Windows Analysis Report
SecuriteInfo.com.FileRepMalware.27857.7397.exe

Overview

General Information

Sample name: SecuriteInfo.com.FileRepMalware.27857.7397.exe
Analysis ID: 1669047
MD5: 26851594f76e29aff0f4fc00f3849635
SHA1: 8ff94b1a64d4defa1857add81ddfffeab9ec18f4
SHA256: 2676f127b2b71d44f494027fbac4a20bc8be2257fe8a201b28b9780056bde24f
Tags: exeuser-SecuriteInfoCom
Infos:

Detection

Score: 18
Range: 0 - 100
Confidence: 40%

Signatures

PE file has a writeable .text section
Contains functionality for read data from the clipboard
Contains functionality to shutdown / reboot the system
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory
Uses 32bit PE files

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Window detected: < &BackI &AgreeCancelNullsoft Install System v3.10 Nullsoft Install System v3.10License AgreementPlease review the license terms before installing fluent-bit.Press Page Down to see the rest of the agreement. Apache License Version 2.0 January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE REPRODUCTION AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use reproduction and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control are controlled by or are under common control with that entity. For the purposes of this definition "control" means (i) the power direct or indirect to cause the direction or management of such entity whether by contract or otherwise or (ii) ownership of fifty percent (50%) or more of the outstanding shares or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications including but not limited to software source code documentation source and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form including but not limited to compiled object code generated documentation and conversions to other media types. "Work" shall mean the work of authorship whether in Source or Object form made available under the License as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work whether in Source or Object form that is based on (or derived from) the Work and for which the editorial revisions annotations elaborations or other modifications represent as a whole an original work of authorship. For the purposes of this License Derivative Works shall not include works that remain separable from or merely link (or bind by name) to the interfaces of the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition "submitted" means any form of electronic verbal or written communication sent to the Licensor or its r
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\deps\regex\CMakeFiles\regex.dir\regex.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_http\CMakeFiles\flb-plugin-out_http.dir\flb-plugin-out_http.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\cfl\src\CMakeFiles\cfl-static.dir\cfl-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_kafka\CMakeFiles\flb-plugin-out_kafka.dir\flb-plugin-out_kafka.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_opensearch\CMakeFiles\flb-plugin-out_opensearch.dir\flb-plugin-out_opensearch.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_prometheus_remote_write\CMakeFiles\flb-plugin-in_prometheus_remote_write.dir\flb-plugin-in_prometheus_remote_write.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;3D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_azure_blob\CMakeFiles\flb-plugin-out_azure_blob.dir\flb-plugin-out_azure_blob.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\aws\CMakeFiles\flb-aws.dir\flb-aws.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\deps\flb_libco\CMakeFiles\co.dir\co.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;4D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D;5D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_calyptia_fleet\CMakeFiles\flb-plugin-in_calyptia_fleet.dir\flb-plugin-in_calyptia_fleet.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_loki\CMakeFiles\flb-plugin-out_loki.dir\flb-plugin-out_loki.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;0D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\proxy\go\CMakeFiles\flb-plugin-proxy-go.dir\flb-plugin-proxy-go.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_azure_logs_ingestion\CMakeFiles\flb-plugin-out_azure_logs_ingestion.dir\flb-plugin-out_azure_logs_ingestion.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_random\CMakeFiles\flb-plugin-in_random.dir\flb-plugin-in_random.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;6D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_syslog\CMakeFiles\flb-plugin-in_syslog.dir\flb-plugin-in_syslog.pdbV source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_grep\CMakeFiles\flb-plugin-filter_grep.dir\flb-plugin-filter_grep.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.43.34808\\bin\\Hostx64\\x86\\cl.exe /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy -nologo -DWIN32 -D_WINDOWS -utf-8 -MP -MT -O2 -Oi -Gy -DNDEBUG -Z7 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.000000000270A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000028D2000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr
Source: Binary string: D;/D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\CMakeFiles\fluent-bit-static.dir\fluent-bit-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_prometheus_exporter\CMakeFiles\flb-plugin-out_prometheus_exporter.dir\flb-plugin-out_prometheus_exporter.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_type_converter\CMakeFiles\flb-plugin-filter_type_converter.dir\flb-plugin-filter_type_converter.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\bin\fluent-bit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\bin\luajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1356673064.00000000026F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\msgpack-c\CMakeFiles\msgpack-c-static.dir\msgpack-c-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\snappy-fef67ac\CMakeFiles\snappy-c.dir\snappy-c.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_udp\CMakeFiles\flb-plugin-out_udp.dir\flb-plugin-out_udp.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;1D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_counter\CMakeFiles\flb-plugin-out_counter.dir\flb-plugin-out_counter.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_cloudwatch_logs\CMakeFiles\flb-plugin-out_cloudwatch_logs.dir\flb-plugin-out_cloudwatch_logs.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_lib\CMakeFiles\flb-plugin-out_lib.dir\flb-plugin-out_lib.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_opentelemetry\CMakeFiles\flb-plugin-in_opentelemetry.dir\flb-plugin-in_opentelemetry.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\record_accessor\CMakeFiles\flb-ra-parser.dir\flb-ra-parser.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\stream_processor\CMakeFiles\flb-sp.dir\flb-sp.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_kinesis_streams\CMakeFiles\flb-plugin-out_kinesis_streams.dir\flb-plugin-out_kinesis_streams.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_winstat\CMakeFiles\flb-plugin-in_winstat.dir\flb-plugin-in_winstat.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_metrics_selector\CMakeFiles\flb-plugin-processor_metrics_selector.dir\flb-plugin-processor_metrics_selector.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;2D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_influxdb\CMakeFiles\flb-plugin-out_influxdb.dir\flb-plugin-out_influxdb.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_skywalking\CMakeFiles\flb-plugin-out_skywalking.dir\flb-plugin-out_skywalking.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_flowcounter\CMakeFiles\flb-plugin-out_flowcounter.dir\flb-plugin-out_flowcounter.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\nghttp2\lib\CMakeFiles\nghttp2_static.dir\nghttp2_static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;<D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_dummy\CMakeFiles\flb-plugin-in_dummy.dir\flb-plugin-in_dummy.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_slack\CMakeFiles\flb-plugin-out_slack.dir\flb-plugin-out_slack.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;;D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_tcp\CMakeFiles\flb-plugin-in_tcp.dir\flb-plugin-in_tcp.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_websocket\CMakeFiles\flb-plugin-out_websocket.dir\flb-plugin-out_websocket.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\mk_core\CMakeFiles\mk_core.dir\mk_core.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_azure_kusto\CMakeFiles\flb-plugin-out_azure_kusto.dir\flb-plugin-out_azure_kusto.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\librdkafka-2.4.0\src\CMakeFiles\rdkafka.dir\rdkafka.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_fluentbit_metrics\CMakeFiles\flb-plugin-in_fluentbit_metrics.dir\flb-plugin-in_fluentbit_metrics.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_logdna\CMakeFiles\flb-plugin-out_logdna.dir\flb-plugin-out_logdna.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_stdout\CMakeFiles\flb-plugin-filter_stdout.dir\flb-plugin-filter_stdout.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_record_modifier\CMakeFiles\flb-plugin-filter_record_modifier.dir\flb-plugin-filter_record_modifier.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;>D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\sqlite-amalgamation-3450200\CMakeFiles\sqlite3.dir\sqlite3.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: octasn1_int_octasn1_oct_intASN1_TYPE_get_octetstringcrypto\asn1\evp_asn1.cASN1_TYPE_get_int_octetstringossl_asn1_type_get_octetstring_intgeterrcrypto\evp\evp_utils.cseterrcrypto\objects\o_names.cOBJ_NAME_new_indexcompiler: C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.43.34808\\bin\\Hostx64\\x86\\cl.exe /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy -nologo -DWIN32 -D_WINDOWS -utf-8 -MP -MT -O2 -Oi -Gy -DNDEBUG -Z7 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificBIO_get_new_indexcrypto\bio\bio_meth.cBIO_get_host_ipcrypto\bio\bio_sock.chost=BIO_get_portBIO_sock_initcalling wsastartup()BIO_socket_ioctlcalling ioctlsocket()BIO_acceptcalling accept()BIO_sock_infocalling getsockname() source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_tcp\CMakeFiles\flb-plugin-out_tcp.dir\flb-plugin-out_tcp.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_ecs\CMakeFiles\flb-plugin-filter_ecs.dir\flb-plugin-filter_ecs.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;=D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_es\CMakeFiles\flb-plugin-out_es.dir\flb-plugin-out_es.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\ctraces\src\CMakeFiles\ctraces-static.dir\ctraces-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_stackdriver\CMakeFiles\flb-plugin-out_stackdriver.dir\flb-plugin-out_stackdriver.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;7D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_elasticsearch\CMakeFiles\flb-plugin-in_elasticsearch.dir\flb-plugin-in_elasticsearch.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_nginx_exporter_metrics\CMakeFiles\flb-plugin-in_nginx_exporter_metrics.dir\flb-plugin-in_nginx_exporter_metrics.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\cprofiles\src\CMakeFiles\cprofiles-static.dir\cprofiles-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\chunkio\deps\crc32\CMakeFiles\cio-crc32.dir\cio-crc32.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\library\cares.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_geoip2\libmaxminddb\CMakeFiles\maxminddb.dir\maxminddb.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\http_server\api\v1\CMakeFiles\api-v1.dir\api-v1.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_exec\CMakeFiles\flb-plugin-in_exec.dir\flb-plugin-in_exec.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;8D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_splunk\CMakeFiles\flb-plugin-out_splunk.dir\flb-plugin-out_splunk.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_udp\CMakeFiles\flb-plugin-in_udp.dir\flb-plugin-in_udp.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_content_modifier\CMakeFiles\flb-plugin-processor_content_modifier.dir\flb-plugin-processor_content_modifier.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_emitter\CMakeFiles\flb-plugin-in_emitter.dir\flb-plugin-in_emitter.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_syslog\CMakeFiles\flb-plugin-out_syslog.dir\flb-plugin-out_syslog.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;:D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_forward\CMakeFiles\flb-plugin-out_forward.dir\flb-plugin-out_forward.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_kubernetes\CMakeFiles\flb-plugin-filter_kubernetes.dir\flb-plugin-filter_kubernetes.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_prometheus_remote_write\CMakeFiles\flb-plugin-out_prometheus_remote_write.dir\flb-plugin-out_prometheus_remote_write.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_modify\CMakeFiles\flb-plugin-filter_modify.dir\flb-plugin-filter_modify.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\onigmo\CMakeFiles\onigmo-static.dir\onigmo-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\CMakeFiles\fluent-bit-bin.dir\vc140.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_file\CMakeFiles\flb-plugin-out_file.dir\flb-plugin-out_file.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;9D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_throttle_size\CMakeFiles\flb-plugin-filter_throttle_size.dir\flb-plugin-filter_throttle_size.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Extract: fluent-bit.pdb... 100% source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1423671500.00000000005B4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1488488956.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000002.1488963881.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1488354555.00000000005B4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_nrlogs\CMakeFiles\flb-plugin-out_nrlogs.dir\flb-plugin-out_nrlogs.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_sql\CMakeFiles\flb-plugin-processor_sql.dir\flb-plugin-processor_sql.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_statsd\CMakeFiles\flb-plugin-in_statsd.dir\flb-plugin-in_statsd.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_labels\CMakeFiles\flb-plugin-processor_labels.dir\flb-plugin-processor_labels.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_splunk\CMakeFiles\flb-plugin-in_splunk.dir\flb-plugin-in_splunk.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_nightfall\CMakeFiles\flb-plugin-filter_nightfall.dir\flb-plugin-filter_nightfall.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\fluent-otel-proto\src\CMakeFiles\fluent-otel-proto.dir\fluent-otel-proto.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;ED:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\zstd-1.5.7\build\cmake\lib\CMakeFiles\libzstd_static.dir\libzstd_static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_sampling\CMakeFiles\flb-plugin-processor_sampling.dir\flb-plugin-processor_sampling.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_lib\CMakeFiles\flb-plugin-in_lib.dir\flb-plugin-in_lib.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_geoip2\CMakeFiles\flb-plugin-filter_geoip2.dir\flb-plugin-filter_geoip2.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;!D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_log_to_metrics\CMakeFiles\flb-plugin-filter_log_to_metrics.dir\flb-plugin-filter_log_to_metrics.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_winevtlog\CMakeFiles\flb-plugin-in_winevtlog.dir\flb-plugin-in_winevtlog.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\jsmn\CMakeFiles\jsmn.dir\jsmn.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\plugins\liana\CMakeFiles\monkey-liana-static.dir\monkey-liana-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;CD:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_datadog\CMakeFiles\flb-plugin-out_datadog.dir\flb-plugin-out_datadog.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;DD:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_windows_exporter_metrics\CMakeFiles\flb-plugin-in_windows_exporter_metrics.dir\flb-plugin-in_windows_exporter_metrics.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_forward\CMakeFiles\flb-plugin-in_forward.dir\flb-plugin-in_forward.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D; D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_chronicle\CMakeFiles\flb-plugin-out_chronicle.dir\flb-plugin-out_chronicle.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_opentelemetry_envelope\CMakeFiles\flb-plugin-processor_opentelemetry_envelope.dir\flb-plugin-processor_opentelemetry_envelope.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\http_server\CMakeFiles\flb-http-server.dir\flb-http-server.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_sql\parser\CMakeFiles\processor-sql-parser.dir\processor-sql-parser.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;AD:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_aws\CMakeFiles\flb-plugin-filter_aws.dir\flb-plugin-filter_aws.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\cmetrics\src\CMakeFiles\cmetrics-static.dir\cmetrics-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;$D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D;@D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D;BD:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: C:\vcpkg\buildtrees\openssl\x86-windows-static-rel\ossl_static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;?D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D;%D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_calyptia\CMakeFiles\flb-plugin-out_calyptia.dir\flb-plugin-out_calyptia.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\http_server\api\v2\CMakeFiles\api-v2.dir\api-v2.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_kinesis_firehose\CMakeFiles\flb-plugin-out_kinesis_firehose.dir\flb-plugin-out_kinesis_firehose.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;"D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_parser\CMakeFiles\flb-plugin-filter_parser.dir\flb-plugin-filter_parser.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_throttle\CMakeFiles\flb-plugin-filter_throttle.dir\flb-plugin-filter_throttle.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_oracle_log_analytics\CMakeFiles\flb-plugin-out_oracle_log_analytics.dir\flb-plugin-out_oracle_log_analytics.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_s3\CMakeFiles\flb-plugin-out_s3.dir\flb-plugin-out_s3.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;#D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_prometheus_scrape\CMakeFiles\flb-plugin-in_prometheus_scrape.dir\flb-plugin-in_prometheus_scrape.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_vivo_exporter\CMakeFiles\flb-plugin-out_vivo_exporter.dir\flb-plugin-out_vivo_exporter.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_syslog\CMakeFiles\flb-plugin-in_syslog.dir\flb-plugin-in_syslog.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\mpack-amalgamation-1.1.1\CMakeFiles\mpack-static.dir\mpack-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_lua\CMakeFiles\flb-plugin-filter_lua.dir\flb-plugin-filter_lua.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\mk_core\deps\libevent\CMakeFiles\event.dir\event.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\deps\rbtree\CMakeFiles\rbtree.dir\rbtree.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;*D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\mk_server\CMakeFiles\monkey-core-static.dir\monkey-core-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_rewrite_tag\CMakeFiles\flb-plugin-filter_rewrite_tag.dir\flb-plugin-filter_rewrite_tag.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_azure\CMakeFiles\flb-plugin-out_azure.dir\flb-plugin-out_azure.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_gelf\CMakeFiles\flb-plugin-out_gelf.dir\flb-plugin-out_gelf.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;)D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_winlog\CMakeFiles\flb-plugin-in_winlog.dir\flb-plugin-in_winlog.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_opentelemetry\CMakeFiles\flb-plugin-out_opentelemetry.dir\flb-plugin-out_opentelemetry.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;'D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: C:\vcpkg\buildtrees\libyaml\x86-windows-static-rel\CMakeFiles\yaml.dir\yaml.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;&D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_http\CMakeFiles\flb-plugin-in_http.dir\flb-plugin-in_http.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;(D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: ?crypto\stack\stack.csk_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.43.34808\\bin\\Hostx64\\x86\\cl.exe /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy -nologo -DWIN32 -D_WINDOWS -utf-8 -MP -MT -O2 -Oi -Gy -DNDEBUG -Z7 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.4.1 11 Feb 20253.4.1built on: Tue Apr 1 10:33:11 2025 UTCplatform: VC-WIN32OPENSSLDIR: "C:\vcpkg\packages\openssl_x86-windows-static"ENGINESDIR: "C:\vcpkg\packages\openssl_x86-windows-static\lib\engines-3"MODULESDIR: "C:\vcpkg\packages\openssl_x86-windows-static\bin"CPUINFO: N/AOSSL_WINCTX: Undefinednot available source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\chunkio\src\CMakeFiles\chunkio-static.dir\chunkio-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_kubernetes_events\CMakeFiles\flb-plugin-in_kubernetes_events.dir\flb-plugin-in_kubernetes_events.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_kafka\CMakeFiles\flb-plugin-in_kafka.dir\flb-plugin-in_kafka.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: jjjjjjjjjjjjjjjjcompiler: C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.43.34808\\bin\\Hostx64\\x86\\cl.exe /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy -nologo -DWIN32 -D_WINDOWS -utf-8 -MP -MT -O2 -Oi -Gy -DNDEBUG -Z7 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.000000000270A000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr
Source: Binary string: D;.D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_stdout\CMakeFiles\flb-plugin-out_stdout.dir\flb-plugin-out_stdout.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_checklist\CMakeFiles\flb-plugin-filter_checklist.dir\flb-plugin-filter_checklist.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_alter_size\CMakeFiles\flb-plugin-filter_alter_size.dir\flb-plugin-filter_alter_size.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;-D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_expect\CMakeFiles\flb-plugin-filter_expect.dir\flb-plugin-filter_expect.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \binfluent-bit.dllfluent-bit.exefluent-bit.pdbluajit.exe source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1153328745.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1488390705.000000000052D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000002.1488863933.0000000000530000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\miniz\CMakeFiles\miniz.dir\miniz.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_blob\CMakeFiles\flb-plugin-in_blob.dir\flb-plugin-in_blob.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: BN_nnmodcrypto\bn\bn_mod.cBN_mod_sub_quickBN_mod_lshift_quickossl_method_construct_preconditioncrypto\core_fetch.cossl_method_construct_postconditioncompiler: C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.43.34808\\bin\\Hostx64\\x86\\cl.exe /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy -nologo -DWIN32 -D_WINDOWS -utf-8 -MP -MT -O2 -Oi -Gy -DNDEBUG -Z7 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificPBMAC1_get1_pbkdf2_paramcrypto\pkcs12\p12_mutl.cPBMAC1_PBKDF2_HMACpkcs12_gen_macLEGACY_GOST_PKCS12PKCS12_verify_maccrypto\pkcs12\p12_add.cPKCS12_unpack_p7dataPKCS12_unpack_p7encdataPKCS12_unpack_authsafesC:\vcpkg\packages\openssl_x86-windows-staticC:\vcpkg\packages\openssl_x86-windows-static\lib\engines-3C:\vcpkg\packages\openssl_x86-windows-static\binUndefined source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.000000000270A000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_stream_processor\CMakeFiles\flb-plugin-in_stream_processor.dir\flb-plugin-in_stream_processor.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\stream_processor\parser\CMakeFiles\flb-sp-parser.dir\flb-sp-parser.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_multiline\CMakeFiles\flb-plugin-filter_multiline.dir\flb-plugin-filter_multiline.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: accept erroraddrinfo addr is not af inetambiguous host or servicebad fopen modebroken pipeconnect errorconnect timeoutgethostbyname addr is not af inetgetsockname errorgetsockname truncated addressgetting socktypeinvalid socketin uselisten v6 onlylookup returned nothingmalformed host or servicenbio connect errorno accept addr or service specifiedno hostname or service specifiedno port definedno such fileport mismatchtfo disabledtfo no kernel supporttransfer errortransfer timeoutunable to bind socketunable to create socketunable to keepaliveunable to listen socketunable to nodelayunable to reuseaddrunable to tfounavailable ip familyunknown info typeunsupported ip familyunsupported methodunsupported protocol familywrite to read only BIOWSAStartuplocal address not availablepeer address not availablenon-fatal or transient errorcrypto\thread\arch.ccrypto\encode_decode\decoder_meth.cossl_decoder_from_algorithminner_ossl_decoder_fetch<null>%s, Name (%s : %d), Properties (%s)OSSL_DECODER_get0_providerOSSL_DECODER_get0_propertiesossl_decoder_parsed_propertiesossl_decoder_get_numberOSSL_DECODER_CTX_set_paramsOSSL_DECODER_from_biocrypto\encode_decode\decoder_lib.cNo decoders were found. For standard decoders you need at least one of the default or base providers available. Did you forget to load them?Input type: Input structure: No supported data to decode. %s%s%s%s%s%sOSSL_DECODER_from_dataOSSL_DECODER_CTX_set_selectionOSSL_DECODER_CTX_set_input_typeOSSL_DECODER_CTX_set_input_structureossl_decoder_instance_newthere are no property definitions with decoder %sthe mandatory 'input' property is missing for decoder %s (properties: %s)structureossl_decoder_instance_dupossl_decoder_ctx_add_decoder_instOSSL_DECODER_CTX_add_extraOSSL_DECODER_CTX_set_constructOSSL_DECODER_CTX_set_construct_dataOSSL_DECODER_CTX_set_cleanupdata-typedata-structuredecoder_processcrypto\encode_decode\decoder_pkey.creference1.2.840.10045.2.1ossl_decoder_ctx_setup_for_pkeyossl_decoder_ctx_for_pkey_dupossl_decoder_cache_flushOSSL_DECODER_CTX_new_for_pkeyssl\record\methods\tls_pad.cSHA2-224SHA2-384SHA2-512jjjjjjjjjjjjjjjjcompiler: C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.43.34808\\bin\\Hostx64\\x86\\cl.exe /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy -nologo -DWIN32 -D_WINDOWS -utf-8 -MP -MT -O2 -Oi -Gy -DNDEBUG -Z7 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.4.1 11 Feb 20253.4.1built on: Tue Apr 1 10:33:11 2025 UTCplatform: VC-WIN32OPENSSLDIR: "C:\vcpkg\packages\openssl_x86-windows-static"ENGINESDIR: "C:\vcpkg\packages\openssl_x86-windows-static\lib\engines-3"MODULESDIR: "C:\vcpkg\packages\openssl_x86-windows-static\bin"CPUINFO: N/AOSSL_WINCTX: Undefinednot availableOPENSSL_WIN32_UTF8crypto\getenv.c@@@@@@@@@hHHHH@@@@@@@@@@@@@@@@@@( source: SecuriteInfo.com.FileRepMalware.27857.7397.exe
Source: Binary string: D;,D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_tail\CMakeFiles\flb-plugin-in_tail.dir\flb-plugin-in_tail.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_storage_backlog\CMakeFiles\flb-plugin-in_storage_backlog.dir\flb-plugin-in_storage_backlog.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_null\CMakeFiles\flb-plugin-out_null.dir\flb-plugin-out_null.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_event_type\CMakeFiles\flb-plugin-in_event_type.dir\flb-plugin-in_event_type.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_sysinfo\CMakeFiles\flb-plugin-filter_sysinfo.dir\flb-plugin-filter_sysinfo.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_nest\CMakeFiles\flb-plugin-filter_nest.dir\flb-plugin-filter_nest.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;+D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\custom_calyptia\CMakeFiles\flb-plugin-custom_calyptia.dir\flb-plugin-custom_calyptia.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Code function: 0_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_00405C4D
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Code function: 0_2_0040689E FindFirstFileW,FindClose, 0_2_0040689E
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Code function: 0_2_00402930 FindFirstFileW, 0_2_00402930
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File opened: C:\Users\user\AppData\Roaming Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File opened: C:\Users\user\AppData\Roaming\Microsoft Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows Jump to behavior
Source: fluent-bit.dll.0.dr String found in binary or memory: http://169.254.169.254/metadata/identity/oauth2/token?api-version=2021-02-01%s%s&resource=https://ap
Source: mk_macros.h.0.dr String found in binary or memory: http://lwn.net/Articles/13183/
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: http://metadata.google.internal
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: http://metadata.google.internalmetadata_server
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, Uninstall.exe.0.dr String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1357751086.00000000050EF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://rubular.com/r/tjUt3Awgg4
Source: fluent-bit.dll.0.dr String found in binary or memory: http://s3.amazonaws.com/doc/2006-03-01/
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1153328745.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1488390705.000000000052D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000002.1488863933.0000000000530000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1362455158.00000000026F0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1372599096.00000000026F3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1370081849.00000000026F3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1366548036.00000000026FB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1388283264.00000000026F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1390979426.00000000026F6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1363433121.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1404781270.00000000026F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1382885499.00000000026FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1360312390.00000000026FE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1402766626.00000000026F3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1409641374.00000000026F3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1412099688.00000000050EF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1411176205.00000000026F3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1407319922.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1381760434.00000000026F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1374552144.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1397917548.00000000026F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1373577628.00000000026FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1410231041.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1399298228.00000000026F2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://api.nightfall.ai/
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://api.nightfall.ai/connection
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://asia-southeast1-malachiteingestion-pa.googleapis.com
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ctraces/scope_span_schema_urla.b.cctracemainFluent
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://ctraces/scope_span_schema_urla.b.cctracemainagentyearopen_sourcetemperaturefirstmy_arrayconn
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1368029912.00000000026FB000.00000004.00000020.00020000.00000000.sdmp, flb_config.h.0.dr String found in binary or memory: https://curl.se/docs/manual.html)
Source: fluent-bit.dll.0.dr String found in binary or memory: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.0000000002A02000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://docs.fluentbit.io/manual/0
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1357234354.00000000026F8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://docs.fluentbit.io/manual/administration/buffering-and-storage
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://europe-malachiteingestion-pa.googleapis.com
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://europe-west2-malachiteingestion-pa.googleapis.com
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, flb_version.h.0.dr String found in binary or memory: https://fluentbit.io
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1385745503.00000000026FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://git.musl-libc.org/cgit/musl/tree/src/crypt/crypt_sha512.c?h=v1.1.22
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1361588882.00000000050EF000.00000004.00000020.00020000.00000000.sdmp, flb_aws_credentials.h.0.dr String found in binary or memory: https://github.com/aws/aws-sdk-go/tree/master/aws/credentials/endpointcreds
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://github.com/confluentinc/librdkafka/wiki/Using-SASL-with-librdkafka
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://github.com/confluentinc/librdkafka/wiki/Using-SSL-with-librdkafka
Source: flb_time.h.0.dr String found in binary or memory: https://github.com/fluent/fluentd/wiki/Forward-Protocol-Specification-v0#eventtime-ext-format
Source: flb_time.h.0.dr String found in binary or memory: https://github.com/fluent/fluentd/wiki/Forward-Protocol-Specification-v1#eventtime-ext-format
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://help.kusto.windows.net/.default
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://help.kusto.windows.net/.defaultbefore
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://ingest-mycluster.eastus.kusto.windows.net)
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://ingest-mycluster.eastus.kusto.windows.net)database_nameSet
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://kubernetes.default.svc
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://kubernetes.default.svcKubernetes
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://la-endpoint-q12a.eastus-1.ingest.monitor.azure.com)
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://la-endpoint-q12a.eastus-1.ingest.monitor.azure.com)dcr_idData
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://log-api.newrelic.com/log/v1
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://log-api.newrelic.com/log/v1New
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://logging.googleapis.com
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://logging.googleapis.com/v2/entries:write
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://logging.googleapis.com/v2/entries:writemissing
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://logging.googleapis.comstackdriverSend
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://login.microsoftonline.com/%s/oauth2/v2.0/token
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://login.microsoftonline.com/%s/oauth2/v2.0/token%s/dataCollectionRules/%s/streams/Custom-%s?ap
Source: luajit.h.0.dr String found in binary or memory: https://luajit.org/
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://malachiteingestion-pa.googleapis.com
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://malachiteingestion-pa.googleapis.comEUhttps://europe-malachiteingestion-pa.googleapis.comUKh
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://monitor.azure.com/.default
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://monitor.azure.com/.defaulterror
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://oauth2.googleapis.com/token
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://oauth2.googleapis.com/tokenhttps://www.googleapis.com/auth/logging.write
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1357751086.00000000050EF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://rubular.com/r/0VZmcYcLWMGAp1
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1357751086.00000000050EF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://rubular.com/r/17KGEdDClwiuDG
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1357751086.00000000050EF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://rubular.com/r/B0ID69H9FvN0tp
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1357751086.00000000050EF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://rubular.com/r/IhIbCAIs7ImOkc
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1357751086.00000000050EF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://rubular.com/r/Q8YY6fHqlqwGI0
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-A.5)
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr String found in binary or memory: https://www.googleapis.com/auth/logging.write
Source: fluent-bit.dll.0.dr String found in binary or memory: https://www.googleapis.com/auth/malachite-ingestion
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1408641898.00000000026F9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.lua.org/manual/5.1/manual.html#2.8
Source: luajit.h.0.dr String found in binary or memory: https://www.opensource.org/licenses/mit-license.php
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Code function: 0_2_00405705 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_00405705

System Summary

barindex
Source: fluent-bit.dll.0.dr Static PE information: Section: .text IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: fluent-bit.exe.0.dr Static PE information: Section: .text IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Code function: 0_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040351C
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Code function: 0_2_00406C5F 0_2_00406C5F
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: fluent-bit.dll.0.dr Binary string: \Device\Afdntdll.dllNtCreateFileNtDeviceIoControlFileNtCancelIoFileEx** afd_enqueue ed=%p FAILED
Source: classification engine Classification label: clean18.winEXE@1/212@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Code function: 0_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040351C
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Code function: 0_2_004049B1 GetDlgItem,SetWindowTextW,SHAutoComplete,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceExW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, 0_2_004049B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Code function: 0_2_004021CF CoCreateInstance, 0_2_004021CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File created: C:\Program Files (x86)\fluent-bit Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File created: C:\Users\user\AppData\Local\Temp\nsbB413.tmp Jump to behavior
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: SELECT pattern FROM list WHERE @val LIKE (pattern || '%');
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: UPDATE out_azure_blob_files SET last_delivery_attempt=0 WHERE id=@id;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: UPDATE out_azure_blob_parts SET in_progress=@status WHERE id=@id;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: UPDATE out_azure_blob_parts SET delivery_attempts=0, uploaded=0, in_progress=0 WHERE file_id=@id;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: UPDATE out_azure_blob_parts SET uploaded=1, in_progress=0 WHERE id=@id;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: SELECT * from in_tail_files WHERE inode=@inode order by id desc;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: INSERT INTO out_azure_blob_parts (file_id, part_id, offset_start, offset_end) VALUES (@file_id, @part_id, @offset_start, @offset_end);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: INSERT INTO list (pattern) VALUES (@val);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: SELECT name, record_number, time_written, created FROM in_winlog_channels WHERE name = '%s';
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: INSERT INTO in_kubernetes_events (uid, resourceVersion, created) VALUES (@uid, @resourceVersion, @created);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: UPDATE in_tail_files set offset=@offset WHERE id=@id;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: SELECT COUNT(id) FROM in_kubernetes_events WHERE uid=@uid;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: SELECT id, azbf.delivery_attempts, source, path FROM out_azure_blob_files azbf WHERE aborted = 1 AND (SELECT COUNT(*) FROM out_azure_blob_parts azbp WHERE azbp.file_id = azbf.id AND in_progress = 1) = 0 ORDER BY id DESC LIMIT 1;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: CREATE TABLE IF NOT EXISTS out_azure_blob_parts ( id INTEGER PRIMARY KEY, file_id INTEGER NOT NULL, part_id INTEGER NOT NULL, uploaded INTEGER DEFAULT 0, in_progress INTEGER DEFAULT 0, offset_start INTEGER, offset_end INTEGER, delivery_attempts INTEGER DEFAULT 0, FOREIGN KEY (file_id) REFERENCES out_azure_blob_files(id) ON DELETE CASCADE);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: CREATE TABLE IF NOT EXISTS in_blob_files ( id INTEGER PRIMARY KEY, path TEXT NOT NULL, size INTEGER, created INTEGER);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: UPDATE in_tail_files set name=@name,rotated=1 WHERE id=@id;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: UPDATE out_azure_blob_files SET destination=@destination WHERE id=@id;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: CREATE TABLE IF NOT EXISTS in_winlog_channels ( name TEXT PRIMARY KEY, record_number INTEGER, time_written INTEGER, created INTEGER);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: CREATE TABLE IF NOT EXISTS out_azure_blob_files ( id INTEGER PRIMARY KEY, source TEXT NOT NULL, destination TEXT NOT NULL, path TEXT NOT NULL, size INTEGER, created INTEGER, delivery_attempts INTEGER DEFAULT 0, aborted INTEGER DEFAULT 0, last_delivery_attempt INTEGER DEFAULT 0);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: SELECT * from in_blob_files WHERE path=@path order by id desc;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: SELECT f.id, f.path, GROUP_CONCAT(p.part_id ORDER BY p.part_id ASC) AS part_ids, f.source FROM out_azure_blob_files f JOIN out_azure_blob_parts p ON f.id = p.file_id WHERE p.uploaded = 1 GROUP BY f.id HAVING COUNT(p.id) = (SELECT COUNT(p2.id) FROM out_azure_blob_parts p2 WHERE p2.file_id = f.id) ORDER BY f.created ASC LIMIT 1;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: INSERT INTO in_tail_files (name, offset, inode, created) VALUES (@name, @offset, @inode, @created);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: CREATE TABLE IF NOT EXISTS in_winevtlog_channels ( name TEXT PRIMARY KEY, bookmark_xml TEXT, time_updated INTEGER, created INTEGER);
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: UPDATE out_azure_blob_files SET aborted=@state WHERE id=@id;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: SELECT id, path FROM out_azure_blob_files azbf WHERE aborted = 0 AND last_delivery_attempt > 0 AND last_delivery_attempt < @freshness_threshold ORDER BY id DESC LIMIT 1;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: SELECT * FROM out_azure_blob_files WHERE path=@path ORDER BY id DESC;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: SELECT name, bookmark_xml, time_updated, created FROM in_winevtlog_channels WHERE name = '%s';
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: UPDATE out_azure_blob_files SET delivery_attempts=@delivery_attempts, last_delivery_attempt=UNIXEPOCH() WHERE id=@id;
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: CREATE TABLE IF NOT EXISTS list ( pattern text );
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.00000000027B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr Binary or memory string: UPDATE out_azure_blob_parts SET delivery_attempts=@delivery_attempts WHERE file_id=@file_id AND part_id=@part_id;
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File read: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: Uninstall.lnk.0.dr LNK file: ..\..\..\..\..\..\Program Files (x86)\fluent-bit\Uninstall.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File written: C:\Users\user\AppData\Local\Temp\nswB491.tmp\ioSpecial.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Automated click: Next >
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Automated click: I Agree
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Automated click: Next >
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Automated click: Install
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Window detected: < &BackI &AgreeCancelNullsoft Install System v3.10 Nullsoft Install System v3.10License AgreementPlease review the license terms before installing fluent-bit.Press Page Down to see the rest of the agreement. Apache License Version 2.0 January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE REPRODUCTION AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use reproduction and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control are controlled by or are under common control with that entity. For the purposes of this definition "control" means (i) the power direct or indirect to cause the direction or management of such entity whether by contract or otherwise or (ii) ownership of fifty percent (50%) or more of the outstanding shares or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications including but not limited to software source code documentation source and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form including but not limited to compiled object code generated documentation and conversions to other media types. "Work" shall mean the work of authorship whether in Source or Object form made available under the License as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work whether in Source or Object form that is based on (or derived from) the Work and for which the editorial revisions annotations elaborations or other modifications represent as a whole an original work of authorship. For the purposes of this License Derivative Works shall not include works that remain separable from or merely link (or bind by name) to the interfaces of the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition "submitted" means any form of electronic verbal or written communication sent to the Licensor or its r
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe Static file information: File size 20958060 > 1048576
Source: SecuriteInfo.com.FileRepMalware.27857.7397.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\deps\regex\CMakeFiles\regex.dir\regex.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_http\CMakeFiles\flb-plugin-out_http.dir\flb-plugin-out_http.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\cfl\src\CMakeFiles\cfl-static.dir\cfl-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_kafka\CMakeFiles\flb-plugin-out_kafka.dir\flb-plugin-out_kafka.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_opensearch\CMakeFiles\flb-plugin-out_opensearch.dir\flb-plugin-out_opensearch.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_prometheus_remote_write\CMakeFiles\flb-plugin-in_prometheus_remote_write.dir\flb-plugin-in_prometheus_remote_write.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;3D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_azure_blob\CMakeFiles\flb-plugin-out_azure_blob.dir\flb-plugin-out_azure_blob.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\aws\CMakeFiles\flb-aws.dir\flb-aws.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\deps\flb_libco\CMakeFiles\co.dir\co.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;4D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D;5D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_calyptia_fleet\CMakeFiles\flb-plugin-in_calyptia_fleet.dir\flb-plugin-in_calyptia_fleet.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_loki\CMakeFiles\flb-plugin-out_loki.dir\flb-plugin-out_loki.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;0D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\proxy\go\CMakeFiles\flb-plugin-proxy-go.dir\flb-plugin-proxy-go.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_azure_logs_ingestion\CMakeFiles\flb-plugin-out_azure_logs_ingestion.dir\flb-plugin-out_azure_logs_ingestion.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_random\CMakeFiles\flb-plugin-in_random.dir\flb-plugin-in_random.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;6D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_syslog\CMakeFiles\flb-plugin-in_syslog.dir\flb-plugin-in_syslog.pdbV source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_grep\CMakeFiles\flb-plugin-filter_grep.dir\flb-plugin-filter_grep.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.43.34808\\bin\\Hostx64\\x86\\cl.exe /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy -nologo -DWIN32 -D_WINDOWS -utf-8 -MP -MT -O2 -Oi -Gy -DNDEBUG -Z7 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.000000000270A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000028D2000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr
Source: Binary string: D;/D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\CMakeFiles\fluent-bit-static.dir\fluent-bit-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_prometheus_exporter\CMakeFiles\flb-plugin-out_prometheus_exporter.dir\flb-plugin-out_prometheus_exporter.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_type_converter\CMakeFiles\flb-plugin-filter_type_converter.dir\flb-plugin-filter_type_converter.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\bin\fluent-bit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\bin\luajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1356673064.00000000026F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\msgpack-c\CMakeFiles\msgpack-c-static.dir\msgpack-c-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\snappy-fef67ac\CMakeFiles\snappy-c.dir\snappy-c.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_udp\CMakeFiles\flb-plugin-out_udp.dir\flb-plugin-out_udp.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;1D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_counter\CMakeFiles\flb-plugin-out_counter.dir\flb-plugin-out_counter.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_cloudwatch_logs\CMakeFiles\flb-plugin-out_cloudwatch_logs.dir\flb-plugin-out_cloudwatch_logs.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_lib\CMakeFiles\flb-plugin-out_lib.dir\flb-plugin-out_lib.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_opentelemetry\CMakeFiles\flb-plugin-in_opentelemetry.dir\flb-plugin-in_opentelemetry.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\record_accessor\CMakeFiles\flb-ra-parser.dir\flb-ra-parser.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\stream_processor\CMakeFiles\flb-sp.dir\flb-sp.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_kinesis_streams\CMakeFiles\flb-plugin-out_kinesis_streams.dir\flb-plugin-out_kinesis_streams.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_winstat\CMakeFiles\flb-plugin-in_winstat.dir\flb-plugin-in_winstat.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_metrics_selector\CMakeFiles\flb-plugin-processor_metrics_selector.dir\flb-plugin-processor_metrics_selector.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;2D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_influxdb\CMakeFiles\flb-plugin-out_influxdb.dir\flb-plugin-out_influxdb.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_skywalking\CMakeFiles\flb-plugin-out_skywalking.dir\flb-plugin-out_skywalking.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_flowcounter\CMakeFiles\flb-plugin-out_flowcounter.dir\flb-plugin-out_flowcounter.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\nghttp2\lib\CMakeFiles\nghttp2_static.dir\nghttp2_static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;<D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_dummy\CMakeFiles\flb-plugin-in_dummy.dir\flb-plugin-in_dummy.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_slack\CMakeFiles\flb-plugin-out_slack.dir\flb-plugin-out_slack.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;;D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_tcp\CMakeFiles\flb-plugin-in_tcp.dir\flb-plugin-in_tcp.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_websocket\CMakeFiles\flb-plugin-out_websocket.dir\flb-plugin-out_websocket.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\mk_core\CMakeFiles\mk_core.dir\mk_core.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_azure_kusto\CMakeFiles\flb-plugin-out_azure_kusto.dir\flb-plugin-out_azure_kusto.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\librdkafka-2.4.0\src\CMakeFiles\rdkafka.dir\rdkafka.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_fluentbit_metrics\CMakeFiles\flb-plugin-in_fluentbit_metrics.dir\flb-plugin-in_fluentbit_metrics.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_logdna\CMakeFiles\flb-plugin-out_logdna.dir\flb-plugin-out_logdna.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_stdout\CMakeFiles\flb-plugin-filter_stdout.dir\flb-plugin-filter_stdout.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_record_modifier\CMakeFiles\flb-plugin-filter_record_modifier.dir\flb-plugin-filter_record_modifier.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;>D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\sqlite-amalgamation-3450200\CMakeFiles\sqlite3.dir\sqlite3.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: octasn1_int_octasn1_oct_intASN1_TYPE_get_octetstringcrypto\asn1\evp_asn1.cASN1_TYPE_get_int_octetstringossl_asn1_type_get_octetstring_intgeterrcrypto\evp\evp_utils.cseterrcrypto\objects\o_names.cOBJ_NAME_new_indexcompiler: C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.43.34808\\bin\\Hostx64\\x86\\cl.exe /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy -nologo -DWIN32 -D_WINDOWS -utf-8 -MP -MT -O2 -Oi -Gy -DNDEBUG -Z7 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificBIO_get_new_indexcrypto\bio\bio_meth.cBIO_get_host_ipcrypto\bio\bio_sock.chost=BIO_get_portBIO_sock_initcalling wsastartup()BIO_socket_ioctlcalling ioctlsocket()BIO_acceptcalling accept()BIO_sock_infocalling getsockname() source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_tcp\CMakeFiles\flb-plugin-out_tcp.dir\flb-plugin-out_tcp.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_ecs\CMakeFiles\flb-plugin-filter_ecs.dir\flb-plugin-filter_ecs.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;=D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_es\CMakeFiles\flb-plugin-out_es.dir\flb-plugin-out_es.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\ctraces\src\CMakeFiles\ctraces-static.dir\ctraces-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_stackdriver\CMakeFiles\flb-plugin-out_stackdriver.dir\flb-plugin-out_stackdriver.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;7D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_elasticsearch\CMakeFiles\flb-plugin-in_elasticsearch.dir\flb-plugin-in_elasticsearch.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_nginx_exporter_metrics\CMakeFiles\flb-plugin-in_nginx_exporter_metrics.dir\flb-plugin-in_nginx_exporter_metrics.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\cprofiles\src\CMakeFiles\cprofiles-static.dir\cprofiles-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\chunkio\deps\crc32\CMakeFiles\cio-crc32.dir\cio-crc32.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\library\cares.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_geoip2\libmaxminddb\CMakeFiles\maxminddb.dir\maxminddb.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\http_server\api\v1\CMakeFiles\api-v1.dir\api-v1.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_exec\CMakeFiles\flb-plugin-in_exec.dir\flb-plugin-in_exec.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;8D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_splunk\CMakeFiles\flb-plugin-out_splunk.dir\flb-plugin-out_splunk.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_udp\CMakeFiles\flb-plugin-in_udp.dir\flb-plugin-in_udp.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_content_modifier\CMakeFiles\flb-plugin-processor_content_modifier.dir\flb-plugin-processor_content_modifier.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_emitter\CMakeFiles\flb-plugin-in_emitter.dir\flb-plugin-in_emitter.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_syslog\CMakeFiles\flb-plugin-out_syslog.dir\flb-plugin-out_syslog.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;:D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_forward\CMakeFiles\flb-plugin-out_forward.dir\flb-plugin-out_forward.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_kubernetes\CMakeFiles\flb-plugin-filter_kubernetes.dir\flb-plugin-filter_kubernetes.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_prometheus_remote_write\CMakeFiles\flb-plugin-out_prometheus_remote_write.dir\flb-plugin-out_prometheus_remote_write.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_modify\CMakeFiles\flb-plugin-filter_modify.dir\flb-plugin-filter_modify.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\onigmo\CMakeFiles\onigmo-static.dir\onigmo-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\CMakeFiles\fluent-bit-bin.dir\vc140.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_file\CMakeFiles\flb-plugin-out_file.dir\flb-plugin-out_file.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;9D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_throttle_size\CMakeFiles\flb-plugin-filter_throttle_size.dir\flb-plugin-filter_throttle_size.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Extract: fluent-bit.pdb... 100% source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1423671500.00000000005B4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1488488956.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000002.1488963881.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1488354555.00000000005B4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_nrlogs\CMakeFiles\flb-plugin-out_nrlogs.dir\flb-plugin-out_nrlogs.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_sql\CMakeFiles\flb-plugin-processor_sql.dir\flb-plugin-processor_sql.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_statsd\CMakeFiles\flb-plugin-in_statsd.dir\flb-plugin-in_statsd.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_labels\CMakeFiles\flb-plugin-processor_labels.dir\flb-plugin-processor_labels.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_splunk\CMakeFiles\flb-plugin-in_splunk.dir\flb-plugin-in_splunk.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_nightfall\CMakeFiles\flb-plugin-filter_nightfall.dir\flb-plugin-filter_nightfall.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\fluent-otel-proto\src\CMakeFiles\fluent-otel-proto.dir\fluent-otel-proto.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;ED:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\zstd-1.5.7\build\cmake\lib\CMakeFiles\libzstd_static.dir\libzstd_static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_sampling\CMakeFiles\flb-plugin-processor_sampling.dir\flb-plugin-processor_sampling.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_lib\CMakeFiles\flb-plugin-in_lib.dir\flb-plugin-in_lib.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_geoip2\CMakeFiles\flb-plugin-filter_geoip2.dir\flb-plugin-filter_geoip2.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;!D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_log_to_metrics\CMakeFiles\flb-plugin-filter_log_to_metrics.dir\flb-plugin-filter_log_to_metrics.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_winevtlog\CMakeFiles\flb-plugin-in_winevtlog.dir\flb-plugin-in_winevtlog.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\jsmn\CMakeFiles\jsmn.dir\jsmn.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\plugins\liana\CMakeFiles\monkey-liana-static.dir\monkey-liana-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;CD:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_datadog\CMakeFiles\flb-plugin-out_datadog.dir\flb-plugin-out_datadog.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;DD:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_windows_exporter_metrics\CMakeFiles\flb-plugin-in_windows_exporter_metrics.dir\flb-plugin-in_windows_exporter_metrics.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_forward\CMakeFiles\flb-plugin-in_forward.dir\flb-plugin-in_forward.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D; D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_chronicle\CMakeFiles\flb-plugin-out_chronicle.dir\flb-plugin-out_chronicle.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_opentelemetry_envelope\CMakeFiles\flb-plugin-processor_opentelemetry_envelope.dir\flb-plugin-processor_opentelemetry_envelope.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\http_server\CMakeFiles\flb-http-server.dir\flb-http-server.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\processor_sql\parser\CMakeFiles\processor-sql-parser.dir\processor-sql-parser.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;AD:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_aws\CMakeFiles\flb-plugin-filter_aws.dir\flb-plugin-filter_aws.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\cmetrics\src\CMakeFiles\cmetrics-static.dir\cmetrics-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;$D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D;@D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D;BD:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: C:\vcpkg\buildtrees\openssl\x86-windows-static-rel\ossl_static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;?D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D;%D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_calyptia\CMakeFiles\flb-plugin-out_calyptia.dir\flb-plugin-out_calyptia.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\http_server\api\v2\CMakeFiles\api-v2.dir\api-v2.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_kinesis_firehose\CMakeFiles\flb-plugin-out_kinesis_firehose.dir\flb-plugin-out_kinesis_firehose.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;"D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_parser\CMakeFiles\flb-plugin-filter_parser.dir\flb-plugin-filter_parser.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_throttle\CMakeFiles\flb-plugin-filter_throttle.dir\flb-plugin-filter_throttle.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_oracle_log_analytics\CMakeFiles\flb-plugin-out_oracle_log_analytics.dir\flb-plugin-out_oracle_log_analytics.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_s3\CMakeFiles\flb-plugin-out_s3.dir\flb-plugin-out_s3.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;#D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_prometheus_scrape\CMakeFiles\flb-plugin-in_prometheus_scrape.dir\flb-plugin-in_prometheus_scrape.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_vivo_exporter\CMakeFiles\flb-plugin-out_vivo_exporter.dir\flb-plugin-out_vivo_exporter.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_syslog\CMakeFiles\flb-plugin-in_syslog.dir\flb-plugin-in_syslog.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\mpack-amalgamation-1.1.1\CMakeFiles\mpack-static.dir\mpack-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_lua\CMakeFiles\flb-plugin-filter_lua.dir\flb-plugin-filter_lua.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\mk_core\deps\libevent\CMakeFiles\event.dir\event.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\deps\rbtree\CMakeFiles\rbtree.dir\rbtree.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;*D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\monkey\mk_server\CMakeFiles\monkey-core-static.dir\monkey-core-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_rewrite_tag\CMakeFiles\flb-plugin-filter_rewrite_tag.dir\flb-plugin-filter_rewrite_tag.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_azure\CMakeFiles\flb-plugin-out_azure.dir\flb-plugin-out_azure.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_gelf\CMakeFiles\flb-plugin-out_gelf.dir\flb-plugin-out_gelf.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;)D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_winlog\CMakeFiles\flb-plugin-in_winlog.dir\flb-plugin-in_winlog.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_opentelemetry\CMakeFiles\flb-plugin-out_opentelemetry.dir\flb-plugin-out_opentelemetry.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;'D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: C:\vcpkg\buildtrees\libyaml\x86-windows-static-rel\CMakeFiles\yaml.dir\yaml.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;&D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_http\CMakeFiles\flb-plugin-in_http.dir\flb-plugin-in_http.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;(D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: ?crypto\stack\stack.csk_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.43.34808\\bin\\Hostx64\\x86\\cl.exe /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy -nologo -DWIN32 -D_WINDOWS -utf-8 -MP -MT -O2 -Oi -Gy -DNDEBUG -Z7 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.4.1 11 Feb 20253.4.1built on: Tue Apr 1 10:33:11 2025 UTCplatform: VC-WIN32OPENSSLDIR: "C:\vcpkg\packages\openssl_x86-windows-static"ENGINESDIR: "C:\vcpkg\packages\openssl_x86-windows-static\lib\engines-3"MODULESDIR: "C:\vcpkg\packages\openssl_x86-windows-static\bin"CPUINFO: N/AOSSL_WINCTX: Undefinednot available source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1303257897.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\chunkio\src\CMakeFiles\chunkio-static.dir\chunkio-static.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_kubernetes_events\CMakeFiles\flb-plugin-in_kubernetes_events.dir\flb-plugin-in_kubernetes_events.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_kafka\CMakeFiles\flb-plugin-in_kafka.dir\flb-plugin-in_kafka.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: jjjjjjjjjjjjjjjjcompiler: C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.43.34808\\bin\\Hostx64\\x86\\cl.exe /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy -nologo -DWIN32 -D_WINDOWS -utf-8 -MP -MT -O2 -Oi -Gy -DNDEBUG -Z7 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.000000000270A000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr
Source: Binary string: D;.D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_stdout\CMakeFiles\flb-plugin-out_stdout.dir\flb-plugin-out_stdout.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_checklist\CMakeFiles\flb-plugin-filter_checklist.dir\flb-plugin-filter_checklist.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_alter_size\CMakeFiles\flb-plugin-filter_alter_size.dir\flb-plugin-filter_alter_size.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;-D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_expect\CMakeFiles\flb-plugin-filter_expect.dir\flb-plugin-filter_expect.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \binfluent-bit.dllfluent-bit.exefluent-bit.pdbluajit.exe source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1153328745.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1488390705.000000000052D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000002.1488863933.0000000000530000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\lib\miniz\CMakeFiles\miniz.dir\miniz.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_blob\CMakeFiles\flb-plugin-in_blob.dir\flb-plugin-in_blob.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: BN_nnmodcrypto\bn\bn_mod.cBN_mod_sub_quickBN_mod_lshift_quickossl_method_construct_preconditioncrypto\core_fetch.cossl_method_construct_postconditioncompiler: C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.43.34808\\bin\\Hostx64\\x86\\cl.exe /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy -nologo -DWIN32 -D_WINDOWS -utf-8 -MP -MT -O2 -Oi -Gy -DNDEBUG -Z7 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificPBMAC1_get1_pbkdf2_paramcrypto\pkcs12\p12_mutl.cPBMAC1_PBKDF2_HMACpkcs12_gen_macLEGACY_GOST_PKCS12PKCS12_verify_maccrypto\pkcs12\p12_add.cPKCS12_unpack_p7dataPKCS12_unpack_p7encdataPKCS12_unpack_authsafesC:\vcpkg\packages\openssl_x86-windows-staticC:\vcpkg\packages\openssl_x86-windows-static\lib\engines-3C:\vcpkg\packages\openssl_x86-windows-static\binUndefined source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1291122983.000000000270A000.00000004.00000020.00020000.00000000.sdmp, fluent-bit.dll.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_stream_processor\CMakeFiles\flb-plugin-in_stream_processor.dir\flb-plugin-in_stream_processor.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\src\stream_processor\parser\CMakeFiles\flb-sp-parser.dir\flb-sp-parser.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_multiline\CMakeFiles\flb-plugin-filter_multiline.dir\flb-plugin-filter_multiline.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: accept erroraddrinfo addr is not af inetambiguous host or servicebad fopen modebroken pipeconnect errorconnect timeoutgethostbyname addr is not af inetgetsockname errorgetsockname truncated addressgetting socktypeinvalid socketin uselisten v6 onlylookup returned nothingmalformed host or servicenbio connect errorno accept addr or service specifiedno hostname or service specifiedno port definedno such fileport mismatchtfo disabledtfo no kernel supporttransfer errortransfer timeoutunable to bind socketunable to create socketunable to keepaliveunable to listen socketunable to nodelayunable to reuseaddrunable to tfounavailable ip familyunknown info typeunsupported ip familyunsupported methodunsupported protocol familywrite to read only BIOWSAStartuplocal address not availablepeer address not availablenon-fatal or transient errorcrypto\thread\arch.ccrypto\encode_decode\decoder_meth.cossl_decoder_from_algorithminner_ossl_decoder_fetch<null>%s, Name (%s : %d), Properties (%s)OSSL_DECODER_get0_providerOSSL_DECODER_get0_propertiesossl_decoder_parsed_propertiesossl_decoder_get_numberOSSL_DECODER_CTX_set_paramsOSSL_DECODER_from_biocrypto\encode_decode\decoder_lib.cNo decoders were found. For standard decoders you need at least one of the default or base providers available. Did you forget to load them?Input type: Input structure: No supported data to decode. %s%s%s%s%s%sOSSL_DECODER_from_dataOSSL_DECODER_CTX_set_selectionOSSL_DECODER_CTX_set_input_typeOSSL_DECODER_CTX_set_input_structureossl_decoder_instance_newthere are no property definitions with decoder %sthe mandatory 'input' property is missing for decoder %s (properties: %s)structureossl_decoder_instance_dupossl_decoder_ctx_add_decoder_instOSSL_DECODER_CTX_add_extraOSSL_DECODER_CTX_set_constructOSSL_DECODER_CTX_set_construct_dataOSSL_DECODER_CTX_set_cleanupdata-typedata-structuredecoder_processcrypto\encode_decode\decoder_pkey.creference1.2.840.10045.2.1ossl_decoder_ctx_setup_for_pkeyossl_decoder_ctx_for_pkey_dupossl_decoder_cache_flushOSSL_DECODER_CTX_new_for_pkeyssl\record\methods\tls_pad.cSHA2-224SHA2-384SHA2-512jjjjjjjjjjjjjjjjcompiler: C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.43.34808\\bin\\Hostx64\\x86\\cl.exe /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy -nologo -DWIN32 -D_WINDOWS -utf-8 -MP -MT -O2 -Oi -Gy -DNDEBUG -Z7 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.4.1 11 Feb 20253.4.1built on: Tue Apr 1 10:33:11 2025 UTCplatform: VC-WIN32OPENSSLDIR: "C:\vcpkg\packages\openssl_x86-windows-static"ENGINESDIR: "C:\vcpkg\packages\openssl_x86-windows-static\lib\engines-3"MODULESDIR: "C:\vcpkg\packages\openssl_x86-windows-static\bin"CPUINFO: N/AOSSL_WINCTX: Undefinednot availableOPENSSL_WIN32_UTF8crypto\getenv.c@@@@@@@@@hHHHH@@@@@@@@@@@@@@@@@@( source: SecuriteInfo.com.FileRepMalware.27857.7397.exe
Source: Binary string: D;,D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_tail\CMakeFiles\flb-plugin-in_tail.dir\flb-plugin-in_tail.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_storage_backlog\CMakeFiles\flb-plugin-in_storage_backlog.dir\flb-plugin-in_storage_backlog.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\out_null\CMakeFiles\flb-plugin-out_null.dir\flb-plugin-out_null.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\in_event_type\CMakeFiles\flb-plugin-in_event_type.dir\flb-plugin-in_event_type.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_sysinfo\CMakeFiles\flb-plugin-filter_sysinfo.dir\flb-plugin-filter_sysinfo.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\filter_nest\CMakeFiles\flb-plugin-filter_nest.dir\flb-plugin-filter_nest.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D;+D:\a\fluent-bit\fluent-bit\build\lib\luajit-cmake\CMakeFiles\libluajit.dir\libluajit.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1421098184.00000000026F2000.00000004.00000020.00020000.00000000.sdmp, libluajit.lib.0.dr
Source: Binary string: D:\a\fluent-bit\fluent-bit\build\plugins\custom_calyptia\CMakeFiles\flb-plugin-custom_calyptia.dir\flb-plugin-custom_calyptia.pdb source: SecuriteInfo.com.FileRepMalware.27857.7397.exe, 00000000.00000003.1351992608.00000000026FD000.00000004.00000020.00020000.00000000.sdmp
Source: luajit.exe.0.dr Static PE information: section name: .fptable
Source: fluent-bit.dll.0.dr Static PE information: section name: .fptable
Source: fluent-bit.exe.0.dr Static PE information: section name: .fptable
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File created: C:\Program Files (x86)\fluent-bit\bin\luajit.exe Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File created: C:\Users\user\AppData\Local\Temp\nswB491.tmp\InstallOptions.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File created: C:\Program Files (x86)\fluent-bit\Uninstall.exe Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File created: C:\Users\user\AppData\Local\Temp\nswB491.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File created: C:\Program Files (x86)\fluent-bit\bin\fluent-bit.exe Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File created: C:\Users\user\AppData\Local\Temp\nswB491.tmp\StartMenu.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File created: C:\Users\user\AppData\Local\Temp\nswB491.tmp\UserInfo.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File created: C:\Program Files (x86)\fluent-bit\bin\fluent-bit.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fluent-bit Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fluent-bit\Uninstall.lnk Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Dropped PE file which has not been started: C:\Program Files (x86)\fluent-bit\bin\luajit.exe Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswB491.tmp\InstallOptions.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Dropped PE file which has not been started: C:\Program Files (x86)\fluent-bit\Uninstall.exe Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswB491.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Dropped PE file which has not been started: C:\Program Files (x86)\fluent-bit\bin\fluent-bit.exe Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswB491.tmp\StartMenu.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswB491.tmp\UserInfo.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Dropped PE file which has not been started: C:\Program Files (x86)\fluent-bit\bin\fluent-bit.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File Volume queried: C:\Program Files (x86) FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File Volume queried: C:\Program Files (x86) FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Code function: 0_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_00405C4D
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Code function: 0_2_0040689E FindFirstFileW,FindClose, 0_2_0040689E
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Code function: 0_2_00402930 FindFirstFileW, 0_2_00402930
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File opened: C:\Users\user\AppData\Roaming Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File opened: C:\Users\user\AppData\Roaming\Microsoft Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.27857.7397.exe Code function: 0_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040351C
No contacted IP infos