Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report scan_doc.exe

Overview

General Information

Sample Name:scan_doc.exe
Analysis ID:385475
MD5:a01c6a3db8e862ab85386b6700e941bb
SHA1:40a1b88e94c9268e7120e48cc0b64f6b20779a24
SHA256:29859bac1ca73683bf6c9ff17a91d249d0fa9ecb18b6b03ef03cf17545fad2be
Tags:exe
Infos:

Most interesting Screenshot:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Creates a DirectInput object (often for capturing keystrokes)
Enables debug privileges
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses insecure TLS / SSL version for HTTPS connection

Classification

Startup

  • System is w10x64
  • scan_doc.exe (PID: 496 cmdline: 'C:\Users\user\Desktop\scan_doc.exe' MD5: A01C6A3DB8E862AB85386B6700E941BB)
    • WerFault.exe (PID: 5972 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 1800 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: scan_doc.exeVirustotal: Detection: 26%Perma Link
Source: scan_doc.exeReversingLabs: Detection: 29%
Machine Learning detection for sampleShow sources
Source: scan_doc.exeJoe Sandbox ML: detected
Source: unknownHTTPS traffic detected: 104.21.17.57:443 -> 192.168.2.4:49729 version: TLS 1.0
Source: scan_doc.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: rsaenh.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: cfgmgr32.pdb( source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: System.ni.pdb% source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: onfiguration.ni.pdb source: WerFault.exe, 00000004.00000003.662663559.0000000005521000.00000004.00000040.sdmp
Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb][P source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source: Binary string: mskeyprotect.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: wntdll.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: profapi.pdb4 source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: C:\Users\user\Desktop\scan_doc.PDB source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source: Binary string: winnsi.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: .ni.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source: Binary string: clr.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source: Binary string: cryptsp.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb source: scan_doc.exe, 00000000.00000002.745415089.0000000000775000.00000004.00000020.sdmp
Source: Binary string: advapi32.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: System.Configuration.ni.pdb% source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: scan_doc.PDBDjP0 source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source: Binary string: System.Configuration.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source: Binary string: schannel.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: urlmon.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: fltLib.pdbN source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000004.00000003.654755390.0000000001019000.00000004.00000001.sdmp
Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000004.00000003.662810002.0000000005527000.00000004.00000040.sdmp
Source: Binary string: mscorlib.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: System.Xml.pdb~ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: System.Xml.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source: Binary string: i.pdb source: WerFault.exe, 00000004.00000003.662722639.0000000005566000.00000004.00000001.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdber source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source: Binary string: urlmon.pdbc: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: mscoree.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: cryptsp.pdb. source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: ws2_32.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: jC:\Users\user\Desktop\scan_doc.PDB source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source: Binary string: dnsapi.pdb;=a source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: shell32.pdbl source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: shlwapi.pdbk source: WerFault.exe, 00000004.00000003.662810002.0000000005527000.00000004.00000040.sdmp
Source: Binary string: ole32.pdbZ source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: nsi.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: powrprof.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: mscorlib.ni.pdbRSDS source: WER4D3F.tmp.dmp.4.dr
Source: Binary string: System.Configuration.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: ole32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: ws2_32.pdb]: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: iertutil.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdberwW source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source: Binary string: rasapi32.pdbH source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: mscorlib.ni.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source: Binary string: msasn1.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: mscorlib.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: wimm32.pdbf source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: mscorlib.ni.pdb~ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: combase.pdb source: WerFault.exe, 00000004.00000003.662810002.0000000005527000.00000004.00000040.sdmp
Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: iVisualBasic.pdb source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source: Binary string: msasn1.pdb5={ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: System.Configuration.ni.pdbRSDSO* source: WER4D3F.tmp.dmp.4.dr
Source: Binary string: psapi.pdbx source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: ncrypt.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: secur32.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: apphelp.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: System.Xml.ni.pdbRSDS source: WER4D3F.tmp.dmp.4.dr
Source: Binary string: rasadhlp.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: ml.ni.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source: Binary string: wwin32u.pdbT source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: System.Core.ni.pdbRSDSD source: WER4D3F.tmp.dmp.4.dr
Source: Binary string: dhcpcsvc.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: diasymreader.pdb_ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: t.VisualBasic.pdb{{ source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source: Binary string: ml.ni.pdb" source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source: Binary string: mscorlib.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source: Binary string: mscoreei.pdbk source: WerFault.exe, 00000004.00000003.662626068.0000000005522000.00000004.00000040.sdmp
Source: Binary string: ncrypt.pdbK: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: rsaenh.pdbr source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: t.VisualBasic.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source: Binary string: msvcp_win.pdb~ source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: shcore.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: System.Core.ni.pdb% source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: scan_doc.exe, 00000000.00000002.745415089.0000000000775000.00000004.00000020.sdmp
Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source: Binary string: fltLib.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source: Binary string: System.Core.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: shell32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: .pdb# source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source: Binary string: nsi.pdb{ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: dnsapi.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: rasapi32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: System.Xml.ni.pdbX source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: wimm32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: iLC:\Windows\Microsoft.VisualBasic.pdb source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: System.Xml.ni.pdbT source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source: Binary string: diasymreader.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: winhttp.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: ntasn1.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: mscorlib.ni.pdb% source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: System.ni.pdbT3 source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source: Binary string: System.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source: Binary string: powrprof.pdb" source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: rtutils.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: profapi.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: dhcpcsvc6.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdbL/3 source: scan_doc.exe, 00000000.00000002.745415089.0000000000775000.00000004.00000020.sdmp
Source: Binary string: oleaut32.pdb` source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: System.Xml.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source: Binary string: WLDP.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: fwpuclnt.pdbo: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: \??\C:\Users\user\Desktop\scan_doc.PDB source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source: Binary string: sechost.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: rtutils.pdbW: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: System.ni.pdbRSDS source: WER4D3F.tmp.dmp.4.dr
Source: Binary string: clrjit.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: System.Core.pdbX source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: rasman.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: propsys.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: System.Configuration.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: ncryptsslp.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: wmswsock.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: version.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: onfiguration.pdb source: WerFault.exe, 00000004.00000003.662663559.0000000005521000.00000004.00000040.sdmp
Source: Binary string: wintrust.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: System.Xml.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: System.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: ore.ni.pdb source: WerFault.exe, 00000004.00000003.662663559.0000000005521000.00000004.00000040.sdmp
Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source: Binary string: psapi.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: fwpuclnt.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: System.Core.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 00000004.00000003.654755390.0000000001019000.00000004.00000001.sdmp
Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000004.00000003.662626068.0000000005522000.00000004.00000040.sdmp
Source: Binary string: mscoreei.pdb source: WerFault.exe, 00000004.00000003.662626068.0000000005522000.00000004.00000040.sdmp
Source: Binary string: System.Core.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: combase.pdbk source: WerFault.exe, 00000004.00000003.662810002.0000000005527000.00000004.00000040.sdmp
Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: dhcpcsvc6.pdbi: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: rasadhlp.pdbE: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: bcryptprimitives.pdbk source: WerFault.exe, 00000004.00000003.662626068.0000000005522000.00000004.00000040.sdmp
Source: Binary string: wuser32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: System.Xml.pdbD source: WER4D3F.tmp.dmp.4.dr
Source: Binary string: System.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: crypt32.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: global trafficHTTP traffic detected: GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-358B343CE000A6025E950DB85DC9DF85.html HTTP/1.1UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41Host: bornforthis.mlConnection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 104.21.17.57 104.21.17.57
Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: unknownHTTPS traffic detected: 104.21.17.57:443 -> 192.168.2.4:49729 version: TLS 1.0
Source: global trafficHTTP traffic detected: GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-358B343CE000A6025E950DB85DC9DF85.html HTTP/1.1UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41Host: bornforthis.mlConnection: Keep-Alive
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: <footer><ul id="section-links"><li><a href="https://www.liverpool.com/liverpool-fc-news/" data-link-tracking="Footer|Liverpool FC News">Liverpool FC News</a></li><li><a href="https://www.liverpool.com/schedule/" data-link-tracking="Footer|Schedule">Schedule</a></li><li><a href="https://www.liverpool.com/liverpool-fc-news/features/" data-link-tracking="Footer|Features">Features</a></li><li><a href="https://www.liverpool.com/all-about/premier-league" data-link-tracking="Footer|Premier League">Premier League</a></li></ul><div class="social-links"><h4>Follow us<ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook|follow|bottom"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter|follow|bottom"></a></li></ul></h4></div><div class="kitemarks"><div class="ipso"></div></div><ul id="utility-links"><li><div itemprop="publisher"b equals www.facebook.com (Facebook)
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: <footer><ul id="section-links"><li><a href="https://www.liverpool.com/liverpool-fc-news/" data-link-tracking="Footer|Liverpool FC News">Liverpool FC News</a></li><li><a href="https://www.liverpool.com/schedule/" data-link-tracking="Footer|Schedule">Schedule</a></li><li><a href="https://www.liverpool.com/liverpool-fc-news/features/" data-link-tracking="Footer|Features">Features</a></li><li><a href="https://www.liverpool.com/all-about/premier-league" data-link-tracking="Footer|Premier League">Premier League</a></li></ul><div class="social-links"><h4>Follow us<ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook|follow|bottom"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter|follow|bottom"></a></li></ul></h4></div><div class="kitemarks"><div class="ipso"></div></div><ul id="utility-links"><li><div itemprop="publisher"b equals www.twitter.com (Twitter)
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: <footer><ul id="section-links"><li><a href="https://www.liverpool.com/liverpool-fc-news/" data-link-tracking="Footer|Liverpool FC News">Liverpool FC News</a></li><li><a href="https://www.liverpool.com/schedule/" data-link-tracking="Footer|Schedule">Schedule</a></li><li><a href="https://www.liverpool.com/liverpool-fc-news/features/" data-link-tracking="Footer|Features">Features</a></li><li><a href="https://www.liverpool.com/all-about/premier-league" data-link-tracking="Footer|Premier League">Premier League</a></li></ul><div class="social-links"><h4>Follow us<ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook|follow|bottom"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter|follow|bottom"></a></li></ul></h4></div><div class="kitemarks"><div class="ipso"></div></div><ul id="utility-links"><li><div itemprop="publisher" itemscope="itemscope" itemtype="https://schema.org/NewsMediaOrganization"><meta itemprop="publishingPrinciples" content="https://www.liverpool.com/about-us/"><meta itemprop="name" content="Liverpool.com"><meta itemprop="url" content="https://www.liverpool.com/"><div itemprop="logo" itemscope="itemscope" itemtype="https://schema.org/ImageObject"><meta itemprop="url" content="https://s2-prod.liverpool.com/@trinitymirrordigital/chameleon-branding/publications/liverpool/img/logo-liverpool.png"></div></div><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&amp;Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/rules/">Competition Rules</a></li><li><a href="https://www.liverpool.com/how-to-complain/">How to Complain</a></li><li><a href="https://www.liverpool.com/corrections-clarifications/">Corrections &amp; Clarifications</a></li><li><a href="https://www.liverpool.com/privacy-notice/">Privacy Notice</a></li><li><a href="https://www.liverpool.com"> equals www.facebook.com (Facebook)
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: <footer><ul id="section-links"><li><a href="https://www.liverpool.com/liverpool-fc-news/" data-link-tracking="Footer|Liverpool FC News">Liverpool FC News</a></li><li><a href="https://www.liverpool.com/schedule/" data-link-tracking="Footer|Schedule">Schedule</a></li><li><a href="https://www.liverpool.com/liverpool-fc-news/features/" data-link-tracking="Footer|Features">Features</a></li><li><a href="https://www.liverpool.com/all-about/premier-league" data-link-tracking="Footer|Premier League">Premier League</a></li></ul><div class="social-links"><h4>Follow us<ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook|follow|bottom"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter|follow|bottom"></a></li></ul></h4></div><div class="kitemarks"><div class="ipso"></div></div><ul id="utility-links"><li><div itemprop="publisher" itemscope="itemscope" itemtype="https://schema.org/NewsMediaOrganization"><meta itemprop="publishingPrinciples" content="https://www.liverpool.com/about-us/"><meta itemprop="name" content="Liverpool.com"><meta itemprop="url" content="https://www.liverpool.com/"><div itemprop="logo" itemscope="itemscope" itemtype="https://schema.org/ImageObject"><meta itemprop="url" content="https://s2-prod.liverpool.com/@trinitymirrordigital/chameleon-branding/publications/liverpool/img/logo-liverpool.png"></div></div><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&amp;Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/rules/">Competition Rules</a></li><li><a href="https://www.liverpool.com/how-to-complain/">How to Complain</a></li><li><a href="https://www.liverpool.com/corrections-clarifications/">Corrections &amp; Clarifications</a></li><li><a href="https://www.liverpool.com/privacy-notice/">Privacy Notice</a></li><li><a href="https://www.liverpool.com"> equals www.twitter.com (Twitter)
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: <header class="mod-header" data-mod="header" data-immediate><div class="primary publication-theme-highlight"><a data-link-tracking="Header|MainLogo|Image|liverpool" id="logo" href="/">liverpool</a><a class="icon" id="hamburger" href="#">Load mobile navigation<span></span></a><nav class="primary"><section><ul data-level="1"><li class="has-children"><a data-link-tracking="Header|SectionLabel|Text|Liverpool FC News" href="https://www.liverpool.com/liverpool-fc-news/">Liverpool FC News</a><ul data-level="2"><li><a data-link-tracking="Header|DropDown|Text|Latest News" href="https://www.liverpool.com/liverpool-fc-news/">Latest News</a></li><li><a data-link-tracking="Header|DropDown|Text|Transfer News" href="https://www.liverpool.com/liverpool-fc-news/transfer-news/">Transfer News</a></li></ul><a class="icon toggle" href="#">Expand</a></li><li class="has-children"><a data-link-tracking="Header|SectionLabel|Text|Schedule" href="https://www.liverpool.com/schedule/">Schedule</a><ul data-level="2"><li><a data-link-tracking="Header|DropDown|Text|Premier League" href="https://www.liverpool.com/all-about/premier-league">Premier League</a></li></ul><a class="icon toggle" href="#">Expand</a></li><li><a data-link-tracking="Header|SectionLabel|Text|Features" href="https://www.liverpool.com/liverpool-fc-news/features/">Features</a></li></ul></section></nav><profile-icon lr-custom-id="signin" lr-custom-class="header-profile-icon" lr-gtm-label="header" lr-show-account-link></profile-icon><div class="search"><button class="icon icon-search" id="search-icon" type="button" aria-label="Search"></button></div><div class="search-box hidden"><gcse:searchbox-only resultsUrl="https://www.liverpool.com/search/"></gcse:searchbox-only></div><div class="social-sites"><ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook|follow|top"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter|follow|top"></a></li></ul></div></div><nav class="secondary" data-smooth-scroll><section><ul class="click-track" data-level="1"><li><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/advertising/">Advertise with us</a></li></ul></section></nav><nav class="footer"><section><ul data-level="1"><li><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&amp;Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/r
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: <header class="mod-header" data-mod="header" data-immediate><div class="primary publication-theme-highlight"><a data-link-tracking="Header|MainLogo|Image|liverpool" id="logo" href="/">liverpool</a><a class="icon" id="hamburger" href="#">Load mobile navigation<span></span></a><nav class="primary"><section><ul data-level="1"><li class="has-children"><a data-link-tracking="Header|SectionLabel|Text|Liverpool FC News" href="https://www.liverpool.com/liverpool-fc-news/">Liverpool FC News</a><ul data-level="2"><li><a data-link-tracking="Header|DropDown|Text|Latest News" href="https://www.liverpool.com/liverpool-fc-news/">Latest News</a></li><li><a data-link-tracking="Header|DropDown|Text|Transfer News" href="https://www.liverpool.com/liverpool-fc-news/transfer-news/">Transfer News</a></li></ul><a class="icon toggle" href="#">Expand</a></li><li class="has-children"><a data-link-tracking="Header|SectionLabel|Text|Schedule" href="https://www.liverpool.com/schedule/">Schedule</a><ul data-level="2"><li><a data-link-tracking="Header|DropDown|Text|Premier League" href="https://www.liverpool.com/all-about/premier-league">Premier League</a></li></ul><a class="icon toggle" href="#">Expand</a></li><li><a data-link-tracking="Header|SectionLabel|Text|Features" href="https://www.liverpool.com/liverpool-fc-news/features/">Features</a></li></ul></section></nav><profile-icon lr-custom-id="signin" lr-custom-class="header-profile-icon" lr-gtm-label="header" lr-show-account-link></profile-icon><div class="search"><button class="icon icon-search" id="search-icon" type="button" aria-label="Search"></button></div><div class="search-box hidden"><gcse:searchbox-only resultsUrl="https://www.liverpool.com/search/"></gcse:searchbox-only></div><div class="social-sites"><ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook|follow|top"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter|follow|top"></a></li></ul></div></div><nav class="secondary" data-smooth-scroll><section><ul class="click-track" data-level="1"><li><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/advertising/">Advertise with us</a></li></ul></section></nav><nav class="footer"><section><ul data-level="1"><li><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&amp;Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/r
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: <meta property="og:site_name" content="Liverpool.com"><meta property="og:language" content="en"><meta property="og:type" content="article"><meta property="og:title" content="The Brewster Experience has underdelivered so far, but that will change"><meta property="og:url" content="https://www.liverpool.com/liverpool-fc-news/features/rhian-brewster-liverpool-arsenal-team-17172763"><meta property="og:description" content="Rhian Brewster was hyped up before the start of the season, but was that fair?"><meta property="og:image" content="https://i2-prod.liverpoolecho.co.uk/incoming/article17172788.ece/ALTERNATES/s1200/1_GettyImages-1178657262.jpg"><meta property="og:section" content="Features"><meta property="article:tag" content="Rhian Brewster"><meta property="article:author" content="https://www.facebook.com/kristianwalsh1987/"><meta property="article:published_time" content="2019-10-30T16:00:00Z"><meta property="article:modified_time" content="2019-10-30T15:36:53Z"><meta property="article:expiration_time" content="2019-11-29T15:36:53Z"><meta property="article:section" content="Features"><meta property="article:id" content="liverpool-17172763"> equals www.facebook.com (Facebook)
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: n, Gomez/Lovren, James Milner, Oxlade-Chamberlain, Naby Keita and Divock Origi. An impressive outing against Arsenal could nudge him ahead of Adam Lallana, or even Harvey Elliott, in the fight for that seventh spot.</p> <p>The world is still expected to be at Brewster&apos;s feet at Liverpool. It is just a matter of waiting for him to be passed it.</p><!-- Article End--></div><div id="social-follow" data-mod="socialFollow"><div id="social-methods"><div class="facebook-share"><span class="icon facebook large"></span><div class="fb-like" data-href="https://www.facebook.com/liverpooldotcom" data-layout="button_count" data-action="like" data-size="large" data-width="300" data-show-faces="false" data-share="false"></div><span class="page-name">liverpooldotcom</span></div><div class="twitter-share" data-follow-url="https://twitter.com/intent/follow?screen_name=liverpoolcom_"><span class="icon twitter large"></span><a>Follow @<span>liverpoolcom_</span></a></div></div></div><div class="tag-list"><span class="publication-theme-border publication-theme-icon">More On</span><ul><li><a class="publication-theme-button-highlight" href="https://www.liverpool.com/all-about/rhian-brewster" data-link-tracking="EndArticle|Tag">Rhian Brewster</a></li></ul></div></div><aside class="related-column secondary"></aside></div></article> equals www.facebook.com (Facebook)
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: n, Gomez/Lovren, James Milner, Oxlade-Chamberlain, Naby Keita and Divock Origi. An impressive outing against Arsenal could nudge him ahead of Adam Lallana, or even Harvey Elliott, in the fight for that seventh spot.</p> <p>The world is still expected to be at Brewster&apos;s feet at Liverpool. It is just a matter of waiting for him to be passed it.</p><!-- Article End--></div><div id="social-follow" data-mod="socialFollow"><div id="social-methods"><div class="facebook-share"><span class="icon facebook large"></span><div class="fb-like" data-href="https://www.facebook.com/liverpooldotcom" data-layout="button_count" data-action="like" data-size="large" data-width="300" data-show-faces="false" data-share="false"></div><span class="page-name">liverpooldotcom</span></div><div class="twitter-share" data-follow-url="https://twitter.com/intent/follow?screen_name=liverpoolcom_"><span class="icon twitter large"></span><a>Follow @<span>liverpoolcom_</span></a></div></div></div><div class="tag-list"><span class="publication-theme-border publication-theme-icon">More On</span><ul><li><a class="publication-theme-button-highlight" href="https://www.liverpool.com/all-about/rhian-brewster" data-link-tracking="EndArticle|Tag">Rhian Brewster</a></li></ul></div></div><aside class="related-column secondary"></aside></div></article> equals www.twitter.com (Twitter)
Source: unknownDNS traffic detected: queries for: bornforthis.ml
Source: scan_doc.exe, 00000000.00000002.745620202.00000000023B1000.00000004.00000001.sdmpString found in binary or memory: http://bornforthis.ml
Source: scan_doc.exeString found in binary or memory: http://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-358B
Source: scan_doc.exeString found in binary or memory: http://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E7E9
Source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmpString found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
Source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmpString found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07
Source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
Source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmpString found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0
Source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.digicert.com0:
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/BreadcrumbList
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/ListItem
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/NewsArticle
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.o
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone
Source: scan_doc.exe, 00000000.00000002.745620202.00000000023B1000.00000004.00000001.sdmp, WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.o
Source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmpString found in binary or memory: http://www.digicert.com/CPS0v
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://ads.pubmatic.com/AdServer/js/pwt/156997/3236/pwt.js
Source: scan_doc.exe, 00000000.00000002.745649271.00000000023E5000.00000004.00000001.sdmpString found in binary or memory: https://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-358
Source: scan_doc.exe, 00000000.00000002.745649271.00000000023E5000.00000004.00000001.sdmpString found in binary or memory: https://bornforthis.ml41k
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://c.amazon-adsystem.com/aax2/apstag.js
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://felix.data.tm-awx.com
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://felix.data.tm-awx.com/ampconfig.json&quot;
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://felix.data.tm-awx.com/felix.min.js
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://github.com/ded/script.js
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article17156435.ece/ALTERNATES/s615/1_GettyImages-1183794835.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article17166876.ece/ALTERNATES/s615/0_GettyImages-1175998874.
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-02-
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-02
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s270b/0_WhatsApp-Image-2021-02
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s220b/0_Salah-Pressing.jpg
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s270b/0_Salah-Pressing.jpg
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s615/0_Salah-Pressing.jpg
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s180/0_Curtis-10.png
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.png
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s180/0_Salah-Goal-vs-Leeds.jpg
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s220b/0_Salah-Goal-vs-Leeds.jp
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s615/0_Salah-Goal-vs-Leeds.jpg
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s220b/0_RobertsonCross1.jpg
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s270b/0_RobertsonCross1.jpg
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s180/0_GettyImages-1231353837.
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s220b/0_GettyImages-1231353837
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s270b/0_GettyImages-1231353837
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s180/0_GettyImages-1304940818.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s615/0_GettyImages-1304940818.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s180/1_FreeAgentPlayers.jpg
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s615/1_FreeAgentPlayers.jpg
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s458/0_WhatsApp-Image-2021-03-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s458/0_WhatsApp-Image-2021-03-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s180/0_GettyImages-1273716690.
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-1273716690
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s270b/0_GettyImages-1273716690
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s458/0_GettyImages-1273716690.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s615/0_GettyImages-1273716690.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s458/0_GettyImages-1302496803.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s615/0_GettyImages-1302496803.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s458/1_WhatsApp-Image-2021-03-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s615/1_WhatsApp-Image-2021-03-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-11837
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpoolecho.co.uk/incoming/article17172788.ece/ALTERNATES/s1200/1_GettyImages-1178
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://mab.data.tm-awx.com/rhs&quot;
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://quantcast.mgr.consensu.org
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://reach-id.orbit.tm-awx.com/analytics.js.gz
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://reachplc.hub.loginradius.com&quot;
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000002.745649271.00000000023E5000.00000004.00000001.sdmpString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://s2-prod.liverpool.com
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://s2-prod.liverpool.com/
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://s2-prod.mirror.co.uk/
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://schema.org/ImageObject
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://schema.org/NewsMediaOrganization
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://static.hotjar.com/c/hotjar-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://trinitymirror.grapeshot.co.uk/
Source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.google-analytics.com
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.googletagmanager.com
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-M3TH25P
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/about-us/
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/andrew-robertson
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/champions-league
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/curtis-user
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/georginio-wijnaldum
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/mohamed-salah
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/ozan-kabak
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/premier-league
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/sadio-mane
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/steven-gerrard
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/transfers
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/contact-us/
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/cookie-policy/
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/corrections-clarifications/
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/how-to-complain/
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-1996166
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-andy-robertson-valuable-quality-19946
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-171668
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-barcelona-real-madrid-psg-17164868
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-champions-league-jurgen-klopp-1996194
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-curtis-user-jurgen-klopp-19941053
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-gini-wijnaldum-rumours-fitness-199533
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-jurgen-klopp-pressing-tactics-1993836
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-ozan-kabak-future-audition-19954616
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-penalties-premier-league-var-17171391
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-19957850
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-sadio-mane-expected-goals-19932676
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/mohamed-salah-liverpool-goal-flaw-19945816
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/rhian-brewster-liverpool-arsenal-team-17172763
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/rhian-brewster-liverpool-arsenal-team-17172763&
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish-199590
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/transfer-news/
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-1876
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/privacy-notice/
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/rss-feeds/
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/rules/
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/schedule/
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-17166154
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/search/
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/terms-conditions/
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: scan_doc.exe, 00000000.00000002.745225967.00000000006AA000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

barindex
Initial sample is a PE file and has a suspicious nameShow sources
Source: initial sampleStatic PE information: Filename: scan_doc.exe
Source: C:\Users\user\Desktop\scan_doc.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 1800
Source: scan_doc.exe, 00000000.00000002.745594560.0000000002390000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dllj% vs scan_doc.exe
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpBinary or memory string: OriginalFilename vs scan_doc.exe
Source: scan_doc.exe, 00000000.00000002.745225967.00000000006AA000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs scan_doc.exe
Source: scan_doc.exe, 00000000.00000002.757528075.0000000006500000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs scan_doc.exe
Source: scan_doc.exe, 00000000.00000002.748893223.0000000004810000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs scan_doc.exe
Source: scan_doc.exe, 00000000.00000000.639703786.0000000000016000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamebadenberg.exe4 vs scan_doc.exe
Source: scan_doc.exe, 00000000.00000002.749073972.0000000004980000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dll.muij% vs scan_doc.exe
Source: scan_doc.exeBinary or memory string: OriginalFilenamebadenberg.exe4 vs scan_doc.exe
Source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmpBinary or memory string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb][P
Source: classification engineClassification label: mal56.winEXE@2/5@2/2
Source: C:\Users\user\Desktop\scan_doc.exeFile created: C:\Users\user\WqRbEwRhIiboqTZtUQoyfjJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess496
Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER4D3F.tmpJump to behavior
Source: scan_doc.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\scan_doc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\Desktop\scan_doc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\Desktop\scan_doc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\scan_doc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: scan_doc.exeVirustotal: Detection: 26%
Source: scan_doc.exeReversingLabs: Detection: 29%
Source: C:\Users\user\Desktop\scan_doc.exeFile read: C:\Users\user\Desktop\scan_doc.exe:Zone.IdentifierJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\scan_doc.exe 'C:\Users\user\Desktop\scan_doc.exe'
Source: C:\Users\user\Desktop\scan_doc.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 1800
Source: C:\Users\user\Desktop\scan_doc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32
Source: C:\Users\user\Desktop\scan_doc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
Source: scan_doc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: scan_doc.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: rsaenh.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: cfgmgr32.pdb( source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: System.ni.pdb% source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: onfiguration.ni.pdb source: WerFault.exe, 00000004.00000003.662663559.0000000005521000.00000004.00000040.sdmp
Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb][P source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source: Binary string: mskeyprotect.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: wntdll.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: profapi.pdb4 source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: C:\Users\user\Desktop\scan_doc.PDB source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source: Binary string: winnsi.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: .ni.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source: Binary string: clr.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source: Binary string: cryptsp.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb source: scan_doc.exe, 00000000.00000002.745415089.0000000000775000.00000004.00000020.sdmp
Source: Binary string: advapi32.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: System.Configuration.ni.pdb% source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: scan_doc.PDBDjP0 source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source: Binary string: System.Configuration.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source: Binary string: schannel.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: urlmon.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: fltLib.pdbN source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000004.00000003.654755390.0000000001019000.00000004.00000001.sdmp
Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000004.00000003.662810002.0000000005527000.00000004.00000040.sdmp
Source: Binary string: mscorlib.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: System.Xml.pdb~ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: System.Xml.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source: Binary string: i.pdb source: WerFault.exe, 00000004.00000003.662722639.0000000005566000.00000004.00000001.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdber source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source: Binary string: urlmon.pdbc: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: mscoree.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: cryptsp.pdb. source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: ws2_32.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: jC:\Users\user\Desktop\scan_doc.PDB source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source: Binary string: dnsapi.pdb;=a source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: shell32.pdbl source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: shlwapi.pdbk source: WerFault.exe, 00000004.00000003.662810002.0000000005527000.00000004.00000040.sdmp
Source: Binary string: ole32.pdbZ source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: nsi.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: powrprof.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: mscorlib.ni.pdbRSDS source: WER4D3F.tmp.dmp.4.dr
Source: Binary string: System.Configuration.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: ole32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: ws2_32.pdb]: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: iertutil.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdberwW source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source: Binary string: rasapi32.pdbH source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: mscorlib.ni.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source: Binary string: msasn1.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: mscorlib.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: wimm32.pdbf source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: mscorlib.ni.pdb~ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: combase.pdb source: WerFault.exe, 00000004.00000003.662810002.0000000005527000.00000004.00000040.sdmp
Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: iVisualBasic.pdb source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source: Binary string: msasn1.pdb5={ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: System.Configuration.ni.pdbRSDSO* source: WER4D3F.tmp.dmp.4.dr
Source: Binary string: psapi.pdbx source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: ncrypt.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: secur32.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: apphelp.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: System.Xml.ni.pdbRSDS source: WER4D3F.tmp.dmp.4.dr
Source: Binary string: rasadhlp.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: ml.ni.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source: Binary string: wwin32u.pdbT source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: System.Core.ni.pdbRSDSD source: WER4D3F.tmp.dmp.4.dr
Source: Binary string: dhcpcsvc.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: diasymreader.pdb_ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: t.VisualBasic.pdb{{ source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source: Binary string: ml.ni.pdb" source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source: Binary string: mscorlib.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source: Binary string: mscoreei.pdbk source: WerFault.exe, 00000004.00000003.662626068.0000000005522000.00000004.00000040.sdmp
Source: Binary string: ncrypt.pdbK: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: rsaenh.pdbr source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: t.VisualBasic.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source: Binary string: msvcp_win.pdb~ source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: shcore.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: System.Core.ni.pdb% source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: scan_doc.exe, 00000000.00000002.745415089.0000000000775000.00000004.00000020.sdmp
Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source: Binary string: fltLib.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source: Binary string: System.Core.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: shell32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: .pdb# source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source: Binary string: nsi.pdb{ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: dnsapi.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: rasapi32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: System.Xml.ni.pdbX source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: wimm32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: iLC:\Windows\Microsoft.VisualBasic.pdb source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: System.Xml.ni.pdbT source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source: Binary string: diasymreader.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: winhttp.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: ntasn1.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: mscorlib.ni.pdb% source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: System.ni.pdbT3 source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source: Binary string: System.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source: Binary string: powrprof.pdb" source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: rtutils.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: profapi.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: dhcpcsvc6.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdbL/3 source: scan_doc.exe, 00000000.00000002.745415089.0000000000775000.00000004.00000020.sdmp
Source: Binary string: oleaut32.pdb` source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: System.Xml.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source: Binary string: WLDP.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: fwpuclnt.pdbo: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: \??\C:\Users\user\Desktop\scan_doc.PDB source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source: Binary string: sechost.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: rtutils.pdbW: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: System.ni.pdbRSDS source: WER4D3F.tmp.dmp.4.dr
Source: Binary string: clrjit.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: System.Core.pdbX source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: rasman.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: propsys.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: System.Configuration.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: ncryptsslp.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: wmswsock.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: version.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: onfiguration.pdb source: WerFault.exe, 00000004.00000003.662663559.0000000005521000.00000004.00000040.sdmp
Source: Binary string: wintrust.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: System.Xml.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: System.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: ore.ni.pdb source: WerFault.exe, 00000004.00000003.662663559.0000000005521000.00000004.00000040.sdmp
Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source: Binary string: psapi.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: fwpuclnt.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source: Binary string: System.Core.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 00000004.00000003.654755390.0000000001019000.00000004.00000001.sdmp
Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000004.00000003.662626068.0000000005522000.00000004.00000040.sdmp
Source: Binary string: mscoreei.pdb source: WerFault.exe, 00000004.00000003.662626068.0000000005522000.00000004.00000040.sdmp
Source: Binary string: System.Core.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: combase.pdbk source: WerFault.exe, 00000004.00000003.662810002.0000000005527000.00000004.00000040.sdmp
Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: dhcpcsvc6.pdbi: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: rasadhlp.pdbE: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: Binary string: bcryptprimitives.pdbk source: WerFault.exe, 00000004.00000003.662626068.0000000005522000.00000004.00000040.sdmp
Source: Binary string: wuser32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source: Binary string: System.Xml.pdbD source: WER4D3F.tmp.dmp.4.dr
Source: Binary string: System.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source: Binary string: crypt32.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source: scan_doc.exeStatic PE information: 0xDCE3B2C8 [Sun Jun 8 11:26:00 2087 UTC]
Source: C:\Windows\SysWOW64\WerFault.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\scan_doc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: scan_doc.exe, 00000000.00000002.748893223.0000000004810000.00000002.00000001.sdmp, WerFault.exe, 00000004.00000002.741870836.0000000005290000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: WerFault.exe, 00000004.00000002.741703056.0000000005069000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
Source: scan_doc.exe, 00000000.00000002.748893223.0000000004810000.00000002.00000001.sdmp, WerFault.exe, 00000004.00000002.741870836.0000000005290000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: scan_doc.exe, 00000000.00000002.748893223.0000000004810000.00000002.00000001.sdmp, WerFault.exe, 00000004.00000002.741870836.0000000005290000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: scan_doc.exe, 00000000.00000002.745259375.00000000006DF000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: scan_doc.exe, 00000000.00000002.748893223.0000000004810000.00000002.00000001.sdmp, WerFault.exe, 00000004.00000002.741870836.0000000005290000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
Source: C:\Users\user\Desktop\scan_doc.exeProcess queried: DebugPort
Source: C:\Users\user\Desktop\scan_doc.exeProcess queried: DebugPort
Source: C:\Users\user\Desktop\scan_doc.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\scan_doc.exeMemory allocated: page read and write | page guard
Source: C:\Users\user\Desktop\scan_doc.exeQueries volume information: C:\Users\user\Desktop\scan_doc.exe VolumeInformation
Source: C:\Users\user\Desktop\scan_doc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Desktop\scan_doc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading1Input Capture1Query Registry1Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion1LSASS MemorySecurity Software Discovery11Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerVirtualization/Sandbox Evasion1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection1NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol3SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptTimestomp1LSA SecretsSystem Information Discovery12SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
scan_doc.exe26%VirustotalBrowse
scan_doc.exe29%ReversingLabsWin32.Trojan.Generic
scan_doc.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
bornforthis.ml2%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.0%URL Reputationsafe
https://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-3580%Avira URL Cloudsafe
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg0%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-1716680%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-1716680%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-1716680%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-1716680%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-0%URL Reputationsafe
https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-118370%URL Reputationsafe
https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-118370%URL Reputationsafe
https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-118370%URL Reputationsafe
https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-118370%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-12737166900%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-12737166900%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-12737166900%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-12737166900%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-0%URL Reputationsafe
https://www.liverpool.com/all-about/premier-league0%URL Reputationsafe
https://www.liverpool.com/all-about/premier-league0%URL Reputationsafe
https://www.liverpool.com/all-about/premier-league0%URL Reputationsafe
https://www.liverpool.com/all-about/premier-league0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-0%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/0%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/0%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/0%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/0%URL Reputationsafe
https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-171661540%URL Reputationsafe
https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-171661540%URL Reputationsafe
https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-171661540%URL Reputationsafe
https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-171661540%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.0%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-199578500%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-199578500%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-199578500%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-199578500%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-020%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-020%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-020%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-020%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png0%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-18760%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-18760%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-18760%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-18760%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg0%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-19961660%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-19961660%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-19961660%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-19961660%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst0%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst0%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst0%URL Reputationsafe
https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst0%URL Reputationsafe
https://reachplc.hub.loginradius.com&quot;0%Avira URL Cloudsafe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.png0%URL Reputationsafe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.png0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bornforthis.ml
104.21.17.57
truefalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
http://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-358B343CE000A6025E950DB85DC9DF85.htmlfalse
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpfalse
    		high
    https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-358scan_doc.exe, 00000000.00000002.745649271.00000000023E5000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpfalse
      		high
      https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpgscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
      • URL Reputation: safe
      • URL Reputation: safe
      • URL Reputation: safe
      • URL Reputation: safe
      		unknown
      https://c.amazon-adsystem.com/aax2/apstag.jsscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
        		high
        https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-171668scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-11837scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovinceWerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpfalse
          		high
          https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-1273716690scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authenticationWerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpfalse
            		high
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.oWerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpfalse
              		high
              https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jpscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidWerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpfalse
                		high
                https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                https://www.liverpool.com/all-about/premier-leaguescan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpgscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.pngscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                https://schema.org/ImageObjectscan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpfalse
                  		high
                  https://www.liverpool.com/liverpool-fc-news/scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.oWerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpfalse
                    		high
                    https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-17166154scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-19957850scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-02scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namescan_doc.exe, 00000000.00000002.745620202.00000000023B1000.00000004.00000001.sdmp, WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpfalse
                      		high
                      https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpgscan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      https://ads.pubmatic.com/AdServer/js/pwt/156997/3236/pwt.jsscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                        		high
                        https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.pngscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-1876scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifierWerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpfalse
                          		high
                          https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpgscan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-1996166scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorstscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://reachplc.hub.loginradius.com&quot;scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.pngscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s615/0_GettyImages-1304940818.scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s270b/0_GettyImages-1273716690scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://s2-prod.liverpool.comscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://www.liverpool.com/liverpool-fc-news/features/mohamed-salah-liverpool-goal-flaw-19945816scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s270b/0_GettyImages-1231353837scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpool.comscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://www.liverpool.com/contact-us/scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://felix.data.tm-awx.com/felix.min.jsscan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s180/0_Salah-Goal-vs-Leeds.jpgscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://www.liverpool.com/corrections-clarifications/scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s270b/0_RobertsonCross1.jpgscan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s458/0_GettyImages-1273716690.scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://www.liverpool.com/all-about/ozan-kabakscan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://s2-prod.mirror.co.uk/scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://www.liverpool.com/privacy-notice/scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-02-scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://www.liverpool.com/all-about/champions-leaguescan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://www.liverpool.com/all-about/curtis-userscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://www.liverpool.com/terms-conditions/scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.liverpool.com/all-about/steven-gerrardscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://www.liverpool.com/liverpool-fc-news/features/liverpool-ozan-kabak-future-audition-19954616scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://bornforthis.mlscan_doc.exe, 00000000.00000002.745620202.00000000023B1000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s458/1_WhatsApp-Image-2021-03-scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://www.liverpool.com/liverpool-fc-news/features/liverpool-penalties-premier-league-var-17171391scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://schema.org/NewsArticlescan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                            		high
                            https://www.liverpool.com/schedule/scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://schema.org/BreadcrumbListscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                              		high
                              https://securepubads.g.doubleclick.net/tag/js/gpt.jsscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                		high
                                https://www.liverpool.comscan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://s2-prod.liverpool.com/scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://www.liverpool.com/liverpool-fc-news/features/liverpool-champions-league-jurgen-klopp-1996194scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s220b/0_GettyImages-1231353837scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s458/0_GettyImages-1302496803.scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://felix.data.tm-awx.com/ampconfig.json&quot;scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s615/0_GettyImages-1273716690.scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://bornforthis.ml41kscan_doc.exe, 00000000.00000002.745649271.00000000023E5000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s270b/0_Salah-Pressing.jpgscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s615/0_Salah-Goal-vs-Leeds.jpgscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s270b/0_WhatsApp-Image-2021-02scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s220b/0_RobertsonCross1.jpgscan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmpfalse
                                  		high
                                  https://www.liverpool.com/liverpool-fc-news/features/liverpool-andy-robertson-valuable-quality-19946scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.liverpool.com/liverpool-fc-news/features/liverpool-jurgen-klopp-pressing-tactics-1993836scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s615/0_Salah-Pressing.jpgscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://schema.org/ListItemscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                    		high
                                    https://www.liverpool.com/all-about/georginio-wijnaldumscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://mab.data.tm-awx.com/rhs&quot;scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s180/0_GettyImages-1231353837.scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://felix.data.tm-awx.comscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.liverpool.com/all-about/andrew-robertsonscan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://i2-prod.liverpool.com/incoming/article17166876.ece/ALTERNATES/s615/0_GettyImages-1175998874.scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.liverpool.com/liverpool-fc-news/features/liverpool-gini-wijnaldum-rumours-fitness-199533scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.liverpool.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish-199590scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s180/0_GettyImages-1304940818.scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.liverpool.com/scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.liverpool.com/cookie-policy/scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.liverpool.com/all-about/transfersscan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown

                                    Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public

                                    IPDomainCountryFlagASNASN NameMalicious
                                    104.21.17.57
                                    		bornforthis.mlUnited States
                                    		13335CLOUDFLARENETUSfalse

                                    Private

                                    IP
                                    192.168.2.1

                                    General Information

                                    Joe Sandbox Version:31.0.0 Emerald
                                    Analysis ID:385475
                                    Start date:12.04.2021
                                    Start time:15:17:17
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 6m 48s
                                    Hypervisor based Inspection enabled:false
                                    Report type:light
                                    Sample file name:scan_doc.exe
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                    Number of analysed new started processes analysed:19
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal56.winEXE@2/5@2/2
                                    EGA Information:Failed
                                    HDC Information:
                                    • Successful, ratio: 100% (good quality ratio 1.1%)
                                    • Quality average: 1.2%
                                    • Quality standard deviation: 7.1%
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 0
                                    • Number of non-executed functions: 0
                                    Cookbook Comments:
                                    • Adjust boot time
                                    • Enable AMSI
                                    • Found application associated with file extension: .exe
                                    Warnings:
                                    Show All
                                    • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, WerFault.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                    • TCP Packets have been reduced to 100
                                    • Excluded IPs from analysis (whitelisted): 52.147.198.201, 13.88.21.125, 13.64.90.137, 20.50.102.62, 92.122.213.194, 92.122.213.247, 40.88.32.150, 52.155.217.156, 20.54.26.129, 205.185.216.42, 205.185.216.10, 104.42.151.234
                                    • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, a1449.dscg2.akamai.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcoleus15.cloudapp.net, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, consumerrp-displaycatalog-aks2eap.md.mp.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Report size getting too big, too many NtSetInformationFile calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    15:18:48API Interceptor1x Sleep call for process: WerFault.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    104.21.17.57KHAWATMI CO.IMPORT & EXPORT_PDF.exeGet hashmaliciousBrowse
                                    • bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-7E01452C0469561541C13E621DA21CFA.html
                                    ieuHgdpuPo.exeGet hashmaliciousBrowse
                                    • bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-B86F8FF0FC5B4DFA84D548466676F331.html
                                    Payment Slip.docGet hashmaliciousBrowse
                                    • bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-9B8523D461F26385D631D5F620BB8B2E.html
                                    Cobro Juridico_0291662728_7023446_452487041454723_016698_5192136884256735776_2301761820735_pdf.exeGet hashmaliciousBrowse
                                    • bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-563A37589B0D2B59C10374B2A5702724.html
                                    BL2659618800638119374.xls.exeGet hashmaliciousBrowse
                                    • bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-411168C7CB32589BC9FA46F44C581051.html
                                    Re Confirm#U00ffthe invoice#U00ffthe payment slip.exeGet hashmaliciousBrowse
                                    • bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-A354FBFCCC9BAC28AE0C0FFC172C1EF9.html
                                    GQ5JvPEI6c.exeGet hashmaliciousBrowse
                                    • bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-9B8523D461F26385D631D5F620BB8B2E.html
                                    COMMERCIAL INVOICE N#U00c2#U00ba 0001792E21.exeGet hashmaliciousBrowse
                                    • bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-217C604161C10233520053A33E0A764C.html
                                    MINUSCA P01-21.exeGet hashmaliciousBrowse
                                    • bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-A39FCD8B5C8720A97DC432DDA40A393E.html
                                    P195 NOVO Cinema#2021.exeGet hashmaliciousBrowse
                                    • bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-5573265BC294D44B8ECD9F019E83F237.html

                                    Domains

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    bornforthis.mlINV_0008434567987.docGet hashmaliciousBrowse
                                    • 172.67.222.176
                                    KHAWATMI CO.IMPORT & EXPORT_PDF.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    ieuHgdpuPo.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    Cobro Juridico_0420198202_326828_4985792583130360_300690_8122300886764676459_5190713730838_pdf.exeGet hashmaliciousBrowse
                                    • 172.67.222.176
                                    Payment Slip.docGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    Cobro Juridico_0291662728_7023446_452487041454723_016698_5192136884256735776_2301761820735_pdf.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    Cobro Juridico_07223243630_5643594_539661009070075_49874359_5059639084170590400_7272781644_pdf.exeGet hashmaliciousBrowse
                                    • 172.67.222.176
                                    BL2659618800638119374.xls.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    Purchase order and quote confirmation.exeGet hashmaliciousBrowse
                                    • 172.67.222.176
                                    Re Confirm#U00ffthe invoice#U00ffthe payment slip.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    GQ5JvPEI6c.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    COMMERCIAL INVOICE N#U00c2#U00ba 0001792E21.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    9479_pdf.exeGet hashmaliciousBrowse
                                    • 172.67.222.176
                                    MINUSCA P01-21.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    2EGv1FEjOU.exeGet hashmaliciousBrowse
                                    • 172.67.222.176
                                    P195 NOVO Cinema#2021.exeGet hashmaliciousBrowse
                                    • 104.21.17.57

                                    ASN

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    CLOUDFLARENETUSMarch Financial Reports & Statements.htmlGet hashmaliciousBrowse
                                    • 172.67.141.111
                                    V3kT2daGkz.exeGet hashmaliciousBrowse
                                    • 104.16.19.94
                                    SecuriteInfo.com.Trojan.GenericKD.45979987.7892.exeGet hashmaliciousBrowse
                                    • 172.67.197.219
                                    Bank Details.xlsxGet hashmaliciousBrowse
                                    • 104.21.71.76
                                    RFQ No A'4762QHTECHNICAL DETAILS.exeGet hashmaliciousBrowse
                                    • 172.67.188.154
                                    Rechung-2021.12.04.2021.pdf.exeGet hashmaliciousBrowse
                                    • 162.159.130.233
                                    INV_0008434567987.docGet hashmaliciousBrowse
                                    • 172.67.222.176
                                    mfalomirm@gentalia.eu.HTMGet hashmaliciousBrowse
                                    • 104.19.133.58
                                    KHAWATMI CO.IMPORT & EXPORT_PDF.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    YNzE2QUkvaTK7kd.exeGet hashmaliciousBrowse
                                    • 172.67.148.14
                                    NdBLyH2h5d.exeGet hashmaliciousBrowse
                                    • 23.227.38.74
                                    s6G3ZtvHZg.exeGet hashmaliciousBrowse
                                    • 172.67.130.43
                                    4oItdZkNOZ.exeGet hashmaliciousBrowse
                                    • 23.227.38.74
                                    ieuHgdpuPo.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    Cobro Juridico_0420198202_326828_4985792583130360_300690_8122300886764676459_5190713730838_pdf.exeGet hashmaliciousBrowse
                                    • 172.67.222.176
                                    Payment Slip.docGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    Cobro Juridico_0291662728_7023446_452487041454723_016698_5192136884256735776_2301761820735_pdf.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    INQUIRY 1820521 pdf.exeGet hashmaliciousBrowse
                                    • 104.21.82.58
                                    PaymentCopy.vbsGet hashmaliciousBrowse
                                    • 172.67.222.131
                                    PAYMENT COPY.exeGet hashmaliciousBrowse
                                    • 104.21.28.135

                                    JA3 Fingerprints

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    54328bd36c14bd82ddaa0c04b25ed9adRFQ No A'4762QHTECHNICAL DETAILS.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    Rechung-2021.12.04.2021.pdf.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    KHAWATMI CO.IMPORT & EXPORT_PDF.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    ieuHgdpuPo.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    Cobro Juridico_0420198202_326828_4985792583130360_300690_8122300886764676459_5190713730838_pdf.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    Cobro Juridico_0291662728_7023446_452487041454723_016698_5192136884256735776_2301761820735_pdf.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    Cobro Juridico_07223243630_5643594_539661009070075_49874359_5059639084170590400_7272781644_pdf.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    BL2659618800638119374.xls.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    Purchase order and quote confirmation.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    Confirm Order for SK TRIMS & INDUSTRIES_DK4571,pdf.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    Re Confirm#U00ffthe invoice#U00ffthe payment slip.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    SOA.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    RFQ No A'4762GHTECHNICAL DETAILS.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    GQ5JvPEI6c.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    JSTCG21040600210 xlxs.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    PAYMENT RECEIPT.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    COMMERCIAL INVOICE N#U00c2#U00ba 0001792E21.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    9479_pdf.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    fyi.exeGet hashmaliciousBrowse
                                    • 104.21.17.57
                                    MINUSCA P01-21.exeGet hashmaliciousBrowse
                                    • 104.21.17.57

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_scan_doc.exe_7f6cbb862bf213b5a645f615b3146ad992fef2_a4c72f23_1717e2d8\Report.wer
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):15502
                                    Entropy (8bit):3.757460873141975
                                    Encrypted:false
                                    SSDEEP:192:zi6LhikSHBUZMX6aKsUAeZJ/u7sHS274ItQz:++hiJBUZMX6almJ/u7sHX4ItQz
                                    MD5:00945C0CD5E7E6AEABE10267E229ED71
                                    SHA1:B6C81FE02D87728CE19DDA61A9D329063F734F26
                                    SHA-256:99C520250B83E5B12FC35598A713752379E6BEB00FB8EE28952A15273248FA43
                                    SHA-512:76F8FF2A55FE62E93A2C24DDE0928D741D7366347805A7E18CF0CEF921E7841607A989C00B92BE684C3A6A034C5420038B78C52200F4D69291A386DEF3924B78
                                    Malicious:true
                                    Reputation:low
                                    Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.6.2.7.0.7.0.9.0.1.1.0.5.6.6.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.6.2.7.0.7.0.9.5.7.5.1.1.7.1.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.9.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.f.8.c.3.9.1.4.-.7.6.8.a.-.4.6.5.b.-.9.2.1.e.-.0.2.2.6.7.1.8.3.6.3.9.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.7.f.6.8.9.d.6.-.0.8.0.5.-.4.1.0.3.-.8.c.4.4.-.3.c.5.a.6.2.9.3.e.4.6.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.s.c.a.n._.d.o.c...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.b.a.d.e.n.b.e.r.g...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.1.f.0.-.0.0.0.1.-.0.0.1.b.-.b.c.2.1.-.b.8.4.3.9.e.2.f.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.c.a.c.6.6.c.0.6.8.3.e.a.6.d.0.3.a.5.6.9.d.0.4.f.0.a.e.9.d.a.e.0.0.0.0.0.0.0.0.!.0.0.0.0.4.0.a.1.b.8.8.e.9.4.c.9.2.6.8.e.7.1.2.0.e.4.8.c.c.0.b.6.4.f.6.b.2.0.7.7.9.a.2.4.!.
                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER4D3F.tmp.dmp
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:Mini DuMP crash report, 15 streams, Mon Apr 12 13:18:12 2021, 0x1205a4 type
                                    Category:dropped
                                    Size (bytes):269057
                                    Entropy (8bit):3.7887465108160403
                                    Encrypted:false
                                    SSDEEP:3072:ljd+p/XyA+7KI9gIOgF5T07TUCgU/HI+Q7o61KjUkA0WH4:6p/aKI9RpDTWTTjQ3jJ0E4
                                    MD5:F1C173D8C13B19C28814E0B5EFECE894
                                    SHA1:9E369D9C9037C56CDEE8C59126F5BB3FA2A5A6A7
                                    SHA-256:F79FC4695B1A699A7281F2F7B0C90ED34879126EB30B1186C7C52D74669F6038
                                    SHA-512:CCF8869FD7AEA440728EBC02E56C30BB58E6BCB541D6A242730FDF8CD8CAA0815920A4B3F9511B50416B010059A6072F1D04F445B2DA83ED3C571B272E6E0882
                                    Malicious:false
                                    Reputation:low
                                    Preview: MDMP....... ........Ht`...................U...........B.......+......GenuineIntelW...........T............Ht`.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER57FE.tmp.WERInternalMetadata.xml
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):8388
                                    Entropy (8bit):3.691392657666039
                                    Encrypted:false
                                    SSDEEP:192:Rrl7r3GLNiC86K6Yr4SU8LlNgmfZHS2+pry89b9Wsfcfm:RrlsNiB6K6Y0SU8LfgmfZSh91fp
                                    MD5:7D336EAC90103B0A60C979B6B1005DEA
                                    SHA1:5E09033CB8141B3D4C7EE756047F287EA67DBB81
                                    SHA-256:B10ED05DF89CB86042726D3FAA95AE3455452239BA487C3A6601B75366C64EED
                                    SHA-512:5DE6DBF2B666883136053EC7A9E1B19FE39BF87A3E4DA936029735B3D142661D91C3340BAE510BF21037C3179B563C667A9FF4ED9C89E8325587939A594239CA
                                    Malicious:false
                                    Reputation:low
                                    Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.9.6.<./.P.i.d.>.........
                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER5A80.tmp.xml
                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):4737
                                    Entropy (8bit):4.44049776208093
                                    Encrypted:false
                                    SSDEEP:48:cvIwSD8zsvJgtWI9h3VWSC8B+8fm8M4JKh+sFD+q8vC+YuxMzx9DGd:uITfRe3kSNxJAKMuSN9DGd
                                    MD5:8D38F911788CF43996D8835020530AB3
                                    SHA1:4EF73ABF33E08AD20F876355179E6DC0FBDC5DAC
                                    SHA-256:7DF41BA5CEDC453D966A46AB8A67E06FCA30A92C37F870520248D3E7FF09105E
                                    SHA-512:5CC86F886650F9BA073B59041AD50589B2F6D007E12599A51B42E2AB81C5CE06D495C8C50A061D8881A98509A89FB92A2884DB9DF12315BDEE95951028DF03CB
                                    Malicious:false
                                    Reputation:low
                                    Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="943108" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                    C:\Users\user\WqRbEwRhIiboqTZtUQoyfj
                                    Process:C:\Users\user\Desktop\scan_doc.exe
                                    File Type:ASCII text, with very long lines, with no line terminators
                                    Category:dropped
                                    Size (bytes):1023400
                                    Entropy (8bit):3.095278840820652
                                    Encrypted:false
                                    SSDEEP:12288:XoHiWE0og/v1K/jmNeaFPq0+cggwLU4BCPyniAkfrayCI0vCmw7cXX6V/fhkTKvn:YHEgk6FK1kkANj+8IRFn0B
                                    MD5:94A7CAB58BBE8E975C78D9F323E751F1
                                    SHA1:A6B3E2A742329BF6FBD3D950DD832E0D2E6D0809
                                    SHA-256:47E46FD290331253830A51638BA70FBB9395985CF8BD905B1D0F0E04D7E9ACD5
                                    SHA-512:E88D4DF49D0382CF4E1D64214EE0DB3520BA4BE694D9CCAB6CF06F1643E318C3A23F9DB83EBA32F18B86827B7FB5FA8A5EFBFEA949DEC3D01E9DB27829D96204
                                    Malicious:false
                                    Reputation:low
                                    Preview: 77 90 144 0 3 0 0 0 4 0 0 0 255 255 0 0 184 0 0 0 0 0 0 0 64 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 128 0 0 0 14 31 186 14 0 180 9 205 33 184 1 76 205 33 84 104 105 115 32 112 114 111 103 114 97 109 32 99 97 110 110 111 116 32 98 101 32 114 117 110 32 105 110 32 68 79 83 32 109 111 100 101 46 13 13 10 36 0 0 0 0 0 0 0 80 69 0 0 76 1 3 0 76 142 41 180 0 0 0 0 0 0 0 0 224 0 34 0 11 1 80 0 0 14 5 0 0 6 0 0 0 0 0 0 158 44 5 0 0 32 0 0 0 64 5 0 0 0 0 128 0 32 0 0 0 2 0 0 4 0 0 0 0 0 0 0 4 0 0 0 0 0 0 0 0 128 5 0 0 2 0 0 0 0 0 0 2 0 64 133 0 0 16 0 0 16 0 0 0 0 16 0 0 16 0 0 0 0 0 0 16 0 0 0 0 0 0 0 0 0 0 0 68 44 5 0 87 0 0 0 0 64 5 0 212 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 96 5 0 12 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 32 0 0 8 0 0 0 0 0 0 0 0 0 0 0 8 32 0 0 72 0 0 0 0 0 0 0 0 0 0 0 46 116 101 120 116 0 0 0 164 12 5 0 0 32 0 0 0 14 5 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 32 0 0 96 46 114 115 11

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Entropy (8bit):6.0724450501210985
                                    TrID:
                                    • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                    • Win32 Executable (generic) a (10002005/4) 49.97%
                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                    • DOS Executable Generic (2002/1) 0.01%
                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                    File name:scan_doc.exe
                                    File size:14848
                                    MD5:a01c6a3db8e862ab85386b6700e941bb
                                    SHA1:40a1b88e94c9268e7120e48cc0b64f6b20779a24
                                    SHA256:29859bac1ca73683bf6c9ff17a91d249d0fa9ecb18b6b03ef03cf17545fad2be
                                    SHA512:6ecf3d22560c660a397c40f919ec69af4fb74a4b30fbcdce06e6cf23c57fc80a98d6023dba0c3a90331898e4bb7b19a4285ffc086f33bb6225178fe1b317a99d
                                    SSDEEP:384:M87FybegpzmEDTO4jCCNWiElvkr/sV3D0FX0XRno5J:M8pjgxNMZ9SkBnw
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..0...........N... ...`....@.. ....................................@................................

                                    File Icon

                                    Icon Hash:00828e8e8686b000

                                    Static PE Info

                                    General

                                    Entrypoint:0x404e9e
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                    Time Stamp:0xDCE3B2C8 [Sun Jun 8 11:26:00 2087 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:v4.0.30319
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                    Entrypoint Preview

                                    Instruction
                                    jmp dword ptr [00402000h]
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x4e440x57.text
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x5a8.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x80000xc.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x20000x2ea40x3000False0.625162760417data6.44315164568IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                    .rsrc0x60000x5a80x600False0.414713541667data4.05648932077IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0x80000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountry
                                    RT_VERSION0x60a00x31cdata
                                    RT_MANIFEST0x63bc0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                    Imports

                                    DLLImport
                                    mscoree.dll_CorExeMain

                                    Version Infos

                                    DescriptionData
                                    Translation0x0000 0x04b0
                                    LegalCopyrightCopyright 2021
                                    Assembly Version1.0.0.0
                                    InternalNamebadenberg.exe
                                    FileVersion1.0.0.0
                                    CompanyName
                                    LegalTrademarks
                                    Comments
                                    ProductNamebadenberg
                                    ProductVersion1.0.0.0
                                    FileDescriptionbadenberg
                                    OriginalFilenamebadenberg.exe

                                    Network Behavior

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Apr 12, 2021 15:18:02.994107008 CEST4972880192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.035154104 CEST8049728104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.035382986 CEST4972880192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.036384106 CEST4972880192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.077194929 CEST8049728104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.089163065 CEST8049728104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.136288881 CEST4972880192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.179992914 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.221195936 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.221438885 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.260107040 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.301035881 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.306374073 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.306427002 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.306530952 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.312634945 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.353512049 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.353753090 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.418001890 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.458873034 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.637876034 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.637907982 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.637939930 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.637965918 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.638004065 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.638041973 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.638084888 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.638098001 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.638137102 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.638149023 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.638189077 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.638237000 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.638814926 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.683130980 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.798628092 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.798666000 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.798857927 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.798901081 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.798943043 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.799029112 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.799316883 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.799367905 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.799498081 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.801959991 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.802022934 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.802216053 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.803157091 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.803211927 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.803251982 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.803289890 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.803339005 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.803399086 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.803402901 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.803493023 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.804120064 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.804167032 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.804260015 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.805100918 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.805154085 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.805236101 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.808427095 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.808482885 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.808522940 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.808561087 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.808579922 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.808602095 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.808635950 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.808653116 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.808722973 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.809468985 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.809528112 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.809654951 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.810226917 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.810252905 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.810337067 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.811381102 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.811408043 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.811490059 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.812110901 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.812138081 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.812259912 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.813270092 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.813299894 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.813393116 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.814256907 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.814284086 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.814368010 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.814636946 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.814661980 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.814733982 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.839907885 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.839936972 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.840059996 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.840230942 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.840368032 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.840440989 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.841684103 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.841711044 CEST44349729104.21.17.57192.168.2.4
                                    Apr 12, 2021 15:18:03.841773033 CEST49729443192.168.2.4104.21.17.57
                                    Apr 12, 2021 15:18:03.843086004 CEST44349729104.21.17.57192.168.2.4

                                    UDP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Apr 12, 2021 15:17:55.462335110 CEST5802853192.168.2.48.8.8.8
                                    Apr 12, 2021 15:17:55.512383938 CEST53580288.8.8.8192.168.2.4
                                    Apr 12, 2021 15:17:56.260565042 CEST5309753192.168.2.48.8.8.8
                                    Apr 12, 2021 15:17:56.319855928 CEST53530978.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:00.738564968 CEST4925753192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:00.787394047 CEST53492578.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:02.896759987 CEST6238953192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:02.967135906 CEST53623898.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:03.107773066 CEST4991053192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:03.178096056 CEST53499108.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:16.752629995 CEST5585453192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:16.804238081 CEST53558548.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:20.697263956 CEST6454953192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:20.746068001 CEST53645498.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:21.771446943 CEST6315353192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:21.821866989 CEST53631538.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:22.982064009 CEST5299153192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:23.044863939 CEST53529918.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:24.665678978 CEST5370053192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:24.714654922 CEST53537008.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:29.143795967 CEST5172653192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:29.205219030 CEST53517268.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:33.796684027 CEST5679453192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:33.848850012 CEST53567948.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:34.871316910 CEST5653453192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:34.921916008 CEST53565348.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:36.472376108 CEST5662753192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:36.524621964 CEST53566278.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:43.981081009 CEST5662153192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:44.029949903 CEST53566218.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:44.450367928 CEST6311653192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:44.507607937 CEST53631168.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:45.090960026 CEST6407853192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:45.148017883 CEST53640788.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:45.727173090 CEST6480153192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:45.775980949 CEST53648018.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:45.801820040 CEST6172153192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:45.859163046 CEST53617218.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:46.194634914 CEST5125553192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:46.261265993 CEST53512558.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:46.884013891 CEST6152253192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:46.935630083 CEST53615228.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:47.487596989 CEST5233753192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:47.545852900 CEST53523378.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:48.536902905 CEST5504653192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:48.594139099 CEST53550468.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:49.549026966 CEST4961253192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:49.606879950 CEST53496128.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:49.618057966 CEST4928553192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:49.678318024 CEST53492858.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:50.925111055 CEST5060153192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:50.985768080 CEST53506018.8.8.8192.168.2.4
                                    Apr 12, 2021 15:18:51.494111061 CEST6087553192.168.2.48.8.8.8
                                    Apr 12, 2021 15:18:51.559489965 CEST53608758.8.8.8192.168.2.4
                                    Apr 12, 2021 15:19:02.951266050 CEST5644853192.168.2.48.8.8.8
                                    Apr 12, 2021 15:19:03.009776115 CEST53564488.8.8.8192.168.2.4
                                    Apr 12, 2021 15:19:16.478255033 CEST5917253192.168.2.48.8.8.8
                                    Apr 12, 2021 15:19:16.527057886 CEST53591728.8.8.8192.168.2.4
                                    Apr 12, 2021 15:19:17.546921015 CEST6242053192.168.2.48.8.8.8
                                    Apr 12, 2021 15:19:17.604051113 CEST53624208.8.8.8192.168.2.4
                                    Apr 12, 2021 15:19:33.298777103 CEST6057953192.168.2.48.8.8.8
                                    Apr 12, 2021 15:19:33.347456932 CEST53605798.8.8.8192.168.2.4
                                    Apr 12, 2021 15:19:35.441929102 CEST5018353192.168.2.48.8.8.8
                                    Apr 12, 2021 15:19:35.516921997 CEST53501838.8.8.8192.168.2.4
                                    Apr 12, 2021 15:19:49.407648087 CEST6153153192.168.2.48.8.8.8
                                    Apr 12, 2021 15:19:49.464689970 CEST53615318.8.8.8192.168.2.4

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                    Apr 12, 2021 15:18:02.896759987 CEST192.168.2.48.8.8.80xf22bStandard query (0)bornforthis.mlA (IP address)IN (0x0001)
                                    Apr 12, 2021 15:18:03.107773066 CEST192.168.2.48.8.8.80x8042Standard query (0)bornforthis.mlA (IP address)IN (0x0001)

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                    Apr 12, 2021 15:18:02.967135906 CEST8.8.8.8192.168.2.40xf22bNo error (0)bornforthis.ml104.21.17.57A (IP address)IN (0x0001)
                                    Apr 12, 2021 15:18:02.967135906 CEST8.8.8.8192.168.2.40xf22bNo error (0)bornforthis.ml172.67.222.176A (IP address)IN (0x0001)
                                    Apr 12, 2021 15:18:03.178096056 CEST8.8.8.8192.168.2.40x8042No error (0)bornforthis.ml104.21.17.57A (IP address)IN (0x0001)
                                    Apr 12, 2021 15:18:03.178096056 CEST8.8.8.8192.168.2.40x8042No error (0)bornforthis.ml172.67.222.176A (IP address)IN (0x0001)

                                    HTTP Request Dependency Graph

                                    • bornforthis.ml

                                    HTTP Packets

                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    0192.168.2.449728104.21.17.5780C:\Users\user\Desktop\scan_doc.exe
                                    TimestampkBytes transferredDirectionData
                                    Apr 12, 2021 15:18:03.036384106 CEST876OUTGET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-358B343CE000A6025E950DB85DC9DF85.html HTTP/1.1
                                    UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41
                                    Host: bornforthis.ml
                                    Connection: Keep-Alive
                                    Apr 12, 2021 15:18:03.089163065 CEST877INHTTP/1.1 301 Moved Permanently
                                    Date: Mon, 12 Apr 2021 13:18:03 GMT
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Cache-Control: max-age=3600
                                    Expires: Mon, 12 Apr 2021 14:18:03 GMT
                                    Location: https://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-358B343CE000A6025E950DB85DC9DF85.html
                                    cf-request-id: 0967d4773a0000975a302c2000000001
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ac0Pz3GaDiF15%2FFVtAmWcxNvlY2cQ6Rjft9404BSZhcAprIiuQpQum4bHSgoJbALMQKOxf54izDvVdFzONY6ZQMua8NmJL0q4R2%2FhhWepA%3D%3D"}],"max_age":604800,"group":"cf-nel"}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 63ecbd052ef8975a-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    HTTPS Packets

                                    TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                    Apr 12, 2021 15:18:03.306427002 CEST104.21.17.57443192.168.2.449729CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IESat Apr 03 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020Sun Apr 03 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,054328bd36c14bd82ddaa0c04b25ed9ad
                                    CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025

                                    Code Manipulations

                                    Statistics

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    Analysis Process: scan_doc.exe PID: 496 Parent PID: 6136

                                    General

                                    Start time:15:18:01
                                    Start date:12/04/2021
                                    Path:C:\Users\user\Desktop\scan_doc.exe
                                    Wow64 process (32bit):true
                                    Commandline:'C:\Users\user\Desktop\scan_doc.exe'
                                    Imagebase:0x10000
                                    File size:14848 bytes
                                    MD5 hash:A01C6A3DB8E862AB85386B6700E941BB
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:.Net C# or VB.NET
                                    Reputation:low

                                    Analysis Process: WerFault.exe PID: 5972 Parent PID: 496

                                    General

                                    Start time:15:18:07
                                    Start date:12/04/2021
                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 1800
                                    Imagebase:0x1200000
                                    File size:434592 bytes
                                    MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:.Net C# or VB.NET
                                    Reputation:high

                                    Disassembly

                                    Code Analysis

                                    Reset < >