Windows Analysis Report
SecuriteInfo.com.FileRepMalware.27857.7397.exe

Overview

General Information

Sample name:	SecuriteInfo.com.FileRepMalware.27857.7397.exe
Analysis ID:	1669047
MD5:	26851594f76e29aff0f4fc00f3849635
SHA1:	8ff94b1a64d4defa1857add81ddfffeab9ec18f4
SHA256:	2676f127b2b71d44f494027fbac4a20bc8be2257fe8a201b28b9780056bde24f
Tags:	exeuser-SecuriteInfoCom
Infos:

Detection

Score:	18
Range:	0 - 100
Confidence:	40%

Signatures

PE file has a writeable .text section

Contains functionality for read data from the clipboard

Contains functionality to shutdown / reboot the system

Detected potential crypto function

Drops PE files

Found dropped PE file which has not been started or loaded

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Stores files to the Windows start menu directory

Uses 32bit PE files

Classification

Signatures

Uses 32bit PE files

Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe

Window detected: < &BackI &AgreeCancelNullsoft Install System v3.10 Nullsoft Install System v3.10License AgreementPlease review the license terms before installing fluent-bit.Press Page Down to see the rest of the agreement. Apache License Version 2.0 January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE REPRODUCTION AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use reproduction and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control are controlled by or are under common control with that entity. For the purposes of this definition "control" means (i) the power direct or indirect to cause the direction or management of such entity whether by contract or otherwise or (ii) ownership of fifty percent (50%) or more of the outstanding shares or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications including but not limited to software source code documentation source and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form including but not limited to compiled object code generated documentation and conversions to other media types. "Work" shall mean the work of authorship whether in Source or Object form made available under the License as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work whether in Source or Object form that is based on (or derived from) the Work and for which the editorial revisions annotations elaborations or other modifications represent as a whole an original work of authorship. For the purposes of this License Derivative Works shall not include works that remain separable from or merely link (or bind by name) to the interfaces of the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition "submitted" means any form of electronic verbal or written communication sent to the Licensor or its r

Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\deps\regex\CMakeFiles\regex.dir\regex.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_http\CMakeFiles\flb-plugin-out_http.dir\flb-plugin-out_http.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\cfl\src\CMakeFiles\cfl-static.dir\cfl-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_kafka\CMakeFiles\flb-plugin-out_kafka.dir\flb-plugin-out_kafka.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_opensearch\CMakeFiles\flb-plugin-out_opensearch.dir\flb-plugin-out_opensearch.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_prometheus_remote_write\CMakeFiles\flb-plugin-in_prometheus_remote_write.dir\flb-plugin-in_prometheus_remote_write.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;3D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_azure_blob\CMakeFiles\flb-plugin-out_azure_blob.dir\flb-plugin-out_azure_blob.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\src\aws\CMakeFiles\flb-aws.dir\flb-aws.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\deps\flb_libco\CMakeFiles\co.dir\co.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;4D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D;5D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_calyptia_fleet\CMakeFiles\flb-plugin-in_calyptia_fleet.dir\flb-plugin-in_calyptia_fleet.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_loki\CMakeFiles\flb-plugin-out_loki.dir\flb-plugin-out_loki.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;0D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\src\proxy\go\CMakeFiles\flb-plugin-proxy-go.dir\flb-plugin-proxy-go.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_azure_logs_ingestion\CMakeFiles\flb-plugin-out_azure_logs_ingestion.dir\flb-plugin-out_azure_logs_ingestion.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_random\CMakeFiles\flb-plugin-in_random.dir\flb-plugin-in_random.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;6D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_syslog\CMakeFiles\flb-plugin-in_syslog.dir\flb-plugin-in_syslog.pdbV source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_grep\CMakeFiles\flb-plugin-filter_grep.dir\flb-plugin-filter_grep.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.43.34808\\bin\\Hostx64\\x86\\cl.exe /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy -nologo -DWIN32 -D_WINDOWS -utf-8 -MP -MT -O2 -Oi -Gy -DNDEBUG -Z7 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.000000000270A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000028D2000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr
Source:	Binary string: D;/D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\src\CMakeFiles\fluent-bit-static.dir\fluent-bit-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_prometheus_exporter\CMakeFiles\flb-plugin-out_prometheus_exporter.dir\flb-plugin-out_prometheus_exporter.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_type_converter\CMakeFiles\flb-plugin-filter_type_converter.dir\flb-plugin-filter_type_converter.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\bin\fluent-bit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\bin\luajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1356673064.00000000026F7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\msgpack-c\CMakeFiles\msgpack-c-static.dir\msgpack-c-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\snappy-fef67ac\CMakeFiles\snappy-c.dir\snappy-c.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_udp\CMakeFiles\flb-plugin-out_udp.dir\flb-plugin-out_udp.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;1D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_counter\CMakeFiles\flb-plugin-out_counter.dir\flb-plugin-out_counter.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_cloudwatch_logs\CMakeFiles\flb-plugin-out_cloudwatch_logs.dir\flb-plugin-out_cloudwatch_logs.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_lib\CMakeFiles\flb-plugin-out_lib.dir\flb-plugin-out_lib.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_opentelemetry\CMakeFiles\flb-plugin-in_opentelemetry.dir\flb-plugin-in_opentelemetry.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\src\record_accessor\CMakeFiles\flb-ra-parser.dir\flb-ra-parser.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\src\stream_processor\CMakeFiles\flb-sp.dir\flb-sp.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_kinesis_streams\CMakeFiles\flb-plugin-out_kinesis_streams.dir\flb-plugin-out_kinesis_streams.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_winstat\CMakeFiles\flb-plugin-in_winstat.dir\flb-plugin-in_winstat.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_metrics_selector\CMakeFiles\flb-plugin-processor_metrics_selector.dir\flb-plugin-processor_metrics_selector.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;2D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_influxdb\CMakeFiles\flb-plugin-out_influxdb.dir\flb-plugin-out_influxdb.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_skywalking\CMakeFiles\flb-plugin-out_skywalking.dir\flb-plugin-out_skywalking.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_flowcounter\CMakeFiles\flb-plugin-out_flowcounter.dir\flb-plugin-out_flowcounter.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\nghttp2\lib\CMakeFiles\nghttp2_static.dir\nghttp2_static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;<D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_dummy\CMakeFiles\flb-plugin-in_dummy.dir\flb-plugin-in_dummy.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_slack\CMakeFiles\flb-plugin-out_slack.dir\flb-plugin-out_slack.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;;D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_tcp\CMakeFiles\flb-plugin-in_tcp.dir\flb-plugin-in_tcp.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_websocket\CMakeFiles\flb-plugin-out_websocket.dir\flb-plugin-out_websocket.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\mk_core\CMakeFiles\mk_core.dir\mk_core.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_azure_kusto\CMakeFiles\flb-plugin-out_azure_kusto.dir\flb-plugin-out_azure_kusto.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\librdkafka-2.4.0\src\CMakeFiles\rdkafka.dir\rdkafka.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_fluentbit_metrics\CMakeFiles\flb-plugin-in_fluentbit_metrics.dir\flb-plugin-in_fluentbit_metrics.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_logdna\CMakeFiles\flb-plugin-out_logdna.dir\flb-plugin-out_logdna.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_stdout\CMakeFiles\flb-plugin-filter_stdout.dir\flb-plugin-filter_stdout.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_record_modifier\CMakeFiles\flb-plugin-filter_record_modifier.dir\flb-plugin-filter_record_modifier.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;>D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\sqlite-amalgamation-3450200\CMakeFiles\sqlite3.dir\sqlite3.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: octasn1_int_octasn1_oct_intASN1_TYPE_get_octetstringcrypto\asn1\evp_asn1.cASN1_TYPE_get_int_octetstringossl_asn1_type_get_octetstring_intgeterrcrypto\evp\evp_utils.cseterrcrypto\objects\o_names.cOBJ_NAME_new_indexcompiler: C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.43.34808\\bin\\Hostx64\\x86\\cl.exe /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy -nologo -DWIN32 -D_WINDOWS -utf-8 -MP -MT -O2 -Oi -Gy -DNDEBUG -Z7 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificBIO_get_new_indexcrypto\bio\bio_meth.cBIO_get_host_ipcrypto\bio\bio_sock.chost=BIO_get_portBIO_sock_initcalling wsastartup()BIO_socket_ioctlcalling ioctlsocket()BIO_acceptcalling accept()BIO_sock_infocalling getsockname() source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_tcp\CMakeFiles\flb-plugin-out_tcp.dir\flb-plugin-out_tcp.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_ecs\CMakeFiles\flb-plugin-filter_ecs.dir\flb-plugin-filter_ecs.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;=D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_es\CMakeFiles\flb-plugin-out_es.dir\flb-plugin-out_es.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\ctraces\src\CMakeFiles\ctraces-static.dir\ctraces-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_stackdriver\CMakeFiles\flb-plugin-out_stackdriver.dir\flb-plugin-out_stackdriver.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;7D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_elasticsearch\CMakeFiles\flb-plugin-in_elasticsearch.dir\flb-plugin-in_elasticsearch.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_nginx_exporter_metrics\CMakeFiles\flb-plugin-in_nginx_exporter_metrics.dir\flb-plugin-in_nginx_exporter_metrics.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\cprofiles\src\CMakeFiles\cprofiles-static.dir\cprofiles-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\chunkio\deps\crc32\CMakeFiles\cio-crc32.dir\cio-crc32.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\library\cares.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_geoip2\libmaxminddb\CMakeFiles\maxminddb.dir\maxminddb.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\src\http_server\api\v1\CMakeFiles\api-v1.dir\api-v1.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_exec\CMakeFiles\flb-plugin-in_exec.dir\flb-plugin-in_exec.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;8D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_splunk\CMakeFiles\flb-plugin-out_splunk.dir\flb-plugin-out_splunk.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_udp\CMakeFiles\flb-plugin-in_udp.dir\flb-plugin-in_udp.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_content_modifier\CMakeFiles\flb-plugin-processor_content_modifier.dir\flb-plugin-processor_content_modifier.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_emitter\CMakeFiles\flb-plugin-in_emitter.dir\flb-plugin-in_emitter.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_syslog\CMakeFiles\flb-plugin-out_syslog.dir\flb-plugin-out_syslog.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;:D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_forward\CMakeFiles\flb-plugin-out_forward.dir\flb-plugin-out_forward.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_kubernetes\CMakeFiles\flb-plugin-filter_kubernetes.dir\flb-plugin-filter_kubernetes.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_prometheus_remote_write\CMakeFiles\flb-plugin-out_prometheus_remote_write.dir\flb-plugin-out_prometheus_remote_write.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_modify\CMakeFiles\flb-plugin-filter_modify.dir\flb-plugin-filter_modify.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\onigmo\CMakeFiles\onigmo-static.dir\onigmo-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\src\CMakeFiles\fluent-bit-bin.dir\vc140.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_file\CMakeFiles\flb-plugin-out_file.dir\flb-plugin-out_file.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;9D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_throttle_size\CMakeFiles\flb-plugin-filter_throttle_size.dir\flb-plugin-filter_throttle_size.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Extract: fluent-bit.pdb... 100% source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1423671500.00000000005B4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1488488956.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000002.1488963881.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1488354555.00000000005B4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_nrlogs\CMakeFiles\flb-plugin-out_nrlogs.dir\flb-plugin-out_nrlogs.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_sql\CMakeFiles\flb-plugin-processor_sql.dir\flb-plugin-processor_sql.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_statsd\CMakeFiles\flb-plugin-in_statsd.dir\flb-plugin-in_statsd.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_labels\CMakeFiles\flb-plugin-processor_labels.dir\flb-plugin-processor_labels.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_splunk\CMakeFiles\flb-plugin-in_splunk.dir\flb-plugin-in_splunk.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_nightfall\CMakeFiles\flb-plugin-filter_nightfall.dir\flb-plugin-filter_nightfall.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\fluent-otel-proto\src\CMakeFiles\fluent-otel-proto.dir\fluent-otel-proto.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;ED:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\zstd-1.5.7\build\cmake\lib\CMakeFiles\libzstd_static.dir\libzstd_static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_sampling\CMakeFiles\flb-plugin-processor_sampling.dir\flb-plugin-processor_sampling.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_lib\CMakeFiles\flb-plugin-in_lib.dir\flb-plugin-in_lib.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_geoip2\CMakeFiles\flb-plugin-filter_geoip2.dir\flb-plugin-filter_geoip2.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;!D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_log_to_metrics\CMakeFiles\flb-plugin-filter_log_to_metrics.dir\flb-plugin-filter_log_to_metrics.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_winevtlog\CMakeFiles\flb-plugin-in_winevtlog.dir\flb-plugin-in_winevtlog.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\jsmn\CMakeFiles\jsmn.dir\jsmn.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\plugins\liana\CMakeFiles\monkey-liana-static.dir\monkey-liana-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;CD:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_datadog\CMakeFiles\flb-plugin-out_datadog.dir\flb-plugin-out_datadog.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;DD:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_windows_exporter_metrics\CMakeFiles\flb-plugin-in_windows_exporter_metrics.dir\flb-plugin-in_windows_exporter_metrics.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_forward\CMakeFiles\flb-plugin-in_forward.dir\flb-plugin-in_forward.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D; D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_chronicle\CMakeFiles\flb-plugin-out_chronicle.dir\flb-plugin-out_chronicle.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_opentelemetry_envelope\CMakeFiles\flb-plugin-processor_opentelemetry_envelope.dir\flb-plugin-processor_opentelemetry_envelope.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\src\http_server\CMakeFiles\flb-http-server.dir\flb-http-server.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_sql\parser\CMakeFiles\processor-sql-parser.dir\processor-sql-parser.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;AD:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_aws\CMakeFiles\flb-plugin-filter_aws.dir\flb-plugin-filter_aws.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\cmetrics\src\CMakeFiles\cmetrics-static.dir\cmetrics-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;$D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D;@D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D;BD:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: C:\vcpkg\buildtrees\openssl\x86-windows-static-rel\ossl_static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;?D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D;%D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_calyptia\CMakeFiles\flb-plugin-out_calyptia.dir\flb-plugin-out_calyptia.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\src\http_server\api\v2\CMakeFiles\api-v2.dir\api-v2.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_kinesis_firehose\CMakeFiles\flb-plugin-out_kinesis_firehose.dir\flb-plugin-out_kinesis_firehose.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;"D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_parser\CMakeFiles\flb-plugin-filter_parser.dir\flb-plugin-filter_parser.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_throttle\CMakeFiles\flb-plugin-filter_throttle.dir\flb-plugin-filter_throttle.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_oracle_log_analytics\CMakeFiles\flb-plugin-out_oracle_log_analytics.dir\flb-plugin-out_oracle_log_analytics.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_s3\CMakeFiles\flb-plugin-out_s3.dir\flb-plugin-out_s3.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;#D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_prometheus_scrape\CMakeFiles\flb-plugin-in_prometheus_scrape.dir\flb-plugin-in_prometheus_scrape.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_vivo_exporter\CMakeFiles\flb-plugin-out_vivo_exporter.dir\flb-plugin-out_vivo_exporter.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_syslog\CMakeFiles\flb-plugin-in_syslog.dir\flb-plugin-in_syslog.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\mpack-amalgamation-1.1.1\CMakeFiles\mpack-static.dir\mpack-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_lua\CMakeFiles\flb-plugin-filter_lua.dir\flb-plugin-filter_lua.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\mk_core\deps\libevent\CMakeFiles\event.dir\event.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\deps\rbtree\CMakeFiles\rbtree.dir\rbtree.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;*D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\mk_server\CMakeFiles\monkey-core-static.dir\monkey-core-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_rewrite_tag\CMakeFiles\flb-plugin-filter_rewrite_tag.dir\flb-plugin-filter_rewrite_tag.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_azure\CMakeFiles\flb-plugin-out_azure.dir\flb-plugin-out_azure.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_gelf\CMakeFiles\flb-plugin-out_gelf.dir\flb-plugin-out_gelf.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;)D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_winlog\CMakeFiles\flb-plugin-in_winlog.dir\flb-plugin-in_winlog.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_opentelemetry\CMakeFiles\flb-plugin-out_opentelemetry.dir\flb-plugin-out_opentelemetry.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;'D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: C:\vcpkg\buildtrees\libyaml\x86-windows-static-rel\CMakeFiles\yaml.dir\yaml.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;&D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_http\CMakeFiles\flb-plugin-in_http.dir\flb-plugin-in_http.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;(D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: ?crypto\stack\stack.csk_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.43.34808\\bin\\Hostx64\\x86\\cl.exe /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy -nologo -DWIN32 -D_WINDOWS -utf-8 -MP -MT -O2 -Oi -Gy -DNDEBUG -Z7 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.4.1 11 Feb 20253.4.1built on: Tue Apr 1 10:33:11 2025 UTCplatform: VC-WIN32OPENSSLDIR: "C:\vcpkg\packages\openssl_x86-windows-static"ENGINESDIR: "C:\vcpkg\packages\openssl_x86-windows-static\lib\engines-3"MODULESDIR: "C:\vcpkg\packages\openssl_x86-windows-static\bin"CPUINFO: N/AOSSL_WINCTX: Undefinednot available source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\chunkio\src\CMakeFiles\chunkio-static.dir\chunkio-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_kubernetes_events\CMakeFiles\flb-plugin-in_kubernetes_events.dir\flb-plugin-in_kubernetes_events.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_kafka\CMakeFiles\flb-plugin-in_kafka.dir\flb-plugin-in_kafka.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: jjjjjjjjjjjjjjjjcompiler: C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.43.34808\\bin\\Hostx64\\x86\\cl.exe /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy -nologo -DWIN32 -D_WINDOWS -utf-8 -MP -MT -O2 -Oi -Gy -DNDEBUG -Z7 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.000000000270A000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr
Source:	Binary string: D;.D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_stdout\CMakeFiles\flb-plugin-out_stdout.dir\flb-plugin-out_stdout.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_checklist\CMakeFiles\flb-plugin-filter_checklist.dir\flb-plugin-filter_checklist.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_alter_size\CMakeFiles\flb-plugin-filter_alter_size.dir\flb-plugin-filter_alter_size.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;-D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_expect\CMakeFiles\flb-plugin-filter_expect.dir\flb-plugin-filter_expect.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \binfluent-bit.dllfluent-bit.exefluent-bit.pdbluajit.exe source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1153328745.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1488390705.000000000052D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000002.1488863933.0000000000530000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\lib\miniz\CMakeFiles\miniz.dir\miniz.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_blob\CMakeFiles\flb-plugin-in_blob.dir\flb-plugin-in_blob.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: BN_nnmodcrypto\bn\bn_mod.cBN_mod_sub_quickBN_mod_lshift_quickossl_method_construct_preconditioncrypto\core_fetch.cossl_method_construct_postconditioncompiler: C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.43.34808\\bin\\Hostx64\\x86\\cl.exe /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy -nologo -DWIN32 -D_WINDOWS -utf-8 -MP -MT -O2 -Oi -Gy -DNDEBUG -Z7 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificPBMAC1_get1_pbkdf2_paramcrypto\pkcs12\p12_mutl.cPBMAC1_PBKDF2_HMACpkcs12_gen_macLEGACY_GOST_PKCS12PKCS12_verify_maccrypto\pkcs12\p12_add.cPKCS12_unpack_p7dataPKCS12_unpack_p7encdataPKCS12_unpack_authsafesC:\vcpkg\packages\openssl_x86-windows-staticC:\vcpkg\packages\openssl_x86-windows-static\lib\engines-3C:\vcpkg\packages\openssl_x86-windows-static\binUndefined source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.000000000270A000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_stream_processor\CMakeFiles\flb-plugin-in_stream_processor.dir\flb-plugin-in_stream_processor.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\src\stream_processor\parser\CMakeFiles\flb-sp-parser.dir\flb-sp-parser.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_multiline\CMakeFiles\flb-plugin-filter_multiline.dir\flb-plugin-filter_multiline.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: accept erroraddrinfo addr is not af inetambiguous host or servicebad fopen modebroken pipeconnect errorconnect timeoutgethostbyname addr is not af inetgetsockname errorgetsockname truncated addressgetting socktypeinvalid socketin uselisten v6 onlylookup returned nothingmalformed host or servicenbio connect errorno accept addr or service specifiedno hostname or service specifiedno port definedno such fileport mismatchtfo disabledtfo no kernel supporttransfer errortransfer timeoutunable to bind socketunable to create socketunable to keepaliveunable to listen socketunable to nodelayunable to reuseaddrunable to tfounavailable ip familyunknown info typeunsupported ip familyunsupported methodunsupported protocol familywrite to read only BIOWSAStartuplocal address not availablepeer address not availablenon-fatal or transient errorcrypto\thread\arch.ccrypto\encode_decode\decoder_meth.cossl_decoder_from_algorithminner_ossl_decoder_fetch<null>%s, Name (%s : %d), Properties (%s)OSSL_DECODER_get0_providerOSSL_DECODER_get0_propertiesossl_decoder_parsed_propertiesossl_decoder_get_numberOSSL_DECODER_CTX_set_paramsOSSL_DECODER_from_biocrypto\encode_decode\decoder_lib.cNo decoders were found. For standard decoders you need at least one of the default or base providers available. Did you forget to load them?Input type: Input structure: No supported data to decode. %s%s%s%s%s%sOSSL_DECODER_from_dataOSSL_DECODER_CTX_set_selectionOSSL_DECODER_CTX_set_input_typeOSSL_DECODER_CTX_set_input_structureossl_decoder_instance_newthere are no property definitions with decoder %sthe mandatory 'input' property is missing for decoder %s (properties: %s)structureossl_decoder_instance_dupossl_decoder_ctx_add_decoder_instOSSL_DECODER_CTX_add_extraOSSL_DECODER_CTX_set_constructOSSL_DECODER_CTX_set_construct_dataOSSL_DECODER_CTX_set_cleanupdata-typedata-structuredecoder_processcrypto\encode_decode\decoder_pkey.creference1.2.840.10045.2.1ossl_decoder_ctx_setup_for_pkeyossl_decoder_ctx_for_pkey_dupossl_decoder_cache_flushOSSL_DECODER_CTX_new_for_pkeyssl\record\methods\tls_pad.cSHA2-224SHA2-384SHA2-512jjjjjjjjjjjjjjjjcompiler: C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.43.34808\\bin\\Hostx64\\x86\\cl.exe /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy -nologo -DWIN32 -D_WINDOWS -utf-8 -MP -MT -O2 -Oi -Gy -DNDEBUG -Z7 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.4.1 11 Feb 20253.4.1built on: Tue Apr 1 10:33:11 2025 UTCplatform: VC-WIN32OPENSSLDIR: "C:\vcpkg\packages\openssl_x86-windows-static"ENGINESDIR: "C:\vcpkg\packages\openssl_x86-windows-static\lib\engines-3"MODULESDIR: "C:\vcpkg\packages\openssl_x86-windows-static\bin"CPUINFO: N/AOSSL_WINCTX: Undefinednot availableOPENSSL_WIN32_UTF8crypto\getenv.c@@@@@@@@@hHHHH@@@@@@@@@@@@@@@@@@( source: SecuriteInfo.com.FileRepMalware.27857.7397.exe
Source:	Binary string: D;,D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_tail\CMakeFiles\flb-plugin-in_tail.dir\flb-plugin-in_tail.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_storage_backlog\CMakeFiles\flb-plugin-in_storage_backlog.dir\flb-plugin-in_storage_backlog.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_null\CMakeFiles\flb-plugin-out_null.dir\flb-plugin-out_null.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_event_type\CMakeFiles\flb-plugin-in_event_type.dir\flb-plugin-in_event_type.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_sysinfo\CMakeFiles\flb-plugin-filter_sysinfo.dir\flb-plugin-filter_sysinfo.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_nest\CMakeFiles\flb-plugin-filter_nest.dir\flb-plugin-filter_nest.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D;+D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source:	Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\custom_calyptia\CMakeFiles\flb-plugin-custom_calyptia.dir\flb-plugin-custom_calyptia.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Code function: 0_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405C4D
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Code function: 0_2_0040689E FindFirstFileW,FindClose,	0_2_0040689E
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Code function: 0_2_00402930 FindFirstFileW,	0_2_00402930

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Source: fluent-bit.dll.0.dr	String found in binary or memory: http://169.254.169.254/metadata/identity/oauth2/token?api-version=2021-02-01%s%s&resource=https://ap
Source: mk_macros.h.0.dr	String found in binary or memory: http://lwn.net/Articles/13183/
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: http://metadata.google.internal
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: http://metadata.google.internalmetadata_server
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, Uninstall.exe.0.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1357751086.00000000050EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://rubular.com/r/tjUt3Awgg4
Source: fluent-bit.dll.0.dr	String found in binary or memory: http://s3.amazonaws.com/doc/2006-03-01/
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1153328745.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1488390705.000000000052D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000002.1488863933.0000000000530000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1362455158.00000000026F0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1372599096.00000000026F3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1370081849.00000000026F3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1366548036.00000000026FB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1388283264.00000000026F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1390979426.00000000026F6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1363433121.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1404781270.00000000026F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1382885499.00000000026FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1360312390.00000000026FE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1402766626.00000000026F3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1409641374.00000000026F3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1412099688.00000000050EF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1411176205.00000000026F3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1407319922.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1381760434.00000000026F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1374552144.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1397917548.00000000026F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1373577628.00000000026FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1410231041.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1399298228.00000000026F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://api.nightfall.ai/
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://api.nightfall.ai/connection
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://asia-southeast1-malachiteingestion-pa.googleapis.com
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ctraces/scope_span_schema_urla.b.cctracemainFluent
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://ctraces/scope_span_schema_urla.b.cctracemainagentyearopen_sourcetemperaturefirstmy_arrayconn
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1368029912.00000000026FB000.00000004.00000020.00020000.00000000.sdmp, flb_config.h.0.dr	String found in binary or memory: https://curl.se/docs/manual.html)
Source: fluent-bit.dll.0.dr	String found in binary or memory: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.0000000002A02000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.fluentbit.io/manual/0
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1357234354.00000000026F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.fluentbit.io/manual/administration/buffering-and-storage
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://europe-malachiteingestion-pa.googleapis.com
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://europe-west2-malachiteingestion-pa.googleapis.com
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, flb_version.h.0.dr	String found in binary or memory: https://fluentbit.io
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1385745503.00000000026FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://git.musl-libc.org/cgit/musl/tree/src/crypt/crypt_sha512.c?h=v1.1.22
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1361588882.00000000050EF000.00000004.00000020.00020000.00000000.sdmp, flb_aws_credentials.h.0.dr	String found in binary or memory: https://github.com/aws/aws-sdk-go/tree/master/aws/credentials/endpointcreds
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://github.com/confluentinc/librdkafka/wiki/Using-SASL-with-librdkafka
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://github.com/confluentinc/librdkafka/wiki/Using-SSL-with-librdkafka
Source: flb_time.h.0.dr	String found in binary or memory: https://github.com/fluent/fluentd/wiki/Forward-Protocol-Specification-v0#eventtime-ext-format
Source: flb_time.h.0.dr	String found in binary or memory: https://github.com/fluent/fluentd/wiki/Forward-Protocol-Specification-v1#eventtime-ext-format
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://help.kusto.windows.net/.default
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://help.kusto.windows.net/.defaultbefore
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://ingest-mycluster.eastus.kusto.windows.net)
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://ingest-mycluster.eastus.kusto.windows.net)database_nameSet
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://kubernetes.default.svc
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://kubernetes.default.svcKubernetes
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://la-endpoint-q12a.eastus-1.ingest.monitor.azure.com)
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://la-endpoint-q12a.eastus-1.ingest.monitor.azure.com)dcr_idData
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://log-api.newrelic.com/log/v1
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://log-api.newrelic.com/log/v1New
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://logging.googleapis.com
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://logging.googleapis.com/v2/entries:write
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://logging.googleapis.com/v2/entries:writemissing
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://logging.googleapis.comstackdriverSend
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://login.microsoftonline.com/%s/oauth2/v2.0/token
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://login.microsoftonline.com/%s/oauth2/v2.0/token%s/dataCollectionRules/%s/streams/Custom-%s?ap
Source: luajit.h.0.dr	String found in binary or memory: https://luajit.org/
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://malachiteingestion-pa.googleapis.com
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://malachiteingestion-pa.googleapis.comEUhttps://europe-malachiteingestion-pa.googleapis.comUKh
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://monitor.azure.com/.default
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://monitor.azure.com/.defaulterror
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://oauth2.googleapis.com/token
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://oauth2.googleapis.com/tokenhttps://www.googleapis.com/auth/logging.write
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1357751086.00000000050EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://rubular.com/r/0VZmcYcLWMGAp1
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1357751086.00000000050EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://rubular.com/r/17KGEdDClwiuDG
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1357751086.00000000050EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://rubular.com/r/B0ID69H9FvN0tp
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1357751086.00000000050EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://rubular.com/r/IhIbCAIs7ImOkc
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1357751086.00000000050EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://rubular.com/r/Q8YY6fHqlqwGI0
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-A.5)
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	String found in binary or memory: https://www.googleapis.com/auth/logging.write
Source: fluent-bit.dll.0.dr	String found in binary or memory: https://www.googleapis.com/auth/malachite-ingestion
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1408641898.00000000026F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.lua.org/manual/5.1/manual.html#2.8
Source: luajit.h.0.dr	String found in binary or memory: https://www.opensource.org/licenses/mit-license.php

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe

Code function: 0_2_00405705 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_00405705

System Summary

PE file has a writeable .text section

Source: fluent-bit.dll.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: fluent-bit.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe

Code function: 0_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_0040351C

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe

Code function: 0_2_00406C5F

0_2_00406C5F

Uses 32bit PE files

Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: fluent-bit.dll.0.dr

Binary string: \Device\Afdntdll.dllNtCreateFileNtDeviceIoControlFileNtCancelIoFileEx** afd_enqueue ed=%p FAILED

Source: classification engine

Classification label: clean18.winEXE@1/212@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe

0_2_0040351C

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe

Code function: 0_2_004049B1 GetDlgItem,SetWindowTextW,SHAutoComplete,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceExW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_004049B1

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe

Code function: 0_2_004021CF CoCreateInstance,

0_2_004021CF

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe

File created: C:\Program Files (x86)\fluent-bit

Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: SELECT pattern FROM list WHERE @val LIKE (pattern \|\| '%');
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: UPDATE out_azure_blob_files SET last_delivery_attempt=0 WHERE id=@id;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: UPDATE out_azure_blob_parts SET in_progress=@status WHERE id=@id;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: UPDATE out_azure_blob_parts SET delivery_attempts=0, uploaded=0, in_progress=0 WHERE file_id=@id;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: UPDATE out_azure_blob_parts SET uploaded=1, in_progress=0 WHERE id=@id;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: SELECT * from in_tail_files WHERE inode=@inode order by id desc;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: INSERT INTO out_azure_blob_parts (file_id, part_id, offset_start, offset_end) VALUES (@file_id, @part_id, @offset_start, @offset_end);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: INSERT INTO list (pattern) VALUES (@val);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: SELECT name, record_number, time_written, created FROM in_winlog_channels WHERE name = '%s';
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: INSERT INTO in_kubernetes_events (uid, resourceVersion, created) VALUES (@uid, @resourceVersion, @created);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: UPDATE in_tail_files set offset=@offset WHERE id=@id;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: SELECT COUNT(id) FROM in_kubernetes_events WHERE uid=@uid;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: SELECT id, azbf.delivery_attempts, source, path FROM out_azure_blob_files azbf WHERE aborted = 1 AND (SELECT COUNT(*) FROM out_azure_blob_parts azbp WHERE azbp.file_id = azbf.id AND in_progress = 1) = 0 ORDER BY id DESC LIMIT 1;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS out_azure_blob_parts ( id INTEGER PRIMARY KEY, file_id INTEGER NOT NULL, part_id INTEGER NOT NULL, uploaded INTEGER DEFAULT 0, in_progress INTEGER DEFAULT 0, offset_start INTEGER, offset_end INTEGER, delivery_attempts INTEGER DEFAULT 0, FOREIGN KEY (file_id) REFERENCES out_azure_blob_files(id) ON DELETE CASCADE);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS in_blob_files ( id INTEGER PRIMARY KEY, path TEXT NOT NULL, size INTEGER, created INTEGER);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: UPDATE in_tail_files set name=@name,rotated=1 WHERE id=@id;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: UPDATE out_azure_blob_files SET destination=@destination WHERE id=@id;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS in_winlog_channels ( name TEXT PRIMARY KEY, record_number INTEGER, time_written INTEGER, created INTEGER);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS out_azure_blob_files ( id INTEGER PRIMARY KEY, source TEXT NOT NULL, destination TEXT NOT NULL, path TEXT NOT NULL, size INTEGER, created INTEGER, delivery_attempts INTEGER DEFAULT 0, aborted INTEGER DEFAULT 0, last_delivery_attempt INTEGER DEFAULT 0);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: SELECT * from in_blob_files WHERE path=@path order by id desc;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: SELECT f.id, f.path, GROUP_CONCAT(p.part_id ORDER BY p.part_id ASC) AS part_ids, f.source FROM out_azure_blob_files f JOIN out_azure_blob_parts p ON f.id = p.file_id WHERE p.uploaded = 1 GROUP BY f.id HAVING COUNT(p.id) = (SELECT COUNT(p2.id) FROM out_azure_blob_parts p2 WHERE p2.file_id = f.id) ORDER BY f.created ASC LIMIT 1;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: INSERT INTO in_tail_files (name, offset, inode, created) VALUES (@name, @offset, @inode, @created);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS in_winevtlog_channels ( name TEXT PRIMARY KEY, bookmark_xml TEXT, time_updated INTEGER, created INTEGER);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: UPDATE out_azure_blob_files SET aborted=@state WHERE id=@id;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: SELECT id, path FROM out_azure_blob_files azbf WHERE aborted = 0 AND last_delivery_attempt > 0 AND last_delivery_attempt < @freshness_threshold ORDER BY id DESC LIMIT 1;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: SELECT * FROM out_azure_blob_files WHERE path=@path ORDER BY id DESC;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: SELECT name, bookmark_xml, time_updated, created FROM in_winevtlog_channels WHERE name = '%s';
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: UPDATE out_azure_blob_files SET delivery_attempts=@delivery_attempts, last_delivery_attempt=UNIXEPOCH() WHERE id=@id;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS list ( pattern text );
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr	Binary or memory string: UPDATE out_azure_blob_parts SET delivery_attempts=@delivery_attempts WHERE file_id=@file_id AND part_id=@part_id;

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Section loaded: netutils.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Automated click: Next >
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Automated click: I Agree
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Automated click: Next >
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Automated click: Install

Source: luajit.exe.0.dr	Static PE information: section name: .fptable
Source: fluent-bit.dll.0.dr	Static PE information: section name: .fptable
Source: fluent-bit.exe.0.dr	Static PE information: section name: .fptable

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	File created: C:\Program Files (x86)\fluent-bit\bin\luajit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	File created: C:\Users\user\AppData\Local\Temp\nswB491.tmp\InstallOptions.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	File created: C:\Program Files (x86)\fluent-bit\Uninstall.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	File created: C:\Users\user\AppData\Local\Temp\nswB491.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	File created: C:\Program Files (x86)\fluent-bit\bin\fluent-bit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	File created: C:\Users\user\AppData\Local\Temp\nswB491.tmp\StartMenu.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	File created: C:\Users\user\AppData\Local\Temp\nswB491.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	File created: C:\Program Files (x86)\fluent-bit\bin\fluent-bit.dll	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fluent-bit			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fluent-bit\Uninstall.lnk			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Dropped PE file which has not been started: C:\Program Files (x86)\fluent-bit\bin\luajit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswB491.tmp\InstallOptions.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Dropped PE file which has not been started: C:\Program Files (x86)\fluent-bit\Uninstall.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswB491.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Dropped PE file which has not been started: C:\Program Files (x86)\fluent-bit\bin\fluent-bit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswB491.tmp\StartMenu.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswB491.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	Dropped PE file which has not been started: C:\Program Files (x86)\fluent-bit\bin\fluent-bit.dll	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	File Volume queried: C:\Program Files (x86) FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe	File Volume queried: C:\Program Files (x86) FullSizeInformation			Jump to behavior

ID:	1669047
Product:	CloudBasic
Start time:	06:29:29
Start date:	19.04.2025
Sample:	SecuriteInfo.com.FileRepMalware.27857.7397.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	26851594f76e29aff0f4fc00f3849635
SHA1:	8ff94b1a64d4defa1857add81ddfffeab9ec18f4
SHA256:	2676f127b2b71d44f494027fbac4a20bc8be2257fe8a201b28b9780056bde24f
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report SecuriteInfo.com.FileRepMalware.27857.7397.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
SecuriteInfo.com.FileRepMalware.27857.7397.exe