IOC Report
disk-io.exe

loading gif

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\disk-io.exe
"C:\Users\user\Desktop\disk-io.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://endoflife.date
unknown
https://endoflife.date/api/mariadb.json
unknown
http://www.crummy.com/software/BeautifulSoup/bs4/doc/
unknown
https://1.2.3.4/api/v2/?resource=cpu
unknown
http://www.megginson.com/SAX/.
unknown
https://github.com/giampaolo/psutil/issues/875.
unknown
https://endoflife.date/api/apache.json
unknown
https://www.postfix.org/announcements/postfix-3.4.9.htmlFu2016-02-24D
unknown
http://xml.org/sax/features/string-interningz&http://xml.org/sax/features/validationz5http://xml.org
unknown
https://bootlin.com/blog/find-root-device/
unknown
https://endoflife.date/api/gitlab.json
unknown
https://downloads.apache.org/httpd/Announcement2.4.html
unknown
https://www.systutorials.com/how-to-find-the-disk-where-root-is-on-in-bash-on-linux/.
unknown
https://endoflife.date/api/fedora.json
unknown
https://endoflife.date/api/python.json
unknown
http://goo.gl/zeJZl.
unknown
https://www.postfix.org/announcements/postfix-3.0.3.htmlFu2012-02-01D
unknown
https://requests.readthedocs.ioa__url__u2.32.3a__version__l
unknown
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
unknown
https://endoflife.date/api/wordpress.json
unknown
https://www.postfix.org/announcements/postfix-3.8.6.htmlFu2022-02-06D
unknown
http://linuxdevcenter.com/pub/a/linux/2000/11/16/LinuxAdmin.html
unknown
https://endoflife.date/api/nextcloud.json
unknown
https://www.ibm.com/
unknown
https://www.postfix.org/announcements/postfix-3.4.9.html
unknown
https://github.com/giampaolo/psutil/pull/1665
unknown
https://rocket.chat/docs/developer-guides/rest-api/miscellaneous/statistics/
unknown
https://api.infomaniak.comT
unknown
https://tools.ietf.org/html/rfc1035
unknown
https://peps.python.org/pep-0205/
unknown
http://curl.haxx.se/rfc/cookie_spec.html
unknown
http://speleotrove.com/decimal/decarith.html
unknown
https://kite.com/python/docs/django.template.defaultfilters.pluralize
unknown
https://developer.infomaniak.com/docs/api/get/2/events
unknown
https://github.com/mpounsett/nagiosplugin/blob/master/nagiosplugin/range.py
unknown
https://httpbin.org/get
unknown
https://www.python.org/dev/peps/pep-0249/#commit
unknown
http://docs.python.org/3/library/functools.html#functools.lru_cache.
unknown
https://docs.python.org/2/library/codecs.html#codec-base-classes
unknown
https://endoflife.date/api/rhel.json
unknown
https://github.com/surfer190/veeam/blob/master/veeam/client.py.a__doc__a__file__a__spec__aoriginahas
unknown
https://github.com/giampaolo/psutil/issues/906.
unknown
https://github.com/python/cpython/issues/86361.
unknown
https://www.python.org/dev/peps/pep-0249/#rollback
unknown
http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
unknown
https://www.postfix.org/announcements/postfix-3.3.3.html
unknown
http://www.cl.cam.ac.uk/~mgk25/iso-time.html
unknown
https://www.postfix.org/announcements/postfix-3.0.3.html
unknown
https://blog.famzah.net/2014/09/24/.
unknown
https://endoflife.date/api/postfix.json
unknown
https://api.infomaniak.com
unknown
http://www.crummy.com/software/BeautifulSoup/
unknown
https://www.python.org/dev/peps/pep-0249/#Connection.close
unknown
http://wwwsearch.sf.net/):
unknown
https://gitlab.com/procps-ng/procps/blob/
unknown
https://endoflife.date/api/postgresql.json
unknown
https://dev.w3.org/html5/spec-LC/text-level-semantics.html#the-rp-element
unknown
https://www.postfix.org/announcements/postfix-3.1.1.html
unknown
https://www.postfix.org/announcements/postfix-3.8.6.htmlFu2023-04-17D
unknown
https://download.qnap.com/dev/API_QNAP_QTS_Authentication.pdf
unknown
https://endoflife.date/api/mysql.json
unknown
https://www.postfix.org/announcements/postfix-3.9.0.htmlFu2024-03-06D
unknown
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/
unknown
https://packaging.python.org/specifications/entry-points/
unknown
https://www.postfix.org/announcements/postfix-3.6.5.htmlFu2018-02-22D
unknown
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
unknown
https://www.python.org/dev/peps/pep-0249/#connection-objects
unknown
https://www.postfix.org/announcements/postfix-3.8.6.htmlFu2020-03-15D
unknown
https://github.com/pyca/cryptography/issues
unknown
https://www.postfix.org/announcements/postfix-3.2.5.html
unknown
https://www.postfix.org/announcements/postfix-3.6.5.html
unknown
http://xml.org/sax/properties/lexical-handler
unknown
https://mahler:8092/site-updates.py
unknown
https://arstechnica.com/civis/viewtopic.php?f=19&t=465002.
unknown
https://www.postfix.org/announcements/postfix-3.1.1.htmlFu2013-02-11D
unknown
http://.../back.jpeg
unknown
https://www.postfix.org/announcements/postfix-2.9.6.html
unknown
https://ipecho.net/plain
unknown
https://www.python.org/download/releases/2.3/mro/.
unknown
https://www.python.org/dev/peps/pep-0249/#cursor-objects
unknown
https://httpbin.org/post
unknown
https://docs.python.org/3/library/datetime.html#strftime-and-strptime-format-codes
unknown
https://github.com/Ousret/charset_normalizer
unknown
https://www.postfix.org/announcements/postfix-3.5.10.htmlFu2017-02-28D
unknown
https://html.spec.whatwg.org/multipage/parsing.html#determining-the-character-encoding
unknown
https://dev.w3.org/html5/spec-LC/text-level-semantics.html#the-rt-element
unknown
https://developer.infomaniak.com/docs/api/get/1/swiss_backups
unknown
https://www.postfix.org/announcements/postfix-2.11.4.html
unknown
https://endoflife.date/api/keycloak.json
unknown
https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.1.4.1
unknown
http://xml.org/sax/features/external-parameter-entities
unknown
https://github.com/giampaolo/psutil/blob/master/psutil/_common.py
unknown
https://www.postfix.org/announcements/postfix-3.8.6.html
unknown
https://www.postfix.org/announcements/postfix-2.7.8.html
unknown
https://www.calazan.com/python-function-for-displaying-a-list-of-dictionaries-in-table-format/
unknown
http://goo.gl/fmebo.
unknown
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
unknown
http://xml.org/sax/features/namespacesz.http://xml.org/sax/features/namespace-prefixesz
unknown
https://endoflife.date/api/redhat-build-of-openjdk.json
unknown
https://www.postfix.org/announcements/postfix-2.7.8.htmlFu2008-01-24L
unknown
There are 90 hidden URLs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7FF726611000
unkown
page execute read
12E15510000
heap
page read and write
7FF725C11000
unkown
page execute read
7FF7270E5000
unkown
page readonly
7FF726FF4000
unkown
page readonly
7FF727022000
unkown
page readonly
7FF725C10000
unkown
page readonly
12E15700000
heap
page read and write
16D716C000
stack
page read and write
7FF726FF4000
unkown
page readonly
7FF7270DF000
unkown
page write copy
7FF726FEB000
unkown
page write copy
7FF7270E1000
unkown
page write copy
7FF7270DF000
unkown
page read and write
12E15600000
heap
page read and write
12E15608000
heap
page read and write
7FF725C11000
unkown
page execute read
7FF7270E5000
unkown
page readonly
7FF726FEB000
unkown
page write copy
7FF726611000
unkown
page execute read
7FF727022000
unkown
page readonly
7FF725C10000
unkown
page readonly
There are 12 hidden memdumps, click here to show them.