IOC Report
SecuriteInfo.com.Heur.12028.32590.exe

loading gif

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe
"C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies
unknown
http://install.flybird.himyou.com/installhttp://account.flybird.himyou.com/listenhttp://account.flyb
unknown
https://file.iviewui.com/iview-pro/icon-403-color.svg
unknown
http://dev.mysql.com/doc/refman/5.7/en/privileges-provided.html
unknown
https://blog.csdn.net/GongWei_/article/details/111480347
unknown
http://account.flybird.himyou.com/login
unknown
http://fontello.com
unknown
https://file.iviewui.com/iview-pro/icon-500-color.svg
unknown
http://127.0.0.1:59999/
unknown
https://github.com/microsoft/monaco-editor/blob/main/LICENSE.txt
unknown
https://blog.csdn.net/qq_38682174/article/details/125416084
unknown
https://github.com/microsoft/monaco-editor/issues/2714
unknown
http://fontello.comcodiconRegularcodiconcodiconVersion
unknown
https://file.iviewui.com/iview-pro/icon-404-color.svg
unknown
http://account.flybird.himyou.com/listen
unknown
https://file.iviewui.com/iview-pro/icon-404.svg
unknown
https://cn.vuejs.org/guide/scaling-up/routing.html#simple-routing-from-scratch
unknown
http://account.flybird.himyou.com/register
unknown
https://github.com/react-monaco-editor/react-monaco-editor/issues/88
unknown
https://file.iviewui.com/iview-pro/icon-403.svg
unknown
https://vueuse.org/core/usemagickeys/#combinations
unknown
https://dream2023.gitee.io/monaco-editor/api/enums/monaco.languages.completionitemkind.html#color
unknown
https://file.iviewui.com/iview-pro/icon-500.svg
unknown
http://install.flybird.himyou.com/install
8.210.245.105
http://account.flybird.himyou.com
unknown
http://adamwdraper.github.com/Numeral-js/
unknown
https://github.com/go-sql-driver/mysql/wiki/old_passwordshttp2:
unknown
https://github.com/microsoft/vscode/issues/77475
unknown
https://stackoverflow.com/questions/51263115/split-screen-containers-with-scrolling
unknown
http://purl.oclc.org/ooxml/officeDocument/relationships/charthttp://purl.oclc.org/ooxml/officeDocume
unknown
https://stackoverflow.com/questions/67609200/get-values-from-monaco-editor
unknown
There are 21 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
install.flybird.himyou.com
8.210.245.105

IPs

IP
Domain
Country
Malicious
8.210.245.105
install.flybird.himyou.com
Singapore

Memdumps

Base Address
Regiontype
Protect
Malicious
C0000CA000
direct allocation
page read and write
C000426000
direct allocation
page read and write
C00057C000
direct allocation
page read and write
C000406000
direct allocation
page read and write
1FEC000
unkown
page readonly
C00034A000
direct allocation
page read and write
C0004EA000
direct allocation
page read and write
C000051000
direct allocation
page read and write
C000412000
direct allocation
page read and write
231EF865000
direct allocation
page read and write
3293000
unkown
page write copy
C0003F4000
direct allocation
page read and write
C00054C000
direct allocation
page read and write
C0002DE000
direct allocation
page read and write
231E9EAA000
direct allocation
page read and write
F104BFE000
stack
page read and write
C0004E6000
direct allocation
page read and write
C000434000
direct allocation
page read and write
231E9BB6000
heap
page read and write
C0000E8000
direct allocation
page read and write
C0000EE000
direct allocation
page read and write
231E9B70000
direct allocation
page read and write
C000485000
direct allocation
page read and write
C0000D1000
direct allocation
page read and write
C000148000
direct allocation
page read and write
C000418000
direct allocation
page read and write
C00015C000
direct allocation
page read and write
C00050E000
direct allocation
page read and write
337C000
unkown
page read and write
C000164000
direct allocation
page read and write
C000065000
direct allocation
page read and write
C00027A000
direct allocation
page read and write
C000134000
direct allocation
page read and write
C0003A8000
direct allocation
page read and write
C00021C000
direct allocation
page read and write
C000061000
direct allocation
page read and write
C0000E0000
direct allocation
page read and write
F1049FF000
stack
page read and write
3996000
unkown
page write copy
C0000B8000
direct allocation
page read and write
15EC000
unkown
page readonly
C00013A000
direct allocation
page read and write
F103BFB000
stack
page read and write
C00055A000
direct allocation
page read and write
231E9F20000
heap
page read and write
C0002B6000
direct allocation
page read and write
C0004F5000
direct allocation
page read and write
C000146000
direct allocation
page read and write
C0004AC000
direct allocation
page read and write
C000130000
direct allocation
page read and write
C000180000
direct allocation
page read and write
C000120000
direct allocation
page read and write
D80000
unkown
page readonly
C00005F000
direct allocation
page read and write
C000185000
direct allocation
page read and write
C00030A000
direct allocation
page read and write
C0002E1000
direct allocation
page read and write
C000156000
direct allocation
page read and write
C000090000
direct allocation
page read and write
C0004C0000
direct allocation
page read and write
3281000
unkown
page write copy
C000588000
direct allocation
page read and write
C00007E000
direct allocation
page read and write
F1043FF000
stack
page read and write