Windows Analysis Report
SecuriteInfo.com.Heur.12028.32590.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Heur.12028.32590.exe
Analysis ID:	1419154
MD5:	5756b17b1452dd9bc8b360c71411c0d7
SHA1:	593f9f76be14d6a44d24e10a9f177ce9ee63bfc3
SHA256:	f4bfde9d6ec02c5b940236f1b23b20dd5f1814523a6cbdb7856513f73ae038eb
Tags:	exe
Infos:

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Enables debug privileges

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Tries to load missing DLLs

Classification

Signatures

Source: SecuriteInfo.com.Heur.12028.32590.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: install.flybird.himyou.com

Source: unknown

HTTP traffic detected: POST /install HTTP/1.1Host: install.flybird.himyou.comUser-Agent: Go-http-client/1.1Content-Length: 257Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzipData Raw: 68 6f 73 74 5f 69 64 3d 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 26 68 6f 73 74 6e 61 6d 65 3d 32 38 34 39 39 32 26 6f 73 3d 77 69 6e 64 6f 77 73 26 70 6c 61 74 66 6f 72 6d 3d 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 26 70 6c 61 74 66 6f 72 6d 5f 66 61 6d 69 6c 79 3d 53 74 61 6e 64 61 6c 6f 6e 65 20 57 6f 72 6b 73 74 61 74 69 6f 6e 26 70 6c 61 74 66 6f 72 6d 5f 76 65 72 73 69 6f 6e 3d 31 30 2e 30 2e 31 39 30 34 35 20 42 75 69 6c 64 20 31 39 30 34 35 26 6b 65 72 6e 65 6c 5f 61 72 63 68 3d 78 38 36 5f 36 34 26 6b 65 72 6e 65 6c 5f 76 65 72 73 69 6f 6e 3d 31 30 2e 30 2e 31 39 30 34 35 20 42 75 69 6c 64 20 31 39 30 34 35 26 76 65 72 73 69 6f 6e 3d 75 6e 6b 6e 6f 77 6e Data Ascii: host_id=9e146be9-c76a-4720-bcdb-53011b87bd06&hostname=284992&os=windows&platform=Microsoft Windows 10 Pro&platform_family=Standalone Workstation&platform_version=10.0.19045 Build 19045&kernel_arch=x86_64&kernel_version=10.0.19045 Build 19045&version=unknown

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.16.1Date: Wed, 03 Apr 2024 05:21:58 GMTContent-Type: text/plainContent-Length: 18Connection: keep-aliveData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found

Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: http://127.0.0.1:59999/
Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3249111944.000000C00002C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://account.flybird.himyou.com
Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3249111944.000000C00002C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://account.flybird.himyou.com/listen
Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3249111944.000000C00002C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://account.flybird.himyou.com/login
Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3249111944.000000C00002C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://account.flybird.himyou.com/register
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: http://adamwdraper.github.com/Numeral-js/
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: http://dev.mysql.com/doc/refman/5.7/en/privileges-provided.html
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: http://fontello.com
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: http://fontello.comcodiconRegularcodiconcodiconVersion
Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3254489545.000000C00040A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://install.flybird.himyou.com/install
Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3249111944.000000C00002C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://install.flybird.himyou.com/installhttp://account.flybird.himyou.com/listenhttp://account.flyb
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/charthttp://purl.oclc.org/ooxml/officeDocume
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://blog.csdn.net/GongWei_/article/details/111480347
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://blog.csdn.net/qq_38682174/article/details/125416084
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://cn.vuejs.org/guide/scaling-up/routing.html#simple-routing-from-scratch
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://developers.whatismybrowser.com/useragents/explore/operating_system_name/macos/
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://dream2023.gitee.io/monaco-editor/api/enums/monaco.languages.completionitemkind.html#color
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://file.iviewui.com/iview-pro/icon-403-color.svg
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://file.iviewui.com/iview-pro/icon-403.svg
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://file.iviewui.com/iview-pro/icon-404-color.svg
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://file.iviewui.com/iview-pro/icon-404.svg
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://file.iviewui.com/iview-pro/icon-500-color.svg
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://file.iviewui.com/iview-pro/icon-500.svg
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://github.com/go-sql-driver/mysql/wiki/old_passwordshttp2:
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://github.com/microsoft/monaco-editor/blob/main/LICENSE.txt
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://github.com/microsoft/monaco-editor/issues/2714
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://github.com/microsoft/vscode/issues/77475
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://github.com/react-monaco-editor/react-monaco-editor/issues/88
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://stackoverflow.com/questions/51263115/split-screen-containers-with-scrolling
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://stackoverflow.com/questions/67609200/get-values-from-monaco-editor
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://vueuse.org/core/usemagickeys/#combinations

PE file contains more sections than normal

Source: SecuriteInfo.com.Heur.12028.32590.exe

Static PE information: Number of sections : 13 > 10

Tries to load missing DLLs

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: Section: /19 ZLIB complexity 0.9994244414251208
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: Section: /32 ZLIB complexity 0.9969508495145631

Source: SecuriteInfo.com.Heur.12028.32590.exe	Binary string: .-402]%SystemRoot%\system32\%s not between ? and ?%s requires 1 argument' in existing prefix '' is not a map to dive../drawings/vmlDrawing.localhost.localdomain/lib/time/zoneinfo.zip0123456789aAbBcCdDeEfF0123456789abcdefABCDEF0E0A:0E190E19:0E170E1715:4:5 Jan 2, 2006 MST2006-01-02T15:04:05Z074656612873077392578125</decodeTwoCellAnchor>AUTOINCREMENTINCREMENTAleutian Standard TimeAtlantic Standard TimeCONCAT(str1,str2,...) Caucasus Standard TimeCloseCurlyDoubleQuote;ConvertSidToStringSidWConvertStringSidToSidWCreateEnvironmentBlockCreateIoCompletionPortDEBUG_HTTP2_GOROUTINESDROP TABLE IF EXISTS ?Dateline Standard TimeDoubleContourIntegral;ECDSAWithP256AndSHA256ECDSAWithP384AndSHA384ECDSAWithP521AndSHA512FilledVerySmallSquare;Georgian Standard TimeGetEnvironmentStringsWGetTimeZoneInformationHawaiian Standard TimeIPv4 address too shortInscriptional_ParthianInt.Scan: invalid verbJan _2 15:04:05.000000Johab - Korean (Johab)LOOKUP no result foundMAX_CONCURRENT_STREAMSMountain Standard TimeNegativeVeryThinSpace;NotPrecedesSlantEqual;NotRightTriangleEqual;NotSucceedsSlantEqual;NtSetSystemInformationNyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeROLLBACK TO SAVEPOINT RoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSUBSTRING(str,pos,len)SafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWStandalone WorkstationTasmania Standard TimeUnsupported Media TypeVDB requires cost >= 0WSAGetOverlappedResultWaitForMultipleObjectsX-Content-Type-OptionsXNPV requires rate > 0"%s" <---- AROUND HERE\Device\NamedPipe\msys^(0[xX])?[0-9a-fA-F]+$^(\d{4}([ ]?\d{4})?)?$address already in useadjustPriority on rootadvapi32.dll not foundapplication/ecmascriptapplication/javascriptapplication/postscriptapplication/x-protobufargument list too longassembly checks failedattachment; filename="bad g->status in readybad sweepgen in refillbar3DCylinderClusteredbody closed by handlercall not at safe pointcannot allocate memorycannot decode into nilcannot unmarshal into catmsg: illegal varintcatmsg: unknown var %qcol3DCylinderClusteredcomment not terminatedcompileCallabck: type concat(str1,str2,...) dist/js/15.3156dda3.jsdist/js/75.c68d9499.jsdriver: bad connectionduplicated defer entryerror decoding messageerror parsing regexp: expected /> in elementexpected BTREE or HASHexpected a : separatorexpected end; found %sexpected quoted stringfailed to open file %sfailed to parse createfailed to produce diffframe_data_pad_too_bigfreeIndex is not validgb18030_unicode_520_cigetenv before env initgorm:begin_transactiongorm:update_track_timegzip: invalid checksumh"
Source: SecuriteInfo.com.Heur.12028.32590.exe	Binary string: \Device\NamedPipe\cygwin

Source: SecuriteInfo.com.Heur.12028.32590.exe	Binary or memory string: github.com/xuri/excelize/v2.(*formulaFuncs).SLN
Source: SecuriteInfo.com.Heur.12028.32590.exe	Binary or memory string: m({id:"xml",extensions:[".xml",".dtd",".ascx",".csproj",".config",".wxi",".wxl",".wxs",".xaml",".svg",".svgz",".opf",".xsl"],firstLine:"(\\<\\?xml.*)\|(\\<svg)\|(\\<\\!doctype\\s+svg)",aliases:["XML","xml"],mimetypes:["text/xml","application/xml","application/xaml+xml","application/xml-dtd"],loader:()=>i.e(7973).then(i.bind(i,7973))}),

Source: classification engine

Classification label: clean3.winEXE@2/0@2/1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe

File created: C:\Users\user\Library

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5820:120:WilError_03

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe

File opened: C:\Windows\system32\c53dfe4c0bd0b8dcd521212354f914030d82284e637f1e09585d41ffa26c50baAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Jump to behavior

Source: SecuriteInfo.com.Heur.12028.32590.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: ^(\d{6})?$^(m\|l)ice$^976\d{2}$^980\d{2}$^986\d{2}$^987\d{2}$^988\d{2}$^BBND 1ZZ$^FIQQ 1ZZ$^PCRN 1ZZ$^SIQQ 1ZZ$^TKCA 1ZZ$^[\p{L}]+$_reserved1alphabeticarg %d: %watomicand8audio/aiffaudio/midiaudio/mpegaudio/waveavx512bf16avx512gfniavx512ifmaavx512vaesavx512vbmiavx512vnnibackgroundbackprime;backsimeq;barStackedbeginsWithbelongs_tobig5-hkscsbigotimes;blockquotebm-Latn-MLbytes */%dcenterdot;chartsheetcheckmark;colStackedcolorScalecomplex128complexes;connectioncontainingcp1250_bincp1251_bincp1256_bincp1257_bincreatetempcsshiftjiscurdate() dashDotDotdebug calldefinitiondependencydeprecateddist/a.txtdist/fontsdnsapi.dlldotDotDashdotsquare;downarrow;dwmapi.dllerr is nilexecerrdotexitThreadexp masterexpressionff-Latn-BFff-Latn-CMff-Latn-GHff-Latn-GMff-Latn-GNff-Latn-GWff-Latn-LRff-Latn-MRff-Latn-NEff-Latn-SLfigcaptionfloat32nanfloat64nanfont/woff2formactionformmethodformtargetgb2312_bingb_2312-80getsockoptgo_packagegorm:querygoroutine gtecsfieldgtrapprox;gtreqless;gvertneqq;h:mm am/pmha-Latn-GHha-Latn-NGheartsuit;hebrew_binhour(time)http-equivhttp_proxyhz-gb-2312image/avifimage/jpegimage/webpimpossibleinput_typeinstanceofinvalid IPinvalid dbinvalidptriso-8859-1iso-8859-2iso-8859-3iso-8859-4iso-8859-5iso-8859-6iso-8859-7iso-8859-8iso-8859-9iso-ir-100iso-ir-101iso-ir-109iso-ir-110iso-ir-126iso-ir-127iso-ir-138iso-ir-144iso-ir-148iso-ir-149iso-ir-157iso8859-10iso8859-11iso8859-13iso8859-14iso8859-15iso_8859-1iso_8859-2iso_8859-3iso_8859-4iso_8859-5iso_8859-6iso_8859-7iso_8859-8iso_8859-9jv-Latn-IDkeep-alivekeySplineskeysplinesks-Arab-INku-Arab-IRlast monthlatin1_binlatin2_binlatin5_binlatin7_binleftarrow;lesseqgtr;local-addrltecsfieldltrim(str)lvertneqq;mSpanInUsemediagroupmediumGraymediumblobmediumtextmn-Mong-CNmn-Mong-MNmultipart-ngeqslant;nleqslant;notBetweennotifyListnovalidatenparallel;nshortmid;nsubseteq;nsupseteq;numOctavesnumoctavesoneof_declowner diedpathLengthpathlengthpitchfork;pivotCachepivotTablepower(x,y)primaryKeyprintasciiprofInsertpropertiesprotectionradiogrouprationals;registeredres binderres masterresumptionripemd-160round(n,d)rtrim(str)rune <nil>runtime: gs.state = schedtracesemacquireseptiembreset-cookiesetsockoptshort readskipping: sn-Latn-ZWsocks bindspadesuit;spellchecksql/exportsql/importstackLargestartswithstdlib: %sstream endstructonlysubseteqq;subsetneq;supseteqq;supsetneq;t.Kind == table/edittableWordsterminatedtext/plaintextLengthtextlengththerefore;this monthticks.locktimePeriodtis620_bintracefree(tracegc()
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: mhairModule32FirstWNetUserGetInfoNot AcceptableNotEqualTilde;NotTildeEqual;NotTildeTilde;ON CONSTRAINT OpenSCManagerWOperatorPrefixOther_ID_StartPRIMARY KEY ?,PROTOCOL_ERRORPattern_SyntaxPoincareplane;PrecedesEqual;PrecedesTilde;Process32NextWQuotation_MarkRCodeNameErrorREAD COMMITTEDREFUSED_STREAMREQUEST_METHODRead CommittedReading file: RegSetValueExWResourceHeaderRightArrowBar;RightTeeArrow;RightTriangle;RightUpVector;SLOW SQL >= %vSetConsoleModeSetFilePointerSetThreadTokenSizeofResourceSucceedsEqual;SucceedsTilde;SupersetEqual;SwitchArgumentSysAllocStringTRUNCATE(n,d) TranslateNameWUpEquilibrium;VerQueryValueWVerticalTilde;VeryThinSpace;VirtualProtectVirtualQueryExX-User-Defined[^0-9]%d[^0-9]" out of range\.+*?()\|[]{}^$^[a-zA-Z0-9]+$` DROP INDEX `accept-charsetallocfreetraceansi_x3.4-1968auto_incrementbad allocCountbad connectionbad record MACbad restart PCbad span statebar3DClusteredbigtriangleup;blacktriangle;body_write_errbytes %d-%d/%dcol3DClusteredconnection/addcontainsBlankscontainsErrorscontent-lengthcontinue monthdarkHorizontaldata truncateddatabase/closedcterms:W3CDTFdivideontimes;document startexpected 'inf'expected 'nan'expected COMMAexpected TABLEfallingdotseq;feDistantLightfeGaussianBlurfedistantlightfegaussianblurfile too largefinalizer waitfirst_settingsformnovalidategbk_chinese_cigcstoptheworldgetprotobynameh"
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: -4009]\ #,##0.00^[A-Z]{3}[ ]?\d{2,4}$^\+[1-9]?[0-9]{7,14}$^\d{4,5}\|\d{3}-\d{4}$_xlnm._FilterDatabaseafter top-level valueapplication/x-msgpackasync stack too largeat range loop break: bad number syntax: %qbad type in compare: bar3DPyramidClusteredblock device requiredbufio: negative countcaching_sha2_passwordcannot apply NOT NULLcannot apply UNSIGNEDcannot apply ZEROFILLcannot marshal type: checkdead: runnable gcol3DPyramidClusteredcommand not supportedconcurrent map writesdecompression failuredefer on system stackeuc-jp - EUC Japaneseexec: already startedexpected DOCUMENT-ENDexpected KEY or INDEXexpected STREAM-STARTexpected character %cfeature not supportedfindrunnable: wrong pformat: invalid quoteframe_ping_has_streamhh"
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: VLOOKUP no result foundVariant Also NegotiatesVariantTimeToSystemTimeVenezuela Standard TimeVolgograd Standard TimeW. Europe Standard TimeWest Asia Standard TimeWest Bank Standard TimeX-Appengine-Remote-Addr[GIN-debug] [ERROR] %v
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: TRUNC requires at least 1 argumentTrying to resolve absolute path toVirtualQuery for stack base failedWEEKDAY allows at most 2 argumentsWEEKNUM allows at most 2 argumentsXLOOKUP allows at most 6 argumentsYEARFRAC requires 3 or 4 argumentsYIELDMAT requires 5 or 6 argumentsZ.TEST accepts at most 3 arguments" is anonymous but has PkgPath set^(([0-9])+)-(([0-9])+)-(([0-9])+)$^(([0-9])+)/(([0-9])+)/(([0-9])+)$^((\d{4}-)?\d{3}-\d{3}(-\d{1})?)?$adding nil Certificate to CertPoolattempted to parse unknown event: bad scalar length: %d, expected %dcan't evaluate field %s in type %scan't handle %s for arg of type %scannot infer value: %s: Ox%x/%d/%scannot squash non-struct type '%s'cell value must be 0-%d characterschacha20: wrong HChaCha20 key sizeconnection doesn't support Ed25519control characters are not allowedcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing public modulusdate_add(date,interval expr type) date_sub(date,interval expr type) did not find expected node contentdist/fonts/ionicons.d03f2836.woff2doaddtimer: P already set in timerdriver: remove argument from queryexpected 1 HTTP2-Settings. Got: %vexpected NUMBER (decimal size `D`)expected NUMBER (decimal size `M`)expected an RSA public key, got %Texpected attribute name in elementexpected comma after array elementfailed to acquite target io.Writerfailed to unmarshal gob value: %#vforEachP: sched.safePointWait != 0frame_settings_window_size_too_bigframe_windowupdate_zero_inc_streamhandleValue not implemented for %shttp2: aborting request body writehttp: MultipartReader called twicehttp: connection has been hijackedhttp: invalid Content-Length of %qhttp: persistConn.readLoop exitinghttp: read on closed response bodyi/o operation on closed connectionillegal base64 data at input byte in \u hexadecimal character escapeinstall.flybird.himyou.com/installinvalid length of a UTF-8 sequenceinvalid nested repetition operatorinvalid or unsupported Perl syntaxinvalid padding bits in BIT STRINGiso-8859-13 - ISO 8859-13 Estonianm0,0l0,21600,21600,21600,21600,0xemspan.ensureSwept: m is not lockedname too long (%d bytes): %.20q...newWriterAndRequestNoBody(%+v): %vno handle (cannot identify format)out of memory allocating allArenasreflect.FuncOf: too many argumentsreflect.StructOf: duplicate field reflect: ChanDir of non-chan type reflect: Field index out of boundsreflect: Field of non-struct type reflect: Method index out of rangereflect: recv on send-only channelreflect: send on recv-only channelreflect: string index out of rangeruntime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]sql: expected %d arguments, got %dstat %s: no such file or directorystream error: stream ID %d; %v; %vtable array key cannot contain ']'there must be at least one handlertimeout waiting for client prefacetls: malformed key_share extensiontoo many
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: MINUTE requires exactly 1 argumentNEGBINOM.DIST requires 4 argumentsNPER requires at least 3 argumentsNoDefaultCurrentDirectoryInExePathOCT2BIN allows at most 2 argumentsOCT2HEX allows at most 2 argumentsOther_Default_Ignorable_Code_PointPOWER requires 2 numeric argumentsPRICEMAT requires 5 or 6 argumentsRATE requires at least 3 argumentsROMAN requires at least 1 argumentROUND requires 2 numeric argumentsRRI requires pv argument to be > 0SECOND requires exactly 1 argumentSQRTPI requires 1 numeric argumentSTDEV requires at least 1 argumentSetFileCompletionNotificationModesTLS 1.3, client CertificateVerifyTLS 1.3, server CertificateVerifyTRUNC requires at least 1 argumentTrying to resolve absolute path toVirtualQuery for stack base failedWEEKDAY allows at most 2 argumentsWEEKNUM allows at most 2 argumentsXLOOKUP allows at most 6 argumentsYEARFRAC requires 3 or 4 argumentsYIELDMAT requires 5 or 6 argumentsZ.TEST accepts at most 3 arguments" is anonymous but has PkgPath set^(([0-9])+)-(([0-9])+)-(([0-9])+)$^(([0-9])+)/(([0-9])+)/(([0-9])+)$^((\d{4}-)?\d{3}-\d{3}(-\d{1})?)?$adding nil Certificate to CertPoolattempted to parse unknown event: bad scalar length: %d, expected %dcan't evaluate field %s in type %scan't handle %s for arg of type %scannot infer value: %s: Ox%x/%d/%scannot squash non-struct type '%s'cell value must be 0-%d characterschacha20: wrong HChaCha20 key sizeconnection doesn't support Ed25519control characters are not allowedcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing public modulusdate_add(date,interval expr type) date_sub(date,interval expr type) did not find expected node contentdist/fonts/ionicons.d03f2836.woff2doaddtimer: P already set in timerdriver: remove argument from queryexpected 1 HTTP2-Settings. Got: %vexpected NUMBER (decimal size `D`)expected NUMBER (decimal size `M`)expected an RSA public key, got %Texpected attribute name in elementexpected comma after array elementfailed to acquite target io.Writerfailed to unmarshal gob value: %#vforEachP: sched.safePointWait != 0frame_settings_window_size_too_bigframe_windowupdate_zero_inc_streamhandleValue not implemented for %shttp2: aborting request body writehttp: MultipartReader called twicehttp: connection has been hijackedhttp: invalid Content-Length of %qhttp: persistConn.readLoop exitinghttp: read on closed response bodyi/o operation on closed connectionillegal base64 data at input byte in \u hexadecimal character escapeinstall.flybird.himyou.com/installinvalid length of a UTF-8 sequenceinvalid nested repetition operatorinvalid or unsupported Perl syntaxinvalid padding bits in BIT STRINGiso-8859-13 - ISO 8859-13 Estonianm0,0l0,21600,21600,21600,21600,0xemspan.ensureSwept: m is not lockedname too long (%d bytes): %.20q...newWriterAndRequestNoBody(%+v): %vno handle (cannot identify format)out of memory allocating allArenasreflect.FuncOf: too many argumentsreflect.StructOf: duplicate field reflect: C
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: SET FOREIGN_KEY_CHECKS = 0;^data:((?:\w+\/(?:([^;]\|;[^;]).)+)?)accessing a corrupted shared libraryapplication/vnd.ms-office.vbaProjectbytes.Reader.ReadAt: negative offsetbytes.Reader.Seek: negative positioncannot decode into non-settable chancannot parse '%s', %d overflows uintcannot parse '%s', %f overflows uintchacha20: wrong HChaCha20 nonce sizecompressed name in SRV resource dataconverting NULL to %s is unsupportedcrypto/cipher: input not full blockscrypto/rand: argument to Int is <= 0crypto/sha1: invalid hash state sizecrypto/sha512: invalid hash functiondid not find expected <stream-start>did not find expected version numberdocument contains excessive aliasingedwards25519: invalid point encodingexceeded maximum template depth (%v)expected an ECDSA public key, got %Tfailed to unmarshal JSONB value: %#vhttp2: server rejecting conn: %v, %shttp: invalid byte %q in Cookie.Pathhttp: invalid character in file pathhttp: no Location header in responsehttp: unexpected EOF reading trailerhttp://www.w3.org/XML/1998/namespaceinternal error: associate not commoninvalid characters in heredoc anchorinvalid semicolon separator in queryjson: encoding error for type %q: %qkey size not a multiple of key alignmalformed MIME header initial line: method ABI and value ABI don't alignmime: SetBoundary called after writemultiplication of zero with infinitymust set the output target only oncename %q does not begin with a letterno acceptable authentication methodsrange length is larger than capacityreflect: NumField of non-struct typeruntime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime: unblock on closing polldescruntime: wrong goroutine in newstackryuFtoaFixed64 called with prec > 18sql: converting argument %s type: %vstrings.Builder.Grow: negative countsyntax error scanning complex numbertls: keys must have at least one keytls: server did not send a key sharetoml: cannot encode value of type %sunable to cast %#v of type %T to intuncaching span but s.allocCount == 0unknown problem parsing YAML contentunsupported SSLv2 handshake receivedworksheet protect password not matchwrong number of args: got %d want %dx509: invalid CRL distribution pointx509: invalid subject key identifierx509: malformed algorithm identifierx509: zero or negative DSA parameterxml: %s chain not valid with %s flagxml: end tag </%s> without start tagyear is not in the range [1, 9999]:
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: beaker-stop
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: debug-start
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: debug-stop
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: diff-added
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: person-add
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: search-stop
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: \n ConnectionAdd(params) {\n return httpRequest.post(\"/mysql/connection/add\", params)\n },\n\n //
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: \nimport httpRequest from '@/request/index'\n\nexport default {\n\n Delete(params) {\n return httpRequest.post(\"/mysql/table/delete\", params)\n },\n\n\n Rename(params) {\n return httpRequest.post(\"/mysql/table/rename\", params)\n },\n\n Create(params){\n return httpRequest.post(\"/mysql/table/create\", params)\n },\n\n Edit(params){\n return httpRequest.post(\"/mysql/table/edit\", params)\n },\n\n EditSave(params){\n return httpRequest.post(\"/mysql/table/edit_save\", params)\n },\n}\n","import { render } from \"./tableFormRename.vue?vue&type=template&id=69c9119a&scoped=true\"\nimport script from \"./tableFormRename.vue?vue&type=script&lang=js\"\nexport * from \"./tableFormRename.vue?vue&type=script&lang=js\"\n\nimport \"./tableFormRename.vue?vue&type=style&index=0&id=69c9119a&scoped=true&lang=css\"\n\nimport exportComponent from \"/Users/owen/html/iview-demo/node_modules/vue-loader/dist/exportHelper.js\"\nconst __exports__ = /#__PURE__/exportComponent(script, [['render',render],['__scopeId',\"data-v-69c9119a\"]])\n\nexport default __exports__","import { render } from \"./comModals.vue?vue&type=template&id=7329edde\"\nimport script from \"./comModals.vue?vue&type=script&lang=js\"\nexport * from \"./comModals.vue?vue&type=script&lang=js\"\n\nimport exportComponent from \"/Users/owen/html/iview-demo/node_modules/vue-loader/dist/exportHelper.js\"\nconst __exports__ = /#__PURE__/exportComponent(script, [['render',render]])\n\nexport default __exports__","<template>\n <sideCtxMenu></sideCtxMenu>\n <Space direction=\"vertical\" type=\"flex\" :style=\"{ margin: '5px' }\">\n <Button v-show=\"!isCollapsed\" type=\"primary\" long shape=\"circle\" icon=\"ios-add-circle-outline\" @click=\"AddConnection\">New\n Connection</Button>\n </Space>\n <div class=\"ivu-layout-sider-children\" @contextmenu.prevent.stop=\"Contextmenu($event)\">\n <!-- <sideConns></sideConns> -->\n <ul class=\"ivu-menu ivu-menu-dark ivu-menu-vertical\" style=\"width: auto; user-select: none;\">\n <sideConn v-for=\"item in connections\" :key=\"item.ident\" :conn-abs-dto=\"item\"></sideConn>\n </ul>\n </div>\n</template>\n<script>\nimport Bus from '@/utils/bus'\nimport ConnSrv from \"@/apis/connection_api.js\";\nimport { menuCtl } from \"@/store/ctxMenuCtl.js\";\n\nimport sideCtxMenu from \"./sideCtxMenu.vue\"\n// import connFormAdd from \"./connFormAdd.vue\"\n// import sideConns from \"./sideConns.vue\"\nimport sideConn from \"./sideConn.vue\"\n\nexport default {\n props: {\n isCollapsed: {\n type: Boolean,\n default:false,\n }\n },\n\n components: {\n sideCtxMenu,\n sideConn,\n // connFormAdd,\n },\n\n data() {\n return {\n // useCtxMenuStore,\n menuCtl,\n\n connections: [],\n }\n },\n\n creadted() {\n console.log(\"sideCre
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: ?',\n okText: 'OK',\n cancelText: 'Cancel',\n onOk: () => {\n this.doDeleteRow(row)\n },\n });\n },\n\n CopyValue(row, column, data, event) {\n if (event.altKey == true) {\n copy(data);\n this.$Message.info(\"copy to clipboard successe!\");\n }\n },\n },\n\n\n // provide() {\n // return {\n // tablefields: this.tablefields\n // }\n // },\n}\n</script>\n","<template>\n <Form ref=\"formDynamic\" :model=\"formDynamicCondition\" style=\"\">\n <template v-if=\"formDynamicCondition.raw\">\n <FormItem :style=\"{ 'margin': '5px 5px 5px 5px', }\">\n <Row>\n <Input type=\"text\" v-model=\"formDynamicCondition.rawCondition\"\n placeholder=\"Enter only where condition segment...\"></Input>\n </Row>\n </FormItem>\n </template>\n <template v-else>\n <template v-for=\"(item, index) in formDynamicCondition.items\">\n <FormItem v-if=\"item.status\" :key=\"index\" :prop=\"'items.' + index + '.value'\"\n :style=\"{ 'margin-bottom': '5px', }\">\n <Row>\n <Col span=\"1\">\n <input type=\"checkbox\" v-model=\"item.checked\" />\n </Col>\n <Col span=\"2\">\n <Select v-model=\"item.bond\">\n <Option v-for=\"bond in bondList\" :value=\"bond\" :key=\"index + bond\">{{ bond }}</Option>\n </Select>\n </Col>\n <Col span=\"4\">\n <Select v-model=\"item.filed_name\">\n <Option v-for=\"field in tablefields\" :value=\"field\" :key=\"field\">{{ field }} </Option>\n </Select>\n </Col>\n <Col span=\"4\">\n <Select v-model=\"item.compare\">\n <Option v-for=\"comp in compareList\" :value=\"comp\" :key=\"index + comp\">{{ comp }}</Option>\n </Select>\n </Col>\n <template v-if=\"item.compare == 'is between' \|\| item.compare == 'is not between'\">\n <Col span=\"5\">\n <Input type=\"text\" v-model=\"item.value\" placeholder=\"Enter something...\"></Input>\n </Col>\n <Col span=\"5\">\n <Input type=\"text\" v-model=\"item.value2\" placeholder=\"Enter something...\"></Input>\n </Col>\n </template>\n <template v-else>\n <Col span=\"10\">\n
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-add-circle-outline" d="M512 864c-229.8 0-416-186.2-416-416s186.2-416 416-416c229.8 0 416 186.2 416 416s-186.2 416-416 416zM512 66.6c-210.2 0-381.4 171-381.4 381.4s171.2 381.4 381.4 381.4 381.4-171.2 381.4-381.4-171.2-381.4-381.4-381.4zM528 704h-32v-240h-240v-32h240v-240h32v240h240v32h-240z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-add-circle" d="M512 864c-229.8 0-416-186.2-416-416s186.2-416 416-416c229.8 0 416 186.2 416 416s-186.2 416-416 416zM768 432h-240v-240h-32v240h-240v32h240v240h32v-240h240v-32z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-add" d="M768 432h-240v-240h-32v240h-240v32h240v240h32v-240h240v-32z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-help-buoy-outline" d="M512 864c-229.8 0-416-186.2-416-416s186.2-416 416-416 416 186.2 416 416c0 229.8-186.2 416-416 416zM783.6 719.6c35.2-35.2 63-76.4 82.4-122 5.4-12.6 10-25.6 14-38.8l-202.2-13.6c-16.4 28-39.8 51.4-67.8 68l13 202.6c13-4 26-8.6 38.6-14 45.6-19.4 86.6-47 122-82.2zM896 448c0-27-2.8-53.4-8.2-79.2l-195.2 14c7.4 20.4 11.4 42.4 11.4 65.4 0 22.8-4 44.8-11.4 65.2l195.2 14c5.4-26 8.2-52.4 8.2-79.4zM512 288c-88.2 0-160 71.8-160 160s71.8 160 160 160 160-71.8 160-160c0-88.2-71.8-160-160-160zM128 448c0 27 2.8 53.4 8.2 79.2l195.2-14c-7.4-20.4-11.4-42.2-11.4-65.2 0-22.8 4-44.8 11.4-65.2l-195.2-14.2c-5.4 26-8.2 52.4-8.2 79.4zM591.2 823.8l-13.6-195.4c-20.4 7.4-42.6 11.6-65.6 11.6s-45-4-65.6-11.4l-13.8 195.2c25.8 5.4 52.4 8.2 79.2 8.2 27.2 0 53.6-2.8 79.4-8.2zM240.4 719.6c35.2 35.2 76.4 63 122 82.4 12.6 5.4 25.6 10 38.6 14l13-202.6c-27.8-16.6-51.2-40-67.8-67.8l-202.2 13.4c4 13 8.6 26 14 38.6 19.6 45.6 47.2 86.6 82.4 122zM240.4 176.4c-35.2 35.2-63 76.4-82.4 122-5.4 12.6-10 25.6-14 38.6l202.6 13c16.4-27.8 39.8-51 67.6-67.6l-13.2-202.4c-13 4-26 8.6-38.6 14-45.6 19.6-86.6 47.2-122 82.4zM432.8 72.2l14 195.2c20.4-7.4 42.4-11.4 65.2-11.4 23 0 45.2 4 65.8 11.6l13.6-195.4c-25.8-5.4-52.4-8.2-79.2-8.2-27.2 0-53.6 2.8-79.4 8.2zM783.6 176.4c-35.2-35.2-76.4-63-122-82.4-12.6-5.4-25.6-10-38.6-14l-13.4 202.2c28.2 16.6 51.6 40.2 68.2 68.4l202.2-13.6c-4-13-8.6-26-14-38.8-19.6-45.4-47.2-86.4-82.4-121.8z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-help-buoy" d="M512 864c-229.8 0-416-186.2-416-416s186.2-416 416-416 416 186.2 416 416c0 229.8-186.2 416-416 416zM783.6 719.6c35.2-35.2 63-76.4 82.4-122 5.4-12.6 10-25.6 14-38.8l-202.2-13.6c-16.4 28-39.8 51.4-67.8 68l13 202.6c13-4 26-8.6 38.6-14 45.6-19.4 86.6-47 122-82.2zM512 288c-88.2 0-160 71.8-160 160s71.8 160 160 160 160-71.8 160-160c0-88.2-71.8-160-160-160zM240.4 719.6c35.2 35.2 76.4 63 122 82.4 12.6 5.4 25.6 10 38.6 14l13-202.6c-27.8-16.6-51.2-40-67.8-67.8l-202.2 13.4c4 13 8.6 26 14 38.6 19.6 45.6 47.2 86.6 82.4 122zM240.4 176.4c-35.2 35.2-63 76.4-82.4 122-5.4 12.6-10 25.6-14 38.6l202.6 13c16.4-27.8 39.8-51 67.6-67.6l-13.2-202.4c-13 4-26 8.6-38.6 14-45.6 19.6-86.6 47.2-122 82.4zM783.6 176.4c-35.2-35.2-76.4-63-122-82.4-12.6-5.4-25.6-10-38.6-14l-13.4 202.2c28.2 16.6 51.6 40.2 68.2 68.4l202.2-13.6c-4-13-8.6-26-14-38.8-19.6-45.4-47.2-86.4-82.4-121.8z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-help-circle-outline" d="M512 864c-229.8 0-416-186.2-416-416s186.2-416 416-416c229.8 0 416 186.2 416 416s-186.2 416-416 416zM512 66.6c-210.2 0-381.4 171-381.4 381.4 0 210.2 171 381.4 381.4 381.4 210.2 0 381.4-171 381.4-381.4 0-210.2-171.2-381.4-381.4-381.4zM519.2 668c-86.4 0-134.6-40.6-135.2-124.4h37.6c-1.2 60.8 31 93 95.8 93 46.4 0 85.2-32.4 85.2-79.6 0-30.6-16.6-55.4-38.8-76.2-45.2-41.6-58-72-60.2-129h38c2.2 51.6 1 61.4 46.6 106.6 30.4 28.4 51.8 56.6 51.8 100.4 0 68.4-54.8 109.2-120.8 109.2zM520.6 295.4c-18.8 0-34-15-34-33.6s15.2-33.8 34-33.8c18.8 0 34 15 34 33.8 0 18.6-15.2 33.6-34 33.6z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-help-circle" d="M512 864c-229.8 0-416-186.2-416-416s186.2-416 416-416c229.8 0 416 186.2 416 416s-186.2 416-416 416zM520.6 228c-18.8 0-34 15-34 33.8 0 18.6 15.2 33.6 34 33.6s34-15 34-33.6c0-18.8-15.2-33.8-34-33.8zM588.2 458.6c-45.6-45-44.4-54.8-46.6-106.6h-38c2.2 57 15 87.4 60.2 129 22 20.6 38.8 45.4 38.8 76.2 0 47.2-38.8 79.8-85.2 79.8-64.8 0-97-32.8-95.8-92.8h-37.6c0.6 84 48.8 124.2 135.2 124.2 66 0 120.8-40.8 120.8-109.2 0-43.8-21.4-72.4-51.8-100.6z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-help" d="M520.6 228c-18.8 0-34 15-34 33.8 0 18.6 15.2 33.6 34 33.6s34-15 34-33.6c0-18.8-15.2-33.8-34-33.8zM588.2 458.6c-45.6-45-44.4-54.8-46.6-106.6h-38c2.2 57 15 87.4 60.2 129 22 20.6 38.8 45.4 38.8 76.2 0 47.2-38.8 79.8-85.2 79.8-64.8 0-97-32.8-95.8-92.8h-37.6c0.6 84 48.8 124.2 135.2 124.2 66 0 120.8-40.8 120.8-109.2 0-43.8-21.4-72.4-51.8-100.6z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-person-add-outline" d="M832 654h-50v50h-28v-50h-50v-28h50v-50h28v50h50zM404.8 556.6c0 0 0 0 0 0v0zM726.6 232.2c-25.8 9.2-62.8 12.4-86.4 17.6-13.6 3-33.4 10.6-40 18.4-6.6 8-2.6 81.8-2.6 81.8s12.2 19.2 18.8 36c6.6 16.8 13.8 62.8 13.8 62.8s13.6 0 18.4 23.8c5.2 26 13.2 36.8 12.2 56.2-1 18-10.4 19-11.4 19 0 0 0 0 0 0s9.8 27.2 11.2 84.8c1.6 68.2-50.6 135.4-148.6 135.4s-150-67-148.6-135.2c1.2-57.4 11.2-84.8 11.2-84.8s0 0 0 0c-1 0-10.4-1-11.4-19-1-19.4 7.2-29.8 12.2-55.8 4.8-23.8 18.4-24 18.4-24s7.2-46.2 13.8-63c6.6-17 18.8-36 18.8-36s4-73.8-2.6-81.8c-6.6-8-26.4-15.4-40-18.4-23.8-5.2-60.6-8.6-86.4-17.8s-105.4-40.2-105.4-104.2h640c0 64-79.6 95-105.4 104.2zM512 160h-274.6c4 6 9.4 10.2 16.4 15.2 14 10.2 32.2 19.6 54.2 27.2 13.6 4.8 33.4 8 50.8 10.6 11.4 1.8 22.2 3.4 31.8 5.6 6.8 1.6 41.6 10 57.6 29.2 9 10.8 11.6 25.4 11.2 64.6-0.2 20-1.2 38.6-1.2 39.4l-0.4 8.4-4.6 7c-3 4.6-11.6 19-16 30.6-3.6 9.4-9.2 38.4-12 56.2 0 0 0.8-2-1 7.4s-16.8 8.6-18.8 16c-1.8 7.2-3.6 13.8-8.6 36.4s5.6 22.4 7.8 32.4c1.2 6.2 0 11.4 0 11.6 0 0 0 0 0 0-0.6 2-8.2 26.8-9.4 75.4-0.6 26.4 9.2 51.2 27.6 69.8 21.2 21.6 52 33 89 33 38 0 68-11.4 89.2-33 18.4-18.6 28.2-43.4 27.6-69.8-1-48.4-8.6-73.2-9.4-75.4 0 0 0 0 0 0 0-0.2-1.2-3.4-0.8-10.4 0.4-10.8 13.6-11 8.6-33.6s-6.8-29.2-8.6-36.4c-1.8-7.2-17-6.6-18.8-16s-1-7.4-1-7.4c-2.8-17.8-8.4-46.8-12-56.2-4.6-11.6-13.2-26-16-30.6l-4.6-7-0.4-8.4c0-0.8-1-19.4-1.2-39.4-0.4-39.2 2.2-53.8 11.2-64.6 16-19 50.8-27.6 57.6-29.2 9.6-2.2 20.4-3.8 31.8-5.6 17.4-2.6 37.2-5.8 50.8-10.6 22-7.8 40.4-17.2 54.2-27.4 7-5 12.4-9.2 16.4-15.2h-274.4z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-person-add" d="M832 654h-50v50h-28v-50h-50v-28h50v-50h28v50h50zM726.6 232.2c-25.8 9.2-62.8 12.4-86.4 17.6-13.6 3-33.4 10.6-40 18.4-6.6 8-2.6 81.8-2.6 81.8s12.2 19.2 18.8 36c6.6 16.8 13.8 62.8 13.8 62.8s13.6 0 18.4 23.8c5.2 26 13.2 36.8 12.2 56.2-1 18-10.4 19-11.4 19 0 0 0 0 0 0s9.8 27.2 11.2 84.8c1.6 68.2-50.6 135.4-148.6 135.4s-150-67-148.6-135.2c1.2-57.4 11.2-84.8 11.2-84.8s0 0 0 0c-1 0-10.4-1-11.4-19-1-19.4 7.2-29.8 12.2-55.8 4.8-23.8 18.4-24 18.4-24s7.2-46.2 13.8-63c6.6-17 18.8-36 18.8-36s4-73.8-2.6-81.8c-6.6-8-26.4-15.4-40-18.4-23.8-5.2-60.6-8.6-86.4-17.8s-105.4-40.2-105.4-104.2h640c0 64-79.6 95-105.4 104.2z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-stopwatch-outline" d="M795.2 666.6l-3.6 3.4h36.8l17-15.6 45 45.6-81.6 80.6-46.4-44.6 17.6-18.4v-37.2l-10 9.4c-62.6 56.6-140 90.4-226 97.8v76.4h-64v-76h-4c-87.4-6-170-45-232-106v35.6l17.8 18.4-45.8 44.4-81.6-80.4 45-45.6 17 15.6h35.6c-0.6 0-1.4-1.4-2-2.2-65.6-70.2-102-161.8-102-257 0-208.8 172.2-378.8 384.2-378.8 211.6 0 383.8 169.8 383.8 378.6 0 95.2-36 186.2-100.8 256zM512.6 68.6c-191 0-346.2 153.4-346.2 341.8 0 188.6 155.4 341.8 346.2 341.8 191 0 346.2-153.4 346.2-341.8 0.2-188.4-155.2-341.8-346.2-341.8zM528 445.4v258.6h-32v-258.8c-25-8.6-48-33-48-60.6 0-29.4 20-54 48-61l16-35.6 16 35.6c28 7 48 31.6 48 61 0 29-21 53.4-48 60.8z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-stopwatch" d="M795.2 666.6l-3.6 3.4h36.8l17-15.6 45 45.6-81.6 80.6-46.4-44.6 17.6-18.4v-37.2l-10 9.4c-62.6 56.6-140 90.4-226 97.8v76.4h-64v-76h-4c-87.4-6-170-45-232-106v35.6l17.8 18.4-45.8 44.4-81.6-80.4 45-45.6 17 15.6h35.6c-0.6 0-1.4-1.4-2-2.2-65.6-70.2-102-161.8-102-257 0-208.8 172.2-378.8 384.2-378.8 211.6 0 383.8 169.8 383.8 378.6 0 95.2-36 186.2-100.8 256zM528 323.6l-16-35.6-16 35.6c-28 7-48 31.6-48 61 0 27.6 23 52 48 60.6v258.8h32v-258.6c27-7.4 48-31.8 48-60.8 0-29.4-20-54-48-61z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="md-add-circle" d="M512 864c-229.75 0-416-186.25-416-416s186.25-416 416-416 416 186.25 416 416-186.25 416-416 416zM726 406h-172v-172h-84v172h-172v84h172v172h84v-172h172v-84z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="md-add" d="M832 405.334h-277.334v-277.334h-85.332v277.334h-277.334v85.332h277.334v277.334h85.332v-277.334h277.334v-85.332z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="md-help-buoy" d="M512 864c-229.8 0-416-186.2-416-416s186.2-416 416-416 416 186.2 416 416-186.2 416-416 416zM634 152l-24.4 79.2c26 11.6 49.8 28 70.6 48.8s37.2 44.6 48.8 70.6l79-24.2c-15.8-38.6-39.4-74-69.8-104.4-30.2-30.6-65.6-54.2-104.2-70zM390 744l24.4-79.2c-26-11.6-49.8-28-70.6-48.8s-37.2-44.6-48.8-70.6l-79 24.2c15.8 38.6 39.4 74 69.8 104.4 30.2 30.6 65.6 54.2 104.2 70zM512 576c70.6 0 128-57.4 128-128s-57.4-128-128-128-128 57.4-128 128c0 70.6 57.4 128 128 128zM738.2 674.2c30.4-30.4 53.8-65.8 69.8-104.2l-79-24.4c-11.8 26-28 49.8-48.8 70.6s-44.6 37.2-70.6 48.8l24.2 79c38.6-15.8 74-39.4 104.4-69.8zM285.8 221.8c-30.4 30.2-54 65.6-69.8 104.2l79 24.4c11.8-26 28-49.8 48.8-70.6s44.6-37.2 70.6-48.8l-24.2-79c-38.6 15.8-74 39.4-104.4 69.8z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="md-help-circle" d="M512 864c-229.6 0-416-186.4-416-416s186.4-416 416-416 416 186.4 416 416-186.4 416-416 416zM554 198h-84v84h84v-84zM553.6 324h-83.2c0 134 124.8 124.4 124.8 207.6 0 45.8-37.4 83.4-83.2 83.4s-83.2-39-83.2-83h-83.2c0 92 74.4 166 166.4 166s166.4-74.2 166.4-166.2c0-104-124.8-115.8-124.8-207.8z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="md-help" d="M578 64h-132v130h132v-130zM576 260h-128c0 202 192 190.2 192 318 0 70.4-57.6 126.8-128 126.8s-128-60.8-128-128.8h-128c0 142 114.6 256 256 256s256-112.8 256-254c0-159.8-192-178-192-318z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="md-person-add" d="M608 448c105.61 0 192 86.402 192 192s-86.39 192-192 192-192-86.402-192-192 86.39-192 192-192zM608 352c-127.196 0-384-64.804-384-192v-96h768v96c0 127.196-256.804 192-384 192zM224 512v128h-64v-128h-128v-64h128v-128h64v128h128v64h-128z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="md-stopwatch" d="M464 346.666h96v261.334h-96v-261.334zM815.34 619.458l61.572 61.572-67.884 67.882-61.57-61.572c-65.024 50.546-146.72 80.66-235.458 80.66-212.078 0-384-171.922-384-384s171.922-384 384-384 384 171.922 384 384c0 88.738-30.114 170.434-80.66 235.458zM724.132 171.868c-56.664-56.664-132-87.868-212.132-87.868s-155.47 31.204-212.132 87.868c-56.664 56.662-87.868 132-87.868 212.132s31.204 155.47 87.868 212.132c56.662 56.664 132 87.868 212.132 87.868s155.468-31.204 212.132-87.868c56.664-56.662 87.868-132 87.868-212.132s-31.204-155.47-87.868-212.132zM384 896h256v-96h-256v96z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: "),ea={class:"ivu-city-drop-search"},ta={key:1,class:"ivu-city-drop-list"},ia={class:"ivu-city-drop-list-letter"},na={class:"ivu-city-drop-list-main",ref:"list"},oa=["onClick"],sa={key:2,class:"ivu-city-drop-list"},ra={class:"ivu-city-drop-list-letter"},aa={class:"ivu-city-drop-list-main ivu-city-drop-list-main-city",ref:"list"},la=["onClick"];function ca(e,i,n,o,s,r){const a=t.resolveComponent("Icon"),l=t.resolveComponent("Radio"),c=t.resolveComponent("RadioGroup"),d=t.resolveComponent("Option"),h=t.resolveComponent("Select"),u=t.resolveComponent("Tag"),g=t.resolveComponent("DropdownMenu"),p=t.resolveComponent("Dropdown");return t.openBlock(),t.createElementBlock("div",{class:t.normalizeClass(["ivu-city",r.classes]),ref:"city"},[t.createVNode(p,{trigger:"custom",visible:s.visible,transfer:n.transfer,placement:"bottom-start","transfer-class-name":r.transferClasses,onOnVisibleChange:r.handleVisibleChange,onOnClickoutside:r.handleClickOutside},{list:t.withCtx((()=>[t.createVNode(g,{onClick:i[3]\|\|(i[3]=t.withModifiers((()=>{}),["stop"]))},{default:t.withCtx((()=>[t.createElementVNode("div",qr,[n.cities.length?(t.openBlock(),t.createElementBlock("div",Gr,[(t.openBlock(!0),t.createElementBlock(t.Fragment,null,t.renderList(r.relCities,(e=>(t.openBlock(),t.createElementBlock("span",{key:e.n,onClick:t=>r.handleChangeValue(e.c)},t.toDisplayString(e.n),9,Yr)))),128))])):t.createCommentVNode("",!0),t.createElementVNode("div",Qr,[t.createElementVNode("div",Zr,[t.createVNode(c,{modelValue:s.listType,"onUpdate:modelValue":i[1]\|\|(i[1]=e=>s.listType=e),type:"button",size:"small"},{default:t.withCtx((()=>[t.createVNode(l,{label:"province"},{default:t.withCtx((()=>[Jr])),_:1}),t.createVNode(l,{label:"city"},{default:t.withCtx((()=>[Xr])),_:1})])),_:1},8,["modelValue"])]),t.createElementVNode("div",ea,[t.createVNode(h,{modelValue:s.queryCity,"onUpdate:modelValue":i[2]\|\|(i[2]=e=>s.queryCity=e),filterable:"",size:"small",transfer:"",placeholder:n.searchPlaceholder,onOnChange:r.handleSelect},{default:t.withCtx((()=>[(t.openBlock(!0),t.createElementBlock(t.Fragment,null,t.renderList(s.allCities,(e=>(t.openBlock(),t.createBlock(d,{value:e.c,key:e.c},{default:t.withCtx((()=>[t.createTextVNode(t.toDisplayString(e.n),1)])),_:2},1032,["value"])))),128))])),_:1},8,["modelValue","placeholder","onOnChange"])])]),"province"===s.listType?(t.openBlock(),t.createElementBlock("div",ta,[t.createElementVNode("div",ia,[(t.openBlock(!0),t.createElementBlock(t.Fragment,null,t.renderList(s.provinceList,(e=>(t.openBlock(),t.createBlock(u,{onClick:t=>r.handleClickLetter(e.n),type:"border",fade:!1,key:e.n},{default:t.withCtx((()=>[t.createTextVNode(t.toDisplayString(e.n),1)])),_:2},1032,["onClick"])))),128))]),t.createElementVNode("div",na,[t.createElementVNode("dl",null,[(t.openBlock(!0),t.createElementBlock(t.Fragment,null,t.renderList(s.cityListByProvince,(e=>(t.openBlock(),t.createElementBlock(t.Fragment,{key:e.p.n},[t.createElementVNode("dt",{class:t.normalizeClass("ivu-city-"+e.p.l)},
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: /usr/local/go/src/net/addrselect.go
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: /Users/owen/go/pkg/mod/github.com/magiconair/properties@v1.8.5/load.go

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe "C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: SecuriteInfo.com.Heur.12028.32590.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SecuriteInfo.com.Heur.12028.32590.exe

Static file information: File size 47188480 > 1048576

Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x86b000
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x1c94400
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: Raw size of /19 is bigger than: 0x100000 < 0x136800
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: Raw size of /65 is bigger than: 0x100000 < 0x215200
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: Raw size of /78 is bigger than: 0x100000 < 0x1a8200
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: Raw size of .symtab is bigger than: 0x100000 < 0x137600

Source: SecuriteInfo.com.Heur.12028.32590.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

PE file contains sections with non-standard names

Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: section name: /4
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: section name: /19
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: section name: /32
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: section name: /46
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: section name: /65
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: section name: /78
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: section name: /90
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: section name: .symtab

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX			Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3255821521.00000231E9B9C000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Enables debug privileges

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe

Process token adjusted: Debug

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe

Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
8.210.245.105	install.flybird.himyou.com	Singapore		45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false

Contacted Domains

Name	IP	Active
install.flybird.himyou.com	8.210.245.105	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://install.flybird.himyou.com/install	false	Avira URL Cloud: safe	unknown

Source: SecuriteInfo.com.Heur.12028.32590.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: install.flybird.himyou.com

Source: unknown

Source: global traffic

Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: http://127.0.0.1:59999/
Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3249111944.000000C00002C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://account.flybird.himyou.com
Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3249111944.000000C00002C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://account.flybird.himyou.com/listen
Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3249111944.000000C00002C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://account.flybird.himyou.com/login
Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3249111944.000000C00002C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://account.flybird.himyou.com/register
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: http://adamwdraper.github.com/Numeral-js/
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: http://dev.mysql.com/doc/refman/5.7/en/privileges-provided.html
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: http://fontello.com
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: http://fontello.comcodiconRegularcodiconcodiconVersion
Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3254489545.000000C00040A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://install.flybird.himyou.com/install
Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3249111944.000000C00002C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://install.flybird.himyou.com/installhttp://account.flybird.himyou.com/listenhttp://account.flyb
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/charthttp://purl.oclc.org/ooxml/officeDocume
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://blog.csdn.net/GongWei_/article/details/111480347
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://blog.csdn.net/qq_38682174/article/details/125416084
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://cn.vuejs.org/guide/scaling-up/routing.html#simple-routing-from-scratch
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://developers.whatismybrowser.com/useragents/explore/operating_system_name/macos/
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://dream2023.gitee.io/monaco-editor/api/enums/monaco.languages.completionitemkind.html#color
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://file.iviewui.com/iview-pro/icon-403-color.svg
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://file.iviewui.com/iview-pro/icon-403.svg
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://file.iviewui.com/iview-pro/icon-404-color.svg
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://file.iviewui.com/iview-pro/icon-404.svg
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://file.iviewui.com/iview-pro/icon-500-color.svg
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://file.iviewui.com/iview-pro/icon-500.svg
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://github.com/go-sql-driver/mysql/wiki/old_passwordshttp2:
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://github.com/microsoft/monaco-editor/blob/main/LICENSE.txt
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://github.com/microsoft/monaco-editor/issues/2714
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://github.com/microsoft/vscode/issues/77475
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://github.com/react-monaco-editor/react-monaco-editor/issues/88
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://stackoverflow.com/questions/51263115/split-screen-containers-with-scrolling
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://stackoverflow.com/questions/67609200/get-values-from-monaco-editor
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: https://vueuse.org/core/usemagickeys/#combinations

PE file contains more sections than normal

Source: SecuriteInfo.com.Heur.12028.32590.exe

Static PE information: Number of sections : 13 > 10

Tries to load missing DLLs

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: Section: /19 ZLIB complexity 0.9994244414251208
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: Section: /32 ZLIB complexity 0.9969508495145631

Source: SecuriteInfo.com.Heur.12028.32590.exe	Binary string: .-402]%SystemRoot%\system32\%s not between ? and ?%s requires 1 argument' in existing prefix '' is not a map to dive../drawings/vmlDrawing.localhost.localdomain/lib/time/zoneinfo.zip0123456789aAbBcCdDeEfF0123456789abcdefABCDEF0E0A:0E190E19:0E170E1715:4:5 Jan 2, 2006 MST2006-01-02T15:04:05Z074656612873077392578125</decodeTwoCellAnchor>AUTOINCREMENTINCREMENTAleutian Standard TimeAtlantic Standard TimeCONCAT(str1,str2,...) Caucasus Standard TimeCloseCurlyDoubleQuote;ConvertSidToStringSidWConvertStringSidToSidWCreateEnvironmentBlockCreateIoCompletionPortDEBUG_HTTP2_GOROUTINESDROP TABLE IF EXISTS ?Dateline Standard TimeDoubleContourIntegral;ECDSAWithP256AndSHA256ECDSAWithP384AndSHA384ECDSAWithP521AndSHA512FilledVerySmallSquare;Georgian Standard TimeGetEnvironmentStringsWGetTimeZoneInformationHawaiian Standard TimeIPv4 address too shortInscriptional_ParthianInt.Scan: invalid verbJan _2 15:04:05.000000Johab - Korean (Johab)LOOKUP no result foundMAX_CONCURRENT_STREAMSMountain Standard TimeNegativeVeryThinSpace;NotPrecedesSlantEqual;NotRightTriangleEqual;NotSucceedsSlantEqual;NtSetSystemInformationNyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeROLLBACK TO SAVEPOINT RoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSUBSTRING(str,pos,len)SafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWStandalone WorkstationTasmania Standard TimeUnsupported Media TypeVDB requires cost >= 0WSAGetOverlappedResultWaitForMultipleObjectsX-Content-Type-OptionsXNPV requires rate > 0"%s" <---- AROUND HERE\Device\NamedPipe\msys^(0[xX])?[0-9a-fA-F]+$^(\d{4}([ ]?\d{4})?)?$address already in useadjustPriority on rootadvapi32.dll not foundapplication/ecmascriptapplication/javascriptapplication/postscriptapplication/x-protobufargument list too longassembly checks failedattachment; filename="bad g->status in readybad sweepgen in refillbar3DCylinderClusteredbody closed by handlercall not at safe pointcannot allocate memorycannot decode into nilcannot unmarshal into catmsg: illegal varintcatmsg: unknown var %qcol3DCylinderClusteredcomment not terminatedcompileCallabck: type concat(str1,str2,...) dist/js/15.3156dda3.jsdist/js/75.c68d9499.jsdriver: bad connectionduplicated defer entryerror decoding messageerror parsing regexp: expected /> in elementexpected BTREE or HASHexpected a : separatorexpected end; found %sexpected quoted stringfailed to open file %sfailed to parse createfailed to produce diffframe_data_pad_too_bigfreeIndex is not validgb18030_unicode_520_cigetenv before env initgorm:begin_transactiongorm:update_track_timegzip: invalid checksumh"
Source: SecuriteInfo.com.Heur.12028.32590.exe	Binary string: \Device\NamedPipe\cygwin

Source: SecuriteInfo.com.Heur.12028.32590.exe	Binary or memory string: github.com/xuri/excelize/v2.(*formulaFuncs).SLN
Source: SecuriteInfo.com.Heur.12028.32590.exe	Binary or memory string: m({id:"xml",extensions:[".xml",".dtd",".ascx",".csproj",".config",".wxi",".wxl",".wxs",".xaml",".svg",".svgz",".opf",".xsl"],firstLine:"(\\<\\?xml.*)\|(\\<svg)\|(\\<\\!doctype\\s+svg)",aliases:["XML","xml"],mimetypes:["text/xml","application/xml","application/xaml+xml","application/xml-dtd"],loader:()=>i.e(7973).then(i.bind(i,7973))}),

Source: classification engine

Classification label: clean3.winEXE@2/0@2/1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe

File created: C:\Users\user\Library

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5820:120:WilError_03

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe

Jump to behavior

Source: SecuriteInfo.com.Heur.12028.32590.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: ^(\d{6})?$^(m\|l)ice$^976\d{2}$^980\d{2}$^986\d{2}$^987\d{2}$^988\d{2}$^BBND 1ZZ$^FIQQ 1ZZ$^PCRN 1ZZ$^SIQQ 1ZZ$^TKCA 1ZZ$^[\p{L}]+$_reserved1alphabeticarg %d: %watomicand8audio/aiffaudio/midiaudio/mpegaudio/waveavx512bf16avx512gfniavx512ifmaavx512vaesavx512vbmiavx512vnnibackgroundbackprime;backsimeq;barStackedbeginsWithbelongs_tobig5-hkscsbigotimes;blockquotebm-Latn-MLbytes */%dcenterdot;chartsheetcheckmark;colStackedcolorScalecomplex128complexes;connectioncontainingcp1250_bincp1251_bincp1256_bincp1257_bincreatetempcsshiftjiscurdate() dashDotDotdebug calldefinitiondependencydeprecateddist/a.txtdist/fontsdnsapi.dlldotDotDashdotsquare;downarrow;dwmapi.dllerr is nilexecerrdotexitThreadexp masterexpressionff-Latn-BFff-Latn-CMff-Latn-GHff-Latn-GMff-Latn-GNff-Latn-GWff-Latn-LRff-Latn-MRff-Latn-NEff-Latn-SLfigcaptionfloat32nanfloat64nanfont/woff2formactionformmethodformtargetgb2312_bingb_2312-80getsockoptgo_packagegorm:querygoroutine gtecsfieldgtrapprox;gtreqless;gvertneqq;h:mm am/pmha-Latn-GHha-Latn-NGheartsuit;hebrew_binhour(time)http-equivhttp_proxyhz-gb-2312image/avifimage/jpegimage/webpimpossibleinput_typeinstanceofinvalid IPinvalid dbinvalidptriso-8859-1iso-8859-2iso-8859-3iso-8859-4iso-8859-5iso-8859-6iso-8859-7iso-8859-8iso-8859-9iso-ir-100iso-ir-101iso-ir-109iso-ir-110iso-ir-126iso-ir-127iso-ir-138iso-ir-144iso-ir-148iso-ir-149iso-ir-157iso8859-10iso8859-11iso8859-13iso8859-14iso8859-15iso_8859-1iso_8859-2iso_8859-3iso_8859-4iso_8859-5iso_8859-6iso_8859-7iso_8859-8iso_8859-9jv-Latn-IDkeep-alivekeySplineskeysplinesks-Arab-INku-Arab-IRlast monthlatin1_binlatin2_binlatin5_binlatin7_binleftarrow;lesseqgtr;local-addrltecsfieldltrim(str)lvertneqq;mSpanInUsemediagroupmediumGraymediumblobmediumtextmn-Mong-CNmn-Mong-MNmultipart-ngeqslant;nleqslant;notBetweennotifyListnovalidatenparallel;nshortmid;nsubseteq;nsupseteq;numOctavesnumoctavesoneof_declowner diedpathLengthpathlengthpitchfork;pivotCachepivotTablepower(x,y)primaryKeyprintasciiprofInsertpropertiesprotectionradiogrouprationals;registeredres binderres masterresumptionripemd-160round(n,d)rtrim(str)rune <nil>runtime: gs.state = schedtracesemacquireseptiembreset-cookiesetsockoptshort readskipping: sn-Latn-ZWsocks bindspadesuit;spellchecksql/exportsql/importstackLargestartswithstdlib: %sstream endstructonlysubseteqq;subsetneq;supseteqq;supsetneq;t.Kind == table/edittableWordsterminatedtext/plaintextLengthtextlengththerefore;this monthticks.locktimePeriodtis620_bintracefree(tracegc()
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: mhairModule32FirstWNetUserGetInfoNot AcceptableNotEqualTilde;NotTildeEqual;NotTildeTilde;ON CONSTRAINT OpenSCManagerWOperatorPrefixOther_ID_StartPRIMARY KEY ?,PROTOCOL_ERRORPattern_SyntaxPoincareplane;PrecedesEqual;PrecedesTilde;Process32NextWQuotation_MarkRCodeNameErrorREAD COMMITTEDREFUSED_STREAMREQUEST_METHODRead CommittedReading file: RegSetValueExWResourceHeaderRightArrowBar;RightTeeArrow;RightTriangle;RightUpVector;SLOW SQL >= %vSetConsoleModeSetFilePointerSetThreadTokenSizeofResourceSucceedsEqual;SucceedsTilde;SupersetEqual;SwitchArgumentSysAllocStringTRUNCATE(n,d) TranslateNameWUpEquilibrium;VerQueryValueWVerticalTilde;VeryThinSpace;VirtualProtectVirtualQueryExX-User-Defined[^0-9]%d[^0-9]" out of range\.+*?()\|[]{}^$^[a-zA-Z0-9]+$` DROP INDEX `accept-charsetallocfreetraceansi_x3.4-1968auto_incrementbad allocCountbad connectionbad record MACbad restart PCbad span statebar3DClusteredbigtriangleup;blacktriangle;body_write_errbytes %d-%d/%dcol3DClusteredconnection/addcontainsBlankscontainsErrorscontent-lengthcontinue monthdarkHorizontaldata truncateddatabase/closedcterms:W3CDTFdivideontimes;document startexpected 'inf'expected 'nan'expected COMMAexpected TABLEfallingdotseq;feDistantLightfeGaussianBlurfedistantlightfegaussianblurfile too largefinalizer waitfirst_settingsformnovalidategbk_chinese_cigcstoptheworldgetprotobynameh"
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: -4009]\ #,##0.00^[A-Z]{3}[ ]?\d{2,4}$^\+[1-9]?[0-9]{7,14}$^\d{4,5}\|\d{3}-\d{4}$_xlnm._FilterDatabaseafter top-level valueapplication/x-msgpackasync stack too largeat range loop break: bad number syntax: %qbad type in compare: bar3DPyramidClusteredblock device requiredbufio: negative countcaching_sha2_passwordcannot apply NOT NULLcannot apply UNSIGNEDcannot apply ZEROFILLcannot marshal type: checkdead: runnable gcol3DPyramidClusteredcommand not supportedconcurrent map writesdecompression failuredefer on system stackeuc-jp - EUC Japaneseexec: already startedexpected DOCUMENT-ENDexpected KEY or INDEXexpected STREAM-STARTexpected character %cfeature not supportedfindrunnable: wrong pformat: invalid quoteframe_ping_has_streamhh"
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: VLOOKUP no result foundVariant Also NegotiatesVariantTimeToSystemTimeVenezuela Standard TimeVolgograd Standard TimeW. Europe Standard TimeWest Asia Standard TimeWest Bank Standard TimeX-Appengine-Remote-Addr[GIN-debug] [ERROR] %v
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: TRUNC requires at least 1 argumentTrying to resolve absolute path toVirtualQuery for stack base failedWEEKDAY allows at most 2 argumentsWEEKNUM allows at most 2 argumentsXLOOKUP allows at most 6 argumentsYEARFRAC requires 3 or 4 argumentsYIELDMAT requires 5 or 6 argumentsZ.TEST accepts at most 3 arguments" is anonymous but has PkgPath set^(([0-9])+)-(([0-9])+)-(([0-9])+)$^(([0-9])+)/(([0-9])+)/(([0-9])+)$^((\d{4}-)?\d{3}-\d{3}(-\d{1})?)?$adding nil Certificate to CertPoolattempted to parse unknown event: bad scalar length: %d, expected %dcan't evaluate field %s in type %scan't handle %s for arg of type %scannot infer value: %s: Ox%x/%d/%scannot squash non-struct type '%s'cell value must be 0-%d characterschacha20: wrong HChaCha20 key sizeconnection doesn't support Ed25519control characters are not allowedcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing public modulusdate_add(date,interval expr type) date_sub(date,interval expr type) did not find expected node contentdist/fonts/ionicons.d03f2836.woff2doaddtimer: P already set in timerdriver: remove argument from queryexpected 1 HTTP2-Settings. Got: %vexpected NUMBER (decimal size `D`)expected NUMBER (decimal size `M`)expected an RSA public key, got %Texpected attribute name in elementexpected comma after array elementfailed to acquite target io.Writerfailed to unmarshal gob value: %#vforEachP: sched.safePointWait != 0frame_settings_window_size_too_bigframe_windowupdate_zero_inc_streamhandleValue not implemented for %shttp2: aborting request body writehttp: MultipartReader called twicehttp: connection has been hijackedhttp: invalid Content-Length of %qhttp: persistConn.readLoop exitinghttp: read on closed response bodyi/o operation on closed connectionillegal base64 data at input byte in \u hexadecimal character escapeinstall.flybird.himyou.com/installinvalid length of a UTF-8 sequenceinvalid nested repetition operatorinvalid or unsupported Perl syntaxinvalid padding bits in BIT STRINGiso-8859-13 - ISO 8859-13 Estonianm0,0l0,21600,21600,21600,21600,0xemspan.ensureSwept: m is not lockedname too long (%d bytes): %.20q...newWriterAndRequestNoBody(%+v): %vno handle (cannot identify format)out of memory allocating allArenasreflect.FuncOf: too many argumentsreflect.StructOf: duplicate field reflect: ChanDir of non-chan type reflect: Field index out of boundsreflect: Field of non-struct type reflect: Method index out of rangereflect: recv on send-only channelreflect: send on recv-only channelreflect: string index out of rangeruntime.SetFinalizer: cannot pass runtime: g is running but p is notschedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]sql: expected %d arguments, got %dstat %s: no such file or directorystream error: stream ID %d; %v; %vtable array key cannot contain ']'there must be at least one handlertimeout waiting for client prefacetls: malformed key_share extensiontoo many
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: MINUTE requires exactly 1 argumentNEGBINOM.DIST requires 4 argumentsNPER requires at least 3 argumentsNoDefaultCurrentDirectoryInExePathOCT2BIN allows at most 2 argumentsOCT2HEX allows at most 2 argumentsOther_Default_Ignorable_Code_PointPOWER requires 2 numeric argumentsPRICEMAT requires 5 or 6 argumentsRATE requires at least 3 argumentsROMAN requires at least 1 argumentROUND requires 2 numeric argumentsRRI requires pv argument to be > 0SECOND requires exactly 1 argumentSQRTPI requires 1 numeric argumentSTDEV requires at least 1 argumentSetFileCompletionNotificationModesTLS 1.3, client CertificateVerifyTLS 1.3, server CertificateVerifyTRUNC requires at least 1 argumentTrying to resolve absolute path toVirtualQuery for stack base failedWEEKDAY allows at most 2 argumentsWEEKNUM allows at most 2 argumentsXLOOKUP allows at most 6 argumentsYEARFRAC requires 3 or 4 argumentsYIELDMAT requires 5 or 6 argumentsZ.TEST accepts at most 3 arguments" is anonymous but has PkgPath set^(([0-9])+)-(([0-9])+)-(([0-9])+)$^(([0-9])+)/(([0-9])+)/(([0-9])+)$^((\d{4}-)?\d{3}-\d{3}(-\d{1})?)?$adding nil Certificate to CertPoolattempted to parse unknown event: bad scalar length: %d, expected %dcan't evaluate field %s in type %scan't handle %s for arg of type %scannot infer value: %s: Ox%x/%d/%scannot squash non-struct type '%s'cell value must be 0-%d characterschacha20: wrong HChaCha20 key sizeconnection doesn't support Ed25519control characters are not allowedcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapcrypto/rsa: missing public modulusdate_add(date,interval expr type) date_sub(date,interval expr type) did not find expected node contentdist/fonts/ionicons.d03f2836.woff2doaddtimer: P already set in timerdriver: remove argument from queryexpected 1 HTTP2-Settings. Got: %vexpected NUMBER (decimal size `D`)expected NUMBER (decimal size `M`)expected an RSA public key, got %Texpected attribute name in elementexpected comma after array elementfailed to acquite target io.Writerfailed to unmarshal gob value: %#vforEachP: sched.safePointWait != 0frame_settings_window_size_too_bigframe_windowupdate_zero_inc_streamhandleValue not implemented for %shttp2: aborting request body writehttp: MultipartReader called twicehttp: connection has been hijackedhttp: invalid Content-Length of %qhttp: persistConn.readLoop exitinghttp: read on closed response bodyi/o operation on closed connectionillegal base64 data at input byte in \u hexadecimal character escapeinstall.flybird.himyou.com/installinvalid length of a UTF-8 sequenceinvalid nested repetition operatorinvalid or unsupported Perl syntaxinvalid padding bits in BIT STRINGiso-8859-13 - ISO 8859-13 Estonianm0,0l0,21600,21600,21600,21600,0xemspan.ensureSwept: m is not lockedname too long (%d bytes): %.20q...newWriterAndRequestNoBody(%+v): %vno handle (cannot identify format)out of memory allocating allArenasreflect.FuncOf: too many argumentsreflect.StructOf: duplicate field reflect: C
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: SET FOREIGN_KEY_CHECKS = 0;^data:((?:\w+\/(?:([^;]\|;[^;]).)+)?)accessing a corrupted shared libraryapplication/vnd.ms-office.vbaProjectbytes.Reader.ReadAt: negative offsetbytes.Reader.Seek: negative positioncannot decode into non-settable chancannot parse '%s', %d overflows uintcannot parse '%s', %f overflows uintchacha20: wrong HChaCha20 nonce sizecompressed name in SRV resource dataconverting NULL to %s is unsupportedcrypto/cipher: input not full blockscrypto/rand: argument to Int is <= 0crypto/sha1: invalid hash state sizecrypto/sha512: invalid hash functiondid not find expected <stream-start>did not find expected version numberdocument contains excessive aliasingedwards25519: invalid point encodingexceeded maximum template depth (%v)expected an ECDSA public key, got %Tfailed to unmarshal JSONB value: %#vhttp2: server rejecting conn: %v, %shttp: invalid byte %q in Cookie.Pathhttp: invalid character in file pathhttp: no Location header in responsehttp: unexpected EOF reading trailerhttp://www.w3.org/XML/1998/namespaceinternal error: associate not commoninvalid characters in heredoc anchorinvalid semicolon separator in queryjson: encoding error for type %q: %qkey size not a multiple of key alignmalformed MIME header initial line: method ABI and value ABI don't alignmime: SetBoundary called after writemultiplication of zero with infinitymust set the output target only oncename %q does not begin with a letterno acceptable authentication methodsrange length is larger than capacityreflect: NumField of non-struct typeruntime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime: unblock on closing polldescruntime: wrong goroutine in newstackryuFtoaFixed64 called with prec > 18sql: converting argument %s type: %vstrings.Builder.Grow: negative countsyntax error scanning complex numbertls: keys must have at least one keytls: server did not send a key sharetoml: cannot encode value of type %sunable to cast %#v of type %T to intuncaching span but s.allocCount == 0unknown problem parsing YAML contentunsupported SSLv2 handshake receivedworksheet protect password not matchwrong number of args: got %d want %dx509: invalid CRL distribution pointx509: invalid subject key identifierx509: malformed algorithm identifierx509: zero or negative DSA parameterxml: %s chain not valid with %s flagxml: end tag </%s> without start tagyear is not in the range [1, 9999]:
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: beaker-stop
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: debug-start
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: debug-stop
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: diff-added
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: person-add
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: search-stop
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: \n ConnectionAdd(params) {\n return httpRequest.post(\"/mysql/connection/add\", params)\n },\n\n //
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: \nimport httpRequest from '@/request/index'\n\nexport default {\n\n Delete(params) {\n return httpRequest.post(\"/mysql/table/delete\", params)\n },\n\n\n Rename(params) {\n return httpRequest.post(\"/mysql/table/rename\", params)\n },\n\n Create(params){\n return httpRequest.post(\"/mysql/table/create\", params)\n },\n\n Edit(params){\n return httpRequest.post(\"/mysql/table/edit\", params)\n },\n\n EditSave(params){\n return httpRequest.post(\"/mysql/table/edit_save\", params)\n },\n}\n","import { render } from \"./tableFormRename.vue?vue&type=template&id=69c9119a&scoped=true\"\nimport script from \"./tableFormRename.vue?vue&type=script&lang=js\"\nexport * from \"./tableFormRename.vue?vue&type=script&lang=js\"\n\nimport \"./tableFormRename.vue?vue&type=style&index=0&id=69c9119a&scoped=true&lang=css\"\n\nimport exportComponent from \"/Users/owen/html/iview-demo/node_modules/vue-loader/dist/exportHelper.js\"\nconst __exports__ = /#__PURE__/exportComponent(script, [['render',render],['__scopeId',\"data-v-69c9119a\"]])\n\nexport default __exports__","import { render } from \"./comModals.vue?vue&type=template&id=7329edde\"\nimport script from \"./comModals.vue?vue&type=script&lang=js\"\nexport * from \"./comModals.vue?vue&type=script&lang=js\"\n\nimport exportComponent from \"/Users/owen/html/iview-demo/node_modules/vue-loader/dist/exportHelper.js\"\nconst __exports__ = /#__PURE__/exportComponent(script, [['render',render]])\n\nexport default __exports__","<template>\n <sideCtxMenu></sideCtxMenu>\n <Space direction=\"vertical\" type=\"flex\" :style=\"{ margin: '5px' }\">\n <Button v-show=\"!isCollapsed\" type=\"primary\" long shape=\"circle\" icon=\"ios-add-circle-outline\" @click=\"AddConnection\">New\n Connection</Button>\n </Space>\n <div class=\"ivu-layout-sider-children\" @contextmenu.prevent.stop=\"Contextmenu($event)\">\n <!-- <sideConns></sideConns> -->\n <ul class=\"ivu-menu ivu-menu-dark ivu-menu-vertical\" style=\"width: auto; user-select: none;\">\n <sideConn v-for=\"item in connections\" :key=\"item.ident\" :conn-abs-dto=\"item\"></sideConn>\n </ul>\n </div>\n</template>\n<script>\nimport Bus from '@/utils/bus'\nimport ConnSrv from \"@/apis/connection_api.js\";\nimport { menuCtl } from \"@/store/ctxMenuCtl.js\";\n\nimport sideCtxMenu from \"./sideCtxMenu.vue\"\n// import connFormAdd from \"./connFormAdd.vue\"\n// import sideConns from \"./sideConns.vue\"\nimport sideConn from \"./sideConn.vue\"\n\nexport default {\n props: {\n isCollapsed: {\n type: Boolean,\n default:false,\n }\n },\n\n components: {\n sideCtxMenu,\n sideConn,\n // connFormAdd,\n },\n\n data() {\n return {\n // useCtxMenuStore,\n menuCtl,\n\n connections: [],\n }\n },\n\n creadted() {\n console.log(\"sideCre
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: ?',\n okText: 'OK',\n cancelText: 'Cancel',\n onOk: () => {\n this.doDeleteRow(row)\n },\n });\n },\n\n CopyValue(row, column, data, event) {\n if (event.altKey == true) {\n copy(data);\n this.$Message.info(\"copy to clipboard successe!\");\n }\n },\n },\n\n\n // provide() {\n // return {\n // tablefields: this.tablefields\n // }\n // },\n}\n</script>\n","<template>\n <Form ref=\"formDynamic\" :model=\"formDynamicCondition\" style=\"\">\n <template v-if=\"formDynamicCondition.raw\">\n <FormItem :style=\"{ 'margin': '5px 5px 5px 5px', }\">\n <Row>\n <Input type=\"text\" v-model=\"formDynamicCondition.rawCondition\"\n placeholder=\"Enter only where condition segment...\"></Input>\n </Row>\n </FormItem>\n </template>\n <template v-else>\n <template v-for=\"(item, index) in formDynamicCondition.items\">\n <FormItem v-if=\"item.status\" :key=\"index\" :prop=\"'items.' + index + '.value'\"\n :style=\"{ 'margin-bottom': '5px', }\">\n <Row>\n <Col span=\"1\">\n <input type=\"checkbox\" v-model=\"item.checked\" />\n </Col>\n <Col span=\"2\">\n <Select v-model=\"item.bond\">\n <Option v-for=\"bond in bondList\" :value=\"bond\" :key=\"index + bond\">{{ bond }}</Option>\n </Select>\n </Col>\n <Col span=\"4\">\n <Select v-model=\"item.filed_name\">\n <Option v-for=\"field in tablefields\" :value=\"field\" :key=\"field\">{{ field }} </Option>\n </Select>\n </Col>\n <Col span=\"4\">\n <Select v-model=\"item.compare\">\n <Option v-for=\"comp in compareList\" :value=\"comp\" :key=\"index + comp\">{{ comp }}</Option>\n </Select>\n </Col>\n <template v-if=\"item.compare == 'is between' \|\| item.compare == 'is not between'\">\n <Col span=\"5\">\n <Input type=\"text\" v-model=\"item.value\" placeholder=\"Enter something...\"></Input>\n </Col>\n <Col span=\"5\">\n <Input type=\"text\" v-model=\"item.value2\" placeholder=\"Enter something...\"></Input>\n </Col>\n </template>\n <template v-else>\n <Col span=\"10\">\n
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-add-circle-outline" d="M512 864c-229.8 0-416-186.2-416-416s186.2-416 416-416c229.8 0 416 186.2 416 416s-186.2 416-416 416zM512 66.6c-210.2 0-381.4 171-381.4 381.4s171.2 381.4 381.4 381.4 381.4-171.2 381.4-381.4-171.2-381.4-381.4-381.4zM528 704h-32v-240h-240v-32h240v-240h32v240h240v32h-240z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-add-circle" d="M512 864c-229.8 0-416-186.2-416-416s186.2-416 416-416c229.8 0 416 186.2 416 416s-186.2 416-416 416zM768 432h-240v-240h-32v240h-240v32h240v240h32v-240h240v-32z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-add" d="M768 432h-240v-240h-32v240h-240v32h240v240h32v-240h240v-32z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-help-buoy-outline" d="M512 864c-229.8 0-416-186.2-416-416s186.2-416 416-416 416 186.2 416 416c0 229.8-186.2 416-416 416zM783.6 719.6c35.2-35.2 63-76.4 82.4-122 5.4-12.6 10-25.6 14-38.8l-202.2-13.6c-16.4 28-39.8 51.4-67.8 68l13 202.6c13-4 26-8.6 38.6-14 45.6-19.4 86.6-47 122-82.2zM896 448c0-27-2.8-53.4-8.2-79.2l-195.2 14c7.4 20.4 11.4 42.4 11.4 65.4 0 22.8-4 44.8-11.4 65.2l195.2 14c5.4-26 8.2-52.4 8.2-79.4zM512 288c-88.2 0-160 71.8-160 160s71.8 160 160 160 160-71.8 160-160c0-88.2-71.8-160-160-160zM128 448c0 27 2.8 53.4 8.2 79.2l195.2-14c-7.4-20.4-11.4-42.2-11.4-65.2 0-22.8 4-44.8 11.4-65.2l-195.2-14.2c-5.4 26-8.2 52.4-8.2 79.4zM591.2 823.8l-13.6-195.4c-20.4 7.4-42.6 11.6-65.6 11.6s-45-4-65.6-11.4l-13.8 195.2c25.8 5.4 52.4 8.2 79.2 8.2 27.2 0 53.6-2.8 79.4-8.2zM240.4 719.6c35.2 35.2 76.4 63 122 82.4 12.6 5.4 25.6 10 38.6 14l13-202.6c-27.8-16.6-51.2-40-67.8-67.8l-202.2 13.4c4 13 8.6 26 14 38.6 19.6 45.6 47.2 86.6 82.4 122zM240.4 176.4c-35.2 35.2-63 76.4-82.4 122-5.4 12.6-10 25.6-14 38.6l202.6 13c16.4-27.8 39.8-51 67.6-67.6l-13.2-202.4c-13 4-26 8.6-38.6 14-45.6 19.6-86.6 47.2-122 82.4zM432.8 72.2l14 195.2c20.4-7.4 42.4-11.4 65.2-11.4 23 0 45.2 4 65.8 11.6l13.6-195.4c-25.8-5.4-52.4-8.2-79.2-8.2-27.2 0-53.6 2.8-79.4 8.2zM783.6 176.4c-35.2-35.2-76.4-63-122-82.4-12.6-5.4-25.6-10-38.6-14l-13.4 202.2c28.2 16.6 51.6 40.2 68.2 68.4l202.2-13.6c-4-13-8.6-26-14-38.8-19.6-45.4-47.2-86.4-82.4-121.8z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-help-buoy" d="M512 864c-229.8 0-416-186.2-416-416s186.2-416 416-416 416 186.2 416 416c0 229.8-186.2 416-416 416zM783.6 719.6c35.2-35.2 63-76.4 82.4-122 5.4-12.6 10-25.6 14-38.8l-202.2-13.6c-16.4 28-39.8 51.4-67.8 68l13 202.6c13-4 26-8.6 38.6-14 45.6-19.4 86.6-47 122-82.2zM512 288c-88.2 0-160 71.8-160 160s71.8 160 160 160 160-71.8 160-160c0-88.2-71.8-160-160-160zM240.4 719.6c35.2 35.2 76.4 63 122 82.4 12.6 5.4 25.6 10 38.6 14l13-202.6c-27.8-16.6-51.2-40-67.8-67.8l-202.2 13.4c4 13 8.6 26 14 38.6 19.6 45.6 47.2 86.6 82.4 122zM240.4 176.4c-35.2 35.2-63 76.4-82.4 122-5.4 12.6-10 25.6-14 38.6l202.6 13c16.4-27.8 39.8-51 67.6-67.6l-13.2-202.4c-13 4-26 8.6-38.6 14-45.6 19.6-86.6 47.2-122 82.4zM783.6 176.4c-35.2-35.2-76.4-63-122-82.4-12.6-5.4-25.6-10-38.6-14l-13.4 202.2c28.2 16.6 51.6 40.2 68.2 68.4l202.2-13.6c-4-13-8.6-26-14-38.8-19.6-45.4-47.2-86.4-82.4-121.8z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-help-circle-outline" d="M512 864c-229.8 0-416-186.2-416-416s186.2-416 416-416c229.8 0 416 186.2 416 416s-186.2 416-416 416zM512 66.6c-210.2 0-381.4 171-381.4 381.4 0 210.2 171 381.4 381.4 381.4 210.2 0 381.4-171 381.4-381.4 0-210.2-171.2-381.4-381.4-381.4zM519.2 668c-86.4 0-134.6-40.6-135.2-124.4h37.6c-1.2 60.8 31 93 95.8 93 46.4 0 85.2-32.4 85.2-79.6 0-30.6-16.6-55.4-38.8-76.2-45.2-41.6-58-72-60.2-129h38c2.2 51.6 1 61.4 46.6 106.6 30.4 28.4 51.8 56.6 51.8 100.4 0 68.4-54.8 109.2-120.8 109.2zM520.6 295.4c-18.8 0-34-15-34-33.6s15.2-33.8 34-33.8c18.8 0 34 15 34 33.8 0 18.6-15.2 33.6-34 33.6z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-help-circle" d="M512 864c-229.8 0-416-186.2-416-416s186.2-416 416-416c229.8 0 416 186.2 416 416s-186.2 416-416 416zM520.6 228c-18.8 0-34 15-34 33.8 0 18.6 15.2 33.6 34 33.6s34-15 34-33.6c0-18.8-15.2-33.8-34-33.8zM588.2 458.6c-45.6-45-44.4-54.8-46.6-106.6h-38c2.2 57 15 87.4 60.2 129 22 20.6 38.8 45.4 38.8 76.2 0 47.2-38.8 79.8-85.2 79.8-64.8 0-97-32.8-95.8-92.8h-37.6c0.6 84 48.8 124.2 135.2 124.2 66 0 120.8-40.8 120.8-109.2 0-43.8-21.4-72.4-51.8-100.6z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-help" d="M520.6 228c-18.8 0-34 15-34 33.8 0 18.6 15.2 33.6 34 33.6s34-15 34-33.6c0-18.8-15.2-33.8-34-33.8zM588.2 458.6c-45.6-45-44.4-54.8-46.6-106.6h-38c2.2 57 15 87.4 60.2 129 22 20.6 38.8 45.4 38.8 76.2 0 47.2-38.8 79.8-85.2 79.8-64.8 0-97-32.8-95.8-92.8h-37.6c0.6 84 48.8 124.2 135.2 124.2 66 0 120.8-40.8 120.8-109.2 0-43.8-21.4-72.4-51.8-100.6z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-person-add-outline" d="M832 654h-50v50h-28v-50h-50v-28h50v-50h28v50h50zM404.8 556.6c0 0 0 0 0 0v0zM726.6 232.2c-25.8 9.2-62.8 12.4-86.4 17.6-13.6 3-33.4 10.6-40 18.4-6.6 8-2.6 81.8-2.6 81.8s12.2 19.2 18.8 36c6.6 16.8 13.8 62.8 13.8 62.8s13.6 0 18.4 23.8c5.2 26 13.2 36.8 12.2 56.2-1 18-10.4 19-11.4 19 0 0 0 0 0 0s9.8 27.2 11.2 84.8c1.6 68.2-50.6 135.4-148.6 135.4s-150-67-148.6-135.2c1.2-57.4 11.2-84.8 11.2-84.8s0 0 0 0c-1 0-10.4-1-11.4-19-1-19.4 7.2-29.8 12.2-55.8 4.8-23.8 18.4-24 18.4-24s7.2-46.2 13.8-63c6.6-17 18.8-36 18.8-36s4-73.8-2.6-81.8c-6.6-8-26.4-15.4-40-18.4-23.8-5.2-60.6-8.6-86.4-17.8s-105.4-40.2-105.4-104.2h640c0 64-79.6 95-105.4 104.2zM512 160h-274.6c4 6 9.4 10.2 16.4 15.2 14 10.2 32.2 19.6 54.2 27.2 13.6 4.8 33.4 8 50.8 10.6 11.4 1.8 22.2 3.4 31.8 5.6 6.8 1.6 41.6 10 57.6 29.2 9 10.8 11.6 25.4 11.2 64.6-0.2 20-1.2 38.6-1.2 39.4l-0.4 8.4-4.6 7c-3 4.6-11.6 19-16 30.6-3.6 9.4-9.2 38.4-12 56.2 0 0 0.8-2-1 7.4s-16.8 8.6-18.8 16c-1.8 7.2-3.6 13.8-8.6 36.4s5.6 22.4 7.8 32.4c1.2 6.2 0 11.4 0 11.6 0 0 0 0 0 0-0.6 2-8.2 26.8-9.4 75.4-0.6 26.4 9.2 51.2 27.6 69.8 21.2 21.6 52 33 89 33 38 0 68-11.4 89.2-33 18.4-18.6 28.2-43.4 27.6-69.8-1-48.4-8.6-73.2-9.4-75.4 0 0 0 0 0 0 0-0.2-1.2-3.4-0.8-10.4 0.4-10.8 13.6-11 8.6-33.6s-6.8-29.2-8.6-36.4c-1.8-7.2-17-6.6-18.8-16s-1-7.4-1-7.4c-2.8-17.8-8.4-46.8-12-56.2-4.6-11.6-13.2-26-16-30.6l-4.6-7-0.4-8.4c0-0.8-1-19.4-1.2-39.4-0.4-39.2 2.2-53.8 11.2-64.6 16-19 50.8-27.6 57.6-29.2 9.6-2.2 20.4-3.8 31.8-5.6 17.4-2.6 37.2-5.8 50.8-10.6 22-7.8 40.4-17.2 54.2-27.4 7-5 12.4-9.2 16.4-15.2h-274.4z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-person-add" d="M832 654h-50v50h-28v-50h-50v-28h50v-50h28v50h50zM726.6 232.2c-25.8 9.2-62.8 12.4-86.4 17.6-13.6 3-33.4 10.6-40 18.4-6.6 8-2.6 81.8-2.6 81.8s12.2 19.2 18.8 36c6.6 16.8 13.8 62.8 13.8 62.8s13.6 0 18.4 23.8c5.2 26 13.2 36.8 12.2 56.2-1 18-10.4 19-11.4 19 0 0 0 0 0 0s9.8 27.2 11.2 84.8c1.6 68.2-50.6 135.4-148.6 135.4s-150-67-148.6-135.2c1.2-57.4 11.2-84.8 11.2-84.8s0 0 0 0c-1 0-10.4-1-11.4-19-1-19.4 7.2-29.8 12.2-55.8 4.8-23.8 18.4-24 18.4-24s7.2-46.2 13.8-63c6.6-17 18.8-36 18.8-36s4-73.8-2.6-81.8c-6.6-8-26.4-15.4-40-18.4-23.8-5.2-60.6-8.6-86.4-17.8s-105.4-40.2-105.4-104.2h640c0 64-79.6 95-105.4 104.2z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-stopwatch-outline" d="M795.2 666.6l-3.6 3.4h36.8l17-15.6 45 45.6-81.6 80.6-46.4-44.6 17.6-18.4v-37.2l-10 9.4c-62.6 56.6-140 90.4-226 97.8v76.4h-64v-76h-4c-87.4-6-170-45-232-106v35.6l17.8 18.4-45.8 44.4-81.6-80.4 45-45.6 17 15.6h35.6c-0.6 0-1.4-1.4-2-2.2-65.6-70.2-102-161.8-102-257 0-208.8 172.2-378.8 384.2-378.8 211.6 0 383.8 169.8 383.8 378.6 0 95.2-36 186.2-100.8 256zM512.6 68.6c-191 0-346.2 153.4-346.2 341.8 0 188.6 155.4 341.8 346.2 341.8 191 0 346.2-153.4 346.2-341.8 0.2-188.4-155.2-341.8-346.2-341.8zM528 445.4v258.6h-32v-258.8c-25-8.6-48-33-48-60.6 0-29.4 20-54 48-61l16-35.6 16 35.6c28 7 48 31.6 48 61 0 29-21 53.4-48 60.8z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="ios-stopwatch" d="M795.2 666.6l-3.6 3.4h36.8l17-15.6 45 45.6-81.6 80.6-46.4-44.6 17.6-18.4v-37.2l-10 9.4c-62.6 56.6-140 90.4-226 97.8v76.4h-64v-76h-4c-87.4-6-170-45-232-106v35.6l17.8 18.4-45.8 44.4-81.6-80.4 45-45.6 17 15.6h35.6c-0.6 0-1.4-1.4-2-2.2-65.6-70.2-102-161.8-102-257 0-208.8 172.2-378.8 384.2-378.8 211.6 0 383.8 169.8 383.8 378.6 0 95.2-36 186.2-100.8 256zM528 323.6l-16-35.6-16 35.6c-28 7-48 31.6-48 61 0 27.6 23 52 48 60.6v258.8h32v-258.6c27-7.4 48-31.8 48-60.8 0-29.4-20-54-48-61z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="md-add-circle" d="M512 864c-229.75 0-416-186.25-416-416s186.25-416 416-416 416 186.25 416 416-186.25 416-416 416zM726 406h-172v-172h-84v172h-172v84h172v172h84v-172h172v-84z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="md-add" d="M832 405.334h-277.334v-277.334h-85.332v277.334h-277.334v85.332h277.334v277.334h85.332v-277.334h277.334v-85.332z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="md-help-buoy" d="M512 864c-229.8 0-416-186.2-416-416s186.2-416 416-416 416 186.2 416 416-186.2 416-416 416zM634 152l-24.4 79.2c26 11.6 49.8 28 70.6 48.8s37.2 44.6 48.8 70.6l79-24.2c-15.8-38.6-39.4-74-69.8-104.4-30.2-30.6-65.6-54.2-104.2-70zM390 744l24.4-79.2c-26-11.6-49.8-28-70.6-48.8s-37.2-44.6-48.8-70.6l-79 24.2c15.8 38.6 39.4 74 69.8 104.4 30.2 30.6 65.6 54.2 104.2 70zM512 576c70.6 0 128-57.4 128-128s-57.4-128-128-128-128 57.4-128 128c0 70.6 57.4 128 128 128zM738.2 674.2c30.4-30.4 53.8-65.8 69.8-104.2l-79-24.4c-11.8 26-28 49.8-48.8 70.6s-44.6 37.2-70.6 48.8l24.2 79c38.6-15.8 74-39.4 104.4-69.8zM285.8 221.8c-30.4 30.2-54 65.6-69.8 104.2l79 24.4c11.8-26 28-49.8 48.8-70.6s44.6-37.2 70.6-48.8l-24.2-79c-38.6 15.8-74 39.4-104.4 69.8z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="md-help-circle" d="M512 864c-229.6 0-416-186.4-416-416s186.4-416 416-416 416 186.4 416 416-186.4 416-416 416zM554 198h-84v84h84v-84zM553.6 324h-83.2c0 134 124.8 124.4 124.8 207.6 0 45.8-37.4 83.4-83.2 83.4s-83.2-39-83.2-83h-83.2c0 92 74.4 166 166.4 166s166.4-74.2 166.4-166.2c0-104-124.8-115.8-124.8-207.8z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="md-help" d="M578 64h-132v130h132v-130zM576 260h-128c0 202 192 190.2 192 318 0 70.4-57.6 126.8-128 126.8s-128-60.8-128-128.8h-128c0 142 114.6 256 256 256s256-112.8 256-254c0-159.8-192-178-192-318z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="md-person-add" d="M608 448c105.61 0 192 86.402 192 192s-86.39 192-192 192-192-86.402-192-192 86.39-192 192-192zM608 352c-127.196 0-384-64.804-384-192v-96h768v96c0 127.196-256.804 192-384 192zM224 512v128h-64v-128h-128v-64h128v-128h64v128h128v64h-128z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: <glyph unicode="" glyph-name="md-stopwatch" d="M464 346.666h96v261.334h-96v-261.334zM815.34 619.458l61.572 61.572-67.884 67.882-61.57-61.572c-65.024 50.546-146.72 80.66-235.458 80.66-212.078 0-384-171.922-384-384s171.922-384 384-384 384 171.922 384 384c0 88.738-30.114 170.434-80.66 235.458zM724.132 171.868c-56.664-56.664-132-87.868-212.132-87.868s-155.47 31.204-212.132 87.868c-56.664 56.662-87.868 132-87.868 212.132s31.204 155.47 87.868 212.132c56.662 56.664 132 87.868 212.132 87.868s155.468-31.204 212.132-87.868c56.664-56.662 87.868-132 87.868-212.132s-31.204-155.47-87.868-212.132zM384 896h256v-96h-256v96z" />
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: "),ea={class:"ivu-city-drop-search"},ta={key:1,class:"ivu-city-drop-list"},ia={class:"ivu-city-drop-list-letter"},na={class:"ivu-city-drop-list-main",ref:"list"},oa=["onClick"],sa={key:2,class:"ivu-city-drop-list"},ra={class:"ivu-city-drop-list-letter"},aa={class:"ivu-city-drop-list-main ivu-city-drop-list-main-city",ref:"list"},la=["onClick"];function ca(e,i,n,o,s,r){const a=t.resolveComponent("Icon"),l=t.resolveComponent("Radio"),c=t.resolveComponent("RadioGroup"),d=t.resolveComponent("Option"),h=t.resolveComponent("Select"),u=t.resolveComponent("Tag"),g=t.resolveComponent("DropdownMenu"),p=t.resolveComponent("Dropdown");return t.openBlock(),t.createElementBlock("div",{class:t.normalizeClass(["ivu-city",r.classes]),ref:"city"},[t.createVNode(p,{trigger:"custom",visible:s.visible,transfer:n.transfer,placement:"bottom-start","transfer-class-name":r.transferClasses,onOnVisibleChange:r.handleVisibleChange,onOnClickoutside:r.handleClickOutside},{list:t.withCtx((()=>[t.createVNode(g,{onClick:i[3]\|\|(i[3]=t.withModifiers((()=>{}),["stop"]))},{default:t.withCtx((()=>[t.createElementVNode("div",qr,[n.cities.length?(t.openBlock(),t.createElementBlock("div",Gr,[(t.openBlock(!0),t.createElementBlock(t.Fragment,null,t.renderList(r.relCities,(e=>(t.openBlock(),t.createElementBlock("span",{key:e.n,onClick:t=>r.handleChangeValue(e.c)},t.toDisplayString(e.n),9,Yr)))),128))])):t.createCommentVNode("",!0),t.createElementVNode("div",Qr,[t.createElementVNode("div",Zr,[t.createVNode(c,{modelValue:s.listType,"onUpdate:modelValue":i[1]\|\|(i[1]=e=>s.listType=e),type:"button",size:"small"},{default:t.withCtx((()=>[t.createVNode(l,{label:"province"},{default:t.withCtx((()=>[Jr])),_:1}),t.createVNode(l,{label:"city"},{default:t.withCtx((()=>[Xr])),_:1})])),_:1},8,["modelValue"])]),t.createElementVNode("div",ea,[t.createVNode(h,{modelValue:s.queryCity,"onUpdate:modelValue":i[2]\|\|(i[2]=e=>s.queryCity=e),filterable:"",size:"small",transfer:"",placeholder:n.searchPlaceholder,onOnChange:r.handleSelect},{default:t.withCtx((()=>[(t.openBlock(!0),t.createElementBlock(t.Fragment,null,t.renderList(s.allCities,(e=>(t.openBlock(),t.createBlock(d,{value:e.c,key:e.c},{default:t.withCtx((()=>[t.createTextVNode(t.toDisplayString(e.n),1)])),_:2},1032,["value"])))),128))])),_:1},8,["modelValue","placeholder","onOnChange"])])]),"province"===s.listType?(t.openBlock(),t.createElementBlock("div",ta,[t.createElementVNode("div",ia,[(t.openBlock(!0),t.createElementBlock(t.Fragment,null,t.renderList(s.provinceList,(e=>(t.openBlock(),t.createBlock(u,{onClick:t=>r.handleClickLetter(e.n),type:"border",fade:!1,key:e.n},{default:t.withCtx((()=>[t.createTextVNode(t.toDisplayString(e.n),1)])),_:2},1032,["onClick"])))),128))]),t.createElementVNode("div",na,[t.createElementVNode("dl",null,[(t.openBlock(!0),t.createElementBlock(t.Fragment,null,t.renderList(s.cityListByProvince,(e=>(t.openBlock(),t.createElementBlock(t.Fragment,{key:e.p.n},[t.createElementVNode("dt",{class:t.normalizeClass("ivu-city-"+e.p.l)},
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: /usr/local/go/src/net/addrselect.go
Source: SecuriteInfo.com.Heur.12028.32590.exe	String found in binary or memory: /Users/owen/go/pkg/mod/github.com/magiconair/properties@v1.8.5/load.go

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe "C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: SecuriteInfo.com.Heur.12028.32590.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SecuriteInfo.com.Heur.12028.32590.exe

Static file information: File size 47188480 > 1048576

Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x86b000
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x1c94400
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: Raw size of /19 is bigger than: 0x100000 < 0x136800
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: Raw size of /65 is bigger than: 0x100000 < 0x215200
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: Raw size of /78 is bigger than: 0x100000 < 0x1a8200
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: Raw size of .symtab is bigger than: 0x100000 < 0x137600

Source: SecuriteInfo.com.Heur.12028.32590.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

PE file contains sections with non-standard names

Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: section name: /4
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: section name: /19
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: section name: /32
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: section name: /46
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: section name: /65
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: section name: /78
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: section name: /90
Source: SecuriteInfo.com.Heur.12028.32590.exe	Static PE information: section name: .symtab

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX			Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: SecuriteInfo.com.Heur.12028.32590.exe, 00000000.00000002.3255821521.00000231E9B9C000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Enables debug privileges

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe

Process token adjusted: Debug

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe

Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.12028.32590.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	1419154
Product:	CloudBasic
Start time:	07:21:11
Start date:	03.04.2024
Sample:	SecuriteInfo.com.Heur.12028.32590.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	5756b17b1452dd9bc8b360c71411c0d7
SHA1:	593f9f76be14d6a44d24e10a9f177ce9ee63bfc3
SHA256:	f4bfde9d6ec02c5b940236f1b23b20dd5f1814523a6cbdb7856513f73ae038eb
Filetype:	Win64 Executable (generic) (12005/4) 74.95%

Windows Analysis Report
SecuriteInfo.com.Heur.12028.32590.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report SecuriteInfo.com.Heur.12028.32590.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
SecuriteInfo.com.Heur.12028.32590.exe