Source: SecuriteInfo.com.Heur.12028.32590.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
DNS traffic detected: queries for: install.flybird.himyou.com |
Source: unknown |
HTTP traffic detected: POST /install HTTP/1.1Host: install.flybird.himyou.comUser-Agent: Go-http-client/1.1Content-Length: 257Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzipData Raw: 68 6f 73 74 5f 69 64 3d 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 26 68 6f 73 74 6e 61 6d 65 3d 32 38 34 39 39 32 26 6f 73 3d 77 69 6e 64 6f 77 73 26 70 6c 61 74 66 6f 72 6d 3d 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 26 70 6c 61 74 66 6f 72 6d 5f 66 61 6d 69 6c 79 3d 53 74 61 6e 64 61 6c 6f 6e 65 20 57 6f 72 6b 73 74 61 74 69 6f 6e 26 70 6c 61 74 66 6f 72 6d 5f 76 65 72 73 69 6f 6e 3d 31 30 2e 30 2e 31 39 30 34 35 20 42 75 69 6c 64 20 31 39 30 34 35 26 6b 65 72 6e 65 6c 5f 61 72 63 68 3d 78 38 36 5f 36 34 26 6b 65 72 6e 65 6c 5f 76 65 72 73 69 6f 6e 3d 31 30 2e 30 2e 31 39 30 34 35 20 42 75 69 6c 64 20 31 39 30 34 35 26 76 65 72 73 69 6f 6e 3d 75 6e 6b 6e 6f 77 6e Data Ascii: host_id=9e146be9-c76a-4720-bcdb-53011b87bd06&hostname=284992&os=windows&platform=Microsoft Windows 10 Pro&platform_family=Standalone Workstation&platform_version=10.0.19045 Build 19045&kernel_arch=x86_64&kernel_version=10.0.19045 Build 19045&version=unknown |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.16.1Date: Wed, 03 Apr 2024 05:21:58 GMTContent-Type: text/plainContent-Length: 18Connection: keep-aliveData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: http://127.0.0.1:59999/ |
Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3249111944.000000C00002C000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://account.flybird.himyou.com |
Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3249111944.000000C00002C000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://account.flybird.himyou.com/listen |
Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3249111944.000000C00002C000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://account.flybird.himyou.com/login |
Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3249111944.000000C00002C000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://account.flybird.himyou.com/register |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: http://adamwdraper.github.com/Numeral-js/ |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: http://dev.mysql.com/doc/refman/5.7/en/privileges-provided.html |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: http://fontello.com |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: http://fontello.comcodiconRegularcodiconcodiconVersion |
Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3254489545.000000C00040A000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://install.flybird.himyou.com/install |
Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3249111944.000000C00002C000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://install.flybird.himyou.com/installhttp://account.flybird.himyou.com/listenhttp://account.flyb |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/charthttp://purl.oclc.org/ooxml/officeDocume |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://blog.csdn.net/GongWei_/article/details/111480347 |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://blog.csdn.net/qq_38682174/article/details/125416084 |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://cn.vuejs.org/guide/scaling-up/routing.html#simple-routing-from-scratch |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://developers.whatismybrowser.com/useragents/explore/operating_system_name/macos/ |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://dream2023.gitee.io/monaco-editor/api/enums/monaco.languages.completionitemkind.html#color |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://file.iviewui.com/iview-pro/icon-403-color.svg |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://file.iviewui.com/iview-pro/icon-403.svg |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://file.iviewui.com/iview-pro/icon-404-color.svg |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://file.iviewui.com/iview-pro/icon-404.svg |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://file.iviewui.com/iview-pro/icon-500-color.svg |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://file.iviewui.com/iview-pro/icon-500.svg |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://github.com/go-sql-driver/mysql/wiki/old_passwordshttp2: |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://github.com/microsoft/monaco-editor/blob/main/LICENSE.txt |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://github.com/microsoft/monaco-editor/issues/2714 |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://github.com/microsoft/vscode/issues/77475 |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://github.com/react-monaco-editor/react-monaco-editor/issues/88 |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://stackoverflow.com/questions/51263115/split-screen-containers-with-scrolling |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://stackoverflow.com/questions/67609200/get-values-from-monaco-editor |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
String found in binary or memory: https://vueuse.org/core/usemagickeys/#combinations |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
Static PE information: Number of sections : 13 > 10 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
Static PE information: Section: /19 ZLIB complexity 0.9994244414251208 |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
Static PE information: Section: /32 ZLIB complexity 0.9969508495145631 |
Source: SecuriteInfo.com.Heur.12028.32590.exe |
Binary string: .-402]%SystemRoot%\system32\%s not between ? and ?%s requires 1 argument' in existing prefix '' is not a map to dive../drawings/vmlDrawing.localhost.localdomain/lib/time/zoneinfo.zip0123456789aAbBcCdDeEfF0123456789abcdefABCDEF0E0A:0E190E19:0E170E1715:4:5 Jan 2, 2006 MST2006-01-02T15:04:05Z074656612873077392578125</decodeTwoCellAnchor>AUTOINCREMENTINCREMENTAleutian Standard TimeAtlantic Standard TimeCONCAT(str1,str2,...) Caucasus Standard TimeCloseCurlyDoubleQuote;ConvertSidToStringSidWConvertStringSidToSidWCreateEnvironmentBlockCreateIoCompletionPortDEBUG_HTTP2_GOROUTINESDROP TABLE IF EXISTS ?Dateline Standard TimeDoubleContourIntegral;ECDSAWithP256AndSHA256ECDSAWithP384AndSHA384ECDSAWithP521AndSHA512FilledVerySmallSquare;Georgian Standard TimeGetEnvironmentStringsWGetTimeZoneInformationHawaiian Standard TimeIPv4 address too shortInscriptional_ParthianInt.Scan: invalid verbJan _2 15:04:05.000000Johab - Korean (Johab)LOOKUP no result foundMAX_CONCURRENT_STREAMSMountain Standard TimeNegativeVeryThinSpace;NotPrecedesSlantEqual;NotRightTriangleEqual;NotSucceedsSlantEqual;NtSetSystemInformationNyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeROLLBACK TO SAVEPOINT RoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSUBSTRING(str,pos,len)SafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWStandalone WorkstationTasmania Standard TimeUnsupported Media TypeVDB requires cost >= 0WSAGetOverlappedResultWaitForMultipleObjectsX-Content-Type-OptionsXNPV requires rate > 0"%s" <---- AROUND HERE\Device\NamedPipe\msys^(0[xX])?[0-9a-fA-F]+$^(\d{4}([ ]?\d{4})?)?$address already in useadjustPriority on rootadvapi32.dll not foundapplication/ecmascriptapplication/javascriptapplication/postscriptapplication/x-protobufargument list too longassembly checks failedattachment; filename="bad g->status in readybad sweepgen in refillbar3DCylinderClusteredbody closed by handlercall not at safe pointcannot allocate memorycannot decode into nilcannot unmarshal into catmsg: illegal varintcatmsg: unknown var %qcol3DCylinderClusteredcomment not terminatedcompileCallabck: type concat(str1,str2,...) dist/js/15.3156dda3.jsdist/js/75.c68d9499.jsdriver: bad connectionduplicated defer entryerror decoding messageerror parsing regexp: expected /> in elementexpected BTREE or HASHexpected a : separatorexpected end; found %sexpected quoted stringfa |