Skip to content

Instantly share code, notes, and snippets.

@HydraDragonAntivirus

HydraDragonAntivirus/antivirusnewlog

Last active August 3, 2024 16:40
Show Gist options
  • Save HydraDragonAntivirus/0fb6f12bf0c60d251980185054c4f50b to your computer and use it in GitHub Desktop.
Save HydraDragonAntivirus/0fb6f12bf0c60d251980185054c4f50b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
antivirusnewlog
2024-08-03 18:19:41,622 - INFO - Successfully cleaned the decompile folder at: C:\Program Files\HydraDragonAntivirus\decompile
2024-08-03 18:19:41,622 - INFO - Created the decompile folder at: C:\Program Files\HydraDragonAntivirus\decompile
2024-08-03 18:19:41,636 - INFO - Successfully cleaned the ghidra_projects folder at: C:\Program Files\HydraDragonAntivirus\ghidra_projects
2024-08-03 18:19:41,636 - INFO - Created the ghidra_projects folder at: C:\Program Files\HydraDragonAntivirus\ghidra_projects
2024-08-03 18:19:41,636 - INFO - Created the ghidra_logs folder at: C:\Program Files\HydraDragonAntivirus\ghidra_logs
2024-08-03 18:19:42,449 - ERROR - Failed to stop ClamAV.
2024-08-03 18:22:30,881 - INFO - ClamAV restarted successfully.
2024-08-03 18:25:14,155 - INFO - Running analysis for: C:/Users/hydradragonantivirus/Desktop/Kyrazon Setup.exe
2024-08-03 18:25:14,155 - INFO - Performing sandbox analysis on: C:/Users/hydradragonantivirus/Desktop/Kyrazon Setup.exe
2024-08-03 18:25:14,179 - INFO - Real-time web protection observer started
2024-08-03 18:25:14,179 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 18:25:14,179 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 18:25:14,179 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 18:25:14,179 - INFO - Scanning file: C:\Users\hydradragonantivirus\Desktop\Kyrazon Setup.exe
2024-08-03 18:25:14,179 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 18:25:14,179 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 18:25:14,219 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: desktop.ini
2024-08-03 18:25:14,219 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 18:25:14,219 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 18:25:14,274 - INFO - Running Sandboxie control.
2024-08-03 18:25:14,274 - INFO - Sandbox analysis started. Please check log after you close program. There is no limit to scan time.
2024-08-03 18:25:25,057 - INFO - Decompiling file: C:\Users\hydradragonantivirus\Desktop\Kyrazon Setup.exe
2024-08-03 18:25:25,057 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:25,057 - INFO - Sandboxie control output:
2024-08-03 18:25:25,057 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 18:25:25,057 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 18:25:25,057 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:25,057 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 18:25:25,057 - INFO - Event detected: created for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:25,261 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:25,261 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 18:25:25,275 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:25,261 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 18:25:25,537 - INFO - Rule reversing_tool_process_name is excluded.
2024-08-03 18:25:25,537 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:25,537 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 18:25:25,537 - INFO - Rule reversing_tool_process_name is excluded.
2024-08-03 18:25:25,537 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:25,537 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 18:25:25,537 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini - No viruses detected
2024-08-03 18:25:25,537 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini'
2024-08-03 18:25:25,537 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' with parts '['desktop', 'ini']'
2024-08-03 18:25:25,537 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:25,537 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini - No viruses detected
2024-08-03 18:25:25,537 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini'
2024-08-03 18:25:25,537 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' with parts '['desktop', 'ini']'
2024-08-03 18:25:25,537 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:25,537 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-08-03 18:25:25,537 - INFO - Rule reversing_tool_process_name is excluded.
2024-08-03 18:25:25,537 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:25,537 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 18:25:25,537 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini - No viruses detected
2024-08-03 18:25:25,537 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini'
2024-08-03 18:25:25,537 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' with parts '['desktop', 'ini']'
2024-08-03 18:25:25,537 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:25,657 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: DONT-USE.TXT
2024-08-03 18:25:25,657 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-08-03 18:25:25,657 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-08-03 18:25:25,657 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-08-03 18:25:25,907 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-08-03 18:25:25,907 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-08-03 18:25:25,907 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-08-03 18:25:30,262 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:30,262 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:30,559 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 18:25:30,559 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 18:25:30,559 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 18:25:30,559 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:30,559 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 18:25:30,559 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 18:25:30,559 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 18:25:30,559 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:30,559 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:30,559 - INFO - File created: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:30,559 - INFO - Event detected: created for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:30,559 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:30,559 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 18:25:30,559 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:38,799 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-08-03 18:25:38,835 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-08-03 18:25:38,875 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-08-03 18:25:38,916 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:38,916 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 18:25:38,918 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT - No viruses detected
2024-08-03 18:25:38,918 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT'
2024-08-03 18:25:38,918 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' with parts '['DONT-USE', 'TXT']'
2024-08-03 18:25:38,918 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:38,918 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:38,918 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 18:25:38,918 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1'
2024-08-03 18:25:38,918 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' with parts '['RegHive', 'LOG1']'
2024-08-03 18:25:38,918 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:38,918 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:38,918 - INFO - File created: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:38,918 - INFO - Event detected: created for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 18:25:38,918 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 18:25:38,918 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 18:25:38,918 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 18:25:38,918 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive
2024-08-03 18:25:38,918 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:38,918 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 18:25:38,918 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:38,918 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:38,918 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 18:25:38,918 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT - No viruses detected
2024-08-03 18:25:38,918 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT'
2024-08-03 18:25:38,918 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' with parts '['DONT-USE', 'TXT']'
2024-08-03 18:25:38,918 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:38,918 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:38,918 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 18:25:38,918 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT - No viruses detected
2024-08-03 18:25:38,918 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT'
2024-08-03 18:25:38,918 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' with parts '['DONT-USE', 'TXT']'
2024-08-03 18:25:38,918 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:38,918 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:38,918 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:38,918 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 18:25:38,918 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:38,918 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:38,918 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 18:25:38,918 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:40,339 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:40,339 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 18:25:40,339 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 18:25:40,339 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 18:25:40,339 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:40,339 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:40,339 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 18:25:40,339 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 18:25:40,339 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 18:25:40,339 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:40,339 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:40,339 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:40,339 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:40,339 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 18:25:40,339 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:40,339 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 18:25:40,339 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:40,560 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:40,577 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 18:25:40,577 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 18:25:40,577 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 18:25:40,577 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 18:25:40,577 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:40,577 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive.LOG1
2024-08-03 18:25:40,577 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:40,577 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 18:25:40,577 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2'
2024-08-03 18:25:40,577 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' with parts '['RegHive', 'LOG2']'
2024-08-03 18:25:40,577 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:40,577 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 18:25:40,577 - INFO - File created: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 18:25:40,577 - INFO - Event detected: modified for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:40,577 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:40,577 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 18:25:40,577 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:40,577 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 18:25:40,577 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:40,577 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:40,577 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 18:25:40,577 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1'
2024-08-03 18:25:40,577 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' with parts '['RegHive', 'LOG1']'
2024-08-03 18:25:40,577 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:40,577 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 18:25:40,577 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 18:25:40,577 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 18:25:40,742 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:40,742 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 18:25:40,742 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1'
2024-08-03 18:25:40,742 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' with parts '['RegHive', 'LOG1']'
2024-08-03 18:25:40,742 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:40,742 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 18:25:40,742 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 18:25:40,742 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 18:25:40,742 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 18:25:40,820 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 18:25:40,820 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:40,820 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 18:25:40,820 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1'
2024-08-03 18:25:40,820 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' with parts '['RegHive', 'LOG1']'
2024-08-03 18:25:40,820 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:40,820 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive.LOG2
2024-08-03 18:25:40,820 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 18:25:40,820 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 18:25:40,820 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 18:25:40,820 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 18:25:40,820 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2'
2024-08-03 18:25:40,820 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' with parts '['RegHive', 'LOG2']'
2024-08-03 18:25:40,820 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:40,820 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:40,820 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 18:25:40,820 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 18:25:40,820 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2'
2024-08-03 18:25:40,820 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' with parts '['RegHive', 'LOG2']'
2024-08-03 18:25:40,820 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:40,820 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:40,820 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:40,999 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:40,999 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:41,253 - INFO - Scanning domain: cima.security.comodo.com
2024-08-03 18:25:41,299 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 18:25:41,299 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 18:25:41,299 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2'
2024-08-03 18:25:41,299 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' with parts '['RegHive', 'LOG2']'
2024-08-03 18:25:41,299 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:41,299 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:41,299 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:41,487 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:41,487 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:41,722 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 18:25:41,722 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 18:25:41,722 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 18:25:41,722 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:41,722 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:41,722 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:41,722 - INFO - Event detected: created for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:41,722 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:41,722 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:41,722 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:41,792 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:42,357 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:42,575 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:42,575 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 18:25:42,598 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:42,598 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 18:25:42,598 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf - No viruses detected
2024-08-03 18:25:42,598 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf'
2024-08-03 18:25:42,598 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf' with parts '['RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}', 'TM', 'blf']'
2024-08-03 18:25:42,598 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf' does not meet ransomware conditions
2024-08-03 18:25:42,620 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:42,620 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:42,620 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:42,620 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf - No viruses detected
2024-08-03 18:25:42,620 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf'
2024-08-03 18:25:42,620 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf' with parts '['RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}', 'TM', 'blf']'
2024-08-03 18:25:42,620 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf' does not meet ransomware conditions
2024-08-03 18:25:42,620 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:43,041 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:43,350 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:43,350 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 18:25:43,418 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf - No viruses detected
2024-08-03 18:25:43,418 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf'
2024-08-03 18:25:43,418 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf' with parts '['RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}', 'TM', 'blf']'
2024-08-03 18:25:43,418 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf' does not meet ransomware conditions
2024-08-03 18:25:43,418 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user
2024-08-03 18:25:43,418 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:43,444 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:43,488 - INFO - File created: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:43,488 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user'
2024-08-03 18:25:44,739 - INFO - Event detected: created for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:44,760 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:44,760 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 18:25:44,760 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:44,760 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user
2024-08-03 18:25:44,760 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf - No viruses detected
2024-08-03 18:25:44,760 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf'
2024-08-03 18:25:44,760 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf' with parts '['RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}', 'TM', 'blf']'
2024-08-03 18:25:44,760 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf' does not meet ransomware conditions
2024-08-03 18:25:44,760 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:44,760 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:44,781 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:44,781 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:44,781 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:45,081 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:45,081 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:45,603 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:46,348 - INFO - DNS Query (IPv4): cima.security.comodo.com
2024-08-03 18:25:46,348 - INFO - DNS Query (IPv4): cima.security.comodo.com
2024-08-03 18:25:46,348 - INFO - DNS Answer (IPv4): cima.security.comodo.com
2024-08-03 18:25:46,348 - INFO - Scanning IPv4 address: 156.154.70.25
2024-08-03 18:25:46,348 - INFO - Scanning IPv4 address: 10.0.2.15
2024-08-03 18:25:46,348 - INFO - Skipping local IP address: 10.0.2.15
2024-08-03 18:25:50,467 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:50,467 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 18:25:50,470 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:50,470 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 18:25:50,470 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms - No viruses detected
2024-08-03 18:25:50,470 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-08-03 18:25:50,470 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' with parts '['RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}', 'TMContainer00000000000000000001', 'regtrans-ms']'
2024-08-03 18:25:50,470 - INFO - Previous extension '.tmcontainer00000000000000000001' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 18:25:50,470 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:50,470 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 18:25:50,470 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms - No viruses detected
2024-08-03 18:25:50,470 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-08-03 18:25:50,470 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' with parts '['RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}', 'TMContainer00000000000000000001', 'regtrans-ms']'
2024-08-03 18:25:50,470 - INFO - Previous extension '.tmcontainer00000000000000000001' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 18:25:50,470 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:50,470 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms - No viruses detected
2024-08-03 18:25:50,470 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-08-03 18:25:50,470 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' with parts '['RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}', 'TMContainer00000000000000000001', 'regtrans-ms']'
2024-08-03 18:25:50,470 - INFO - Previous extension '.tmcontainer00000000000000000001' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 18:25:50,470 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:50,470 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:50,470 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:50,470 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:50,470 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:50,470 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 18:25:50,605 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms - No viruses detected
2024-08-03 18:25:50,605 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-08-03 18:25:50,605 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' with parts '['RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}', 'TMContainer00000000000000000001', 'regtrans-ms']'
2024-08-03 18:25:50,605 - INFO - Previous extension '.tmcontainer00000000000000000001' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 18:25:50,605 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:50,608 - INFO - File created: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:50,608 - INFO - Event detected: created for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:50,608 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:50,858 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:50,881 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:50,881 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:50,881 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:52,646 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:52,693 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:52,693 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:52,741 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:54,420 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:54,420 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 18:25:54,420 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms - No viruses detected
2024-08-03 18:25:54,420 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-08-03 18:25:54,420 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' with parts '['RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}', 'TMContainer00000000000000000002', 'regtrans-ms']'
2024-08-03 18:25:54,420 - INFO - Previous extension '.tmcontainer00000000000000000002' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 18:25:54,458 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp: nsExec.dll
2024-08-03 18:25:54,458 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:25:54,476 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:25:54,686 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:54,686 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 18:25:54,708 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms - No viruses detected
2024-08-03 18:25:54,708 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-08-03 18:25:54,708 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' with parts '['RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}', 'TMContainer00000000000000000002', 'regtrans-ms']'
2024-08-03 18:25:54,708 - INFO - Previous extension '.tmcontainer00000000000000000002' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 18:25:54,708 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:54,708 - INFO - File created: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:54,708 - INFO - Event detected: modified for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:54,708 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:54,708 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 18:25:54,708 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:54,832 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:54,832 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 18:25:54,847 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms - No viruses detected
2024-08-03 18:25:54,847 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-08-03 18:25:54,847 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' with parts '['RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}', 'TMContainer00000000000000000002', 'regtrans-ms']'
2024-08-03 18:25:54,847 - INFO - Previous extension '.tmcontainer00000000000000000002' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 18:25:54,863 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:54,863 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 18:25:54,863 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms - No viruses detected
2024-08-03 18:25:54,863 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-08-03 18:25:54,863 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' with parts '['RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}', 'TMContainer00000000000000000002', 'regtrans-ms']'
2024-08-03 18:25:54,863 - INFO - Previous extension '.tmcontainer00000000000000000002' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 18:25:54,883 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:54,883 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 18:25:54,883 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1'
2024-08-03 18:25:54,883 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' with parts '['RegHive', 'LOG1']'
2024-08-03 18:25:54,883 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:54,883 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:54,883 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 18:25:54,883 - INFO - Event detected: modified for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:54,883 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:54,883 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 18:25:54,883 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:54,906 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:25:54,906 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:25:54,906 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:25:54,906 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:25:54,935 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:25:55,129 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:55,142 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 18:25:55,142 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 18:25:55,142 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 18:25:55,142 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:55,142 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:55,142 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:25:55,142 - INFO - Event detected: modified for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:55,142 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:55,154 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:55,324 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:55,729 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:55,729 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 18:25:56,017 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf - No viruses detected
2024-08-03 18:25:56,017 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf'
2024-08-03 18:25:56,017 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf' with parts '['RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}', 'TM', 'blf']'
2024-08-03 18:25:56,017 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf' does not meet ransomware conditions
2024-08-03 18:25:56,017 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:56,017 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TM.blf
2024-08-03 18:25:56,017 - INFO - Event detected: modified for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:56,017 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:56,037 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:56,257 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:57,131 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user
2024-08-03 18:25:57,157 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user'
2024-08-03 18:25:57,157 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user'
2024-08-03 18:25:57,157 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user' with parts '['user']'
2024-08-03 18:25:57,157 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:25:57,755 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:25:57,755 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 18:25:57,826 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms - No viruses detected
2024-08-03 18:25:57,826 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-08-03 18:25:57,826 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' with parts '['RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}', 'TMContainer00000000000000000001', 'regtrans-ms']'
2024-08-03 18:25:57,893 - INFO - Previous extension '.tmcontainer00000000000000000001' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 18:25:57,893 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:57,893 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 18:25:57,893 - INFO - Event detected: modified for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:57,893 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:57,893 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:25:58,685 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:26:02,099 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\app-64.7z
2024-08-03 18:26:02,181 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:26:02,181 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 18:26:02,681 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\app-64.7z
2024-08-03 18:26:02,681 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms - No viruses detected
2024-08-03 18:26:02,681 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-08-03 18:26:02,681 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' with parts '['RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}', 'TMContainer00000000000000000002', 'regtrans-ms']'
2024-08-03 18:26:02,681 - INFO - Previous extension '.tmcontainer00000000000000000002' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 18:26:02,681 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:26:02,681 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{25037aa0-51aa-11ef-a23b-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 18:26:02,681 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\app-64.7z
2024-08-03 18:26:03,634 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\app-64.7z
2024-08-03 18:26:38,484 - INFO - Scanning domain: _dosvc._tcp.local
2024-08-03 18:26:42,815 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:26:42,815 - INFO - Scanning IPv4 address: 224.0.0.251
2024-08-03 18:26:43,065 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:26:43,065 - INFO - Scanning IPv6 address: fe80::6d5e:d8b1:b8f:d24f
2024-08-03 18:26:43,065 - INFO - Scanning IPv6 address: ff02::fb
2024-08-03 18:26:43,065 - INFO - Scanning domain: victim._dosvc._tcp.local
2024-08-03 18:26:47,055 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:26:47,510 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:26:47,510 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:26:49,038 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:26:49,038 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:26:49,038 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:26:49,038 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:26:49,038 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:26:49,095 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:26:49,101 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:26:49,101 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 18:26:49,135 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 18:28:03,716 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\app-64.7z
2024-08-03 18:28:04,613 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\app-64.7z
2024-08-03 18:28:31,153 - INFO - Scanning domain: v10.events.data.microsoft.com
2024-08-03 18:28:44,902 - INFO - DNS Query (IPv4): v10.events.data.microsoft.com
2024-08-03 18:28:44,902 - INFO - DNS Query (IPv4): v10.events.data.microsoft.com
2024-08-03 18:28:44,902 - INFO - DNS Answer (IPv4): v10.events.data.microsoft.com
2024-08-03 18:28:44,902 - INFO - Scanning domain: win-global-asimov-leafs-events-data.trafficmanager.net
2024-08-03 18:28:51,753 - INFO - DNS Answer (IPv4): win-global-asimov-leafs-events-data.trafficmanager.net
2024-08-03 18:28:51,753 - INFO - Scanning domain: onedscolprdeus05.eastus.cloudapp.azure.com
2024-08-03 18:28:57,564 - INFO - DNS Answer (IPv4): onedscolprdeus05.eastus.cloudapp.azure.com
2024-08-03 18:29:03,791 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:29:04,627 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:29:04,627 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:29:04,627 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:29:04,627 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:29:04,627 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:29:04,627 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:29:04,627 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:29:05,975 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:29:05,975 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:29:05,975 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:29:05,975 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:29:05,975 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:29:05,975 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:29:06,013 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 18:29:06,098 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 18:29:06,098 - INFO - Scanning domain: v20.events.data.microsoft.com
2024-08-03 18:29:11,971 - INFO - DNS Query (IPv4): v20.events.data.microsoft.com
2024-08-03 18:29:11,988 - INFO - DNS Query (IPv4): v20.events.data.microsoft.com
2024-08-03 18:29:11,988 - INFO - DNS Answer (IPv4): v20.events.data.microsoft.com
2024-08-03 18:29:11,990 - INFO - DNS Answer (IPv4): win-global-asimov-leafs-events-data.trafficmanager.net
2024-08-03 18:29:11,990 - INFO - Scanning domain: onedscolprdcus15.centralus.cloudapp.azure.com
2024-08-03 18:29:18,404 - INFO - DNS Answer (IPv4): onedscolprdcus15.centralus.cloudapp.azure.com
2024-08-03 18:29:18,598 - INFO - Scanning domain: _microsoft_mcc._tcp.local
2024-08-03 18:29:23,170 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 18:29:23,170 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 18:29:23,170 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 18:29:23,170 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 18:29:24,808 - INFO - Scanning domain: cmc.comodo.com
2024-08-03 18:29:29,410 - INFO - DNS Query (IPv4): cmc.comodo.com
2024-08-03 18:29:29,410 - INFO - DNS Query (IPv4): cmc.comodo.com
2024-08-03 18:29:29,410 - INFO - DNS Answer (IPv4): cmc.comodo.com
2024-08-03 18:29:29,410 - INFO - Scanning domain: cis.td.security.comodo.com
2024-08-03 18:29:35,858 - INFO - DNS Query (IPv4): cis.td.security.comodo.com
2024-08-03 18:29:35,858 - INFO - DNS Query (IPv4): cis.td.security.comodo.com
2024-08-03 18:29:35,858 - INFO - DNS Answer (IPv4): cis.td.security.comodo.com
2024-08-03 18:29:35,858 - INFO - DNS Answer (IPv4): cis.td.security.comodo.com
2024-08-03 18:29:35,858 - INFO - DNS Answer (IPv4): cis.td.security.comodo.com
2024-08-03 18:29:35,858 - INFO - Scanning domain: download.comodo.com
2024-08-03 18:29:40,797 - INFO - DNS Query (IPv4): download.comodo.com
2024-08-03 18:29:40,797 - INFO - DNS Query (IPv4): download.comodo.com
2024-08-03 18:29:40,797 - INFO - DNS Answer (IPv4): download.comodo.com
2024-08-03 18:29:40,797 - INFO - Scanning domain: cdn.download.comodo.com
2024-08-03 18:29:40,797 - INFO - DNS Query (IPv4): cdn.download.comodo.com
2024-08-03 18:29:40,797 - INFO - DNS Query (IPv4): cdn.download.comodo.com
2024-08-03 18:29:40,797 - INFO - DNS Answer (IPv4): cdn.download.comodo.com
2024-08-03 18:29:40,797 - INFO - Scanning domain: cdn.download.comodo.com.i.belugacdn.com
2024-08-03 18:29:49,989 - INFO - DNS Answer (IPv4): cdn.download.comodo.com.i.belugacdn.com
2024-08-03 18:29:49,989 - INFO - Scanning domain: cdn-download-comodo.b-cdn.net
2024-08-03 18:29:49,989 - INFO - DNS Answer (IPv4): cdn-download-comodo.b-cdn.net
2024-08-03 18:29:49,989 - INFO - Scanning domain: wpad.home
2024-08-03 18:29:59,507 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:29:59,507 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:29:59,507 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:29:59,507 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:30:36,212 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:30:36,212 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:30:36,212 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:30:36,478 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:30:36,478 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:30:38,231 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:30:38,945 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:30:38,945 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:30:38,945 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:30:38,945 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:30:38,945 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:30:40,683 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:30:40,683 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:30:40,683 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:30:40,683 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 18:30:40,683 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 18:32:21,019 - INFO - DNS Query (IPv4): download.comodo.com
2024-08-03 18:32:21,050 - INFO - DNS Query (IPv4): download.comodo.com
2024-08-03 18:32:21,050 - INFO - DNS Answer (IPv4): download.comodo.com
2024-08-03 18:32:21,171 - INFO - DNS Query (IPv4): cdn.download.comodo.com
2024-08-03 18:32:21,171 - INFO - DNS Query (IPv4): cdn.download.comodo.com
2024-08-03 18:32:21,171 - INFO - DNS Answer (IPv4): cdn.download.comodo.com
2024-08-03 18:32:21,171 - INFO - DNS Answer (IPv4): cdn.download.comodo.com.i.belugacdn.com
2024-08-03 18:32:21,171 - INFO - DNS Answer (IPv4): cdn-download-comodo.b-cdn.net
2024-08-03 18:32:30,360 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:32:42,418 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:32:47,481 - INFO - Scanning domain: licensing.security.comodo.com
2024-08-03 18:32:51,288 - INFO - DNS Query (IPv4): licensing.security.comodo.com
2024-08-03 18:32:52,633 - INFO - DNS Query (IPv4): licensing.security.comodo.com
2024-08-03 18:32:52,633 - INFO - DNS Answer (IPv4): licensing.security.comodo.com
2024-08-03 18:32:58,619 - INFO - DNS Query (IPv4): cdn.download.comodo.com
2024-08-03 18:32:58,619 - INFO - DNS Query (IPv4): cdn.download.comodo.com
2024-08-03 18:32:58,619 - INFO - DNS Answer (IPv4): cdn.download.comodo.com
2024-08-03 18:32:58,619 - INFO - DNS Answer (IPv4): cdn.download.comodo.com.i.belugacdn.com
2024-08-03 18:32:58,619 - INFO - DNS Answer (IPv4): cdn-download-comodo.b-cdn.net
2024-08-03 18:33:09,913 - INFO - DNS Query (IPv4): download.comodo.com
2024-08-03 18:33:09,921 - INFO - DNS Query (IPv4): download.comodo.com
2024-08-03 18:33:09,921 - INFO - DNS Answer (IPv4): download.comodo.com
2024-08-03 18:33:10,285 - INFO - DNS Query (IPv4): cdn.download.comodo.com
2024-08-03 18:33:10,301 - INFO - DNS Query (IPv4): cdn.download.comodo.com
2024-08-03 18:33:10,301 - INFO - DNS Answer (IPv4): cdn.download.comodo.com
2024-08-03 18:33:10,301 - INFO - DNS Answer (IPv4): cdn.download.comodo.com.i.belugacdn.com
2024-08-03 18:33:10,301 - INFO - DNS Answer (IPv4): cdn-download-comodo.b-cdn.net
2024-08-03 18:33:18,651 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 18:33:20,515 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 18:33:20,515 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 18:33:33,609 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 18:33:34,393 - INFO - DNS Query (IPv4): cdn.download.comodo.com
2024-08-03 18:33:34,941 - INFO - DNS Query (IPv4): cdn.download.comodo.com
2024-08-03 18:33:34,941 - INFO - DNS Answer (IPv4): cdn.download.comodo.com
2024-08-03 18:33:34,941 - INFO - DNS Answer (IPv4): cdn.download.comodo.com.i.belugacdn.com
2024-08-03 18:33:34,941 - INFO - DNS Answer (IPv4): cdn-download-comodo.b-cdn.net
2024-08-03 18:36:29,123 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:36:29,215 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:36:29,215 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:36:29,800 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:36:29,800 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:36:30,176 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:36:30,211 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:36:53,035 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:36:53,035 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 18:36:53,049 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 18:37:00,682 - INFO - Scanning domain: ntp.msn.com
2024-08-03 18:37:19,266 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 18:37:19,266 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 18:37:19,266 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 18:37:19,266 - INFO - DNS Answer (IPv4): ntp.msn.com
2024-08-03 18:37:19,266 - INFO - Scanning domain: www-msn-com.a-0003.a-msedge.net
2024-08-03 18:37:29,976 - WARNING - Suspicious startup file detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup: KyrazonGodot.lnk
2024-08-03 18:38:06,377 - INFO - DNS Answer (IPv4): www-msn-com.a-0003.a-msedge.net
2024-08-03 18:38:06,389 - INFO - Scanning domain: a-0003.a-msedge.net
2024-08-03 18:38:32,357 - INFO - DNS Answer (IPv4): a-0003.a-msedge.net
2024-08-03 18:38:32,357 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 18:38:32,357 - INFO - DNS Answer (IPv4): ntp.msn.com
2024-08-03 18:38:32,357 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:38:38,847 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:38:38,877 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 18:38:38,890 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 18:38:38,890 - INFO - DNS Answer (IPv4): ntp.msn.com
2024-08-03 18:38:38,890 - INFO - DNS Answer (IPv4): www-msn-com.a-0003.a-msedge.net
2024-08-03 18:38:38,890 - INFO - DNS Answer (IPv4): a-0003.a-msedge.net
2024-08-03 18:38:38,906 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:38:38,913 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:38:40,360 - INFO - Scanning domain: functional.events.data.microsoft.com
2024-08-03 18:38:46,042 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk
2024-08-03 18:38:48,086 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk
2024-08-03 18:38:48,835 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 18:38:48,835 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 18:38:48,835 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 18:38:48,835 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 18:38:48,835 - INFO - Scanning domain: global.asimov.events.data.trafficmanager.net
2024-08-03 18:39:02,126 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 18:39:02,126 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 18:39:02,126 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 18:39:02,126 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 18:39:02,126 - INFO - Scanning domain: onedscolprdcus08.centralus.cloudapp.azure.com
2024-08-03 18:39:09,541 - INFO - DNS Answer (IPv4): onedscolprdcus08.centralus.cloudapp.azure.com
2024-08-03 18:39:11,812 - INFO - Scanning domain: usfftp.security.comodo.com
2024-08-03 18:39:17,640 - INFO - DNS Query (IPv4): usfftp.security.comodo.com
2024-08-03 18:39:17,640 - INFO - DNS Query (IPv4): usfftp.security.comodo.com
2024-08-03 18:39:17,640 - INFO - DNS Answer (IPv4): usfftp.security.comodo.com
2024-08-03 18:39:27,809 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:39:27,809 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:39:27,824 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:39:27,824 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:39:27,828 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:39:27,838 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:39:27,838 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:39:27,843 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:39:28,120 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:39:28,120 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:39:28,132 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:39:28,132 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:39:28,132 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:39:28,154 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:39:28,154 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 18:39:28,219 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 18:39:28,219 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 18:39:28,219 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 18:39:28,219 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 18:39:28,219 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 18:39:28,375 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:39:28,375 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:39:28,375 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:39:30,270 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:39:30,275 - INFO - Scanning domain: dns.msftncsi.com
2024-08-03 18:39:33,357 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk
2024-08-03 18:39:44,783 - INFO - DNS Query (IPv4): dns.msftncsi.com
2024-08-03 18:39:44,783 - INFO - DNS Query (IPv4): dns.msftncsi.com
2024-08-03 18:39:44,783 - INFO - DNS Answer (IPv4): dns.msftncsi.com
2024-08-03 18:39:44,783 - INFO - DNS Query (IPv4): dns.msftncsi.com
2024-08-03 18:39:44,783 - INFO - DNS Query (IPv4): dns.msftncsi.com
2024-08-03 18:39:44,783 - INFO - DNS Answer (IPv4): dns.msftncsi.com
2024-08-03 18:39:44,783 - INFO - Scanning IPv4 address: 156.154.71.25
2024-08-03 18:40:30,450 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:40:30,492 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:40:30,531 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:40:30,531 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:40:30,531 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:40:30,538 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:40:30,538 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:40:30,538 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:40:30,538 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:40:30,548 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:40:30,554 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 18:40:30,560 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 18:40:30,560 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 18:40:30,605 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 18:40:30,605 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:40:30,605 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 18:40:30,605 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 18:40:30,605 - INFO - DNS Answer (IPv4): ntp.msn.com
2024-08-03 18:40:30,637 - INFO - DNS Answer (IPv4): www-msn-com.a-0003.a-msedge.net
2024-08-03 18:40:30,637 - INFO - DNS Answer (IPv4): a-0003.a-msedge.net
2024-08-03 18:40:30,637 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 18:40:30,637 - INFO - DNS Answer (IPv4): ntp.msn.com
2024-08-03 18:40:30,646 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:40:30,724 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 18:40:30,724 - INFO - DNS Answer (IPv4): ntp.msn.com
2024-08-03 18:40:30,724 - INFO - DNS Answer (IPv4): www-msn-com.a-0003.a-msedge.net
2024-08-03 18:40:30,724 - INFO - DNS Answer (IPv4): a-0003.a-msedge.net
2024-08-03 18:40:30,769 - INFO - Scanning domain: watson.events.data.microsoft.com
2024-08-03 18:40:31,332 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:40:31,332 - INFO - Rule ct_size_1kb_10kb is excluded.
2024-08-03 18:40:31,332 - INFO - Rule PEiD_01130_Microsoft_Windows_Shortcut_file_ is excluded.
2024-08-03 18:40:31,333 - INFO - Rule isLNK is excluded.
2024-08-03 18:40:31,334 - INFO - Rule EXE_in_LNK is excluded.
2024-08-03 18:40:32,265 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk - Virus: ['Long_RelativePath_LNK']
2024-08-03 18:40:32,265 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk'
2024-08-03 18:40:32,265 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk' with parts '['KyrazonGodot', 'lnk']'
2024-08-03 18:40:32,265 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:40:32,265 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk is malicious. Virus: Long_RelativePath_LNK
2024-08-03 18:40:43,314 - INFO - DNS Query (IPv4): watson.events.data.microsoft.com
2024-08-03 18:40:43,314 - INFO - DNS Query (IPv4): watson.events.data.microsoft.com
2024-08-03 18:40:43,314 - INFO - DNS Answer (IPv4): watson.events.data.microsoft.com
2024-08-03 18:40:43,314 - INFO - Scanning domain: blobcollectorcommon.trafficmanager.net
2024-08-03 18:40:51,380 - INFO - DNS Answer (IPv4): blobcollectorcommon.trafficmanager.net
2024-08-03 18:40:51,380 - INFO - Scanning domain: onedsblobprdwus17.westus.cloudapp.azure.com
2024-08-03 18:41:01,547 - INFO - DNS Answer (IPv4): onedsblobprdwus17.westus.cloudapp.azure.com
2024-08-03 18:41:01,971 - INFO - DNS Query (IPv4): usfftp.security.comodo.com
2024-08-03 18:41:01,971 - INFO - DNS Query (IPv4): usfftp.security.comodo.com
2024-08-03 18:41:01,971 - INFO - DNS Answer (IPv4): usfftp.security.comodo.com
2024-08-03 18:41:01,971 - INFO - Scanning domain: deff.nelreports.net
2024-08-03 18:41:12,915 - INFO - DNS Query (IPv4): deff.nelreports.net
2024-08-03 18:41:12,915 - INFO - DNS Query (IPv4): deff.nelreports.net
2024-08-03 18:41:12,915 - INFO - DNS Query (IPv4): deff.nelreports.net
2024-08-03 18:41:12,915 - INFO - DNS Answer (IPv4): deff.nelreports.net
2024-08-03 18:41:12,915 - INFO - Scanning domain: deff.nelreports.net.akamaized.net
2024-08-03 18:41:26,162 - INFO - DNS Answer (IPv4): deff.nelreports.net.akamaized.net
2024-08-03 18:41:26,165 - INFO - DNS Query (IPv4): deff.nelreports.net
2024-08-03 18:41:26,165 - INFO - DNS Answer (IPv4): deff.nelreports.net
2024-08-03 18:41:26,169 - INFO - DNS Answer (IPv4): deff.nelreports.net.akamaized.net
2024-08-03 18:41:26,169 - INFO - Scanning domain: a1858.dscd.akamai.net
2024-08-03 18:41:33,291 - INFO - DNS Answer (IPv4): a1858.dscd.akamai.net
2024-08-03 18:41:33,291 - INFO - DNS Answer (IPv4): a1858.dscd.akamai.net
2024-08-03 18:41:33,383 - INFO - Scanning domain: img-s-msn-com.akamaized.net
2024-08-03 18:41:37,545 - INFO - DNS Query (IPv4): img-s-msn-com.akamaized.net
2024-08-03 18:41:37,545 - INFO - DNS Query (IPv4): img-s-msn-com.akamaized.net
2024-08-03 18:41:37,545 - INFO - Scanning domain: sb.scorecardresearch.com
2024-08-03 18:41:53,668 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 18:41:53,668 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 18:41:53,668 - INFO - Scanning domain: th.bing.com
2024-08-03 18:42:00,091 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 18:42:00,091 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 18:42:00,091 - INFO - DNS Query (IPv4): img-s-msn-com.akamaized.net
2024-08-03 18:42:00,091 - INFO - DNS Answer (IPv4): img-s-msn-com.akamaized.net
2024-08-03 18:42:00,091 - INFO - Scanning domain: a1834.dscg2.akamai.net
2024-08-03 18:42:05,487 - INFO - DNS Answer (IPv4): a1834.dscg2.akamai.net
2024-08-03 18:42:05,487 - INFO - DNS Answer (IPv4): a1834.dscg2.akamai.net
2024-08-03 18:42:05,487 - INFO - DNS Query (IPv4): img-s-msn-com.akamaized.net
2024-08-03 18:42:05,487 - INFO - DNS Answer (IPv4): img-s-msn-com.akamaized.net
2024-08-03 18:42:05,487 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 18:42:05,487 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 18:42:05,487 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 18:42:05,487 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 18:42:05,487 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 18:42:05,487 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 18:42:05,487 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 18:42:05,487 - INFO - DNS Answer (IPv4): th.bing.com
2024-08-03 18:42:05,487 - INFO - Scanning domain: p-th.bing.com.trafficmanager.net
2024-08-03 18:42:10,258 - INFO - DNS Answer (IPv4): p-th.bing.com.trafficmanager.net
2024-08-03 18:42:13,185 - INFO - Scanning domain: th.bing.com.edgekey.net
2024-08-03 18:42:18,460 - INFO - DNS Answer (IPv4): th.bing.com.edgekey.net
2024-08-03 18:42:18,460 - INFO - Scanning domain: e86303.dscx.akamaiedge.net
2024-08-03 18:42:22,973 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:42:22,973 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:42:22,973 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:42:22,973 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:42:22,973 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:42:22,973 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:42:22,973 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:42:22,973 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:42:22,973 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:42:22,973 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 18:42:22,973 - INFO - DNS Answer (IPv4): th.bing.com
2024-08-03 18:42:22,973 - INFO - DNS Answer (IPv4): p-th.bing.com.trafficmanager.net
2024-08-03 18:42:22,973 - INFO - DNS Answer (IPv4): th.bing.com.edgekey.net
2024-08-03 18:42:22,973 - INFO - Scanning domain: www.bing.com
2024-08-03 18:42:27,283 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 18:42:27,283 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 18:42:27,283 - INFO - Scanning domain: c.msn.com
2024-08-03 18:42:44,323 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 18:42:44,323 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 18:42:44,323 - INFO - Scanning domain: c.bing.com
2024-08-03 18:42:49,869 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 18:42:49,869 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 18:42:49,869 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 18:42:49,869 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 18:42:49,869 - INFO - Scanning domain: www-www.bing.com.trafficmanager.net
2024-08-03 18:42:55,657 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 18:42:55,657 - INFO - Scanning domain: www.bing.com.edgekey.net
2024-08-03 18:43:01,758 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 18:43:01,758 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 18:43:01,758 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 18:43:01,758 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 18:43:01,758 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 18:43:01,758 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:43:01,758 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:43:01,758 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:43:01,758 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:43:01,758 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:43:01,758 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:43:01,758 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:43:01,758 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:43:01,758 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:43:01,758 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 18:43:01,758 - INFO - DNS Answer (IPv4): c.msn.com
2024-08-03 18:43:01,758 - INFO - Scanning domain: c-msn-com-nsatc.trafficmanager.net
2024-08-03 18:43:07,026 - INFO - DNS Answer (IPv4): c-msn-com-nsatc.trafficmanager.net
2024-08-03 18:43:07,026 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 18:43:07,026 - INFO - DNS Answer (IPv4): c.bing.com
2024-08-03 18:43:07,026 - INFO - Scanning domain: c-bing-com.dual-a-0034.a-msedge.net
2024-08-03 18:43:12,372 - INFO - DNS Answer (IPv4): c-bing-com.dual-a-0034.a-msedge.net
2024-08-03 18:43:12,372 - INFO - Scanning domain: dual-a-0034.a-msedge.net
2024-08-03 18:43:17,268 - INFO - DNS Answer (IPv4): dual-a-0034.a-msedge.net
2024-08-03 18:43:17,268 - INFO - DNS Answer (IPv4): dual-a-0034.a-msedge.net
2024-08-03 18:43:17,268 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 18:43:17,268 - INFO - DNS Answer (IPv4): c.msn.com
2024-08-03 18:43:17,268 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 18:43:17,268 - INFO - DNS Answer (IPv4): c.bing.com
2024-08-03 18:43:54,884 - INFO - Scanning domain: assets.msn.com
2024-08-03 18:43:58,685 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 18:43:59,775 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 18:43:59,775 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 18:43:59,775 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 18:43:59,775 - INFO - Scanning domain: assets.msn.com.edgekey.net
2024-08-03 18:44:07,273 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 18:44:07,273 - INFO - Scanning domain: e28578.d.akamaiedge.net
2024-08-03 18:44:12,498 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:44:12,498 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:44:12,498 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:44:12,894 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:44:12,894 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:44:12,894 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:44:12,894 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:44:12,894 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:44:12,894 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:44:12,894 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 18:44:12,894 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 18:44:12,894 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 18:44:12,894 - INFO - Scanning domain: api.msn.com
2024-08-03 18:44:16,642 - INFO - DNS Query (IPv4): api.msn.com
2024-08-03 18:44:16,642 - INFO - DNS Query (IPv4): api.msn.com
2024-08-03 18:44:16,642 - INFO - DNS Query (IPv4): api.msn.com
2024-08-03 18:44:16,642 - INFO - DNS Answer (IPv4): api.msn.com
2024-08-03 18:44:16,642 - INFO - Scanning domain: api-msn-com.a-0003.a-msedge.net
2024-08-03 18:44:20,479 - INFO - DNS Answer (IPv4): api-msn-com.a-0003.a-msedge.net
2024-08-03 18:44:22,808 - INFO - DNS Answer (IPv4): a-0003.a-msedge.net
2024-08-03 18:44:22,808 - INFO - DNS Query (IPv4): api.msn.com
2024-08-03 18:44:22,808 - INFO - DNS Answer (IPv4): api.msn.com
2024-08-03 18:44:22,855 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 18:44:22,919 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 18:44:22,919 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 18:44:22,919 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 18:44:22,919 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 18:44:22,919 - INFO - Scanning domain: onedscolprdwus22.westus.cloudapp.azure.com
2024-08-03 18:44:23,319 - INFO - Decompilation completed successfully for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:44:23,339 - INFO - Decompilation completed successfully for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:44:23,348 - INFO - Decompilation completed successfully for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:44:28,514 - INFO - DNS Answer (IPv4): onedscolprdwus22.westus.cloudapp.azure.com
2024-08-03 18:44:28,514 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 18:44:28,514 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 18:44:28,514 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 18:44:37,564 - INFO - Scanning domain: ctldl.windowsupdate.com
2024-08-03 18:44:41,147 - INFO - DNS Query (IPv4): ctldl.windowsupdate.com
2024-08-03 18:44:41,604 - INFO - DNS Query (IPv4): ctldl.windowsupdate.com
2024-08-03 18:44:41,604 - INFO - DNS Answer (IPv4): ctldl.windowsupdate.com
2024-08-03 18:44:41,604 - INFO - Scanning domain: ctldl.windowsupdate.com.delivery.microsoft.com
2024-08-03 18:44:45,497 - INFO - DNS Answer (IPv4): ctldl.windowsupdate.com.delivery.microsoft.com
2024-08-03 18:44:45,497 - INFO - Scanning domain: wu-b-net.trafficmanager.net
2024-08-03 18:44:47,494 - INFO - DNS Answer (IPv4): wu-b-net.trafficmanager.net
2024-08-03 18:44:47,494 - INFO - Scanning domain: wu.azureedge.net
2024-08-03 18:44:50,257 - INFO - DNS Answer (IPv4): wu.azureedge.net
2024-08-03 18:44:50,257 - INFO - Scanning domain: wu.ec.azureedge.net
2024-08-03 18:44:53,183 - INFO - DNS Answer (IPv4): wu.ec.azureedge.net
2024-08-03 18:44:53,183 - INFO - Scanning domain: bg.apr-52dd2-0503.edgecastdns.net
2024-08-03 18:44:58,178 - INFO - DNS Answer (IPv4): bg.apr-52dd2-0503.edgecastdns.net
2024-08-03 18:44:58,178 - INFO - Scanning domain: hlb.apr-52dd2-0.edgecastdns.net
2024-08-03 18:45:01,441 - INFO - DNS Answer (IPv4): hlb.apr-52dd2-0.edgecastdns.net
2024-08-03 18:45:01,441 - INFO - Scanning domain: cs11.wpc.v0cdn.net
2024-08-03 18:45:05,305 - INFO - DNS Answer (IPv4): cs11.wpc.v0cdn.net
2024-08-03 18:45:05,305 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 18:45:05,305 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 18:45:05,305 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 18:45:05,305 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 18:45:05,305 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 18:45:05,305 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:45:05,305 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:45:05,305 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:45:05,305 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:45:05,305 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:45:05,305 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:45:05,305 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:45:05,305 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:45:05,305 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:45:05,305 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 18:45:05,305 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 18:45:05,305 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 18:45:05,988 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:45:05,988 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:45:05,988 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:45:05,988 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:45:05,988 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:45:05,988 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:45:05,988 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:45:05,988 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:45:05,988 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:45:05,988 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:45:05,988 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 18:45:05,988 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 18:45:06,293 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 18:45:06,293 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 18:45:06,293 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 18:45:06,293 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 18:45:06,293 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:45:06,293 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:45:07,029 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:45:07,860 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:45:07,860 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:45:07,860 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:45:07,860 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:45:07,860 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:45:07,860 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:45:07,860 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:45:07,860 - INFO - DNS Query (IPv4): v10.events.data.microsoft.com
2024-08-03 18:45:07,860 - INFO - DNS Query (IPv4): v10.events.data.microsoft.com
2024-08-03 18:45:07,860 - INFO - DNS Answer (IPv4): v10.events.data.microsoft.com
2024-08-03 18:45:07,860 - INFO - DNS Answer (IPv4): win-global-asimov-leafs-events-data.trafficmanager.net
2024-08-03 18:45:07,860 - INFO - Scanning domain: onedscolprdeus01.eastus.cloudapp.azure.com
2024-08-03 18:45:13,305 - INFO - DNS Answer (IPv4): onedscolprdeus01.eastus.cloudapp.azure.com
2024-08-03 18:45:13,305 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:45:13,305 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:45:13,305 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:45:13,305 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:45:13,491 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:45:13,491 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:45:13,491 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 18:45:13,491 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 18:45:13,834 - INFO - DNS Query (IPv4): v20.events.data.microsoft.com
2024-08-03 18:45:13,834 - INFO - DNS Query (IPv4): v20.events.data.microsoft.com
2024-08-03 18:45:13,933 - INFO - DNS Answer (IPv4): v20.events.data.microsoft.com
2024-08-03 18:45:13,933 - INFO - DNS Answer (IPv4): win-global-asimov-leafs-events-data.trafficmanager.net
2024-08-03 18:45:13,933 - INFO - Scanning domain: onedscolprdwus16.westus.cloudapp.azure.com
2024-08-03 18:45:17,418 - INFO - DNS Answer (IPv4): onedscolprdwus16.westus.cloudapp.azure.com
2024-08-03 18:45:32,883 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 18:45:32,903 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 18:45:32,936 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 18:45:32,936 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 18:45:32,936 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 18:45:32,936 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:45:32,936 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:45:33,185 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:45:33,185 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:45:33,185 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:45:33,185 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:45:33,185 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:45:33,185 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:45:33,185 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 18:45:33,192 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 18:45:33,192 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 18:45:33,192 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 18:45:39,911 - INFO - Scanning domain: srtb.msn.com
2024-08-03 18:45:41,079 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll'
2024-08-03 18:45:45,026 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll'
2024-08-03 18:45:56,171 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:45:56,234 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll'
2024-08-03 18:45:56,238 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:46:02,703 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:46:06,772 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:46:07,109 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:46:07,109 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:46:07,575 - INFO - DNS Query (IPv4): srtb.msn.com
2024-08-03 18:46:07,832 - INFO - DNS Query (IPv4): srtb.msn.com
2024-08-03 18:46:12,780 - INFO - DNS Query (IPv4): srtb.msn.com
2024-08-03 18:46:12,780 - INFO - DNS Answer (IPv4): srtb.msn.com
2024-08-03 18:46:12,780 - INFO - Scanning domain: www.msn.com
2024-08-03 18:46:15,742 - INFO - DNS Answer (IPv4): www.msn.com
2024-08-03 18:46:15,742 - INFO - DNS Answer (IPv4): www-msn-com.a-0003.a-msedge.net
2024-08-03 18:46:15,742 - INFO - DNS Answer (IPv4): a-0003.a-msedge.net
2024-08-03 18:46:15,742 - INFO - DNS Query (IPv4): srtb.msn.com
2024-08-03 18:46:15,742 - INFO - DNS Answer (IPv4): srtb.msn.com
2024-08-03 18:46:15,742 - INFO - DNS Answer (IPv4): www.msn.com
2024-08-03 18:46:16,082 - INFO - Scanning domain: discord.com
2024-08-03 18:46:19,530 - INFO - DNS Query (IPv4): discord.com
2024-08-03 18:46:19,530 - INFO - DNS Query (IPv4): discord.com
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): discord.com
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): discord.com
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): discord.com
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): discord.com
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): discord.com
2024-08-03 18:46:19,530 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 18:46:19,530 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 18:46:19,530 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): th.bing.com
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): p-th.bing.com.trafficmanager.net
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): th.bing.com.edgekey.net
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 18:46:19,530 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): th.bing.com
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): p-th.bing.com.trafficmanager.net
2024-08-03 18:46:19,530 - INFO - DNS Answer (IPv4): th.bing.com.edgekey.net
2024-08-03 18:46:48,385 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:46:48,385 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:46:48,491 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:46:49,614 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-08-03 18:46:49,614 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-08-03 18:46:49,625 - INFO - Rule head_mz is excluded.
2024-08-03 18:46:49,625 - INFO - Rule head_pe_signed is excluded.
2024-08-03 18:46:49,625 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:46:49,625 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-08-03 18:46:49,625 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-08-03 18:46:49,625 - INFO - Rule ct_size_1kb_10kb is excluded.
2024-08-03 18:46:49,625 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-08-03 18:46:49,625 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-08-03 18:46:49,625 - INFO - Rule head_mz is excluded.
2024-08-03 18:46:49,625 - INFO - Rule head_pe_signed is excluded.
2024-08-03 18:46:49,625 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:46:49,625 - INFO - Rule head_mz is excluded.
2024-08-03 18:46:49,625 - INFO - Rule head_mz_b_small_5kb_10kb is excluded.
2024-08-03 18:46:49,625 - INFO - Rule Contains_PE_File is excluded.
2024-08-03 18:46:49,625 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-08-03 18:46:49,625 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 18:46:49,625 - INFO - Rule ct_size_1kb_10kb is excluded.
2024-08-03 18:46:49,625 - INFO - Rule head_pe_signed is excluded.
2024-08-03 18:46:49,625 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-08-03 18:46:49,625 - INFO - Rule head_mz_b_small_5kb_10kb is excluded.
2024-08-03 18:46:49,625 - INFO - Rule Contains_PE_File is excluded.
2024-08-03 18:46:49,625 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-08-03 18:46:49,625 - INFO - Rule Failed_Checksum is excluded.
2024-08-03 18:46:49,625 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:46:49,625 - INFO - Rule ct_size_1kb_10kb is excluded.
2024-08-03 18:46:49,625 - INFO - Rule head_mz_b_small_5kb_10kb is excluded.
2024-08-03 18:46:49,625 - INFO - Rule Contains_PE_File is excluded.
2024-08-03 18:46:49,625 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-08-03 18:46:49,625 - INFO - Rule win_files_operation is excluded.
2024-08-03 18:46:49,625 - INFO - Rule create_process is excluded.
2024-08-03 18:46:49,625 - INFO - Rule IsPE32 is excluded.
2024-08-03 18:46:49,625 - INFO - Rule IsDLL is excluded.
2024-08-03 18:46:49,625 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 18:46:49,625 - INFO - Rule IsWindowsGUI is excluded.
2024-08-03 18:46:49,625 - INFO - Rule HasRichSignature is excluded.
2024-08-03 18:46:49,625 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 18:46:49,625 - INFO - Rule IsNotPacked is excluded.
2024-08-03 18:46:49,625 - INFO - Rule IsResourceLess is excluded.
2024-08-03 18:46:49,625 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-08-03 18:46:49,625 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-08-03 18:46:49,932 - INFO - Rule Failed_Checksum is excluded.
2024-08-03 18:46:50,020 - INFO - Rule Failed_Checksum is excluded.
2024-08-03 18:46:50,025 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll - Virus: ['win_flawedammyy_auto', 'MALPEDIA_Win_Flawedammyy_Auto']
2024-08-03 18:46:50,063 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll'
2024-08-03 18:46:50,063 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll' with parts '['nsExec', 'dll']'
2024-08-03 18:46:50,063 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:46:50,063 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll is malicious. Virus: win_flawedammyy_autoMALPEDIA_Win_Flawedammyy_Auto
2024-08-03 18:46:50,031 - INFO - Rule win_files_operation is excluded.
2024-08-03 18:46:50,031 - INFO - Rule win_files_operation is excluded.
2024-08-03 18:46:50,082 - INFO - Rule create_process is excluded.
2024-08-03 18:46:50,082 - INFO - Rule IsPE32 is excluded.
2024-08-03 18:46:50,082 - INFO - Rule IsDLL is excluded.
2024-08-03 18:46:50,082 - INFO - Rule IsWindowsGUI is excluded.
2024-08-03 18:46:50,082 - INFO - Rule HasRichSignature is excluded.
2024-08-03 18:46:50,082 - INFO - Rule IsNotPacked is excluded.
2024-08-03 18:46:50,082 - INFO - Rule IsResourceLess is excluded.
2024-08-03 18:46:50,082 - INFO - Rule create_process is excluded.
2024-08-03 18:46:50,093 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll - Virus: ['win_flawedammyy_auto', 'MALPEDIA_Win_Flawedammyy_Auto']
2024-08-03 18:46:50,100 - ERROR - Could not extract original file path from decompiled file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:46:50,103 - INFO - Rule IsPE32 is excluded.
2024-08-03 18:46:50,103 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll'
2024-08-03 18:46:50,106 - INFO - Rule IsDLL is excluded.
2024-08-03 18:46:50,106 - INFO - Rule IsWindowsGUI is excluded.
2024-08-03 18:46:50,106 - INFO - Rule HasRichSignature is excluded.
2024-08-03 18:46:50,106 - INFO - Rule IsNotPacked is excluded.
2024-08-03 18:46:50,106 - INFO - Rule IsResourceLess is excluded.
2024-08-03 18:46:50,106 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll' with parts '['nsExec', 'dll']'
2024-08-03 18:46:50,225 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:46:50,225 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll is malicious. Virus: win_flawedammyy_autoMALPEDIA_Win_Flawedammyy_Auto
2024-08-03 18:46:50,225 - ERROR - Could not extract original file path from decompiled file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:46:50,225 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\SpiderBanner.dll
2024-08-03 18:46:50,106 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll - Virus: ['win_flawedammyy_auto', 'MALPEDIA_Win_Flawedammyy_Auto']
2024-08-03 18:46:50,261 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll'
2024-08-03 18:46:50,261 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll' with parts '['nsExec', 'dll']'
2024-08-03 18:46:50,261 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:46:50,261 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll is malicious. Virus: win_flawedammyy_autoMALPEDIA_Win_Flawedammyy_Auto
2024-08-03 18:46:50,269 - ERROR - Could not extract original file path from decompiled file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:46:50,269 - ERROR - Error scanning file C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\SpiderBanner.dll: [WinError 2] Sistem belirtilen dosyay bulam yor: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local\\Temp\\nsbC576.tmp\\SpiderBanner.dll'
2024-08-03 18:46:50,269 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\StdUtils.dll
2024-08-03 18:46:50,269 - ERROR - Error scanning file C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\StdUtils.dll: [WinError 2] Sistem belirtilen dosyay bulam yor: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local\\Temp\\nsbC576.tmp\\StdUtils.dll'
2024-08-03 18:46:50,269 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\System.dll
2024-08-03 18:46:50,269 - ERROR - Error scanning file C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\System.dll: [WinError 2] Sistem belirtilen dosyay bulam yor: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local\\Temp\\nsbC576.tmp\\System.dll'
2024-08-03 18:46:50,269 - INFO - Scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output.c
2024-08-03 18:46:50,269 - INFO - File is in the decompile directory: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output.c. Scanning file.
2024-08-03 18:46:50,420 - INFO - Started scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output.c
2024-08-03 18:46:50,457 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:46:50,457 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:46:50,458 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS: wininit.ini
2024-08-03 18:46:50,458 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini
2024-08-03 18:46:50,587 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:46:50,786 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini
2024-08-03 18:46:51,215 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:46:51,215 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:46:51,215 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:46:51,215 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:46:51,215 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:46:51,215 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:46:51,215 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:46:51,215 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:46:51,215 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:46:51,215 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:46:51,238 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 18:46:51,238 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 18:46:51,238 - INFO - Scanning domain: tel.security.comodo.com
2024-08-03 18:46:52,499 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini
2024-08-03 18:46:52,646 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:46:52,646 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 18:46:52,649 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini - No viruses detected
2024-08-03 18:46:52,649 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini'
2024-08-03 18:46:52,649 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini' with parts '['wininit', 'ini']'
2024-08-03 18:46:52,649 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:46:52,710 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 18:46:52,716 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2: dberr.txt
2024-08-03 18:46:52,716 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt
2024-08-03 18:46:52,865 - INFO - No malware detected by ClamAV in file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output.c
2024-08-03 18:46:53,076 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt
2024-08-03 18:46:53,621 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:46:53,621 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 18:46:53,621 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive - No viruses detected
2024-08-03 18:46:53,621 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 18:46:53,621 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 18:46:53,621 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:46:53,918 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-08-03 18:46:53,918 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:46:53,918 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 18:46:53,918 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 18:46:53,918 - INFO - Rule embedded_win_api is excluded.
2024-08-03 18:46:53,978 - INFO - Scanned file with YARA: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output.c - No viruses detected
2024-08-03 18:46:53,978 - INFO - Running ransomware alert check for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output.c'
2024-08-03 18:46:53,978 - INFO - Checking ransomware conditions for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output.c' with parts '['decompiled_output', 'c']'
2024-08-03 18:46:53,978 - INFO - File 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output.c' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:46:53,978 - INFO - Scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_1.c
2024-08-03 18:46:53,987 - INFO - File is in the decompile directory: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_1.c. Scanning file.
2024-08-03 18:46:53,990 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt
2024-08-03 18:46:54,015 - INFO - Started scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_1.c
2024-08-03 18:46:54,180 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini
2024-08-03 18:46:54,180 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini
2024-08-03 18:46:54,242 - INFO - No malware detected by ClamAV in file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_1.c
2024-08-03 18:46:54,431 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini
2024-08-03 18:46:54,493 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:46:54,493 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 18:46:54,596 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt - No viruses detected
2024-08-03 18:46:54,596 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt'
2024-08-03 18:46:54,596 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt' with parts '['dberr', 'txt']'
2024-08-03 18:46:54,596 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:46:54,596 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}: catdb
2024-08-03 18:46:54,596 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2024-08-03 18:46:54,932 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2024-08-03 18:46:55,856 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-08-03 18:46:55,856 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:46:55,856 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 18:46:55,856 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 18:46:55,862 - INFO - Rule embedded_win_api is excluded.
2024-08-03 18:46:55,870 - INFO - Scanned file with YARA: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_1.c - No viruses detected
2024-08-03 18:46:55,870 - INFO - Running ransomware alert check for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_1.c'
2024-08-03 18:46:55,870 - INFO - Checking ransomware conditions for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_1.c' with parts '['decompiled_output_1', 'c']'
2024-08-03 18:46:55,870 - INFO - File 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_1.c' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:46:55,870 - INFO - Scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_2.c
2024-08-03 18:46:55,870 - INFO - File is in the decompile directory: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_2.c. Scanning file.
2024-08-03 18:46:55,916 - INFO - Started scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_2.c
2024-08-03 18:46:55,929 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini
2024-08-03 18:46:56,085 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:46:56,085 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 18:46:56,089 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini - No viruses detected
2024-08-03 18:46:56,089 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini'
2024-08-03 18:46:56,095 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini' with parts '['wininit', 'ini']'
2024-08-03 18:46:56,095 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:46:56,144 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt
2024-08-03 18:46:56,144 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt
2024-08-03 18:46:56,144 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt
2024-08-03 18:46:56,668 - INFO - No malware detected by ClamAV in file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_2.c
2024-08-03 18:46:56,741 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2024-08-03 18:46:56,924 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt
2024-08-03 18:46:57,068 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-08-03 18:46:57,068 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:46:57,068 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 18:46:57,068 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 18:46:57,068 - INFO - Rule embedded_win_api is excluded.
2024-08-03 18:46:57,145 - INFO - Scanned file with YARA: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_2.c - No viruses detected
2024-08-03 18:46:57,145 - INFO - Running ransomware alert check for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_2.c'
2024-08-03 18:46:57,145 - INFO - Checking ransomware conditions for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_2.c' with parts '['decompiled_output_2', 'c']'
2024-08-03 18:46:57,145 - INFO - File 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_2.c' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:46:57,145 - INFO - Scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_3.c
2024-08-03 18:46:57,145 - INFO - File is in the decompile directory: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_3.c. Scanning file.
2024-08-03 18:46:57,491 - INFO - Started scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_3.c
2024-08-03 18:46:57,894 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:46:57,894 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 18:46:57,894 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt - No viruses detected
2024-08-03 18:46:57,894 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt'
2024-08-03 18:46:57,894 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt' with parts '['dberr', 'txt']'
2024-08-03 18:46:57,894 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:46:57,894 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2024-08-03 18:46:57,894 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2024-08-03 18:46:57,894 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2024-08-03 18:46:58,587 - INFO - No malware detected by ClamAV in file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_3.c
2024-08-03 18:46:58,753 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2024-08-03 18:46:58,788 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:46:58,788 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 18:46:58,788 - INFO - Rule hashcat is excluded.
2024-08-03 18:46:58,839 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - No viruses detected
2024-08-03 18:46:58,839 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb'
2024-08-03 18:46:58,848 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb' with parts '['catdb']'
2024-08-03 18:46:58,848 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:46:58,851 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}: catdb.jfm
2024-08-03 18:46:58,874 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm
2024-08-03 18:46:59,018 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm
2024-08-03 18:46:59,285 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:46:59,285 - INFO - Rule ct_size_1kb_10kb is excluded.
2024-08-03 18:46:59,382 - INFO - Scanned file with YARA: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_3.c - No viruses detected
2024-08-03 18:46:59,476 - INFO - Running ransomware alert check for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_3.c'
2024-08-03 18:46:59,476 - INFO - Checking ransomware conditions for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_3.c' with parts '['decompiled_output_3', 'c']'
2024-08-03 18:46:59,476 - INFO - File 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_3.c' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:46:59,707 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini
2024-08-03 18:46:59,707 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:46:59,727 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 18:46:59,727 - INFO - Rule hashcat is excluded.
2024-08-03 18:46:59,735 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - No viruses detected
2024-08-03 18:46:59,767 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb'
2024-08-03 18:46:59,767 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb' with parts '['catdb']'
2024-08-03 18:46:59,767 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:46:59,767 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm
2024-08-03 18:46:59,767 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm
2024-08-03 18:46:59,767 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm
2024-08-03 18:46:59,822 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini
2024-08-03 18:47:00,219 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm
2024-08-03 18:47:00,491 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:47:00,491 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 18:47:00,535 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm
2024-08-03 18:47:00,585 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm - No viruses detected
2024-08-03 18:47:00,789 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm'
2024-08-03 18:47:00,789 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm' with parts '['catdb', 'jfm']'
2024-08-03 18:47:00,789 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:47:00,770 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini
2024-08-03 18:47:00,982 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}: catdb
2024-08-03 18:47:00,982 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2024-08-03 18:47:00,982 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2024-08-03 18:47:01,095 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:47:01,095 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 18:47:01,108 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm - No viruses detected
2024-08-03 18:47:01,108 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm'
2024-08-03 18:47:01,108 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm' with parts '['catdb', 'jfm']'
2024-08-03 18:47:01,108 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:47:01,108 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2024-08-03 18:47:01,108 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2024-08-03 18:47:01,108 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2024-08-03 18:47:01,165 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:47:01,165 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 18:47:01,165 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini - No viruses detected
2024-08-03 18:47:01,165 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini'
2024-08-03 18:47:01,165 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini' with parts '['wininit', 'ini']'
2024-08-03 18:47:01,165 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\wininit.ini' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:47:01,280 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt
2024-08-03 18:47:01,720 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt
2024-08-03 18:47:01,805 - INFO - DNS Query (IPv4): tel.security.comodo.com
2024-08-03 18:47:01,805 - INFO - DNS Query (IPv4): tel.security.comodo.com
2024-08-03 18:47:01,805 - INFO - DNS Answer (IPv4): tel.security.comodo.com
2024-08-03 18:47:01,830 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:47:01,830 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:47:01,959 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt
2024-08-03 18:47:02,543 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:47:02,543 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 18:47:02,574 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt - No viruses detected
2024-08-03 18:47:02,574 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt'
2024-08-03 18:47:02,574 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt' with parts '['dberr', 'txt']'
2024-08-03 18:47:02,574 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\dberr.txt' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:47:02,574 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2024-08-03 18:47:02,607 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2024-08-03 18:47:02,806 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2024-08-03 18:47:04,031 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:47:04,031 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 18:47:04,031 - INFO - Rule hashcat is excluded.
2024-08-03 18:47:04,031 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - No viruses detected
2024-08-03 18:47:04,051 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb'
2024-08-03 18:47:04,051 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb' with parts '['catdb']'
2024-08-03 18:47:04,051 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:47:04,051 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm
2024-08-03 18:47:04,051 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm
2024-08-03 18:47:04,169 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm
2024-08-03 18:47:04,220 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:47:04,220 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 18:47:04,220 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm - No viruses detected
2024-08-03 18:47:04,220 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm'
2024-08-03 18:47:04,220 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm' with parts '['catdb', 'jfm']'
2024-08-03 18:47:04,220 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:47:04,220 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2024-08-03 18:47:04,235 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2024-08-03 18:48:23,384 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 18:48:25,143 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 18:48:25,174 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 18:48:26,255 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 18:48:33,678 - INFO - Decompilation completed successfully for file: C:\Users\hydradragonantivirus\Desktop\Kyrazon Setup.exe
2024-08-03 18:48:40,458 - INFO - Scanning domain: fd.api.iris.microsoft.com
2024-08-03 18:48:40,873 - INFO - Running worm detection for file 'C:\Users\hydradragonantivirus\Desktop\Kyrazon Setup.exe'
2024-08-03 18:48:54,947 - INFO - DNS Query (IPv4): fd.api.iris.microsoft.com
2024-08-03 18:48:54,947 - INFO - DNS Query (IPv4): fd.api.iris.microsoft.com
2024-08-03 18:48:54,947 - INFO - DNS Answer (IPv4): fd.api.iris.microsoft.com
2024-08-03 18:48:54,947 - INFO - Scanning domain: fd-api-iris.trafficmanager.net
2024-08-03 18:48:58,832 - INFO - Started scanning file: C:\Users\hydradragonantivirus\Desktop\Kyrazon Setup.exe
2024-08-03 18:49:22,294 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2024-08-03 18:49:22,294 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2024-08-03 18:49:34,096 - INFO - DNS Answer (IPv4): fd-api-iris.trafficmanager.net
2024-08-03 18:49:34,096 - INFO - Scanning domain: iris-de-ppe-azsc-v2-neu.northeurope.cloudapp.azure.com
2024-08-03 18:49:36,051 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2024-08-03 18:49:39,692 - INFO - DNS Answer (IPv4): iris-de-ppe-azsc-v2-neu.northeurope.cloudapp.azure.com
2024-08-03 18:49:41,890 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:49:52,457 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:49:52,457 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:49:52,457 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:49:55,450 - INFO - No malware detected by Machine Learning in file: C:\Users\hydradragonantivirus\Desktop\Kyrazon Setup.exe
2024-08-03 18:50:01,022 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 18:50:01,022 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 18:50:01,022 - INFO - Rule head_7z is excluded.
2024-08-03 18:50:01,022 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:50:01,022 - INFO - Rule ct_size_10mb_100mb is excluded.
2024-08-03 18:50:01,022 - INFO - Rule http is excluded.
2024-08-03 18:50:01,028 - INFO - Rule Win_Spyware_Zbot_1290 is excluded.
2024-08-03 18:50:01,028 - INFO - Rule _Hyper_Archive_ is excluded.
2024-08-03 18:50:01,028 - INFO - Rule VBox_Detection is excluded.
2024-08-03 18:50:04,182 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 18:50:04,182 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 18:50:04,182 - INFO - Rule head_7z is excluded.
2024-08-03 18:50:04,182 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:50:04,182 - INFO - Rule ct_size_10mb_100mb is excluded.
2024-08-03 18:50:04,182 - INFO - Rule http is excluded.
2024-08-03 18:50:04,182 - INFO - Rule Win_Spyware_Zbot_1290 is excluded.
2024-08-03 18:50:04,214 - INFO - Rule _Hyper_Archive_ is excluded.
# Fixed by next commit 2024-08-03 18:50:04,214 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\app-64.7z - Virus: ['sevenzip_file']
2024-08-03 18:50:04,214 - INFO - Rule VBox_Detection is excluded.
2024-08-03 18:50:04,214 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\app-64.7z'
2024-08-03 18:50:07,475 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\app-64.7z' with parts '['app-64', '7z']'
2024-08-03 18:50:07,475 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\app-64.7z' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:50:07,475 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\app-64.7z is malicious. Virus: sevenzip_file
# Fixed by next commit 2024-08-03 18:50:07,475 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\app-64.7z - Virus: ['sevenzip_file']
2024-08-03 18:50:07,492 - INFO - DNS Query (IPv4): ctldl.windowsupdate.com
2024-08-03 18:50:07,509 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\app-64.7z'
2024-08-03 18:50:07,509 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\app-64.7z' with parts '['app-64', '7z']'
2024-08-03 18:50:07,509 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\app-64.7z' does not have multiple extensions, not flagged as ransomware
# Fixed by next commit 2024-08-03 18:50:07,509 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\app-64.7z is malicious. Virus: sevenzip_file
2024-08-03 18:50:07,531 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\app-64.7z
2024-08-03 18:50:07,531 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:50:07,575 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:50:07,592 - INFO - DNS Query (IPv4): ctldl.windowsupdate.com
2024-08-03 18:50:07,592 - INFO - DNS Answer (IPv4): ctldl.windowsupdate.com
2024-08-03 18:50:07,592 - INFO - DNS Answer (IPv4): ctldl.windowsupdate.com.delivery.microsoft.com
2024-08-03 18:50:07,592 - INFO - DNS Answer (IPv4): wu-b-net.trafficmanager.net
2024-08-03 18:50:07,592 - INFO - Scanning domain: bg.microsoft.map.fastly.net
2024-08-03 18:50:08,120 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp
2024-08-03 18:50:08,229 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local\\Temp'
2024-08-03 18:50:08,229 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp
2024-08-03 18:50:14,288 - INFO - DNS Answer (IPv4): bg.microsoft.map.fastly.net
2024-08-03 18:50:46,183 - INFO - Scanning domain: prod.client.wosc.services.microsoft.com
2024-08-03 18:50:48,802 - INFO - DNS Query (IPv4): prod.client.wosc.services.microsoft.com
2024-08-03 18:50:50,545 - INFO - DNS Query (IPv4): prod.client.wosc.services.microsoft.com
2024-08-03 18:50:50,545 - INFO - DNS Answer (IPv4): prod.client.wosc.services.microsoft.com
2024-08-03 18:50:50,545 - INFO - Scanning domain: wosc-svc-client-e7cybuc4bshbffhq.z01.azurefd.net
2024-08-03 18:50:53,049 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp
2024-08-03 18:50:53,114 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local\\Temp'
2024-08-03 18:50:53,114 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp'
2024-08-03 18:50:53,114 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp' with parts '['Temp']'
2024-08-03 18:50:53,114 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:50:54,552 - INFO - DNS Answer (IPv4): wosc-svc-client-e7cybuc4bshbffhq.z01.azurefd.net
2024-08-03 18:50:54,552 - INFO - Scanning domain: star-azurefd-prod.trafficmanager.net
2024-08-03 18:50:58,017 - INFO - DNS Answer (IPv4): star-azurefd-prod.trafficmanager.net
2024-08-03 18:50:58,017 - INFO - Scanning domain: shed.dual-low.s-part-0039.t-0009.t-msedge.net
2024-08-03 18:51:04,986 - INFO - DNS Answer (IPv4): shed.dual-low.s-part-0039.t-0009.t-msedge.net
2024-08-03 18:51:04,986 - INFO - Scanning domain: s-part-0039.t-0009.t-msedge.net
2024-08-03 18:51:08,924 - INFO - DNS Answer (IPv4): s-part-0039.t-0009.t-msedge.net
2024-08-03 18:51:12,009 - INFO - Scanning domain: settings-win.data.microsoft.com
2024-08-03 18:51:16,426 - INFO - DNS Query (IPv4): settings-win.data.microsoft.com
2024-08-03 18:51:16,426 - INFO - DNS Query (IPv4): settings-win.data.microsoft.com
2024-08-03 18:51:16,426 - INFO - DNS Answer (IPv4): settings-win.data.microsoft.com
2024-08-03 18:51:16,426 - INFO - Scanning domain: atm-settingsfe-prod-geo2.trafficmanager.net
2024-08-03 18:51:21,693 - INFO - DNS Answer (IPv4): atm-settingsfe-prod-geo2.trafficmanager.net
2024-08-03 18:51:21,693 - INFO - Scanning domain: settings-prod-neu-1.northeurope.cloudapp.azure.com
2024-08-03 18:51:25,922 - INFO - DNS Answer (IPv4): settings-prod-neu-1.northeurope.cloudapp.azure.com
2024-08-03 18:51:49,254 - INFO - DNS Query (IPv4): dns.msftncsi.com
2024-08-03 18:51:49,485 - INFO - DNS Query (IPv4): dns.msftncsi.com
2024-08-03 18:51:49,485 - INFO - DNS Answer (IPv4): dns.msftncsi.com
2024-08-03 18:51:57,544 - INFO - No malware detected by ClamAV in file: C:\Users\hydradragonantivirus\Desktop\Kyrazon Setup.exe
2024-08-03 18:53:11,999 - INFO - Scanning domain: g.msn.com
2024-08-03 18:53:20,019 - INFO - DNS Query (IPv4): g.msn.com
2024-08-03 18:53:20,019 - INFO - DNS Query (IPv4): g.msn.com
2024-08-03 18:53:20,019 - INFO - DNS Answer (IPv4): g.msn.com
2024-08-03 18:53:20,019 - INFO - Scanning domain: g-msn-com-nsatc.trafficmanager.net
2024-08-03 18:53:23,822 - INFO - DNS Answer (IPv4): g-msn-com-nsatc.trafficmanager.net
2024-08-03 18:54:02,692 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 18:54:04,408 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 18:54:04,408 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 18:54:08,299 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 18:54:08,299 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 18:54:08,498 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 18:54:32,452 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:54:32,806 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:54:32,955 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:54:33,289 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:54:33,291 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 18:54:33,654 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 18:54:33,663 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:54:33,674 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:54:33,677 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 18:54:33,685 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 18:54:41,425 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 18:54:41,425 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 18:54:53,263 - INFO - Decompilation completed successfully for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:54:56,104 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll'
2024-08-03 18:55:02,121 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:55:02,355 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:55:03,887 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:55:05,969 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-08-03 18:55:05,969 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-08-03 18:55:05,969 - INFO - Rule head_mz is excluded.
2024-08-03 18:55:05,969 - INFO - Rule head_pe_signed is excluded.
2024-08-03 18:55:05,969 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:55:05,969 - INFO - Rule ct_size_1kb_10kb is excluded.
2024-08-03 18:55:05,969 - INFO - Rule head_mz_b_small_5kb_10kb is excluded.
2024-08-03 18:55:05,969 - INFO - Rule Contains_PE_File is excluded.
2024-08-03 18:55:05,969 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-08-03 18:55:05,969 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 18:55:05,969 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-08-03 18:55:05,969 - INFO - Rule Failed_Checksum is excluded.
2024-08-03 18:55:05,969 - INFO - Rule win_files_operation is excluded.
2024-08-03 18:55:05,969 - INFO - Rule create_process is excluded.
2024-08-03 18:55:05,969 - INFO - Rule IsPE32 is excluded.
2024-08-03 18:55:05,969 - INFO - Rule IsDLL is excluded.
2024-08-03 18:55:05,969 - INFO - Rule IsWindowsGUI is excluded.
2024-08-03 18:55:05,969 - INFO - Rule HasRichSignature is excluded.
2024-08-03 18:55:05,969 - INFO - Rule IsNotPacked is excluded.
2024-08-03 18:55:05,969 - INFO - Rule IsResourceLess is excluded.
2024-08-03 18:55:05,969 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll - Virus: ['win_flawedammyy_auto', 'MALPEDIA_Win_Flawedammyy_Auto']
2024-08-03 18:55:05,969 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll'
2024-08-03 18:55:05,969 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll' with parts '['nsExec', 'dll']'
2024-08-03 18:55:05,969 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:55:05,969 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll is malicious. Virus: win_flawedammyy_autoMALPEDIA_Win_Flawedammyy_Auto
2024-08-03 18:55:05,969 - ERROR - Could not extract original file path from decompiled file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:55:06,009 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsExec.dll
2024-08-03 18:55:06,009 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsis7z.dll
2024-08-03 18:55:06,009 - ERROR - Error scanning file C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsis7z.dll: [WinError 2] Sistem belirtilen dosyay bulam yor: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local\\Temp\\nsbC576.tmp\\nsis7z.dll'
2024-08-03 18:55:06,022 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\nsis7z.dll
2024-08-03 18:55:06,022 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\SpiderBanner.dll
2024-08-03 18:55:06,022 - ERROR - Error scanning file C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\SpiderBanner.dll: [WinError 2] Sistem belirtilen dosyay bulam yor: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local\\Temp\\nsbC576.tmp\\SpiderBanner.dll'
2024-08-03 18:55:06,022 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\SpiderBanner.dll
2024-08-03 18:55:06,022 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\StdUtils.dll
2024-08-03 18:55:06,022 - ERROR - Error scanning file C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\StdUtils.dll: [WinError 2] Sistem belirtilen dosyay bulam yor: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local\\Temp\\nsbC576.tmp\\StdUtils.dll'
2024-08-03 18:55:06,022 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\StdUtils.dll
2024-08-03 18:55:06,022 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\System.dll
2024-08-03 18:55:06,022 - ERROR - Error scanning file C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\System.dll: [WinError 2] Sistem belirtilen dosyay bulam yor: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local\\Temp\\nsbC576.tmp\\System.dll'
2024-08-03 18:55:06,022 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\nsbC576.tmp\System.dll
2024-08-03 18:55:06,022 - INFO - Processed all files in directory: C:\Sandbox\hydradragonantivirus\DefaultBox\user
2024-08-03 18:55:06,022 - INFO - Directory event detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user
2024-08-03 18:55:06,059 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
2024-08-03 18:55:06,075 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
2024-08-03 18:55:06,403 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
2024-08-03 18:55:06,764 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:55:06,764 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 18:55:06,764 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx - No viruses detected
2024-08-03 18:55:06,764 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx'
2024-08-03 18:55:06,764 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx' with parts '['F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768', 'idx']'
2024-08-03 18:55:06,764 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:55:06,764 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
2024-08-03 18:55:06,764 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
2024-08-03 18:55:06,780 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
2024-08-03 18:55:06,884 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
2024-08-03 18:55:06,918 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:55:06,918 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 18:55:06,918 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock - No viruses detected
2024-08-03 18:55:06,918 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock'
2024-08-03 18:55:06,918 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock' with parts '['F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768', 'lock']'
2024-08-03 18:55:06,918 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:55:06,918 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
2024-08-03 18:55:06,918 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
2024-08-03 18:55:06,918 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
2024-08-03 18:55:07,047 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
2024-08-03 18:55:07,090 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 18:55:07,090 - INFO - Rule ct_size_1kb_10kb is excluded.
2024-08-03 18:55:07,102 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val - No viruses detected
2024-08-03 18:55:07,102 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val'
2024-08-03 18:55:07,102 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val' with parts '['F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768', 'val']'
2024-08-03 18:55:07,102 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val' does not have multiple extensions, not flagged as ransomware
2024-08-03 18:55:07,102 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
2024-08-03 18:55:07,116 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 18:55:17,316 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 18:55:39,262 - INFO - DNS Query (IPv4): cis.td.security.comodo.com
2024-08-03 18:55:39,306 - INFO - DNS Query (IPv4): cis.td.security.comodo.com
2024-08-03 18:55:39,306 - INFO - DNS Answer (IPv4): cis.td.security.comodo.com
2024-08-03 18:55:39,306 - INFO - DNS Answer (IPv4): cis.td.security.comodo.com
2024-08-03 18:55:39,306 - INFO - DNS Answer (IPv4): cis.td.security.comodo.com
2024-08-03 18:56:57,382 - INFO - DNS Query (IPv4): licensing.security.comodo.com
2024-08-03 18:56:57,406 - INFO - DNS Query (IPv4): licensing.security.comodo.com
2024-08-03 18:56:57,406 - INFO - DNS Answer (IPv4): licensing.security.comodo.com
2024-08-03 18:58:40,322 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 18:58:47,028 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 18:58:47,028 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 18:58:59,337 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 18:58:59,339 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:58:59,381 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:58:59,381 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:59:23,241 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 18:59:23,241 - INFO - DNS Query (IPv4): tel.security.comodo.com
2024-08-03 18:59:23,241 - INFO - DNS Query (IPv4): tel.security.comodo.com
2024-08-03 18:59:23,241 - INFO - DNS Answer (IPv4): tel.security.comodo.com
2024-08-03 19:00:11,978 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:00:12,230 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:00:12,230 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:00:13,687 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:00:13,687 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:00:13,687 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:00:13,687 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:00:13,983 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:00:18,411 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:00:18,411 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:00:18,411 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 19:00:19,533 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 19:00:19,533 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 19:00:19,533 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 19:02:16,237 - INFO - DNS Query (IPv4): watson.events.data.microsoft.com
2024-08-03 19:02:16,428 - INFO - DNS Query (IPv4): watson.events.data.microsoft.com
2024-08-03 19:02:16,428 - INFO - DNS Answer (IPv4): watson.events.data.microsoft.com
2024-08-03 19:02:16,428 - INFO - DNS Answer (IPv4): blobcollectorcommon.trafficmanager.net
2024-08-03 19:02:16,428 - INFO - Scanning domain: onedsblobprdcus16.centralus.cloudapp.azure.com
2024-08-03 19:02:19,248 - INFO - DNS Answer (IPv4): onedsblobprdcus16.centralus.cloudapp.azure.com
2024-08-03 19:02:27,939 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 19:02:28,129 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 19:02:28,129 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:02:28,129 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:02:28,136 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:02:28,180 - INFO - Decompilation completed successfully for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:02:28,521 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:02:28,521 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:02:28,783 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:02:28,783 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 19:02:28,814 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 19:02:28,824 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 19:02:28,824 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 19:02:29,087 - INFO - DNS Query (IPv4): usfftp.security.comodo.com
2024-08-03 19:02:29,087 - INFO - DNS Query (IPv4): usfftp.security.comodo.com
2024-08-03 19:02:29,087 - INFO - DNS Answer (IPv4): usfftp.security.comodo.com
2024-08-03 19:03:12,492 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 19:03:12,492 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 19:03:12,492 - INFO - Rule vmdetect is excluded.
2024-08-03 19:03:12,492 - INFO - Rule vmdetect_misc0 is excluded.
2024-08-03 19:03:12,492 - INFO - Rule vmdetect_misc is excluded.
2024-08-03 19:03:12,492 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:03:12,492 - INFO - Rule ct_size_10mb_100mb is excluded.
2024-08-03 19:03:12,492 - INFO - Rule PEiD_00055_Alias_PIX_Vivid_IMG_Graphics_format_ is excluded.
2024-08-03 19:03:12,492 - INFO - Rule http is excluded.
2024-08-03 19:03:12,492 - INFO - Rule Generic_Powershell_Detector is excluded.
2024-08-03 19:03:12,492 - INFO - Rule hashcat is excluded.
2024-08-03 19:03:12,492 - INFO - Rule Big_Numbers0 is excluded.
2024-08-03 19:03:12,492 - INFO - Rule Big_Numbers1 is excluded.
2024-08-03 19:03:12,492 - INFO - Rule Big_Numbers2 is excluded.
2024-08-03 19:03:12,492 - INFO - Rule Big_Numbers3 is excluded.
2024-08-03 19:03:12,492 - INFO - Rule Win_Spyware_Zbot_1290 is excluded.
2024-08-03 19:03:12,492 - INFO - Rule VMdetectMisc is excluded.
2024-08-03 19:03:12,492 - INFO - Rule VBox_Detection is excluded.
2024-08-03 19:03:19,826 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - No viruses detected
2024-08-03 19:03:19,826 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb'
2024-08-03 19:03:19,826 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb' with parts '['catdb']'
2024-08-03 19:03:19,826 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:03:20,163 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm
2024-08-03 19:03:20,163 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm
2024-08-03 19:03:20,163 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe'
2024-08-03 19:03:28,295 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 19:03:28,295 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 19:03:28,295 - INFO - Rule vmdetect is excluded.
2024-08-03 19:03:28,295 - INFO - Rule vmdetect_misc0 is excluded.
2024-08-03 19:03:28,295 - INFO - Rule vmdetect_misc is excluded.
2024-08-03 19:03:28,295 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:03:28,295 - INFO - Rule ct_size_10mb_100mb is excluded.
2024-08-03 19:03:28,295 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm
2024-08-03 19:03:28,295 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 19:03:28,734 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm
2024-08-03 19:03:29,446 - WARNING - Main file 'C:\Users\hydradragonantivirus\Desktop\Kyrazon Setup.exe' is spreading the worm to 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe' with similarity score 1.0
2024-08-03 19:03:29,446 - INFO - Rule PEiD_00055_Alias_PIX_Vivid_IMG_Graphics_format_ is excluded.
2024-08-03 19:03:29,935 - INFO - Rule http is excluded.
2024-08-03 19:03:29,935 - INFO - Rule Generic_Powershell_Detector is excluded.
2024-08-03 19:03:29,935 - WARNING - Worm 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe' detected under 5 different names or as potential worm. Alerting user.
2024-08-03 19:03:29,935 - INFO - Rule hashcat is excluded.
2024-08-03 19:03:29,935 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 19:03:30,377 - INFO - Rule vmdetect is excluded.
2024-08-03 19:03:30,377 - INFO - Rule vmdetect_misc0 is excluded.
2024-08-03 19:03:30,377 - INFO - Rule vmdetect_misc is excluded.
2024-08-03 19:03:30,377 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:03:30,377 - INFO - Rule ct_size_10mb_100mb is excluded.
2024-08-03 19:03:30,377 - INFO - Rule PEiD_00055_Alias_PIX_Vivid_IMG_Graphics_format_ is excluded.
2024-08-03 19:03:30,377 - INFO - Rule http is excluded.
2024-08-03 19:03:30,377 - INFO - Rule Big_Numbers0 is excluded.
2024-08-03 19:03:30,377 - INFO - Rule Generic_Powershell_Detector is excluded.
2024-08-03 19:03:30,377 - INFO - Rule Big_Numbers1 is excluded.
2024-08-03 19:03:30,377 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm
2024-08-03 19:03:30,377 - INFO - Rule hashcat is excluded.
2024-08-03 19:03:30,377 - INFO - Rule Big_Numbers2 is excluded.
2024-08-03 19:03:30,377 - INFO - Rule Big_Numbers0 is excluded.
2024-08-03 19:03:30,377 - INFO - Rule Big_Numbers3 is excluded.
2024-08-03 19:03:30,377 - INFO - Rule Big_Numbers1 is excluded.
2024-08-03 19:03:30,377 - INFO - Rule Win_Spyware_Zbot_1290 is excluded.
2024-08-03 19:03:30,377 - INFO - Rule VMdetectMisc is excluded.
2024-08-03 19:03:30,377 - INFO - Rule Big_Numbers2 is excluded.
2024-08-03 19:03:30,377 - INFO - Rule Big_Numbers3 is excluded.
2024-08-03 19:03:30,377 - INFO - Rule VBox_Detection is excluded.
2024-08-03 19:03:30,377 - INFO - Rule Win_Spyware_Zbot_1290 is excluded.
2024-08-03 19:03:35,668 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - No viruses detected
2024-08-03 19:03:35,668 - INFO - Rule VMdetectMisc is excluded.
2024-08-03 19:03:35,668 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb'
2024-08-03 19:03:35,668 - INFO - Rule VBox_Detection is excluded.
2024-08-03 19:03:35,668 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb' with parts '['catdb']'
2024-08-03 19:03:39,873 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:03:39,873 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}: catdb.jfm
2024-08-03 19:03:39,873 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm
2024-08-03 19:03:39,873 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm
2024-08-03 19:03:40,385 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - No viruses detected
2024-08-03 19:03:40,385 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb'
2024-08-03 19:03:40,385 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb' with parts '['catdb']'
2024-08-03 19:03:40,385 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:03:40,385 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm
2024-08-03 19:03:40,385 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm
2024-08-03 19:03:40,385 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm
2024-08-03 19:03:40,385 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm
2024-08-03 19:03:40,397 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:03:40,397 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 19:03:40,397 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm - No viruses detected
2024-08-03 19:03:40,397 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm'
2024-08-03 19:03:40,397 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm' with parts '['catdb', 'jfm']'
2024-08-03 19:03:40,397 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:03:40,420 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
2024-08-03 19:03:40,420 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
2024-08-03 19:03:40,450 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:03:40,450 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 19:03:40,450 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm - No viruses detected
2024-08-03 19:03:40,450 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm'
2024-08-03 19:03:40,450 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm' with parts '['catdb', 'jfm']'
2024-08-03 19:03:40,450 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:03:40,453 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
2024-08-03 19:03:40,453 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm
2024-08-03 19:03:40,453 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm
2024-08-03 19:03:40,508 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:03:40,508 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 19:03:40,508 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm - No viruses detected
2024-08-03 19:03:40,508 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm'
2024-08-03 19:03:40,508 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm' with parts '['catdb', 'jfm']'
2024-08-03 19:03:40,508 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:03:40,508 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
2024-08-03 19:03:40,515 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:03:40,515 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 19:03:40,515 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm - No viruses detected
2024-08-03 19:03:40,515 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm'
2024-08-03 19:03:40,515 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm' with parts '['catdb', 'jfm']'
2024-08-03 19:03:40,515 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:03:40,526 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
2024-08-03 19:03:40,526 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
2024-08-03 19:03:40,537 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc: F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
2024-08-03 19:03:40,537 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
2024-08-03 19:03:40,537 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
2024-08-03 19:03:40,618 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
2024-08-03 19:03:40,646 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
2024-08-03 19:03:40,707 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:03:40,707 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 19:03:40,707 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx - No viruses detected
2024-08-03 19:03:40,707 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx'
2024-08-03 19:03:40,707 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx' with parts '['F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768', 'idx']'
2024-08-03 19:03:40,707 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:03:40,707 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
2024-08-03 19:03:40,707 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
2024-08-03 19:03:40,707 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
2024-08-03 19:03:40,803 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:03:40,803 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 19:03:40,814 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx - No viruses detected
2024-08-03 19:03:40,814 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx'
2024-08-03 19:03:40,814 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx' with parts '['F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768', 'idx']'
2024-08-03 19:03:40,814 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:03:40,814 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
2024-08-03 19:03:40,814 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
2024-08-03 19:03:40,814 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
2024-08-03 19:03:40,891 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:03:40,891 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 19:03:40,891 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:03:40,891 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 19:03:40,891 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock - No viruses detected
2024-08-03 19:03:40,891 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock'
2024-08-03 19:03:40,891 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock' with parts '['F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768', 'lock']'
2024-08-03 19:03:40,891 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:03:40,891 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx - No viruses detected
2024-08-03 19:03:40,891 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx'
2024-08-03 19:03:40,891 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx' with parts '['F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768', 'idx']'
2024-08-03 19:03:40,891 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:03:40,891 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
2024-08-03 19:03:40,891 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
2024-08-03 19:03:40,903 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc: F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
2024-08-03 19:03:40,903 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
2024-08-03 19:03:40,903 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
2024-08-03 19:03:40,903 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
2024-08-03 19:03:40,944 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
2024-08-03 19:03:40,978 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:03:40,978 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 19:03:40,987 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock - No viruses detected
2024-08-03 19:03:40,992 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock'
2024-08-03 19:03:40,992 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock' with parts '['F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768', 'lock']'
2024-08-03 19:03:40,992 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:03:40,992 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
2024-08-03 19:03:40,992 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
2024-08-03 19:03:40,992 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
2024-08-03 19:03:41,014 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
2024-08-03 19:03:41,027 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:03:41,027 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 19:03:41,027 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock - No viruses detected
2024-08-03 19:03:41,027 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock'
2024-08-03 19:03:41,027 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock' with parts '['F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768', 'lock']'
2024-08-03 19:03:41,027 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:03:41,027 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc: F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
2024-08-03 19:03:41,027 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
2024-08-03 19:03:41,027 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:03:41,027 - INFO - Rule ct_size_1kb_10kb is excluded.
2024-08-03 19:03:41,027 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val - No viruses detected
2024-08-03 19:03:41,027 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val'
2024-08-03 19:03:41,027 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val' with parts '['F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768', 'val']'
2024-08-03 19:03:41,027 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:03:41,027 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
2024-08-03 19:03:41,027 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:03:41,027 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:03:44,617 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
2024-08-03 19:03:44,617 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
2024-08-03 19:03:44,617 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:03:44,617 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:03:44,617 - INFO - Rule ct_size_1kb_10kb is excluded.
2024-08-03 19:03:44,617 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val - No viruses detected
2024-08-03 19:03:44,617 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val'
2024-08-03 19:03:44,617 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val' with parts '['F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768', 'val']'
2024-08-03 19:03:44,617 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:03:44,617 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:03:44,617 - INFO - Rule ct_size_1kb_10kb is excluded.
2024-08-03 19:03:44,617 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val - No viruses detected
2024-08-03 19:03:44,617 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val'
2024-08-03 19:03:44,617 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val' with parts '['F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768', 'val']'
2024-08-03 19:03:44,617 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\D3DSCache\3717eb382b326cc\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:03:44,617 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:03:44,617 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater: installer.exe
2024-08-03 19:03:44,617 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:03:48,866 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:03:48,866 - INFO - Scanning domain: fls.security.comodo.com
2024-08-03 19:03:49,172 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:04:03,701 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:04:05,671 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:04:06,355 - INFO - DNS Query (IPv4): fls.security.comodo.com
2024-08-03 19:04:06,355 - INFO - DNS Query (IPv4): fls.security.comodo.com
2024-08-03 19:04:06,355 - INFO - DNS Answer (IPv4): fls.security.comodo.com
2024-08-03 19:04:09,932 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:04:14,166 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-08-03 19:04:14,166 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 19:04:14,166 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 19:04:14,166 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-08-03 19:04:14,166 - INFO - Rule head_mz is excluded.
2024-08-03 19:04:14,166 - INFO - Rule head_pe_signed is excluded.
2024-08-03 19:04:14,166 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:04:14,166 - INFO - Rule ct_size_10mb_100mb is excluded.
2024-08-03 19:04:14,166 - INFO - Rule head_mz_f_large_gt_10mb is excluded.
2024-08-03 19:04:14,166 - INFO - Rule Contains_PE_File is excluded.
2024-08-03 19:04:14,166 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-08-03 19:04:14,166 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 19:04:14,166 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-08-03 19:04:14,166 - INFO - Rule http is excluded.
2024-08-03 19:04:14,166 - INFO - Rule Failed_Checksum is excluded.
2024-08-03 19:04:14,166 - INFO - Rule Hunting_resources_noimps is excluded.
2024-08-03 19:04:14,166 - INFO - Rule CRC32_poly_Constant is excluded.
2024-08-03 19:04:14,166 - INFO - Rule escalate_priv is excluded.
2024-08-03 19:04:14,166 - INFO - Rule screenshot is excluded.
2024-08-03 19:04:14,166 - INFO - Rule win_registry is excluded.
2024-08-03 19:04:14,166 - INFO - Rule win_token is excluded.
2024-08-03 19:04:14,166 - INFO - Rule win_private_profile is excluded.
2024-08-03 19:04:14,166 - INFO - Rule win_files_operation is excluded.
2024-08-03 19:04:14,166 - INFO - Rule Win_Spyware_Zbot_1290 is excluded.
2024-08-03 19:04:14,166 - INFO - Rule Nsis_archive_signature__8_byt_16_ is excluded.
2024-08-03 19:04:14,166 - INFO - Rule _Hyper_Archive_ is excluded.
2024-08-03 19:04:14,166 - INFO - Rule create_process is excluded.
2024-08-03 19:04:14,166 - INFO - Rule VBox_Detection is excluded.
2024-08-03 19:04:14,166 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-08-03 19:04:14,166 - INFO - Rule IsPE32 is excluded.
2024-08-03 19:04:14,166 - INFO - Rule IsWindowsGUI is excluded.
2024-08-03 19:04:14,166 - INFO - Rule IsPacked is excluded.
2024-08-03 19:04:14,166 - INFO - Rule HasOverlay is excluded.
2024-08-03 19:04:14,166 - INFO - Rule HasRichSignature is excluded.
2024-08-03 19:04:14,166 - INFO - Rule Nullsoft_NSIS is excluded.
2024-08-03 19:04:19,557 - WARNING - Infected file detected (YARA): C:\Users\hydradragonantivirus\Desktop\Kyrazon Setup.exe - Virus: ['Ins_NSIS_Buer_Nov_2020_1']
2024-08-03 19:04:19,557 - INFO - Running ransomware alert check for file 'C:\Users\hydradragonantivirus\Desktop\Kyrazon Setup.exe'
2024-08-03 19:04:19,557 - INFO - Checking ransomware conditions for file 'C:\Users\hydradragonantivirus\Desktop\Kyrazon Setup.exe' with parts '['Kyrazon Setup', 'exe']'
2024-08-03 19:04:19,557 - INFO - File 'C:\Users\hydradragonantivirus\Desktop\Kyrazon Setup.exe' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:04:19,557 - WARNING - File C:\Users\hydradragonantivirus\Desktop\Kyrazon Setup.exe is malicious. Virus: Ins_NSIS_Buer_Nov_2020_1
2024-08-03 19:04:19,557 - ERROR - Could not extract original file path from decompiled file: C:\Users\hydradragonantivirus\Desktop\Kyrazon Setup.exe
2024-08-03 19:04:19,557 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 19:04:19,557 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 19:04:19,557 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 19:04:19,557 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 19:04:19,557 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 19:04:19,990 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 19:04:19,996 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:04:19,996 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:04:19,996 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:04:19,996 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:04:19,996 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:04:19,996 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:04:19,996 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 19:04:19,996 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 19:04:19,996 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 19:04:19,996 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 19:05:01,414 - INFO - DNS Query (IPv4): v10.events.data.microsoft.com
2024-08-03 19:05:01,458 - INFO - DNS Query (IPv4): v10.events.data.microsoft.com
2024-08-03 19:05:01,461 - INFO - DNS Answer (IPv4): v10.events.data.microsoft.com
2024-08-03 19:05:01,461 - INFO - DNS Answer (IPv4): win-global-asimov-leafs-events-data.trafficmanager.net
2024-08-03 19:05:01,461 - INFO - Scanning domain: onedscolprdwus13.westus.cloudapp.azure.com
2024-08-03 19:05:09,440 - INFO - DNS Answer (IPv4): onedscolprdwus13.westus.cloudapp.azure.com
2024-08-03 19:05:10,555 - INFO - DNS Query (IPv4): v20.events.data.microsoft.com
2024-08-03 19:05:10,564 - INFO - DNS Query (IPv4): v20.events.data.microsoft.com
2024-08-03 19:05:10,564 - INFO - DNS Answer (IPv4): v20.events.data.microsoft.com
2024-08-03 19:05:10,567 - INFO - DNS Answer (IPv4): win-global-asimov-leafs-events-data.trafficmanager.net
2024-08-03 19:05:10,570 - INFO - Scanning domain: onedscolprdcus17.centralus.cloudapp.azure.com
2024-08-03 19:05:16,604 - INFO - DNS Answer (IPv4): onedscolprdcus17.centralus.cloudapp.azure.com
2024-08-03 19:06:03,423 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 19:06:03,705 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 19:06:03,724 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:06:03,724 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:06:03,724 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:06:03,991 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:06:03,991 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:06:04,291 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:06:04,291 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 19:06:07,639 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 19:06:07,647 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 19:06:07,653 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 19:06:22,272 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 19:06:51,252 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 19:07:32,405 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:07:32,438 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:07:32,438 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 19:07:32,438 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 19:07:32,438 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:07:32,438 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:07:32,438 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:07:32,438 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:07:32,438 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:07:32,438 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:07:32,438 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:07:32,438 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:07:32,438 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:07:33,466 - INFO - Scanning domain: windows.msn.com
2024-08-03 19:07:38,804 - INFO - DNS Query (IPv4): windows.msn.com
2024-08-03 19:07:38,804 - INFO - DNS Query (IPv4): windows.msn.com
2024-08-03 19:07:38,804 - INFO - DNS Answer (IPv4): windows.msn.com
2024-08-03 19:07:38,804 - INFO - DNS Answer (IPv4): www-msn-com.a-0003.a-msedge.net
2024-08-03 19:07:38,804 - INFO - DNS Answer (IPv4): a-0003.a-msedge.net
2024-08-03 19:07:39,092 - INFO - Scanning domain: edge.microsoft.com
2024-08-03 19:07:43,459 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-08-03 19:07:43,461 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-08-03 19:07:43,463 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 19:07:43,464 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-08-03 19:07:43,464 - INFO - DNS Answer (IPv4): edge.microsoft.com
2024-08-03 19:07:43,467 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-08-03 19:07:43,468 - INFO - DNS Answer (IPv4): edge.microsoft.com
2024-08-03 19:07:43,468 - INFO - Scanning domain: edge-microsoft-com.dual-a-0036.a-msedge.net
2024-08-03 19:07:47,347 - INFO - DNS Answer (IPv4): edge-microsoft-com.dual-a-0036.a-msedge.net
2024-08-03 19:07:47,356 - INFO - Scanning domain: dual-a-0036.a-msedge.net
2024-08-03 19:07:50,843 - INFO - DNS Answer (IPv4): dual-a-0036.a-msedge.net
2024-08-03 19:07:50,843 - INFO - DNS Answer (IPv4): dual-a-0036.a-msedge.net
2024-08-03 19:07:50,843 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 19:07:50,917 - INFO - DNS Query (IPv4): www.msn.com
2024-08-03 19:07:50,918 - INFO - DNS Query (IPv4): www.msn.com
2024-08-03 19:07:50,921 - INFO - DNS Query (IPv4): www.msn.com
2024-08-03 19:07:50,921 - INFO - DNS Answer (IPv4): www.msn.com
2024-08-03 19:07:50,923 - INFO - DNS Query (IPv4): www.msn.com
2024-08-03 19:07:50,923 - INFO - DNS Answer (IPv4): www.msn.com
2024-08-03 19:07:50,923 - INFO - DNS Answer (IPv4): www-msn-com.a-0003.a-msedge.net
2024-08-03 19:07:50,923 - INFO - DNS Answer (IPv4): a-0003.a-msedge.net
2024-08-03 19:07:50,967 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:07:50,967 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:07:50,967 - INFO - Scanning domain: prod-streaming-video-msn-com.akamaized.net
2024-08-03 19:07:53,949 - INFO - DNS Query (IPv4): prod-streaming-video-msn-com.akamaized.net
2024-08-03 19:07:53,949 - INFO - DNS Query (IPv4): prod-streaming-video-msn-com.akamaized.net
2024-08-03 19:07:53,949 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:07:53,949 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 19:07:53,949 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 19:07:53,949 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:07:53,949 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 19:07:53,949 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 19:07:53,949 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:07:53,949 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:07:53,949 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:07:53,949 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:07:53,949 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:07:53,949 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:07:53,949 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:07:53,949 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:07:53,949 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:07:53,949 - INFO - DNS Query (IPv4): prod-streaming-video-msn-com.akamaized.net
2024-08-03 19:07:53,949 - INFO - DNS Answer (IPv4): prod-streaming-video-msn-com.akamaized.net
2024-08-03 19:07:53,949 - INFO - Scanning domain: a1830.dscg2.akamai.net
2024-08-03 19:07:56,775 - INFO - Decompilation completed successfully for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:07:57,154 - INFO - Decompilation completed successfully for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:07:57,301 - INFO - DNS Answer (IPv4): a1830.dscg2.akamai.net
2024-08-03 19:07:57,304 - INFO - DNS Answer (IPv4): a1830.dscg2.akamai.net
2024-08-03 19:07:57,317 - INFO - DNS Query (IPv4): prod-streaming-video-msn-com.akamaized.net
2024-08-03 19:07:57,317 - INFO - DNS Answer (IPv4): prod-streaming-video-msn-com.akamaized.net
2024-08-03 19:08:02,213 - INFO - Worm alert already triggered for C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe, skipping...
2024-08-03 19:08:02,213 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:08:11,034 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:08:11,034 - INFO - Worm alert already triggered for C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe, skipping...
2024-08-03 19:08:11,034 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:08:20,664 - INFO - Decompilation completed successfully for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:08:20,975 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:08:21,192 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:08:21,483 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:08:23,912 - INFO - Worm alert already triggered for C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe, skipping...
2024-08-03 19:08:23,912 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:08:35,259 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:08:35,727 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:08:37,078 - INFO - Scanning domain: ecn.dev.virtualearth.net
2024-08-03 19:08:41,078 - INFO - DNS Query (IPv4): ecn.dev.virtualearth.net
2024-08-03 19:08:41,078 - INFO - DNS Query (IPv4): ecn.dev.virtualearth.net
2024-08-03 19:08:41,078 - INFO - DNS Query (IPv4): ecn.dev.virtualearth.net
2024-08-03 19:08:41,078 - INFO - DNS Answer (IPv4): ecn.dev.virtualearth.net
2024-08-03 19:08:41,078 - INFO - Scanning domain: ssl2.tiles.virtualearth.net.edgekey.net
2024-08-03 19:08:47,053 - INFO - DNS Answer (IPv4): ssl2.tiles.virtualearth.net.edgekey.net
2024-08-03 19:08:47,053 - INFO - DNS Query (IPv4): ecn.dev.virtualearth.net
2024-08-03 19:08:47,053 - INFO - DNS Answer (IPv4): ecn.dev.virtualearth.net
2024-08-03 19:08:47,053 - INFO - DNS Answer (IPv4): ssl2.tiles.virtualearth.net.edgekey.net
2024-08-03 19:08:47,053 - INFO - Scanning domain: e4113.dscd.akamaiedge.net
2024-08-03 19:08:51,537 - INFO - DNS Answer (IPv4): e4113.dscd.akamaiedge.net
2024-08-03 19:08:52,388 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:08:52,388 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:08:52,388 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 19:08:52,388 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 19:08:52,388 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:08:52,475 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:08:52,475 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:08:52,475 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:08:52,475 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:08:52,475 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:08:52,475 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:08:52,475 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:08:52,475 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:08:52,499 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 19:08:52,499 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 19:08:52,499 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 19:08:52,499 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 19:08:52,522 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 19:08:53,971 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 19:08:53,971 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 19:08:53,987 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 19:09:22,423 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:09:22,499 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:09:22,532 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 19:09:22,532 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 19:09:22,532 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:09:22,532 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:09:22,532 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:09:22,532 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:09:22,532 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:09:22,532 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:09:22,532 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:09:22,532 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:09:22,532 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:10:47,423 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:10:47,477 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:10:47,477 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 19:10:47,477 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 19:10:47,477 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:10:47,477 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:10:47,477 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:10:47,477 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:10:47,477 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:10:47,477 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:10:47,477 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:10:47,477 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:10:47,477 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:11:33,646 - INFO - Scanning domain: browser.pipe.aria.microsoft.com
2024-08-03 19:11:37,729 - INFO - DNS Query (IPv4): browser.pipe.aria.microsoft.com
2024-08-03 19:11:37,729 - INFO - DNS Query (IPv4): browser.pipe.aria.microsoft.com
2024-08-03 19:11:37,729 - INFO - DNS Answer (IPv4): browser.pipe.aria.microsoft.com
2024-08-03 19:11:37,729 - INFO - Scanning domain: browser.events.data.trafficmanager.net
2024-08-03 19:11:41,622 - INFO - DNS Answer (IPv4): browser.events.data.trafficmanager.net
2024-08-03 19:11:41,633 - INFO - Scanning domain: onedscolprdjpe05.japaneast.cloudapp.azure.com
2024-08-03 19:11:44,257 - INFO - DNS Answer (IPv4): onedscolprdjpe05.japaneast.cloudapp.azure.com
2024-08-03 19:11:48,312 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-08-03 19:11:48,312 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 19:11:48,312 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 19:11:48,312 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-08-03 19:11:48,312 - INFO - Rule head_mz is excluded.
2024-08-03 19:11:48,312 - INFO - Rule head_pe_signed is excluded.
2024-08-03 19:11:48,312 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:11:48,312 - INFO - Rule ct_size_10mb_100mb is excluded.
2024-08-03 19:11:48,312 - INFO - Rule head_mz_f_large_gt_10mb is excluded.
2024-08-03 19:11:48,312 - INFO - Rule Contains_PE_File is excluded.
2024-08-03 19:11:48,312 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-08-03 19:11:48,312 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 19:11:48,312 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-08-03 19:11:48,312 - INFO - Rule http is excluded.
2024-08-03 19:11:48,312 - INFO - Rule Failed_Checksum is excluded.
2024-08-03 19:11:48,312 - INFO - Rule Hunting_resources_noimps is excluded.
2024-08-03 19:11:48,312 - INFO - Rule CRC32_poly_Constant is excluded.
2024-08-03 19:11:48,312 - INFO - Rule escalate_priv is excluded.
2024-08-03 19:11:48,312 - INFO - Rule screenshot is excluded.
2024-08-03 19:11:48,312 - INFO - Rule win_registry is excluded.
2024-08-03 19:11:48,312 - INFO - Rule win_token is excluded.
2024-08-03 19:11:48,312 - INFO - Rule win_private_profile is excluded.
2024-08-03 19:11:48,312 - INFO - Rule win_files_operation is excluded.
2024-08-03 19:11:48,312 - INFO - Rule Win_Spyware_Zbot_1290 is excluded.
2024-08-03 19:11:48,312 - INFO - Rule Nsis_archive_signature__8_byt_16_ is excluded.
2024-08-03 19:11:48,312 - INFO - Rule _Hyper_Archive_ is excluded.
2024-08-03 19:11:48,312 - INFO - Rule create_process is excluded.
2024-08-03 19:11:48,312 - INFO - Rule VBox_Detection is excluded.
2024-08-03 19:11:48,312 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-08-03 19:11:48,312 - INFO - Rule IsPE32 is excluded.
2024-08-03 19:11:48,312 - INFO - Rule IsWindowsGUI is excluded.
2024-08-03 19:11:48,312 - INFO - Rule IsPacked is excluded.
2024-08-03 19:11:48,312 - INFO - Rule HasOverlay is excluded.
2024-08-03 19:11:48,312 - INFO - Rule HasRichSignature is excluded.
2024-08-03 19:11:48,312 - INFO - Rule Nullsoft_NSIS is excluded.
2024-08-03 19:11:49,477 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe - Virus: ['Ins_NSIS_Buer_Nov_2020_1']
2024-08-03 19:11:49,477 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe'
2024-08-03 19:11:49,477 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe' with parts '['installer', 'exe']'
2024-08-03 19:11:49,477 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:11:49,477 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe is malicious. Virus: Ins_NSIS_Buer_Nov_2020_1
2024-08-03 19:11:49,477 - ERROR - Could not extract original file path from decompiled file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:11:49,477 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:11:49,489 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak
2024-08-03 19:11:49,499 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak
2024-08-03 19:11:49,591 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak
2024-08-03 19:11:50,117 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 19:11:50,117 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:11:50,117 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 19:11:50,131 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak - No viruses detected
2024-08-03 19:11:50,131 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak'
2024-08-03 19:11:50,131 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak' with parts '['chrome_100_percent', 'pak']'
2024-08-03 19:11:50,131 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:11:50,131 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak
2024-08-03 19:11:50,131 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak
2024-08-03 19:11:50,131 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak
2024-08-03 19:11:50,219 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak
2024-08-03 19:11:51,050 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 19:11:51,055 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 19:11:51,055 - INFO - Rule DontDoThatNoReally is excluded.
2024-08-03 19:11:51,055 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:11:51,055 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 19:11:51,055 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak - No viruses detected
2024-08-03 19:11:51,055 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak'
2024-08-03 19:11:51,055 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak' with parts '['chrome_200_percent', 'pak']'
2024-08-03 19:11:51,055 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:11:51,055 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak
2024-08-03 19:11:51,055 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\d3dcompiler_47.dll
2024-08-03 19:11:55,704 - INFO - Scanning domain: fp.msedge.net
2024-08-03 19:11:57,471 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\d3dcompiler_47.dll
2024-08-03 19:11:59,290 - INFO - DNS Query (IPv4): fp.msedge.net
2024-08-03 19:11:59,290 - INFO - DNS Query (IPv4): fp.msedge.net
2024-08-03 19:11:59,290 - INFO - DNS Answer (IPv4): fp.msedge.net
2024-08-03 19:11:59,290 - INFO - Scanning domain: 1.perf.msedge.net
2024-08-03 19:12:01,721 - INFO - DNS Answer (IPv4): 1.perf.msedge.net
2024-08-03 19:12:01,721 - INFO - Scanning domain: a-0019.a-msedge.net
2024-08-03 19:12:04,412 - INFO - DNS Answer (IPv4): a-0019.a-msedge.net
2024-08-03 19:12:04,412 - INFO - Scanning domain: a-0019.a.dns.azurefd.net
2024-08-03 19:12:06,940 - INFO - DNS Answer (IPv4): a-0019.a.dns.azurefd.net
2024-08-03 19:12:06,940 - INFO - Scanning domain: a-0019.standard.a-msedge.net
2024-08-03 19:12:09,529 - INFO - DNS Answer (IPv4): a-0019.standard.a-msedge.net
2024-08-03 19:12:09,799 - INFO - Scanning domain: b-ring.msedge.net
2024-08-03 19:12:13,588 - INFO - DNS Query (IPv4): b-ring.msedge.net
2024-08-03 19:12:13,624 - INFO - DNS Query (IPv4): b-ring.msedge.net
2024-08-03 19:12:13,624 - INFO - DNS Answer (IPv4): b-ring.msedge.net
2024-08-03 19:12:13,624 - INFO - Scanning domain: b-ring.b-9999.b-msedge.net
2024-08-03 19:12:17,185 - INFO - DNS Answer (IPv4): b-ring.b-9999.b-msedge.net
2024-08-03 19:12:17,185 - INFO - Scanning domain: b-9999.b-msedge.net
2024-08-03 19:12:20,594 - INFO - DNS Answer (IPv4): b-9999.b-msedge.net
2024-08-03 19:12:21,160 - INFO - Scanning domain: fp-vs.azureedge.net
2024-08-03 19:12:25,191 - INFO - DNS Query (IPv4): fp-vs.azureedge.net
2024-08-03 19:12:25,191 - INFO - DNS Query (IPv4): fp-vs.azureedge.net
2024-08-03 19:12:25,191 - INFO - DNS Answer (IPv4): fp-vs.azureedge.net
2024-08-03 19:12:25,191 - INFO - Scanning domain: fp-vs.ec.azureedge.net
2024-08-03 19:12:27,892 - INFO - DNS Answer (IPv4): fp-vs.ec.azureedge.net
2024-08-03 19:12:27,892 - INFO - Scanning domain: cs9.wpc.v0cdn.net
2024-08-03 19:12:32,072 - INFO - DNS Answer (IPv4): cs9.wpc.v0cdn.net
2024-08-03 19:12:32,684 - INFO - Scanning domain: ocsp.digicert.com
2024-08-03 19:12:37,785 - INFO - DNS Query (IPv4): ocsp.digicert.com
2024-08-03 19:12:37,792 - INFO - DNS Query (IPv4): ocsp.digicert.com
2024-08-03 19:12:37,792 - INFO - DNS Answer (IPv4): ocsp.digicert.com
2024-08-03 19:12:37,793 - INFO - Scanning domain: ocsp.edge.digicert.com
2024-08-03 19:12:42,092 - INFO - DNS Answer (IPv4): ocsp.edge.digicert.com
2024-08-03 19:12:42,092 - INFO - Scanning domain: fp2e7a.wpc.2be4.phicdn.net
2024-08-03 19:12:47,070 - INFO - DNS Answer (IPv4): fp2e7a.wpc.2be4.phicdn.net
2024-08-03 19:12:47,070 - INFO - Scanning domain: fp2e7a.wpc.phicdn.net
2024-08-03 19:12:52,716 - INFO - DNS Answer (IPv4): fp2e7a.wpc.phicdn.net
2024-08-03 19:12:52,925 - INFO - Scanning domain: fp-vs-nocache.azureedge.net
2024-08-03 19:12:58,321 - INFO - DNS Query (IPv4): fp-vs-nocache.azureedge.net
2024-08-03 19:12:58,321 - INFO - DNS Query (IPv4): fp-vs-nocache.azureedge.net
2024-08-03 19:12:58,321 - INFO - DNS Answer (IPv4): fp-vs-nocache.azureedge.net
2024-08-03 19:12:58,321 - INFO - Scanning domain: fp-vs-nocache.ec.azureedge.net
2024-08-03 19:13:04,800 - INFO - DNS Answer (IPv4): fp-vs-nocache.ec.azureedge.net
2024-08-03 19:13:04,800 - INFO - DNS Answer (IPv4): cs9.wpc.v0cdn.net
2024-08-03 19:13:05,115 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 19:13:16,509 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 19:13:16,509 - INFO - DNS Answer (IPv4): th.bing.com
2024-08-03 19:13:16,509 - INFO - DNS Answer (IPv4): p-th.bing.com.trafficmanager.net
2024-08-03 19:13:16,509 - INFO - DNS Answer (IPv4): th.bing.com.edgekey.net
2024-08-03 19:13:16,509 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:13:16,509 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:13:16,509 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:13:16,509 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:13:16,509 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:13:16,509 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:13:16,509 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:13:16,509 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:13:16,509 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:13:16,649 - INFO - Scanning domain: afdxtest.z01.azurefd.net
2024-08-03 19:13:29,669 - INFO - DNS Query (IPv4): afdxtest.z01.azurefd.net
2024-08-03 19:13:29,781 - INFO - DNS Query (IPv4): afdxtest.z01.azurefd.net
2024-08-03 19:13:29,781 - INFO - DNS Answer (IPv4): afdxtest.z01.azurefd.net
2024-08-03 19:13:29,781 - INFO - DNS Answer (IPv4): star-azurefd-prod.trafficmanager.net
2024-08-03 19:13:29,781 - INFO - DNS Answer (IPv4): shed.dual-low.s-part-0039.t-0009.t-msedge.net
2024-08-03 19:13:29,781 - INFO - DNS Answer (IPv4): s-part-0039.t-0009.t-msedge.net
2024-08-03 19:13:29,781 - INFO - Scanning domain: 2c3157b807b74c90e03ea1cd53598cf3.azr.footprintdns.com
2024-08-03 19:13:46,587 - INFO - DNS Query (IPv4): 2c3157b807b74c90e03ea1cd53598cf3.azr.footprintdns.com
2024-08-03 19:13:46,587 - INFO - DNS Query (IPv4): 2c3157b807b74c90e03ea1cd53598cf3.azr.footprintdns.com
2024-08-03 19:13:46,587 - INFO - DNS Answer (IPv4): 2c3157b807b74c90e03ea1cd53598cf3.azr.footprintdns.com
2024-08-03 19:13:46,587 - INFO - Scanning domain: azperfmaptargets-prod.trafficmanager.net
2024-08-03 19:14:01,013 - INFO - DNS Answer (IPv4): azperfmaptargets-prod.trafficmanager.net
2024-08-03 19:14:01,013 - INFO - Scanning domain: jnb21prdapp02-canary-opaph.netmon.azure.com
2024-08-03 19:14:20,726 - INFO - DNS Answer (IPv4): jnb21prdapp02-canary-opaph.netmon.azure.com
2024-08-03 19:14:20,726 - INFO - Scanning domain: jnb21prdapp02-canary-opaph.southafricanorth.cloudapp.azure.com
2024-08-03 19:14:39,647 - INFO - DNS Answer (IPv4): jnb21prdapp02-canary-opaph.southafricanorth.cloudapp.azure.com
2024-08-03 19:14:39,981 - INFO - Scanning domain: static-ecst.licdn.com
2024-08-03 19:14:58,811 - INFO - DNS Query (IPv4): static-ecst.licdn.com
2024-08-03 19:14:58,843 - INFO - DNS Query (IPv4): static-ecst.licdn.com
2024-08-03 19:14:58,843 - INFO - DNS Answer (IPv4): static-ecst.licdn.com
2024-08-03 19:14:58,843 - INFO - Scanning domain: cs1404.wpc.epsiloncdn.net
2024-08-03 19:15:11,779 - INFO - DNS Answer (IPv4): cs1404.wpc.epsiloncdn.net
2024-08-03 19:15:12,299 - INFO - Scanning domain: 4598f8bc55067a20cae4e3f5160ae32e.nrb.footprintdns.com
2024-08-03 19:15:24,330 - INFO - DNS Query (IPv4): 4598f8bc55067a20cae4e3f5160ae32e.nrb.footprintdns.com
2024-08-03 19:15:24,332 - INFO - DNS Query (IPv4): 4598f8bc55067a20cae4e3f5160ae32e.nrb.footprintdns.com
2024-08-03 19:15:24,332 - INFO - DNS Answer (IPv4): 4598f8bc55067a20cae4e3f5160ae32e.nrb.footprintdns.com
2024-08-03 19:15:24,338 - INFO - Scanning domain: syd-mvp.trafficmanager.net
2024-08-03 19:15:34,371 - INFO - DNS Answer (IPv4): syd-mvp.trafficmanager.net
2024-08-03 19:15:34,371 - INFO - DNS Answer (IPv4): syd-mvp.trafficmanager.net
2024-08-03 19:15:34,371 - INFO - DNS Answer (IPv4): syd-mvp.trafficmanager.net
2024-08-03 19:15:34,371 - INFO - DNS Answer (IPv4): syd-mvp.trafficmanager.net
2024-08-03 19:15:34,371 - INFO - DNS Answer (IPv4): syd-mvp.trafficmanager.net
2024-08-03 19:15:34,371 - INFO - DNS Answer (IPv4): syd-mvp.trafficmanager.net
2024-08-03 19:15:34,371 - INFO - DNS Answer (IPv4): syd-mvp.trafficmanager.net
2024-08-03 19:15:34,371 - INFO - DNS Answer (IPv4): syd-mvp.trafficmanager.net
2024-08-03 19:15:34,770 - INFO - Scanning domain: x1.c.lencr.org
2024-08-03 19:15:40,037 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-08-03 19:15:40,037 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 19:15:40,037 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 19:15:40,037 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-08-03 19:15:40,037 - INFO - Rule head_mz is excluded.
2024-08-03 19:15:40,047 - INFO - Rule head_pe_signed is excluded.
2024-08-03 19:15:40,047 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:15:40,047 - INFO - Rule ct_size_10mb_100mb is excluded.
2024-08-03 19:15:40,047 - INFO - Rule head_mz_f_large_gt_10mb is excluded.
2024-08-03 19:15:40,047 - INFO - Rule Contains_PE_File is excluded.
2024-08-03 19:15:40,047 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-08-03 19:15:40,068 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 19:15:40,068 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-08-03 19:15:40,068 - INFO - Rule http is excluded.
2024-08-03 19:15:40,068 - INFO - Rule Failed_Checksum is excluded.
2024-08-03 19:15:40,068 - INFO - Rule Hunting_resources_noimps is excluded.
2024-08-03 19:15:40,068 - INFO - Rule CRC32_poly_Constant is excluded.
2024-08-03 19:15:40,068 - INFO - Rule escalate_priv is excluded.
2024-08-03 19:15:40,068 - INFO - Rule screenshot is excluded.
2024-08-03 19:15:40,068 - INFO - Rule win_registry is excluded.
2024-08-03 19:15:40,068 - INFO - Rule win_token is excluded.
2024-08-03 19:15:40,068 - INFO - Rule win_private_profile is excluded.
2024-08-03 19:15:40,068 - INFO - Rule win_files_operation is excluded.
2024-08-03 19:15:40,068 - INFO - Rule Win_Spyware_Zbot_1290 is excluded.
2024-08-03 19:15:40,068 - INFO - Rule Nsis_archive_signature__8_byt_16_ is excluded.
2024-08-03 19:15:40,068 - INFO - Rule _Hyper_Archive_ is excluded.
2024-08-03 19:15:40,068 - INFO - Rule create_process is excluded.
2024-08-03 19:15:40,068 - INFO - Rule VBox_Detection is excluded.
2024-08-03 19:15:40,068 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-08-03 19:15:40,068 - INFO - Rule IsPE32 is excluded.
2024-08-03 19:15:40,068 - INFO - Rule IsWindowsGUI is excluded.
2024-08-03 19:15:40,068 - INFO - Rule IsPacked is excluded.
2024-08-03 19:15:40,068 - INFO - Rule HasOverlay is excluded.
2024-08-03 19:15:40,068 - INFO - Rule HasRichSignature is excluded.
2024-08-03 19:15:40,068 - INFO - Rule Nullsoft_NSIS is excluded.
2024-08-03 19:15:44,771 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe - Virus: ['Ins_NSIS_Buer_Nov_2020_1']
2024-08-03 19:15:44,771 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe'
2024-08-03 19:15:44,779 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe' with parts '['installer', 'exe']'
2024-08-03 19:15:44,779 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:15:44,779 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe is malicious. Virus: Ins_NSIS_Buer_Nov_2020_1
2024-08-03 19:15:44,780 - ERROR - Could not extract original file path from decompiled file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:15:46,412 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak
2024-08-03 19:15:46,664 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak
2024-08-03 19:15:46,754 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak
2024-08-03 19:15:48,060 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak
2024-08-03 19:15:48,967 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 19:15:48,967 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:15:48,967 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 19:15:48,967 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak - No viruses detected
2024-08-03 19:15:48,967 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak'
2024-08-03 19:15:48,967 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak' with parts '['chrome_100_percent', 'pak']'
2024-08-03 19:15:48,967 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:15:48,967 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak
2024-08-03 19:15:48,967 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak
2024-08-03 19:15:49,675 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak
2024-08-03 19:15:50,072 - INFO - DNS Query (IPv4): x1.c.lencr.org
2024-08-03 19:15:50,072 - INFO - DNS Query (IPv4): x1.c.lencr.org
2024-08-03 19:15:50,072 - INFO - DNS Answer (IPv4): x1.c.lencr.org
2024-08-03 19:15:50,072 - INFO - Scanning domain: crl.root-x1.letsencrypt.org.edgekey.net
2024-08-03 19:15:50,473 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak
2024-08-03 19:15:53,103 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 19:15:53,103 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 19:15:53,103 - INFO - Rule DontDoThatNoReally is excluded.
2024-08-03 19:15:53,103 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:15:53,103 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 19:15:53,119 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak - No viruses detected
2024-08-03 19:15:53,123 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak'
2024-08-03 19:15:53,123 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak' with parts '['chrome_200_percent', 'pak']'
2024-08-03 19:15:53,123 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:15:53,123 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\d3dcompiler_47.dll
2024-08-03 19:15:53,123 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\d3dcompiler_47.dll
2024-08-03 19:15:54,658 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-08-03 19:15:54,660 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 19:15:54,660 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 19:15:54,660 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-08-03 19:15:54,660 - INFO - Rule head_mz is excluded.
2024-08-03 19:15:54,660 - INFO - Rule head_pe_signed is excluded.
2024-08-03 19:15:54,660 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:15:54,663 - INFO - Rule ct_size_10mb_100mb is excluded.
2024-08-03 19:15:54,663 - INFO - Rule head_mz_f_large_gt_10mb is excluded.
2024-08-03 19:15:54,663 - INFO - Rule Contains_PE_File is excluded.
2024-08-03 19:15:54,663 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-08-03 19:15:54,663 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 19:15:54,663 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-08-03 19:15:54,663 - INFO - Rule http is excluded.
2024-08-03 19:15:54,663 - INFO - Rule Failed_Checksum is excluded.
2024-08-03 19:15:54,663 - INFO - Rule Hunting_resources_noimps is excluded.
2024-08-03 19:15:54,663 - INFO - Rule CRC32_poly_Constant is excluded.
2024-08-03 19:15:54,663 - INFO - Rule escalate_priv is excluded.
2024-08-03 19:15:54,663 - INFO - Rule screenshot is excluded.
2024-08-03 19:15:54,663 - INFO - Rule win_registry is excluded.
2024-08-03 19:15:54,663 - INFO - Rule win_token is excluded.
2024-08-03 19:15:54,663 - INFO - Rule win_private_profile is excluded.
2024-08-03 19:15:54,663 - INFO - Rule win_files_operation is excluded.
2024-08-03 19:15:54,663 - INFO - Rule Win_Spyware_Zbot_1290 is excluded.
2024-08-03 19:15:54,663 - INFO - Rule Nsis_archive_signature__8_byt_16_ is excluded.
2024-08-03 19:15:54,663 - INFO - Rule _Hyper_Archive_ is excluded.
2024-08-03 19:15:54,663 - INFO - Rule create_process is excluded.
2024-08-03 19:15:54,663 - INFO - Rule VBox_Detection is excluded.
2024-08-03 19:15:54,663 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-08-03 19:15:54,663 - INFO - Rule IsPE32 is excluded.
2024-08-03 19:15:54,663 - INFO - Rule IsWindowsGUI is excluded.
2024-08-03 19:15:54,663 - INFO - Rule IsPacked is excluded.
2024-08-03 19:15:54,663 - INFO - Rule HasOverlay is excluded.
2024-08-03 19:15:54,663 - INFO - Rule HasRichSignature is excluded.
2024-08-03 19:15:54,663 - INFO - Rule Nullsoft_NSIS is excluded.
2024-08-03 19:15:57,240 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe - Virus: ['Ins_NSIS_Buer_Nov_2020_1']
2024-08-03 19:15:57,671 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe'
2024-08-03 19:15:57,677 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe' with parts '['installer', 'exe']'
2024-08-03 19:15:57,677 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:15:57,677 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe is malicious. Virus: Ins_NSIS_Buer_Nov_2020_1
2024-08-03 19:15:57,677 - ERROR - Could not extract original file path from decompiled file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:15:59,131 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak
2024-08-03 19:15:59,131 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak
2024-08-03 19:15:59,525 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\d3dcompiler_47.dll
2024-08-03 19:16:00,001 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak
2024-08-03 19:16:01,686 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 19:16:01,686 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:16:01,686 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 19:16:01,686 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak - No viruses detected
2024-08-03 19:16:01,686 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak'
2024-08-03 19:16:01,686 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak' with parts '['chrome_100_percent', 'pak']'
2024-08-03 19:16:01,686 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:16:01,686 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak
2024-08-03 19:16:01,934 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak
2024-08-03 19:16:02,576 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak
2024-08-03 19:16:04,180 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 19:16:04,180 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 19:16:04,180 - INFO - Rule DontDoThatNoReally is excluded.
2024-08-03 19:16:04,180 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:16:04,180 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 19:16:04,180 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak - No viruses detected
2024-08-03 19:16:04,180 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak'
2024-08-03 19:16:04,180 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak' with parts '['chrome_200_percent', 'pak']'
2024-08-03 19:16:04,180 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:16:04,180 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\d3dcompiler_47.dll
2024-08-03 19:16:09,134 - INFO - DNS Answer (IPv4): crl.root-x1.letsencrypt.org.edgekey.net
2024-08-03 19:16:09,134 - INFO - Scanning domain: e8652.dscx.akamaiedge.net
2024-08-03 19:16:09,736 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\d3dcompiler_47.dll
2024-08-03 19:16:15,984 - INFO - DNS Answer (IPv4): e8652.dscx.akamaiedge.net
2024-08-03 19:16:16,398 - INFO - Scanning domain: x2.c.lencr.org
2024-08-03 19:16:24,771 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-08-03 19:16:24,771 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 19:16:24,771 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 19:16:24,771 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-08-03 19:16:24,771 - INFO - Rule head_mz is excluded.
2024-08-03 19:16:24,771 - INFO - Rule head_pe_signed is excluded.
2024-08-03 19:16:24,771 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:16:24,771 - INFO - Rule ct_size_10mb_100mb is excluded.
2024-08-03 19:16:24,771 - INFO - Rule head_mz_f_large_gt_10mb is excluded.
2024-08-03 19:16:24,771 - INFO - Rule Contains_PE_File is excluded.
2024-08-03 19:16:24,771 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-08-03 19:16:24,771 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 19:16:24,771 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-08-03 19:16:24,771 - INFO - Rule http is excluded.
2024-08-03 19:16:24,771 - INFO - Rule Failed_Checksum is excluded.
2024-08-03 19:16:24,771 - INFO - Rule Hunting_resources_noimps is excluded.
2024-08-03 19:16:24,771 - INFO - Rule CRC32_poly_Constant is excluded.
2024-08-03 19:16:24,771 - INFO - Rule escalate_priv is excluded.
2024-08-03 19:16:24,771 - INFO - Rule screenshot is excluded.
2024-08-03 19:16:24,771 - INFO - Rule win_registry is excluded.
2024-08-03 19:16:24,771 - INFO - Rule win_token is excluded.
2024-08-03 19:16:24,771 - INFO - Rule win_private_profile is excluded.
2024-08-03 19:16:24,771 - INFO - Rule win_files_operation is excluded.
2024-08-03 19:16:24,771 - INFO - Rule Win_Spyware_Zbot_1290 is excluded.
2024-08-03 19:16:24,771 - INFO - Rule Nsis_archive_signature__8_byt_16_ is excluded.
2024-08-03 19:16:24,771 - INFO - Rule _Hyper_Archive_ is excluded.
2024-08-03 19:16:24,771 - INFO - Rule create_process is excluded.
2024-08-03 19:16:24,771 - INFO - Rule VBox_Detection is excluded.
2024-08-03 19:16:24,771 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-08-03 19:16:24,771 - INFO - Rule IsPE32 is excluded.
2024-08-03 19:16:24,771 - INFO - Rule IsWindowsGUI is excluded.
2024-08-03 19:16:24,771 - INFO - Rule IsPacked is excluded.
2024-08-03 19:16:24,771 - INFO - Rule HasOverlay is excluded.
2024-08-03 19:16:24,771 - INFO - Rule HasRichSignature is excluded.
2024-08-03 19:16:24,771 - INFO - Rule Nullsoft_NSIS is excluded.
2024-08-03 19:16:28,635 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe - Virus: ['Ins_NSIS_Buer_Nov_2020_1']
2024-08-03 19:16:28,635 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe'
2024-08-03 19:16:28,635 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe' with parts '['installer', 'exe']'
2024-08-03 19:16:28,635 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:16:28,635 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe is malicious. Virus: Ins_NSIS_Buer_Nov_2020_1
2024-08-03 19:16:28,635 - ERROR - Could not extract original file path from decompiled file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\kyrazongodot-updater\installer.exe
2024-08-03 19:16:29,145 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot: chrome_100_percent.pak
2024-08-03 19:16:29,145 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak
2024-08-03 19:16:29,239 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak
2024-08-03 19:16:29,751 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak
2024-08-03 19:16:30,607 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 19:16:30,638 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:16:30,638 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 19:16:30,638 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak - No viruses detected
2024-08-03 19:16:30,638 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak'
2024-08-03 19:16:30,638 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak' with parts '['chrome_100_percent', 'pak']'
2024-08-03 19:16:30,638 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_100_percent.pak' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:16:30,638 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot: chrome_200_percent.pak
2024-08-03 19:16:30,638 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak
2024-08-03 19:16:30,771 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak
2024-08-03 19:16:30,864 - INFO - DNS Query (IPv4): x2.c.lencr.org
2024-08-03 19:16:30,864 - INFO - DNS Query (IPv4): x2.c.lencr.org
2024-08-03 19:16:30,864 - INFO - DNS Answer (IPv4): x2.c.lencr.org
2024-08-03 19:16:30,864 - INFO - DNS Answer (IPv4): crl.root-x1.letsencrypt.org.edgekey.net
2024-08-03 19:16:30,864 - INFO - DNS Answer (IPv4): e8652.dscx.akamaiedge.net
2024-08-03 19:16:33,047 - INFO - Scanning domain: fp-afd.azurefd.net
2024-08-03 19:16:33,304 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak
2024-08-03 19:16:36,047 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 19:16:36,059 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 19:16:36,059 - INFO - Rule DontDoThatNoReally is excluded.
2024-08-03 19:16:36,059 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 19:16:36,059 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 19:16:36,071 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak - No viruses detected
2024-08-03 19:16:36,071 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak'
2024-08-03 19:16:36,079 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak' with parts '['chrome_200_percent', 'pak']'
2024-08-03 19:16:36,079 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\chrome_200_percent.pak' does not have multiple extensions, not flagged as ransomware
2024-08-03 19:16:36,079 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot: d3dcompiler_47.dll
2024-08-03 19:16:36,079 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\d3dcompiler_47.dll
2024-08-03 19:16:42,472 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Programs\KyrazonGodot\d3dcompiler_47.dll
2024-08-03 19:16:52,771 - INFO - DNS Query (IPv4): fp-afd.azurefd.net
2024-08-03 19:16:52,771 - INFO - DNS Query (IPv4): fp-afd.azurefd.net
2024-08-03 19:16:52,771 - INFO - DNS Answer (IPv4): fp-afd.azurefd.net
2024-08-03 19:16:52,771 - INFO - Scanning domain: azurefd-t-prod.trafficmanager.net
2024-08-03 19:17:02,877 - INFO - DNS Answer (IPv4): azurefd-t-prod.trafficmanager.net
2024-08-03 19:17:02,877 - INFO - DNS Answer (IPv4): shed.dual-low.s-part-0039.t-0009.t-msedge.net
2024-08-03 19:17:02,877 - INFO - DNS Answer (IPv4): s-part-0039.t-0009.t-msedge.net
2024-08-03 19:17:02,979 - INFO - Scanning domain: dual-s-ring.msedge.net
2024-08-03 19:17:13,401 - INFO - DNS Query (IPv4): dual-s-ring.msedge.net
2024-08-03 19:17:13,575 - INFO - DNS Query (IPv4): dual-s-ring.msedge.net
2024-08-03 19:17:13,577 - INFO - DNS Answer (IPv4): dual-s-ring.msedge.net
2024-08-03 19:17:13,581 - INFO - Scanning domain: s-ring.dual-s-9999.dual-s-msedge.net
2024-08-03 19:17:25,149 - INFO - DNS Answer (IPv4): s-ring.dual-s-9999.dual-s-msedge.net
2024-08-03 19:17:25,149 - INFO - Scanning domain: dual-s-9999.dual-s-msedge.net
2024-08-03 19:17:35,244 - INFO - DNS Answer (IPv4): dual-s-9999.dual-s-msedge.net
2024-08-03 19:17:35,244 - INFO - DNS Answer (IPv4): dual-s-9999.dual-s-msedge.net
2024-08-03 19:17:42,362 - INFO - Scanning domain: arm-ring.msedge.net
2024-08-03 19:17:47,180 - INFO - DNS Query (IPv4): arm-ring.msedge.net
2024-08-03 19:17:47,180 - INFO - DNS Query (IPv4): arm-ring.msedge.net
2024-08-03 19:17:47,180 - INFO - DNS Answer (IPv4): arm-ring.msedge.net
2024-08-03 19:17:47,180 - INFO - Scanning domain: arm-ring.arm-9999.arm-msedge.net
2024-08-03 19:17:59,403 - INFO - DNS Answer (IPv4): arm-ring.arm-9999.arm-msedge.net
2024-08-03 19:17:59,403 - INFO - Scanning domain: arm-9999.arm-msedge.net
2024-08-03 19:18:07,520 - INFO - DNS Answer (IPv4): arm-9999.arm-msedge.net
2024-08-03 19:18:07,637 - INFO - Scanning domain: arc-ring.msedge.net
2024-08-03 19:18:20,393 - INFO - DNS Query (IPv4): arc-ring.msedge.net
2024-08-03 19:18:20,393 - INFO - DNS Query (IPv4): arc-ring.msedge.net
2024-08-03 19:18:20,393 - INFO - DNS Answer (IPv4): arc-ring.msedge.net
2024-08-03 19:18:20,393 - INFO - Scanning domain: arc-ring.arc-9999.arc-msedge.net
2024-08-03 19:18:35,949 - INFO - DNS Answer (IPv4): arc-ring.arc-9999.arc-msedge.net
2024-08-03 19:18:35,949 - INFO - Scanning domain: arc-9999.arc-msedge.net
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): arc-9999.arc-msedge.net
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): arc-9999.arc-msedge.net
2024-08-03 19:18:43,584 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:18:43,584 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:18:43,584 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:18:43,584 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:18:43,584 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:18:43,584 - INFO - Scanning domain: fp-afd-nocache-ccp.azureedge.net
2024-08-03 19:18:49,422 - INFO - DNS Query (IPv4): fp-afd-nocache-ccp.azureedge.net
2024-08-03 19:18:49,523 - INFO - DNS Query (IPv4): fp-afd-nocache-ccp.azureedge.net
2024-08-03 19:18:49,523 - INFO - DNS Answer (IPv4): fp-afd-nocache-ccp.azureedge.net
2024-08-03 19:18:49,523 - INFO - Scanning domain: fp-afd-nocache-ccp.afd.azureedge.net
2024-08-03 19:18:54,203 - INFO - DNS Answer (IPv4): fp-afd-nocache-ccp.afd.azureedge.net
2024-08-03 19:18:54,203 - INFO - Scanning domain: azureedge-t-prod.trafficmanager.net
2024-08-03 19:19:01,306 - INFO - DNS Answer (IPv4): azureedge-t-prod.trafficmanager.net
2024-08-03 19:19:01,306 - INFO - DNS Answer (IPv4): shed.dual-low.s-part-0039.t-0009.t-msedge.net
2024-08-03 19:19:01,306 - INFO - DNS Answer (IPv4): s-part-0039.t-0009.t-msedge.net
2024-08-03 19:19:01,306 - INFO - Scanning domain: l-ring.msedge.net
2024-08-03 19:19:09,232 - INFO - DNS Query (IPv4): l-ring.msedge.net
2024-08-03 19:19:09,232 - INFO - DNS Query (IPv4): l-ring.msedge.net
2024-08-03 19:19:09,232 - INFO - DNS Answer (IPv4): l-ring.msedge.net
2024-08-03 19:19:09,232 - INFO - Scanning domain: l-ring.l-9999.l-msedge.net
2024-08-03 19:19:27,869 - INFO - DNS Answer (IPv4): l-ring.l-9999.l-msedge.net
2024-08-03 19:19:27,869 - INFO - Scanning domain: l-9999.l-msedge.net
2024-08-03 19:19:55,221 - INFO - DNS Answer (IPv4): l-9999.l-msedge.net
2024-08-03 19:19:56,167 - INFO - Scanning domain: pnq20prdapp01-canary-opaph.netmon.azure.com
2024-08-03 19:20:07,212 - INFO - DNS Query (IPv4): pnq20prdapp01-canary-opaph.netmon.azure.com
2024-08-03 19:20:07,212 - INFO - DNS Query (IPv4): pnq20prdapp01-canary-opaph.netmon.azure.com
2024-08-03 19:20:07,212 - INFO - DNS Answer (IPv4): pnq20prdapp01-canary-opaph.netmon.azure.com
2024-08-03 19:20:07,212 - INFO - Scanning domain: pnq20prdapp01-canary-opaph.centralindia.cloudapp.azure.com
2024-08-03 19:20:24,184 - INFO - DNS Answer (IPv4): pnq20prdapp01-canary-opaph.centralindia.cloudapp.azure.com
2024-08-03 19:20:24,184 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 19:20:24,184 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 19:20:24,184 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 19:20:24,184 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 19:20:24,184 - INFO - DNS Query (IPv4): licensing.security.comodo.com
2024-08-03 19:20:24,184 - INFO - DNS Query (IPv4): licensing.security.comodo.com
2024-08-03 19:20:24,184 - INFO - DNS Answer (IPv4): licensing.security.comodo.com
2024-08-03 19:20:25,072 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-08-03 19:20:25,072 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-08-03 19:20:25,072 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-08-03 19:20:25,072 - INFO - DNS Answer (IPv4): edge.microsoft.com
2024-08-03 19:20:25,072 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-08-03 19:20:26,177 - INFO - DNS Answer (IPv4): edge.microsoft.com
2024-08-03 19:20:26,184 - INFO - DNS Answer (IPv4): edge-microsoft-com.dual-a-0036.a-msedge.net
2024-08-03 19:20:26,184 - INFO - DNS Answer (IPv4): dual-a-0036.a-msedge.net
2024-08-03 19:20:26,184 - INFO - DNS Answer (IPv4): dual-a-0036.a-msedge.net
2024-08-03 19:20:26,223 - INFO - DNS Query (IPv4): dns.msftncsi.com
2024-08-03 19:20:26,223 - INFO - DNS Query (IPv4): dns.msftncsi.com
2024-08-03 19:20:26,223 - INFO - DNS Query (IPv4): dns.msftncsi.com
2024-08-03 19:20:26,223 - INFO - DNS Answer (IPv4): dns.msftncsi.com
2024-08-03 19:20:26,223 - INFO - DNS Query (IPv4): dns.msftncsi.com
2024-08-03 19:20:26,223 - INFO - DNS Answer (IPv4): dns.msftncsi.com
2024-08-03 19:20:26,223 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 19:20:26,223 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 19:20:26,223 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 19:20:26,223 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 19:20:26,223 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 19:20:26,223 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 19:20:26,223 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 19:20:26,223 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 19:20:26,223 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 19:20:26,223 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 19:20:26,223 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 19:20:26,223 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 19:20:26,223 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 19:20:26,223 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:20:26,223 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:20:26,223 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:20:26,223 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:20:26,223 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:20:26,223 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:20:26,223 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:20:26,223 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:20:26,223 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:20:26,457 - INFO - DNS Query (IPv4): cmc.comodo.com
2024-08-03 19:20:26,457 - INFO - DNS Query (IPv4): cmc.comodo.com
2024-08-03 19:20:26,475 - INFO - DNS Answer (IPv4): cmc.comodo.com
2024-08-03 19:20:26,490 - INFO - Scanning domain: officeclient.microsoft.com
2024-08-03 19:20:31,969 - INFO - DNS Query (IPv4): officeclient.microsoft.com
2024-08-03 19:20:31,969 - INFO - DNS Query (IPv4): officeclient.microsoft.com
2024-08-03 19:20:31,969 - INFO - DNS Answer (IPv4): officeclient.microsoft.com
2024-08-03 19:20:31,969 - INFO - Scanning domain: config.officeapps.live.com
2024-08-03 19:20:37,019 - INFO - DNS Answer (IPv4): config.officeapps.live.com
2024-08-03 19:20:37,019 - INFO - Scanning domain: prod.configsvc1.live.com.akadns.net
2024-08-03 19:20:43,711 - INFO - DNS Answer (IPv4): prod.configsvc1.live.com.akadns.net
2024-08-03 19:20:43,711 - INFO - Scanning domain: europe.configsvc1.live.com.akadns.net
2024-08-03 19:20:50,081 - INFO - DNS Answer (IPv4): europe.configsvc1.live.com.akadns.net
2024-08-03 19:20:50,081 - INFO - Scanning domain: uks-azsc-config.officeapps.live.com
2024-08-03 19:21:02,328 - INFO - DNS Answer (IPv4): uks-azsc-config.officeapps.live.com
2024-08-03 19:21:02,729 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 19:21:03,066 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 19:21:03,066 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 19:21:03,066 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 19:21:03,066 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 19:21:03,066 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:21:03,066 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:21:03,066 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:21:03,066 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:21:03,066 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:21:03,081 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:21:03,081 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:21:03,081 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:21:03,081 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:21:03,081 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:21:03,081 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:21:03,081 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 19:21:03,081 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 19:21:03,081 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:21:03,081 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:21:03,081 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:21:03,081 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:21:03,081 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:21:03,081 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:21:03,081 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:21:03,081 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:21:03,081 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:21:03,081 - INFO - DNS Query (IPv4): download.comodo.com
2024-08-03 19:21:03,081 - INFO - DNS Query (IPv4): download.comodo.com
2024-08-03 19:21:03,081 - INFO - DNS Answer (IPv4): download.comodo.com
2024-08-03 19:21:03,081 - INFO - DNS Query (IPv4): fd.api.iris.microsoft.com
2024-08-03 19:21:03,081 - INFO - DNS Query (IPv4): fd.api.iris.microsoft.com
2024-08-03 19:21:03,081 - INFO - DNS Answer (IPv4): fd.api.iris.microsoft.com
2024-08-03 19:21:03,081 - INFO - DNS Answer (IPv4): fd-api-iris.trafficmanager.net
2024-08-03 19:21:03,081 - INFO - Scanning domain: iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
2024-08-03 19:21:09,306 - INFO - DNS Answer (IPv4): iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
2024-08-03 19:21:09,306 - INFO - Scanning domain: odc.officeapps.live.com
2024-08-03 19:21:17,048 - INFO - DNS Query (IPv4): odc.officeapps.live.com
2024-08-03 19:21:17,822 - INFO - DNS Query (IPv4): odc.officeapps.live.com
2024-08-03 19:21:17,822 - INFO - DNS Answer (IPv4): odc.officeapps.live.com
2024-08-03 19:21:17,822 - INFO - Scanning domain: prod.odcsm1.live.com.akadns.net
2024-08-03 19:21:24,233 - INFO - DNS Answer (IPv4): prod.odcsm1.live.com.akadns.net
2024-08-03 19:21:24,233 - INFO - Scanning domain: europe.odcsm1.live.com.akadns.net
2024-08-03 19:21:30,446 - INFO - DNS Answer (IPv4): europe.odcsm1.live.com.akadns.net
2024-08-03 19:21:30,446 - INFO - Scanning domain: neu-azsc-000.odc.officeapps.live.com
2024-08-03 19:21:57,525 - INFO - DNS Answer (IPv4): neu-azsc-000.odc.officeapps.live.com
2024-08-03 19:21:57,525 - INFO - Scanning domain: osiprod-neu-bronze-azsc-000.northeurope.cloudapp.azure.com
2024-08-03 19:22:32,239 - INFO - DNS Answer (IPv4): osiprod-neu-bronze-azsc-000.northeurope.cloudapp.azure.com
2024-08-03 19:22:33,384 - INFO - DNS Query (IPv4): cdn.download.comodo.com
2024-08-03 19:22:33,488 - INFO - DNS Query (IPv4): cdn.download.comodo.com
2024-08-03 19:22:33,488 - INFO - DNS Answer (IPv4): cdn.download.comodo.com
2024-08-03 19:22:33,488 - INFO - DNS Answer (IPv4): cdn.download.comodo.com.i.belugacdn.com
2024-08-03 19:22:33,496 - INFO - DNS Answer (IPv4): cdn-download-comodo.b-cdn.net
2024-08-03 19:22:33,496 - INFO - DNS Query (IPv4): cdn.download.comodo.com
2024-08-03 19:22:33,496 - INFO - DNS Query (IPv4): cdn.download.comodo.com
2024-08-03 19:22:33,496 - INFO - DNS Answer (IPv4): cdn.download.comodo.com
2024-08-03 19:22:33,496 - INFO - DNS Answer (IPv4): cdn.download.comodo.com.i.belugacdn.com
2024-08-03 19:22:33,496 - INFO - DNS Answer (IPv4): cdn-download-comodo.b-cdn.net
2024-08-03 19:22:37,532 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 19:22:37,534 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 19:22:37,536 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 19:22:37,536 - INFO - DNS Answer (IPv4): ntp.msn.com
2024-08-03 19:22:37,536 - INFO - DNS Answer (IPv4): www-msn-com.a-0003.a-msedge.net
2024-08-03 19:22:37,536 - INFO - DNS Answer (IPv4): a-0003.a-msedge.net
2024-08-03 19:22:37,545 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 19:22:37,545 - INFO - DNS Answer (IPv4): ntp.msn.com
2024-08-03 19:22:37,570 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 19:22:38,110 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 19:22:38,114 - INFO - DNS Answer (IPv4): ntp.msn.com
2024-08-03 19:22:38,114 - INFO - DNS Answer (IPv4): www-msn-com.a-0003.a-msedge.net
2024-08-03 19:22:38,114 - INFO - DNS Answer (IPv4): a-0003.a-msedge.net
2024-08-03 19:22:39,035 - INFO - DNS Query (IPv4): deff.nelreports.net
2024-08-03 19:22:39,035 - INFO - DNS Query (IPv4): deff.nelreports.net
2024-08-03 19:22:39,036 - INFO - DNS Query (IPv4): deff.nelreports.net
2024-08-03 19:22:39,038 - INFO - DNS Answer (IPv4): deff.nelreports.net
2024-08-03 19:22:39,038 - INFO - DNS Answer (IPv4): deff.nelreports.net.akamaized.net
2024-08-03 19:22:39,462 - INFO - DNS Query (IPv4): deff.nelreports.net
2024-08-03 19:22:39,462 - INFO - DNS Answer (IPv4): deff.nelreports.net
2024-08-03 19:22:39,462 - INFO - DNS Answer (IPv4): deff.nelreports.net.akamaized.net
2024-08-03 19:22:39,462 - INFO - DNS Answer (IPv4): a1858.dscd.akamai.net
2024-08-03 19:22:39,462 - INFO - DNS Answer (IPv4): a1858.dscd.akamai.net
2024-08-03 19:22:39,497 - INFO - DNS Query (IPv4): img-s-msn-com.akamaized.net
2024-08-03 19:22:39,497 - INFO - DNS Query (IPv4): img-s-msn-com.akamaized.net
2024-08-03 19:22:39,497 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 19:22:39,500 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 19:22:39,500 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 19:22:39,500 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 19:22:39,500 - INFO - DNS Query (IPv4): img-s-msn-com.akamaized.net
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): img-s-msn-com.akamaized.net
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): a1834.dscg2.akamai.net
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): a1834.dscg2.akamai.net
2024-08-03 19:22:39,500 - INFO - DNS Query (IPv4): img-s-msn-com.akamaized.net
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): img-s-msn-com.akamaized.net
2024-08-03 19:22:39,500 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 19:22:39,500 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 19:22:39,500 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): th.bing.com
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): p-th.bing.com.trafficmanager.net
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): th.bing.com.edgekey.net
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:22:39,500 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:22:39,500 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 19:22:39,711 - INFO - DNS Answer (IPv4): th.bing.com
2024-08-03 19:22:39,711 - INFO - DNS Answer (IPv4): p-th.bing.com.trafficmanager.net
2024-08-03 19:22:39,711 - INFO - DNS Answer (IPv4): th.bing.com.edgekey.net
2024-08-03 19:22:39,711 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 19:22:39,711 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 19:22:39,711 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 19:22:39,711 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 19:22:39,711 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 19:22:39,711 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 19:22:39,711 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 19:22:39,711 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 19:22:39,711 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 19:22:39,711 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 19:22:39,711 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:22:39,711 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:22:39,711 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:22:39,711 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:22:39,711 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:22:39,711 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:22:39,711 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:22:39,711 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:22:39,711 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:22:39,711 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 19:22:39,711 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 19:22:39,711 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 19:22:39,711 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 19:22:39,711 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 19:22:40,143 - INFO - DNS Answer (IPv4): c.bing.com
2024-08-03 19:22:40,143 - INFO - DNS Answer (IPv4): c-bing-com.dual-a-0034.a-msedge.net
2024-08-03 19:22:40,143 - INFO - DNS Answer (IPv4): dual-a-0034.a-msedge.net
2024-08-03 19:22:40,143 - INFO - DNS Answer (IPv4): dual-a-0034.a-msedge.net
2024-08-03 19:22:40,143 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 19:22:40,143 - INFO - DNS Answer (IPv4): c.msn.com
2024-08-03 19:22:40,166 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 19:22:40,166 - INFO - DNS Answer (IPv4): c.msn.com
2024-08-03 19:22:40,166 - INFO - DNS Answer (IPv4): c-msn-com-nsatc.trafficmanager.net
2024-08-03 19:22:40,166 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 19:22:40,166 - INFO - DNS Answer (IPv4): c.bing.com
2024-08-03 19:22:40,166 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:22:40,174 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:22:40,174 - INFO - DNS Query (IPv4): api.msn.com
2024-08-03 19:22:40,181 - INFO - DNS Query (IPv4): api.msn.com
2024-08-03 19:22:40,481 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:22:40,481 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 19:22:40,483 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 19:22:40,486 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:22:40,486 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 19:22:40,486 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 19:22:40,486 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:22:40,486 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:22:40,486 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:22:40,488 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:22:40,488 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:22:40,488 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:22:40,488 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:22:40,488 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:22:40,488 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:22:40,488 - INFO - DNS Query (IPv4): api.msn.com
2024-08-03 19:22:40,488 - INFO - DNS Answer (IPv4): api.msn.com
2024-08-03 19:22:40,488 - INFO - DNS Answer (IPv4): api-msn-com.a-0003.a-msedge.net
2024-08-03 19:22:40,488 - INFO - DNS Answer (IPv4): a-0003.a-msedge.net
2024-08-03 19:22:40,488 - INFO - DNS Query (IPv4): api.msn.com
2024-08-03 19:22:40,488 - INFO - DNS Answer (IPv4): api.msn.com
2024-08-03 19:22:41,764 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:22:41,764 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:22:41,764 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 19:22:41,764 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 19:22:41,764 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:22:41,764 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:22:41,764 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:22:41,764 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:22:41,764 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:22:41,764 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:22:41,764 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:22:41,764 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:22:41,764 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:22:42,052 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:22:42,052 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:22:42,065 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:22:42,065 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:22:42,065 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:22:42,065 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:22:42,071 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:22:42,071 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:22:42,073 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 19:22:42,076 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 19:22:42,078 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 19:22:42,081 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 19:22:42,089 - INFO - DNS Query (IPv4): v10.events.data.microsoft.com
2024-08-03 19:22:42,089 - INFO - DNS Query (IPv4): v10.events.data.microsoft.com
2024-08-03 19:22:42,089 - INFO - DNS Answer (IPv4): v10.events.data.microsoft.com
2024-08-03 19:22:42,089 - INFO - DNS Answer (IPv4): win-global-asimov-leafs-events-data.trafficmanager.net
2024-08-03 19:22:42,089 - INFO - Scanning domain: onedscolprduks05.uksouth.cloudapp.azure.com
2024-08-03 19:23:03,489 - INFO - DNS Answer (IPv4): onedscolprduks05.uksouth.cloudapp.azure.com
2024-08-03 19:23:03,936 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 19:23:03,936 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 19:23:03,936 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 19:23:03,936 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 19:23:03,936 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 19:23:03,936 - INFO - Scanning domain: onedscolprdwus14.westus.cloudapp.azure.com
2024-08-03 19:23:07,988 - INFO - DNS Answer (IPv4): onedscolprdwus14.westus.cloudapp.azure.com
2024-08-03 19:23:07,988 - INFO - DNS Query (IPv4): v20.events.data.microsoft.com
2024-08-03 19:23:07,988 - INFO - DNS Query (IPv4): v20.events.data.microsoft.com
2024-08-03 19:23:07,988 - INFO - DNS Answer (IPv4): v20.events.data.microsoft.com
2024-08-03 19:23:07,988 - INFO - DNS Answer (IPv4): win-global-asimov-leafs-events-data.trafficmanager.net
2024-08-03 19:23:07,988 - INFO - Scanning domain: onedscolprdeus02.eastus.cloudapp.azure.com
2024-08-03 19:23:11,952 - INFO - DNS Answer (IPv4): onedscolprdeus02.eastus.cloudapp.azure.com
2024-08-03 19:23:17,846 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 19:23:17,846 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 19:23:17,846 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 19:23:19,488 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 19:23:19,500 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 19:23:19,500 - INFO - DNS Answer (IPv4): ntp.msn.com
2024-08-03 19:23:19,500 - INFO - DNS Answer (IPv4): www-msn-com.a-0003.a-msedge.net
2024-08-03 19:23:19,500 - INFO - DNS Answer (IPv4): a-0003.a-msedge.net
2024-08-03 19:23:51,656 - INFO - DNS Query (IPv4): img-s-msn-com.akamaized.net
2024-08-03 19:23:51,656 - INFO - DNS Query (IPv4): img-s-msn-com.akamaized.net
2024-08-03 19:23:51,656 - INFO - DNS Answer (IPv4): img-s-msn-com.akamaized.net
2024-08-03 19:23:51,656 - INFO - DNS Answer (IPv4): a1834.dscg2.akamai.net
2024-08-03 19:23:51,656 - INFO - DNS Answer (IPv4): a1834.dscg2.akamai.net
2024-08-03 19:23:51,656 - INFO - DNS Query (IPv4): img-s-msn-com.akamaized.net
2024-08-03 19:23:52,256 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 19:23:52,271 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 19:23:52,275 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 19:23:52,424 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 19:23:52,424 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 19:23:52,424 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 19:23:52,424 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 19:23:52,424 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 19:23:52,424 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 19:23:52,470 - INFO - DNS Query (IPv4): img-s-msn-com.akamaized.net
2024-08-03 19:23:52,470 - INFO - DNS Answer (IPv4): img-s-msn-com.akamaized.net
2024-08-03 19:23:52,470 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 19:23:52,470 - INFO - DNS Answer (IPv4): th.bing.com
2024-08-03 19:23:52,470 - INFO - DNS Answer (IPv4): p-th.bing.com.trafficmanager.net
2024-08-03 19:23:52,470 - INFO - DNS Answer (IPv4): th.bing.com.edgekey.net
2024-08-03 19:23:52,470 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 19:23:52,470 - INFO - DNS Answer (IPv4): th.bing.com
2024-08-03 19:23:52,470 - INFO - DNS Answer (IPv4): p-th.bing.com.trafficmanager.net
2024-08-03 19:23:52,470 - INFO - DNS Answer (IPv4): th.bing.com.edgekey.net
2024-08-03 19:23:52,470 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:23:52,470 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:23:52,470 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:23:52,470 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:23:52,470 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:23:52,470 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:23:52,470 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:23:52,470 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:23:52,470 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:23:52,470 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 19:23:52,621 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 19:23:52,621 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 19:23:52,621 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 19:23:52,621 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 19:23:52,621 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 19:23:52,621 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 19:23:52,631 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 19:23:52,638 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 19:23:52,639 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 19:23:52,641 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 19:23:52,641 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:23:52,641 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:23:52,642 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:23:52,642 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:23:52,642 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:23:52,642 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:23:52,642 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:23:52,642 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:23:52,642 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:23:52,642 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 19:23:52,646 - INFO - DNS Answer (IPv4): c.msn.com
2024-08-03 19:23:52,646 - INFO - DNS Answer (IPv4): c-msn-com-nsatc.trafficmanager.net
2024-08-03 19:23:52,651 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 19:23:52,651 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 19:23:52,651 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 19:23:52,651 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 19:23:52,768 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 19:23:52,768 - INFO - DNS Answer (IPv4): c.bing.com
2024-08-03 19:23:52,768 - INFO - DNS Answer (IPv4): c-bing-com.dual-a-0034.a-msedge.net
2024-08-03 19:23:52,768 - INFO - DNS Answer (IPv4): dual-a-0034.a-msedge.net
2024-08-03 19:23:52,768 - INFO - DNS Answer (IPv4): dual-a-0034.a-msedge.net
2024-08-03 19:23:52,768 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 19:23:52,768 - INFO - DNS Answer (IPv4): c.msn.com
2024-08-03 19:23:52,768 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 19:23:52,768 - INFO - DNS Answer (IPv4): c.bing.com
2024-08-03 19:23:52,768 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:23:52,768 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:23:52,812 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:23:52,812 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 19:23:52,812 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 19:23:52,812 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:23:52,812 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 19:23:52,812 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 19:23:52,812 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:23:52,812 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:23:52,812 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:23:52,812 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:23:52,812 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:23:52,812 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:23:52,812 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:23:52,812 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:23:52,812 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:24:27,513 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 19:24:28,833 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 19:24:28,833 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 19:24:29,291 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 19:24:29,291 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 19:24:29,311 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 19:24:29,885 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:24:30,390 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:24:30,390 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:24:30,636 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:24:30,939 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:24:30,954 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:24:31,571 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:24:32,173 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:24:32,173 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 19:24:34,723 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 19:24:34,723 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 19:24:34,723 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 19:24:56,898 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 19:24:59,583 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 19:28:02,496 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:28:02,844 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:28:02,846 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:28:03,241 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:28:03,241 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:28:03,420 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:28:03,733 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 19:28:03,733 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 19:28:03,733 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 19:28:15,707 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 19:28:15,707 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 19:28:15,707 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 19:28:28,455 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 19:28:28,965 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 19:28:28,965 - INFO - DNS Answer (IPv4): ntp.msn.com
2024-08-03 19:28:28,965 - INFO - DNS Answer (IPv4): www-msn-com.a-0003.a-msedge.net
2024-08-03 19:28:29,016 - INFO - DNS Answer (IPv4): a-0003.a-msedge.net
2024-08-03 19:28:29,016 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 19:28:29,016 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 19:28:29,392 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 19:28:29,392 - INFO - DNS Answer (IPv4): ntp.msn.com
2024-08-03 19:28:29,392 - INFO - DNS Answer (IPv4): www-msn-com.a-0003.a-msedge.net
2024-08-03 19:28:29,392 - INFO - DNS Answer (IPv4): a-0003.a-msedge.net
2024-08-03 19:28:29,398 - INFO - DNS Query (IPv4): ntp.msn.com
2024-08-03 19:28:29,398 - INFO - DNS Answer (IPv4): ntp.msn.com
2024-08-03 19:29:24,425 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 19:29:24,425 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 19:29:24,425 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 19:29:34,763 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 19:29:34,763 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 19:29:35,123 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 19:29:35,123 - INFO - DNS Query (IPv4): img-s-msn-com.akamaized.net
2024-08-03 19:29:35,141 - INFO - DNS Query (IPv4): img-s-msn-com.akamaized.net
2024-08-03 19:29:35,141 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 19:29:35,141 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 19:29:35,141 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 19:29:35,270 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 19:29:35,294 - INFO - DNS Query (IPv4): img-s-msn-com.akamaized.net
2024-08-03 19:29:35,294 - INFO - DNS Answer (IPv4): img-s-msn-com.akamaized.net
2024-08-03 19:29:35,294 - INFO - DNS Answer (IPv4): a1834.dscg2.akamai.net
2024-08-03 19:29:35,294 - INFO - DNS Answer (IPv4): a1834.dscg2.akamai.net
2024-08-03 19:29:35,294 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 19:29:35,294 - INFO - DNS Answer (IPv4): th.bing.com
2024-08-03 19:29:35,655 - INFO - DNS Answer (IPv4): p-th.bing.com.trafficmanager.net
2024-08-03 19:29:35,655 - INFO - DNS Answer (IPv4): th.bing.com.edgekey.net
2024-08-03 19:29:35,655 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:29:35,655 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:29:35,655 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:29:35,655 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:29:35,655 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:29:35,655 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:29:35,655 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:29:35,655 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:29:35,655 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:29:35,677 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 19:29:35,677 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 19:29:35,677 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 19:29:35,677 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 19:29:35,677 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 19:29:35,687 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 19:29:35,687 - INFO - DNS Answer (IPv4): th.bing.com
2024-08-03 19:29:35,687 - INFO - DNS Answer (IPv4): p-th.bing.com.trafficmanager.net
2024-08-03 19:29:35,689 - INFO - DNS Answer (IPv4): th.bing.com.edgekey.net
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): img-s-msn-com.akamaized.net
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): img-s-msn-com.akamaized.net
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): c.msn.com
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): c.msn.com
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): c-msn-com-nsatc.trafficmanager.net
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): c.bing.com
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): c.bing.com
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): c-bing-com.dual-a-0034.a-msedge.net
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): dual-a-0034.a-msedge.net
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): dual-a-0034.a-msedge.net
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): api.msn.com
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): api.msn.com
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): api.msn.com
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): api.msn.com
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 19:29:35,996 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:29:35,996 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:29:36,219 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:29:36,219 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:29:37,633 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:29:37,633 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:29:37,633 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:29:37,633 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:29:37,633 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 19:29:37,633 - INFO - DNS Query (IPv4): api.msn.com
2024-08-03 19:29:37,633 - INFO - DNS Answer (IPv4): api.msn.com
2024-08-03 19:29:37,633 - INFO - DNS Answer (IPv4): api-msn-com.a-0003.a-msedge.net
2024-08-03 19:29:37,633 - INFO - DNS Answer (IPv4): a-0003.a-msedge.net
2024-08-03 19:29:39,231 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 19:29:39,231 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 19:29:40,727 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 19:29:47,034 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 19:29:47,034 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 19:29:47,034 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 19:29:47,034 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 19:29:47,047 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 19:29:47,047 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 19:29:47,047 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 19:29:47,047 - INFO - Scanning domain: onedscolprdcus03.centralus.cloudapp.azure.com
2024-08-03 19:30:57,345 - INFO - DNS Answer (IPv4): onedscolprdcus03.centralus.cloudapp.azure.com
2024-08-03 19:30:58,819 - INFO - DNS Query (IPv4): deff.nelreports.net
2024-08-03 19:30:58,819 - INFO - DNS Query (IPv4): deff.nelreports.net
2024-08-03 19:30:58,819 - INFO - DNS Query (IPv4): deff.nelreports.net
2024-08-03 19:30:58,819 - INFO - DNS Answer (IPv4): deff.nelreports.net
2024-08-03 19:30:58,819 - INFO - DNS Answer (IPv4): deff.nelreports.net.akamaized.net
2024-08-03 19:30:58,819 - INFO - DNS Query (IPv4): deff.nelreports.net
2024-08-03 19:30:58,819 - INFO - DNS Answer (IPv4): deff.nelreports.net
2024-08-03 19:30:58,819 - INFO - DNS Answer (IPv4): deff.nelreports.net.akamaized.net
2024-08-03 19:30:58,819 - INFO - DNS Answer (IPv4): a1858.dscd.akamai.net
2024-08-03 19:30:58,819 - INFO - DNS Answer (IPv4): a1858.dscd.akamai.net
2024-08-03 19:30:58,819 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 19:30:58,819 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 19:31:05,282 - INFO - DNS Query (IPv4): deff.nelreports.net
2024-08-03 19:31:05,508 - INFO - DNS Query (IPv4): deff.nelreports.net
2024-08-03 19:31:05,508 - INFO - DNS Query (IPv4): deff.nelreports.net
2024-08-03 19:31:05,508 - INFO - DNS Answer (IPv4): deff.nelreports.net
2024-08-03 19:31:05,508 - INFO - DNS Answer (IPv4): deff.nelreports.net.akamaized.net
2024-08-03 19:31:05,508 - INFO - DNS Query (IPv4): deff.nelreports.net
2024-08-03 19:31:05,508 - INFO - DNS Answer (IPv4): deff.nelreports.net
2024-08-03 19:31:05,508 - INFO - DNS Answer (IPv4): deff.nelreports.net.akamaized.net
2024-08-03 19:31:05,508 - INFO - DNS Answer (IPv4): a1858.dscd.akamai.net
2024-08-03 19:31:05,508 - INFO - DNS Answer (IPv4): a1858.dscd.akamai.net
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment