9VZIGm90wfRnifjzbdjTPIdUF6UPW54l7ByzRbnFxTDnL98T7H9Eur6V4lniC5gF19ETotJESA6AHSfP4x4ciKKTv+20fajq6tfw9MvvZN9EQL1oXFLTVActPyOu
Source: global traffic	HTTP traffic detected: GET /checkme/assets/libs/fontawesome/css/font-awesome.min.css HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=20Ns1cykc2joaI0uxHJEMYgvGGHUue2tmpaEEXhEwxhv4HNw4ZZKMPAXVTAz9RSIPkfkOMp6Jt2LO8GXwX6ZGNx80WapsoBvhtPVs185fTTCt9rjgfcmGdeqPTBh
Source: global traffic	HTTP traffic detected: GET /checkme/vendor.16be15e20a43eba17559.js HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=20Ns1cykc2joaI0uxHJEMYgvGGHUue2tmpaEEXhEwxhv4HNw4ZZKMPAXVTAz9RSIPkfkOMp6Jt2LO8GXwX6ZGNx80WapsoBvhtPVs185fTTCt9rjgfcmGdeqPTBh
Source: global traffic	HTTP traffic detected: GET /checkme/bundle.16be15e20a43eba17559.js HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=20Ns1cykc2joaI0uxHJEMYgvGGHUue2tmpaEEXhEwxhv4HNw4ZZKMPAXVTAz9RSIPkfkOMp6Jt2LO8GXwX6ZGNx80WapsoBvhtPVs185fTTCt9rjgfcmGdeqPTBh
Source: global traffic	HTTP traffic detected: GET /check/testsAssets/instant_checkup.js?v=0.6652561465103368 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=hgou4MgWyuf1NbxB58p0H24yiV8HjvF4TXMdYeCCY4/W+fPDj1b5HkRAWWgeorZvRW/BM00Apj7x+C8RBFRquQVELDEB/a/egyaCG+1E3tzH/Yfp3YLoph15T1jP
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanTypesDetails?ts=1716391619425 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=rNwJ/gw1aCiGSddXo8tle6DTKjzDDrGTr1FsZcdttAgmUPmQlXsIxDRdIMU85JI0wKEYqybpebD1dufFxwO59QWmgjB4zQvAXsHzCTnadZq9W152JyctXaTLr4Or
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getAllTests?ts=1716391619429&category= HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=rNwJ/gw1aCiGSddXo8tle6DTKjzDDrGTr1FsZcdttAgmUPmQlXsIxDRdIMU85JI0wKEYqybpebD1dufFxwO59QWmgjB4zQvAXsHzCTnadZq9W152JyctXaTLr4Or
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getExcludedEmails?ts=1716391619429 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=rNwJ/gw1aCiGSddXo8tle6DTKjzDDrGTr1FsZcdttAgmUPmQlXsIxDRdIMU85JI0wKEYqybpebD1dufFxwO59QWmgjB4zQvAXsHzCTnadZq9W152JyctXaTLr4Or
Source: global traffic	HTTP traffic detected: GET /checkme/fonts/din.woff?v=1.0.0 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveOrigin: http://www.cpcheckme.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=rNwJ/gw1aCiGSddXo8tle6DTKjzDDrGTr1FsZcdttAgmUPmQlXsIxDRdIMU85JI0wKEYqybpebD1dufFxwO59QWmgjB4zQvAXsHzCTnadZq9W152JyctXaTLr4Or
Source: global traffic	HTTP traffic detected: GET /checkme/assets/libs/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveOrigin: http://www.cpcheckme.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/assets/libs/fontawesome/css/font-awesome.min.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=rNwJ/gw1aCiGSddXo8tle6DTKjzDDrGTr1FsZcdttAgmUPmQlXsIxDRdIMU85JI0wKEYqybpebD1dufFxwO59QWmgjB4zQvAXsHzCTnadZq9W152JyctXaTLr4Or
Source: global traffic	HTTP traffic detected: GET /checkme/rest/utils/getCaptchaType HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=fQ1vuCAQ+LX5fP9FFpX4jdqnMkhiJvjU3nvRj5GtmZ1hggHpUKlLmknHsxzKLxUo0skpUvNrqdMIjwyKtJS7T38Vlg2znlGzG4Ypo11dfhg4GJMJ1SR3ctSOwdvL
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getAllTests?ts=1716391619429&category= HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=Gd1uru2VcjlY0Je0e4n8PoEib9ijlg60pKhAZhVIahgFZjZa4+48AVW7q6KoX90AeJDkkWwwBcgaoTr8RoVTKs204AJgEPQ+gL0mR1quQXA7PYaVUT1d0tixllPV
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanTypesDetails?ts=1716391619425 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=fQ1vuCAQ+LX5fP9FFpX4jdqnMkhiJvjU3nvRj5GtmZ1hggHpUKlLmknHsxzKLxUo0skpUvNrqdMIjwyKtJS7T38Vlg2znlGzG4Ypo11dfhg4GJMJ1SR3ctSOwdvL
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getExcludedEmails?ts=1716391619429 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=0mYBx9525ryXtIoqeRqKbJeZKPWEHu74769q2/P/0rN0jCrBXwkvsh1iHvz66BNYG2PgBlt8EEIkoOwHqxZuE1UA1bCeqI+XBChklCloRHSo5d4L1vPJDqnTmwM7
Source: global traffic	HTTP traffic detected: GET /checkme/rest/utils/getCaptchaType HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: AWSALB=O+UvY6TXnA9rmHnE72bgdMFFYpRam+J/trsVh2XJULbxW4Ij5wItM9iFOrFSWTfNnmS5qPz4cgn3K41atTYm6lzHDVpi6unFvi+2XvwUl9hPhO4/G+FkZjtvBfNS
Source: global traffic	HTTP traffic detected: GET /checkme/ HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=oZwKzeTpVngadSgeD4roJp3GVgWR3NzYjEQPnSG6Zu1xS2uZQirezWaTe/9AcIMkybv5PxLV5mic9qBNHt4TY8wyIM9Wc4WkDqhvVYs0ktGiOIUTKWAu9I9YqTxjIf-None-Match: W/"3971-1684859588000"If-Modified-Since: Tue, 23 May 2023 16:33:08 GMT
Source: global traffic	HTTP traffic detected: GET /check/testsAssets/instant_checkup.js?v=0.6537682150719368 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=OwocWPpZs5cdNA0YDmhebwepfiq1p6/4VMaaW37qnkp+q4fj95+8PSwINOLtf1mdvOf1D7REgn5mVAZr8l+unKdwXyocn3Ycu2jaq+iEhdf37h4/X5lgG5KVoodp
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanTypesDetails?ts=1716391642957 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=OwocWPpZs5cdNA0YDmhebwepfiq1p6/4VMaaW37qnkp+q4fj95+8PSwINOLtf1mdvOf1D7REgn5mVAZr8l+unKdwXyocn3Ycu2jaq+iEhdf37h4/X5lgG5KVoodp
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getAllTests?ts=1716391642959&category= HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=OwocWPpZs5cdNA0YDmhebwepfiq1p6/4VMaaW37qnkp+q4fj95+8PSwINOLtf1mdvOf1D7REgn5mVAZr8l+unKdwXyocn3Ycu2jaq+iEhdf37h4/X5lgG5KVoodp
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getExcludedEmails?ts=1716391642959 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=OwocWPpZs5cdNA0YDmhebwepfiq1p6/4VMaaW37qnkp+q4fj95+8PSwINOLtf1mdvOf1D7REgn5mVAZr8l+unKdwXyocn3Ycu2jaq+iEhdf37h4/X5lgG5KVoodp
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanTypesDetails?ts=1716391642957 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=cFGMXUN96TLXW7m1KAtQw1o0Wwl0SflKhVow0etQKvxcO8SPmedQnvmG0pYlGn5m7IXRRjFKDNYyMhf+fwOGNYF9NXBlLcPjP7nQ/QIglWbIdJrzhSWiiNfg6CY9
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getExcludedEmails?ts=1716391642959 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=cFGMXUN96TLXW7m1KAtQw1o0Wwl0SflKhVow0etQKvxcO8SPmedQnvmG0pYlGn5m7IXRRjFKDNYyMhf+fwOGNYF9NXBlLcPjP7nQ/QIglWbIdJrzhSWiiNfg6CY9
Source: global traffic	HTTP traffic detected: GET /checkme/rest/utils/getCaptchaType HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=cFGMXUN96TLXW7m1KAtQw1o0Wwl0SflKhVow0etQKvxcO8SPmedQnvmG0pYlGn5m7IXRRjFKDNYyMhf+fwOGNYF9NXBlLcPjP7nQ/QIglWbIdJrzhSWiiNfg6CY9
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getAllTests?ts=1716391642959&category= HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=rpr0HGgZy2f2qU8vDNGoQSh6GHnqTarq6xQSJE6AOHCZ09cWRqa779g0z4awQzetbO0uf1i5awVAgmHuuJ3mr/qFt3/s5fm0K/2JNco9Q8wEjLjyLNKYSXTZO+TC
Source: global traffic	HTTP traffic detected: GET /checkme/rest/utils/getCaptchaType HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=nqkbPslmcaeQsyH/RXSyBsP3XeMuXx/24eOvbCdyloxX4y39vVy5M+M4WV5Diegpp2TD86Rax9syCzIfd325AlbkkOH7t/nbwbrY7fAL0umo2f2g/sIpzgq803iS
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/startScan HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=sc8NwWVq+v4WUX8RsnnqqQjt23RnYsJWdQGvOmPVSOjA9+AMus/hV7yrMIehIaJULtIV8pppvOplgNrGLLRr2lylZJWL/W5STfBjbguv9QM7Ad0tbXdaYI21Lg7W
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/updateStatuses HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=jMrsGMf4HBXr3E8kN3u1knV6ORUbOzYHexJToT6pYanc7EwjCLlIunqEls3kew9A2JhXDg2hjSNTbamGtJqEPTE09X6hz0rmhDdHstrEOzA1ADhSzxn+cukEu0d7
Source: global traffic	HTTP traffic detected: GET /cpcheckme.exe?uid=yt22zMIg HTTP/1.1Host: cpcheckmefiles-lb-1966426125.eu-west-1.elb.amazonaws.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://www.cpcheckme.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391665606&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=i558L86v2j8D6ongz1E93KPCv88l5W+UelXAcR9Awmxn9haPtL4kuJjUF3Fg/FBPKJuGqgv2P8PZ6olc1W7shLsOwqbdLt1kSM1wGpZH7cvDodAllhAXS1XpbbIA
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391665606&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=x3L0QCYDVkvVRNRGzz0BKBrIucCZorXH9VrET52jl7rscxdCRRTtIQ85NnLZq4kRx187ftH75xALeZe6QGiG5t8nL02KsMevp3/rItyCVg1IftkfQnGRjS5mT/i3
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391670793&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=+ESM9fTkWMrifQjs9xv+BOBt/iuLeuxrfpoWLjmjaDSaaH8mm4pCvt7kWQQwWRNseD7JSDCSggFLIBec9CyRekMU/HT+p1E6Z4D+MfAZnJUgwqi5eWfIQg/wGcY4
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391670793&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=fS0XR/8MNPGNfiCAn31eT9IrVnRLIezYwWqrKxPzDiDg+LZ4xO3UcbHm0ihfvVzDjWUSQxTFNzH/1eV870hDvARBw3FH/+3NIHFHKy2nHiCUGA4E8z5Gba1X/uFp
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391676043&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=DrxrrxdYOi18LtQfPSo+DNSPBORE7Z70/qW66K1uH+SlmoEJwoLcrASiouRyKNERRBOSQyLwIxy3uWFuFF54uCu9Q51TqG/+gnnnuOa9wcYZmfOvHQjc2zgP6JXF
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391676043&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=qHNXzFQPR8bUEUBeimgOzm3UX2HL/a3tLkxZjxG2G2tIzw9oQBZAtu0/QXva+/qPH9OzUbc0rQcrpbDEap0ZEKrCCDYv96kGcf0ImmPp9anA5VY+y8HdyXW+9dfZ
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391681227&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://www.cpcheckme.com/checkme/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; AWSALB=wiUJTf+Zln1u9bnrCjRfGvCWkbzer2LZ/9+ZIyESVk5xNHvIgLPX1SstXDNLZp03vt0q+HsRdDV9ckccZqApd1qjH4No4QnMruPPcqGt5FAmYZFdxIGO/4Yjp7CY
Source: global traffic	HTTP traffic detected: GET /checkme/rest/test/getScanStatus?ts=1716391681227&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1Host: www.cpcheckme.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; AWSALB=I8BfgbBPrnfAuyYj8Y2QYwDDgLbx4qdg0ehvojFdl9FxCozEKMBDB44icljiAClTZfRDxBZ6+ZVHDSlu3QnVJyYo3NnNZwNs/8EPmUNj1SasgjZ3Zb/WCF2FWtNg

Source: chromecache_155.1.dr	String found in binary or memory: L.getElementsByTagName("iframe"),oa=R.length,ka=0;ka<oa;ka++)if(!v&&c(R[ka],E.xe)){pI("https://www.youtube.com/iframe_api");v=!0;break}})}}else I(u.vtp_gtmOnSuccess)}var q=["www.youtube.com","www.youtube-nocookie.com"],r={UNSTARTED:-1,ENDED:0,PLAYING:1,PAUSED:2,BUFFERING:3,CUED:5},t,v=!1;Z.__ytl=n;Z.__ytl.D="ytl";Z.__ytl.isVendorTemplate=!0;Z.__ytl.priorityOverride=0;Z.__ytl.isInfrastructure=!1; equals www.youtube.com (Youtube)
Source: chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: Math.round(p);u["gtm.videoCurrentTime"]=Math.round(q);u["gtm.videoElapsedTime"]=Math.round(f);u["gtm.videoPercent"]=r;u["gtm.videoVisible"]=t;return u},bk:function(){e=Db()},pd:function(){d()}}};var hc=ma(["data-gtm-yt-inspected-"]),CC=["www.youtube.com","www.youtube-nocookie.com"],DC,EC=!1; equals www.youtube.com (Youtube)
Source: chromecache_190.1.dr	String found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var h=kA(a,c,e);O(121);if("https://www.facebook.com/tr/"===h["gtm.elementUrl"])return O(122),!0;if(d&&f){for(var m=Nb(b,g.length),n=0;n<g.length;++n)g[n](h,m);return m.done}for(var p=0;p<g.length;++p)g[p](h,function(){});return!0},nA=function(){var a=[],b=function(c){return tb(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
Source: chromecache_190.1.dr	String found in binary or memory: e\|\|f\|\|g.length\|\|h.length))return;var n={Wg:d,Ug:e,Vg:f,Lh:g,Mh:h,xe:m,Ab:b},p=G.YT,q=function(){KC(n)};if(p)return p.ready&&p.ready(q),b;var r=G.onYouTubeIframeAPIReady;G.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=H.getElementsByTagName("script"),v=t.length,u=0;u<v;u++){var w=t[u].getAttribute("src");if(NC(w,"iframe_api")\|\|NC(w,"player_api"))return b}for(var y=H.getElementsByTagName("iframe"),x=y.length,B=0;B<x;B++)if(!EC&&LC(y[B],n.xe))return xc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_155.1.dr	String found in binary or memory: function(h){return h.form===g})};return{store:function(g,h){var m=f(g);m?m.button=h:e.push({form:g,button:h})},get:function(g){var h=f(g);return h?h.button:null}}}function d(e,f,g,h,m){var n=Iz("fsl",g?"nv.mwt":"mwt",0),p;p=g?Iz("fsl","nv.ids",[]):Iz("fsl","ids",[]);if(!p.length)return!0;var q=Nz(e,"gtm.formSubmit",p),r=e.action;r&&r.tagName&&(r=e.cloneNode(!1).action);q["gtm.elementUrl"]=r;O(121);if("https://www.facebook.com/tr/"===r)return O(122),!0;m&&(q["gtm.formSubmitElement"]=m);if(h&&n){if(!tI(q, equals www.facebook.com (Facebook)
Source: chromecache_200.1.dr	String found in binary or memory: return b}AC.K="internal.enableAutoEventOnTimer";var hc=ma(["data-gtm-yt-inspected-"]),CC=["www.youtube.com","www.youtube-nocookie.com"],DC,EC=!1; equals www.youtube.com (Youtube)
Source: chromecache_190.1.dr	String found in binary or memory: var PB=function(a,b,c,d,e){var f=Iz("fsl",c?"nv.mwt":"mwt",0),g;g=c?Iz("fsl","nv.ids",[]):Iz("fsl","ids",[]);if(!g.length)return!0;var h=Nz(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);O(121);if("https://www.facebook.com/tr/"===m)return O(122),!0;h["gtm.elementUrl"]=m;h["gtm.formCanceled"]=c;null!=a.getAttribute("name")&&(h["gtm.interactedFormName"]=a.getAttribute("name"));e&&(h["gtm.formSubmitElement"]=e,h["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!uy(h,vy(b, equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.cpcheckme.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: sc1.checkpoint.com
Source: global traffic	DNS traffic detected: DNS query: www.checkpoint.com
Source: global traffic	DNS traffic detected: DNS query: cpcheckmefiles-lb-1966426125.eu-west-1.elb.amazonaws.com

Source: unknown

HTTP traffic detected: POST /recaptcha/api2/reload?k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb HTTP/1.1Host: www.google.comConnection: keep-aliveContent-Length: 9078sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-protobufferAccept: */*Origin: https://www.google.comX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMObAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_194.1.dr	String found in binary or memory: http://api.jqueryui.com/category/ui-core/
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: chromecache_176.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD01000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCA5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB53000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBB5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD57000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD35000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC75000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC53000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB93000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCEB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCD9000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBF6000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCCD000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCAB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD63000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBDD000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD23000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC2B000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBBB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB5F000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB65000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dualstack.elb-ireland1-1194672184.eu-west-1.elb.amazonaws.com
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/1.asp?FileName=a.pdf&AppID=2&MainID=9&SecID=9&MinID=2
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/1.asp?src=file.jpg&fltr
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/1.asp?xss=%3Cscript%3Ealert%28%221%22%29%3C%2Fscript%3E
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/blockchain.txt
Source: chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/check/testsAssets/post.html
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/e.bz2
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/e.txt
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/e.zip
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/exploit_page_buffer.html
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/getcfg.php?SERVICES=DEVICE.LOG&x=y&AUTHORIZED_GROUP=1
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/win7_64bit_big.com
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/win7_64bit_big.pdf
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://files.cpcheckme.com/win7_64bit_big.zip
Source: chromecache_189.1.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_189.1.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://hot-emailer.ru/favicon.ico
Source: chromecache_194.1.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_194.1.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_194.1.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_177.1.dr	String found in binary or memory: http://localhost:8282/check/testsAssets/instant_checkup.js
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://login.msa.akadns6.net/favicon.ico
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://proxy.my-addr.com/favicon.ico
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://s3-eu-west-1.amazonaws.com/cp-chk-files/win7_64bit_big_enc.zip
Source: chromecache_180.1.dr, chromecache_175.1.dr, chromecache_130.1.dr, chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/Anonymizer_Usage.svg
Source: chromecache_180.1.dr, chromecache_175.1.dr, chromecache_130.1.dr, chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/Data_Leakage.svg
Source: chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/Malware_Infection.svg
Source: chromecache_180.1.dr, chromecache_175.1.dr, chromecache_130.1.dr, chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/Persistence_Threat.svg
Source: chromecache_180.1.dr, chromecache_175.1.dr, chromecache_130.1.dr, chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/Ransomware_Attack.svg
Source: chromecache_180.1.dr, chromecache_175.1.dr, chromecache_130.1.dr, chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/Zero_Day.svg
Source: chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/browser.svg
Source: chromecache_132.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/Report/SVG/command_and_control_communication_64.svg
Source: chromecache_136.1.dr, chromecache_193.1.dr, chromecache_151.1.dr, chromecache_183.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/SVG/Cloud_Icon.svg
Source: chromecache_136.1.dr, chromecache_193.1.dr, chromecache_151.1.dr, chromecache_183.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/SVG/Endpoint_Icon.svg
Source: chromecache_136.1.dr, chromecache_193.1.dr, chromecache_151.1.dr, chromecache_183.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/SVG/Mobile_Icon.svg
Source: chromecache_136.1.dr, chromecache_193.1.dr, chromecache_151.1.dr, chromecache_183.1.dr	String found in binary or memory: http://sc1.checkpoint.com/check-me/SVG/Network_Icon.svg
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CA23000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CAE4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CA23000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CA23000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CAE4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/CheckMeAgent.Engine.WebApi
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CABB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://site-to-meet.com/favicon.ico
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD01000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCA5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB53000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBCD000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBB5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD57000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD35000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC75000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC53000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB93000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD47000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCEB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CABB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCF1000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCD9000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD13000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC43000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBF6000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCCD000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCAB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD63000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.cpcheckme.com
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CABB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2361345704.0000022BA508B000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: http://www.cpcheckme.com/checkme/rest/endpoint/
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCA5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBB5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB93000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCEB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCD9000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD63000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB25000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB43000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD1D000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC2B000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB5F000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC4D000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CAE4000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBD7000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD85000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD0D000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD73000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD51000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCFB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC13000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.cpcheckme.com/checkme/rest/endpoint/p
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.cpcheckme.com/checkme/rest/endpoint/start
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2361345704.0000022BA506F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cpcheckme.com/checkme/rest/endpoint/starte
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2361345704.0000022BA506F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cpcheckme.com/checkme/rest/endpoint/startse
Source: Unconfirmed 6574.crdownload.0.dr, Google.Widevine.CDM.dll.0.dr, chromecache_176.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://www.fkiinqdfc9un.xyz/login/assets/img/fav.ico
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: http://www.jewelsyz.com/favicon.ico
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: http://www.threat-cloud.com/config.php
Source: chromecache_176.1.dr	String found in binary or memory: http://www.threat-cloud.com/test/files/HighConfidenceBot.html
Source: sets.json.0.dr	String found in binary or memory: https://abczdrowie.pl
Source: chromecache_200.1.dr, chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_200.1.dr, chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: sets.json.0.dr	String found in binary or memory: https://alice.tw
Source: chromecache_144.1.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: sets.json.0.dr	String found in binary or memory: https://autobild.de
Source: sets.json.0.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.0.dr	String found in binary or memory: https://bild.de
Source: sets.json.0.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.0.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.0.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.0.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.0.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.0.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.0.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.0.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.dr	String found in binary or memory: https://cardsayings.net
Source: chromecache_200.1.dr, chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_177.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/bluebird/3.3.5/bluebird.min.js
Source: sets.json.0.dr	String found in binary or memory: https://chennien.com
Source: sets.json.0.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.0.dr	String found in binary or memory: https://clmbtech.com
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: sets.json.0.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.0.dr	String found in binary or memory: https://computerbild.de
Source: chromecache_155.1.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: sets.json.0.dr	String found in binary or memory: https://cookreactor.com
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: sets.json.0.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.0.dr	String found in binary or memory: https://desimartini.com
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: sets.json.0.dr	String found in binary or memory: https://dewarmsteweek.be
Source: LICENSE.txt.0.dr	String found in binary or memory: https://easylist.to/)
Source: sets.json.0.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.0.dr	String found in binary or memory: https://een.be
Source: sets.json.0.dr	String found in binary or memory: https://efront.com
Source: sets.json.0.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.0.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.0.dr	String found in binary or memory: https://ella.sv
Source: sets.json.0.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.0.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.dr	String found in binary or memory: https://fakt.pl
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: https://files.cpcheckme.com/check/testsAssets/post.html
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: https://files.cpcheckme.com/e.zip
Source: sets.json.0.dr	String found in binary or memory: https://finn.no
Source: sets.json.0.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.0.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://gettalkdesk.com
Source: chromecache_194.1.dr	String found in binary or memory: https://github.com/ded/bowser
Source: LICENSE.txt.0.dr	String found in binary or memory: https://github.com/easylist)
Source: chromecache_194.1.dr	String found in binary or memory: https://github.com/jsstyles/css-vendor
Source: chromecache_155.1.dr	String found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: sets.json.0.dr	String found in binary or memory: https://gliadomain.com
Source: chromecache_155.1.dr	String found in binary or memory: https://google.com
Source: chromecache_155.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net
Source: sets.json.0.dr	String found in binary or memory: https://grid.id
Source: sets.json.0.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.0.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.0.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.0.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://hapara.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.global
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.0.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.0.dr	String found in binary or memory: https://hearty.app
Source: sets.json.0.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.0.dr	String found in binary or memory: https://hearty.me
Source: sets.json.0.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.0.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.0.dr	String found in binary or memory: https://hj.rs
Source: sets.json.0.dr	String found in binary or memory: https://hjck.com
Source: sets.json.0.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.0.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.0.dr	String found in binary or memory: https://iolam.it
Source: sets.json.0.dr	String found in binary or memory: https://ishares.com
Source: sets.json.0.dr	String found in binary or memory: https://jagran.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.0.dr	String found in binary or memory: https://kompas.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.0.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.0.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.0.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.0.dr	String found in binary or memory: https://libero.it
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.0.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.0.dr	String found in binary or memory: https://livemint.com
Source: sets.json.0.dr	String found in binary or memory: https://max.auto
Source: sets.json.0.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.0.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.0.dr	String found in binary or memory: https://money.pl
Source: sets.json.0.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://nacion.com
Source: sets.json.0.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.co
Source: sets.json.0.dr	String found in binary or memory: https://nien.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.org
Source: sets.json.0.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.dr	String found in binary or memory: https://o2.pl
Source: sets.json.0.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.0.dr	String found in binary or memory: https://onet.pl
Source: sets.json.0.dr	String found in binary or memory: https://ottplay.com
Source: chromecache_190.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_200.1.dr, chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: sets.json.0.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.dr	String found in binary or memory: https://phonandroid.com
Source: chromecache_140.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: sets.json.0.dr	String found in binary or memory: https://player.pl
Source: sets.json.0.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.0.dr	String found in binary or memory: https://poalim.site
Source: sets.json.0.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.0.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.0.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.0.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://radio1.be
Source: sets.json.0.dr	String found in binary or memory: https://radio2.be
Source: sets.json.0.dr	String found in binary or memory: https://reactor.cc
Source: chromecache_140.1.dr	String found in binary or memory: https://recaptcha.net
Source: sets.json.0.dr	String found in binary or memory: https://repid.org
Source: sets.json.0.dr	String found in binary or memory: https://reshim.org
Source: sets.json.0.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws3nvtvt.com
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: https://s3.us-east-2.amazonaws.com/cpcheckmefiles/files/Malware.enc
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: https://s3.us-east-2.amazonaws.com/cpcheckmefiles/files/Ransom.enc
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: https://s3.us-east-2.amazonaws.com/cpcheckmefiles/files/antex_test_x64.enc
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: https://s3.us-east-2.amazonaws.com/cpcheckmefiles/files/antex_test_x86.enc
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: https://s3.us-east-2.amazonaws.com/cpcheckmefiles/files/win7_64bit_big.enc
Source: sets.json.0.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.0.dr	String found in binary or memory: https://samayam.com
Source: chromecache_177.1.dr	String found in binary or memory: https://sc1.checkpoint.com/ThreatPortal/assets/images/Browser_message.png
Source: chromecache_177.1.dr	String found in binary or memory: https://sc1.checkpoint.com/uc/images/favicons/favicon.ico
Source: chromecache_155.1.dr	String found in binary or memory: https://script.crazyegg.com/pages/scripts/
Source: sets.json.0.dr	String found in binary or memory: https://shock.co
Source: sets.json.0.dr	String found in binary or memory: https://smoney.vn
Source: chromecache_155.1.dr	String found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js
Source: sets.json.0.dr	String found in binary or memory: https://songshare.com
Source: sets.json.0.dr	String found in binary or memory: https://songstats.com
Source: sets.json.0.dr	String found in binary or memory: https://sporza.be
Source: sets.json.0.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: chromecache_155.1.dr	String found in binary or memory: https://static.ads-twitter.com/uwt.js
Source: chromecache_200.1.dr, chromecache_190.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_144.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: sets.json.0.dr	String found in binary or memory: https://stripe.com
Source: sets.json.0.dr	String found in binary or memory: https://stripe.network
Source: sets.json.0.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.0.dr	String found in binary or memory: https://supereva.it
Source: chromecache_140.1.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_144.1.dr	String found in binary or memory: https://tagassistant.google.com/
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskstgid.com
Source: chromecache_200.1.dr, chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://td.doubleclick.net
Source: sets.json.0.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.0.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.0.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.0.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.0.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://tvid.in
Source: sets.json.0.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.0.dr	String found in binary or memory: https://unotv.com
Source: sets.json.0.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.0.dr	String found in binary or memory: https://vrt.be
Source: sets.json.0.dr	String found in binary or memory: https://vwo.com
Source: sets.json.0.dr	String found in binary or memory: https://welt.de
Source: sets.json.0.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.dr	String found in binary or memory: https://wildix.com
Source: sets.json.0.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.0.dr	String found in binary or memory: https://wingify.com
Source: sets.json.0.dr	String found in binary or memory: https://wordle.at
Source: sets.json.0.dr	String found in binary or memory: https://wp.pl
Source: sets.json.0.dr	String found in binary or memory: https://wpext.pl
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://www.apache.org/licenses/
Source: sets.json.0.dr	String found in binary or memory: https://www.asadcdn.com
Source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	String found in binary or memory: https://www.checkpoint.com
Source: chromecache_177.1.dr, chromecache_155.1.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_144.1.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_144.1.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_144.1.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_190.1.dr	String found in binary or memory: https://www.google.com
Source: chromecache_144.1.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_177.1.dr	String found in binary or memory: https://www.google.com/chrome/
Source: chromecache_177.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?render=explicit
Source: chromecache_174.1.dr, chromecache_162.1.dr, chromecache_140.1.dr, chromecache_128.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_190.1.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_155.1.dr	String found in binary or memory: https://www.googletagmanager.com/a?
Source: chromecache_144.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_177.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: chromecache_177.1.dr	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-5JCRGP
Source: chromecache_162.1.dr, chromecache_140.1.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__.
Source: chromecache_174.1.dr, chromecache_163.1.dr, chromecache_128.1.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__en.js
Source: chromecache_172.1.dr, chromecache_170.1.dr	String found in binary or memory: https://www.invincibull.io/wp-content/uploads/cropped-vince-favicon-512x512-32x32.jpg
Source: chromecache_200.1.dr, chromecache_190.1.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_177.1.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/
Source: chromecache_155.1.dr, chromecache_190.1.dr	String found in binary or memory: https://www.youtube.com/iframe_api
Source: sets.json.0.dr	String found in binary or memory: https://ya.ru
Source: sets.json.0.dr	String found in binary or memory: https://zalo.me
Source: sets.json.0.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://zingmp3.vn

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 56737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56737
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49807 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\Google.Widevine.CDM.dll	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\LICENSE.txt	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\Filtering Rules	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\manifest.fingerprint	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_1996_953561296

Jump to behavior

Source: Google.Widevine.CDM.dll.0.dr

Static PE information: Number of sections : 12 > 10

Source: c06b9dbc-dc73-4ca5-8be7-44a4c0c2d82b.tmp.0.dr

Static PE information: No import functions for PE file found

Source: c06b9dbc-dc73-4ca5-8be7-44a4c0c2d82b.tmp.0.dr

Static PE information: Data appended to the last section found

Source: Unconfirmed 6574.crdownload.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: chromecache_176.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal60.troj.evad.win@25/158@32/13

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe

Mutant created: NULL

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe

File created: c:\temp\CheckMe.log

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.cpcheckme.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1956,i,12651588172182524890,15873818534290352819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5184 --field-trial-handle=1956,i,12651588172182524890,15873818534290352819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe "C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1956,i,12651588172182524890,15873818534290352819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5184 --field-trial-handle=1956,i,12651588172182524890,15873818534290352819,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Section loaded: iertutil.dll	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.0.dr
Source:	Binary string: D:\src\EP_CheckMe_V_GALLIUM_POST_CL_VS13\Src\CheckMeAgent\obj\Release\CheckMeAgent.pdb source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AB67000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr
Source:	Binary string: D:\src\EP_CheckMe_V_GALLIUM_POST_CL_VS13\Src\CheckMeAgent\obj\Release\CheckMeAgent.pdbP\| source: cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AB67000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr

Source: c06b9dbc-dc73-4ca5-8be7-44a4c0c2d82b.tmp.0.dr

Static PE information: real checksum: 0x1293a6 should be: 0x2fa7

Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .00cfg
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .gxfg
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .retplne
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: .voltbl
Source: Google.Widevine.CDM.dll.0.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Code function: 15_2_00007FFEBC7F2A37 pushad ; ret	15_2_00007FFEBC7F2A43
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Code function: 15_2_00007FFEBC7F1664 push ss; iretd	15_2_00007FFEBC7F1667
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Code function: 15_2_00007FFEBC7F7782 pushad ; ret	15_2_00007FFEBC7F77AD
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Code function: 15_2_00007FFEBC7F03AD push E95E4B53h; ret	15_2_00007FFEBC7F03B9

Source: Unconfirmed 6574.crdownload.0.dr	Static PE information: section name: .text entropy: 7.745054109162031
Source: chromecache_176.1.dr	Static PE information: section name: .text entropy: 7.745054109162031

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 6574.crdownload	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe (copy)	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\c06b9dbc-dc73-4ca5-8be7-44a4c0c2d82b.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\Google.Widevine.CDM.dll	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 176	Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\Google.Widevine.CDM.dll

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 176
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 176			Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_2041672200\LICENSE.txt

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Memory allocated: 22B8AE90000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Memory allocated: 22BA4860000 memory reserve \| memory write watch			Jump to behavior

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599888	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599775	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599665	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599553	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599426	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599298	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599186	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599073	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598963	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598851	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598739	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598613	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598486	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598374	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598262	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598150	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598040	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597929	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597817	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597673	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597561	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597448	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597338	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597226	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597116	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597006	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596879	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596751	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596639	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596531	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596420	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596308	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596196	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596084	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595956	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595829	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595701	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595589	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595477	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595366	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595255	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595127	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595015	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594904	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594792	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594680	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594568	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594440	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594328	Jump to behavior

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe

Window / User API: threadDelayed 9843

Jump to behavior

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -5534023222112862s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599888s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6500	Thread sleep count: 9843 > 30	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599775s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599665s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599553s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599426s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599298s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599186s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -599073s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598963s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598851s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598739s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598613s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598486s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598374s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598262s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598150s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -598040s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597929s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597817s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597673s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597561s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597448s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597338s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597226s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597116s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -597006s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596879s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596751s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596639s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596531s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596420s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596308s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596196s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -596084s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595956s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595829s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595701s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595589s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595477s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595366s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595255s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595127s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -595015s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -594904s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -594792s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -594680s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -594568s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -594440s >= -30000s	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe TID: 6436	Thread sleep time: -594328s >= -30000s	Jump to behavior

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599888	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599775	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599665	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599553	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599426	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599298	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599186	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 599073	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598963	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598851	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598739	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598613	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598486	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598374	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598262	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598150	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 598040	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597929	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597817	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597673	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597561	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597448	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597338	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597226	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597116	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 597006	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596879	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596751	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596639	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596531	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596420	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596308	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596196	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 596084	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595956	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595829	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595701	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595589	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595477	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595366	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595255	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595127	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 595015	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594904	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594792	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594680	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594568	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594440	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Thread delayed: delay time: 594328	Jump to behavior

Source: cpcheckme_yt22zMIg.exe, 0000000F.00000002.2351903030.0000022B8ACD2000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: cpcheckme_yt22zMIg.exe PID: 8176, type: MEMORYSTR

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Queries volume information: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	31 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	11 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	32 Virtualization/Sandbox Evasion	Security Account Manager	32 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	14 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	12 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Rundll32	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	2 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 File Deletion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://www.cpcheckme.com	0%	Avira URL Cloud	safe

Dropped Files

Source	Detection	Scanner
C:\Users\user\Downloads\Unconfirmed 6574.crdownload	3%	ReversingLabs
C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe (copy)	3%	ReversingLabs
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\Google.Widevine.CDM.dll	0%	ReversingLabs
Chrome Cache Entry: 176	3%	ReversingLabs

Source	Detection	Scanner	Label
https://stats.g.doubleclick.net/g/collect	0%	URL Reputation	safe
https://developers.google.com/recaptcha/docs/faq#localhost_support	0%	URL Reputation	safe
http://schemas.datacontract.org	0%	URL Reputation	safe
https://ampcid.google.com/v1/publisher:getClientId	0%	URL Reputation	safe
https://support.google.com/recaptcha/#6175971	0%	URL Reputation	safe
https://stats.g.doubleclick.net/j/collect	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://support.google.com/recaptcha	0%	URL Reputation	safe
http://api.jqueryui.com/category/ui-core/	0%	URL Reputation	safe
https://www.apache.org/licenses/	0%	URL Reputation	safe
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que	0%	URL Reputation	safe
https://wieistmeineip.de	0%	Avira URL Cloud	safe
http://hot-emailer.ru/favicon.ico	0%	Avira URL Cloud	safe
https://easylist.to/)	0%	Avira URL Cloud	safe
https://mercadolivre.com	0%	Avira URL Cloud	safe
https://mercadoshops.com.co	0%	Avira URL Cloud	safe
http://sc1.checkpoint.com/check-me/Report/SVG/browser.svg	0%	Avira URL Cloud	safe
http://www.jewelsyz.com/favicon.ico	0%	Avira URL Cloud	safe
https://gliadomain.com	0%	Avira URL Cloud	safe
https://poalim.xyz	0%	Avira URL Cloud	safe
http://www.cpcheckme.com/checkme/rest/test/getScanTypesDetails?ts=1716391642957	100%	Avira URL Cloud	malware
http://www.cpcheckme.com/checkme/rest/test/getScanStatus?ts=1716391676043&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2	100%	Avira URL Cloud	malware
https://unotv.com	0%	Avira URL Cloud	safe
http://www.cpcheckme.com/checkme/rest/test/getExcludedEmails?ts=1716391642959	100%	Avira URL Cloud	malware
https://reshim.org	0%	Avira URL Cloud	safe
about:blank	0%	Avira URL Cloud	safe
https://nourishingpursuits.com	0%	Avira URL Cloud	safe
https://mercadoshops.com.br	0%	Avira URL Cloud	safe
https://medonet.pl	0%	Avira URL Cloud	safe
https://joyreactor.cc	0%	Avira URL Cloud	safe
http://sc1.checkpoint.com/check-me/Report/SVG/Zero_Day.svg	0%	Avira URL Cloud	safe
https://zdrowietvn.pl	0%	Avira URL Cloud	safe
https://baomoi.com	0%	Avira URL Cloud	safe
https://elfinancierocr.com	0%	Avira URL Cloud	safe
http://www.cpcheckme.com/checkme/rest/endpoint/p	100%	Avira URL Cloud	malware
https://songstats.com	0%	Avira URL Cloud	safe
https://www.google.com/chrome/	0%	Avira URL Cloud	safe
https://rws1nvtvt.com	0%	Avira URL Cloud	safe
https://supereva.it	0%	Avira URL Cloud	safe
https://bolasport.com	0%	Avira URL Cloud	safe
https://s3.us-east-2.amazonaws.com/cpcheckmefiles/files/antex_test_x86.enc	0%	Avira URL Cloud	safe
https://desimartini.com	0%	Avira URL Cloud	safe
https://hearty.app	0%	Avira URL Cloud	safe
https://hearty.gift	0%	Avira URL Cloud	safe
https://www.gstatic.c..?/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__.	0%	Avira URL Cloud	safe
http://files.cpcheckme.com/e.zip	0%	Avira URL Cloud	safe
https://mercadoshops.com	0%	Avira URL Cloud	safe
https://finn.no	0%	Avira URL Cloud	safe
https://heartymail.com	0%	Avira URL Cloud	safe
https://radio2.be	0%	Avira URL Cloud	safe
https://kompas.tv	0%	Avira URL Cloud	safe
https://hc1.com	0%	Avira URL Cloud	safe
https://mercadopago.com.mx	0%	Avira URL Cloud	safe
https://songshare.com	0%	Avira URL Cloud	safe
https://mystudentdashboard.com	0%	Avira URL Cloud	safe
http://files.cpcheckme.com/getcfg.php?SERVICES=DEVICE.LOG&x=y&AUTHORIZED_GROUP=1	0%	Avira URL Cloud	safe
http://sc1.checkpoint.com/check-me/SVG/Endpoint_Icon.svg	0%	Avira URL Cloud	safe
https://talkdeskqaid.com	0%	Avira URL Cloud	safe
https://mercadopago.com.pe	0%	Avira URL Cloud	safe
https://cardsayings.net	0%	Avira URL Cloud	safe
http://www.cpcheckme.com/check/testsAssets/instant_checkup.js?v=0.6652561465103368	0%	Avira URL Cloud	safe
http://files.cpcheckme.com/1.asp?FileName=a.pdf&AppID=2&MainID=9&SecID=9&MinID=2	0%	Avira URL Cloud	safe
https://mightytext.net	0%	Avira URL Cloud	safe
https://pudelek.pl	0%	Avira URL Cloud	safe
http://www.cpcheckme.com/checkme/rest/endpoint/start	100%	Avira URL Cloud	malware
https://joyreactor.com	0%	Avira URL Cloud	safe
https://cookreactor.com	0%	Avira URL Cloud	safe
https://eworkbookcloud.com	0%	Avira URL Cloud	safe
http://proxy.my-addr.com/favicon.ico	0%	Avira URL Cloud	safe
https://mercadopago.cl	0%	Avira URL Cloud	safe
https://carcostadvisor.be	0%	Avira URL Cloud	safe
https://nacion.com	0%	Avira URL Cloud	safe
https://chennien.com	0%	Avira URL Cloud	safe
https://talkdeskstgid.com	0%	Avira URL Cloud	safe
https://wildixin.com	0%	Avira URL Cloud	safe
https://bonvivir.com	0%	Avira URL Cloud	safe
https://salemovetravel.com	0%	Avira URL Cloud	safe
http://www.cpcheckme.com/checkme/vendor.16be15e20a43eba17559.js	100%	Avira URL Cloud	malware
https://wpext.pl	0%	Avira URL Cloud	safe
https://files.cpcheckme.com/check/testsAssets/post.html	0%	Avira URL Cloud	safe
https://welt.de	0%	Avira URL Cloud	safe
https://poalim.site	0%	Avira URL Cloud	safe
https://cafemedia.com	0%	Avira URL Cloud	safe
https://blackrockadvisorelite.it	0%	Avira URL Cloud	safe
http://files.cpcheckme.com/blockchain.txt	0%	Avira URL Cloud	safe
https://mercadoshops.com.ar	0%	Avira URL Cloud	safe
https://elpais.uy	0%	Avira URL Cloud	safe
https://landyrev.com	0%	Avira URL Cloud	safe
https://commentcamarche.com	0%	Avira URL Cloud	safe
http://www.cpcheckme.com/checkme/assets/libs/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0	100%	Avira URL Cloud	malware
http://sc1.checkpoint.com/check-me/Report/SVG/Persistence_Threat.svg	0%	Avira URL Cloud	safe
https://tucarro.com.ve	0%	Avira URL Cloud	safe
https://rws3nvtvt.com	0%	Avira URL Cloud	safe
https://mercadolivre.com.br	0%	Avira URL Cloud	safe
http://www.cpcheckme.com/checkme/rest/endpoint/starte	100%	Avira URL Cloud	malware
http://www.cpcheckme.com/checkme/rest/test/getAllTests?ts=1716391619429&category=	100%	Avira URL Cloud	malware
https://eleconomista.net	0%	Avira URL Cloud	safe
http://www.cpcheckme.com/checkme/rest/test/getScanStatus?ts=1716391670793&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
d4epvaz4tpdrm.cloudfront.net	18.66.147.95	true	false	unknown
cdnjs.cloudflare.com	104.17.25.14	true	false	unknown
dualstack.elb-ireland1-1194672184.eu-west-1.elb.amazonaws.com	52.49.232.14	true	false	unknown
www.google.com	172.217.18.4	true	false	unknown
cpcheckmefiles-lb-1966426125.eu-west-1.elb.amazonaws.com	52.213.222.12	true	false	unknown
sc1.checkpoint.com	unknown	unknown	false	unknown
www.cpcheckme.com	unknown	unknown	false	unknown
www.checkpoint.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.cpcheckme.com/checkme/rest/test/getScanTypesDetails?ts=1716391642957	false	Avira URL Cloud: malware	unknown
http://www.cpcheckme.com/checkme/rest/test/getScanStatus?ts=1716391676043&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2	false	Avira URL Cloud: malware	unknown
http://www.cpcheckme.com/checkme/rest/test/getExcludedEmails?ts=1716391642959	false	Avira URL Cloud: malware	unknown
about:blank	false	Avira URL Cloud: safe	unknown
http://www.cpcheckme.com/check/testsAssets/instant_checkup.js?v=0.6652561465103368	false	Avira URL Cloud: safe	unknown
http://www.cpcheckme.com/checkme/rest/endpoint/start	false	Avira URL Cloud: malware	unknown
http://www.cpcheckme.com/checkme/vendor.16be15e20a43eba17559.js	false	Avira URL Cloud: malware	unknown
https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb	false		unknown
http://www.cpcheckme.com/checkme/assets/libs/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0	false	Avira URL Cloud: malware	unknown
http://www.cpcheckme.com/checkme/rest/test/getAllTests?ts=1716391619429&category=	false	Avira URL Cloud: malware	unknown
http://www.cpcheckme.com/checkme/rest/test/getScanStatus?ts=1716391670793&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2	false	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://stats.g.doubleclick.net/g/collect	chromecache_200.1.dr, chromecache_190.1.dr	false	URL Reputation: safe	unknown
http://www.jewelsyz.com/favicon.ico	chromecache_172.1.dr, chromecache_170.1.dr	false	Avira URL Cloud: safe	unknown
https://developers.google.com/recaptcha/docs/faq#localhost_support	chromecache_162.1.dr, chromecache_140.1.dr	false	URL Reputation: safe	unknown
https://wieistmeineip.de	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
http://schemas.datacontract.org	cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CA23000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CAE4000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://mercadoshops.com.co	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://gliadomain.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://poalim.xyz	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadolivre.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
http://hot-emailer.ru/favicon.ico	chromecache_172.1.dr, chromecache_170.1.dr	false	Avira URL Cloud: safe	unknown
http://sc1.checkpoint.com/check-me/Report/SVG/browser.svg	chromecache_132.1.dr	false	Avira URL Cloud: safe	unknown
https://easylist.to/)	LICENSE.txt.0.dr	false	Avira URL Cloud: safe	unknown
https://reshim.org	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://ampcid.google.com/v1/publisher:getClientId	chromecache_144.1.dr	false	URL Reputation: safe	unknown
https://nourishingpursuits.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
http://sc1.checkpoint.com/check-me/Report/SVG/Zero_Day.svg	chromecache_180.1.dr, chromecache_175.1.dr, chromecache_130.1.dr, chromecache_132.1.dr	false	Avira URL Cloud: safe	unknown
https://medonet.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://unotv.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadoshops.com.br	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://joyreactor.cc	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://zdrowietvn.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com/chrome/	chromecache_177.1.dr	false	Avira URL Cloud: safe	unknown
https://songstats.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://baomoi.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://supereva.it	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://elfinancierocr.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
http://www.cpcheckme.com/checkme/rest/endpoint/p	cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCA5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBB5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB93000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCEB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCD9000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD63000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB25000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB43000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD1D000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC2B000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB5F000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC4D000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CAE4000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBD7000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD85000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD0D000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD73000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD51000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCFB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC13000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD41000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://bolasport.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://rws1nvtvt.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://s3.us-east-2.amazonaws.com/cpcheckmefiles/files/antex_test_x86.enc	cpcheckme_yt22zMIg.exe, 0000000F.00000000.1706589859.0000022B8AA42000.00000002.00000001.01000000.00000006.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8C861000.00000004.00000800.00020000.00000000.sdmp, Unconfirmed 6574.crdownload.0.dr, chromecache_176.1.dr	false	Avira URL Cloud: safe	unknown
http://www.cpcheckme.com	cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD01000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCA5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB53000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBCD000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBB5000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD57000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD35000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC75000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC53000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CB93000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD47000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCEB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CABB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCF1000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCD9000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD13000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CC43000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CBF6000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCCD000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CCAB000.00000004.00000800.00020000.00000000.sdmp, cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CD63000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://desimartini.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://hearty.app	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://support.google.com/recaptcha/#6175971	chromecache_162.1.dr, chromecache_140.1.dr	false	URL Reputation: safe	unknown
https://www.gstatic.c..?/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__.	chromecache_162.1.dr, chromecache_140.1.dr	false	Avira URL Cloud: safe	unknown
https://hearty.gift	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadoshops.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://heartymail.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
http://files.cpcheckme.com/e.zip	chromecache_172.1.dr, chromecache_170.1.dr	false	Avira URL Cloud: safe	unknown
https://stats.g.doubleclick.net/j/collect	chromecache_144.1.dr	false	URL Reputation: safe	unknown
https://radio2.be	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://finn.no	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://hc1.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	cpcheckme_yt22zMIg.exe, 0000000F.00000002.2353061829.0000022B8CABB000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://kompas.tv	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mystudentdashboard.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://songshare.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://support.google.com/recaptcha	chromecache_140.1.dr	false	URL Reputation: safe	unknown
https://mercadopago.com.mx	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
http://files.cpcheckme.com/getcfg.php?SERVICES=DEVICE.LOG&x=y&AUTHORIZED_GROUP=1	chromecache_172.1.dr, chromecache_170.1.dr	false	Avira URL Cloud: safe	unknown
http://sc1.checkpoint.com/check-me/SVG/Endpoint_Icon.svg	chromecache_136.1.dr, chromecache_193.1.dr, chromecache_151.1.dr, chromecache_183.1.dr	false	Avira URL Cloud: safe	unknown
https://talkdeskqaid.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadopago.com.pe	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://cardsayings.net	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
http://files.cpcheckme.com/1.asp?FileName=a.pdf&AppID=2&MainID=9&SecID=9&MinID=2	chromecache_172.1.dr, chromecache_170.1.dr	false	Avira URL Cloud: safe	unknown
https://mightytext.net	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
http://api.jqueryui.com/category/ui-core/	chromecache_194.1.dr	false	URL Reputation: safe	unknown
https://pudelek.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://joyreactor.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://www.apache.org/licenses/	chromecache_162.1.dr, chromecache_140.1.dr	false	URL Reputation: safe	unknown
https://cookreactor.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://wildixin.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://eworkbookcloud.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://nacion.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://chennien.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
http://proxy.my-addr.com/favicon.ico	chromecache_172.1.dr, chromecache_170.1.dr	false	Avira URL Cloud: safe	unknown
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que	chromecache_162.1.dr, chromecache_140.1.dr	false	URL Reputation: safe	unknown
https://mercadopago.cl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://talkdeskstgid.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://bonvivir.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://carcostadvisor.be	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://salemovetravel.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://wpext.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://welt.de	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://poalim.site	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://blackrockadvisorelite.it	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://files.cpcheckme.com/check/testsAssets/post.html	chromecache_172.1.dr, chromecache_170.1.dr	false	Avira URL Cloud: safe	unknown
https://cafemedia.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
http://files.cpcheckme.com/blockchain.txt	chromecache_172.1.dr, chromecache_170.1.dr	false	Avira URL Cloud: safe	unknown
https://mercadoshops.com.ar	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://elpais.uy	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://landyrev.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
http://sc1.checkpoint.com/check-me/Report/SVG/Persistence_Threat.svg	chromecache_180.1.dr, chromecache_175.1.dr, chromecache_130.1.dr, chromecache_132.1.dr	false	Avira URL Cloud: safe	unknown
https://commentcamarche.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://tucarro.com.ve	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://rws3nvtvt.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
http://www.cpcheckme.com/checkme/rest/endpoint/starte	cpcheckme_yt22zMIg.exe, 0000000F.00000002.2361345704.0000022BA506F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://eleconomista.net	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadolivre.com.br	sets.json.0.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	unknown	United States	15169	GOOGLEUS	false
216.58.212.164	unknown	United States	15169	GOOGLEUS	false
52.213.172.255	unknown	United States	16509	AMAZON-02US	false
34.251.116.243	unknown	United States	16509	AMAZON-02US	false
52.49.232.14	dualstack.elb-ireland1-1194672184.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
18.66.147.106	unknown	United States	3	MIT-GATEWAYSUS	false
18.66.147.95	d4epvaz4tpdrm.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.17
192.168.2.16
192.168.2.18

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1445862
Start date and time:	2024-05-22 17:25:58 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://www.cpcheckme.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.troj.evad.win@25/158@32/13
EGA Information:	Failed
HCA Information:	Successful, ratio: 98% Number of executed functions: 84 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.163, 142.250.185.110, 74.125.133.84, 34.104.35.123, 172.217.18.104, 142.250.185.142, 142.250.181.227, 2.16.185.199, 104.73.232.210, 95.100.56.228, 216.239.36.178, 216.239.38.178, 216.239.34.178, 216.239.32.178, 216.58.212.162, 93.184.221.240, 172.217.18.106, 142.250.184.202, 142.250.186.138, 142.250.186.170, 172.217.16.202, 142.250.186.106, 142.250.185.74, 172.217.23.106, 172.217.16.138, 142.250.185.106, 172.217.18.10, 142.250.74.202, 216.58.206.74, 142.250.185.138, 142.250.186.74, 142.250.186.42, 142.250.184.227, 142.250.184.195, 142.250.185.227, 142.250.185.99, 142.250.184.206
Excluded domains from analysis (whitelisted): clients1.google.com, e17340.f.akamaiedge.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, new-sc1.checkpoint.com.edgekey.net.edgekey.net, www-alv.google-analytics.com, ctldl.windowsupdate.com, clientservices.googleapis.com, pagead2.googlesyndication.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, www.googletagmanager.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, www.google-analytics.com
Execution Graph export aborted for target cpcheckme_yt22zMIg.exe, PID 8176 because it is empty
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: http://www.cpcheckme.com

Simulations

Behavior and APIs

Time	Type	Description
11:27:58	API Interceptor	18772x Sleep call for process: cpcheckme_yt22zMIg.exe modified

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 14:26:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.982624624916234
Encrypted:	false
SSDEEP:	48:8md5QTZ00bkHcidAKZdA1FehwiZUklqehr1ny+3:8yQ9BbbS5y
MD5:	365F4FE88A0AFC8FBA4426551DC63F1E
SHA1:	DB704F496C8723E57D402D63F0ED749AB797C6C1
SHA-256:	AF04CF078B198BC827DA831452B1BE528893AB151E146A5EC8D76C72550D4D9B
SHA-512:	326E8BFFEB9EE2D0C979515D5C31CC0F377990BD5B4642638EC17229FB876787D49D431F98606B1CDE6A02E5E09AB0AEA44C371C2DEE2BDA50B10B83AE2EA5CD
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....Q\.}\...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XU{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X\{....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X\{....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X\{..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X`{...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............]......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Source: http://www.cpcheckme.com/checkme/rest/test/getScanTypesDetails?ts=1716391642957	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/test/getScanStatus?ts=1716391676043&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/test/getExcludedEmails?ts=1716391642959	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/endpoint/p	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/endpoint/start	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/vendor.16be15e20a43eba17559.js	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/assets/libs/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/endpoint/starte	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/test/getAllTests?ts=1716391619429&category=	Avira URL Cloud: Label: malware
Source: http://www.cpcheckme.com/checkme/rest/test/getScanStatus?ts=1716391670793&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2	Avira URL Cloud: Label: malware

Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=11wz3iwh9xgn	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=8k85QBI-qzxmenDv318AZH30&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=l5a3zuoxr6a	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewKIgUAAAAANzf9kcgi8Orr1VGgBzWRk3dOMOb&co=aHR0cDovL3d3dy5jcGNoZWNrbWUuY29tOjgw&hl=en&type=image&v=8k85QBI-qzxmenDv318AZH30&theme=light&size=invisible&badge=bottomright&cb=l5a3zuoxr6a	HTTP Parser: No favicon

Source: Yara match	File source: 15.0.cpcheckme_yt22zMIg.exe.22b8aa40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\Downloads\Unconfirmed 6574.crdownload, type: DROPPED
Source: Yara match	File source: dropped/chromecache_176, type: DROPPED

Source: global traffic	TCP traffic: 192.168.2.16:62127 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:62339 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56727 -> 1.1.1.1:53

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 22, 2024 17:26:57.566643953 CEST	53	52459	1.1.1.1	192.168.2.16
May 22, 2024 17:26:57.607436895 CEST	65068	53	192.168.2.16	1.1.1.1
May 22, 2024 17:26:57.607522964 CEST	53934	53	192.168.2.16	1.1.1.1
May 22, 2024 17:26:57.649322987 CEST	53	54575	1.1.1.1	192.168.2.16
May 22, 2024 17:26:57.714221954 CEST	53	65068	1.1.1.1	192.168.2.16
May 22, 2024 17:26:57.716526985 CEST	53	53934	1.1.1.1	192.168.2.16
May 22, 2024 17:26:58.579056978 CEST	50244	53	192.168.2.16	1.1.1.1
May 22, 2024 17:26:58.579345942 CEST	59833	53	192.168.2.16	1.1.1.1
May 22, 2024 17:26:58.579922915 CEST	65475	53	192.168.2.16	1.1.1.1
May 22, 2024 17:26:58.580101013 CEST	64973	53	192.168.2.16	1.1.1.1
May 22, 2024 17:26:58.587925911 CEST	53	65475	1.1.1.1	192.168.2.16
May 22, 2024 17:26:58.587940931 CEST	53	59833	1.1.1.1	192.168.2.16
May 22, 2024 17:26:58.588676929 CEST	53	50244	1.1.1.1	192.168.2.16
May 22, 2024 17:26:58.589442015 CEST	53	64973	1.1.1.1	192.168.2.16
May 22, 2024 17:26:58.801110983 CEST	53	65418	1.1.1.1	192.168.2.16
May 22, 2024 17:26:59.465327978 CEST	53	58888	1.1.1.1	192.168.2.16
May 22, 2024 17:26:59.465346098 CEST	53	52420	1.1.1.1	192.168.2.16
May 22, 2024 17:26:59.637094975 CEST	53	62107	1.1.1.1	192.168.2.16
May 22, 2024 17:26:59.871167898 CEST	54134	53	192.168.2.16	1.1.1.1
May 22, 2024 17:26:59.871345043 CEST	65127	53	192.168.2.16	1.1.1.1
May 22, 2024 17:26:59.881381989 CEST	56757	53	192.168.2.16	1.1.1.1
May 22, 2024 17:26:59.881653070 CEST	56795	53	192.168.2.16	1.1.1.1
May 22, 2024 17:26:59.891844034 CEST	53	56757	1.1.1.1	192.168.2.16
May 22, 2024 17:26:59.919545889 CEST	53	56795	1.1.1.1	192.168.2.16
May 22, 2024 17:27:00.068361044 CEST	60534	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:00.068361044 CEST	53380	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:00.089426041 CEST	62464	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:00.089426041 CEST	57056	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:00.262556076 CEST	53	53380	1.1.1.1	192.168.2.16
May 22, 2024 17:27:00.327280998 CEST	53	60534	1.1.1.1	192.168.2.16
May 22, 2024 17:27:00.993355036 CEST	49413	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:00.993912935 CEST	57387	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:01.022021055 CEST	60977	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:01.022094011 CEST	52187	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:01.439125061 CEST	60784	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:01.439294100 CEST	59013	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:01.458389044 CEST	53	60784	1.1.1.1	192.168.2.16
May 22, 2024 17:27:01.478260040 CEST	53	59013	1.1.1.1	192.168.2.16
May 22, 2024 17:27:02.212110043 CEST	54183	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:02.214353085 CEST	51544	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:02.227475882 CEST	53	54183	1.1.1.1	192.168.2.16
May 22, 2024 17:27:02.232338905 CEST	53	51544	1.1.1.1	192.168.2.16
May 22, 2024 17:27:15.836541891 CEST	53	59821	1.1.1.1	192.168.2.16
May 22, 2024 17:27:23.798469067 CEST	58652	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:23.800107956 CEST	58633	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:23.816194057 CEST	53	58633	1.1.1.1	192.168.2.16
May 22, 2024 17:27:23.816205978 CEST	53	58652	1.1.1.1	192.168.2.16
May 22, 2024 17:27:23.942459106 CEST	53	56188	1.1.1.1	192.168.2.16
May 22, 2024 17:27:24.835484982 CEST	53	64117	1.1.1.1	192.168.2.16
May 22, 2024 17:27:26.470422983 CEST	53	63288	1.1.1.1	192.168.2.16
May 22, 2024 17:27:27.371671915 CEST	53	56971	1.1.1.1	192.168.2.16
May 22, 2024 17:27:33.465327978 CEST	58873	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:33.465547085 CEST	58370	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:33.485589981 CEST	53	58370	1.1.1.1	192.168.2.16
May 22, 2024 17:27:33.488403082 CEST	53	58873	1.1.1.1	192.168.2.16
May 22, 2024 17:27:34.811383963 CEST	53	54094	1.1.1.1	192.168.2.16
May 22, 2024 17:27:40.840734005 CEST	51805	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:40.840972900 CEST	53547	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:40.878243923 CEST	53	51805	1.1.1.1	192.168.2.16
May 22, 2024 17:27:40.911281109 CEST	53	53547	1.1.1.1	192.168.2.16
May 22, 2024 17:27:40.931080103 CEST	63453	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:40.931536913 CEST	62615	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:40.979176044 CEST	53	62615	1.1.1.1	192.168.2.16
May 22, 2024 17:27:41.031285048 CEST	53	63453	1.1.1.1	192.168.2.16
May 22, 2024 17:27:57.213470936 CEST	55452	53	192.168.2.16	1.1.1.1
May 22, 2024 17:27:57.242538929 CEST	53	55452	1.1.1.1	192.168.2.16
May 22, 2024 17:27:57.586550951 CEST	53	50868	1.1.1.1	192.168.2.16
May 22, 2024 17:27:57.876028061 CEST	53	65129	1.1.1.1	192.168.2.16
May 22, 2024 17:27:59.715816021 CEST	53	62545	1.1.1.1	192.168.2.16
May 22, 2024 17:28:08.197740078 CEST	138	138	192.168.2.16	192.168.2.255
May 22, 2024 17:28:14.972748995 CEST	53	61010	1.1.1.1	192.168.2.16
May 22, 2024 17:28:28.473589897 CEST	53	59714	1.1.1.1	192.168.2.16
May 22, 2024 17:28:44.453732967 CEST	53	61406	1.1.1.1	192.168.2.16
May 22, 2024 17:28:57.454397917 CEST	61408	53	192.168.2.16	1.1.1.1
May 22, 2024 17:28:57.512703896 CEST	53	61408	1.1.1.1	192.168.2.16

Timestamp	Source IP	Dest IP	Checksum	Code	Type
May 22, 2024 17:26:59.919713020 CEST	192.168.2.16	1.1.1.1	c26c	(Port unreachable)	Destination Unreachable
May 22, 2024 17:27:01.044996023 CEST	192.168.2.16	1.1.1.1	c28c	(Port unreachable)	Destination Unreachable
May 22, 2024 17:27:23.942626953 CEST	192.168.2.16	1.1.1.1	c23a	(Port unreachable)	Destination Unreachable
May 22, 2024 17:27:40.911360979 CEST	192.168.2.16	1.1.1.1	c26c	(Port unreachable)	Destination Unreachable
May 22, 2024 17:27:57.586699963 CEST	192.168.2.16	1.1.1.1	c230	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:26:58.580864906 CEST	493	OUT	GET /checkme/vendor.16be15e20a43eba17559.js HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.cpcheckme.com/checkme/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: AWSALB=20Ns1cykc2joaI0uxHJEMYgvGGHUue2tmpaEEXhEwxhv4HNw4ZZKMPAXVTAz9RSIPkfkOMp6Jt2LO8GXwX6ZGNx80WapsoBvhtPVs185fTTCt9rjgfcmGdeqPTBh
May 22, 2024 17:26:58.763725996 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:26:58 GMT Content-Type: application/javascript Content-Length: 1050369 Connection: keep-alive Set-Cookie: AWSALB=bsduMZTomvYSFgNx2wR5xW+6b2VDaeR0hqECoc9U1JO75fYazRzpSpARtz8sAODtnVU3RmQyTzFblof/N5wH5LrI2mWHMybo+IrGR3MI93Mh9syoIRR9XWLxQ6Xs; Expires=Wed, 29 May 2024 15:26:58 GMT; Path=/ Set-Cookie: AWSALBCORS=bsduMZTomvYSFgNx2wR5xW+6b2VDaeR0hqECoc9U1JO75fYazRzpSpARtz8sAODtnVU3RmQyTzFblof/N5wH5LrI2mWHMybo+IrGR3MI93Mh9syoIRR9XWLxQ6Xs; Expires=Wed, 29 May 2024 15:26:58 GMT; Path=/; SameSite=None Server: Apache Accept-Ranges: bytes ETag: W/"1050369-1684859588000" Last-Modified: Tue, 23 May 2023 16:33:08 GMT Access-Control-Allow-Origin: * Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 6e 29 7b 69 66 28 72 5b 6e 5d 29 72 65 74 75 72 6e 20 72 5b 6e 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 6f 3d 72 5b 6e 5d 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 2c 69 64 3a 6e 2c 6c 6f 61 64 65 64 3a 21 31 7d 3b 72 65 74 75 72 6e 20 74 5b 6e 5d 2e 63 61 6c 6c 28 6f 2e 65 78 70 6f 72 74 73 2c 6f 2c 6f 2e 65 78 70 6f 72 74 73 2c 65 29 2c 6f 2e 6c 6f 61 64 65 64 3d 21 30 2c 6f 2e 65 78 70 6f 72 74 73 7d 76 61 72 20 6e 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3b 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 66 75 6e 63 74 69 6f 6e 28 69 2c 75 29 7b 66 6f 72 28 76 61 72 20 61 2c 73 2c 63 3d 30 2c 6c 3d 5b 5d 3b 63 3c 69 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 73 3d 69 5b 63 5d 2c 6f 5b 73 5d 26 26 6c 2e 70 75 73 68 2e 61 70 70 6c 79 28 6c 2c 6f 5b 73 5d 29 2c 6f 5b 73 5d 3d 30 3b 66 6f 72 28 61 20 69 6e 20 75 29 74 5b 61 5d 3d 75 5b 61 5d 3b 66 6f 72 28 6e 26 26 6e 28 69 2c 75 29 3b 6c 2e 6c 65 6e 67 74 68 [TRUNCATED] Data Ascii: !function(t){function e(n){if(r[n])return r[n].exports;var o=r[n]={exports:{},id:n,loaded:!1};return t[n].call(o.exports,o,o.exports,e),o.loaded=!0,o.exports}var n=window.webpackJsonp;window.webpackJsonp=function(i,u){for(var a,s,c=0,l=[];c<i.length;c++)s=i[c],o[s]&&l.push.apply(l,o[s]),o[s]=0;for(a in u)t[a]=u[a];for(n&&n(i,u);l.length;)l.shift().call(null,e);if(u[0])return r[0]=0,e(0)};var r={},o={0:0};return e.e=function(t,n){if(0===o[t])return n.call(null,e);if(void 0!==o[t])o[t].push(n);else{o[t]=[n];var r=document.getElementsByTa
May 22, 2024 17:26:58.763884068 CEST	1236	IN	Data Raw: 67 4e 61 6d 65 28 22 68 65 61 64 22 29 5b 30 5d 2c 69 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 69 2e 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 2c 69 2e 63 68 61 Data Ascii: gName("head")[0],i=document.createElement("script");i.type="text/javascript",i.charset="utf-8",i.async=!0,i.src=e.p+""+t+".bundle.16be15e20a43eba17559.js",r.appendChild(i)}},e.m=t,e.c=r,e.p="/checkme",e(0)}([function(t,e,n){n(287),n(543),n(327
May 22, 2024 17:26:58.764137983 CEST	1236	IN	Data Raw: 21 30 7d 29 2c 65 5b 22 64 65 66 61 75 6c 74 22 5d 3d 6e 2c 74 2e 65 78 70 6f 72 74 73 3d 65 5b 22 64 65 66 61 75 6c 74 22 5d 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 74 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 72 Data Ascii: !0}),e["default"]=n,t.exports=e["default"]},function(t,e){t.exports=function(t){try{return!!t()}catch(e){return!0}}},function(t,e){t.exports="object"==typeof window&&window&&window.Math==Math?window:"object"==typeof self&&self&&self.Math==Math
May 22, 2024 17:26:58.764153957 CEST	1236	IN	Data Raw: 65 2c 6d 3d 69 2e 49 6e 74 38 41 72 72 61 79 2c 62 3d 6d 26 26 6d 2e 70 72 6f 74 6f 74 79 70 65 2c 78 3d 69 2e 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 2c 45 3d 78 26 26 78 2e 70 72 6f 74 6f 74 79 70 65 2c 43 3d 6d 26 26 70 28 6d 29 2c Data Ascii: e,m=i.Int8Array,b=m&&m.prototype,x=i.Uint8ClampedArray,E=x&&x.prototype,C=m&&p(m),A=b&&p(b),w=Object.prototype,_=w.isPrototypeOf,S=!(!i.ArrayBuffer\|\|!i.DataView),k=S&&!!d,P=!1,O={Int8Array:1,Uint8Array:1,Uint8ClampedArray:1,Int16Array:2,Uint16
May 22, 2024 17:26:58.764514923 CEST	1236	IN	Data Raw: 3d 3d 41 26 26 64 28 45 2c 41 29 2c 6f 26 26 21 61 28 41 2c 68 29 29 7b 50 3d 21 30 2c 66 28 41 2c 68 2c 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 75 28 74 68 69 73 29 3f 74 68 69 73 5b 76 5d 3a 76 6f 69 64 20 30 7d 7d Data Ascii: ==A&&d(E,A),o&&!a(A,h)){P=!0,f(A,h,{get:function(){return u(this)?this[v]:void 0}});for(r in O)i[r]&&c(i[r],v,r)}S&&d&&p(y)!==w&&d(y,w),t.exports={NATIVE_ARRAY_BUFFER:S,NATIVE_ARRAY_BUFFER_VIEWS:k,TYPED_ARRAY_TAG:P&&v,aTypedArray:F,aTypedArray
May 22, 2024 17:26:58.764530897 CEST	1120	IN	Data Raw: 61 74 63 68 28 72 29 7b 7d 69 66 28 22 67 65 74 22 69 6e 20 6e 7c 7c 22 73 65 74 22 69 6e 20 6e 29 74 68 72 6f 77 20 54 79 70 65 45 72 72 6f 72 28 22 41 63 63 65 73 73 6f 72 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 22 29 3b 72 65 74 75 72 6e Data Ascii: atch(r){}if("get"in n\|\|"set"in n)throw TypeError("Accessors not supported");return"value"in n&&(t[e]=n.value),t}},function(t,e){/object-assign(c) Sindre Sorhus@license MIT/"use strict";function n(t){if(null===t\|\|void 0===t)throw new
May 22, 2024 17:26:58.764545918 CEST	892	IN	Data Raw: 74 75 72 6e 20 73 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3d 6e 28 34 39 29 3b 74 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 28 72 28 74 29 29 7d 7d 2c 66 Data Ascii: turn s}},function(t,e,n){var r=n(49);t.exports=function(t){return Object(r(t))}},function(t,e,n){var r=n(18);t.exports=function(t,e,n){if(r(t),void 0===e)return t;switch(n){case 0:return function(){return t.call(e)};case 1:return function(n){r
May 22, 2024 17:26:58.766074896 CEST	1236	IN	Data Raw: 41 74 74 72 69 62 75 74 65 28 68 29 3d 3d 3d 53 74 72 69 6e 67 28 65 29 7c 7c 38 3d 3d 3d 74 2e 6e 6f 64 65 54 79 70 65 26 26 74 2e 6e 6f 64 65 56 61 6c 75 65 3d 3d 3d 22 20 72 65 61 63 74 2d 74 65 78 74 3a 20 22 2b 65 2b 22 20 22 7c 7c 38 3d 3d Data Ascii: Attribute(h)===String(e)\|\|8===t.nodeType&&t.nodeValue===" react-text: "+e+" "\|\|8===t.nodeType&&t.nodeValue===" react-empty: "+e+" "}function o(t){for(var e;e=t._renderedComponent;)t=e;return t}function i(t,e){var n=o(t);n._hostNode=e,e[g]=n}fu
May 22, 2024 17:26:58.766092062 CEST	1236	IN	Data Raw: 6f 6d 49 6e 73 74 61 6e 63 65 3a 6c 2c 70 72 65 63 61 63 68 65 43 68 69 6c 64 4e 6f 64 65 73 3a 61 2c 70 72 65 63 61 63 68 65 4e 6f 64 65 3a 69 2c 75 6e 63 61 63 68 65 4e 6f 64 65 3a 75 7d 3b 74 2e 65 78 70 6f 72 74 73 3d 79 7d 2c 66 75 6e 63 74 Data Ascii: omInstance:l,precacheChildNodes:a,precacheNode:i,uncacheNode:u};t.exports=y},function(t,e){var n=t.exports={version:"2.6.12"};"number"==typeof __e&&(__e=n)},function(t,e){var n={}.hasOwnProperty;t.exports=function(t,e){return n.call(t,e)}},fun
May 22, 2024 17:26:58.766422033 CEST	1236	IN	Data Raw: 65 20 33 3a 72 65 74 75 72 6e 21 30 3b 63 61 73 65 20 35 3a 72 65 74 75 72 6e 20 76 3b 63 61 73 65 20 36 3a 72 65 74 75 72 6e 20 45 3b 63 61 73 65 20 32 3a 43 2e 70 75 73 68 28 76 29 7d 65 6c 73 65 20 69 66 28 6c 29 72 65 74 75 72 6e 21 31 3b 72 Data Ascii: e 3:return!0;case 5:return v;case 6:return E;case 2:C.push(v)}else if(l)return!1;return f?-1:c\|\|l?l:C}}},function(t,e,n){var r=n(104),o=n(34),i=n(371),u=n(27).f;t.exports=function(t){var e=r.Symbol\|\|(r.Symbol={});o(e,t)\|\|u(e,t,{value:i.f(t)})}
May 22, 2024 17:26:58.772120953 CEST	1236	IN	Data Raw: 76 61 72 20 73 20 69 6e 20 61 29 6f 2e 63 61 6c 6c 28 61 2c 73 29 26 26 28 6e 5b 73 5d 3d 61 5b 73 5d 29 7d 7d 76 61 72 20 63 3d 7b 7d 3b 66 6f 72 28 76 61 72 20 73 20 69 6e 20 6e 29 63 5b 72 28 73 29 5d 3d 6e 5b 73 5d 3b 72 65 74 75 72 6e 20 63 Data Ascii: var s in a)o.call(a,s)&&(n[s]=a[s])}}var c={};for(var s in n)c[r(s)]=n[s];return c}},function(t,e,n){"use strict";var r=n(935),o=n(933)(),i=0;t.exports=function(t){var e="anim_"+ ++i+ +new Date,n="@"+o+"keyframes "+e+" {";for(var u in t){n+=u+
May 22, 2024 17:26:59.881673098 CEST	541	OUT	GET /checkme/rest/test/getAllTests?ts=1716391619429&category= HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive Accept: application/json, text/plain, / User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Referer: http://www.cpcheckme.com/checkme/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: AWSALB=rNwJ/gw1aCiGSddXo8tle6DTKjzDDrGTr1FsZcdttAgmUPmQlXsIxDRdIMU85JI0wKEYqybpebD1dufFxwO59QWmgjB4zQvAXsHzCTnadZq9W152JyctXaTLr4Or
May 22, 2024 17:27:00.061681986 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:26:59 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: AWSALB=Gd1uru2VcjlY0Je0e4n8PoEib9ijlg60pKhAZhVIahgFZjZa4+48AVW7q6KoX90AeJDkkWwwBcgaoTr8RoVTKs204AJgEPQ+gL0mR1quQXA7PYaVUT1d0tixllPV; Expires=Wed, 29 May 2024 15:26:59 GMT; Path=/ Set-Cookie: AWSALBCORS=Gd1uru2VcjlY0Je0e4n8PoEib9ijlg60pKhAZhVIahgFZjZa4+48AVW7q6KoX90AeJDkkWwwBcgaoTr8RoVTKs204AJgEPQ+gL0mR1quQXA7PYaVUT1d0tixllPV; Expires=Wed, 29 May 2024 15:26:59 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 31 66 66 38 0d 0a 7b 22 74 65 73 74 43 6f 6c 6c 65 63 74 69 6f 6e 22 3a 5b 7b 22 63 6f 6c 6c 65 63 74 69 6f 6e 54 79 70 65 22 3a 22 31 22 2c 22 74 65 73 74 73 43 6f 6c 6c 65 63 74 69 6f 6e 22 3a 5b 7b 22 69 64 22 3a 32 2c 22 6e 61 6d 65 22 3a 22 4d 61 6c 77 61 72 65 20 49 6e 66 65 63 74 69 6f 6e 22 2c 22 69 6d 61 67 65 4e 61 6d 65 22 3a 22 4d 61 6c 77 61 72 65 5f 49 6e 66 65 63 74 69 6f 6e 22 2c 22 69 6d 61 67 65 55 52 4c 22 3a 22 68 74 74 70 3a 2f 2f 73 63 31 2e 63 68 65 63 6b 70 6f 69 6e 74 2e 63 6f 6d 2f 63 68 65 63 6b 2d 6d 65 2f 52 65 70 6f 72 74 2f 53 56 47 2f 4d 61 6c 77 61 72 65 5f 49 6e 66 65 63 74 69 6f 6e 2e 73 76 67 22 2c 22 73 6f 72 74 4f 72 64 65 72 22 3a 31 2c 22 74 65 73 74 73 4c 69 73 74 22 3a 5b 7b 22 70 72 6f 67 72 65 73 73 5f 64 65 73 63 22 3a 22 44 6f 77 6e 6c 6f 61 64 69 6e 67 20 61 6e 20 69 6e 66 65 63 74 65 64 20 66 69 6c 65 20 20 74 68 72 6f 75 67 68 20 48 54 54 50 2e 22 2c 22 73 68 6f 72 74 5f 64 65 73 63 22 3a 22 44 6f 77 6e 6c 6f 61 64 69 6e 67 20 6f 66 20 69 6e 66 65 63 [TRUNCATED] Data Ascii: 1ff8{"testCollection":[{"collectionType":"1","testsCollection":[{"id":2,"name":"Malware Infection","imageName":"Malware_Infection","imageURL":"http://sc1.checkpoint.com/check-me/Report/SVG/Malware_Infection.svg","sortOrder":1,"testsList":[{"progress_desc":"Downloading an infected file through HTTP.","short_desc":"Downloading of infected zipped file through HTTP.","long_desc":"This test simulates downloading of infected zip file (EICAR virus) through your network.","additionalText":"NULL","appendixText":"NULL","result":null,"id":6,"startTime":0,"endTime":0

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:26:58.591218948 CEST	493	OUT	GET /checkme/bundle.16be15e20a43eba17559.js HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.cpcheckme.com/checkme/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: AWSALB=20Ns1cykc2joaI0uxHJEMYgvGGHUue2tmpaEEXhEwxhv4HNw4ZZKMPAXVTAz9RSIPkfkOMp6Jt2LO8GXwX6ZGNx80WapsoBvhtPVs185fTTCt9rjgfcmGdeqPTBh
May 22, 2024 17:26:59.236233950 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:26:59 GMT Content-Type: application/javascript Content-Length: 331039 Connection: keep-alive Set-Cookie: AWSALB=hgou4MgWyuf1NbxB58p0H24yiV8HjvF4TXMdYeCCY4/W+fPDj1b5HkRAWWgeorZvRW/BM00Apj7x+C8RBFRquQVELDEB/a/egyaCG+1E3tzH/Yfp3YLoph15T1jP; Expires=Wed, 29 May 2024 15:26:59 GMT; Path=/ Set-Cookie: AWSALBCORS=hgou4MgWyuf1NbxB58p0H24yiV8HjvF4TXMdYeCCY4/W+fPDj1b5HkRAWWgeorZvRW/BM00Apj7x+C8RBFRquQVELDEB/a/egyaCG+1E3tzH/Yfp3YLoph15T1jP; Expires=Wed, 29 May 2024 15:26:59 GMT; Path=/; SameSite=None Server: Apache Accept-Ranges: bytes ETag: W/"331039-1684859588000" Last-Modified: Tue, 23 May 2023 16:33:08 GMT Access-Control-Allow-Origin: * Data Raw: 77 65 62 70 61 63 6b 4a 73 6f 6e 70 28 5b 31 5d 2c 7b 30 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 72 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 65 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3f 65 3a 7b 22 64 65 66 61 75 6c 74 22 3a 65 7d 7d 66 75 6e 63 74 69 6f 6e 20 61 28 65 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 3d 4f 7c 7c 76 6f 69 64 20 30 3d 3d 3d 4f 5b 65 5d 3f 6f 28 65 29 3a 4f 5b 65 5d 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 65 29 7b 73 77 69 74 63 68 28 65 29 7b 63 61 73 65 22 54 6f 70 22 3a 72 65 74 75 72 6e 20 76 5b 22 64 65 66 61 75 6c 74 22 5d 3b 63 61 73 65 22 50 72 6f 76 69 64 65 72 22 3a 72 65 74 75 72 6e 20 70 2e 50 72 6f 76 69 64 65 72 3b 63 61 73 65 22 73 74 6f 72 65 22 3a 72 65 74 75 72 6e 20 68 5b 22 64 65 66 61 75 6c 74 22 5d 3b 63 61 73 65 22 4d 61 69 6e 22 3a 72 65 74 75 72 6e 20 77 5b 22 64 65 66 61 75 6c 74 22 5d 3b 63 61 73 65 22 42 6f 74 74 6f 6d 22 3a 72 65 74 75 72 6e 20 45 5b 22 64 65 66 61 75 6c [TRUNCATED] Data Ascii: webpackJsonp([1],{0:function(e,t,n){"use strict";function r(e){return e&&e.__esModule?e:{"default":e}}function a(e){return void 0===O\|\|void 0===O[e]?o(e):O[e]}function o(e){switch(e){case"Top":return v["default"];case"Provider":return p.Provider;case"store":return h["default"];case"Main":return w["default"];case"Bottom":return E["default"];case"Link":return g.Link;case"render":return f.render;case"Router":return g.Router;case"browserHistory":return g.browserHistory;case"Route":return g.Route;case"App":return D;case"NotFound":return P}}fu
May 22, 2024 17:26:59.236253977 CEST	1236	IN	Data Raw: 6e 63 74 69 6f 6e 20 5f 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 4f 5b 65 5d 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 69 28 65 29 7b 64 65 6c 65 74 65 20 4f 5b 65 5d 7d 66 75 6e 63 74 69 6f 6e 20 73 28 65 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 29 7b 6e Data Ascii: nction _(e,t){return O[e]=t}function i(e){delete O[e]}function s(e){function t(){n.forEach(function(e){O[e]=r[e]})}var n=(0,d["default"])(e),r={};return function(a){n.forEach(function(t){r[t]=O[t],O[t]=e[t]});var o=a();return o&&"function"==ty
May 22, 2024 17:26:59.236324072 CEST	1236	IN	Data Raw: 74 6f 72 79 3a 61 28 22 62 72 6f 77 73 65 72 48 69 73 74 6f 72 79 22 29 7d 2c 53 5b 22 64 65 66 61 75 6c 74 22 5d 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 41 2c 7b 70 61 74 68 3a 22 2f 63 68 65 63 6b 6d 65 22 2c 63 6f 6d 70 6f 6e 65 6e 74 73 Data Ascii: tory:a("browserHistory")},S["default"].createElement(A,{path:"/checkme",components:a("App")}),S["default"].createElement(I,{path:"/checkme/*",component:a("NotFound")})),document.getElementById("app"));var O={},k={};!function(){function e(e,t){
May 22, 2024 17:26:59.236397982 CEST	1236	IN	Data Raw: 73 74 72 75 63 74 6f 72 3d 3d 3d 69 5b 22 64 65 66 61 75 6c 74 22 5d 26 26 65 21 3d 3d 69 5b 22 64 65 66 61 75 6c 74 22 5d 2e 70 72 6f 74 6f 74 79 70 65 3f 22 73 79 6d 62 6f 6c 22 3a 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 65 Data Ascii: structor===i["default"]&&e!==i["default"].prototype?"symbol":"undefined"==typeof e?"undefined":s(e)}},6:function(e,t,n){e.exports={"default":n(557),__esModule:!0}},12:function(e,t,n){e.exports={"default":n(556),__esModule:!0}},13:function(e,t)
May 22, 2024 17:26:59.236536026 CEST	1236	IN	Data Raw: 61 75 6c 74 22 5d 29 28 65 2c 74 29 3a 65 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 74 29 7d 7d 2c 31 36 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 72 28 65 29 7b 72 65 74 75 72 6e Data Ascii: ault"])(e,t):e.__proto__=t)}},16:function(e,t,n){"use strict";function r(e){return e&&e.__esModule?e:{"default":e}}t.__esModule=!0;var a=n(5),o=r(a);t["default"]=function(e,t){if(!e)throw new ReferenceError("this hasn't been initialised - supe
May 22, 2024 17:26:59.236548901 CEST	1236	IN	Data Raw: 3d 22 72 65 73 74 2f 74 65 73 74 2f 73 74 61 72 74 53 63 61 6e 22 2c 74 2e 55 50 44 41 54 45 5f 53 54 41 54 55 53 3d 22 72 65 73 74 2f 74 65 73 74 2f 75 70 64 61 74 65 53 74 61 74 75 73 65 73 22 2c 74 2e 53 41 56 45 5f 55 53 45 52 5f 44 45 54 41 Data Ascii: ="rest/test/startScan",t.UPDATE_STATUS="rest/test/updateStatuses",t.SAVE_USER_DETAILS_POST="rest/test/saveUserDetails",t.SEND_MAIL="rest/test/sendMail",t.LOG_API_POST="rest/log/clientLog",t.GET_SCAN_TYPES_DETAILS="rest/test/getScanTypesDetails
May 22, 2024 17:26:59.236561060 CEST	1236	IN	Data Raw: 41 4e 5f 54 59 50 45 22 2c 74 2e 53 45 54 5f 53 43 41 4e 5f 50 41 52 41 4d 45 54 45 52 3d 22 53 45 54 5f 53 43 41 4e 5f 50 41 52 41 4d 45 54 45 52 22 2c 74 2e 53 45 54 5f 54 45 53 54 53 5f 44 41 54 41 5f 44 49 53 50 4c 41 59 3d 22 53 45 54 5f 54 Data Ascii: AN_TYPE",t.SET_SCAN_PARAMETER="SET_SCAN_PARAMETER",t.SET_TESTS_DATA_DISPLAY="SET_TESTS_DATA_DISPLAY",t.SET_SCANS_DATA_DISPLAY="SET_SCANS_DATA_DISPLAY",t.SET_TESTS_TO_RUN="SET_TESTS_TO_RUN",t.ADD_COMPLETED_SCAN_TYPE="ADD_COMPLETED_SCAN_TYPE",t.
May 22, 2024 17:26:59.236732006 CEST	1236	IN	Data Raw: 3d 77 5b 65 5d 3f 73 28 65 29 3a 77 5b 65 5d 7d 66 75 6e 63 74 69 6f 6e 20 73 28 65 29 7b 73 77 69 74 63 68 28 65 29 7b 63 61 73 65 22 61 78 69 6f 73 22 3a 72 65 74 75 72 6e 20 79 3b 63 61 73 65 22 61 70 69 54 69 6d 65 6f 75 74 22 3a 72 65 74 75 Data Ascii: =w[e]?s(e):w[e]}function s(e){switch(e){case"axios":return y;case"apiTimeout":return v;case"postData":return b;case"getData":return R;case"getTimeStamp":return o;case"getDataWithTimeout":return E;case"createClientErrorRequest":return _;case"re
May 22, 2024 17:26:59.236745119 CEST	1236	IN	Data Raw: 61 29 3a 6e 28 21 30 29 7d 29 5b 22 63 61 74 63 68 22 5d 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6e 28 65 2e 72 65 73 70 6f 6e 73 65 7c 7c 65 2e 72 65 71 75 65 73 74 3f 21 30 3a 21 31 29 7d 29 7d 2c 62 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e Data Ascii: a):n(!0)})["catch"](function(e){n(e.response\|\|e.request?!0:!1)})},b=function(e,t,n,r,a,o){return i("axios").post(e,t,n).then(function(e){200===e.status?void 0!==a&&a(null==r?e.data:r):void 0!==o&&(null==r?o():o(r,e.status,e.data))})["catch"](f
May 22, 2024 17:26:59.243398905 CEST	1236	IN	Data Raw: 6e 2c 72 29 7b 72 65 74 75 72 6e 20 69 28 22 67 65 74 44 61 74 61 22 29 28 69 28 22 67 65 74 54 69 6d 65 53 74 61 6d 70 22 29 28 65 29 2c 74 2c 6e 2c 72 29 7d 2c 74 2e 67 65 74 43 61 70 74 63 68 61 54 79 70 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 Data Ascii: n,r){return i("getData")(i("getTimeStamp")(e),t,n,r)},t.getCaptchaType=function(e){return i("axios").get(e)},{}),T={};!function(){function e(e,t){(0,f["default"])(T,e,{value:t,enumerable:!1,configurable:!0})}e("__get__",i),e("__GetDependency__
May 22, 2024 17:26:59.248526096 CEST	1236	IN	Data Raw: 20 30 3b 76 61 72 20 75 3d 6e 28 33 29 2c 6c 3d 72 28 75 29 2c 64 3d 6e 28 36 29 2c 66 3d 72 28 64 29 2c 70 3d 6e 28 32 29 2c 6d 3d 72 28 70 29 2c 68 3d 6e 28 35 29 2c 67 3d 72 28 68 29 2c 79 3d 6e 28 32 30 31 29 2c 76 3d 6e 28 35 33 38 29 2c 52 Data Ascii: 0;var u=n(3),l=r(u),d=n(6),f=r(d),p=n(2),m=r(p),h=n(5),g=r(h),y=n(201),v=n(538),R=r(v),E=o("createStore")(o("rootReducer"),{});t["default"]=o("store");var b="undefined"==typeof E?"undefined":(0,g["default"])(E);"object"!==b&&"function"!==b\|\|!
May 22, 2024 17:26:59.874514103 CEST	509	OUT	GET /checkme/rest/test/getScanTypesDetails?ts=1716391619425 HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.cpcheckme.com/checkme/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: AWSALB=rNwJ/gw1aCiGSddXo8tle6DTKjzDDrGTr1FsZcdttAgmUPmQlXsIxDRdIMU85JI0wKEYqybpebD1dufFxwO59QWmgjB4zQvAXsHzCTnadZq9W152JyctXaTLr4Or
May 22, 2024 17:27:00.070921898 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:26:59 GMT Content-Type: application/json Content-Length: 1883 Connection: keep-alive Set-Cookie: AWSALB=fQ1vuCAQ+LX5fP9FFpX4jdqnMkhiJvjU3nvRj5GtmZ1hggHpUKlLmknHsxzKLxUo0skpUvNrqdMIjwyKtJS7T38Vlg2znlGzG4Ypo11dfhg4GJMJ1SR3ctSOwdvL; Expires=Wed, 29 May 2024 15:26:59 GMT; Path=/ Set-Cookie: AWSALBCORS=fQ1vuCAQ+LX5fP9FFpX4jdqnMkhiJvjU3nvRj5GtmZ1hggHpUKlLmknHsxzKLxUo0skpUvNrqdMIjwyKtJS7T38Vlg2znlGzG4Ypo11dfhg4GJMJ1SR3ctSOwdvL; Expires=Wed, 29 May 2024 15:26:59 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 5b 7b 22 69 64 22 3a 31 2c 22 6e 61 6d 65 22 3a 22 4e 65 74 77 6f 72 6b 22 2c 22 69 6d 67 22 3a 22 4e 65 74 77 6f 72 6b 5f 49 63 6f 6e 2e 73 76 67 22 2c 22 69 6d 67 50 61 74 68 22 3a 22 68 74 74 70 3a 2f 2f 73 63 31 2e 63 68 65 63 6b 70 6f 69 6e 74 2e 63 6f 6d 2f 63 68 65 63 6b 2d 6d 65 2f 53 56 47 2f 4e 65 74 77 6f 72 6b 5f 49 63 6f 6e 2e 73 76 67 22 2c 22 63 6f 6d 6d 65 6e 74 22 3a 22 22 2c 22 6d 6f 72 65 49 6e 66 6f 22 3a 22 43 68 65 63 6b 4d 65 20 72 75 6e 73 20 61 20 73 65 72 69 65 73 20 6f 66 20 73 69 6d 75 6c 61 74 69 6f 6e 73 20 6f 6e 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 61 6e 64 20 70 72 65 73 65 6e 74 73 20 79 6f 75 72 20 73 65 63 75 72 69 74 79 20 73 74 61 74 75 73 2e 20 53 74 61 72 74 20 74 68 65 20 61 73 73 65 73 73 6d 65 6e 74 20 74 6f 20 66 69 6e 64 20 79 6f 75 72 20 65 78 70 6f 73 75 72 65 20 74 6f 20 5a 65 72 6f 20 44 61 79 20 61 74 74 61 63 6b 73 2c 20 42 72 6f 77 73 65 72 20 45 78 70 6c 6f 69 74 2c 20 44 61 74 61 20 4c 65 61 6b 61 67 65 20 61 6e 64 20 6d 6f 72 65 2e 22 2c 22 74 [TRUNCATED] Data Ascii: [{"id":1,"name":"Network","img":"Network_Icon.svg","imgPath":"http://sc1.checkpoint.com/check-me/SVG/Network_Icon.svg","comment":"","moreInfo":"CheckMe runs a series of simulations on the network and presents your security status. Start the assessment to find your exposure to Zero Day attacks, Browser Exploit, Data Leakage and more.","title":"NETWORK DETAILS","lead_name":"CheckMe Network","testable":true},{"id":2,"name":"Endpoint","img":"Endpoint_Icon.svg","imgPath":"http://sc1.checkpoint.com/check-me/SVG/Endpoint_Icon.svg","comment":"*Requires downloading & runni
May 22, 2024 17:27:00.089883089 CEST	518	OUT	GET /checkme/rest/utils/getCaptchaType HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive Accept: application/json, text/plain, / User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Referer: http://www.cpcheckme.com/checkme/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: AWSALB=fQ1vuCAQ+LX5fP9FFpX4jdqnMkhiJvjU3nvRj5GtmZ1hggHpUKlLmknHsxzKLxUo0skpUvNrqdMIjwyKtJS7T38Vlg2znlGzG4Ypo11dfhg4GJMJ1SR3ctSOwdvL
May 22, 2024 17:27:00.328676939 CEST	590	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:00 GMT Content-Type: application/json Content-Length: 8 Connection: keep-alive Set-Cookie: AWSALB=O+UvY6TXnA9rmHnE72bgdMFFYpRam+J/trsVh2XJULbxW4Ij5wItM9iFOrFSWTfNnmS5qPz4cgn3K41atTYm6lzHDVpi6unFvi+2XvwUl9hPhO4/G+FkZjtvBfNS; Expires=Wed, 29 May 2024 15:27:00 GMT; Path=/ Set-Cookie: AWSALBCORS=O+UvY6TXnA9rmHnE72bgdMFFYpRam+J/trsVh2XJULbxW4Ij5wItM9iFOrFSWTfNnmS5qPz4cgn3K41atTYm6lzHDVpi6unFvi+2XvwUl9hPhO4/G+FkZjtvBfNS; Expires=Wed, 29 May 2024 15:27:00 GMT; Path=/; SameSite=None Server: Apache Access-Control-Allow-Origin: * Data Raw: 22 47 4f 4f 47 4c 45 22 Data Ascii: "GOOGLE"
May 22, 2024 17:27:23.400511026 CEST	615	OUT	GET /checkme/rest/test/getAllTests?ts=1716391642959&category= HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive Accept: application/json, text/plain, / User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Referer: http://www.cpcheckme.com/checkme/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=OwocWPpZs5cdNA0YDmhebwepfiq1p6/4VMaaW37qnkp+q4fj95+8PSwINOLtf1mdvOf1D7REgn5mVAZr8l+unKdwXyocn3Ycu2jaq+iEhdf37h4/X5lgG5KVoodp
May 22, 2024 17:27:23.589261055 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:23 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: AWSALB=rpr0HGgZy2f2qU8vDNGoQSh6GHnqTarq6xQSJE6AOHCZ09cWRqa779g0z4awQzetbO0uf1i5awVAgmHuuJ3mr/qFt3/s5fm0K/2JNco9Q8wEjLjyLNKYSXTZO+TC; Expires=Wed, 29 May 2024 15:27:23 GMT; Path=/ Set-Cookie: AWSALBCORS=rpr0HGgZy2f2qU8vDNGoQSh6GHnqTarq6xQSJE6AOHCZ09cWRqa779g0z4awQzetbO0uf1i5awVAgmHuuJ3mr/qFt3/s5fm0K/2JNco9Q8wEjLjyLNKYSXTZO+TC; Expires=Wed, 29 May 2024 15:27:23 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 31 66 66 38 0d 0a 7b 22 74 65 73 74 43 6f 6c 6c 65 63 74 69 6f 6e 22 3a 5b 7b 22 63 6f 6c 6c 65 63 74 69 6f 6e 54 79 70 65 22 3a 22 31 22 2c 22 74 65 73 74 73 43 6f 6c 6c 65 63 74 69 6f 6e 22 3a 5b 7b 22 69 64 22 3a 32 2c 22 6e 61 6d 65 22 3a 22 4d 61 6c 77 61 72 65 20 49 6e 66 65 63 74 69 6f 6e 22 2c 22 69 6d 61 67 65 4e 61 6d 65 22 3a 22 4d 61 6c 77 61 72 65 5f 49 6e 66 65 63 74 69 6f 6e 22 2c 22 69 6d 61 67 65 55 52 4c 22 3a 22 68 74 74 70 3a 2f 2f 73 63 31 2e 63 68 65 63 6b 70 6f 69 6e 74 2e 63 6f 6d 2f 63 68 65 63 6b 2d 6d 65 2f 52 65 70 6f 72 74 2f 53 56 47 2f 4d 61 6c 77 61 72 65 5f 49 6e 66 65 63 74 69 6f 6e 2e 73 76 67 22 2c 22 73 6f 72 74 4f 72 64 65 72 22 3a 31 2c 22 74 65 73 74 73 4c 69 73 74 22 3a 5b 7b 22 70 72 6f 67 72 65 73 73 5f 64 65 73 63 22 3a 22 44 6f 77 6e 6c 6f 61 64 69 6e 67 20 61 6e 20 69 6e 66 65 63 74 65 64 20 66 69 6c 65 20 20 74 68 72 6f 75 67 68 20 48 54 54 50 2e 22 2c 22 73 68 6f 72 74 5f 64 65 73 63 22 3a 22 44 6f 77 6e 6c 6f 61 64 69 6e 67 20 6f 66 20 69 6e 66 65 63 [TRUNCATED] Data Ascii: 1ff8{"testCollection":[{"collectionType":"1","testsCollection":[{"id":2,"name":"Malware Infection","imageName":"Malware_Infection","imageURL":"http://sc1.checkpoint.com/check-me/Report/SVG/Malware_Infection.svg","sortOrder":1,"testsList":[{"progress_desc":"Downloading an infected file through HTTP.","short_desc":"Downloading of infected zipped file through HTTP.","long_desc":"This test simulates downloading of infected zip file (EICAR virus) through your network.","additionalText":"NULL","appendixText":"NULL","result":null,"id":6,"startTime":0,"endTime":0

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:26:59.965068102 CEST	519	OUT	GET /checkme/fonts/din.woff?v=1.0.0 HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive Origin: http://www.cpcheckme.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.cpcheckme.com/checkme/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: AWSALB=rNwJ/gw1aCiGSddXo8tle6DTKjzDDrGTr1FsZcdttAgmUPmQlXsIxDRdIMU85JI0wKEYqybpebD1dufFxwO59QWmgjB4zQvAXsHzCTnadZq9W152JyctXaTLr4Or
May 22, 2024 17:27:00.579624891 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:00 GMT Content-Type: application/x-font-woff Content-Length: 23790 Connection: keep-alive Set-Cookie: AWSALB=BmxR1unfrqTWHXf4PMzu6ErLmC0gvoYpC2Kxeczso616gO9gleBiF2d2/ExRl6ASf74B2bTRt/b/3h4b5TYBggaVoDDdDElO9EJ7d3yKDbO6dJKD+9J++wRx0jkC; Expires=Wed, 29 May 2024 15:27:00 GMT; Path=/ Set-Cookie: AWSALBCORS=BmxR1unfrqTWHXf4PMzu6ErLmC0gvoYpC2Kxeczso616gO9gleBiF2d2/ExRl6ASf74B2bTRt/b/3h4b5TYBggaVoDDdDElO9EJ7d3yKDbO6dJKD+9J++wRx0jkC; Expires=Wed, 29 May 2024 15:27:00 GMT; Path=/; SameSite=None Server: Apache Accept-Ranges: bytes ETag: W/"23790-1684859534000" Last-Modified: Tue, 23 May 2023 16:32:14 GMT Access-Control-Allow-Origin: * Data Raw: 77 4f 46 46 00 01 00 00 00 00 5c ee 00 11 00 00 00 00 c1 dc 00 00 00 00 00 00 5b 7c 00 00 01 72 00 00 02 dc 00 00 00 00 00 00 00 00 47 50 4f 53 00 00 55 08 00 00 05 ea 00 00 0d 52 3e 63 32 f5 47 53 55 42 00 00 5a f4 00 00 00 88 00 00 00 e0 08 ab f6 e7 4c 54 53 48 00 00 54 78 00 00 00 8d 00 00 01 4f 6a 0c 3c 38 4f 53 2f 32 00 00 01 d8 00 00 00 5a 00 00 00 60 7f dd 58 c8 63 6d 61 70 00 00 02 34 00 00 01 51 00 00 03 94 b5 cd cd 38 63 76 74 20 00 00 52 e0 00 00 00 1e 00 00 00 1e 00 eb 06 c3 66 70 67 6d 00 00 53 00 00 00 01 02 00 00 01 73 06 77 9c 35 67 61 73 70 00 00 52 cc 00 00 00 14 00 00 00 14 00 7c 00 2e 67 6c 79 66 00 00 0e 74 00 00 44 58 00 00 99 f0 75 81 20 9f 68 65 61 64 00 00 01 a0 00 00 00 36 00 00 00 36 f9 d7 d0 9b 68 68 65 61 00 00 03 88 00 00 00 21 00 00 00 24 06 f2 04 93 68 6d 74 78 00 00 03 ac 00 00 02 f2 00 00 05 2c ba b1 58 16 6c 6f 63 61 00 00 0b dc 00 00 02 98 00 00 02 98 44 27 6d 94 6d 61 78 70 00 00 01 80 00 00 00 20 00 00 00 20 03 63 02 37 6e 61 6d 65 00 00 06 a0 00 00 01 98 00 00 [TRUNCATED] Data Ascii: wOFF\[\|rGPOSUR>c2GSUBZLTSHTxOj<8OS/2Z`Xcmap4Q8cvt RfpgmSsw5gaspR\|.glyftDXu head66hhea!$hmtx,XlocaD'mmaxp c7name!gJpost8R9prepTsh^Ke]s _<coW[xc`aRdt) 4,1#/A-S(?",L@
May 22, 2024 17:27:00.579804897 CEST	1236	IN	Data Raw: 8d 20 39 c6 37 4c 27 14 94 18 14 18 98 00 42 e0 0d 72 00 00 78 da ed d1 4d 2b 84 51 14 07 f0 73 ef c3 90 97 c4 0c 31 4d e3 dc 5b 66 43 a1 59 51 0a 29 76 26 b3 b0 51 46 99 c5 94 85 05 65 16 66 24 a5 59 79 4d d9 d9 2a 76 92 32 69 52 8c 66 94 8d 34 Data Ascii: 97L'BrxM+Qs1M[fCYQ)v&QFef$YyM*v2iRf4%=^>s=3Ir~up\e<P]l[bI<ki#X%q1)<"i;b_rIz_v1QyQX/b,hvyLr47\)
May 22, 2024 17:27:00.581604004 CEST	1236	IN	Data Raw: 05 56 2f 78 53 38 d3 64 58 87 ae 7d 2a 9c 43 0f 17 0a e7 51 5f f1 6b 9c 5c ea d7 51 d3 be 14 de c0 93 56 52 78 93 9d 25 5f 40 11 ef 0a 6f c1 d4 8b 0a 6f ff c0 3b e8 6a af e8 a2 8f 31 26 f0 10 22 80 81 63 98 38 42 05 87 68 b0 aa 12 55 70 22 f1 15 Data Ascii: V/xS8dX}*CQ_k\QVRx%_@oo;j1&"c8BhUp"2U83\_0scmMX#}MH-&h^0pI-D6BvD<fpYm&3p?a? +j/Q7aI-T={uc{>K>e\o72S
May 22, 2024 17:27:00.581620932 CEST	1236	IN	Data Raw: fd 29 ce 7f 52 9c fe 14 47 a5 38 fd 29 4e f2 1f ae 0d 7a e5 00 00 00 30 00 30 00 30 00 30 00 5a 00 82 01 16 01 c2 02 50 02 ee 03 06 03 3c 03 72 03 be 03 e2 03 f4 04 08 04 20 04 34 04 86 04 ae 04 fe 05 72 05 ae 06 1c 06 74 06 a0 07 2e 07 88 07 ae Data Ascii: )RG8)Nz0000ZP<r 4rt.&*j,hHlr@D`<Nb@rTLx6\|:Pz88d&z
May 22, 2024 17:27:00.581635952 CEST	1236	IN	Data Raw: c3 77 19 7c 55 19 ec 82 c1 4e 64 69 3f de 54 15 89 a0 20 3a 2d d4 18 78 ab a3 b0 94 18 9d b9 24 96 0e 2e a5 b4 a1 49 5d ee 2d 87 46 87 f7 84 13 b6 89 21 87 c9 6f 37 f5 d9 9c f3 6a 95 29 e3 9c 5c f8 de 78 c5 a9 4b 99 9f 18 9c 4e 3b 84 ab ae 10 06 Data Ascii: w\|UNdi?T :-x$.I]-F!o7j)\xKN;G]Nubt/\|CHzzM31WR[Ld:@7]]B#anbEy3JI9sPRQ2:P9L~[j#Z}*R?FTRCRDp3<?22
May 22, 2024 17:27:00.581671000 CEST	1236	IN	Data Raw: f2 0b 91 f0 5c de c3 57 79 a3 3f 66 1e de 5e 99 1d 18 28 8f 55 d3 85 b2 a4 2a b8 32 d3 a1 c8 6c ca 76 d1 95 8f 27 b6 a5 cc fa d8 4c dc 15 b3 2b aa e5 89 d9 f1 a9 d1 52 b9 94 8b 4c c6 4c d6 64 35 72 5d 24 44 f1 10 84 8f df 00 5e 15 4d 3c 88 ab 43 Data Ascii: \Wy?f^(U*2lv'L+RLLd5r]$D^M<Cs"Sp^nFW=qB>S{g^{~=7-Z\C?y\|_&<cL@K129XC<sP\Z ?MS`B!R(e\|)Mj&Ncz
May 22, 2024 17:27:00.581686974 CEST	1236	IN	Data Raw: e2 0f d6 fe 82 f2 e4 4b e1 fd e7 c1 fb d5 30 03 82 dc 42 bd 07 32 6c 5f b6 01 4f f6 c2 eb 50 b6 41 c1 1e f8 55 83 ef 1a a9 2e 42 a6 c4 55 9b d4 f9 ae 4b e5 6a 61 b6 20 c9 a8 80 fd 08 80 89 08 d1 51 24 9c e7 c8 2f c6 6a 2f 93 fe a1 c5 9c 63 34 9a Data Ascii: K0B2l_OPAU.BUKja Q$/j/c4_(?xyOK\|&91-PiGkw:cfwS)1wM1,4iE[X<CP'cW.9~Ts.M!?ElR^*9[9k\|.Soll_9mr9Z^L
May 22, 2024 17:27:00.581701040 CEST	1236	IN	Data Raw: c0 5c d1 02 ee 72 4d 5d 99 1b fb e0 de 40 7b e9 86 2e 84 e8 3a 6a 84 aa 50 43 9e 54 d0 ba 3e a8 55 50 5e 99 80 16 58 c9 0f cf 27 da 75 65 22 3b 4f 03 56 63 c4 8f 96 2c dc eb e8 d1 8e 45 b7 bd 80 4c 07 a1 4a 72 5e eb 29 1d cc 07 2b 23 69 53 6a f0 Data Ascii: \rM]@{.:jPCT>UP^X'ue";OVc,ELJr^)+#iSjnk(<<p.ug"o9mK[^x55>uK~y(;:cv4gU%n40TmW4c.3($?#[&rw6q\~~#[BTTr0=X
May 22, 2024 17:27:00.581836939 CEST	1236	IN	Data Raw: 2c ed b7 d8 22 1a ab a6 d7 5e bc 70 e2 a6 5b df 75 8d 33 3b a0 57 ab 7a dd c1 a0 bb 57 a5 d6 0f 50 d9 0d 3e 2c fc 53 00 db 23 1b ce 20 51 b1 d6 b3 ce 1a 31 21 00 9d 81 38 79 01 d3 b0 71 8c fa a8 44 83 35 38 42 36 5e 05 f3 87 a3 32 4e 0a 51 35 42 Data Ascii: ,"^p[u3;WzWP>,S# Q1!8yqD58B6^2NQ5Btu&ju\|\|9L</GNs&}N"P&[rVE+0)oHGcdMt\|^[>MLn8uk>R.gA$;$`=0w&PZ.5s]
May 22, 2024 17:27:00.581852913 CEST	1236	IN	Data Raw: d5 b3 f1 9a df 31 43 fe 04 3a a8 a1 ca 9f bf bb f2 e9 c5 6b ff bc f8 9e 6b 16 69 08 09 ed 22 ed 26 f4 d3 05 1f 27 a0 9f 9d 3a a8 9e b3 90 4d ce 41 07 15 90 79 72 81 94 21 97 92 19 c8 25 6f bb 71 ef 97 3e b7 f7 da ab f7 7e ee 4b df fa d6 eb bf 7b Data Ascii: 1C:kki"&':MAyr!%oq>~K{0\R6v^w''S foO:m4}$O~g;SI='"4VK3W!AsuGV(hiz7E,6CBIS~jH0
May 22, 2024 17:27:00.593147993 CEST	1236	IN	Data Raw: 57 05 fb 58 ee 0a fe 00 f9 0b fe 6b 0d df 60 aa 3f 5a ae 6b 88 44 03 0a 70 16 17 ba b5 96 aa b5 17 ab fc 81 fd f0 0f fd 1b 17 57 4f 0b 6e c0 93 86 0b 70 b3 dc 5b e1 d7 11 f8 75 26 d6 be ad 5f 9f db 0d b4 45 d5 60 2c c1 84 c0 c5 d1 95 e3 02 68 02 Data Ascii: WXk`?ZkDpWOnp[u&_E`,hF)P3MQ353n>ae(w9]8\|m.W_3,lr`)lur5Mh:~Db5un:^e\m+6\m0YBW
May 22, 2024 17:27:23.399588108 CEST	583	OUT	GET /checkme/rest/test/getScanTypesDetails?ts=1716391642957 HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.cpcheckme.com/checkme/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=OwocWPpZs5cdNA0YDmhebwepfiq1p6/4VMaaW37qnkp+q4fj95+8PSwINOLtf1mdvOf1D7REgn5mVAZr8l+unKdwXyocn3Ycu2jaq+iEhdf37h4/X5lgG5KVoodp
May 22, 2024 17:27:23.580049038 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:23 GMT Content-Type: application/json Content-Length: 1883 Connection: keep-alive Set-Cookie: AWSALB=ZuiWETPTHcFA2bEClMxIeVAdun0EyEG/ulo0Ig75Ueg4cwb0vWX7XArR5HlLTUMK5/l2SmF2q1vZObocW7nRAxTBo4tW1d51WzkzhnnVUp7rpDmA2BC4mOnyzCGE; Expires=Wed, 29 May 2024 15:27:23 GMT; Path=/ Set-Cookie: AWSALBCORS=ZuiWETPTHcFA2bEClMxIeVAdun0EyEG/ulo0Ig75Ueg4cwb0vWX7XArR5HlLTUMK5/l2SmF2q1vZObocW7nRAxTBo4tW1d51WzkzhnnVUp7rpDmA2BC4mOnyzCGE; Expires=Wed, 29 May 2024 15:27:23 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 5b 7b 22 69 64 22 3a 31 2c 22 6e 61 6d 65 22 3a 22 4e 65 74 77 6f 72 6b 22 2c 22 69 6d 67 22 3a 22 4e 65 74 77 6f 72 6b 5f 49 63 6f 6e 2e 73 76 67 22 2c 22 69 6d 67 50 61 74 68 22 3a 22 68 74 74 70 3a 2f 2f 73 63 31 2e 63 68 65 63 6b 70 6f 69 6e 74 2e 63 6f 6d 2f 63 68 65 63 6b 2d 6d 65 2f 53 56 47 2f 4e 65 74 77 6f 72 6b 5f 49 63 6f 6e 2e 73 76 67 22 2c 22 63 6f 6d 6d 65 6e 74 22 3a 22 22 2c 22 6d 6f 72 65 49 6e 66 6f 22 3a 22 43 68 65 63 6b 4d 65 20 72 75 6e 73 20 61 20 73 65 72 69 65 73 20 6f 66 20 73 69 6d 75 6c 61 74 69 6f 6e 73 20 6f 6e 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 61 6e 64 20 70 72 65 73 65 6e 74 73 20 79 6f 75 72 20 73 65 63 75 72 69 74 79 20 73 74 61 74 75 73 2e 20 53 74 61 72 74 20 74 68 65 20 61 73 73 65 73 73 6d 65 6e 74 20 74 6f 20 66 69 6e 64 20 79 6f 75 72 20 65 78 70 6f 73 75 72 65 20 74 6f 20 5a 65 72 6f 20 44 61 79 20 61 74 74 61 63 6b 73 2c 20 42 72 6f 77 73 65 72 20 45 78 70 6c 6f 69 74 2c 20 44 61 74 61 20 4c 65 61 6b 61 67 65 20 61 6e 64 20 6d 6f 72 65 2e 22 2c 22 74 [TRUNCATED] Data Ascii: [{"id":1,"name":"Network","img":"Network_Icon.svg","imgPath":"http://sc1.checkpoint.com/check-me/SVG/Network_Icon.svg","comment":"","moreInfo":"CheckMe runs a series of simulations on the network and presents your security status. Start the assessment to find your exposure to Zero Day attacks, Browser Exploit, Data Leakage and more.","title":"NETWORK DETAILS","lead_name":"CheckMe Network","testable":true},{"id":2,"name":"Endpoint","img":"Endpoint_Icon.svg","imgPath":"http://sc1.checkpoint.com/check-me/SVG/Endpoint_Icon.svg","comment":"*Requires downloading & runni

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:26:59.965101957 CEST	608	OUT	GET /checkme/assets/libs/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive Origin: http://www.cpcheckme.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.cpcheckme.com/checkme/assets/libs/fontawesome/css/font-awesome.min.css Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: AWSALB=rNwJ/gw1aCiGSddXo8tle6DTKjzDDrGTr1FsZcdttAgmUPmQlXsIxDRdIMU85JI0wKEYqybpebD1dufFxwO59QWmgjB4zQvAXsHzCTnadZq9W152JyctXaTLr4Or
May 22, 2024 17:27:00.594830036 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:00 GMT Content-Length: 77160 Connection: keep-alive Set-Cookie: AWSALB=TEMWwQGxTT8oScuLovE3w7W5pjDc7NcFjmXhyUcm6n/YsyQLMHhpKI871Vw/ioiM57Vr8Xfgd5eGdVZdt8CO09xT1xFHj+utQxKQuLo8kWuTu124rVrzL/B9y/Xy; Expires=Wed, 29 May 2024 15:27:00 GMT; Path=/ Set-Cookie: AWSALBCORS=TEMWwQGxTT8oScuLovE3w7W5pjDc7NcFjmXhyUcm6n/YsyQLMHhpKI871Vw/ioiM57Vr8Xfgd5eGdVZdt8CO09xT1xFHj+utQxKQuLo8kWuTu124rVrzL/B9y/Xy; Expires=Wed, 29 May 2024 15:27:00 GMT; Path=/; SameSite=None Server: Apache Accept-Ranges: bytes ETag: W/"77160-1684859534000" Last-Modified: Tue, 23 May 2023 16:32:14 GMT Access-Control-Allow-Origin: * Data Raw: 77 4f 46 32 00 01 00 00 00 01 2d 68 00 0d 00 00 00 02 86 98 00 01 2d 0e 00 04 01 cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3f 46 46 54 4d 1c 1a 20 06 60 00 85 72 11 08 0a 89 99 28 87 b6 58 01 36 02 24 03 95 70 0b 96 10 00 04 20 05 89 06 07 b4 75 5b 52 09 72 47 61 f7 91 84 2a ba 0d 81 27 ed 3d eb 3a b5 1a 26 d3 cd 3d 72 b7 2a 0a 02 19 e5 1a f1 f6 5d 04 74 07 dc 45 aa 6e a3 b2 ff ff ff ff e4 a4 31 46 db 0e dc 40 e0 d5 f4 fb 7c ad 8a 14 08 66 93 6d 92 60 9b 24 d8 91 a1 40 64 5b 42 51 11 24 28 5b 55 3c 2b 28 ad b8 40 50 d0 35 1e e4 60 81 b0 0e da 3e f6 50 10 1a 3b e1 28 91 d1 31 b3 fd 6c db fe 68 d4 a8 a2 c2 29 9f dc 59 79 94 f2 4a 69 e9 eb 17 ad 85 ce 7c 25 db 81 b7 5e ac 14 47 82 a2 33 b8 12 6e 9e 95 e8 ba da 95 dc 0a c4 cd 90 44 8a 9e 70 5c 59 72 20 94 4c df 50 f4 0e 8d 1b 83 74 a5 29 cb 11 98 ef 13 a7 36 52 c2 5e 22 53 0b 4c 7e f1 59 52 d7 43 58 52 15 09 8a 34 81 8e e6 46 fa 79 5c 5b bf e8 37 6e a1 e2 ae 7c 1d 73 e0 bb 8c 71 1e a3 4d bb 8e 25 4b c9 ff 17 2e db ba 0e 2c 0b fa 84 [TRUNCATED] Data Ascii: wOF2-h-?FFTM `r(X6$p u[RrGa'=:&=r]tEn1F@\|fm`$@d[BQ$([U<+(@P5`>P;(1lh)YyJi\|%^G3nDp\Yr LPt)6R^"SL~YRCXR4Fy\[7n\|sqM%K.,Lt'M,c+bOs^$z.mh&gbv'6:smb1m0"*Vc$,0ATPT1<;`'H?s:NDI$T[b4,bl6ILi}&4m,'#Rwbu,Kvm_-\HHH?
May 22, 2024 17:27:00.595017910 CEST	1236	IN	Data Raw: 96 d3 6d f3 0b 39 50 88 ad d8 29 39 e7 4a a8 86 24 c6 bd 88 9c e7 b1 f4 38 f8 e8 c7 da ce ce 7e b9 3b c4 72 15 8d 6e bf 3d 24 11 1a b5 1f 94 4e 64 64 6e 1b 21 27 ae a6 f0 e3 3b b3 f4 ac 38 99 bc 27 d9 4e a6 ed 1e 21 7f 2d 18 06 4a 19 ca b6 d3 2e Data Ascii: m9P)9J$8~;rn=$Nddn!';8'N!-J.X=,"`: {K!'-FH#$~Z_N5VU8F%PCp$Qrkk3:R%2{h%)8ILK6v#
May 22, 2024 17:27:00.595035076 CEST	1236	IN	Data Raw: 4f 02 ad 19 b8 96 c8 90 48 a0 1e e2 45 77 21 01 2e 1f d7 e9 fd 21 42 53 12 43 aa 67 1e c4 9d 89 63 e3 0e b9 e4 73 2a d5 a7 73 89 28 35 6d 94 3d 71 c6 ca 8a 65 a2 fb f1 59 91 0b 24 eb 5c 3e 10 66 4e 38 80 71 97 8c 78 ea 23 76 0a a5 36 75 6d ef 09 Data Ascii: OHEw!.!BSCgcss(5m=qeY$\>fN8qx#v6um`NM-J\FrDZ0#'nGjLXAgYsY^;"$hb=0vH<Vvc_\Yw;dBN3!$I\|P ~&d.-aa++
May 22, 2024 17:27:00.595439911 CEST	672	IN	Data Raw: c6 7b ae a5 f2 17 17 41 5a d2 26 87 19 53 f3 e2 d9 74 d8 ca f9 9c cf 03 0b cd af 01 e9 a2 50 ea eb 43 a1 a4 14 a2 30 13 08 b4 b6 44 2c fb 70 62 70 d0 b7 d4 7a 29 a7 20 5d 80 49 f7 3e 1a 00 0e 51 5c 42 6c c1 22 ba 97 5e 33 52 3e 72 fd 2a fb bb 04 Data Ascii: {AZ&StPC0D,pbpz) ]I>Q\Bl"^3R>r*C>xPUz}Y=}6-`/"Ho&DI0E2Xa-{5<,}``6jiim<UujYZjB\@g3Ejfp:Wp3ao1da
May 22, 2024 17:27:00.595455885 CEST	1236	IN	Data Raw: 78 b9 8a ae 3e 95 47 d9 0c 53 82 11 83 80 ee bd 67 c0 cc 89 22 94 51 cb 76 a4 62 14 30 2a 7a db c8 50 45 f4 79 c1 c9 89 8c 3f 37 af 24 13 0b c1 8e d8 f0 25 9e 1d 89 47 87 d2 d1 e4 70 c9 64 59 c8 26 66 e2 07 21 ed fb c7 61 36 94 8e 7c a8 08 29 bf Data Ascii: x>GSg"Qvb0*zPEy?7$%GpdY&f!a6\|);u7#34mJoOpv8jx(K/Zdxm7V_\fL7pXzH7-,(1KHbe,r-pL3=T2t2Xk:Z5spSsT:.]D"
May 22, 2024 17:27:00.595469952 CEST	1236	IN	Data Raw: b8 38 ea 92 78 ff 36 e7 99 67 53 a6 68 b1 09 b2 93 52 5e 5e 93 44 2e f8 78 8a 4d d1 4d 53 3f e6 bc 9e 27 47 fa 23 fc 7e e1 2b 9d ac ba c4 ec 08 76 34 8a 64 21 46 79 54 dc 39 f1 2d b2 66 56 61 37 68 fb 42 ae cb 17 34 fe ab 9f 96 e8 17 2c a9 32 bc Data Ascii: 8x6gShR^^D.xMMS?'G#~+v4d!FyT9-fVa7hB4,2&vTHMqp4?R\Xa<4@MiHD_EgRyMlTJyc"HJ, 6u/yVnJnH\PRBd\|4_$k.wIpS$
May 22, 2024 17:27:00.595866919 CEST	448	IN	Data Raw: 7d ea 11 a6 36 08 f9 c3 a2 ff b5 60 3f b5 69 10 91 2a bc 5b 39 65 2b 62 d1 56 4c ef 61 4c cd 99 13 b3 a6 9f e9 64 0c 02 42 59 70 2e b3 cf 88 0a c6 6e 5c 34 ec e7 b3 85 c6 a4 8a dc 1e 8d 64 ec 11 3c 77 a0 df 57 22 06 05 cf d3 3f 20 9f 27 b9 4f 25 Data Ascii: }6`?i*[9e+bVLaLdBYp.n\4d<wW"? 'O%a2N9,!.yZ%4U^ug)M%CVM!z&\|D,i~R,%\|O"h\3+ai8\$!1La6sz+MRb_kv
May 22, 2024 17:27:00.595881939 CEST	1236	IN	Data Raw: 2e 3b 6d c9 1d 07 b4 ef 39 e0 39 c1 73 dd 48 72 4c 1e 37 26 aa a4 07 92 91 8e 33 1b 42 73 04 e0 8e 7c 5b 6f 10 01 26 12 6f 75 da 53 67 f7 d5 ad 18 ae 2b 7b a1 41 45 bf df e5 6b 5a e2 09 a4 22 4e e2 8a 64 ea 19 35 83 a2 3a 9a 98 49 56 b5 a2 da 8a Data Ascii: .;m99sHrL7&3Bs\|[o&ouSg+{AEkZ"Nd5:IV>FbKf)cG5<C.g]k A0-vT d4K(Yq`(u{,:0$\|2/I,`ExP#q`/:';VD)r
May 22, 2024 17:27:00.596211910 CEST	1116	IN	Data Raw: c3 dd d6 27 8c 93 44 46 9f f5 dd 10 5b 4e 5d c5 7e e6 64 18 44 3f 56 f0 f6 17 51 95 57 a1 cd cd b2 81 7d 76 53 3e c1 4e 0e 03 6d f7 c9 c3 2b 03 53 de 71 f0 b8 0e 48 b0 ff 61 ff fa ca 55 21 f7 ce 92 af e6 86 1a 17 89 da 57 62 5f 2b a5 ab 8d 99 e8 Data Ascii: 'DF[N]~dD?VQW}vS>Nm+SqHaU!Wb_+UO]^l59@1'A^mo:9s-N:tD-zkSja4rczF xv7[C8#7p5+ ~*bJJYzw+-p/LL[cg
May 22, 2024 17:27:00.596227884 CEST	1236	IN	Data Raw: 26 a9 a8 a9 cf 22 91 fe 2e 63 d6 82 09 56 bb f1 7d 65 e7 4a df da eb 3a 34 32 71 60 47 cc 4f f4 a6 9b 2d 13 14 95 f2 9c af c1 e3 2d 42 94 8b ee 99 4a 97 46 b8 e9 59 c3 db be a2 33 7c ff c5 7c 29 c9 e4 0e 8a e0 f3 06 ac ba ea f6 49 47 ee cc c1 61 Data Ascii: &".cV}eJ:42q`GO--BJFY3\|\|)IGa+*ttPbADo?Cgt;I]G2RE<^mK3+;[3[1yv#p<jiCaf~\GC4dubt BKQm=aTq<^z
May 22, 2024 17:27:00.600919962 CEST	1236	IN	Data Raw: 19 16 80 29 02 6f 90 d0 10 aa 74 6b fd 6c 03 9a e6 c8 2c ae 14 fb 6c 11 e8 a1 eb 0f f3 55 1f ec 29 dd b9 65 98 35 81 3c 41 ba 08 b0 1e 5c 30 9c eb 9e 5f ec 37 d8 d9 f6 ed 5e 7e 7b d8 24 0d 71 52 82 ce b0 66 93 13 01 fb eb 50 0a 10 61 1a 21 66 97 Data Ascii: )otkl,lU)e5<A\0_7^~{$qRfPa!fXUhXl^:(m?@=bhgO{-i:'A8?gzHFz0[D#A.%'w=23Z'Hx&I41IJiezo{i80[K/
May 22, 2024 17:27:23.062479019 CEST	770	OUT	GET /checkme/ HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=oZwKzeTpVngadSgeD4roJp3GVgWR3NzYjEQPnSG6Zu1xS2uZQirezWaTe/9AcIMkybv5PxLV5mic9qBNHt4TY8wyIM9Wc4WkDqhvVYs0ktGiOIUTKWAu9I9YqTxj If-None-Match: W/"3971-1684859588000" If-Modified-Since: Tue, 23 May 2023 16:33:08 GMT
May 22, 2024 17:27:23.317945004 CEST	539	IN	HTTP/1.1 304 Not Modified Date: Wed, 22 May 2024 15:27:23 GMT Connection: keep-alive Set-Cookie: AWSALB=OwocWPpZs5cdNA0YDmhebwepfiq1p6/4VMaaW37qnkp+q4fj95+8PSwINOLtf1mdvOf1D7REgn5mVAZr8l+unKdwXyocn3Ycu2jaq+iEhdf37h4/X5lgG5KVoodp; Expires=Wed, 29 May 2024 15:27:23 GMT; Path=/ Set-Cookie: AWSALBCORS=OwocWPpZs5cdNA0YDmhebwepfiq1p6/4VMaaW37qnkp+q4fj95+8PSwINOLtf1mdvOf1D7REgn5mVAZr8l+unKdwXyocn3Ycu2jaq+iEhdf37h4/X5lgG5KVoodp; Expires=Wed, 29 May 2024 15:27:23 GMT; Path=/; SameSite=None Server: Apache ETag: W/"3971-1684859588000"
May 22, 2024 17:27:23.336296082 CEST	586	OUT	GET /check/testsAssets/instant_checkup.js?v=0.6537682150719368 HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.cpcheckme.com/checkme/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=OwocWPpZs5cdNA0YDmhebwepfiq1p6/4VMaaW37qnkp+q4fj95+8PSwINOLtf1mdvOf1D7REgn5mVAZr8l+unKdwXyocn3Ycu2jaq+iEhdf37h4/X5lgG5KVoodp
May 22, 2024 17:27:23.533503056 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:23 GMT Content-Type: application/javascript Content-Length: 11494 Connection: keep-alive Set-Cookie: AWSALB=Yh57DKMqbTJo4EKyNnwNi1mjpwz0Q3Ip6BoC8lP2Bav4AALKcTUezwkMAfJxCRfJkcXVcq8LB0VSTaQfsmIcPyODWzNVf2nSL15FbaSnCXOKFT7Py3Tj6jbXGO8+; Expires=Wed, 29 May 2024 15:27:23 GMT; Path=/ Set-Cookie: AWSALBCORS=Yh57DKMqbTJo4EKyNnwNi1mjpwz0Q3Ip6BoC8lP2Bav4AALKcTUezwkMAfJxCRfJkcXVcq8LB0VSTaQfsmIcPyODWzNVf2nSL15FbaSnCXOKFT7Py3Tj6jbXGO8+; Expires=Wed, 29 May 2024 15:27:23 GMT; Path=/; SameSite=None Server: Apache Accept-Ranges: bytes ETag: W/"11494-1692734355000" Last-Modified: Tue, 22 Aug 2023 19:59:15 GMT Access-Control-Allow-Origin: * Data Raw: 76 61 72 20 64 65 66 61 75 6c 74 5f 74 69 6d 65 6f 75 74 20 3d 20 31 30 30 30 30 3b 0a 0a 66 75 6e 63 74 69 6f 6e 20 67 65 74 5f 74 65 73 74 5f 72 65 73 28 75 72 6c 2c 20 74 65 73 74 5f 72 65 73 75 6c 74 29 20 7b 0a 09 69 66 20 28 74 65 73 74 5f 72 65 73 75 6c 74 29 0a 09 09 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 50 61 73 73 65 64 3a 20 22 20 2b 20 75 72 6c 29 3b 0a 09 65 6c 73 65 0a 09 09 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 46 61 69 6c 65 64 3a 20 22 20 2b 20 75 72 6c 29 3b 0a 09 72 65 74 75 72 6e 20 7b 20 27 74 65 73 74 5f 72 65 73 75 6c 74 27 3a 20 74 65 73 74 5f 72 65 73 75 6c 74 20 7d 3b 0a 7d 0a 0a 66 75 6e 63 74 69 6f 6e 20 78 68 72 5f 74 65 73 74 28 6a 73 6f 6e 2c 20 63 62 29 20 7b 0a 09 74 72 79 20 7b 0a 09 09 76 61 72 20 75 72 6c 20 3d 20 6a 73 6f 6e 5b 22 75 72 6c 22 5d 3b 0a 09 09 75 72 6c 20 2b 3d 20 28 75 72 6c 2e 69 6e 64 65 78 4f 66 28 27 3f 27 29 20 3e 20 30 29 20 3f 20 22 26 22 20 3a 20 22 3f 22 3b 0a 09 09 75 72 6c 20 2b 3d 20 27 73 74 61 74 69 63 3d 43 50 43 68 65 63 6b 4d [TRUNCATED] Data Ascii: var default_timeout = 10000;function get_test_res(url, test_result) {if (test_result)console.log("Passed: " + url);elseconsole.warn("Failed: " + url);return { 'test_result': test_result };}function xhr_test(json, cb) {try {var url = json["url"];url += (url.indexOf('?') > 0) ? "&" : "?";url += 'static=CPCheckMe&rand=' + new Date().getTime();var xhr = new XMLHttpRequest();xhr.onload = function() {var success = (xhr.status != 404) && (xhr.status != 200);if ((xhr.status == 200) && (json["expected_size"

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:27:00.358407974 CEST	467	OUT	GET /checkme/rest/test/getAllTests?ts=1716391619429&category= HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: AWSALB=Gd1uru2VcjlY0Je0e4n8PoEib9ijlg60pKhAZhVIahgFZjZa4+48AVW7q6KoX90AeJDkkWwwBcgaoTr8RoVTKs204AJgEPQ+gL0mR1quQXA7PYaVUT1d0tixllPV
May 22, 2024 17:27:00.994158983 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:00 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: AWSALB=eb+VoeUAAzJQ+wta6IYE+KtRMvjNHE2nrUPM4MjDDa2fA+T5fPRvLfrvWajwyV7oT308KiODhejaXmPh5LdUs6G+JtVjd357CvUHSUv6lCCHOQ9z1wwrxt7/WP9a; Expires=Wed, 29 May 2024 15:27:00 GMT; Path=/ Set-Cookie: AWSALBCORS=eb+VoeUAAzJQ+wta6IYE+KtRMvjNHE2nrUPM4MjDDa2fA+T5fPRvLfrvWajwyV7oT308KiODhejaXmPh5LdUs6G+JtVjd357CvUHSUv6lCCHOQ9z1wwrxt7/WP9a; Expires=Wed, 29 May 2024 15:27:00 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 32 63 36 37 0d 0a 7b 22 74 65 73 74 43 6f 6c 6c 65 63 74 69 6f 6e 22 3a 5b 7b 22 63 6f 6c 6c 65 63 74 69 6f 6e 54 79 70 65 22 3a 22 31 22 2c 22 74 65 73 74 73 43 6f 6c 6c 65 63 74 69 6f 6e 22 3a 5b 7b 22 69 64 22 3a 32 2c 22 6e 61 6d 65 22 3a 22 4d 61 6c 77 61 72 65 20 49 6e 66 65 63 74 69 6f 6e 22 2c 22 69 6d 61 67 65 4e 61 6d 65 22 3a 22 4d 61 6c 77 61 72 65 5f 49 6e 66 65 63 74 69 6f 6e 22 2c 22 69 6d 61 67 65 55 52 4c 22 3a 22 68 74 74 70 3a 2f 2f 73 63 31 2e 63 68 65 63 6b 70 6f 69 6e 74 2e 63 6f 6d 2f 63 68 65 63 6b 2d 6d 65 2f 52 65 70 6f 72 74 2f 53 56 47 2f 4d 61 6c 77 61 72 65 5f 49 6e 66 65 63 74 69 6f 6e 2e 73 76 67 22 2c 22 73 6f 72 74 4f 72 64 65 72 22 3a 31 2c 22 74 65 73 74 73 4c 69 73 74 22 3a 5b 7b 22 70 72 6f 67 72 65 73 73 5f 64 65 73 63 22 3a 22 44 6f 77 6e 6c 6f 61 64 69 6e 67 20 61 6e 20 69 6e 66 65 63 74 65 64 20 66 69 6c 65 20 20 74 68 72 6f 75 67 68 20 48 54 54 50 2e 22 2c 22 73 68 6f 72 74 5f 64 65 73 63 22 3a 22 44 6f 77 6e 6c 6f 61 64 69 6e 67 20 6f 66 20 69 6e 66 65 63 [TRUNCATED] Data Ascii: 2c67{"testCollection":[{"collectionType":"1","testsCollection":[{"id":2,"name":"Malware Infection","imageName":"Malware_Infection","imageURL":"http://sc1.checkpoint.com/check-me/Report/SVG/Malware_Infection.svg","sortOrder":1,"testsList":[{"progress_desc":"Downloading an infected file through HTTP.","short_desc":"Downloading of infected zipped file through HTTP.","long_desc":"This test simulates downloading of infected zip file (EICAR virus) through your network.","additionalText":"NULL","appendixText":"NULL","result":null,"id":6,"startTime":0,"endTime":0
May 22, 2024 17:27:00.994833946 CEST	224	IN	Data Raw: 2c 22 73 74 61 74 75 73 22 3a 6e 75 6c 6c 2c 22 73 6f 72 74 4f 72 64 65 72 22 3a 31 2c 22 61 64 64 69 74 69 6f 6e 61 6c 52 65 73 75 6c 74 73 22 3a 6e 75 6c 6c 2c 22 61 64 64 69 74 69 6f 6e 61 6c 52 65 73 75 6c 74 73 52 61 77 22 3a 6e 75 6c 6c 2c Data Ascii: ,"status":null,"sortOrder":1,"additionalResults":null,"additionalResultsRaw":null,"startTimeDate":1716391620912,"endTimeDate":1716391620912,"totalTime":0},{"progress_desc":"Downloading an infected file through HTTPS.","short
May 22, 2024 17:27:00.994853973 CEST	1236	IN	Data Raw: 5f 64 65 73 63 22 3a 22 44 6f 77 6e 6c 6f 61 64 69 6e 67 20 6f 66 20 69 6e 66 65 63 74 65 64 20 66 69 6c 65 20 74 68 72 6f 75 67 68 20 48 54 54 50 53 2e 22 2c 22 6c 6f 6e 67 5f 64 65 73 63 22 3a 22 54 68 69 73 20 74 65 73 74 20 73 69 6d 75 6c 61 Data Ascii: _desc":"Downloading of infected file through HTTPS.","long_desc":"This test simulates downloading of infected file (EICAR virus) through your network over https.","additionalText":"NULL","appendixText":"NULL","result":null,"id":16,"startTime":
May 22, 2024 17:27:00.994904995 CEST	1236	IN	Data Raw: 4c 69 73 74 22 3a 5b 7b 22 70 72 6f 67 72 65 73 73 5f 64 65 73 63 22 3a 22 43 6f 6e 6e 65 63 74 69 6e 67 20 74 6f 20 43 26 43 20 73 65 72 76 65 72 2e 22 2c 22 73 68 6f 72 74 5f 64 65 73 63 22 3a 22 53 69 6d 75 6c 61 74 69 6e 67 20 63 6f 6d 6d 61 Data Ascii: List":[{"progress_desc":"Connecting to C&C server.","short_desc":"Simulating command and control communication to external server.","long_desc":"This test simulates contact attempt to known command and control server by generating requests for
May 22, 2024 17:27:00.995023966 CEST	1236	IN	Data Raw: 6f 72 74 4f 72 64 65 72 22 3a 32 2c 22 61 64 64 69 74 69 6f 6e 61 6c 52 65 73 75 6c 74 73 22 3a 6e 75 6c 6c 2c 22 61 64 64 69 74 69 6f 6e 61 6c 52 65 73 75 6c 74 73 52 61 77 22 3a 6e 75 6c 6c 2c 22 73 74 61 72 74 54 69 6d 65 44 61 74 65 22 3a 31 Data Ascii: ortOrder":2,"additionalResults":null,"additionalResultsRaw":null,"startTimeDate":1716391620912,"endTimeDate":1716391620912,"totalTime":0},{"progress_desc":"Downloading an infected PDF.","short_desc":"Downloading of PDF file.","long_desc":"This
May 22, 2024 17:27:00.995044947 CEST	1236	IN	Data Raw: 75 6c 74 22 3a 6e 75 6c 6c 2c 22 69 64 22 3a 31 2c 22 73 74 61 72 74 54 69 6d 65 22 3a 30 2c 22 65 6e 64 54 69 6d 65 22 3a 30 2c 22 73 74 61 74 75 73 22 3a 6e 75 6c 6c 2c 22 73 6f 72 74 4f 72 64 65 72 22 3a 31 2c 22 61 64 64 69 74 69 6f 6e 61 6c Data Ascii: ult":null,"id":1,"startTime":0,"endTime":0,"status":null,"sortOrder":1,"additionalResults":null,"additionalResultsRaw":null,"startTimeDate":1716391620912,"endTimeDate":1716391620912,"totalTime":0}],"moreInfo":"A browser exploit is an attack th
May 22, 2024 17:27:00.995229959 CEST	1236	IN	Data Raw: 2c 22 6d 6f 72 65 49 6e 66 6f 22 3a 22 41 6e 6f 6e 79 6d 69 7a 65 72 73 20 6c 65 74 20 75 73 65 72 73 20 68 69 64 65 20 74 68 65 69 72 20 6f 6e 6c 69 6e 65 20 61 63 74 69 76 69 74 79 2e 20 54 68 69 73 20 63 61 6e 20 6f 70 65 6e 20 61 20 62 61 63 Data Ascii: ,"moreInfo":"Anonymizers let users hide their online activity. This can open a back door into your organizations network.","rightImage":null,"bottomImage":null},{"id":31,"name":"Data Leakage","imageName":"Data_Leakage","imageURL":"http://sc
May 22, 2024 17:27:00.995249987 CEST	1236	IN	Data Raw: 65 44 61 74 65 22 3a 31 37 31 36 33 39 31 36 32 30 39 31 32 2c 22 74 6f 74 61 6c 54 69 6d 65 22 3a 30 7d 5d 2c 22 6d 6f 72 65 49 6e 66 6f 22 3a 22 44 61 74 61 20 6c 65 61 6b 61 67 65 20 69 73 20 74 68 65 20 72 65 73 75 6c 74 20 6f 66 20 75 73 65 Data Ascii: eDate":1716391620912,"totalTime":0}],"moreInfo":"Data leakage is the result of users transferring classified or sensitive information outside the corporate network intentionally or by mistake.","rightImage":null,"bottomImage":null}]},{"collect
May 22, 2024 17:27:00.995270967 CEST	1236	IN	Data Raw: 63 6f 6e 74 72 6f 6c 5f 63 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 5f 36 34 2e 73 76 67 22 2c 22 73 6f 72 74 4f 72 64 65 72 22 3a 32 2c 22 74 65 73 74 73 4c 69 73 74 22 3a 5b 7b 22 70 72 6f 67 72 65 73 73 5f 64 65 73 63 22 3a 22 43 6f 6e 6e 65 63 74 Data Ascii: control_communication_64.svg","sortOrder":2,"testsList":[{"progress_desc":"Connecting to C&C server.","short_desc":"Simulating command and control communication to external server.","long_desc":"This test simulates contact attempt to known com
May 22, 2024 17:27:00.995452881 CEST	1236	IN	Data Raw: 22 3a 32 2c 22 61 64 64 69 74 69 6f 6e 61 6c 52 65 73 75 6c 74 73 22 3a 6e 75 6c 6c 2c 22 61 64 64 69 74 69 6f 6e 61 6c 52 65 73 75 6c 74 73 52 61 77 22 3a 6e 75 6c 6c 2c 22 73 74 61 72 74 54 69 6d 65 44 61 74 65 22 3a 31 37 31 36 33 39 31 36 32 Data Ascii: ":2,"additionalResults":null,"additionalResultsRaw":null,"startTimeDate":1716391620912,"endTimeDate":1716391620912,"totalTime":0}],"moreInfo":"A browser exploit is an attack that takes advantage of a particular vulnerability in a computing sys
May 22, 2024 17:27:01.003753901 CEST	704	IN	Data Raw: 2f 52 65 70 6f 72 74 2f 53 56 47 2f 50 65 72 73 69 73 74 65 6e 63 65 5f 54 68 72 65 61 74 2e 73 76 67 22 2c 22 73 6f 72 74 4f 72 64 65 72 22 3a 37 2c 22 74 65 73 74 73 4c 69 73 74 22 3a 5b 7b 22 70 72 6f 67 72 65 73 73 5f 64 65 73 63 22 3a 22 50 Data Ascii: /Report/SVG/Persistence_Threat.svg","sortOrder":7,"testsList":[{"progress_desc":"Persistent Malware detection.","short_desc":"Simulating persistence extraction of infected file.","long_desc":"This test checks that the encrypted files and exe n
May 22, 2024 17:27:23.587095976 CEST	537	OUT	GET /checkme/rest/test/getExcludedEmails?ts=1716391642959 HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=cFGMXUN96TLXW7m1KAtQw1o0Wwl0SflKhVow0etQKvxcO8SPmedQnvmG0pYlGn5m7IXRRjFKDNYyMhf+fwOGNYF9NXBlLcPjP7nQ/QIglWbIdJrzhSWiiNfg6CY9
May 22, 2024 17:27:23.773305893 CEST	751	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:23 GMT Content-Type: application/json Content-Length: 87 Connection: keep-alive Set-Cookie: AWSALB=BZCGg23y0UPS+iGcjzUJjZ87+WZa0FRx7tUOpwzYCfPBUSdiSdjO+nJp78DjP1qxMqr9Xrire9cH6Y1rr1aR5ZpWZl3IMgEZOxsOUFPmsfD7GczHqz/sAByCZx24; Expires=Wed, 29 May 2024 15:27:23 GMT; Path=/ Set-Cookie: AWSALBCORS=BZCGg23y0UPS+iGcjzUJjZ87+WZa0FRx7tUOpwzYCfPBUSdiSdjO+nJp78DjP1qxMqr9Xrire9cH6Y1rr1aR5ZpWZl3IMgEZOxsOUFPmsfD7GczHqz/sAByCZx24; Expires=Wed, 29 May 2024 15:27:23 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 5b 22 67 6d 61 69 6c 22 2c 22 68 6f 74 6d 61 69 6c 22 2c 22 79 61 68 6f 6f 22 2c 22 6d 61 69 6c 22 2c 22 6f 75 74 6c 6f 6f 6b 22 2c 22 67 6d 78 22 2c 22 70 72 6f 74 6f 6e 6d 61 69 6c 22 2c 22 61 6f 6c 22 2c 22 79 61 6e 64 65 78 22 2c 22 69 63 6c 6f 75 64 22 5d Data Ascii: ["gmail","hotmail","yahoo","mail","outlook","gmx","protonmail","aol","yandex","icloud"]

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:27:00.358488083 CEST	465	OUT	GET /checkme/rest/test/getScanTypesDetails?ts=1716391619425 HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: AWSALB=fQ1vuCAQ+LX5fP9FFpX4jdqnMkhiJvjU3nvRj5GtmZ1hggHpUKlLmknHsxzKLxUo0skpUvNrqdMIjwyKtJS7T38Vlg2znlGzG4Ypo11dfhg4GJMJ1SR3ctSOwdvL
May 22, 2024 17:27:00.994003057 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:00 GMT Content-Type: application/json Content-Length: 1883 Connection: keep-alive Set-Cookie: AWSALB=8fQ5WAjIV/z8Cdl1hr0W+TuB3BpV2wJtC6Yh67XkUau2Rq28aPM24cCqU6vtsF5Yx3KPpdtIhihhL6jMWNNJEKftzcU1yX5h1Uz86i+7Qf8p5r/X68cmen5/G3Qc; Expires=Wed, 29 May 2024 15:27:00 GMT; Path=/ Set-Cookie: AWSALBCORS=8fQ5WAjIV/z8Cdl1hr0W+TuB3BpV2wJtC6Yh67XkUau2Rq28aPM24cCqU6vtsF5Yx3KPpdtIhihhL6jMWNNJEKftzcU1yX5h1Uz86i+7Qf8p5r/X68cmen5/G3Qc; Expires=Wed, 29 May 2024 15:27:00 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 5b 7b 22 69 64 22 3a 31 2c 22 6e 61 6d 65 22 3a 22 4e 65 74 77 6f 72 6b 22 2c 22 69 6d 67 22 3a 22 4e 65 74 77 6f 72 6b 5f 49 63 6f 6e 2e 73 76 67 22 2c 22 69 6d 67 50 61 74 68 22 3a 22 68 74 74 70 3a 2f 2f 73 63 31 2e 63 68 65 63 6b 70 6f 69 6e 74 2e 63 6f 6d 2f 63 68 65 63 6b 2d 6d 65 2f 53 56 47 2f 4e 65 74 77 6f 72 6b 5f 49 63 6f 6e 2e 73 76 67 22 2c 22 63 6f 6d 6d 65 6e 74 22 3a 22 22 2c 22 6d 6f 72 65 49 6e 66 6f 22 3a 22 43 68 65 63 6b 4d 65 20 72 75 6e 73 20 61 20 73 65 72 69 65 73 20 6f 66 20 73 69 6d 75 6c 61 74 69 6f 6e 73 20 6f 6e 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 61 6e 64 20 70 72 65 73 65 6e 74 73 20 79 6f 75 72 20 73 65 63 75 72 69 74 79 20 73 74 61 74 75 73 2e 20 53 74 61 72 74 20 74 68 65 20 61 73 73 65 73 73 6d 65 6e 74 20 74 6f 20 66 69 6e 64 20 79 6f 75 72 20 65 78 70 6f 73 75 72 65 20 74 6f 20 5a 65 72 6f 20 44 61 79 20 61 74 74 61 63 6b 73 2c 20 42 72 6f 77 73 65 72 20 45 78 70 6c 6f 69 74 2c 20 44 61 74 61 20 4c 65 61 6b 61 67 65 20 61 6e 64 20 6d 6f 72 65 2e 22 2c 22 74 [TRUNCATED] Data Ascii: [{"id":1,"name":"Network","img":"Network_Icon.svg","imgPath":"http://sc1.checkpoint.com/check-me/SVG/Network_Icon.svg","comment":"","moreInfo":"CheckMe runs a series of simulations on the network and presents your security status. Start the assessment to find your exposure to Zero Day attacks, Browser Exploit, Data Leakage and more.","title":"NETWORK DETAILS","lead_name":"CheckMe Network","testable":true},{"id":2,"name":"Endpoint","img":"Endpoint_Icon.svg","imgPath":"http://sc1.checkpoint.com/check-me/SVG/Endpoint_Icon.svg","comment":"*Requires downloading & runni
May 22, 2024 17:27:00.994019985 CEST	1236	IN	Data Raw: 6e 67 20 61 6e 20 65 78 65 63 75 74 61 62 6c 65 22 2c 22 6d 6f 72 65 49 6e 66 6f 22 3a 22 43 68 65 63 6b 4d 65 20 72 75 6e 73 20 61 20 73 65 72 69 65 73 20 6f 66 20 73 69 6d 75 6c 61 74 69 6f 6e 73 20 6f 6e 20 74 68 65 20 45 6e 64 70 6f 69 6e 74 Data Ascii: ng an executable","moreInfo":"CheckMe runs a series of simulations on the Endpoint and presents your security status. Start the assessment to find your exposure to Ransomware, Zero Day attacks, Browser Exploits and more.","title":"ENDPOINT DET
May 22, 2024 17:27:00.994046926 CEST	77	IN	Data Raw: 65 73 2e 22 2c 22 74 69 74 6c 65 22 3a 22 4d 4f 42 49 4c 45 20 44 45 54 41 49 4c 53 22 2c 22 6c 65 61 64 5f 6e 61 6d 65 22 3a 22 43 68 65 63 6b 4d 65 20 4d 6f 62 69 6c 65 22 2c 22 74 65 73 74 61 62 6c 65 22 3a 66 61 6c 73 65 7d 5d Data Ascii: es.","title":"MOBILE DETAILS","lead_name":"CheckMe Mobile","testable":false}]
May 22, 2024 17:27:45.999712944 CEST	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:27:00.358539104 CEST	463	OUT	GET /checkme/rest/test/getExcludedEmails?ts=1716391619429 HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: AWSALB=0mYBx9525ryXtIoqeRqKbJeZKPWEHu74769q2/P/0rN0jCrBXwkvsh1iHvz66BNYG2PgBlt8EEIkoOwHqxZuE1UA1bCeqI+XBChklCloRHSo5d4L1vPJDqnTmwM7
May 22, 2024 17:27:00.995472908 CEST	751	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:00 GMT Content-Type: application/json Content-Length: 87 Connection: keep-alive Set-Cookie: AWSALB=tivvrEoeV1HvZtYTzwX/lby4SEl0vjEuljdtUOu6DGNZTehmiRTm2AiOFjzsrtPIsWv0qc0zWHYOYYvcl5wM97ZiaO2+FjhDQcWAlQQjm1TlEyoeeAnmI9vVeWxZ; Expires=Wed, 29 May 2024 15:27:00 GMT; Path=/ Set-Cookie: AWSALBCORS=tivvrEoeV1HvZtYTzwX/lby4SEl0vjEuljdtUOu6DGNZTehmiRTm2AiOFjzsrtPIsWv0qc0zWHYOYYvcl5wM97ZiaO2+FjhDQcWAlQQjm1TlEyoeeAnmI9vVeWxZ; Expires=Wed, 29 May 2024 15:27:00 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 5b 22 67 6d 61 69 6c 22 2c 22 68 6f 74 6d 61 69 6c 22 2c 22 79 61 68 6f 6f 22 2c 22 6d 61 69 6c 22 2c 22 6f 75 74 6c 6f 6f 6b 22 2c 22 67 6d 78 22 2c 22 70 72 6f 74 6f 6e 6d 61 69 6c 22 2c 22 61 6f 6c 22 2c 22 79 61 6e 64 65 78 22 2c 22 69 63 6c 6f 75 64 22 5d Data Ascii: ["gmail","hotmail","yahoo","mail","outlook","gmx","protonmail","aol","yandex","icloud"]
May 22, 2024 17:27:23.595360041 CEST	541	OUT	GET /checkme/rest/test/getAllTests?ts=1716391642959&category= HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=rpr0HGgZy2f2qU8vDNGoQSh6GHnqTarq6xQSJE6AOHCZ09cWRqa779g0z4awQzetbO0uf1i5awVAgmHuuJ3mr/qFt3/s5fm0K/2JNco9Q8wEjLjyLNKYSXTZO+TC
May 22, 2024 17:27:23.775396109 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:23 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: AWSALB=nqkbPslmcaeQsyH/RXSyBsP3XeMuXx/24eOvbCdyloxX4y39vVy5M+M4WV5Diegpp2TD86Rax9syCzIfd325AlbkkOH7t/nbwbrY7fAL0umo2f2g/sIpzgq803iS; Expires=Wed, 29 May 2024 15:27:23 GMT; Path=/ Set-Cookie: AWSALBCORS=nqkbPslmcaeQsyH/RXSyBsP3XeMuXx/24eOvbCdyloxX4y39vVy5M+M4WV5Diegpp2TD86Rax9syCzIfd325AlbkkOH7t/nbwbrY7fAL0umo2f2g/sIpzgq803iS; Expires=Wed, 29 May 2024 15:27:23 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 31 66 66 38 0d 0a 7b 22 74 65 73 74 43 6f 6c 6c 65 63 74 69 6f 6e 22 3a 5b 7b 22 63 6f 6c 6c 65 63 74 69 6f 6e 54 79 70 65 22 3a 22 31 22 2c 22 74 65 73 74 73 43 6f 6c 6c 65 63 74 69 6f 6e 22 3a 5b 7b 22 69 64 22 3a 32 2c 22 6e 61 6d 65 22 3a 22 4d 61 6c 77 61 72 65 20 49 6e 66 65 63 74 69 6f 6e 22 2c 22 69 6d 61 67 65 4e 61 6d 65 22 3a 22 4d 61 6c 77 61 72 65 5f 49 6e 66 65 63 74 69 6f 6e 22 2c 22 69 6d 61 67 65 55 52 4c 22 3a 22 68 74 74 70 3a 2f 2f 73 63 31 2e 63 68 65 63 6b 70 6f 69 6e 74 2e 63 6f 6d 2f 63 68 65 63 6b 2d 6d 65 2f 52 65 70 6f 72 74 2f 53 56 47 2f 4d 61 6c 77 61 72 65 5f 49 6e 66 65 63 74 69 6f 6e 2e 73 76 67 22 2c 22 73 6f 72 74 4f 72 64 65 72 22 3a 31 2c 22 74 65 73 74 73 4c 69 73 74 22 3a 5b 7b 22 70 72 6f 67 72 65 73 73 5f 64 65 73 63 22 3a 22 44 6f 77 6e 6c 6f 61 64 69 6e 67 20 61 6e 20 69 6e 66 65 63 74 65 64 20 66 69 6c 65 20 20 74 68 72 6f 75 67 68 20 48 54 54 50 2e 22 2c 22 73 68 6f 72 74 5f 64 65 73 63 22 3a 22 44 6f 77 6e 6c 6f 61 64 69 6e 67 20 6f 66 20 69 6e 66 65 63 [TRUNCATED] Data Ascii: 1ff8{"testCollection":[{"collectionType":"1","testsCollection":[{"id":2,"name":"Malware Infection","imageName":"Malware_Infection","imageURL":"http://sc1.checkpoint.com/check-me/Report/SVG/Malware_Infection.svg","sortOrder":1,"testsList":[{"progress_desc":"Downloading an infected file through HTTP.","short_desc":"Downloading of infected zipped file through HTTP.","long_desc":"This test simulates downloading of infected zip file (EICAR virus) through your network.","additionalText":"NULL","appendixText":"NULL","result":null,"id":6,"startTime":0,"endTime":0
May 22, 2024 17:27:23.775612116 CEST	1236	IN	Data Raw: 2c 22 73 74 61 74 75 73 22 3a 6e 75 6c 6c 2c 22 73 6f 72 74 4f 72 64 65 72 22 3a 31 2c 22 61 64 64 69 74 69 6f 6e 61 6c 52 65 73 75 6c 74 73 22 3a 6e 75 6c 6c 2c 22 61 64 64 69 74 69 6f 6e 61 6c 52 65 73 75 6c 74 73 52 61 77 22 3a 6e 75 6c 6c 2c Data Ascii: ,"status":null,"sortOrder":1,"additionalResults":null,"additionalResultsRaw":null,"startTimeDate":1716391643691,"endTimeDate":1716391643691,"totalTime":0},{"progress_desc":"Downloading an infected file through HTTPS.","short_desc":"Downloading
May 22, 2024 17:27:23.775890112 CEST	1236	IN	Data Raw: 6c 6c 7d 2c 7b 22 69 64 22 3a 38 2c 22 6e 61 6d 65 22 3a 22 43 6f 6d 6d 61 6e 64 20 26 20 43 6f 6e 74 72 6f 6c 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 22 2c 22 69 6d 61 67 65 4e 61 6d 65 22 3a 22 63 6f 6d 6d 61 6e 64 5f 61 6e 64 5f 63 6f 6e 74 Data Ascii: ll},{"id":8,"name":"Command & Control Communication","imageName":"command_and_control_communication_64","imageURL":"http://sc1.checkpoint.com/check-me/Report/SVG/command_and_control_communication_64.svg","sortOrder":2,"testsList":[{"progress_d
May 22, 2024 17:27:23.775901079 CEST	1236	IN	Data Raw: 6e 67 20 6f 66 20 7a 69 70 70 65 64 20 50 44 46 20 66 69 6c 65 20 74 68 61 74 20 63 6f 6e 74 61 69 6e 73 20 6d 61 6c 69 63 69 6f 75 73 20 61 74 74 72 69 62 75 74 65 73 20 61 73 20 65 6d 62 65 64 64 65 64 20 6d 61 63 72 6f 20 61 6e 64 20 6a 61 76 Data Ascii: ng of zipped PDF file that contains malicious attributes as embedded macro and java script through your network.","additionalText":"NULL","appendixText":"NULL","result":null,"id":26,"startTime":0,"endTime":0,"status":null,"sortOrder":2,"additi
May 22, 2024 17:27:23.775911093 CEST	1236	IN	Data Raw: 6d 75 6c 61 74 69 6e 67 20 61 63 63 65 73 73 20 74 6f 20 61 20 77 65 62 73 69 74 65 20 74 68 61 74 20 63 61 6e 20 62 65 20 69 6e 66 65 63 74 65 64 20 77 69 74 68 20 6a 61 76 61 20 73 63 72 69 70 74 20 63 6f 64 65 2e 22 2c 22 6c 6f 6e 67 5f 64 65 Data Ascii: mulating access to a website that can be infected with java script code.","long_desc":"This test simulates connection to website that can be infected with java script code.","additionalText":"NULL","appendixText":"NULL","result":null,"id":1,"s
May 22, 2024 17:27:23.775921106 CEST	1236	IN	Data Raw: 22 61 70 70 65 6e 64 69 78 54 65 78 74 22 3a 22 4e 55 4c 4c 22 2c 22 72 65 73 75 6c 74 22 3a 6e 75 6c 6c 2c 22 69 64 22 3a 35 36 2c 22 73 74 61 72 74 54 69 6d 65 22 3a 30 2c 22 65 6e 64 54 69 6d 65 22 3a 30 2c 22 73 74 61 74 75 73 22 3a 6e 75 6c Data Ascii: "appendixText":"NULL","result":null,"id":56,"startTime":0,"endTime":0,"status":null,"sortOrder":1,"additionalResults":null,"additionalResultsRaw":null,"startTimeDate":1716391643691,"endTimeDate":1716391643691,"totalTime":0}],"moreInfo":"Anonym
May 22, 2024 17:27:23.776588917 CEST	1236	IN	Data Raw: 6c 69 63 20 73 69 74 65 73 2e 22 2c 22 61 64 64 69 74 69 6f 6e 61 6c 54 65 78 74 22 3a 22 4e 55 4c 4c 22 2c 22 61 70 70 65 6e 64 69 78 54 65 78 74 22 3a 22 4e 55 4c 4c 22 2c 22 72 65 73 75 6c 74 22 3a 6e 75 6c 6c 2c 22 69 64 22 3a 38 36 2c 22 73 Data Ascii: lic sites.","additionalText":"NULL","appendixText":"NULL","result":null,"id":86,"startTime":0,"endTime":0,"status":null,"sortOrder":2,"additionalResults":null,"additionalResultsRaw":null,"startTimeDate":1716391643691,"endTimeDate":171639164369
May 22, 2024 17:27:23.776611090 CEST	1236	IN	Data Raw: 61 6c 20 6f 70 65 72 61 74 69 6f 6e 73 2e 22 2c 22 72 69 67 68 74 49 6d 61 67 65 22 3a 6e 75 6c 6c 2c 22 62 6f 74 74 6f 6d 49 6d 61 67 65 22 3a 6e 75 6c 6c 7d 2c 7b 22 69 64 22 3a 38 2c 22 6e 61 6d 65 22 3a 22 43 6f 6d 6d 61 6e 64 20 26 20 43 6f Data Ascii: al operations.","rightImage":null,"bottomImage":null},{"id":8,"name":"Command & Control Communication","imageName":"command_and_control_communication_64","imageURL":"http://sc1.checkpoint.com/check-me/Report/SVc6fG/command_and_control_comm
May 22, 2024 17:27:23.776619911 CEST	1236	IN	Data Raw: 74 68 65 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 2e 22 2c 22 6c 6f 6e 67 5f 64 65 73 63 22 3a 22 54 68 69 73 20 74 65 73 74 20 73 69 6d 75 6c 61 74 65 73 20 61 6e 20 65 78 70 6c 6f 69 74 20 61 74 74 61 63 6b 20 62 79 20 62 72 6f 77 Data Ascii: the Internet Explorer.","long_desc":"This test simulates an exploit attack by browsing to an injected website ","additionalText":"NULL","appendixText":"NULL","result":null,"id":143,"startTime":0,"endTime":0,"status":null,"sortOrder":2,"additio
May 22, 2024 17:27:23.778125048 CEST	935	IN	Data Raw: 20 65 6e 63 72 79 70 74 73 20 75 73 65 72 73 e2 80 99 20 66 69 6c 65 73 20 61 6e 64 20 72 65 71 75 69 72 65 73 20 61 20 72 61 6e 73 6f 6d 20 70 61 79 6d 65 6e 74 20 74 6f 20 64 65 63 72 79 70 74 20 74 68 65 20 66 69 6c 65 73 2e 22 2c 22 72 69 67 Data Ascii: encrypts users files and requires a ransom payment to decrypt the files.","rightImage":null,"bottomImage":null},{"id":5,"name":"Persistent Malware","imageName":"Persistence_Threat","imageURL":"http://sc1.checkpoint.com/check-me/Report/SVG/
May 22, 2024 17:27:23.788184881 CEST	518	OUT	GET /checkme/rest/utils/getCaptchaType HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=nqkbPslmcaeQsyH/RXSyBsP3XeMuXx/24eOvbCdyloxX4y39vVy5M+M4WV5Diegpp2TD86Rax9syCzIfd325AlbkkOH7t/nbwbrY7fAL0umo2f2g/sIpzgq803iS
May 22, 2024 17:27:23.988320112 CEST	590	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:23 GMT Content-Type: application/json Content-Length: 8 Connection: keep-alive Set-Cookie: AWSALB=ak9SY8TPsQNe93WRPRpIg1FnmR5cg6ewXFJLL/a90Yp+yxcH9d8ImadfD+w1eSXjqUO0sstMW7nlQagVlJkAnZ3RAvNQvtn8/91qdnpD0dkc74DuSaV+Z53JHFgH; Expires=Wed, 29 May 2024 15:27:23 GMT; Path=/ Set-Cookie: AWSALBCORS=ak9SY8TPsQNe93WRPRpIg1FnmR5cg6ewXFJLL/a90Yp+yxcH9d8ImadfD+w1eSXjqUO0sstMW7nlQagVlJkAnZ3RAvNQvtn8/91qdnpD0dkc74DuSaV+Z53JHFgH; Expires=Wed, 29 May 2024 15:27:23 GMT; Path=/; SameSite=None Server: Apache Access-Control-Allow-Origin: * Data Raw: 22 47 4f 4f 47 4c 45 22 Data Ascii: "GOOGLE"
May 22, 2024 17:27:36.131190062 CEST	512	OUT	GET /checkme/rest/test/startScan HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=sc8NwWVq+v4WUX8RsnnqqQjt23RnYsJWdQGvOmPVSOjA9+AMus/hV7yrMIehIaJULtIV8pppvOplgNrGLLRr2lylZJWL/W5STfBjbguv9QM7Ad0tbXdaYI21Lg7W
May 22, 2024 17:27:36.311877966 CEST	599	IN	HTTP/1.1 405 Method Not Allowed Date: Wed, 22 May 2024 15:27:36 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 6 Connection: keep-alive Set-Cookie: AWSALB=tzd0j4iWDHNd2061Ph9LSA9Q65/6nW61xc7JSjgJNCTXeTSzGBMH8xEfzKkt107WXeUtvl9Y6MWmVD9iddT5MaGgxCdyYjTbL6EN5Udqzsp68y7Vh9QB/iSgNdW1; Expires=Wed, 29 May 2024 15:27:36 GMT; Path=/ Set-Cookie: AWSALBCORS=tzd0j4iWDHNd2061Ph9LSA9Q65/6nW61xc7JSjgJNCTXeTSzGBMH8xEfzKkt107WXeUtvl9Y6MWmVD9iddT5MaGgxCdyYjTbL6EN5Udqzsp68y7Vh9QB/iSgNdW1; Expires=Wed, 29 May 2024 15:27:36 GMT; Path=/; SameSite=None Server: Apache Allow: TRACE Data Raw: 26 6e 62 73 70 3b Data Ascii:
May 22, 2024 17:27:36.319583893 CEST	517	OUT	GET /checkme/rest/test/updateStatuses HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=jMrsGMf4HBXr3E8kN3u1knV6ORUbOzYHexJToT6pYanc7EwjCLlIunqEls3kew9A2JhXDg2hjSNTbamGtJqEPTE09X6hz0rmhDdHstrEOzA1ADhSzxn+cukEu0d7
May 22, 2024 17:27:36.503386974 CEST	599	IN	HTTP/1.1 405 Method Not Allowed Date: Wed, 22 May 2024 15:27:36 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 6 Connection: keep-alive Set-Cookie: AWSALB=i558L86v2j8D6ongz1E93KPCv88l5W+UelXAcR9Awmxn9haPtL4kuJjUF3Fg/FBPKJuGqgv2P8PZ6olc1W7shLsOwqbdLt1kSM1wGpZH7cvDodAllhAXS1XpbbIA; Expires=Wed, 29 May 2024 15:27:36 GMT; Path=/ Set-Cookie: AWSALBCORS=i558L86v2j8D6ongz1E93KPCv88l5W+UelXAcR9Awmxn9haPtL4kuJjUF3Fg/FBPKJuGqgv2P8PZ6olc1W7shLsOwqbdLt1kSM1wGpZH7cvDodAllhAXS1XpbbIA; Expires=Wed, 29 May 2024 15:27:36 GMT; Path=/; SameSite=None Server: Apache Allow: TRACE Data Raw: 26 6e 62 73 70 3b Data Ascii:
May 22, 2024 17:27:46.229779005 CEST	616	OUT	GET /checkme/rest/test/getScanStatus?ts=1716391665606&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=x3L0QCYDVkvVRNRGzz0BKBrIucCZorXH9VrET52jl7rscxdCRRTtIQ85NnLZq4kRx187ftH75xALeZe6QGiG5t8nL02KsMevp3/rItyCVg1IftkfQnGRjS5mT/i3
May 22, 2024 17:27:46.443567991 CEST	631	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:46 GMT Content-Length: 0 Connection: keep-alive Set-Cookie: AWSALB=+ESM9fTkWMrifQjs9xv+BOBt/iuLeuxrfpoWLjmjaDSaaH8mm4pCvt7kWQQwWRNseD7JSDCSggFLIBec9CyRekMU/HT+p1E6Z4D+MfAZnJUgwqi5eWfIQg/wGcY4; Expires=Wed, 29 May 2024 15:27:46 GMT; Path=/ Set-Cookie: AWSALBCORS=+ESM9fTkWMrifQjs9xv+BOBt/iuLeuxrfpoWLjmjaDSaaH8mm4pCvt7kWQQwWRNseD7JSDCSggFLIBec9CyRekMU/HT+p1E6Z4D+MfAZnJUgwqi5eWfIQg/wGcY4; Expires=Wed, 29 May 2024 15:27:46 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: *
May 22, 2024 17:27:51.473999977 CEST	616	OUT	GET /checkme/rest/test/getScanStatus?ts=1716391670793&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=fS0XR/8MNPGNfiCAn31eT9IrVnRLIezYwWqrKxPzDiDg+LZ4xO3UcbHm0ihfvVzDjWUSQxTFNzH/1eV870hDvARBw3FH/+3NIHFHKy2nHiCUGA4E8z5Gba1X/uFp
May 22, 2024 17:27:51.655092955 CEST	631	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:51 GMT Content-Length: 0 Connection: keep-alive Set-Cookie: AWSALB=DrxrrxdYOi18LtQfPSo+DNSPBORE7Z70/qW66K1uH+SlmoEJwoLcrASiouRyKNERRBOSQyLwIxy3uWFuFF54uCu9Q51TqG/+gnnnuOa9wcYZmfOvHQjc2zgP6JXF; Expires=Wed, 29 May 2024 15:27:51 GMT; Path=/ Set-Cookie: AWSALBCORS=DrxrrxdYOi18LtQfPSo+DNSPBORE7Z70/qW66K1uH+SlmoEJwoLcrASiouRyKNERRBOSQyLwIxy3uWFuFF54uCu9Q51TqG/+gnnnuOa9wcYZmfOvHQjc2zgP6JXF; Expires=Wed, 29 May 2024 15:27:51 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: *
May 22, 2024 17:27:56.665471077 CEST	616	OUT	GET /checkme/rest/test/getScanStatus?ts=1716391676043&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=qHNXzFQPR8bUEUBeimgOzm3UX2HL/a3tLkxZjxG2G2tIzw9oQBZAtu0/QXva+/qPH9OzUbc0rQcrpbDEap0ZEKrCCDYv96kGcf0ImmPp9anA5VY+y8HdyXW+9dfZ
May 22, 2024 17:27:56.847618103 CEST	631	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:56 GMT Content-Length: 0 Connection: keep-alive Set-Cookie: AWSALB=wiUJTf+Zln1u9bnrCjRfGvCWkbzer2LZ/9+ZIyESVk5xNHvIgLPX1SstXDNLZp03vt0q+HsRdDV9ckccZqApd1qjH4No4QnMruPPcqGt5FAmYZFdxIGO/4Yjp7CY; Expires=Wed, 29 May 2024 15:27:56 GMT; Path=/ Set-Cookie: AWSALBCORS=wiUJTf+Zln1u9bnrCjRfGvCWkbzer2LZ/9+ZIyESVk5xNHvIgLPX1SstXDNLZp03vt0q+HsRdDV9ckccZqApd1qjH4No4QnMruPPcqGt5FAmYZFdxIGO/4Yjp7CY; Expires=Wed, 29 May 2024 15:27:56 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: *
May 22, 2024 17:28:01.900263071 CEST	608	OUT	GET /checkme/rest/test/getScanStatus?ts=1716391681227&id=NmI1ODMxY2EtZDM0YS00OGMxLWExYjMtNjk3ZmE2ZjhkOTY4MTcxNjM5MTY1NTkzNw%3D%3D&type=2 HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; AWSALB=I8BfgbBPrnfAuyYj8Y2QYwDDgLbx4qdg0ehvojFdl9FxCozEKMBDB44icljiAClTZfRDxBZ6+ZVHDSlu3QnVJyYo3NnNZwNs/8EPmUNj1SasgjZ3Zb/WCF2FWtNg
May 22, 2024 17:28:02.086146116 CEST	670	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:28:01 GMT Content-Type: application/json Content-Length: 7 Connection: keep-alive Set-Cookie: AWSALB=US6SxikHSO6q7zHrRCWUcPxurw/2oMVwks1XPRLTUGJOSktek/LulRfpi6LMB5ZBRRUtG98h3GKLt6/NskyK78FSXGvXt0DRFLXrsTltd2/fh9p+ZPGqgQHIgMpu; Expires=Wed, 29 May 2024 15:28:01 GMT; Path=/ Set-Cookie: AWSALBCORS=US6SxikHSO6q7zHrRCWUcPxurw/2oMVwks1XPRLTUGJOSktek/LulRfpi6LMB5ZBRRUtG98h3GKLt6/NskyK78FSXGvXt0DRFLXrsTltd2/fh9p+ZPGqgQHIgMpu; Expires=Wed, 29 May 2024 15:28:01 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 57 41 49 54 49 4e 47 Data Ascii: WAITING
May 22, 2024 17:28:47.086817980 CEST	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:27:00.361793995 CEST	444	OUT	GET /checkme/rest/utils/getCaptchaType HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: AWSALB=O+UvY6TXnA9rmHnE72bgdMFFYpRam+J/trsVh2XJULbxW4Ij5wItM9iFOrFSWTfNnmS5qPz4cgn3K41atTYm6lzHDVpi6unFvi+2XvwUl9hPhO4/G+FkZjtvBfNS
May 22, 2024 17:27:01.009357929 CEST	590	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:00 GMT Content-Type: application/json Content-Length: 8 Connection: keep-alive Set-Cookie: AWSALB=oZwKzeTpVngadSgeD4roJp3GVgWR3NzYjEQPnSG6Zu1xS2uZQirezWaTe/9AcIMkybv5PxLV5mic9qBNHt4TY8wyIM9Wc4WkDqhvVYs0ktGiOIUTKWAu9I9YqTxj; Expires=Wed, 29 May 2024 15:27:00 GMT; Path=/ Set-Cookie: AWSALBCORS=oZwKzeTpVngadSgeD4roJp3GVgWR3NzYjEQPnSG6Zu1xS2uZQirezWaTe/9AcIMkybv5PxLV5mic9qBNHt4TY8wyIM9Wc4WkDqhvVYs0ktGiOIUTKWAu9I9YqTxj; Expires=Wed, 29 May 2024 15:27:00 GMT; Path=/; SameSite=None Server: Apache Access-Control-Allow-Origin: * Data Raw: 22 47 4f 4f 47 4c 45 22 Data Ascii: "GOOGLE"
May 22, 2024 17:27:23.587059021 CEST	539	OUT	GET /checkme/rest/test/getScanTypesDetails?ts=1716391642957 HTTP/1.1 Host: www.cpcheckme.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.2.1557742294.1716391620; _gid=GA1.2.862825209.1716391620; _gat=1; AWSALB=cFGMXUN96TLXW7m1KAtQw1o0Wwl0SflKhVow0etQKvxcO8SPmedQnvmG0pYlGn5m7IXRRjFKDNYyMhf+fwOGNYF9NXBlLcPjP7nQ/QIglWbIdJrzhSWiiNfg6CY9
May 22, 2024 17:27:23.774173021 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:23 GMT Content-Type: application/json Content-Length: 1883 Connection: keep-alive Set-Cookie: AWSALB=uL7RIUelhIBOtrM7bzx++nhIB8/ZqGdB3tVWJfJ5fHqXYWYDEFT/53IDMMWsaa+4b/P2gDco7kEeGnRiL2ELbrMMnp3T3ib0gqOZ/SHkli3ooJ5UaAWIjtUrKRBc; Expires=Wed, 29 May 2024 15:27:23 GMT; Path=/ Set-Cookie: AWSALBCORS=uL7RIUelhIBOtrM7bzx++nhIB8/ZqGdB3tVWJfJ5fHqXYWYDEFT/53IDMMWsaa+4b/P2gDco7kEeGnRiL2ELbrMMnp3T3ib0gqOZ/SHkli3ooJ5UaAWIjtUrKRBc; Expires=Wed, 29 May 2024 15:27:23 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 5b 7b 22 69 64 22 3a 31 2c 22 6e 61 6d 65 22 3a 22 4e 65 74 77 6f 72 6b 22 2c 22 69 6d 67 22 3a 22 4e 65 74 77 6f 72 6b 5f 49 63 6f 6e 2e 73 76 67 22 2c 22 69 6d 67 50 61 74 68 22 3a 22 68 74 74 70 3a 2f 2f 73 63 31 2e 63 68 65 63 6b 70 6f 69 6e 74 2e 63 6f 6d 2f 63 68 65 63 6b 2d 6d 65 2f 53 56 47 2f 4e 65 74 77 6f 72 6b 5f 49 63 6f 6e 2e 73 76 67 22 2c 22 63 6f 6d 6d 65 6e 74 22 3a 22 22 2c 22 6d 6f 72 65 49 6e 66 6f 22 3a 22 43 68 65 63 6b 4d 65 20 72 75 6e 73 20 61 20 73 65 72 69 65 73 20 6f 66 20 73 69 6d 75 6c 61 74 69 6f 6e 73 20 6f 6e 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 61 6e 64 20 70 72 65 73 65 6e 74 73 20 79 6f 75 72 20 73 65 63 75 72 69 74 79 20 73 74 61 74 75 73 2e 20 53 74 61 72 74 20 74 68 65 20 61 73 73 65 73 73 6d 65 6e 74 20 74 6f 20 66 69 6e 64 20 79 6f 75 72 20 65 78 70 6f 73 75 72 65 20 74 6f 20 5a 65 72 6f 20 44 61 79 20 61 74 74 61 63 6b 73 2c 20 42 72 6f 77 73 65 72 20 45 78 70 6c 6f 69 74 2c 20 44 61 74 61 20 4c 65 61 6b 61 67 65 20 61 6e 64 20 6d 6f 72 65 2e 22 2c 22 74 [TRUNCATED] Data Ascii: [{"id":1,"name":"Network","img":"Network_Icon.svg","imgPath":"http://sc1.checkpoint.com/check-me/SVG/Network_Icon.svg","comment":"","moreInfo":"CheckMe runs a series of simulations on the network and presents your security status. Start the assessment to find your exposure to Zero Day attacks, Browser Exploit, Data Leakage and more.","title":"NETWORK DETAILS","lead_name":"CheckMe Network","testable":true},{"id":2,"name":"Endpoint","img":"Endpoint_Icon.svg","imgPath":"http://sc1.checkpoint.com/check-me/SVG/Endpoint_Icon.svg","comment":"*Requires downloading & runni
May 22, 2024 17:27:23.775266886 CEST	1236	IN	Data Raw: 6e 67 20 61 6e 20 65 78 65 63 75 74 61 62 6c 65 22 2c 22 6d 6f 72 65 49 6e 66 6f 22 3a 22 43 68 65 63 6b 4d 65 20 72 75 6e 73 20 61 20 73 65 72 69 65 73 20 6f 66 20 73 69 6d 75 6c 61 74 69 6f 6e 73 20 6f 6e 20 74 68 65 20 45 6e 64 70 6f 69 6e 74 Data Ascii: ng an executable","moreInfo":"CheckMe runs a series of simulations on the Endpoint and presents your security status. Start the assessment to find your exposure to Ransomware, Zero Day attacks, Browser Exploits and more.","title":"ENDPOINT DET
May 22, 2024 17:27:23.775278091 CEST	77	IN	Data Raw: 65 73 2e 22 2c 22 74 69 74 6c 65 22 3a 22 4d 4f 42 49 4c 45 20 44 45 54 41 49 4c 53 22 2c 22 6c 65 61 64 5f 6e 61 6d 65 22 3a 22 43 68 65 63 6b 4d 65 20 4d 6f 62 69 6c 65 22 2c 22 74 65 73 74 61 62 6c 65 22 3a 66 61 6c 73 65 7d 5d Data Ascii: es.","title":"MOBILE DETAILS","lead_name":"CheckMe Mobile","testable":false}]
May 22, 2024 17:28:08.782850027 CEST	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:27:41.068691015 CEST	533	OUT	GET /cpcheckme.exe?uid=yt22zMIg HTTP/1.1 Host: cpcheckmefiles-lb-1966426125.eu-west-1.elb.amazonaws.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://www.cpcheckme.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 22, 2024 17:27:41.685300112 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:41 GMT Content-Type: application/octet-stream Content-Length: 1216832 Connection: keep-alive Content-Disposition: attachment; filename="cpcheckme_yt22zMIg.exe" Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 87 1d 78 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 5e 12 00 00 08 00 00 00 00 00 00 7a 7c 12 00 00 20 00 00 00 80 12 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 12 00 00 02 00 00 a6 93 12 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 28 7c 12 00 4f 00 00 00 00 80 12 00 f8 05 00 00 00 00 00 00 00 00 00 00 00 68 12 00 40 29 00 00 00 a0 12 00 0c 00 00 00 f0 7a 12 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELxe"0^z\| @ `(\|Oh@)z H.text\ ^ `.rsrc`@@.relocf@B\\|H,Lxx0k(.(o/(.rp(+o3(,oO,(o&(o(.o2(.o1QQ0(.(o/(.rp(+o3~~~r/prprps%oo(.rp((+o3(.o1( (~-rp(!o"s#~~j(rp~o$tj(rp~o$t*V(r!p [TRUNCATED]
May 22, 2024 17:27:41.686840057 CEST	224	IN	Data Raw: 6a 28 07 00 00 06 72 41 03 00 70 7e 02 00 00 04 6f 24 00 00 0a 74 01 00 00 1b 2a 6a 28 07 00 00 06 72 63 03 00 70 7e 02 00 00 04 6f 24 00 00 0a 74 01 00 00 1b 2a 56 28 07 00 00 06 72 99 03 00 70 7e 02 00 00 04 6f 25 00 00 0a 2a 56 28 07 00 00 06 Data Ascii: j(rAp~o$tj(rcp~o$tV(rp~o%V(rp~o%j(rp~o$tV(rp~o%j(rp~o$tj(rp~o$tV(rp~o%*j
May 22, 2024 17:27:41.690310955 CEST	1236	IN	Data Raw: 28 07 00 00 06 72 35 04 00 70 7e 02 00 00 04 6f 24 00 00 0a 74 01 00 00 1b 2a 6a 28 07 00 00 06 72 53 04 00 70 7e 02 00 00 04 6f 24 00 00 0a 74 01 00 00 1b 2a 2e 72 71 04 00 70 28 19 00 00 06 2a 5a 28 1f 00 00 06 28 26 00 00 0a 02 28 27 00 00 0a Data Ascii: (r5p~o$tj(rSp~o$t.rqp(Z((&('((B(~((F~(((.~(^(((%()( 2(((B~( ~(-(+o,-r{p(-szB('~((
May 22, 2024 17:27:41.693834066 CEST	1236	IN	Data Raw: 6f 48 00 00 06 25 28 4c 00 00 0a 6f 4d 00 00 0a 6f 44 00 00 06 6f 4e 00 00 0a 02 7b 14 00 00 04 6f 42 00 00 0a 26 de 0a 07 2c 06 06 28 40 00 00 0a dc 2a 00 00 01 10 00 00 02 00 1e 00 61 7f 00 0a 00 00 00 00 1b 30 04 00 a0 00 00 00 07 00 00 11 02 Data Ascii: oH%(LoMoDoN{oB&,(@a0{,&{2(/-{,{oC-{(>{sL%o:%(<oF%o@%o>%o<%(LoMoDoN{oB&,(@*
May 22, 2024 17:27:41.693912029 CEST	1236	IN	Data Raw: 00 04 07 6f 5b 00 00 0a 6f 72 00 00 0a 0b 07 2a 00 01 1c 00 00 00 00 02 00 09 0b 00 33 23 00 00 01 00 00 02 00 09 3e 00 25 11 00 00 01 13 30 03 00 68 00 00 00 0c 00 00 11 02 28 39 00 00 06 0a 06 2c 46 06 17 33 54 02 02 28 41 00 00 06 17 28 4b 00 Data Ascii: o[or3#>%0h(9,F3T(A(K(Aos,(Aos(K+~rp((=(?(t~0Pr+pohoioj(`('ok(`-rp+(G(`('(
May 22, 2024 17:27:41.693929911 CEST	1236	IN	Data Raw: 00 51 51 00 0f 11 00 00 01 3a 02 28 20 00 00 0a 02 03 7d 29 00 00 04 2a 00 13 30 02 00 14 00 00 00 13 00 00 11 02 28 60 00 00 06 0a 06 2d 01 2a 06 03 6f 8f 00 00 0a 26 2a 13 30 06 00 5e 00 00 00 14 00 00 11 73 23 02 00 06 0a 06 04 7d 30 01 00 04 Data Ascii: QQ:( })0(`-o&0^s#}0{0-$s(+%s(+&s(+jsm0o&0{)(&
May 22, 2024 17:27:41.700731993 CEST	1236	IN	Data Raw: d8 de 0a 06 2c 06 06 6f 57 00 00 0a dc 02 03 28 86 00 00 06 de 03 26 de 00 2a 00 00 00 01 1c 00 00 02 00 2a 00 2c 56 00 0a 00 00 00 00 00 00 00 00 69 69 00 03 11 00 00 01 1b 30 02 00 7f 00 00 00 1b 00 00 11 73 b3 00 00 0a 0a 02 28 88 00 00 06 2d Data Ascii: ,oW(&,Vii0s(-krpv(soo+.ot7rpo(o(oo-,oW&2:lrx0rp
May 22, 2024 17:27:41.705080986 CEST	1236	IN	Data Raw: 00 3c 00 00 00 23 00 00 11 02 7b 34 00 00 04 0a 16 0b 06 12 01 28 3e 00 00 0a 02 03 16 04 28 94 00 00 06 0c de 1d 0d 28 2e 00 00 06 1a 09 6f 32 00 00 06 de 00 14 0c de 0a 07 2c 06 06 28 40 00 00 0a dc 08 2a 01 1c 00 00 00 00 11 00 0c 1d 00 0f 11 Data Ascii: <#{4(>((.o2,(@*'00.$(.rp%o3r@psornp(%~5o(rporp(o~5o-(.rp(
May 22, 2024 17:27:41.705111027 CEST	776	IN	Data Raw: 6a 02 28 9a 00 00 06 16 14 72 f7 05 00 70 16 15 73 6f 00 00 06 28 9f 00 00 06 de 0a 07 2c 06 06 28 40 00 00 0a dc 2a 00 00 01 10 00 00 02 00 21 00 7e 9f 00 0a 00 00 00 00 13 30 04 00 40 00 00 00 00 00 00 00 02 28 9a 00 00 06 15 2e 01 2a 02 02 72 Data Ascii: j(rpso(,(@!~0@(.rp(}7{7so{7o&*0({E(>~<(+~=(+~>(+~?(+~@(+~A(+(.
May 22, 2024 17:27:41.711179972 CEST	1236	IN	Data Raw: d5 00 00 0a 6f c7 00 00 0a 03 6f c8 00 00 0a 6f c9 00 00 0a a5 0d 00 00 1b 2a 5e 72 9c 13 00 70 03 04 28 1f 00 00 0a 73 d3 00 00 0a 73 d4 00 00 0a 2a 00 00 00 13 30 01 00 47 00 00 00 00 00 00 00 72 f4 13 00 70 80 3c 00 00 04 72 ff 0b 00 70 80 3d Data Ascii: ooo^rp(ss0Grp<rp=rp>r.p?r6p@rNpArbpDs%}C%}D+s(+s,%}E%}F-s(+0*(o[(
May 22, 2024 17:27:41.711199045 CEST	1236	IN	Data Raw: 00 31 00 00 11 03 1a 73 e8 00 00 0a 0a 02 7b 4d 00 00 04 6f e6 00 00 0a 02 7b 4d 00 00 04 6f e7 00 00 0a 06 28 c8 00 00 06 26 de 0a 06 2c 06 06 6f 57 00 00 0a dc 2a 00 00 01 10 00 00 02 00 08 00 1f 27 00 0a 00 00 00 00 1b 30 03 00 4e 00 00 00 32 Data Ascii: 1s{Mo{Mo(&,oW'0N2ssoo(oo(,oW,oW*9;C023 s(,oW

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:27:57.261384964 CEST	199	OUT	POST /checkme/rest/endpoint/start HTTP/1.1 Content-Type: application/json Host: www.cpcheckme.com Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 20 Connection: Keep-Alive
May 22, 2024 17:27:57.309887886 CEST	20	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 22 79 74 32 32 7a 4d 49 67 22 7d Data Ascii: {"token":"yt22zMIg"}
May 22, 2024 17:27:57.984395027 CEST	695	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:57 GMT Content-Type: application/json Content-Length: 31 Connection: keep-alive Set-Cookie: AWSALB=ukf2/B78Xxk8PoniLkg/KrWAnabMoGxVP+4uz1e30wdORWbT/KQ7XCwjVV2vbxDcJm2hQgLgw75VVZI/ZOfpdQc6ZNoUvdnPJi2qRA6EDQsO8xc92sxk4Z8+Z9Sc; Expires=Wed, 29 May 2024 15:27:57 GMT; Path=/ Set-Cookie: AWSALBCORS=ukf2/B78Xxk8PoniLkg/KrWAnabMoGxVP+4uz1e30wdORWbT/KQ7XCwjVV2vbxDcJm2hQgLgw75VVZI/ZOfpdQc6ZNoUvdnPJi2qRA6EDQsO8xc92sxk4Z8+Z9Sc; Expires=Wed, 29 May 2024 15:27:57 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 7b 22 74 65 73 74 73 49 64 73 22 3a 5b 5d 2c 22 73 74 61 74 75 73 22 3a 22 77 61 69 74 22 7d Data Ascii: {"testsIds":[],"status":"wait"}
May 22, 2024 17:27:59.057859898 CEST	175	OUT	POST /checkme/rest/endpoint/start HTTP/1.1 Content-Type: application/json Host: www.cpcheckme.com Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 20
May 22, 2024 17:27:59.065993071 CEST	20	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 22 79 74 32 32 7a 4d 49 67 22 7d Data Ascii: {"token":"yt22zMIg"}
May 22, 2024 17:27:59.414541960 CEST	695	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:27:59 GMT Content-Type: application/json Content-Length: 31 Connection: keep-alive Set-Cookie: AWSALB=qvSHrcujkrEf0ljxt3tvRXp9vifHuL5OzO+ZTJIAzujF/PrCVu8UY6JKA8Mw76jlTh9+db75VjjDFBV8Hv9P9keTkZ5yZxktoUNiwhFYWXWr2HxU6cHtasAVc79o; Expires=Wed, 29 May 2024 15:27:59 GMT; Path=/ Set-Cookie: AWSALBCORS=qvSHrcujkrEf0ljxt3tvRXp9vifHuL5OzO+ZTJIAzujF/PrCVu8UY6JKA8Mw76jlTh9+db75VjjDFBV8Hv9P9keTkZ5yZxktoUNiwhFYWXWr2HxU6cHtasAVc79o; Expires=Wed, 29 May 2024 15:27:59 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 7b 22 74 65 73 74 73 49 64 73 22 3a 5b 5d 2c 22 73 74 61 74 75 73 22 3a 22 77 61 69 74 22 7d Data Ascii: {"testsIds":[],"status":"wait"}

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:28:00.441920042 CEST	175	OUT	POST /checkme/rest/endpoint/start HTTP/1.1 Content-Type: application/json Host: www.cpcheckme.com Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 20
May 22, 2024 17:28:00.483830929 CEST	20	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 22 79 74 32 32 7a 4d 49 67 22 7d Data Ascii: {"token":"yt22zMIg"}
May 22, 2024 17:28:01.165374041 CEST	695	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:28:01 GMT Content-Type: application/json Content-Length: 31 Connection: keep-alive Set-Cookie: AWSALB=uBL6cg1EAoLqK/CPQpb/ExdIxynhvu2VGanmLpB4nJ1n9kaOWdmPsAsTi1XP3IH9Pxt49DWoJj624O7vn4eHvrpUUKfXVy9IGkaOc7pCOjpGfc68E3c3TSmAkcIf; Expires=Wed, 29 May 2024 15:28:00 GMT; Path=/ Set-Cookie: AWSALBCORS=uBL6cg1EAoLqK/CPQpb/ExdIxynhvu2VGanmLpB4nJ1n9kaOWdmPsAsTi1XP3IH9Pxt49DWoJj624O7vn4eHvrpUUKfXVy9IGkaOc7pCOjpGfc68E3c3TSmAkcIf; Expires=Wed, 29 May 2024 15:28:00 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 7b 22 74 65 73 74 73 49 64 73 22 3a 5b 5d 2c 22 73 74 61 74 75 73 22 3a 22 77 61 69 74 22 7d Data Ascii: {"testsIds":[],"status":"wait"}

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:28:02.222364902 CEST	199	OUT	POST /checkme/rest/endpoint/start HTTP/1.1 Content-Type: application/json Host: www.cpcheckme.com Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 20 Connection: Keep-Alive
May 22, 2024 17:28:02.245210886 CEST	20	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 22 79 74 32 32 7a 4d 49 67 22 7d Data Ascii: {"token":"yt22zMIg"}
May 22, 2024 17:28:03.071960926 CEST	695	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:28:02 GMT Content-Type: application/json Content-Length: 31 Connection: keep-alive Set-Cookie: AWSALB=sROyFWgCxDXlgMeLWflxCnHbfz/AHQNCBdHNP0aMp4ZLsoSWDkSNp3rtrsCDA4GVc1mPVCS5lgdpNwZVbsL6y2U+eS7m1TZGAXt2P41gd8YCo/7OQDMAv2sFcmlA; Expires=Wed, 29 May 2024 15:28:02 GMT; Path=/ Set-Cookie: AWSALBCORS=sROyFWgCxDXlgMeLWflxCnHbfz/AHQNCBdHNP0aMp4ZLsoSWDkSNp3rtrsCDA4GVc1mPVCS5lgdpNwZVbsL6y2U+eS7m1TZGAXt2P41gd8YCo/7OQDMAv2sFcmlA; Expires=Wed, 29 May 2024 15:28:02 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 7b 22 74 65 73 74 73 49 64 73 22 3a 5b 5d 2c 22 73 74 61 74 75 73 22 3a 22 77 61 69 74 22 7d Data Ascii: {"testsIds":[],"status":"wait"}

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:28:04.099942923 CEST	199	OUT	POST /checkme/rest/endpoint/start HTTP/1.1 Content-Type: application/json Host: www.cpcheckme.com Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 20 Connection: Keep-Alive
May 22, 2024 17:28:04.114620924 CEST	20	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 22 79 74 32 32 7a 4d 49 67 22 7d Data Ascii: {"token":"yt22zMIg"}
May 22, 2024 17:28:04.851350069 CEST	695	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:28:04 GMT Content-Type: application/json Content-Length: 31 Connection: keep-alive Set-Cookie: AWSALB=swOX0Sk0Hwnm+5XmzzD/yZriay0IeGKnuTJmCOIutXPSgHyOHm1Awi+L784W2Nt5n36kBAbhzr9/JVK8mzn8Hy0heGasqT8zmp7LT0fXw8//RmhJ/vNrYZVz24Qg; Expires=Wed, 29 May 2024 15:28:04 GMT; Path=/ Set-Cookie: AWSALBCORS=swOX0Sk0Hwnm+5XmzzD/yZriay0IeGKnuTJmCOIutXPSgHyOHm1Awi+L784W2Nt5n36kBAbhzr9/JVK8mzn8Hy0heGasqT8zmp7LT0fXw8//RmhJ/vNrYZVz24Qg; Expires=Wed, 29 May 2024 15:28:04 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 7b 22 74 65 73 74 73 49 64 73 22 3a 5b 5d 2c 22 73 74 61 74 75 73 22 3a 22 77 61 69 74 22 7d Data Ascii: {"testsIds":[],"status":"wait"}

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:28:05.915657043 CEST	199	OUT	POST /checkme/rest/endpoint/start HTTP/1.1 Content-Type: application/json Host: www.cpcheckme.com Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 20 Connection: Keep-Alive
May 22, 2024 17:28:05.922346115 CEST	20	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 22 79 74 32 32 7a 4d 49 67 22 7d Data Ascii: {"token":"yt22zMIg"}
May 22, 2024 17:28:06.632606983 CEST	695	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:28:06 GMT Content-Type: application/json Content-Length: 31 Connection: keep-alive Set-Cookie: AWSALB=iXXk+gU3aEuyTE59xmg0jRx0k9Qs2u+LejekFYxDbObG1N00QSBfNffx1ZnIIJ1zyVuVu4foB/Jl7a+4kbtAlHkdpPT1aLqMpKAnPlGmd5D1B3eMm8pcIHm3n6MX; Expires=Wed, 29 May 2024 15:28:06 GMT; Path=/ Set-Cookie: AWSALBCORS=iXXk+gU3aEuyTE59xmg0jRx0k9Qs2u+LejekFYxDbObG1N00QSBfNffx1ZnIIJ1zyVuVu4foB/Jl7a+4kbtAlHkdpPT1aLqMpKAnPlGmd5D1B3eMm8pcIHm3n6MX; Expires=Wed, 29 May 2024 15:28:06 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 7b 22 74 65 73 74 73 49 64 73 22 3a 5b 5d 2c 22 73 74 61 74 75 73 22 3a 22 77 61 69 74 22 7d Data Ascii: {"testsIds":[],"status":"wait"}

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://www.cpcheckme.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Downloads\Unconfirmed 6574.crdownload

C:\Users\user\Downloads\c06b9dbc-dc73-4ca5-8be7-44a4c0c2d82b.tmp

C:\Users\user\Downloads\cpcheckme_yt22zMIg.exe (copy)

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\Google.Widevine.CDM.dll

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1048212\manifest.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\LICENSE

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1233813918\manifest.json

Windows Analysis Report
http://www.cpcheckme.com

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:28:07.670058966 CEST	199	OUT	POST /checkme/rest/endpoint/start HTTP/1.1 Content-Type: application/json Host: www.cpcheckme.com Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 20 Connection: Keep-Alive
May 22, 2024 17:28:07.721538067 CEST	20	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 22 79 74 32 32 7a 4d 49 67 22 7d Data Ascii: {"token":"yt22zMIg"}
May 22, 2024 17:28:08.471421003 CEST	695	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:28:08 GMT Content-Type: application/json Content-Length: 31 Connection: keep-alive Set-Cookie: AWSALB=5EUb7UsavHSmEl+M/upvnz6B968ur+2r3a8ebEwe6MD54C7/hud5QgqZrRUfMQ5SpyAGTNqLMy3tTaQQOLrWp2oqoyaGdf1CH69N2Lk4SkX5UFnW4COyCcORmxpG; Expires=Wed, 29 May 2024 15:28:08 GMT; Path=/ Set-Cookie: AWSALBCORS=5EUb7UsavHSmEl+M/upvnz6B968ur+2r3a8ebEwe6MD54C7/hud5QgqZrRUfMQ5SpyAGTNqLMy3tTaQQOLrWp2oqoyaGdf1CH69N2Lk4SkX5UFnW4COyCcORmxpG; Expires=Wed, 29 May 2024 15:28:08 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 7b 22 74 65 73 74 73 49 64 73 22 3a 5b 5d 2c 22 73 74 61 74 75 73 22 3a 22 77 61 69 74 22 7d Data Ascii: {"testsIds":[],"status":"wait"}

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:28:09.501732111 CEST	199	OUT	POST /checkme/rest/endpoint/start HTTP/1.1 Content-Type: application/json Host: www.cpcheckme.com Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 20 Connection: Keep-Alive
May 22, 2024 17:28:09.512583971 CEST	20	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 22 79 74 32 32 7a 4d 49 67 22 7d Data Ascii: {"token":"yt22zMIg"}
May 22, 2024 17:28:10.325406075 CEST	695	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:28:10 GMT Content-Type: application/json Content-Length: 31 Connection: keep-alive Set-Cookie: AWSALB=xIJ0yhYpR1BxZlD1nHGJQpFPkBPA67eXNLRgHk5WQYhQRUOXfadgP129ROnGKgUrHGPNwVoLGBYu24VDgQOUkYFb6DHDdGeTwrzNu+27pGxI88kw11YpShp9QU/W; Expires=Wed, 29 May 2024 15:28:10 GMT; Path=/ Set-Cookie: AWSALBCORS=xIJ0yhYpR1BxZlD1nHGJQpFPkBPA67eXNLRgHk5WQYhQRUOXfadgP129ROnGKgUrHGPNwVoLGBYu24VDgQOUkYFb6DHDdGeTwrzNu+27pGxI88kw11YpShp9QU/W; Expires=Wed, 29 May 2024 15:28:10 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 7b 22 74 65 73 74 73 49 64 73 22 3a 5b 5d 2c 22 73 74 61 74 75 73 22 3a 22 77 61 69 74 22 7d Data Ascii: {"testsIds":[],"status":"wait"}

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:28:11.357671022 CEST	199	OUT	POST /checkme/rest/endpoint/start HTTP/1.1 Content-Type: application/json Host: www.cpcheckme.com Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 20 Connection: Keep-Alive
May 22, 2024 17:28:11.388912916 CEST	20	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 22 79 74 32 32 7a 4d 49 67 22 7d Data Ascii: {"token":"yt22zMIg"}
May 22, 2024 17:28:12.105803967 CEST	695	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:28:12 GMT Content-Type: application/json Content-Length: 31 Connection: keep-alive Set-Cookie: AWSALB=631uHI6NVIrYqXGM5bMe4m08b8+9PyI2Px6+vxUWYEpef0oZPJdwfXqv5pRXGwxLDraRCURFGwB8rXdt9RNGfns5zUdXta8ApM7nk0iDOHvGHNhp47SYagVRDp7Y; Expires=Wed, 29 May 2024 15:28:11 GMT; Path=/ Set-Cookie: AWSALBCORS=631uHI6NVIrYqXGM5bMe4m08b8+9PyI2Px6+vxUWYEpef0oZPJdwfXqv5pRXGwxLDraRCURFGwB8rXdt9RNGfns5zUdXta8ApM7nk0iDOHvGHNhp47SYagVRDp7Y; Expires=Wed, 29 May 2024 15:28:11 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 7b 22 74 65 73 74 73 49 64 73 22 3a 5b 5d 2c 22 73 74 61 74 75 73 22 3a 22 77 61 69 74 22 7d Data Ascii: {"testsIds":[],"status":"wait"}

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:28:13.146337032 CEST	199	OUT	POST /checkme/rest/endpoint/start HTTP/1.1 Content-Type: application/json Host: www.cpcheckme.com Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 20 Connection: Keep-Alive
May 22, 2024 17:28:13.163053036 CEST	20	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 22 79 74 32 32 7a 4d 49 67 22 7d Data Ascii: {"token":"yt22zMIg"}
May 22, 2024 17:28:13.883857012 CEST	695	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:28:13 GMT Content-Type: application/json Content-Length: 31 Connection: keep-alive Set-Cookie: AWSALB=pkBRmhRISMxCr398NQRBMCn5vGvLSk9KAV1IXsRfNbuyDGCJAjmHP+0qCwiUaxM5DfiF8vW2q1VMaZonUrYYmTebMmsroJFrmSLtXH1ItTULRckzBAHnNt4TTu4X; Expires=Wed, 29 May 2024 15:28:13 GMT; Path=/ Set-Cookie: AWSALBCORS=pkBRmhRISMxCr398NQRBMCn5vGvLSk9KAV1IXsRfNbuyDGCJAjmHP+0qCwiUaxM5DfiF8vW2q1VMaZonUrYYmTebMmsroJFrmSLtXH1ItTULRckzBAHnNt4TTu4X; Expires=Wed, 29 May 2024 15:28:13 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 7b 22 74 65 73 74 73 49 64 73 22 3a 5b 5d 2c 22 73 74 61 74 75 73 22 3a 22 77 61 69 74 22 7d Data Ascii: {"testsIds":[],"status":"wait"}

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:28:14.905951977 CEST	199	OUT	POST /checkme/rest/endpoint/start HTTP/1.1 Content-Type: application/json Host: www.cpcheckme.com Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 20 Connection: Keep-Alive
May 22, 2024 17:28:14.967638969 CEST	20	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 22 79 74 32 32 7a 4d 49 67 22 7d Data Ascii: {"token":"yt22zMIg"}
May 22, 2024 17:28:15.733800888 CEST	695	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:28:15 GMT Content-Type: application/json Content-Length: 31 Connection: keep-alive Set-Cookie: AWSALB=SmnjI7uf29VBnXrZC43lMNJCXO/WLSNoCNM+xt5n3cr3+YYiNJ/RE6KV5i7W+k31bn+iousx/am4dpBU8O3NVcOR50GYiUM/qpJplB605k2Grvum57+aTpHAQqTB; Expires=Wed, 29 May 2024 15:28:15 GMT; Path=/ Set-Cookie: AWSALBCORS=SmnjI7uf29VBnXrZC43lMNJCXO/WLSNoCNM+xt5n3cr3+YYiNJ/RE6KV5i7W+k31bn+iousx/am4dpBU8O3NVcOR50GYiUM/qpJplB605k2Grvum57+aTpHAQqTB; Expires=Wed, 29 May 2024 15:28:15 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 7b 22 74 65 73 74 73 49 64 73 22 3a 5b 5d 2c 22 73 74 61 74 75 73 22 3a 22 77 61 69 74 22 7d Data Ascii: {"testsIds":[],"status":"wait"}

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:28:16.780904055 CEST	199	OUT	POST /checkme/rest/endpoint/start HTTP/1.1 Content-Type: application/json Host: www.cpcheckme.com Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 20 Connection: Keep-Alive
May 22, 2024 17:28:16.815197945 CEST	20	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 22 79 74 32 32 7a 4d 49 67 22 7d Data Ascii: {"token":"yt22zMIg"}
May 22, 2024 17:28:17.614090919 CEST	695	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:28:17 GMT Content-Type: application/json Content-Length: 31 Connection: keep-alive Set-Cookie: AWSALB=4pqIHQm4GFY2ZZ0777Q7CmgpCaAjGuH5TQ1ulcvJikVc5kZC70wQL8oCCIycLch9QMIdWYCW71CfcVvpxjIpA8Wn19KLfNAws06z/q+uqhXxuUCLZDKEWVP0JN0b; Expires=Wed, 29 May 2024 15:28:17 GMT; Path=/ Set-Cookie: AWSALBCORS=4pqIHQm4GFY2ZZ0777Q7CmgpCaAjGuH5TQ1ulcvJikVc5kZC70wQL8oCCIycLch9QMIdWYCW71CfcVvpxjIpA8Wn19KLfNAws06z/q+uqhXxuUCLZDKEWVP0JN0b; Expires=Wed, 29 May 2024 15:28:17 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 7b 22 74 65 73 74 73 49 64 73 22 3a 5b 5d 2c 22 73 74 61 74 75 73 22 3a 22 77 61 69 74 22 7d Data Ascii: {"testsIds":[],"status":"wait"}

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:28:18.641236067 CEST	199	OUT	POST /checkme/rest/endpoint/start HTTP/1.1 Content-Type: application/json Host: www.cpcheckme.com Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 20 Connection: Keep-Alive
May 22, 2024 17:28:18.648397923 CEST	20	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 22 79 74 32 32 7a 4d 49 67 22 7d Data Ascii: {"token":"yt22zMIg"}
May 22, 2024 17:28:19.536070108 CEST	695	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:28:19 GMT Content-Type: application/json Content-Length: 31 Connection: keep-alive Set-Cookie: AWSALB=HybvgbbHHnAPbvVwOeDx3DzHCt7TRPDr2dCyxLMDueiKl04s2GapUC+ajjFe2NIyKRiH0ippqaYb1diJuvsHvLx48WRbgKkhO3l4kH9fcKMr99mgHA6H4Mj4jwYz; Expires=Wed, 29 May 2024 15:28:19 GMT; Path=/ Set-Cookie: AWSALBCORS=HybvgbbHHnAPbvVwOeDx3DzHCt7TRPDr2dCyxLMDueiKl04s2GapUC+ajjFe2NIyKRiH0ippqaYb1diJuvsHvLx48WRbgKkhO3l4kH9fcKMr99mgHA6H4Mj4jwYz; Expires=Wed, 29 May 2024 15:28:19 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 7b 22 74 65 73 74 73 49 64 73 22 3a 5b 5d 2c 22 73 74 61 74 75 73 22 3a 22 77 61 69 74 22 7d Data Ascii: {"testsIds":[],"status":"wait"}

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:28:20.550736904 CEST	199	OUT	POST /checkme/rest/endpoint/start HTTP/1.1 Content-Type: application/json Host: www.cpcheckme.com Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 20 Connection: Keep-Alive
May 22, 2024 17:28:20.561939955 CEST	20	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 22 79 74 32 32 7a 4d 49 67 22 7d Data Ascii: {"token":"yt22zMIg"}
May 22, 2024 17:28:21.277909040 CEST	695	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:28:21 GMT Content-Type: application/json Content-Length: 31 Connection: keep-alive Set-Cookie: AWSALB=xEFIGT00TaWGVH2Xqp/9CPqbZ88VloGjE11yhp0xZxF0eNuYgty8Y9wook/d0dV6O2smcJXhhFqvDpAZVZwELyUX7mtrSpANNz9y80LeNXRU6dwVthCLVE2s3P81; Expires=Wed, 29 May 2024 15:28:21 GMT; Path=/ Set-Cookie: AWSALBCORS=xEFIGT00TaWGVH2Xqp/9CPqbZ88VloGjE11yhp0xZxF0eNuYgty8Y9wook/d0dV6O2smcJXhhFqvDpAZVZwELyUX7mtrSpANNz9y80LeNXRU6dwVthCLVE2s3P81; Expires=Wed, 29 May 2024 15:28:21 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 7b 22 74 65 73 74 73 49 64 73 22 3a 5b 5d 2c 22 73 74 61 74 75 73 22 3a 22 77 61 69 74 22 7d Data Ascii: {"testsIds":[],"status":"wait"}

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:28:22.297020912 CEST	199	OUT	POST /checkme/rest/endpoint/start HTTP/1.1 Content-Type: application/json Host: www.cpcheckme.com Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 20 Connection: Keep-Alive
May 22, 2024 17:28:22.352221966 CEST	20	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 22 79 74 32 32 7a 4d 49 67 22 7d Data Ascii: {"token":"yt22zMIg"}
May 22, 2024 17:28:23.127484083 CEST	695	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:28:23 GMT Content-Type: application/json Content-Length: 31 Connection: keep-alive Set-Cookie: AWSALB=4DobksixPyl+qTUHvMB0nk/f9JAUXoyF/pY2P1xe4H0eVga3LJF/PugC+WPvPfV82WyzLQ8cFtCjJLKBV3XCRa3SSnOGPUCl4+qzXyypKynnMOwGyNFnc7AXbBbN; Expires=Wed, 29 May 2024 15:28:22 GMT; Path=/ Set-Cookie: AWSALBCORS=4DobksixPyl+qTUHvMB0nk/f9JAUXoyF/pY2P1xe4H0eVga3LJF/PugC+WPvPfV82WyzLQ8cFtCjJLKBV3XCRa3SSnOGPUCl4+qzXyypKynnMOwGyNFnc7AXbBbN; Expires=Wed, 29 May 2024 15:28:22 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 7b 22 74 65 73 74 73 49 64 73 22 3a 5b 5d 2c 22 73 74 61 74 75 73 22 3a 22 77 61 69 74 22 7d Data Ascii: {"testsIds":[],"status":"wait"}

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 17:28:24.144854069 CEST	199	OUT	POST /checkme/rest/endpoint/start HTTP/1.1 Content-Type: application/json Host: www.cpcheckme.com Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 20 Connection: Keep-Alive
May 22, 2024 17:28:24.154625893 CEST	20	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 22 79 74 32 32 7a 4d 49 67 22 7d Data Ascii: {"token":"yt22zMIg"}
May 22, 2024 17:28:24.861237049 CEST	695	IN	HTTP/1.1 200 OK Date: Wed, 22 May 2024 15:28:24 GMT Content-Type: application/json Content-Length: 31 Connection: keep-alive Set-Cookie: AWSALB=T6QxLgn7rjZCVOMNBq4S5SJY9gc9+UIBPiLKGYPW4BSHFfebjxZT3sE26LoiutALi/qV4Ok+zLzkLOqqEOr1SLm217PaaiyhBYBJLgvZMCvlh3TjidOV7DezIodg; Expires=Wed, 29 May 2024 15:28:24 GMT; Path=/ Set-Cookie: AWSALBCORS=T6QxLgn7rjZCVOMNBq4S5SJY9gc9+UIBPiLKGYPW4BSHFfebjxZT3sE26LoiutALi/qV4Ok+zLzkLOqqEOr1SLm217PaaiyhBYBJLgvZMCvlh3TjidOV7DezIodg; Expires=Wed, 29 May 2024 15:28:24 GMT; Path=/; SameSite=None Server: Apache pragma: no-cache cache-control: private cache-control: no-cache, no-transform Access-Control-Allow-Origin: * Data Raw: 7b 22 74 65 73 74 73 49 64 73 22 3a 5b 5d 2c 22 73 74 61 74 75 73 22 3a 22 77 61 69 74 22 7d Data Ascii: {"testsIds":[],"status":"wait"}