https://forums.comodo.com/t/why-this-fud-flagged-as-clean-according-to-human-analysis/361558

antivirusnew.log

2024-08-03 13:26:33,173 - INFO - Successfully cleaned the decompile folder at: C:\Program Files\HydraDragonAntivirus\decompile
2024-08-03 13:26:33,173 - INFO - Created the decompile folder at: C:\Program Files\HydraDragonAntivirus\decompile
2024-08-03 13:26:33,443 - INFO - Successfully cleaned the ghidra_projects folder at: C:\Program Files\HydraDragonAntivirus\ghidra_projects
2024-08-03 13:26:33,443 - INFO - Created the ghidra_projects folder at: C:\Program Files\HydraDragonAntivirus\ghidra_projects
2024-08-03 13:26:33,443 - INFO - Created the ghidra_logs folder at: C:\Program Files\HydraDragonAntivirus\ghidra_logs
2024-08-03 13:26:33,443 - ERROR - Failed to stop ClamAV.
2024-08-03 13:28:46,994 - INFO - ClamAV restarted successfully.
2024-08-03 13:34:43,637 - INFO - Running analysis for: C:/Users/hydradragonantivirus/Desktop/malwarefudhongkong.exe
2024-08-03 13:34:43,637 - INFO - Performing sandbox analysis on: C:/Users/hydradragonantivirus/Desktop/malwarefudhongkong.exe
2024-08-03 13:34:43,669 - INFO - Real-time web protection observer started
2024-08-03 13:34:43,689 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 13:34:43,689 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 13:34:43,694 - INFO - Scanning file: C:\Users\hydradragonantivirus\Desktop\malwarefudhongkong.exe
2024-08-03 13:34:43,695 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 13:34:43,714 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 13:34:43,755 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 13:34:43,788 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: desktop.ini
2024-08-03 13:34:43,788 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 13:34:43,871 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 13:34:43,918 - INFO - Running Sandboxie control.
2024-08-03 13:34:43,921 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 13:34:43,934 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 13:34:43,961 - INFO - Sandbox analysis started. Please check log after you close program. There is no limit to scan time.
2024-08-03 13:34:43,998 - INFO - Decompiling file: C:\Users\hydradragonantivirus\Desktop\malwarefudhongkong.exe
2024-08-03 13:34:44,037 - INFO - Rule reversing_tool_process_name is excluded.
2024-08-03 13:34:44,037 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 13:34:44,037 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 13:34:44,139 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 13:34:44,194 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini - No viruses detected
2024-08-03 13:34:44,194 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini'
2024-08-03 13:34:44,194 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' with parts '['desktop', 'ini']'
2024-08-03 13:34:44,194 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:34:44,245 - INFO - Rule reversing_tool_process_name is excluded.
2024-08-03 13:34:44,245 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 13:34:44,245 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 13:34:44,253 - INFO - Rule reversing_tool_process_name is excluded.
2024-08-03 13:34:44,270 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 13:34:44,270 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 13:34:44,275 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini - No viruses detected
2024-08-03 13:34:44,294 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini'
2024-08-03 13:34:44,294 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' with parts '['desktop', 'ini']'
2024-08-03 13:34:44,294 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:34:44,296 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini - No viruses detected
2024-08-03 13:34:44,296 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini'
2024-08-03 13:34:44,296 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' with parts '['desktop', 'ini']'
2024-08-03 13:34:44,296 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:34:44,426 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:44,426 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 13:34:44,426 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:44,564 - INFO - Event detected: created for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:44,564 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:44,594 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 13:34:44,594 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:44,594 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive
2024-08-03 13:34:44,594 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:44,594 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 13:34:44,594 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:44,594 - INFO - Scanning domain: prod-streaming-video-msn-com.akamaized.net
2024-08-03 13:34:44,613 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:44,623 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 13:34:44,623 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:44,807 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:44,807 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:44,839 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 13:34:44,839 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:44,894 - INFO - Sandboxie control output: 
2024-08-03 13:34:44,894 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:44,894 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 13:34:44,894 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 13:34:44,894 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 13:34:44,894 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:34:44,987 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:45,011 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 13:34:45,011 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 13:34:45,011 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 13:34:45,011 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:34:45,153 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:45,153 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:45,196 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:45,251 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 13:34:45,251 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:45,251 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 13:34:45,317 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 13:34:45,317 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 13:34:45,317 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:34:45,251 - INFO - File created: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:45,267 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 13:34:45,317 - INFO - Event detected: created for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:45,317 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:45,393 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 13:34:45,561 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 13:34:45,485 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:45,634 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 13:34:45,634 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:45,507 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:45,637 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 13:34:45,637 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:45,414 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 13:34:45,845 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:34:45,845 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:45,845 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 13:34:45,845 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:45,574 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 13:34:45,855 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:34:45,855 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive.LOG1
2024-08-03 13:34:45,855 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:45,855 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 13:34:45,855 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:45,867 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:45,869 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 13:34:45,869 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1'
2024-08-03 13:34:45,869 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' with parts '['RegHive', 'LOG1']'
2024-08-03 13:34:45,869 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:34:45,869 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:45,869 - INFO - File created: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:45,869 - INFO - Event detected: created for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 13:34:45,869 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 13:34:45,869 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 13:34:45,869 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 13:34:45,958 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:45,977 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 13:34:45,977 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1'
2024-08-03 13:34:45,977 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' with parts '['RegHive', 'LOG1']'
2024-08-03 13:34:45,977 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:34:45,977 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 13:34:45,977 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 13:34:45,977 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 13:34:45,977 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 13:34:46,193 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:46,193 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 13:34:46,193 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1'
2024-08-03 13:34:46,193 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' with parts '['RegHive', 'LOG1']'
2024-08-03 13:34:46,193 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:34:46,194 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 13:34:46,194 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 13:34:46,194 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 13:34:46,251 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 13:34:46,280 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 13:34:46,281 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 13:34:46,281 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2'
2024-08-03 13:34:46,282 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' with parts '['RegHive', 'LOG2']'
2024-08-03 13:34:46,282 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:34:46,282 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 13:34:46,282 - INFO - File created: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 13:34:46,282 - INFO - Event detected: modified for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:46,283 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:46,284 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 13:34:46,284 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:46,358 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 13:34:46,358 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2'
2024-08-03 13:34:46,358 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' with parts '['RegHive', 'LOG2']'
2024-08-03 13:34:46,358 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:34:46,382 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:46,456 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:46,413 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:46,466 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 13:34:46,466 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1'
2024-08-03 13:34:46,466 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' with parts '['RegHive', 'LOG1']'
2024-08-03 13:34:46,443 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 13:34:46,466 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:34:46,466 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive.LOG2
2024-08-03 13:34:46,466 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 13:34:46,466 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 13:34:46,466 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 13:34:46,466 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 13:34:46,466 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2'
2024-08-03 13:34:46,466 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' with parts '['RegHive', 'LOG2']'
2024-08-03 13:34:46,466 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:34:46,466 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:46,489 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:46,550 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:46,550 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:46,555 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 13:34:46,556 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 13:34:46,556 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 13:34:46,557 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:34:46,557 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:46,557 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:46,557 - INFO - Event detected: created for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:46,557 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:46,674 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:46,817 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 13:34:46,817 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 13:34:46,817 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2'
2024-08-03 13:34:46,817 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' with parts '['RegHive', 'LOG2']'
2024-08-03 13:34:46,817 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:34:46,837 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:46,896 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:46,896 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:46,913 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:46,913 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:47,046 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:47,189 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 13:34:47,189 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 13:34:47,189 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf - No viruses detected
2024-08-03 13:34:47,189 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf'
2024-08-03 13:34:47,189 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TM', 'blf']'
2024-08-03 13:34:47,189 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf' does not meet ransomware conditions
2024-08-03 13:34:47,189 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:47,189 - INFO - File created: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:47,189 - INFO - Event detected: created for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:47,189 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:47,200 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 13:34:47,200 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 13:34:47,205 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 13:34:47,205 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 13:34:47,205 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf - No viruses detected
2024-08-03 13:34:47,251 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf - No viruses detected
2024-08-03 13:34:47,251 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf'
2024-08-03 13:34:47,251 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TM', 'blf']'
2024-08-03 13:34:47,251 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf' does not meet ransomware conditions
2024-08-03 13:34:47,251 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf'
2024-08-03 13:34:47,251 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:47,251 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TM', 'blf']'
2024-08-03 13:34:47,272 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:47,272 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf' does not meet ransomware conditions
2024-08-03 13:34:47,272 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:47,369 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:47,626 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:47,680 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 13:34:47,680 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 13:34:47,680 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:47,680 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf - No viruses detected
2024-08-03 13:34:47,680 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf'
2024-08-03 13:34:47,680 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TM', 'blf']'
2024-08-03 13:34:47,680 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf' does not meet ransomware conditions
2024-08-03 13:34:47,680 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:47,680 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:47,752 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:47,782 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:49,280 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:49,371 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:49,371 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:49,797 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:50,715 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 13:34:50,741 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 13:34:50,791 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 13:34:50,781 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 13:34:50,766 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 13:34:50,861 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 13:34:50,822 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms - No viruses detected
2024-08-03 13:34:50,791 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms - No viruses detected
2024-08-03 13:34:50,912 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms - No viruses detected
2024-08-03 13:34:50,912 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 13:34:51,131 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 13:34:50,927 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-08-03 13:34:51,137 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TMContainer00000000000000000001', 'regtrans-ms']'
2024-08-03 13:34:51,137 - INFO - Previous extension '.tmcontainer00000000000000000001' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 13:34:51,137 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:51,137 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:51,035 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-08-03 13:34:51,025 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-08-03 13:34:51,147 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TMContainer00000000000000000001', 'regtrans-ms']'
2024-08-03 13:34:51,154 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms - No viruses detected
2024-08-03 13:34:51,155 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TMContainer00000000000000000001', 'regtrans-ms']'
2024-08-03 13:34:51,175 - INFO - Previous extension '.tmcontainer00000000000000000001' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 13:34:51,176 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:51,182 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-08-03 13:34:51,221 - INFO - Previous extension '.tmcontainer00000000000000000001' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 13:34:51,226 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:51,315 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TMContainer00000000000000000001', 'regtrans-ms']'
2024-08-03 13:34:51,410 - INFO - Previous extension '.tmcontainer00000000000000000001' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 13:34:51,326 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:51,440 - INFO - File created: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:51,440 - INFO - Event detected: created for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:51,440 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:51,452 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:51,484 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:51,565 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:51,565 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:51,646 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:52,500 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:52,500 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:52,626 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:52,751 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:53,736 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 13:34:53,736 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 13:34:53,736 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms - No viruses detected
2024-08-03 13:34:53,785 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-08-03 13:34:53,785 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TMContainer00000000000000000002', 'regtrans-ms']'
2024-08-03 13:34:53,785 - INFO - Previous extension '.tmcontainer00000000000000000002' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 13:34:53,785 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:53,785 - INFO - File created: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:53,785 - INFO - Event detected: modified for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:53,785 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:53,797 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 13:34:53,797 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 13:34:53,831 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms - No viruses detected
2024-08-03 13:34:53,831 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-08-03 13:34:53,831 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TMContainer00000000000000000002', 'regtrans-ms']'
2024-08-03 13:34:53,831 - INFO - Previous extension '.tmcontainer00000000000000000002' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 13:34:53,831 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:54,136 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 13:34:54,136 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 13:34:54,177 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms - No viruses detected
2024-08-03 13:34:54,177 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-08-03 13:34:54,177 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TMContainer00000000000000000002', 'regtrans-ms']'
2024-08-03 13:34:54,177 - INFO - Previous extension '.tmcontainer00000000000000000002' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 13:34:54,327 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:54,331 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 13:34:54,331 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 13:34:54,361 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms - No viruses detected
2024-08-03 13:34:54,361 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-08-03 13:34:54,361 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TMContainer00000000000000000002', 'regtrans-ms']'
2024-08-03 13:34:54,361 - INFO - Previous extension '.tmcontainer00000000000000000002' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 13:34:54,643 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 13:34:54,643 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 13:34:54,649 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf - No viruses detected
2024-08-03 13:34:54,649 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf'
2024-08-03 13:34:54,649 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TM', 'blf']'
2024-08-03 13:34:54,649 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf' does not meet ransomware conditions
2024-08-03 13:34:54,649 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:54,650 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 13:34:54,650 - INFO - Event detected: modified for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:54,650 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:54,864 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:55,094 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:55,988 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 13:34:55,991 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 13:34:56,008 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms - No viruses detected
2024-08-03 13:34:56,008 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-08-03 13:34:56,008 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TMContainer00000000000000000001', 'regtrans-ms']'
2024-08-03 13:34:56,008 - INFO - Previous extension '.tmcontainer00000000000000000001' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 13:34:56,008 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:56,008 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 13:34:56,008 - INFO - Event detected: modified for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:56,008 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:56,029 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:56,170 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:57,054 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 13:34:57,054 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 13:34:57,082 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms - No viruses detected
2024-08-03 13:34:57,082 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-08-03 13:34:57,082 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TMContainer00000000000000000002', 'regtrans-ms']'
2024-08-03 13:34:57,082 - INFO - Previous extension '.tmcontainer00000000000000000002' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 13:34:57,082 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:57,082 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 13:34:57,082 - INFO - Event detected: modified for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:57,082 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:57,082 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 13:34:57,082 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:57,998 - INFO - DNS Query (IPv4): prod-streaming-video-msn-com.akamaized.net
2024-08-03 13:34:58,566 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:58,566 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 13:34:58,566 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1'
2024-08-03 13:34:58,566 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' with parts '['RegHive', 'LOG1']'
2024-08-03 13:34:58,566 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:34:58,566 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:58,566 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 13:34:58,566 - INFO - Event detected: modified for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:58,566 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:58,566 - INFO - DNS Query (IPv4): prod-streaming-video-msn-com.akamaized.net
2024-08-03 13:34:58,581 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 13:34:58,581 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:34:58,587 - INFO - DNS Query (IPv4): prod-streaming-video-msn-com.akamaized.net
2024-08-03 13:34:58,587 - INFO - DNS Answer (IPv4): prod-streaming-video-msn-com.akamaized.net
2024-08-03 13:34:58,587 - INFO - Scanning IPv4 address: 156.154.70.25
2024-08-03 13:35:02,172 - INFO - Scanning IPv4 address: 10.0.2.15
2024-08-03 13:35:02,172 - INFO - Skipping local IP address: 10.0.2.15
2024-08-03 13:35:03,583 - INFO - DNS Query (IPv4): prod-streaming-video-msn-com.akamaized.net
2024-08-03 13:35:03,583 - INFO - DNS Answer (IPv4): prod-streaming-video-msn-com.akamaized.net
2024-08-03 13:35:03,583 - INFO - Scanning domain: a1830.dscg2.akamai.net
2024-08-03 13:35:03,775 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:35:03,775 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 13:35:03,775 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 13:35:03,775 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 13:35:03,775 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:35:03,775 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:35:03,775 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:35:08,170 - INFO - DNS Answer (IPv4): a1830.dscg2.akamai.net
2024-08-03 13:35:08,170 - INFO - DNS Answer (IPv4): a1830.dscg2.akamai.net
2024-08-03 13:35:11,707 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user
2024-08-03 13:35:11,720 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user'
2024-08-03 13:35:11,720 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user
2024-08-03 13:35:11,732 - INFO - Processed all files in directory: C:\Sandbox\hydradragonantivirus\DefaultBox\user
2024-08-03 13:35:11,732 - INFO - Directory event detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user
2024-08-03 13:35:11,743 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 13:35:11,746 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 13:35:11,964 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents: xqbg.exe
2024-08-03 13:35:11,964 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 13:35:12,014 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 13:35:12,014 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 13:35:14,399 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 13:35:16,467 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 13:35:16,730 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 13:35:18,206 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 13:35:35,652 - INFO - Scanning domain: _microsoft_mcc._tcp.local
2024-08-03 13:35:45,525 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 13:35:45,553 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 13:35:45,892 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 13:35:45,897 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 13:35:58,506 - INFO - Scanning domain: ctldl.windowsupdate.com
2024-08-03 13:36:08,429 - INFO - DNS Query (IPv4): ctldl.windowsupdate.com
2024-08-03 13:36:08,457 - INFO - DNS Query (IPv4): ctldl.windowsupdate.com
2024-08-03 13:36:08,457 - INFO - DNS Answer (IPv4): ctldl.windowsupdate.com
2024-08-03 13:36:08,457 - INFO - Scanning domain: ctldl.windowsupdate.com.delivery.microsoft.com
2024-08-03 13:36:19,614 - INFO - DNS Answer (IPv4): ctldl.windowsupdate.com.delivery.microsoft.com
2024-08-03 13:36:19,614 - INFO - Scanning domain: wu-b-net.trafficmanager.net
2024-08-03 13:36:24,442 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user
2024-08-03 13:36:24,754 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user'
2024-08-03 13:36:24,754 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user'
2024-08-03 13:36:24,754 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user' with parts '['user']'
2024-08-03 13:36:24,754 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:36:27,811 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents
2024-08-03 13:36:27,820 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\Documents'
2024-08-03 13:36:27,820 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents
2024-08-03 13:36:28,756 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents
2024-08-03 13:36:28,756 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\Documents'
2024-08-03 13:36:28,756 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents'
2024-08-03 13:36:28,756 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents' with parts '['Documents']'
2024-08-03 13:36:28,756 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:36:28,756 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\ycomuiu.dll
2024-08-03 13:36:28,756 - ERROR - Error scanning file C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\ycomuiu.dll: [WinError 2] Sistem belirtilen dosyay  bulam yor: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\Documents\\ycomuiu.dll'
2024-08-03 13:36:28,756 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents
2024-08-03 13:36:28,756 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\Documents'
2024-08-03 13:36:28,756 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents
2024-08-03 13:36:29,641 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents
2024-08-03 13:36:29,681 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\Documents'
2024-08-03 13:36:29,681 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents'
2024-08-03 13:36:29,684 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents' with parts '['Documents']'
2024-08-03 13:36:29,684 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:36:33,410 - INFO - DNS Answer (IPv4): wu-b-net.trafficmanager.net
2024-08-03 13:36:33,410 - INFO - Scanning domain: download.windowsupdate.com.edgesuite.net
2024-08-03 13:36:58,106 - INFO - DNS Answer (IPv4): download.windowsupdate.com.edgesuite.net
2024-08-03 13:36:58,106 - INFO - Scanning domain: a767.dspw65.akamai.net
2024-08-03 13:37:08,578 - INFO - DNS Answer (IPv4): a767.dspw65.akamai.net
2024-08-03 13:37:08,578 - INFO - DNS Answer (IPv4): a767.dspw65.akamai.net
2024-08-03 13:38:44,833 - INFO - Scanning domain: www.virustotal.com
2024-08-03 13:38:47,871 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData
2024-08-03 13:38:47,871 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData'
2024-08-03 13:38:47,871 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData
2024-08-03 13:38:49,996 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:38:49,996 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:38:49,996 - INFO - Scanning domain: fonts.googleapis.com
2024-08-03 13:38:53,349 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData
2024-08-03 13:38:53,349 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData'
2024-08-03 13:38:53,349 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData'
2024-08-03 13:38:53,349 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData' with parts '['AppData']'
2024-08-03 13:38:53,349 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:38:53,349 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData
2024-08-03 13:38:53,349 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData'
2024-08-03 13:38:53,349 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData
2024-08-03 13:38:55,940 - INFO - DNS Query (IPv4): fonts.googleapis.com
2024-08-03 13:38:55,940 - INFO - DNS Query (IPv4): fonts.googleapis.com
2024-08-03 13:38:55,940 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:38:55,940 - INFO - DNS Answer (IPv4): www.virustotal.com
2024-08-03 13:38:55,940 - INFO - Scanning domain: ghs-svc-https-c46.ghs-ssl.googlehosted.com
2024-08-03 13:38:57,955 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData
2024-08-03 13:38:57,955 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData'
2024-08-03 13:38:57,957 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData'
2024-08-03 13:38:57,957 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData' with parts '['AppData']'
2024-08-03 13:38:57,957 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:38:57,957 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local
2024-08-03 13:38:58,036 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local'
2024-08-03 13:38:58,036 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local
2024-08-03 13:39:00,966 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local
2024-08-03 13:39:00,975 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local'
2024-08-03 13:39:00,975 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local'
2024-08-03 13:39:00,975 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local' with parts '['Local']'
2024-08-03 13:39:00,975 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:39:00,975 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local
2024-08-03 13:39:00,975 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local'
2024-08-03 13:39:00,975 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local
2024-08-03 13:39:01,434 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local
2024-08-03 13:39:01,483 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local'
2024-08-03 13:39:01,483 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local'
2024-08-03 13:39:01,483 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local' with parts '['Local']'
2024-08-03 13:39:01,483 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:39:01,483 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\PolicyManagement.xml
2024-08-03 13:39:01,483 - ERROR - Error scanning file C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\PolicyManagement.xml: [WinError 2] Sistem belirtilen dosyay  bulam yor: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local\\PolicyManagement.xml'
2024-08-03 13:39:01,483 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local
2024-08-03 13:39:02,139 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local'
2024-08-03 13:39:02,139 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local
2024-08-03 13:39:03,234 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local
2024-08-03 13:39:03,444 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local'
2024-08-03 13:39:03,444 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local'
2024-08-03 13:39:03,444 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local' with parts '['Local']'
2024-08-03 13:39:03,444 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:39:03,444 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData
2024-08-03 13:39:03,444 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData'
2024-08-03 13:39:03,444 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData
2024-08-03 13:39:03,896 - INFO - DNS Answer (IPv4): ghs-svc-https-c46.ghs-ssl.googlehosted.com
2024-08-03 13:39:03,896 - INFO - DNS Query (IPv4): fonts.googleapis.com
2024-08-03 13:39:03,896 - INFO - DNS Answer (IPv4): fonts.googleapis.com
2024-08-03 13:39:03,896 - INFO - DNS Query (IPv4): fonts.googleapis.com
2024-08-03 13:39:03,896 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:39:03,896 - INFO - DNS Answer (IPv4): www.virustotal.com
2024-08-03 13:39:04,018 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData
2024-08-03 13:39:04,018 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData'
2024-08-03 13:39:04,018 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData'
2024-08-03 13:39:04,018 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData' with parts '['AppData']'
2024-08-03 13:39:04,018 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:39:04,018 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\PolicyManagement.xml
2024-08-03 13:39:04,018 - ERROR - Error scanning file C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\PolicyManagement.xml: [WinError 2] Sistem belirtilen dosyay  bulam yor: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local\\PolicyManagement.xml'
2024-08-03 13:39:04,018 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current
2024-08-03 13:39:04,018 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current'
2024-08-03 13:39:04,018 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current
2024-08-03 13:39:04,361 - INFO - Scanning domain: fonts.gstatic.com
2024-08-03 13:39:10,714 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current
2024-08-03 13:39:10,714 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current'
2024-08-03 13:39:10,714 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current'
2024-08-03 13:39:10,714 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current' with parts '['current']'
2024-08-03 13:39:10,714 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:39:10,714 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\updated.ps1
2024-08-03 13:39:10,714 - ERROR - Error scanning file C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\updated.ps1: [WinError 2] Sistem belirtilen dosyay  bulam yor: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local\\updated.ps1'
2024-08-03 13:39:10,714 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local
2024-08-03 13:39:10,714 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local'
2024-08-03 13:39:10,714 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local
2024-08-03 13:39:11,510 - INFO - DNS Query (IPv4): fonts.gstatic.com
2024-08-03 13:39:11,510 - INFO - DNS Query (IPv4): fonts.gstatic.com
2024-08-03 13:39:11,510 - INFO - DNS Query (IPv4): fonts.gstatic.com
2024-08-03 13:39:11,510 - INFO - DNS Answer (IPv4): fonts.gstatic.com
2024-08-03 13:39:11,510 - INFO - DNS Query (IPv4): fonts.gstatic.com
2024-08-03 13:39:11,510 - INFO - Scanning domain: functional.events.data.microsoft.com
2024-08-03 13:39:17,561 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:39:17,561 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:39:17,561 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:39:17,561 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 13:39:17,561 - INFO - Scanning domain: global.asimov.events.data.trafficmanager.net
2024-08-03 13:39:17,561 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local
2024-08-03 13:39:17,561 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local'
2024-08-03 13:39:17,561 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local'
2024-08-03 13:39:17,561 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local' with parts '['Local']'
2024-08-03 13:39:17,561 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:39:17,561 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\updated.ps1
2024-08-03 13:39:17,561 - ERROR - Error scanning file C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\updated.ps1: [WinError 2] Sistem belirtilen dosyay  bulam yor: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local\\updated.ps1'
2024-08-03 13:39:17,561 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:39:17,561 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 13:39:17,561 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:39:25,738 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 13:39:25,738 - INFO - Scanning domain: onedscolprdeus08.eastus.cloudapp.azure.com
2024-08-03 13:39:30,337 - INFO - DNS Answer (IPv4): onedscolprdeus08.eastus.cloudapp.azure.com
2024-08-03 13:39:31,372 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:39:31,372 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 13:39:31,372 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 13:39:32,661 - INFO - Scanning domain: www.google-analytics.com
2024-08-03 13:39:36,704 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:39:36,704 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:39:37,302 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:39:37,302 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:39:37,302 - INFO - DNS Answer (IPv4): www.google-analytics.com
2024-08-03 13:39:38,387 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:39:38,387 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 13:39:38,387 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 13:39:38,387 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 13:39:38,387 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:39:38,387 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\PolicyManagement.xml
2024-08-03 13:39:38,387 - ERROR - Error scanning file C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\PolicyManagement.xml: [WinError 2] Sistem belirtilen dosyay  bulam yor: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local\\PolicyManagement.xml'
2024-08-03 13:39:38,387 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local
2024-08-03 13:39:38,387 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local'
2024-08-03 13:39:38,387 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local
2024-08-03 13:39:38,387 - INFO - Scanning domain: _dosvc._tcp.local
2024-08-03 13:39:41,193 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local
2024-08-03 13:39:41,193 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local'
2024-08-03 13:39:41,193 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local'
2024-08-03 13:39:41,193 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local' with parts '['Local']'
2024-08-03 13:39:41,193 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:39:41,193 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\updated.ps1
2024-08-03 13:39:41,193 - ERROR - Error scanning file C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\updated.ps1: [WinError 2] Sistem belirtilen dosyay  bulam yor: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local\\updated.ps1'
2024-08-03 13:39:41,193 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local
2024-08-03 13:39:41,193 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local'
2024-08-03 13:39:41,193 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local
2024-08-03 13:39:42,445 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 13:39:42,445 - INFO - Scanning IPv4 address: 224.0.0.251
2024-08-03 13:39:42,827 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local
2024-08-03 13:39:42,827 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 13:39:43,380 - INFO - Scanning IPv6 address: fe80::6d5e:d8b1:b8f:d24f
2024-08-03 13:39:43,392 - INFO - Scanning IPv6 address: ff02::fb
2024-08-03 13:39:43,392 - INFO - Scanning domain: victim._dosvc._tcp.local
2024-08-03 13:39:44,023 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local'
2024-08-03 13:39:44,023 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local'
2024-08-03 13:39:44,023 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local' with parts '['Local']'
2024-08-03 13:39:44,023 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:39:44,023 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 13:39:44,023 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 13:39:44,023 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 13:39:46,813 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 13:39:46,813 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 13:39:46,981 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 13:39:46,981 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 13:39:46,981 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 13:39:46,981 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 13:39:46,981 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 13:39:46,981 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 13:39:46,981 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 13:39:46,981 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 13:39:47,516 - INFO - Scanning domain: virustotal.com
2024-08-03 13:39:51,733 - INFO - DNS Query (IPv4): virustotal.com
2024-08-03 13:39:52,160 - INFO - DNS Query (IPv4): virustotal.com
2024-08-03 13:39:52,160 - INFO - DNS Query (IPv4): virustotal.com
2024-08-03 13:39:52,160 - INFO - DNS Answer (IPv4): virustotal.com
2024-08-03 13:39:52,160 - INFO - DNS Answer (IPv4): virustotal.com
2024-08-03 13:39:52,160 - INFO - DNS Answer (IPv4): virustotal.com
2024-08-03 13:39:52,160 - INFO - DNS Answer (IPv4): virustotal.com
2024-08-03 13:39:52,160 - INFO - DNS Query (IPv4): virustotal.com
2024-08-03 13:39:55,888 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 13:39:55,888 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 13:39:55,889 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2'
2024-08-03 13:39:55,889 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' with parts '['RegHive', 'LOG2']'
2024-08-03 13:39:55,889 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:40:08,468 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:40:08,468 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:40:08,468 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:40:08,468 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 13:40:08,468 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 13:40:08,468 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:40:08,468 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 13:40:08,468 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 13:40:08,468 - INFO - Scanning domain: onedscolprdeus14.eastus.cloudapp.azure.com
2024-08-03 13:40:11,145 - INFO - DNS Answer (IPv4): onedscolprdeus14.eastus.cloudapp.azure.com
2024-08-03 13:40:17,791 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp
2024-08-03 13:40:17,791 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local\\Temp'
2024-08-03 13:40:17,791 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp
2024-08-03 13:40:21,084 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp
2024-08-03 13:40:21,084 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local\\Temp'
2024-08-03 13:40:21,084 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp'
2024-08-03 13:40:21,084 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp' with parts '['Temp']'
2024-08-03 13:40:21,084 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:40:21,408 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft
2024-08-03 13:40:21,428 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local\\Microsoft'
2024-08-03 13:40:21,428 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft
2024-08-03 13:40:23,622 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft
2024-08-03 13:40:23,622 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current\\AppData\\Local\\Microsoft'
2024-08-03 13:40:23,622 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft'
2024-08-03 13:40:23,622 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft' with parts '['Microsoft']'
2024-08-03 13:40:23,622 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:40:35,919 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 13:40:36,089 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 13:40:41,713 - INFO - Scanning domain: www.bing.com
2024-08-03 13:40:48,158 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 13:40:48,158 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 13:40:48,889 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 13:40:48,889 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 13:40:48,889 - INFO - Scanning domain: www-www.bing.com.trafficmanager.net
2024-08-03 13:40:55,689 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 13:40:55,689 - INFO - Scanning domain: www.bing.com.edgekey.net
2024-08-03 13:41:00,943 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 13:41:00,943 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 13:41:00,943 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 13:41:00,943 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 13:41:00,943 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 13:41:00,943 - INFO - Scanning domain: e86303.dscx.akamaiedge.net
2024-08-03 13:41:09,309 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 13:41:09,309 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 13:41:09,309 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 13:41:09,309 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 13:41:09,309 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 13:41:09,309 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 13:41:09,309 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 13:41:09,309 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 13:41:09,309 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 13:41:09,309 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 13:41:09,309 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 13:41:09,309 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 13:41:09,309 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 13:41:28,423 - INFO - Scanning domain: wpad.home
2024-08-03 13:41:32,113 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:41:32,113 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 13:41:32,113 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:41:32,558 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 13:41:32,563 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 13:41:32,563 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 13:41:32,563 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 13:41:32,563 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:41:39,657 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 13:41:39,675 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 13:41:39,708 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 13:41:39,708 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 13:41:39,983 - INFO - Scanning domain: licensing.security.comodo.com
2024-08-03 13:41:47,868 - INFO - DNS Query (IPv4): licensing.security.comodo.com
2024-08-03 13:41:47,884 - INFO - DNS Query (IPv4): licensing.security.comodo.com
2024-08-03 13:41:47,884 - INFO - DNS Answer (IPv4): licensing.security.comodo.com
2024-08-03 13:41:50,848 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:41:50,857 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:41:50,873 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:41:50,873 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 13:41:50,881 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 13:41:50,883 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:41:50,906 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 13:41:50,907 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 13:41:50,907 - INFO - Scanning domain: onedscolprdeus12.eastus.cloudapp.azure.com
2024-08-03 13:42:01,933 - INFO - DNS Answer (IPv4): onedscolprdeus12.eastus.cloudapp.azure.com
2024-08-03 13:42:02,057 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:42:02,057 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:42:02,059 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:42:02,063 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:42:02,063 - INFO - DNS Answer (IPv4): www.google-analytics.com
2024-08-03 13:42:05,556 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 13:45:43,460 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 13:46:05,179 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:46:05,181 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:46:05,181 - INFO - DNS Query (IPv4): fonts.googleapis.com
2024-08-03 13:46:05,181 - INFO - DNS Query (IPv4): fonts.googleapis.com
2024-08-03 13:46:05,181 - INFO - DNS Query (IPv4): fonts.gstatic.com
2024-08-03 13:46:05,187 - INFO - DNS Query (IPv4): fonts.gstatic.com
2024-08-03 13:46:05,226 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:46:05,226 - INFO - DNS Answer (IPv4): www.virustotal.com
2024-08-03 13:46:05,226 - INFO - DNS Answer (IPv4): ghs-svc-https-c46.ghs-ssl.googlehosted.com
2024-08-03 13:46:05,226 - INFO - DNS Query (IPv4): fonts.googleapis.com
2024-08-03 13:46:05,226 - INFO - DNS Query (IPv4): fonts.googleapis.com
2024-08-03 13:46:05,237 - INFO - DNS Answer (IPv4): fonts.googleapis.com
2024-08-03 13:46:05,277 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:46:05,277 - INFO - DNS Answer (IPv4): www.virustotal.com
2024-08-03 13:46:05,277 - INFO - DNS Query (IPv4): fonts.gstatic.com
2024-08-03 13:46:05,277 - INFO - DNS Answer (IPv4): fonts.gstatic.com
2024-08-03 13:46:05,277 - INFO - DNS Query (IPv4): fonts.gstatic.com
2024-08-03 13:46:08,337 - INFO - DNS Query (IPv4): virustotal.com
2024-08-03 13:46:08,343 - INFO - DNS Query (IPv4): virustotal.com
2024-08-03 13:46:08,353 - INFO - DNS Query (IPv4): virustotal.com
2024-08-03 13:46:08,353 - INFO - DNS Answer (IPv4): virustotal.com
2024-08-03 13:46:08,354 - INFO - DNS Answer (IPv4): virustotal.com
2024-08-03 13:46:08,354 - INFO - DNS Answer (IPv4): virustotal.com
2024-08-03 13:46:08,354 - INFO - DNS Answer (IPv4): virustotal.com
2024-08-03 13:46:08,356 - INFO - DNS Query (IPv4): virustotal.com
2024-08-03 13:46:08,441 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 13:46:11,474 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 13:46:11,474 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 13:46:11,474 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 13:46:11,474 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:46:11,500 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:46:11,500 - INFO - DNS Query (IPv4): fonts.googleapis.com
2024-08-03 13:46:11,530 - INFO - DNS Query (IPv4): fonts.googleapis.com
2024-08-03 13:46:11,530 - INFO - DNS Query (IPv4): fonts.gstatic.com
2024-08-03 13:46:11,530 - INFO - DNS Query (IPv4): fonts.gstatic.com
2024-08-03 13:46:11,560 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:46:11,570 - INFO - DNS Answer (IPv4): www.virustotal.com
2024-08-03 13:46:11,570 - INFO - DNS Answer (IPv4): ghs-svc-https-c46.ghs-ssl.googlehosted.com
2024-08-03 13:46:11,571 - INFO - DNS Query (IPv4): fonts.googleapis.com
2024-08-03 13:46:11,576 - INFO - DNS Query (IPv4): fonts.googleapis.com
2024-08-03 13:46:11,576 - INFO - DNS Answer (IPv4): fonts.googleapis.com
2024-08-03 13:46:11,581 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:46:11,581 - INFO - DNS Answer (IPv4): www.virustotal.com
2024-08-03 13:46:11,581 - INFO - DNS Query (IPv4): fonts.gstatic.com
2024-08-03 13:46:11,581 - INFO - DNS Query (IPv4): fonts.gstatic.com
2024-08-03 13:46:11,581 - INFO - DNS Answer (IPv4): fonts.gstatic.com
2024-08-03 13:46:14,117 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:46:14,146 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:46:14,146 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:46:14,151 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:46:14,151 - INFO - DNS Answer (IPv4): www.google-analytics.com
2024-08-03 13:46:51,732 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:46:51,797 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:46:51,824 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:46:51,825 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 13:46:51,826 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 13:46:51,827 - INFO - Scanning domain: onedscolprduks03.uksouth.cloudapp.azure.com
2024-08-03 13:47:16,790 - INFO - DNS Answer (IPv4): onedscolprduks03.uksouth.cloudapp.azure.com
2024-08-03 13:47:16,790 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:47:16,790 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 13:47:16,790 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 13:47:16,790 - INFO - Scanning domain: ftp.swin.edu.au
2024-08-03 13:47:31,494 - INFO - DNS Query (IPv4): ftp.swin.edu.au
2024-08-03 13:47:31,497 - INFO - DNS Query (IPv4): ftp.swin.edu.au
2024-08-03 13:47:31,499 - INFO - DNS Query (IPv4): ftp.swin.edu.au
2024-08-03 13:47:31,499 - INFO - DNS Answer (IPv4): ftp.swin.edu.au
2024-08-03 13:47:31,499 - INFO - Scanning domain: ftp.cc.swin.edu.au
2024-08-03 13:47:44,109 - INFO - DNS Answer (IPv4): ftp.cc.swin.edu.au
2024-08-03 13:47:44,113 - INFO - DNS Query (IPv4): ftp.swin.edu.au
2024-08-03 13:47:44,113 - INFO - DNS Answer (IPv4): ftp.swin.edu.au
2024-08-03 13:47:44,113 - INFO - Scanning IPv4 address: 156.154.71.25
2024-08-03 13:48:19,696 - INFO - DNS Answer (IPv4): ftp.cc.swin.edu.au
2024-08-03 13:48:19,775 - INFO - Decompilation completed successfully for file: C:\Users\hydradragonantivirus\Desktop\malwarefudhongkong.exe
2024-08-03 13:48:19,904 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:48:19,904 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:48:19,910 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:48:19,910 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:48:19,913 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:48:19,913 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:48:19,913 - INFO - DNS Answer (IPv4): www.google-analytics.com
2024-08-03 13:48:19,913 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:48:19,913 - INFO - DNS Answer (IPv4): www.virustotal.com
2024-08-03 13:48:19,913 - INFO - DNS Answer (IPv4): ghs-svc-https-c46.ghs-ssl.googlehosted.com
2024-08-03 13:48:19,925 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:48:19,925 - INFO - DNS Answer (IPv4): www.virustotal.com
2024-08-03 13:48:20,239 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:48:20,260 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:48:20,260 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:48:20,260 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 13:48:20,260 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 13:48:20,260 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:48:20,260 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 13:48:20,260 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 13:48:20,260 - INFO - Scanning domain: onedscolprdjpw02.japanwest.cloudapp.azure.com
2024-08-03 13:48:32,178 - INFO - DNS Answer (IPv4): onedscolprdjpw02.japanwest.cloudapp.azure.com
2024-08-03 13:48:32,845 - INFO - Scanning domain: usfftp.security.comodo.com
2024-08-03 13:48:33,240 - ERROR - An error occurred while checking signature: a bytes-like object is required, not 'str'
2024-08-03 13:48:33,416 - INFO - Running worm detection for file 'C:\Users\hydradragonantivirus\Desktop\malwarefudhongkong.exe'
2024-08-03 13:48:34,028 - INFO - Started scanning file: C:\Users\hydradragonantivirus\Desktop\malwarefudhongkong.exe
2024-08-03 13:49:05,647 - INFO - No malware detected by Machine Learning in file: C:\Users\hydradragonantivirus\Desktop\malwarefudhongkong.exe
2024-08-03 13:49:09,273 - INFO - DNS Query (IPv4): usfftp.security.comodo.com
2024-08-03 13:49:09,279 - INFO - DNS Query (IPv4): usfftp.security.comodo.com
2024-08-03 13:49:09,279 - INFO - DNS Answer (IPv4): usfftp.security.comodo.com
2024-08-03 13:49:16,520 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:49:16,523 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:49:16,530 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:49:16,530 - INFO - DNS Answer (IPv4): www.virustotal.com
2024-08-03 13:49:16,530 - INFO - DNS Answer (IPv4): ghs-svc-https-c46.ghs-ssl.googlehosted.com
2024-08-03 13:49:16,540 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:49:16,540 - INFO - DNS Answer (IPv4): www.virustotal.com
2024-08-03 13:49:16,622 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:49:16,662 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:49:16,673 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:49:16,673 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 13:49:16,673 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 13:49:16,681 - INFO - Scanning domain: onedscolprdeus16.eastus.cloudapp.azure.com
2024-08-03 13:49:30,799 - INFO - DNS Answer (IPv4): onedscolprdeus16.eastus.cloudapp.azure.com
2024-08-03 13:49:30,799 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:49:30,799 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 13:49:30,799 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 13:49:30,877 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:49:30,877 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:49:30,899 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:49:30,899 - INFO - DNS Answer (IPv4): www.google-analytics.com
2024-08-03 13:49:30,899 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:49:32,310 - INFO - Scanning domain: officeclient.microsoft.com
2024-08-03 13:49:54,311 - INFO - DNS Query (IPv4): officeclient.microsoft.com
2024-08-03 13:49:54,390 - INFO - DNS Query (IPv4): officeclient.microsoft.com
2024-08-03 13:49:54,390 - INFO - DNS Answer (IPv4): officeclient.microsoft.com
2024-08-03 13:49:54,390 - INFO - Scanning domain: config.officeapps.live.com
2024-08-03 13:50:12,539 - INFO - DNS Answer (IPv4): config.officeapps.live.com
2024-08-03 13:50:12,545 - INFO - Scanning domain: prod.configsvc1.live.com.akadns.net
2024-08-03 13:50:23,604 - INFO - DNS Answer (IPv4): prod.configsvc1.live.com.akadns.net
2024-08-03 13:50:23,604 - INFO - Scanning domain: europe.configsvc1.live.com.akadns.net
2024-08-03 13:50:36,278 - INFO - DNS Answer (IPv4): europe.configsvc1.live.com.akadns.net
2024-08-03 13:50:36,278 - INFO - Scanning domain: neu-azsc-config.officeapps.live.com
2024-08-03 13:50:45,066 - INFO - DNS Answer (IPv4): neu-azsc-config.officeapps.live.com
2024-08-03 13:50:45,066 - INFO - DNS Query (IPv4): officeclient.microsoft.com
2024-08-03 13:50:45,079 - INFO - DNS Query (IPv4): officeclient.microsoft.com
2024-08-03 13:50:45,079 - INFO - DNS Answer (IPv4): officeclient.microsoft.com
2024-08-03 13:50:45,079 - INFO - DNS Answer (IPv4): config.officeapps.live.com
2024-08-03 13:50:45,079 - INFO - DNS Answer (IPv4): prod.configsvc1.live.com.akadns.net
2024-08-03 13:50:45,080 - INFO - DNS Answer (IPv4): europe.configsvc1.live.com.akadns.net
2024-08-03 13:50:45,080 - INFO - Scanning domain: uks-azsc-config.officeapps.live.com
2024-08-03 13:50:54,166 - INFO - DNS Answer (IPv4): uks-azsc-config.officeapps.live.com
2024-08-03 13:50:55,308 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:50:55,313 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:50:55,321 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:50:55,321 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 13:50:55,321 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 13:50:55,321 - INFO - Scanning domain: onedscolprdwus17.westus.cloudapp.azure.com
2024-08-03 13:51:03,621 - INFO - DNS Answer (IPv4): onedscolprdwus17.westus.cloudapp.azure.com
2024-08-03 13:51:03,621 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:51:03,621 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 13:51:03,621 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 13:51:03,671 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:51:03,671 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:51:03,671 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:51:03,671 - INFO - DNS Answer (IPv4): www.virustotal.com
2024-08-03 13:51:03,671 - INFO - DNS Answer (IPv4): ghs-svc-https-c46.ghs-ssl.googlehosted.com
2024-08-03 13:51:03,673 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:51:03,673 - INFO - DNS Answer (IPv4): www.virustotal.com
2024-08-03 13:51:03,720 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:51:03,720 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:51:03,728 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:51:03,728 - INFO - DNS Answer (IPv4): www.google-analytics.com
2024-08-03 13:51:03,728 - INFO - DNS Query (IPv4): www.google-analytics.com
2024-08-03 13:52:41,475 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 13:52:41,985 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 13:52:42,004 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 13:52:43,099 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 13:52:43,111 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 13:52:43,111 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 13:52:43,111 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 13:52:43,291 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 13:52:43,291 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 13:52:43,291 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 13:52:43,291 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 13:52:43,475 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 13:52:43,488 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 13:52:43,488 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 13:53:14,585 - INFO - No malware detected by ClamAV in file: C:\Users\hydradragonantivirus\Desktop\malwarefudhongkong.exe
2024-08-03 13:54:06,918 - INFO - Scanning domain: assets.msn.com
2024-08-03 13:54:26,557 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 13:54:26,681 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 13:54:26,681 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 13:54:26,681 - INFO - Scanning domain: assets.msn.com.edgekey.net
2024-08-03 13:54:36,125 - INFO - Rule DebuggerCheck__API is excluded.
2024-08-03 13:54:36,125 - INFO - Rule DebuggerTiming__PerformanceCounter is excluded.
2024-08-03 13:54:36,125 - INFO - Rule DebuggerException__UnhandledFilter is excluded.
2024-08-03 13:54:36,125 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 13:54:36,125 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 13:54:36,125 - INFO - Rule Check_unhandledExceptionFiler_iat is excluded.
2024-08-03 13:54:36,125 - INFO - Rule check_RaiseException_iat is excluded.
2024-08-03 13:54:36,125 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-08-03 13:54:36,125 - INFO - Rule leaked_lapsus_nvidia_leaked_certificate is excluded.
2024-08-03 13:54:36,125 - INFO - Rule head_mz is excluded.
2024-08-03 13:54:36,125 - INFO - Rule head_pe_unsigned is excluded.
2024-08-03 13:54:36,125 - INFO - Rule pe_unsigned_uncommon_product_name is excluded.
2024-08-03 13:54:36,125 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 13:54:36,125 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 13:54:36,125 - INFO - Rule head_mz_d_med_100kb_1mb is excluded.
2024-08-03 13:54:36,125 - INFO - Rule Contains_PE_File is excluded.
2024-08-03 13:54:36,125 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 13:54:36,125 - INFO - Rule PEiD_00055_Alias_PIX_Vivid_IMG_Graphics_format_ is excluded.
2024-08-03 13:54:36,125 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-08-03 13:54:36,153 - INFO - Rule http is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3e9_411f9e99c2469932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_092fb0f929246b16 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_09317334d6a67916 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_0c89a5a6d2d31912 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_0ca3390f1a12f936 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_0ca3390f1a139932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_0ca3390f1a13d932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_0ca3390f1a52f131 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_0ca3390f3a136932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_0ce3390f3a126b16 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_0ce3390f3a126b36 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_0ce3390f3a1b4a9a is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_0ce3390f3a534aba is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_0ce3390f3a53ebb6 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_0ce3390f3a5acad2 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_119e2169c0800b16 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_119eae89c0000b16 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_1922e854d6c31912 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_239c364bc6220b12 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_239c364bc6620b12 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_291771a8c2000b32 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_39857a1691ab1932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_39857a16dba31932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_39857a46dbd31932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_39857a46dcbb1932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_39857a46ee600932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_39857a46fa231932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_39857a46fe231932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_39857a4edcab0932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_39857a54d6c31932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_39857a56ba231932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_39857a56d6d31932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_39857a56d7a31932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_39857a56d9e31932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_39857a56dda31932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_39857a56ded31932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_39857a56dfa31932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_39857a5ed6d31932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_39857a5edec31932 is excluded.
2024-08-03 13:54:36,153 - INFO - Rule n3ed_39957a12d3d30932 is excluded.
2024-08-03 13:54:36,166 - INFO - Rule n3ed_39957a1aba231932 is excluded.
2024-08-03 13:54:36,166 - INFO - Rule n3ed_39957a1eba231932 is excluded.
2024-08-03 13:54:36,166 - INFO - Rule n3ed_39957a5a56c31932 is excluded.
2024-08-03 13:54:36,166 - INFO - Rule n3ed_39957a5ed6c31932 is excluded.
2024-08-03 13:54:36,166 - INFO - Rule Hunting_resources_noimps is excluded.
2024-08-03 13:54:36,166 - INFO - Rule anti_dbg is excluded.
2024-08-03 13:54:36,166 - INFO - Rule Str_Win32_Winsock2_Library is excluded.
2024-08-03 13:54:36,166 - INFO - Rule network_tcp_socket is excluded.
2024-08-03 13:54:36,166 - INFO - Rule win_files_operation is excluded.
2024-08-03 13:54:36,166 - INFO - Rule anti_debug__IsDebuggerPresent__8_byt_STR_17_ is excluded.
2024-08-03 13:54:36,166 - INFO - Rule misc_pe_signature is excluded.
2024-08-03 13:54:36,166 - INFO - Rule obfuscation_singlebyte_mov is excluded.
2024-08-03 13:54:36,166 - INFO - Rule create_process is excluded.
2024-08-03 13:54:36,166 - INFO - Rule IsPE64 is excluded.
2024-08-03 13:54:36,166 - INFO - Rule IsWindowsGUI is excluded.
2024-08-03 13:54:36,166 - INFO - Rule HasOverlay is excluded.
2024-08-03 13:54:36,166 - INFO - Rule HasDebugData is excluded.
2024-08-03 13:54:36,166 - INFO - Rule HasRichSignature is excluded.
2024-08-03 13:54:36,166 - INFO - Rule IsNotPacked is excluded.
2024-08-03 13:54:36,166 - INFO - Rule Microsoft_Visual_Cpp_80_DLL is excluded.
2024-08-03 13:54:48,158 - INFO - Rule leaked_lapsus_nvidia_leaked_certificate is excluded.
2024-08-03 13:54:48,301 - INFO - Scanned file with YARA: C:\Users\hydradragonantivirus\Desktop\malwarefudhongkong.exe - No viruses detected
2024-08-03 13:54:48,367 - INFO - Running ransomware alert check for file 'C:\Users\hydradragonantivirus\Desktop\malwarefudhongkong.exe'
2024-08-03 13:54:48,412 - INFO - Checking ransomware conditions for file 'C:\Users\hydradragonantivirus\Desktop\malwarefudhongkong.exe' with parts '['malwarefudhongkong', 'exe']'
2024-08-03 13:54:48,493 - INFO - File 'C:\Users\hydradragonantivirus\Desktop\malwarefudhongkong.exe' does not have multiple extensions, not flagged as ransomware
2024-08-03 13:54:59,841 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 13:54:59,841 - INFO - Scanning domain: e28578.d.akamaiedge.net
2024-08-03 13:55:25,803 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:55:25,803 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:55:25,803 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:55:25,803 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:55:25,803 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:55:25,803 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:55:25,803 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:55:25,803 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:55:25,803 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:55:27,594 - INFO - Scanning domain: windows.msn.com
2024-08-03 13:55:40,865 - INFO - DNS Query (IPv4): windows.msn.com
2024-08-03 13:55:40,865 - INFO - DNS Query (IPv4): windows.msn.com
2024-08-03 13:55:40,865 - INFO - DNS Answer (IPv4): windows.msn.com
2024-08-03 13:55:40,865 - INFO - Scanning domain: www-msn-com.a-0003.a-msedge.net
2024-08-03 13:55:52,392 - INFO - DNS Answer (IPv4): www-msn-com.a-0003.a-msedge.net
2024-08-03 13:55:52,392 - INFO - Scanning domain: a-0003.a-msedge.net
2024-08-03 13:55:59,370 - INFO - DNS Answer (IPv4): a-0003.a-msedge.net
2024-08-03 13:56:09,625 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 13:56:10,982 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 13:56:13,007 - INFO - Scanning domain: www.msn.com
2024-08-03 13:56:19,427 - INFO - DNS Query (IPv4): www.msn.com
2024-08-03 13:56:19,429 - INFO - DNS Query (IPv4): www.msn.com
2024-08-03 13:56:19,432 - INFO - DNS Query (IPv4): www.msn.com
2024-08-03 13:56:19,432 - INFO - DNS Answer (IPv4): www.msn.com
2024-08-03 13:56:19,436 - INFO - DNS Answer (IPv4): www-msn-com.a-0003.a-msedge.net
2024-08-03 13:56:19,436 - INFO - DNS Answer (IPv4): a-0003.a-msedge.net
2024-08-03 13:56:19,436 - INFO - DNS Query (IPv4): www.msn.com
2024-08-03 13:56:19,436 - INFO - DNS Answer (IPv4): www.msn.com
2024-08-03 13:56:20,323 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 13:56:20,327 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 13:56:20,328 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 13:56:20,328 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 13:56:20,330 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:56:20,330 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:56:20,330 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:56:20,330 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:56:20,330 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:56:20,330 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:56:20,332 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:56:20,332 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:56:20,332 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:56:21,046 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:56:21,046 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:56:21,050 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:56:21,050 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 13:56:21,050 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 13:56:21,055 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:56:21,055 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 13:56:21,055 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 13:56:21,055 - INFO - Scanning domain: onedscolprdwus10.westus.cloudapp.azure.com
2024-08-03 13:56:25,687 - INFO - DNS Answer (IPv4): onedscolprdwus10.westus.cloudapp.azure.com
2024-08-03 13:56:29,765 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 13:56:30,025 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 13:56:30,576 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 13:56:31,072 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 13:57:51,773 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 13:57:51,793 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 13:57:51,793 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 13:57:51,793 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 13:57:51,793 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:57:51,793 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:57:51,793 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:57:51,793 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:57:51,793 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:57:51,793 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:57:51,793 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:57:51,793 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:57:51,793 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:57:54,120 - INFO - Scanning domain: cmc.comodo.com
2024-08-03 13:58:00,840 - INFO - DNS Query (IPv4): cmc.comodo.com
2024-08-03 13:58:00,841 - INFO - DNS Query (IPv4): cmc.comodo.com
2024-08-03 13:58:01,121 - INFO - DNS Query (IPv4): cmc.comodo.com
2024-08-03 13:58:01,121 - INFO - DNS Answer (IPv4): cmc.comodo.com
2024-08-03 13:58:01,121 - INFO - DNS Query (IPv4): cmc.comodo.com
2024-08-03 13:58:01,121 - INFO - DNS Answer (IPv4): cmc.comodo.com
2024-08-03 13:58:01,161 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:58:01,165 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:58:01,165 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:58:01,165 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 13:58:01,165 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 13:58:01,165 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 13:58:01,165 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 13:58:01,165 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 13:58:01,165 - INFO - Scanning domain: onedscolprdcus23.centralus.cloudapp.azure.com
2024-08-03 13:58:05,938 - INFO - DNS Answer (IPv4): onedscolprdcus23.centralus.cloudapp.azure.com
2024-08-03 13:58:05,955 - INFO - Scanning domain: fd.api.iris.microsoft.com
2024-08-03 13:58:14,525 - INFO - DNS Query (IPv4): fd.api.iris.microsoft.com
2024-08-03 13:58:14,525 - INFO - DNS Query (IPv4): fd.api.iris.microsoft.com
2024-08-03 13:58:14,525 - INFO - DNS Answer (IPv4): fd.api.iris.microsoft.com
2024-08-03 13:58:14,525 - INFO - Scanning domain: fd-api-iris.trafficmanager.net
2024-08-03 13:58:20,925 - INFO - DNS Answer (IPv4): fd-api-iris.trafficmanager.net
2024-08-03 13:58:20,925 - INFO - Scanning domain: iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com
2024-08-03 13:58:29,274 - INFO - DNS Answer (IPv4): iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com
2024-08-03 13:58:32,440 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 13:58:32,440 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 13:58:32,440 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 13:58:32,458 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 13:58:32,464 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:58:32,464 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:58:32,464 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:58:32,464 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:58:32,467 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:58:32,467 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:58:32,467 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:58:32,467 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:58:32,467 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:58:32,489 - INFO - DNS Query (IPv4): licensing.security.comodo.com
2024-08-03 13:58:32,489 - INFO - DNS Query (IPv4): licensing.security.comodo.com
2024-08-03 13:58:32,489 - INFO - DNS Answer (IPv4): licensing.security.comodo.com
2024-08-03 13:58:32,691 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:58:32,694 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:58:32,694 - INFO - DNS Query (IPv4): virustotal.com
2024-08-03 13:58:32,703 - INFO - DNS Query (IPv4): virustotal.com
2024-08-03 13:58:32,703 - INFO - DNS Query (IPv4): fonts.googleapis.com
2024-08-03 13:58:32,703 - INFO - DNS Query (IPv4): fonts.googleapis.com
2024-08-03 13:58:32,715 - INFO - DNS Query (IPv4): virustotal.com
2024-08-03 13:58:32,715 - INFO - DNS Answer (IPv4): virustotal.com
2024-08-03 13:58:32,715 - INFO - DNS Answer (IPv4): virustotal.com
2024-08-03 13:58:32,715 - INFO - DNS Answer (IPv4): virustotal.com
2024-08-03 13:58:32,715 - INFO - DNS Answer (IPv4): virustotal.com
2024-08-03 13:58:32,740 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:58:32,740 - INFO - DNS Answer (IPv4): www.virustotal.com
2024-08-03 13:58:32,740 - INFO - DNS Answer (IPv4): ghs-svc-https-c46.ghs-ssl.googlehosted.com
2024-08-03 13:58:32,750 - INFO - DNS Query (IPv4): virustotal.com
2024-08-03 13:58:32,762 - INFO - DNS Query (IPv4): www.virustotal.com
2024-08-03 13:58:32,762 - INFO - DNS Answer (IPv4): www.virustotal.com
2024-08-03 13:58:32,776 - INFO - DNS Query (IPv4): fonts.googleapis.com
2024-08-03 13:58:32,776 - INFO - DNS Query (IPv4): fonts.googleapis.com
2024-08-03 13:58:32,776 - INFO - DNS Answer (IPv4): fonts.googleapis.com
2024-08-03 13:58:32,912 - INFO - DNS Query (IPv4): fonts.gstatic.com
2024-08-03 13:58:32,912 - INFO - DNS Query (IPv4): fonts.gstatic.com
2024-08-03 13:58:32,912 - INFO - DNS Query (IPv4): fonts.gstatic.com
2024-08-03 13:58:32,912 - INFO - DNS Query (IPv4): fonts.gstatic.com
2024-08-03 13:58:32,912 - INFO - DNS Answer (IPv4): fonts.gstatic.com
2024-08-03 13:58:33,214 - INFO - Scanning domain: cis.td.security.comodo.com
2024-08-03 13:58:41,953 - INFO - DNS Query (IPv4): cis.td.security.comodo.com
2024-08-03 13:58:41,955 - INFO - DNS Query (IPv4): cis.td.security.comodo.com
2024-08-03 13:58:41,955 - INFO - DNS Answer (IPv4): cis.td.security.comodo.com
2024-08-03 13:58:41,955 - INFO - DNS Answer (IPv4): cis.td.security.comodo.com
2024-08-03 13:58:41,955 - INFO - DNS Answer (IPv4): cis.td.security.comodo.com
2024-08-03 13:58:42,023 - INFO - Scanning domain: suggest.yandex.com.tr
2024-08-03 13:58:51,097 - INFO - DNS Query (IPv4): suggest.yandex.com.tr
2024-08-03 13:58:51,103 - INFO - DNS Query (IPv4): suggest.yandex.com.tr
2024-08-03 13:58:51,110 - INFO - DNS Query (IPv4): suggest.yandex.com.tr
2024-08-03 13:58:51,110 - INFO - DNS Answer (IPv4): suggest.yandex.com.tr
2024-08-03 13:58:51,112 - INFO - Scanning domain: suggest.yandex.net
2024-08-03 13:58:58,403 - INFO - DNS Answer (IPv4): suggest.yandex.net
2024-08-03 13:58:58,403 - INFO - DNS Query (IPv4): suggest.yandex.com.tr
2024-08-03 13:58:58,403 - INFO - DNS Answer (IPv4): suggest.yandex.com.tr
2024-08-03 13:58:58,677 - INFO - Scanning domain: dro.pm
2024-08-03 13:59:05,589 - INFO - DNS Query (IPv4): dro.pm
2024-08-03 13:59:05,589 - INFO - DNS Query (IPv4): dro.pm
2024-08-03 13:59:05,589 - INFO - DNS Query (IPv4): dro.pm
2024-08-03 13:59:05,603 - INFO - DNS Query (IPv4): dro.pm
2024-08-03 13:59:05,613 - INFO - DNS Answer (IPv4): dro.pm
2024-08-03 13:59:05,870 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 13:59:05,870 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 13:59:05,879 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 13:59:05,879 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 13:59:05,879 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:59:05,879 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:59:05,879 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:59:05,879 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:59:05,879 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:59:05,913 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:59:05,914 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:59:05,917 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:59:05,918 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 13:59:05,938 - INFO - DNS Query (IPv4): dro.pm
2024-08-03 13:59:05,938 - INFO - DNS Query (IPv4): dro.pm
2024-08-03 13:59:05,938 - INFO - DNS Answer (IPv4): dro.pm
2024-08-03 13:59:05,975 - INFO - Scanning domain: edge.microsoft.com
2024-08-03 13:59:19,092 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-08-03 13:59:19,097 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-08-03 13:59:19,098 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-08-03 13:59:19,098 - INFO - DNS Answer (IPv4): edge.microsoft.com
2024-08-03 13:59:19,114 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-08-03 13:59:19,116 - INFO - DNS Answer (IPv4): edge.microsoft.com
2024-08-03 13:59:19,116 - INFO - Scanning domain: edge-microsoft-com.dual-a-0036.a-msedge.net
2024-08-03 14:00:20,105 - INFO - DNS Answer (IPv4): edge-microsoft-com.dual-a-0036.a-msedge.net
2024-08-03 14:00:20,105 - INFO - Scanning domain: dual-a-0036.a-msedge.net
2024-08-03 14:00:29,807 - INFO - DNS Answer (IPv4): dual-a-0036.a-msedge.net
2024-08-03 14:00:29,807 - INFO - DNS Answer (IPv4): dual-a-0036.a-msedge.net
2024-08-03 14:00:31,006 - INFO - Scanning domain: nav-edge.smartscreen.microsoft.com
2024-08-03 14:00:41,362 - INFO - DNS Query (IPv4): nav-edge.smartscreen.microsoft.com
2024-08-03 14:00:41,442 - INFO - DNS Query (IPv4): nav-edge.smartscreen.microsoft.com
2024-08-03 14:00:41,442 - INFO - DNS Query (IPv4): nav-edge.smartscreen.microsoft.com
2024-08-03 14:00:41,442 - INFO - DNS Answer (IPv4): nav-edge.smartscreen.microsoft.com
2024-08-03 14:00:41,442 - INFO - Scanning domain: prod-atm-wds-edge.trafficmanager.net
2024-08-03 14:00:51,275 - INFO - DNS Answer (IPv4): prod-atm-wds-edge.trafficmanager.net
2024-08-03 14:00:51,275 - INFO - Scanning domain: prod-agic-we-2.westeurope.cloudapp.azure.com
2024-08-03 14:00:58,752 - INFO - DNS Answer (IPv4): prod-agic-we-2.westeurope.cloudapp.azure.com
2024-08-03 14:01:38,864 - INFO - DNS Query (IPv4): nav-edge.smartscreen.microsoft.com
2024-08-03 14:01:38,864 - INFO - DNS Answer (IPv4): nav-edge.smartscreen.microsoft.com
2024-08-03 14:01:38,864 - INFO - DNS Answer (IPv4): prod-atm-wds-edge.trafficmanager.net
2024-08-03 14:01:39,085 - INFO - Scanning domain: login.live.com
2024-08-03 14:01:46,426 - INFO - DNS Query (IPv4): login.live.com
2024-08-03 14:01:46,426 - INFO - DNS Query (IPv4): login.live.com
2024-08-03 14:01:46,426 - INFO - DNS Answer (IPv4): login.live.com
2024-08-03 14:01:46,426 - INFO - Scanning domain: login.msa.msidentity.com
2024-08-03 14:01:51,617 - INFO - DNS Answer (IPv4): login.msa.msidentity.com
2024-08-03 14:01:51,617 - INFO - Scanning domain: www.tm.lg.prod.aadmsa.trafficmanager.net
2024-08-03 14:01:57,964 - INFO - DNS Answer (IPv4): www.tm.lg.prod.aadmsa.trafficmanager.net
2024-08-03 14:01:58,028 - INFO - Scanning domain: prdv4a.aadg.msidentity.com
2024-08-03 14:02:03,714 - INFO - DNS Answer (IPv4): prdv4a.aadg.msidentity.com
2024-08-03 14:02:03,714 - INFO - Scanning domain: www.tm.v4.a.prd.aadg.akadns.net
2024-08-03 14:02:09,313 - INFO - DNS Answer (IPv4): www.tm.v4.a.prd.aadg.akadns.net
2024-08-03 14:02:09,313 - INFO - DNS Answer (IPv4): www.tm.v4.a.prd.aadg.akadns.net
2024-08-03 14:02:09,313 - INFO - DNS Answer (IPv4): www.tm.v4.a.prd.aadg.akadns.net
2024-08-03 14:02:09,313 - INFO - DNS Answer (IPv4): www.tm.v4.a.prd.aadg.akadns.net
2024-08-03 14:02:09,313 - INFO - DNS Answer (IPv4): www.tm.v4.a.prd.aadg.akadns.net
2024-08-03 14:02:09,313 - INFO - DNS Answer (IPv4): www.tm.v4.a.prd.aadg.akadns.net
2024-08-03 14:02:09,313 - INFO - DNS Answer (IPv4): www.tm.v4.a.prd.aadg.akadns.net
2024-08-03 14:02:09,313 - INFO - DNS Answer (IPv4): www.tm.v4.a.prd.aadg.akadns.net
2024-08-03 14:02:09,854 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:02:09,854 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:02:09,854 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:02:09,854 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 14:02:09,854 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 14:02:09,854 - INFO - Scanning domain: onedscolprdeus05.eastus.cloudapp.azure.com
2024-08-03 14:02:14,819 - INFO - DNS Answer (IPv4): onedscolprdeus05.eastus.cloudapp.azure.com
2024-08-03 14:02:14,819 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:02:14,819 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 14:02:14,819 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 14:02:39,050 - INFO - Scanning domain: g.msn.com
2024-08-03 14:02:44,026 - INFO - DNS Query (IPv4): g.msn.com
2024-08-03 14:02:44,028 - INFO - DNS Query (IPv4): g.msn.com
2024-08-03 14:02:44,028 - INFO - DNS Answer (IPv4): g.msn.com
2024-08-03 14:02:44,028 - INFO - Scanning domain: g-msn-com-nsatc.trafficmanager.net
2024-08-03 14:02:47,521 - INFO - DNS Answer (IPv4): g-msn-com-nsatc.trafficmanager.net
2024-08-03 14:02:47,875 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:02:47,875 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:02:47,883 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:02:47,883 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 14:02:47,883 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 14:02:47,883 - INFO - Scanning domain: onedscolprdcus16.centralus.cloudapp.azure.com
2024-08-03 14:02:53,158 - INFO - DNS Answer (IPv4): onedscolprdcus16.centralus.cloudapp.azure.com
2024-08-03 14:02:53,160 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:02:53,160 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 14:02:53,160 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 14:02:53,614 - INFO - DNS Query (IPv4): ftp.swin.edu.au
2024-08-03 14:02:54,110 - INFO - DNS Query (IPv4): ftp.swin.edu.au
2024-08-03 14:02:54,112 - INFO - DNS Query (IPv4): ftp.swin.edu.au
2024-08-03 14:02:54,112 - INFO - DNS Answer (IPv4): ftp.swin.edu.au
2024-08-03 14:02:54,112 - INFO - DNS Answer (IPv4): ftp.cc.swin.edu.au
2024-08-03 14:02:54,239 - INFO - DNS Query (IPv4): ftp.swin.edu.au
2024-08-03 14:02:54,240 - INFO - DNS Answer (IPv4): ftp.swin.edu.au
2024-08-03 14:02:54,240 - INFO - DNS Answer (IPv4): ftp.cc.swin.edu.au
2024-08-03 14:03:30,506 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:03:30,537 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:03:30,537 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:03:30,537 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 14:03:30,537 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 14:03:30,537 - INFO - Scanning domain: onedscolprdeus13.eastus.cloudapp.azure.com
2024-08-03 14:03:38,942 - INFO - DNS Answer (IPv4): onedscolprdeus13.eastus.cloudapp.azure.com
2024-08-03 14:03:38,942 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:03:38,942 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 14:03:38,942 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 14:03:39,770 - INFO - Scanning domain: browser.events.data.msn.com
2024-08-03 14:03:44,593 - INFO - DNS Query (IPv4): browser.events.data.msn.com
2024-08-03 14:03:44,696 - INFO - DNS Query (IPv4): browser.events.data.msn.com
2024-08-03 14:03:44,696 - INFO - DNS Query (IPv4): browser.events.data.msn.com
2024-08-03 14:03:44,696 - INFO - DNS Answer (IPv4): browser.events.data.msn.com
2024-08-03 14:03:44,696 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 14:03:44,696 - INFO - Scanning domain: onedscolprdcus09.centralus.cloudapp.azure.com
2024-08-03 14:03:49,490 - INFO - Running analysis for: C:/Users/hydradragonantivirus/Documents/libcurl.dll
2024-08-03 14:03:50,612 - INFO - Performing sandbox analysis on: C:/Users/hydradragonantivirus/Documents/libcurl.dll
2024-08-03 14:03:52,826 - INFO - Scanning file: C:\Users\hydradragonantivirus\Documents\libcurl.dll
2024-08-03 14:03:52,965 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 14:03:52,965 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 14:03:54,189 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 14:03:55,065 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:03:55,330 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:03:55,693 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: desktop.ini
2024-08-03 14:03:55,693 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 14:04:00,401 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 14:04:01,130 - INFO - Running Sandboxie control.
2024-08-03 14:04:05,505 - INFO - Sandbox analysis started. Please check log after you close program. There is no limit to scan time.
2024-08-03 14:04:15,128 - INFO - Sandboxie control output: 
2024-08-03 14:06:05,022 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 14:06:05,160 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 14:06:05,223 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:06:05,283 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 14:06:05,283 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 14:06:05,311 - INFO - Decompilation completed successfully for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:06:05,320 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-08-03 14:06:05,570 - INFO - DNS Answer (IPv4): onedscolprdcus09.centralus.cloudapp.azure.com
2024-08-03 14:06:05,578 - INFO - DNS Query (IPv4): browser.events.data.msn.com
2024-08-03 14:06:05,578 - INFO - DNS Answer (IPv4): browser.events.data.msn.com
2024-08-03 14:06:05,578 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 14:06:05,743 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 14:06:05,743 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 14:06:05,751 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2'
2024-08-03 14:06:05,754 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' with parts '['RegHive', 'LOG2']'
2024-08-03 14:06:05,754 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:05,754 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive
2024-08-03 14:06:05,754 - INFO - Scanning domain: srtb.msn.com
2024-08-03 14:06:05,839 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\drive'
2024-08-03 14:06:05,839 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive
2024-08-03 14:06:07,602 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive
2024-08-03 14:06:07,602 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\drive'
2024-08-03 14:06:07,602 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive'
2024-08-03 14:06:07,602 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive' with parts '['drive']'
2024-08-03 14:06:07,602 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:07,721 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C
2024-08-03 14:06:07,721 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\drive\\C'
2024-08-03 14:06:07,721 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C
2024-08-03 14:06:08,185 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C
2024-08-03 14:06:08,185 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\drive\\C'
2024-08-03 14:06:08,185 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C'
2024-08-03 14:06:08,185 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C' with parts '['C']'
2024-08-03 14:06:08,185 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:08,185 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS
2024-08-03 14:06:08,185 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\drive\\C\\WINDOWS'
2024-08-03 14:06:08,185 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS
2024-08-03 14:06:09,469 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:06:09,513 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 14:06:09,510 - INFO - Rule reversing_tool_process_name is excluded.
2024-08-03 14:06:09,500 - INFO - Rule reversing_tool_process_name is excluded.
2024-08-03 14:06:09,971 - ERROR - An error occurred while checking signature: a bytes-like object is required, not 'str'
2024-08-03 14:06:10,087 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:06:10,427 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 14:06:10,134 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:06:10,425 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive - No viruses detected
2024-08-03 14:06:10,427 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS
2024-08-03 14:06:10,425 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe'
2024-08-03 14:06:10,431 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini - No viruses detected
2024-08-03 14:06:10,456 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 14:06:10,460 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive'
2024-08-03 14:06:10,627 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini'
2024-08-03 14:06:10,702 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\drive\\C\\WINDOWS'
2024-08-03 14:06:11,206 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini - No viruses detected
2024-08-03 14:06:11,424 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive' with parts '['StartupProfileData-NonInteractive']'
2024-08-03 14:06:11,631 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:11,453 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' with parts '['desktop', 'ini']'
2024-08-03 14:06:11,619 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini'
2024-08-03 14:06:11,512 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS'
2024-08-03 14:06:12,238 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS' with parts '['WINDOWS']'
2024-08-03 14:06:12,238 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:11,785 - INFO - Decompiling file: C:\Users\hydradragonantivirus\Documents\libcurl.dll
2024-08-03 14:06:11,938 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:06:11,969 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:12,141 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' with parts '['desktop', 'ini']'
2024-08-03 14:06:12,762 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS
2024-08-03 14:06:13,015 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:13,045 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 14:06:14,154 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 14:06:14,161 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 14:06:14,161 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 14:06:13,133 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive
2024-08-03 14:06:13,074 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\drive\\C\\WINDOWS'
2024-08-03 14:06:14,200 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 14:06:14,216 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 14:06:14,216 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 14:06:14,211 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS
2024-08-03 14:06:14,373 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 14:06:14,373 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 14:06:14,373 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 14:06:14,373 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 14:06:14,373 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:14,373 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 14:06:14,373 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 14:06:14,373 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 14:06:14,373 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 14:06:16,368 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 14:06:16,372 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 14:06:16,372 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1'
2024-08-03 14:06:16,372 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' with parts '['RegHive', 'LOG1']'
2024-08-03 14:06:16,372 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:16,372 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 14:06:16,372 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 14:06:16,372 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 14:06:16,372 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 14:06:16,453 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS
2024-08-03 14:06:16,453 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\drive\\C\\WINDOWS'
2024-08-03 14:06:16,453 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS'
2024-08-03 14:06:16,453 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS' with parts '['WINDOWS']'
2024-08-03 14:06:16,460 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:16,460 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:06:16,493 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 14:06:16,493 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-08-03 14:06:16,493 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 14:06:16,493 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 14:06:16,493 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:16,493 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive.LOG1
2024-08-03 14:06:16,493 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 14:06:16,493 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 14:06:16,493 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 14:06:16,498 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:06:16,805 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 14:06:16,856 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 14:06:16,856 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2'
2024-08-03 14:06:16,856 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' with parts '['RegHive', 'LOG2']'
2024-08-03 14:06:16,856 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:16,856 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 14:06:16,962 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:06:16,990 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 14:06:18,390 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 14:06:18,390 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-08-03 14:06:18,390 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1'
2024-08-03 14:06:18,390 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' with parts '['RegHive', 'LOG1']'
2024-08-03 14:06:18,733 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:18,633 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 14:06:18,733 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive.LOG2
2024-08-03 14:06:18,966 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 14:06:18,966 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 14:06:18,733 - INFO - Rule FE_PCAPs0 is excluded.
2024-08-03 14:06:18,963 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:06:18,966 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 14:06:18,998 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:06:19,340 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 14:06:19,341 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat - No viruses detected
2024-08-03 14:06:21,242 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat'
2024-08-03 14:06:21,242 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat' with parts '['SbiePst', 'dat']'
2024-08-03 14:06:21,242 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:21,242 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS
2024-08-03 14:06:20,665 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 14:06:20,859 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 14:06:21,242 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\drive\\C\\WINDOWS'
2024-08-03 14:06:21,420 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS
2024-08-03 14:06:21,271 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 14:06:21,420 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2'
2024-08-03 14:06:21,420 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' with parts '['RegHive', 'LOG2']'
2024-08-03 14:06:21,420 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:21,420 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 14:06:21,420 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 14:06:21,420 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 14:06:23,424 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:06:23,424 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 14:06:24,841 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf - No viruses detected
2024-08-03 14:06:24,841 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf'
2024-08-03 14:06:24,841 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TM', 'blf']'
2024-08-03 14:06:24,841 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf' does not meet ransomware conditions
2024-08-03 14:06:24,841 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 14:06:24,841 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 14:06:24,896 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS
2024-08-03 14:06:24,896 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\drive\\C\\WINDOWS'
2024-08-03 14:06:24,896 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS'
2024-08-03 14:06:24,896 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS' with parts '['WINDOWS']'
2024-08-03 14:06:24,923 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 14:06:24,928 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:24,949 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 14:06:25,173 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:06:25,236 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:06:25,694 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:06:25,506 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:06:25,698 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 14:06:25,706 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf - No viruses detected
2024-08-03 14:06:25,706 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf'
2024-08-03 14:06:25,706 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TM', 'blf']'
2024-08-03 14:06:25,707 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf' does not meet ransomware conditions
2024-08-03 14:06:25,707 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 14:06:25,707 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 14:06:25,707 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 14:06:27,205 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 14:06:29,075 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 14:06:29,075 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:06:35,210 - INFO - Rule FE_PCAPs0 is excluded.
2024-08-03 14:06:35,210 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:06:35,210 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 14:06:35,224 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat - No viruses detected
2024-08-03 14:06:35,224 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat'
2024-08-03 14:06:35,224 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat' with parts '['SbiePst', 'dat']'
2024-08-03 14:06:35,224 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:35,227 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C
2024-08-03 14:06:35,341 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:06:35,341 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 14:06:35,957 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms - No viruses detected
2024-08-03 14:06:35,957 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-08-03 14:06:35,957 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TMContainer00000000000000000001', 'regtrans-ms']'
2024-08-03 14:06:35,957 - INFO - Previous extension '.tmcontainer00000000000000000001' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 14:06:35,957 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 14:06:35,966 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 14:06:35,989 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\drive\\C'
2024-08-03 14:06:35,990 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C
2024-08-03 14:06:36,704 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 14:06:39,088 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C
2024-08-03 14:06:45,660 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 14:06:48,120 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\drive\\C'
2024-08-03 14:06:48,120 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C'
2024-08-03 14:06:48,120 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C' with parts '['C']'
2024-08-03 14:06:48,120 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:48,120 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive
2024-08-03 14:06:48,131 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:06:48,131 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 14:06:48,169 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\drive'
2024-08-03 14:06:48,178 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive
2024-08-03 14:06:48,287 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms - No viruses detected
2024-08-03 14:06:48,287 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-08-03 14:06:48,290 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TMContainer00000000000000000001', 'regtrans-ms']'
2024-08-03 14:06:48,290 - INFO - Previous extension '.tmcontainer00000000000000000001' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 14:06:48,290 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 14:06:48,292 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 14:06:48,655 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 14:06:49,508 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive
2024-08-03 14:06:49,508 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\drive'
2024-08-03 14:06:49,508 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive'
2024-08-03 14:06:49,508 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive' with parts '['drive']'
2024-08-03 14:06:49,508 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:49,524 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:06:49,524 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:06:51,637 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:06:51,697 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:06:51,697 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 14:06:51,752 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 14:06:51,766 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms - No viruses detected
2024-08-03 14:06:51,766 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-08-03 14:06:51,766 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TMContainer00000000000000000002', 'regtrans-ms']'
2024-08-03 14:06:51,766 - INFO - Previous extension '.tmcontainer00000000000000000002' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 14:06:51,810 - INFO - Rule FE_PCAPs0 is excluded.
2024-08-03 14:06:51,814 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:06:51,814 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 14:06:51,922 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat - No viruses detected
2024-08-03 14:06:51,923 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat'
2024-08-03 14:06:51,923 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat' with parts '['SbiePst', 'dat']'
2024-08-03 14:06:51,923 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:51,923 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:06:51,923 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:06:52,654 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:06:52,654 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:06:52,654 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:06:53,108 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:06:53,432 - INFO - Rule FE_PCAPs0 is excluded.
2024-08-03 14:06:53,435 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:06:53,435 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 14:06:53,438 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat - No viruses detected
2024-08-03 14:06:53,443 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat'
2024-08-03 14:06:53,443 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat' with parts '['SbiePst', 'dat']'
2024-08-03 14:06:53,443 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:53,443 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:06:54,798 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:06:54,916 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:06:54,953 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:06:55,008 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 14:06:55,095 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms - No viruses detected
2024-08-03 14:06:55,095 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-08-03 14:06:55,095 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TMContainer00000000000000000002', 'regtrans-ms']'
2024-08-03 14:06:55,095 - INFO - Previous extension '.tmcontainer00000000000000000002' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 14:06:55,334 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell: StartupProfileData-NonInteractive
2024-08-03 14:06:55,336 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:06:55,338 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:06:56,443 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:06:56,445 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 14:06:56,455 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive - No viruses detected
2024-08-03 14:06:56,455 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive'
2024-08-03 14:06:56,455 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive' with parts '['StartupProfileData-NonInteractive']'
2024-08-03 14:06:56,455 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:56,507 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:06:56,507 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:06:57,531 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:06:57,779 - INFO - Rule FE_PCAPs0 is excluded.
2024-08-03 14:06:57,780 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:06:57,780 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 14:06:57,784 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat - No viruses detected
2024-08-03 14:06:57,786 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat'
2024-08-03 14:06:57,786 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat' with parts '['SbiePst', 'dat']'
2024-08-03 14:06:57,786 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:06:58,140 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:06:58,140 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:07:02,025 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:07:02,045 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:07:02,181 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:07:02,271 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 14:07:02,226 - INFO - Rule FE_PCAPs0 is excluded.
2024-08-03 14:07:02,284 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive - No viruses detected
2024-08-03 14:07:02,323 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:07:02,375 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive'
2024-08-03 14:07:02,795 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive' with parts '['StartupProfileData-NonInteractive']'
2024-08-03 14:07:02,795 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:07:02,795 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents: xqbg.exe
2024-08-03 14:07:02,795 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:07:02,528 - INFO - Decompilation completed successfully for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:07:02,438 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 14:07:02,852 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat - No viruses detected
2024-08-03 14:07:02,852 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat'
2024-08-03 14:07:04,237 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat' with parts '['SbiePst', 'dat']'
2024-08-03 14:07:04,237 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:07:04,237 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 14:07:04,237 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 14:07:04,237 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 14:07:07,701 - ERROR - An error occurred while checking signature: a bytes-like object is required, not 'str'
2024-08-03 14:07:07,701 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe'
2024-08-03 14:07:08,621 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:07:08,695 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-08-03 14:07:09,129 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-08-03 14:07:09,131 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2'
2024-08-03 14:07:09,131 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' with parts '['RegHive', 'LOG2']'
2024-08-03 14:07:09,131 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:07:16,260 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:07:17,590 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:07:31,346 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:07:33,705 - INFO - DNS Query (IPv4): srtb.msn.com
2024-08-03 14:07:33,707 - INFO - DNS Query (IPv4): srtb.msn.com
2024-08-03 14:07:33,709 - INFO - Scanning domain: c.msn.com
2024-08-03 14:07:37,867 - INFO - Decompilation completed successfully for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:07:41,038 - ERROR - An error occurred while checking signature: a bytes-like object is required, not 'str'
2024-08-03 14:07:41,038 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe'
2024-08-03 14:07:46,984 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:07:54,200 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:08:02,070 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:08:04,310 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 14:08:04,310 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 14:08:04,547 - INFO - DNS Query (IPv4): srtb.msn.com
2024-08-03 14:08:04,547 - INFO - DNS Answer (IPv4): srtb.msn.com
2024-08-03 14:08:04,547 - INFO - DNS Answer (IPv4): www.msn.com
2024-08-03 14:08:04,547 - INFO - DNS Answer (IPv4): www-msn-com.a-0003.a-msedge.net
2024-08-03 14:08:04,547 - INFO - DNS Answer (IPv4): a-0003.a-msedge.net
2024-08-03 14:08:04,547 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 14:08:04,547 - INFO - DNS Answer (IPv4): c.msn.com
2024-08-03 14:08:04,547 - INFO - Scanning domain: c-msn-com-nsatc.trafficmanager.net
2024-08-03 14:08:15,796 - INFO - DNS Answer (IPv4): c-msn-com-nsatc.trafficmanager.net
2024-08-03 14:08:15,796 - INFO - DNS Query (IPv4): srtb.msn.com
2024-08-03 14:08:15,796 - INFO - DNS Answer (IPv4): srtb.msn.com
2024-08-03 14:08:15,796 - INFO - DNS Answer (IPv4): www.msn.com
2024-08-03 14:08:15,796 - INFO - DNS Query (IPv4): c.msn.com
2024-08-03 14:08:15,796 - INFO - DNS Answer (IPv4): c.msn.com
2024-08-03 14:08:15,988 - INFO - Scanning domain: sb.scorecardresearch.com
2024-08-03 14:08:21,558 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 14:08:28,998 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 14:08:50,460 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 14:08:50,462 - INFO - DNS Query (IPv4): sb.scorecardresearch.com
2024-08-03 14:08:50,462 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 14:08:50,462 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 14:08:50,462 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 14:08:50,465 - INFO - DNS Answer (IPv4): sb.scorecardresearch.com
2024-08-03 14:08:50,652 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 14:08:50,662 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 14:08:50,780 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 14:08:50,780 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 14:08:50,780 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 14:08:50,783 - INFO - DNS Query (IPv4): assets.msn.com
2024-08-03 14:08:50,783 - INFO - DNS Answer (IPv4): assets.msn.com
2024-08-03 14:08:50,783 - INFO - DNS Answer (IPv4): assets.msn.com.edgekey.net
2024-08-03 14:08:50,783 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 14:08:50,783 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 14:08:50,793 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 14:08:50,793 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 14:08:50,793 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 14:08:50,793 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 14:08:50,793 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 14:08:50,793 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 14:08:50,793 - INFO - DNS Answer (IPv4): e28578.d.akamaiedge.net
2024-08-03 14:08:51,056 - INFO - Scanning domain: th.bing.com
2024-08-03 14:08:53,221 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 14:08:53,320 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 14:08:54,585 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-08-03 14:08:57,281 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:08:57,281 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 14:08:57,298 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms - No viruses detected
2024-08-03 14:08:57,301 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-08-03 14:08:57,301 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TMContainer00000000000000000001', 'regtrans-ms']'
2024-08-03 14:08:57,301 - INFO - Previous extension '.tmcontainer00000000000000000001' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 14:08:57,301 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 14:08:57,351 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 14:08:59,227 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-08-03 14:09:01,067 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:09:01,076 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 14:09:01,081 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms - No viruses detected
2024-08-03 14:09:01,081 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-08-03 14:09:01,081 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TMContainer00000000000000000002', 'regtrans-ms']'
2024-08-03 14:09:01,081 - INFO - Previous extension '.tmcontainer00000000000000000002' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not known, not flagged as ransomware
2024-08-03 14:09:01,081 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 14:09:01,892 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 14:09:01,892 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 14:09:01,892 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 14:09:01,892 - INFO - DNS Answer (IPv4): th.bing.com
2024-08-03 14:09:01,892 - INFO - Scanning domain: p-th.bing.com.trafficmanager.net
2024-08-03 14:09:02,641 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 14:09:05,369 - INFO - DNS Answer (IPv4): p-th.bing.com.trafficmanager.net
2024-08-03 14:09:05,369 - INFO - Scanning domain: th.bing.com.edgekey.net
2024-08-03 14:09:13,268 - INFO - DNS Answer (IPv4): th.bing.com.edgekey.net
2024-08-03 14:09:13,268 - INFO - DNS Query (IPv4): th.bing.com
2024-08-03 14:09:13,268 - INFO - DNS Answer (IPv4): th.bing.com
2024-08-03 14:09:13,268 - INFO - DNS Answer (IPv4): p-th.bing.com.trafficmanager.net
2024-08-03 14:09:13,268 - INFO - DNS Answer (IPv4): th.bing.com.edgekey.net
2024-08-03 14:09:13,268 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:09:13,268 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:09:13,268 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:09:13,268 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:09:13,268 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:09:13,268 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:09:13,268 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:09:13,268 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:09:13,268 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:09:13,931 - INFO - Scanning domain: c.bing.com
2024-08-03 14:09:18,492 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 14:09:18,492 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 14:09:18,492 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 14:09:18,492 - INFO - DNS Answer (IPv4): c.bing.com
2024-08-03 14:09:18,492 - INFO - Scanning domain: c-bing-com.dual-a-0034.a-msedge.net
2024-08-03 14:09:23,100 - INFO - DNS Answer (IPv4): c-bing-com.dual-a-0034.a-msedge.net
2024-08-03 14:09:23,578 - INFO - Scanning domain: dual-a-0034.a-msedge.net
2024-08-03 14:09:29,926 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf
2024-08-03 14:09:30,051 - INFO - DNS Answer (IPv4): dual-a-0034.a-msedge.net
2024-08-03 14:09:30,051 - INFO - DNS Answer (IPv4): dual-a-0034.a-msedge.net
2024-08-03 14:09:30,051 - INFO - DNS Query (IPv4): c.bing.com
2024-08-03 14:09:30,051 - INFO - DNS Answer (IPv4): c.bing.com
2024-08-03 14:09:30,495 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 14:09:30,495 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 14:09:30,652 - INFO - Scanning domain: images.archive-digger.com
2024-08-03 14:09:33,427 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:09:33,427 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 14:09:33,427 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf - No viruses detected
2024-08-03 14:09:33,427 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf'
2024-08-03 14:09:33,427 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf' with parts '['RegHive{90df2fee-5179-11ef-a234-080027d8bb25}', 'TM', 'blf']'
2024-08-03 14:09:33,427 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{90df2fee-5179-11ef-a234-080027d8bb25}.TM.blf' does not meet ransomware conditions
2024-08-03 14:09:33,427 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 14:09:33,452 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 14:09:36,241 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-08-03 14:09:36,522 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1 - No viruses detected
2024-08-03 14:09:36,522 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1'
2024-08-03 14:09:36,522 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' with parts '['RegHive', 'LOG1']'
2024-08-03 14:09:36,522 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:09:36,522 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 14:09:36,603 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 14:09:36,616 - WARNING - Main domain archive-digger.com or its parent domain archive-digger.com matches the signatures.
2024-08-03 14:09:46,692 - INFO - Decompilation completed successfully for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:09:46,975 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:10:12,593 - ERROR - An error occurred while checking signature: a bytes-like object is required, not 'str'
2024-08-03 14:10:12,593 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe'
2024-08-03 14:10:19,150 - INFO - DNS Query (IPv4): images.archive-digger.com
2024-08-03 14:10:27,724 - INFO - DNS Query (IPv4): images.archive-digger.com
2024-08-03 14:10:32,213 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 14:10:32,220 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 14:10:32,226 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 14:10:32,226 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 14:10:32,226 - INFO - DNS Query (IPv4): www.bing.com
2024-08-03 14:10:32,890 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 14:10:32,890 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 14:10:32,890 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 14:10:32,890 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:10:32,890 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:10:32,890 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:10:32,890 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:10:32,890 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:10:32,890 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:10:32,890 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:10:32,890 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:10:32,890 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:10:32,910 - INFO - DNS Query (IPv4): images.archive-digger.com
2024-08-03 14:10:32,910 - INFO - DNS Answer (IPv4): images.archive-digger.com
2024-08-03 14:10:32,910 - INFO - Scanning domain: tls13.taboola.map.fastly.net
2024-08-03 14:10:37,635 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 14:10:39,592 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:10:47,617 - INFO - DNS Answer (IPv4): tls13.taboola.map.fastly.net
2024-08-03 14:10:48,073 - INFO - DNS Query (IPv4): images.archive-digger.com
2024-08-03 14:10:48,073 - INFO - DNS Answer (IPv4): images.archive-digger.com
2024-08-03 14:10:50,202 - INFO - Scanning domain: r.bing.com
2024-08-03 14:11:26,721 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:11:27,009 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:11:31,163 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:11:32,413 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:11:34,545 - INFO - DNS Query (IPv4): r.bing.com
2024-08-03 14:11:34,545 - INFO - DNS Query (IPv4): r.bing.com
2024-08-03 14:11:34,545 - INFO - DNS Query (IPv4): r.bing.com
2024-08-03 14:11:34,545 - INFO - DNS Answer (IPv4): r.bing.com
2024-08-03 14:11:34,545 - INFO - Scanning domain: p-static.bing.trafficmanager.net
2024-08-03 14:12:00,594 - INFO - DNS Answer (IPv4): p-static.bing.trafficmanager.net
2024-08-03 14:12:00,594 - INFO - Scanning domain: r.bing.com.edgekey.net
2024-08-03 14:12:10,921 - INFO - Rule DebuggerCheck__API is excluded.
2024-08-03 14:12:10,933 - INFO - Rule DebuggerTiming__PerformanceCounter is excluded.
2024-08-03 14:12:10,933 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-08-03 14:12:10,933 - INFO - Rule DebuggerException__UnhandledFilter is excluded.
2024-08-03 14:12:10,933 - INFO - Rule ThreadControl__Context is excluded.
2024-08-03 14:12:10,933 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 14:12:10,933 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 14:12:10,933 - INFO - Rule DebuggerPattern__SEH_Saves is excluded.
2024-08-03 14:12:10,933 - INFO - Rule DebuggerPattern__SEH_Inits is excluded.
2024-08-03 14:12:10,933 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:12:10,933 - INFO - Rule Contains_PE_File is excluded.
2024-08-03 14:12:10,933 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-08-03 14:12:10,933 - INFO - Rule maldoc_structured_exception_handling is excluded.
2024-08-03 14:12:10,933 - INFO - Rule maldoc_find_kernel32_base_method_1 is excluded.
2024-08-03 14:12:10,933 - INFO - Rule maldoc_getEIP_method_1 is excluded.
2024-08-03 14:12:10,933 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 14:12:10,933 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-08-03 14:12:10,933 - INFO - Rule PEiD_01070_Microsoft_Visual_C___6_0___8_0_ is excluded.
2024-08-03 14:12:10,933 - INFO - Rule wireshark is excluded.
2024-08-03 14:12:10,933 - INFO - Rule Big_Numbers1 is excluded.
2024-08-03 14:12:10,933 - INFO - Rule CRC32_poly_Constant is excluded.
2024-08-03 14:12:10,933 - INFO - Rule CRC32_table is excluded.
2024-08-03 14:12:10,933 - INFO - Rule MD5_Constants is excluded.
2024-08-03 14:12:10,933 - INFO - Rule anti_dbg is excluded.
2024-08-03 14:12:10,933 - INFO - Rule disable_dep is excluded.
2024-08-03 14:12:10,945 - INFO - Rule Str_Win32_Winsock2_Library is excluded.
2024-08-03 14:12:10,945 - INFO - Rule Str_Win32_Internet_API is excluded.
2024-08-03 14:12:10,945 - INFO - Rule inject_thread is excluded.
2024-08-03 14:12:10,961 - INFO - Rule escalate_priv is excluded.
2024-08-03 14:12:10,990 - INFO - Rule screenshot is excluded.
2024-08-03 14:12:10,990 - INFO - Rule keylogger is excluded.
2024-08-03 14:12:10,990 - INFO - Rule win_mutex is excluded.
2024-08-03 14:12:10,990 - INFO - Rule win_registry is excluded.
2024-08-03 14:12:10,990 - INFO - Rule win_token is excluded.
2024-08-03 14:12:10,991 - INFO - Rule win_files_operation is excluded.
2024-08-03 14:12:10,991 - INFO - Rule anti_debug__IsDebuggerPresent__8_byt_STR_17_ is excluded.
2024-08-03 14:12:10,991 - INFO - Rule reads_clipboard is excluded.
2024-08-03 14:12:11,052 - INFO - Rule embedded_win_api is excluded.
2024-08-03 14:12:11,052 - INFO - Rule _Microsoft_Visual_Cpp_60__80_ is excluded.
2024-08-03 14:12:11,052 - INFO - Rule create_process is excluded.
2024-08-03 14:12:11,052 - INFO - Rule Antivirus_strings is excluded.
2024-08-03 14:12:11,052 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-08-03 14:12:11,052 - INFO - Rule DLL_inject is excluded.
2024-08-03 14:12:14,075 - INFO - Rule TTP_contains_BTC_address is excluded.
2024-08-03 14:12:14,543 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive - No viruses detected
2024-08-03 14:12:14,554 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 14:12:14,554 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 14:12:14,554 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:12:15,883 - INFO - DNS Answer (IPv4): r.bing.com.edgekey.net
2024-08-03 14:12:15,883 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:12:15,883 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:12:15,883 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:12:15,883 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:12:15,883 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:12:15,883 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:12:15,883 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:12:15,883 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:12:15,883 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:12:15,883 - INFO - DNS Query (IPv4): r.bing.com
2024-08-03 14:12:15,883 - INFO - DNS Answer (IPv4): r.bing.com
2024-08-03 14:12:15,883 - INFO - DNS Answer (IPv4): p-static.bing.trafficmanager.net
2024-08-03 14:12:15,883 - INFO - DNS Answer (IPv4): r.bing.com.edgekey.net
2024-08-03 14:12:16,327 - INFO - Scanning domain: ecn.dev.virtualearth.net
2024-08-03 14:12:37,950 - INFO - DNS Query (IPv4): ecn.dev.virtualearth.net
2024-08-03 14:12:37,953 - INFO - DNS Query (IPv4): ecn.dev.virtualearth.net
2024-08-03 14:12:38,328 - INFO - DNS Query (IPv4): ecn.dev.virtualearth.net
2024-08-03 14:12:38,328 - INFO - DNS Answer (IPv4): ecn.dev.virtualearth.net
2024-08-03 14:12:38,328 - INFO - Scanning domain: ssl2.tiles.virtualearth.net.edgekey.net
2024-08-03 14:12:44,739 - INFO - Decompilation completed successfully for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:12:53,850 - INFO - DNS Answer (IPv4): ssl2.tiles.virtualearth.net.edgekey.net
2024-08-03 14:12:53,850 - INFO - Scanning domain: e4113.dscd.akamaiedge.net
2024-08-03 14:12:55,463 - ERROR - An error occurred while checking signature: a bytes-like object is required, not 'str'
2024-08-03 14:12:55,503 - INFO - Rule dbgdetect_funcs is excluded.
2024-08-03 14:12:55,518 - INFO - Rule DebuggerCheck__API is excluded.
2024-08-03 14:12:55,518 - INFO - Rule DebuggerTiming__PerformanceCounter is excluded.
2024-08-03 14:12:55,518 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-08-03 14:12:55,518 - INFO - Rule DebuggerOutput__String is excluded.
2024-08-03 14:12:55,518 - INFO - Rule DebuggerException__UnhandledFilter is excluded.
2024-08-03 14:12:55,518 - INFO - Rule DebuggerException__SetConsoleCtrl is excluded.
2024-08-03 14:12:55,518 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 14:12:55,518 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 14:12:55,518 - INFO - Rule DebuggerPattern__SEH_Saves is excluded.
2024-08-03 14:12:55,518 - INFO - Rule DebuggerPattern__SEH_Inits is excluded.
2024-08-03 14:12:55,518 - INFO - Rule Check_OutputDebugStringA_iat is excluded.
2024-08-03 14:12:55,518 - INFO - Rule Check_unhandledExceptionFiler_iat is excluded.
2024-08-03 14:12:55,518 - INFO - Rule check_RaiseException_iat is excluded.
2024-08-03 14:12:55,518 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-08-03 14:12:55,518 - INFO - Rule Rand_Constants is excluded.
2024-08-03 14:12:55,518 - INFO - Rule DontDoThatNoReally is excluded.
2024-08-03 14:12:55,518 - INFO - Rule leaked_lapsus_nvidia_leaked_certificate is excluded.
2024-08-03 14:12:55,518 - INFO - Rule head_mz is excluded.
2024-08-03 14:12:55,518 - INFO - Rule head_pe_unsigned is excluded.
2024-08-03 14:12:55,518 - INFO - Rule pe_unsigned_uncommon_product_name is excluded.
2024-08-03 14:12:55,518 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:12:55,518 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-08-03 14:12:55,518 - INFO - Rule head_mz_e_med_1mb_10mb is excluded.
2024-08-03 14:12:55,518 - INFO - Rule Contains_PE_File is excluded.
2024-08-03 14:12:55,518 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-08-03 14:12:55,518 - INFO - Rule maldoc_structured_exception_handling is excluded.
2024-08-03 14:12:55,518 - INFO - Rule maldoc_find_kernel32_base_method_1 is excluded.
2024-08-03 14:12:55,518 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 14:12:55,517 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe'
2024-08-03 14:12:55,518 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-08-03 14:12:55,643 - INFO - Rule PEiD_01005_MASM_TASM___sig2_h__ is excluded.
2024-08-03 14:12:55,643 - INFO - Rule PEiD_01006_MASM_TASM___sig4__h__ is excluded.
2024-08-03 14:12:55,638 - INFO - Rule dbgdetect_funcs is excluded.
2024-08-03 14:12:55,650 - INFO - Rule PEiD_01007_MASM_TASM___sig4__h__ is excluded.
2024-08-03 14:12:57,337 - INFO - Rule PEiD_01070_Microsoft_Visual_C___6_0___8_0_ is excluded.
2024-08-03 14:12:56,407 - INFO - Rule dbgdetect_funcs is excluded.
2024-08-03 14:12:57,373 - INFO - Rule DebuggerCheck__API is excluded.
2024-08-03 14:12:57,373 - INFO - Rule DebuggerTiming__PerformanceCounter is excluded.
2024-08-03 14:12:57,373 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-08-03 14:12:57,373 - INFO - Rule DebuggerOutput__String is excluded.
2024-08-03 14:12:57,373 - INFO - Rule DebuggerException__UnhandledFilter is excluded.
2024-08-03 14:12:57,373 - INFO - Rule DebuggerException__SetConsoleCtrl is excluded.
2024-08-03 14:12:57,373 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 14:12:57,373 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 14:12:57,373 - INFO - Rule DebuggerPattern__SEH_Saves is excluded.
2024-08-03 14:12:57,373 - INFO - Rule DebuggerPattern__SEH_Inits is excluded.
2024-08-03 14:12:57,373 - INFO - Rule Check_OutputDebugStringA_iat is excluded.
2024-08-03 14:12:57,373 - INFO - Rule Check_unhandledExceptionFiler_iat is excluded.
2024-08-03 14:12:57,373 - INFO - Rule check_RaiseException_iat is excluded.
2024-08-03 14:12:57,373 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-08-03 14:12:57,373 - INFO - Rule Rand_Constants is excluded.
2024-08-03 14:12:57,373 - INFO - Rule DontDoThatNoReally is excluded.
2024-08-03 14:12:57,373 - INFO - Rule leaked_lapsus_nvidia_leaked_certificate is excluded.
2024-08-03 14:12:57,373 - INFO - Rule head_mz is excluded.
2024-08-03 14:12:57,373 - INFO - Rule head_pe_unsigned is excluded.
2024-08-03 14:12:57,373 - INFO - Rule pe_unsigned_uncommon_product_name is excluded.
2024-08-03 14:12:57,373 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:12:55,650 - INFO - Rule DebuggerCheck__API is excluded.
2024-08-03 14:12:57,377 - INFO - Rule DebuggerTiming__PerformanceCounter is excluded.
2024-08-03 14:12:57,373 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-08-03 14:12:57,337 - INFO - Rule PEiD_01091_Microsoft_Visual_C___8_ is excluded.
2024-08-03 14:12:58,145 - INFO - Rule http is excluded.
2024-08-03 14:12:58,101 - INFO - Rule head_mz_e_med_1mb_10mb is excluded.
2024-08-03 14:12:57,377 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-08-03 14:12:58,388 - INFO - Rule DebuggerOutput__String is excluded.
2024-08-03 14:12:58,388 - INFO - Rule DebuggerException__UnhandledFilter is excluded.
2024-08-03 14:12:58,388 - INFO - Rule DebuggerException__SetConsoleCtrl is excluded.
2024-08-03 14:12:58,388 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 14:12:58,388 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 14:12:58,388 - INFO - Rule DebuggerPattern__SEH_Saves is excluded.
2024-08-03 14:12:58,388 - INFO - Rule DebuggerPattern__SEH_Inits is excluded.
2024-08-03 14:12:58,388 - INFO - Rule Check_OutputDebugStringA_iat is excluded.
2024-08-03 14:12:58,388 - INFO - Rule Check_unhandledExceptionFiler_iat is excluded.
2024-08-03 14:12:58,388 - INFO - Rule check_RaiseException_iat is excluded.
2024-08-03 14:12:58,388 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-08-03 14:12:58,388 - INFO - Rule Rand_Constants is excluded.
2024-08-03 14:12:58,388 - INFO - Rule DontDoThatNoReally is excluded.
2024-08-03 14:12:58,388 - INFO - Rule leaked_lapsus_nvidia_leaked_certificate is excluded.
2024-08-03 14:12:58,388 - INFO - Rule head_mz is excluded.
2024-08-03 14:12:58,388 - INFO - Rule head_pe_unsigned is excluded.
2024-08-03 14:12:58,388 - INFO - Rule pe_unsigned_uncommon_product_name is excluded.
2024-08-03 14:12:58,388 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:12:58,388 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-08-03 14:12:58,388 - INFO - Rule head_mz_e_med_1mb_10mb is excluded.
2024-08-03 14:12:58,388 - INFO - Rule Contains_PE_File is excluded.
2024-08-03 14:12:58,388 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-08-03 14:12:58,388 - INFO - Rule maldoc_structured_exception_handling is excluded.
2024-08-03 14:12:58,388 - INFO - Rule maldoc_find_kernel32_base_method_1 is excluded.
2024-08-03 14:12:58,388 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 14:12:58,388 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-08-03 14:12:58,388 - INFO - Rule PEiD_01005_MASM_TASM___sig2_h__ is excluded.
2024-08-03 14:12:58,388 - INFO - Rule PEiD_01006_MASM_TASM___sig4__h__ is excluded.
2024-08-03 14:12:58,388 - INFO - Rule PEiD_01007_MASM_TASM___sig4__h__ is excluded.
2024-08-03 14:12:58,388 - INFO - Rule PEiD_01070_Microsoft_Visual_C___6_0___8_0_ is excluded.
2024-08-03 14:12:58,388 - INFO - Rule PEiD_01091_Microsoft_Visual_C___8_ is excluded.
2024-08-03 14:12:58,388 - INFO - Rule http is excluded.
2024-08-03 14:12:58,388 - INFO - Rule Generic_Powershell_Detector is excluded.
2024-08-03 14:12:58,388 - INFO - Rule donut is excluded.
2024-08-03 14:12:58,388 - INFO - Rule o3e7_33335e8a5b8b1b32 is excluded.
2024-08-03 14:12:58,388 - INFO - Rule o3e7_33335e9a5ee31b32 is excluded.
2024-08-03 14:12:58,388 - INFO - Rule o422_12a90cc280000112 is excluded.
2024-08-03 14:12:58,388 - INFO - Rule o422_12a90cc280000116 is excluded.
2024-08-03 14:12:58,388 - INFO - Rule Big_Numbers1 is excluded.
2024-08-03 14:12:58,388 - INFO - Rule CRC32_poly_Constant is excluded.
2024-08-03 14:12:58,388 - INFO - Rule MD5_Constants is excluded.
2024-08-03 14:12:58,388 - INFO - Rule SHA256_Constants is excluded.
2024-08-03 14:12:58,388 - INFO - Rule BASE64_table is excluded.
2024-08-03 14:12:58,388 - INFO - Rule SEH_Save is excluded.
2024-08-03 14:12:58,239 - INFO - Rule Generic_Powershell_Detector is excluded.
2024-08-03 14:12:58,357 - INFO - Rule Contains_PE_File is excluded.
2024-08-03 14:12:58,388 - INFO - Rule SEH_Init is excluded.
2024-08-03 14:12:58,408 - INFO - Rule donut is excluded.
2024-08-03 14:12:58,612 - INFO - Rule o3e7_33335e8a5b8b1b32 is excluded.
2024-08-03 14:12:58,599 - INFO - Rule anti_dbg is excluded.
2024-08-03 14:12:58,753 - INFO - Rule antisb_threatExpert is excluded.
2024-08-03 14:12:58,753 - INFO - Rule Str_Win32_Winsock2_Library is excluded.
2024-08-03 14:12:58,437 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-08-03 14:12:58,618 - INFO - Rule o3e7_33335e9a5ee31b32 is excluded.
2024-08-03 14:12:58,907 - INFO - Rule o422_12a90cc280000112 is excluded.
2024-08-03 14:12:58,907 - INFO - Rule o422_12a90cc280000116 is excluded.
2024-08-03 14:12:58,907 - INFO - Rule Big_Numbers1 is excluded.
2024-08-03 14:12:58,907 - INFO - Rule CRC32_poly_Constant is excluded.
2024-08-03 14:12:58,907 - INFO - Rule MD5_Constants is excluded.
2024-08-03 14:12:58,907 - INFO - Rule SHA256_Constants is excluded.
2024-08-03 14:12:58,907 - INFO - Rule BASE64_table is excluded.
2024-08-03 14:12:58,907 - INFO - Rule SEH_Save is excluded.
2024-08-03 14:12:58,907 - INFO - Rule SEH_Init is excluded.
2024-08-03 14:12:58,907 - INFO - Rule anti_dbg is excluded.
2024-08-03 14:12:58,907 - INFO - Rule antisb_threatExpert is excluded.
2024-08-03 14:12:58,907 - INFO - Rule Str_Win32_Winsock2_Library is excluded.
2024-08-03 14:12:58,907 - INFO - Rule Str_Win32_Wininet_Library is excluded.
2024-08-03 14:12:58,907 - INFO - Rule Str_Win32_Internet_API is excluded.
2024-08-03 14:12:58,907 - INFO - Rule Str_Win32_Http_API is excluded.
2024-08-03 14:12:58,761 - INFO - Rule Str_Win32_Wininet_Library is excluded.
2024-08-03 14:12:58,925 - INFO - Rule Str_Win32_Internet_API is excluded.
2024-08-03 14:12:58,843 - INFO - Rule maldoc_structured_exception_handling is excluded.
2024-08-03 14:12:58,907 - INFO - Rule hijack_network is excluded.
2024-08-03 14:12:58,985 - INFO - Rule network_http is excluded.
2024-08-03 14:12:58,985 - INFO - Rule network_tcp_socket is excluded.
2024-08-03 14:12:58,985 - INFO - Rule keylogger is excluded.
2024-08-03 14:12:58,985 - INFO - Rule win_registry is excluded.
2024-08-03 14:12:58,985 - INFO - Rule win_files_operation is excluded.
2024-08-03 14:12:58,985 - INFO - Rule anti_debug__IsDebuggerPresent__8_byt_STR_17_ is excluded.
2024-08-03 14:12:58,990 - INFO - Rule misc_pe_signature is excluded.
2024-08-03 14:12:58,925 - INFO - Rule Str_Win32_Http_API is excluded.
2024-08-03 14:12:59,033 - INFO - Rule hijack_network is excluded.
2024-08-03 14:12:59,033 - INFO - Rule network_http is excluded.
2024-08-03 14:12:58,979 - INFO - Rule maldoc_find_kernel32_base_method_1 is excluded.
2024-08-03 14:12:58,990 - INFO - Rule Microsoft_Office_Document_with_Embedded_Flash_File is excluded.
2024-08-03 14:12:59,033 - INFO - Rule network_tcp_socket is excluded.
2024-08-03 14:12:59,045 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 14:12:59,046 - INFO - Rule _Microsoft_Visual_Cpp_60__80_ is excluded.
2024-08-03 14:12:59,052 - INFO - Rule keylogger is excluded.
2024-08-03 14:12:59,058 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-08-03 14:12:59,066 - INFO - Rule _MASMTASM__sig2h_ is excluded.
2024-08-03 14:12:59,090 - INFO - Rule create_process is excluded.
2024-08-03 14:12:59,090 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-08-03 14:12:59,070 - INFO - Rule win_registry is excluded.
2024-08-03 14:12:59,108 - INFO - Rule win_files_operation is excluded.
2024-08-03 14:12:59,108 - INFO - Rule anti_debug__IsDebuggerPresent__8_byt_STR_17_ is excluded.
2024-08-03 14:12:59,108 - INFO - Rule misc_pe_signature is excluded.
2024-08-03 14:12:59,108 - INFO - Rule Microsoft_Office_Document_with_Embedded_Flash_File is excluded.
2024-08-03 14:12:59,108 - INFO - Rule _Microsoft_Visual_Cpp_60__80_ is excluded.
2024-08-03 14:12:59,090 - INFO - Rule IsPE32 is excluded.
2024-08-03 14:12:59,082 - INFO - Rule PEiD_01005_MASM_TASM___sig2_h__ is excluded.
2024-08-03 14:12:59,114 - INFO - Rule PEiD_01006_MASM_TASM___sig4__h__ is excluded.
2024-08-03 14:12:59,114 - INFO - Rule PEiD_01007_MASM_TASM___sig4__h__ is excluded.
2024-08-03 14:12:59,114 - INFO - Rule PEiD_01070_Microsoft_Visual_C___6_0___8_0_ is excluded.
2024-08-03 14:12:59,114 - INFO - Rule _MASMTASM__sig2h_ is excluded.
2024-08-03 14:12:59,123 - INFO - Rule create_process is excluded.
2024-08-03 14:12:59,123 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-08-03 14:12:59,123 - INFO - Rule IsPE32 is excluded.
2024-08-03 14:12:59,123 - INFO - Rule IsWindowsGUI is excluded.
2024-08-03 14:12:59,123 - INFO - Rule IsPacked is excluded.
2024-08-03 14:12:59,123 - INFO - Rule HasOverlay is excluded.
2024-08-03 14:12:59,123 - INFO - Rule HasDigitalSignature is excluded.
2024-08-03 14:12:59,123 - INFO - Rule HasDebugData is excluded.
2024-08-03 14:12:59,123 - INFO - Rule HasRichSignature is excluded.
2024-08-03 14:12:59,123 - INFO - Rule DLL_inject is excluded.
2024-08-03 14:12:59,123 - INFO - Rule ms_vc72 is excluded.
2024-08-03 14:12:59,123 - INFO - Rule VC8_Microsoft_Corporation is excluded.
2024-08-03 14:12:59,114 - INFO - Rule IsWindowsGUI is excluded.
2024-08-03 14:12:59,696 - INFO - Rule IsPacked is excluded.
2024-08-03 14:12:59,696 - INFO - Rule HasOverlay is excluded.
2024-08-03 14:12:59,696 - INFO - Rule HasDigitalSignature is excluded.
2024-08-03 14:12:59,696 - INFO - Rule HasDebugData is excluded.
2024-08-03 14:12:59,114 - INFO - Rule PEiD_01091_Microsoft_Visual_C___8_ is excluded.
2024-08-03 14:12:59,696 - INFO - Rule HasRichSignature is excluded.
2024-08-03 14:12:59,849 - INFO - Rule http is excluded.
2024-08-03 14:12:59,884 - INFO - Rule Generic_Powershell_Detector is excluded.
2024-08-03 14:12:59,884 - INFO - Rule donut is excluded.
2024-08-03 14:12:59,884 - INFO - Rule o3e7_33335e8a5b8b1b32 is excluded.
2024-08-03 14:12:59,884 - INFO - Rule o3e7_33335e9a5ee31b32 is excluded.
2024-08-03 14:12:59,884 - INFO - Rule o422_12a90cc280000112 is excluded.
2024-08-03 14:12:59,884 - INFO - Rule o422_12a90cc280000116 is excluded.
2024-08-03 14:12:59,884 - INFO - Rule Big_Numbers1 is excluded.
2024-08-03 14:12:59,884 - INFO - Rule CRC32_poly_Constant is excluded.
2024-08-03 14:12:59,884 - INFO - Rule MD5_Constants is excluded.
2024-08-03 14:12:59,849 - INFO - Rule leaked_lapsus_nvidia_leaked_certificate is excluded.
2024-08-03 14:12:59,871 - INFO - Rule DLL_inject is excluded.
2024-08-03 14:13:01,833 - INFO - Rule ms_vc72 is excluded.
2024-08-03 14:13:01,833 - INFO - Rule VC8_Microsoft_Corporation is excluded.
2024-08-03 14:12:59,903 - INFO - Rule SHA256_Constants is excluded.
2024-08-03 14:13:02,877 - INFO - Rule BASE64_table is excluded.
2024-08-03 14:13:00,634 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe - Virus: ['ttp_toolmark_physicaldrive_signed', 'o26bb_6304a1b0dda30912', 'o26bb_630da9a0dda30912', 'o26bb_632da920dfa30912', 'o26bb_632fa120dfa30912']
2024-08-03 14:12:59,949 - INFO - Rule dbgdetect_funcs is excluded.
2024-08-03 14:13:02,877 - INFO - Rule SEH_Save is excluded.
2024-08-03 14:13:07,251 - INFO - Rule SEH_Init is excluded.
2024-08-03 14:13:07,251 - INFO - Rule anti_dbg is excluded.
2024-08-03 14:13:07,251 - INFO - Rule antisb_threatExpert is excluded.
2024-08-03 14:13:07,251 - INFO - Rule Str_Win32_Winsock2_Library is excluded.
2024-08-03 14:13:07,251 - INFO - Rule Str_Win32_Wininet_Library is excluded.
2024-08-03 14:13:07,251 - INFO - Rule Str_Win32_Internet_API is excluded.
2024-08-03 14:13:03,580 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe'
2024-08-03 14:13:03,952 - INFO - Rule leaked_lapsus_nvidia_leaked_certificate is excluded.
2024-08-03 14:13:04,190 - INFO - Rule DebuggerCheck__API is excluded.
2024-08-03 14:13:07,251 - INFO - Rule Str_Win32_Http_API is excluded.
2024-08-03 14:13:39,313 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe' with parts '['xqbg', 'exe']'
2024-08-03 14:13:39,357 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe - Virus: ['ttp_toolmark_physicaldrive_signed', 'o26bb_6304a1b0dda30912', 'o26bb_630da9a0dda30912', 'o26bb_632da920dfa30912', 'o26bb_632fa120dfa30912']
2024-08-03 14:13:39,404 - INFO - Rule DebuggerTiming__PerformanceCounter is excluded.
2024-08-03 14:13:39,593 - INFO - Rule hijack_network is excluded.
2024-08-03 14:13:39,595 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:13:41,664 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe is malicious. Virus: ttp_toolmark_physicaldrive_signedo26bb_6304a1b0dda30912o26bb_630da9a0dda30912o26bb_632da920dfa30912o26bb_632fa120dfa30912
2024-08-03 14:13:39,610 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe'
2024-08-03 14:13:41,690 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe' with parts '['xqbg', 'exe']'
2024-08-03 14:13:41,690 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:13:41,690 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe is malicious. Virus: ttp_toolmark_physicaldrive_signedo26bb_6304a1b0dda30912o26bb_630da9a0dda30912o26bb_632da920dfa30912o26bb_632fa120dfa30912
2024-08-03 14:13:40,482 - INFO - Rule network_http is excluded.
2024-08-03 14:13:41,707 - INFO - Rule network_tcp_socket is excluded.
2024-08-03 14:13:41,707 - INFO - Rule keylogger is excluded.
2024-08-03 14:13:41,707 - INFO - Rule win_registry is excluded.
2024-08-03 14:13:41,707 - INFO - Rule win_files_operation is excluded.
2024-08-03 14:13:41,707 - INFO - Rule anti_debug__IsDebuggerPresent__8_byt_STR_17_ is excluded.
2024-08-03 14:13:41,707 - INFO - Rule misc_pe_signature is excluded.
2024-08-03 14:13:41,707 - INFO - Rule Microsoft_Office_Document_with_Embedded_Flash_File is excluded.
2024-08-03 14:13:41,707 - INFO - Rule _Microsoft_Visual_Cpp_60__80_ is excluded.
2024-08-03 14:13:39,959 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-08-03 14:13:41,717 - INFO - Rule DebuggerOutput__String is excluded.
2024-08-03 14:13:41,707 - INFO - Rule _MASMTASM__sig2h_ is excluded.
2024-08-03 14:13:41,717 - INFO - Rule DebuggerException__UnhandledFilter is excluded.
2024-08-03 14:13:41,730 - INFO - Rule DebuggerException__SetConsoleCtrl is excluded.
2024-08-03 14:13:41,730 - INFO - Rule create_process is excluded.
2024-08-03 14:13:41,820 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-08-03 14:13:41,827 - INFO - Rule IsPE32 is excluded.
2024-08-03 14:13:41,827 - INFO - Rule IsWindowsGUI is excluded.
2024-08-03 14:13:41,730 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 14:13:41,730 - ERROR - Could not extract original file path from decompiled file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:13:41,827 - INFO - Rule IsPacked is excluded.
2024-08-03 14:13:41,838 - ERROR - Could not extract original file path from decompiled file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:13:41,880 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 14:13:42,072 - INFO - Rule HasOverlay is excluded.
2024-08-03 14:13:42,089 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 14:13:42,123 - INFO - Rule DebuggerPattern__SEH_Saves is excluded.
2024-08-03 14:13:45,237 - INFO - Rule DebuggerPattern__SEH_Inits is excluded.
2024-08-03 14:13:42,458 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:13:45,237 - INFO - Processed all files in directory: C:\Sandbox\hydradragonantivirus\DefaultBox\user
2024-08-03 14:13:45,237 - INFO - Directory created: C:\Sandbox\hydradragonantivirus\DefaultBox\user
2024-08-03 14:13:42,458 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 14:13:45,237 - INFO - Rule Check_OutputDebugStringA_iat is excluded.
2024-08-03 14:13:42,162 - INFO - Rule HasDigitalSignature is excluded.
2024-08-03 14:13:45,237 - WARNING - Worm 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe' detected under 5 different names or as potential worm. Alerting user.
2024-08-03 14:13:49,813 - INFO - Rule Check_unhandledExceptionFiler_iat is excluded.
2024-08-03 14:13:51,466 - INFO - DNS Answer (IPv4): e4113.dscd.akamaiedge.net
2024-08-03 14:14:03,156 - INFO - Rule HasDebugData is excluded.
2024-08-03 14:14:11,247 - INFO - Rule HasRichSignature is excluded.
2024-08-03 14:14:11,247 - INFO - Rule DLL_inject is excluded.
2024-08-03 14:14:11,247 - INFO - Rule ms_vc72 is excluded.
2024-08-03 14:14:11,247 - INFO - Rule VC8_Microsoft_Corporation is excluded.
2024-08-03 14:14:10,943 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 14:14:11,226 - INFO - Rule check_RaiseException_iat is excluded.
2024-08-03 14:14:11,577 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-08-03 14:14:11,577 - INFO - Rule Rand_Constants is excluded.
2024-08-03 14:14:11,579 - INFO - Rule DontDoThatNoReally is excluded.
2024-08-03 14:14:11,247 - INFO - DNS Query (IPv4): ecn.dev.virtualearth.net
2024-08-03 14:14:11,579 - INFO - Rule leaked_lapsus_nvidia_leaked_certificate is excluded.
2024-08-03 14:14:11,671 - INFO - Rule head_mz is excluded.
2024-08-03 14:14:11,679 - INFO - Rule head_pe_unsigned is excluded.
2024-08-03 14:14:11,679 - INFO - Rule pe_unsigned_uncommon_product_name is excluded.
2024-08-03 14:14:11,679 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:14:11,679 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-08-03 14:14:11,679 - INFO - Rule head_mz_e_med_1mb_10mb is excluded.
2024-08-03 14:14:11,679 - INFO - Rule Contains_PE_File is excluded.
2024-08-03 14:14:11,679 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-08-03 14:14:11,679 - INFO - Rule maldoc_structured_exception_handling is excluded.
2024-08-03 14:14:11,679 - INFO - Rule maldoc_find_kernel32_base_method_1 is excluded.
2024-08-03 14:14:11,679 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 14:14:11,671 - INFO - DNS Answer (IPv4): ecn.dev.virtualearth.net
2024-08-03 14:14:11,649 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:14:11,679 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-08-03 14:14:11,681 - INFO - DNS Answer (IPv4): ssl2.tiles.virtualearth.net.edgekey.net
2024-08-03 14:14:11,688 - INFO - Rule PEiD_01005_MASM_TASM___sig2_h__ is excluded.
2024-08-03 14:14:11,749 - INFO - Rule PEiD_01006_MASM_TASM___sig4__h__ is excluded.
2024-08-03 14:14:11,749 - INFO - Rule PEiD_01007_MASM_TASM___sig4__h__ is excluded.
2024-08-03 14:14:11,749 - INFO - Rule PEiD_01070_Microsoft_Visual_C___6_0___8_0_ is excluded.
2024-08-03 14:14:11,749 - INFO - Rule PEiD_01091_Microsoft_Visual_C___8_ is excluded.
2024-08-03 14:14:11,736 - INFO - Rule leaked_lapsus_nvidia_leaked_certificate is excluded.
2024-08-03 14:14:11,749 - INFO - Rule http is excluded.
2024-08-03 14:14:11,860 - INFO - Rule Generic_Powershell_Detector is excluded.
2024-08-03 14:14:11,860 - INFO - Rule donut is excluded.
2024-08-03 14:14:11,860 - INFO - Rule o3e7_33335e8a5b8b1b32 is excluded.
2024-08-03 14:14:11,860 - INFO - Rule o3e7_33335e9a5ee31b32 is excluded.
2024-08-03 14:14:11,860 - INFO - Rule o422_12a90cc280000112 is excluded.
2024-08-03 14:14:11,860 - INFO - Rule o422_12a90cc280000116 is excluded.
2024-08-03 14:14:11,860 - INFO - Rule Big_Numbers1 is excluded.
2024-08-03 14:14:11,860 - INFO - Rule CRC32_poly_Constant is excluded.
2024-08-03 14:14:11,860 - INFO - Rule MD5_Constants is excluded.
2024-08-03 14:14:11,860 - INFO - Rule SHA256_Constants is excluded.
2024-08-03 14:14:11,860 - INFO - Rule BASE64_table is excluded.
2024-08-03 14:14:11,860 - INFO - Rule SEH_Save is excluded.
2024-08-03 14:14:11,830 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:14:11,860 - INFO - Rule SEH_Init is excluded.
2024-08-03 14:14:11,860 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe - Virus: ['ttp_toolmark_physicaldrive_signed', 'o26bb_6304a1b0dda30912', 'o26bb_630da9a0dda30912', 'o26bb_632da920dfa30912', 'o26bb_632fa120dfa30912']
2024-08-03 14:14:15,439 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe'
2024-08-03 14:14:15,430 - INFO - Rule anti_dbg is excluded.
2024-08-03 14:14:15,454 - INFO - Rule antisb_threatExpert is excluded.
2024-08-03 14:14:15,501 - INFO - Rule Str_Win32_Winsock2_Library is excluded.
2024-08-03 14:14:15,502 - INFO - Rule Str_Win32_Wininet_Library is excluded.
2024-08-03 14:14:15,502 - INFO - Rule Str_Win32_Internet_API is excluded.
2024-08-03 14:14:15,502 - INFO - Rule Str_Win32_Http_API is excluded.
2024-08-03 14:14:15,502 - INFO - Rule hijack_network is excluded.
2024-08-03 14:14:15,502 - INFO - Rule network_http is excluded.
2024-08-03 14:14:15,502 - INFO - Rule network_tcp_socket is excluded.
2024-08-03 14:14:15,502 - INFO - Rule keylogger is excluded.
2024-08-03 14:14:15,502 - INFO - Rule win_registry is excluded.
2024-08-03 14:14:15,502 - INFO - Rule win_files_operation is excluded.
2024-08-03 14:14:15,502 - INFO - Rule anti_debug__IsDebuggerPresent__8_byt_STR_17_ is excluded.
2024-08-03 14:14:15,502 - INFO - Rule misc_pe_signature is excluded.
2024-08-03 14:14:15,502 - INFO - Rule Microsoft_Office_Document_with_Embedded_Flash_File is excluded.
2024-08-03 14:14:15,502 - INFO - Rule _Microsoft_Visual_Cpp_60__80_ is excluded.
2024-08-03 14:14:15,502 - INFO - Rule _MASMTASM__sig2h_ is excluded.
2024-08-03 14:14:15,502 - INFO - Rule create_process is excluded.
2024-08-03 14:14:15,502 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-08-03 14:14:15,502 - INFO - Rule IsPE32 is excluded.
2024-08-03 14:14:15,576 - INFO - Rule IsWindowsGUI is excluded.
2024-08-03 14:14:15,576 - INFO - Rule IsPacked is excluded.
2024-08-03 14:14:15,576 - INFO - Rule HasOverlay is excluded.
2024-08-03 14:14:15,576 - INFO - Rule HasDigitalSignature is excluded.
2024-08-03 14:14:15,576 - INFO - Rule HasDebugData is excluded.
2024-08-03 14:14:15,576 - INFO - Rule HasRichSignature is excluded.
2024-08-03 14:14:15,576 - INFO - Rule DLL_inject is excluded.
2024-08-03 14:14:15,576 - INFO - Rule ms_vc72 is excluded.
2024-08-03 14:14:15,587 - INFO - Rule VC8_Microsoft_Corporation is excluded.
2024-08-03 14:14:15,439 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe' with parts '['xqbg', 'exe']'
2024-08-03 14:14:16,557 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:14:15,893 - INFO - Rule leaked_lapsus_nvidia_leaked_certificate is excluded.
2024-08-03 14:14:16,557 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe - Virus: ['ttp_toolmark_physicaldrive_signed', 'o26bb_6304a1b0dda30912', 'o26bb_630da9a0dda30912', 'o26bb_632da920dfa30912', 'o26bb_632fa120dfa30912']
2024-08-03 14:14:16,557 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe'
2024-08-03 14:14:16,557 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe' with parts '['xqbg', 'exe']'
2024-08-03 14:14:16,557 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:14:16,557 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe is malicious. Virus: ttp_toolmark_physicaldrive_signedo26bb_6304a1b0dda30912o26bb_630da9a0dda30912o26bb_632da920dfa30912o26bb_632fa120dfa30912
2024-08-03 14:14:16,557 - ERROR - Could not extract original file path from decompiled file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:14:16,557 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe is malicious. Virus: ttp_toolmark_physicaldrive_signedo26bb_6304a1b0dda30912o26bb_630da9a0dda30912o26bb_632da920dfa30912o26bb_632fa120dfa30912
2024-08-03 14:14:16,557 - INFO - Scanning domain: r.msftstatic.com
2024-08-03 14:14:16,659 - ERROR - Could not extract original file path from decompiled file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:14:17,343 - INFO - Scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output.c
2024-08-03 14:14:17,343 - INFO - File is in the decompile directory: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output.c. Scanning file.
2024-08-03 14:14:17,841 - INFO - Started scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output.c
2024-08-03 14:14:20,189 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS: SbiePst.dat
2024-08-03 14:14:20,189 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:14:20,189 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:14:29,642 - INFO - DNS Query (IPv4): r.msftstatic.com
2024-08-03 14:14:31,957 - INFO - DNS Query (IPv4): r.msftstatic.com
2024-08-03 14:14:31,957 - INFO - DNS Query (IPv4): r.msftstatic.com
2024-08-03 14:14:31,957 - INFO - DNS Answer (IPv4): r.msftstatic.com
2024-08-03 14:14:31,957 - INFO - Scanning domain: r-msftstatic-com.a-0016.a-msedge.net
2024-08-03 14:14:48,558 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:14:49,046 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:14:49,534 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-08-03 14:14:56,064 - INFO - Rule FE_PCAPs0 is excluded.
2024-08-03 14:14:56,064 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:14:56,064 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 14:14:56,647 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat - No viruses detected
2024-08-03 14:14:56,647 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat'
2024-08-03 14:14:56,647 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat' with parts '['SbiePst', 'dat']'
2024-08-03 14:14:56,647 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:14:56,655 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell: StartupProfileData-NonInteractive
2024-08-03 14:14:56,655 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:14:56,655 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:14:57,395 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:14:57,395 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 14:14:57,395 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive - No viruses detected
2024-08-03 14:14:57,395 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive'
2024-08-03 14:14:57,395 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive' with parts '['StartupProfileData-NonInteractive']'
2024-08-03 14:14:57,395 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:14:57,395 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:14:57,395 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:15:00,534 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:15:09,758 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:15:10,903 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:15:10,903 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 14:15:12,964 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive - No viruses detected
2024-08-03 14:15:12,964 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive'
2024-08-03 14:15:12,964 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive' with parts '['StartupProfileData-NonInteractive']'
2024-08-03 14:15:12,964 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:15:16,905 - INFO - Decompiling file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:15:26,353 - INFO - DNS Answer (IPv4): r-msftstatic-com.a-0016.a-msedge.net
2024-08-03 14:15:26,353 - INFO - Scanning domain: a-0016.a-msedge.net
2024-08-03 14:15:31,649 - INFO - Rule DebuggerCheck__API is excluded.
2024-08-03 14:15:31,851 - INFO - Rule DebuggerTiming__PerformanceCounter is excluded.
2024-08-03 14:15:31,851 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-08-03 14:15:31,851 - INFO - Rule DebuggerException__UnhandledFilter is excluded.
2024-08-03 14:15:31,851 - INFO - Rule ThreadControl__Context is excluded.
2024-08-03 14:15:31,851 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 14:15:31,851 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 14:15:31,851 - INFO - Rule DebuggerPattern__SEH_Saves is excluded.
2024-08-03 14:15:31,851 - INFO - Rule DebuggerPattern__SEH_Inits is excluded.
2024-08-03 14:15:31,851 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:15:31,851 - INFO - Rule Contains_PE_File is excluded.
2024-08-03 14:15:31,851 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-08-03 14:15:31,851 - INFO - Rule maldoc_structured_exception_handling is excluded.
2024-08-03 14:15:31,851 - INFO - Rule maldoc_find_kernel32_base_method_1 is excluded.
2024-08-03 14:15:31,851 - INFO - Rule maldoc_getEIP_method_1 is excluded.
2024-08-03 14:15:31,851 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 14:15:31,851 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-08-03 14:15:31,851 - INFO - Rule PEiD_01070_Microsoft_Visual_C___6_0___8_0_ is excluded.
2024-08-03 14:15:31,851 - INFO - Rule wireshark is excluded.
2024-08-03 14:15:31,851 - INFO - Rule Big_Numbers1 is excluded.
2024-08-03 14:15:31,851 - INFO - Rule CRC32_poly_Constant is excluded.
2024-08-03 14:15:31,851 - INFO - Rule CRC32_table is excluded.
2024-08-03 14:15:31,851 - INFO - Rule MD5_Constants is excluded.
2024-08-03 14:15:31,851 - INFO - Rule anti_dbg is excluded.
2024-08-03 14:15:32,664 - INFO - Rule disable_dep is excluded.
2024-08-03 14:15:32,664 - INFO - Rule Str_Win32_Winsock2_Library is excluded.
2024-08-03 14:15:32,664 - INFO - Rule Str_Win32_Internet_API is excluded.
2024-08-03 14:15:32,664 - INFO - Rule inject_thread is excluded.
2024-08-03 14:15:32,664 - INFO - Rule escalate_priv is excluded.
2024-08-03 14:15:32,664 - INFO - Rule screenshot is excluded.
2024-08-03 14:15:32,664 - INFO - Rule keylogger is excluded.
2024-08-03 14:15:32,664 - INFO - Rule win_mutex is excluded.
2024-08-03 14:15:32,664 - INFO - Rule win_registry is excluded.
2024-08-03 14:15:32,664 - INFO - Rule win_token is excluded.
2024-08-03 14:15:32,664 - INFO - Rule win_files_operation is excluded.
2024-08-03 14:15:32,664 - INFO - Rule anti_debug__IsDebuggerPresent__8_byt_STR_17_ is excluded.
2024-08-03 14:15:32,664 - INFO - Rule reads_clipboard is excluded.
2024-08-03 14:15:32,664 - INFO - Rule embedded_win_api is excluded.
2024-08-03 14:15:32,664 - INFO - Rule _Microsoft_Visual_Cpp_60__80_ is excluded.
2024-08-03 14:15:32,664 - INFO - Rule create_process is excluded.
2024-08-03 14:15:32,664 - INFO - Rule Antivirus_strings is excluded.
2024-08-03 14:15:32,664 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-08-03 14:15:32,664 - INFO - Rule DLL_inject is excluded.
2024-08-03 14:15:32,664 - INFO - Rule TTP_contains_BTC_address is excluded.
2024-08-03 14:15:32,664 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive - No viruses detected
2024-08-03 14:15:32,664 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-08-03 14:15:32,664 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-08-03 14:15:32,664 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:15:32,994 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:15:32,994 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:15:32,994 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:15:36,422 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:15:36,657 - INFO - Rule FE_PCAPs0 is excluded.
2024-08-03 14:15:36,657 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:15:36,657 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 14:15:36,657 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat - No viruses detected
2024-08-03 14:15:36,657 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat'
2024-08-03 14:15:36,657 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat' with parts '['SbiePst', 'dat']'
2024-08-03 14:15:36,657 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:15:36,657 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:15:36,657 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:15:36,657 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:15:43,638 - INFO - DNS Answer (IPv4): a-0016.a-msedge.net
2024-08-03 14:15:44,109 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
2024-08-03 14:15:44,109 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:15:44,109 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 14:15:44,109 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive - No viruses detected
2024-08-03 14:15:44,109 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive'
2024-08-03 14:15:44,109 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive' with parts '['StartupProfileData-NonInteractive']'
2024-08-03 14:15:44,109 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:15:44,294 - INFO - DNS Query (IPv4): r.msftstatic.com
2024-08-03 14:15:44,294 - INFO - DNS Answer (IPv4): r.msftstatic.com
2024-08-03 14:15:53,702 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:15:54,341 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:15:54,485 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 14:15:54,496 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 14:15:54,496 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 14:15:54,507 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 14:15:54,507 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 14:15:54,507 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 14:15:54,507 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 14:15:54,507 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 14:15:54,522 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 14:15:54,522 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 14:15:54,564 - INFO - Scanning domain: v20.events.data.microsoft.com
2024-08-03 14:15:55,428 - INFO - No malware detected by ClamAV in file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output.c
2024-08-03 14:16:01,370 - INFO - DNS Query (IPv4): v20.events.data.microsoft.com
2024-08-03 14:16:01,370 - INFO - DNS Query (IPv4): v20.events.data.microsoft.com
2024-08-03 14:16:01,370 - INFO - DNS Answer (IPv4): v20.events.data.microsoft.com
2024-08-03 14:16:01,370 - INFO - Scanning domain: win-global-asimov-leafs-events-data.trafficmanager.net
2024-08-03 14:16:02,756 - INFO - Rule DebuggerCheck__API is excluded.
2024-08-03 14:16:02,756 - INFO - Rule DebuggerTiming__PerformanceCounter is excluded.
2024-08-03 14:16:02,756 - INFO - Rule DebuggerException__UnhandledFilter is excluded.
2024-08-03 14:16:02,756 - INFO - Rule vmdetect is excluded.
2024-08-03 14:16:02,756 - INFO - Rule DontDoThatNoReally is excluded.
2024-08-03 14:16:02,756 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:16:02,756 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-08-03 14:16:02,756 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 14:16:02,756 - INFO - Rule Big_Numbers1 is excluded.
2024-08-03 14:16:02,756 - INFO - Rule anti_debug__IsDebuggerPresent__8_byt_STR_17_ is excluded.
2024-08-03 14:16:02,756 - INFO - Rule embedded_win_api is excluded.
2024-08-03 14:16:03,942 - INFO - Rule TTP_contains_BTC_address is excluded.
2024-08-03 14:16:04,831 - INFO - Scanned file with YARA: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output.c - No viruses detected
2024-08-03 14:16:04,831 - INFO - Running ransomware alert check for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output.c'
2024-08-03 14:16:04,831 - INFO - Checking ransomware conditions for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output.c' with parts '['decompiled_output', 'c']'
2024-08-03 14:16:04,831 - INFO - File 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output.c' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:16:04,831 - INFO - Scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_1.c
2024-08-03 14:16:05,912 - INFO - File is in the decompile directory: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_1.c. Scanning file.
2024-08-03 14:16:06,804 - INFO - DNS Answer (IPv4): win-global-asimov-leafs-events-data.trafficmanager.net
2024-08-03 14:16:06,804 - INFO - Scanning domain: onedscolprdwus12.westus.cloudapp.azure.com
2024-08-03 14:16:08,507 - INFO - Started scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_1.c
2024-08-03 14:16:10,599 - INFO - DNS Answer (IPv4): onedscolprdwus12.westus.cloudapp.azure.com
2024-08-03 14:16:10,861 - INFO - Scanning domain: v10.events.data.microsoft.com
2024-08-03 14:16:15,326 - INFO - DNS Query (IPv4): v10.events.data.microsoft.com
2024-08-03 14:16:15,841 - INFO - DNS Query (IPv4): v10.events.data.microsoft.com
2024-08-03 14:16:15,841 - INFO - DNS Answer (IPv4): v10.events.data.microsoft.com
2024-08-03 14:16:15,841 - INFO - DNS Answer (IPv4): win-global-asimov-leafs-events-data.trafficmanager.net
2024-08-03 14:16:15,841 - INFO - Scanning domain: onedscolprdwus06.westus.cloudapp.azure.com
2024-08-03 14:16:28,698 - INFO - DNS Answer (IPv4): onedscolprdwus06.westus.cloudapp.azure.com
2024-08-03 14:16:29,489 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 14:16:29,502 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 14:16:29,615 - INFO - DNS Query (IPv4): usfftp.security.comodo.com
2024-08-03 14:16:29,615 - INFO - DNS Query (IPv4): usfftp.security.comodo.com
2024-08-03 14:16:29,615 - INFO - DNS Answer (IPv4): usfftp.security.comodo.com
2024-08-03 14:16:29,782 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 14:16:29,782 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 14:16:29,795 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 14:16:29,795 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 14:16:29,894 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 14:16:29,895 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 14:16:29,905 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 14:16:29,909 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 14:16:29,909 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 14:16:29,909 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 14:16:43,150 - INFO - Rule dbgdetect_funcs is excluded.
2024-08-03 14:16:43,150 - INFO - Rule DebuggerCheck__API is excluded.
2024-08-03 14:16:43,150 - INFO - Rule DebuggerTiming__PerformanceCounter is excluded.
2024-08-03 14:16:43,150 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-08-03 14:16:43,150 - INFO - Rule DebuggerOutput__String is excluded.
2024-08-03 14:16:43,150 - INFO - Rule DebuggerException__UnhandledFilter is excluded.
2024-08-03 14:16:43,150 - INFO - Rule DebuggerException__SetConsoleCtrl is excluded.
2024-08-03 14:16:43,150 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-08-03 14:16:43,150 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-08-03 14:16:43,150 - INFO - Rule DebuggerPattern__SEH_Saves is excluded.
2024-08-03 14:16:43,150 - INFO - Rule DebuggerPattern__SEH_Inits is excluded.
2024-08-03 14:16:43,150 - INFO - Rule Check_OutputDebugStringA_iat is excluded.
2024-08-03 14:16:43,150 - INFO - Rule Check_unhandledExceptionFiler_iat is excluded.
2024-08-03 14:16:43,150 - INFO - Rule check_RaiseException_iat is excluded.
2024-08-03 14:16:43,150 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-08-03 14:16:43,150 - INFO - Rule Rand_Constants is excluded.
2024-08-03 14:16:43,150 - INFO - Rule DontDoThatNoReally is excluded.
2024-08-03 14:16:43,150 - INFO - Rule leaked_lapsus_nvidia_leaked_certificate is excluded.
2024-08-03 14:16:43,150 - INFO - Rule head_mz is excluded.
2024-08-03 14:16:43,150 - INFO - Rule head_pe_unsigned is excluded.
2024-08-03 14:16:43,150 - INFO - Rule pe_unsigned_uncommon_product_name is excluded.
2024-08-03 14:16:43,150 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:16:43,150 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-08-03 14:16:43,150 - INFO - Rule head_mz_e_med_1mb_10mb is excluded.
2024-08-03 14:16:43,150 - INFO - Rule Contains_PE_File is excluded.
2024-08-03 14:16:43,150 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-08-03 14:16:43,150 - INFO - Rule maldoc_structured_exception_handling is excluded.
2024-08-03 14:16:43,150 - INFO - Rule maldoc_find_kernel32_base_method_1 is excluded.
2024-08-03 14:16:43,150 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 14:16:43,150 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-08-03 14:16:43,150 - INFO - Rule PEiD_01005_MASM_TASM___sig2_h__ is excluded.
2024-08-03 14:16:43,150 - INFO - Rule PEiD_01006_MASM_TASM___sig4__h__ is excluded.
2024-08-03 14:16:43,150 - INFO - Rule PEiD_01007_MASM_TASM___sig4__h__ is excluded.
2024-08-03 14:16:43,150 - INFO - Rule PEiD_01070_Microsoft_Visual_C___6_0___8_0_ is excluded.
2024-08-03 14:16:43,150 - INFO - Rule PEiD_01091_Microsoft_Visual_C___8_ is excluded.
2024-08-03 14:16:43,150 - INFO - Rule http is excluded.
2024-08-03 14:16:43,150 - INFO - Rule Generic_Powershell_Detector is excluded.
2024-08-03 14:16:43,150 - INFO - Rule donut is excluded.
2024-08-03 14:16:43,150 - INFO - Rule o3e7_33335e8a5b8b1b32 is excluded.
2024-08-03 14:16:43,150 - INFO - Rule o3e7_33335e9a5ee31b32 is excluded.
2024-08-03 14:16:43,150 - INFO - Rule o422_12a90cc280000112 is excluded.
2024-08-03 14:16:43,150 - INFO - Rule o422_12a90cc280000116 is excluded.
2024-08-03 14:16:43,150 - INFO - Rule Big_Numbers1 is excluded.
2024-08-03 14:16:43,150 - INFO - Rule CRC32_poly_Constant is excluded.
2024-08-03 14:16:43,150 - INFO - Rule MD5_Constants is excluded.
2024-08-03 14:16:43,150 - INFO - Rule SHA256_Constants is excluded.
2024-08-03 14:16:43,150 - INFO - Rule BASE64_table is excluded.
2024-08-03 14:16:43,150 - INFO - Rule SEH_Save is excluded.
2024-08-03 14:16:43,150 - INFO - Rule SEH_Init is excluded.
2024-08-03 14:16:43,150 - INFO - Rule anti_dbg is excluded.
2024-08-03 14:16:43,150 - INFO - Rule antisb_threatExpert is excluded.
2024-08-03 14:16:43,150 - INFO - Rule Str_Win32_Winsock2_Library is excluded.
2024-08-03 14:16:43,150 - INFO - Rule Str_Win32_Wininet_Library is excluded.
2024-08-03 14:16:43,150 - INFO - Rule Str_Win32_Internet_API is excluded.
2024-08-03 14:16:43,150 - INFO - Rule Str_Win32_Http_API is excluded.
2024-08-03 14:16:43,150 - INFO - Rule hijack_network is excluded.
2024-08-03 14:16:43,150 - INFO - Rule network_http is excluded.
2024-08-03 14:16:43,150 - INFO - Rule network_tcp_socket is excluded.
2024-08-03 14:16:43,150 - INFO - Rule keylogger is excluded.
2024-08-03 14:16:43,150 - INFO - Rule win_registry is excluded.
2024-08-03 14:16:43,150 - INFO - Rule win_files_operation is excluded.
2024-08-03 14:16:43,150 - INFO - Rule anti_debug__IsDebuggerPresent__8_byt_STR_17_ is excluded.
2024-08-03 14:16:43,150 - INFO - Rule misc_pe_signature is excluded.
2024-08-03 14:16:43,150 - INFO - Rule Microsoft_Office_Document_with_Embedded_Flash_File is excluded.
2024-08-03 14:16:43,150 - INFO - Rule _Microsoft_Visual_Cpp_60__80_ is excluded.
2024-08-03 14:16:43,150 - INFO - Rule _MASMTASM__sig2h_ is excluded.
2024-08-03 14:16:43,150 - INFO - Rule create_process is excluded.
2024-08-03 14:16:43,150 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-08-03 14:16:43,150 - INFO - Rule IsPE32 is excluded.
2024-08-03 14:16:43,150 - INFO - Rule IsWindowsGUI is excluded.
2024-08-03 14:16:43,150 - INFO - Rule IsPacked is excluded.
2024-08-03 14:16:43,150 - INFO - Rule HasOverlay is excluded.
2024-08-03 14:16:43,150 - INFO - Rule HasDigitalSignature is excluded.
2024-08-03 14:16:43,150 - INFO - Rule HasDebugData is excluded.
2024-08-03 14:16:43,150 - INFO - Rule HasRichSignature is excluded.
2024-08-03 14:16:43,150 - INFO - Rule DLL_inject is excluded.
2024-08-03 14:16:43,150 - INFO - Rule ms_vc72 is excluded.
2024-08-03 14:16:43,150 - INFO - Rule VC8_Microsoft_Corporation is excluded.
2024-08-03 14:16:44,317 - INFO - Rule leaked_lapsus_nvidia_leaked_certificate is excluded.
2024-08-03 14:16:44,317 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe - Virus: ['ttp_toolmark_physicaldrive_signed', 'o26bb_6304a1b0dda30912', 'o26bb_630da9a0dda30912', 'o26bb_632da920dfa30912', 'o26bb_632fa120dfa30912']
2024-08-03 14:16:44,317 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe'
2024-08-03 14:16:44,317 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe' with parts '['xqbg', 'exe']'
2024-08-03 14:16:44,317 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:16:44,317 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe is malicious. Virus: ttp_toolmark_physicaldrive_signedo26bb_6304a1b0dda30912o26bb_630da9a0dda30912o26bb_632da920dfa30912o26bb_632fa120dfa30912
2024-08-03 14:16:44,333 - ERROR - Could not extract original file path from decompiled file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\Documents\xqbg.exe
2024-08-03 14:16:45,516 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 14:16:45,520 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 14:16:45,523 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 14:16:45,531 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 14:17:04,434 - INFO - No malware detected by ClamAV in file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_1.c
2024-08-03 14:17:20,737 - INFO - Rule DebuggerOutput__String is excluded.
2024-08-03 14:17:20,737 - INFO - Rule vmdetect is excluded.
2024-08-03 14:17:20,737 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:17:20,737 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-08-03 14:17:20,737 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 14:17:20,737 - INFO - Rule http is excluded.
2024-08-03 14:17:20,737 - INFO - Rule donut is excluded.
2024-08-03 14:17:20,737 - INFO - Rule Str_Win32_Wininet_Library is excluded.
2024-08-03 14:17:20,737 - INFO - Rule Str_Win32_Internet_API is excluded.
2024-08-03 14:17:20,737 - INFO - Rule Str_Win32_Http_API is excluded.
2024-08-03 14:17:20,737 - INFO - Rule network_http is excluded.
2024-08-03 14:17:20,737 - INFO - Rule embedded_win_api is excluded.
2024-08-03 14:17:20,737 - INFO - Rule DLL_inject is excluded.
2024-08-03 14:17:21,832 - INFO - Scanned file with YARA: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_1.c - No viruses detected
2024-08-03 14:17:21,832 - INFO - Running ransomware alert check for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_1.c'
2024-08-03 14:17:21,832 - INFO - Checking ransomware conditions for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_1.c' with parts '['decompiled_output_1', 'c']'
2024-08-03 14:17:21,832 - INFO - File 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_1.c' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:17:21,832 - INFO - Scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_2.c
2024-08-03 14:17:22,564 - INFO - File is in the decompile directory: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_2.c. Scanning file.
2024-08-03 14:17:24,768 - INFO - Started scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_2.c
2024-08-03 14:17:26,916 - INFO - No malware detected by ClamAV in file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_2.c
2024-08-03 14:17:40,639 - INFO - Rule DebuggerOutput__String is excluded.
2024-08-03 14:17:40,639 - INFO - Rule vmdetect is excluded.
2024-08-03 14:17:40,639 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:17:40,639 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-08-03 14:17:40,639 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 14:17:40,639 - INFO - Rule http is excluded.
2024-08-03 14:17:40,639 - INFO - Rule donut is excluded.
2024-08-03 14:17:40,639 - INFO - Rule Str_Win32_Wininet_Library is excluded.
2024-08-03 14:17:40,639 - INFO - Rule Str_Win32_Internet_API is excluded.
2024-08-03 14:17:40,639 - INFO - Rule Str_Win32_Http_API is excluded.
2024-08-03 14:17:40,639 - INFO - Rule network_http is excluded.
2024-08-03 14:17:40,639 - INFO - Rule embedded_win_api is excluded.
2024-08-03 14:17:40,639 - INFO - Rule DLL_inject is excluded.
2024-08-03 14:17:41,006 - INFO - Scanned file with YARA: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_2.c - No viruses detected
2024-08-03 14:17:41,006 - INFO - Running ransomware alert check for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_2.c'
2024-08-03 14:17:41,006 - INFO - Checking ransomware conditions for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_2.c' with parts '['decompiled_output_2', 'c']'
2024-08-03 14:17:41,006 - INFO - File 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_2.c' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:17:41,006 - INFO - Scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_3.c
2024-08-03 14:17:41,093 - INFO - File is in the decompile directory: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_3.c. Scanning file.
2024-08-03 14:17:41,181 - INFO - Started scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_3.c
2024-08-03 14:17:42,943 - INFO - No malware detected by ClamAV in file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_3.c
2024-08-03 14:17:50,763 - INFO - Scanning domain: watson.events.data.microsoft.com
2024-08-03 14:17:57,318 - INFO - DNS Query (IPv4): watson.events.data.microsoft.com
2024-08-03 14:17:57,318 - INFO - DNS Query (IPv4): watson.events.data.microsoft.com
2024-08-03 14:17:57,318 - INFO - DNS Answer (IPv4): watson.events.data.microsoft.com
2024-08-03 14:17:57,318 - INFO - Scanning domain: blobcollectorcommon.trafficmanager.net
2024-08-03 14:18:02,713 - INFO - Rule DebuggerOutput__String is excluded.
2024-08-03 14:18:02,713 - INFO - Rule vmdetect is excluded.
2024-08-03 14:18:02,713 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:18:02,713 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-08-03 14:18:02,713 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 14:18:02,713 - INFO - Rule http is excluded.
2024-08-03 14:18:02,713 - INFO - Rule donut is excluded.
2024-08-03 14:18:02,713 - INFO - Rule Str_Win32_Wininet_Library is excluded.
2024-08-03 14:18:02,713 - INFO - Rule Str_Win32_Internet_API is excluded.
2024-08-03 14:18:02,713 - INFO - Rule Str_Win32_Http_API is excluded.
2024-08-03 14:18:02,713 - INFO - Rule network_http is excluded.
2024-08-03 14:18:02,713 - INFO - Rule embedded_win_api is excluded.
2024-08-03 14:18:02,713 - INFO - Rule DLL_inject is excluded.
2024-08-03 14:18:03,206 - INFO - Scanned file with YARA: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_3.c - No viruses detected
2024-08-03 14:18:03,206 - INFO - Running ransomware alert check for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_3.c'
2024-08-03 14:18:03,206 - INFO - Checking ransomware conditions for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_3.c' with parts '['decompiled_output_3', 'c']'
2024-08-03 14:18:03,206 - INFO - File 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_3.c' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:18:03,206 - INFO - Scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_4.c
2024-08-03 14:18:03,247 - INFO - File is in the decompile directory: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_4.c. Scanning file.
2024-08-03 14:18:03,324 - INFO - Started scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_4.c
2024-08-03 14:18:04,081 - INFO - No malware detected by ClamAV in file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_4.c
2024-08-03 14:18:06,966 - INFO - DNS Answer (IPv4): blobcollectorcommon.trafficmanager.net
2024-08-03 14:18:06,967 - INFO - Scanning domain: onedsblobprdeus17.eastus.cloudapp.azure.com
2024-08-03 14:18:15,342 - INFO - DNS Answer (IPv4): onedsblobprdeus17.eastus.cloudapp.azure.com
2024-08-03 14:18:15,342 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 14:18:15,342 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 14:18:15,342 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 14:18:15,342 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 14:18:15,342 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 14:18:15,342 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 14:18:15,342 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 14:18:15,342 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 14:18:15,342 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 14:18:15,342 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 14:18:15,342 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 14:18:15,342 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 14:18:15,342 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 14:18:15,342 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 14:18:15,342 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 14:18:15,342 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 14:18:15,342 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 14:18:15,342 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 14:18:15,342 - INFO - Rule DebuggerOutput__String is excluded.
2024-08-03 14:18:15,342 - INFO - Rule vmdetect is excluded.
2024-08-03 14:18:15,342 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:18:15,342 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-08-03 14:18:15,342 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 14:18:15,342 - INFO - Rule http is excluded.
2024-08-03 14:18:15,342 - INFO - Rule donut is excluded.
2024-08-03 14:18:15,342 - INFO - Rule Str_Win32_Wininet_Library is excluded.
2024-08-03 14:18:15,342 - INFO - Rule Str_Win32_Internet_API is excluded.
2024-08-03 14:18:15,342 - INFO - Rule Str_Win32_Http_API is excluded.
2024-08-03 14:18:15,342 - INFO - Rule network_http is excluded.
2024-08-03 14:18:15,342 - INFO - Rule embedded_win_api is excluded.
2024-08-03 14:18:15,342 - INFO - Rule DLL_inject is excluded.
2024-08-03 14:18:15,342 - INFO - Scanned file with YARA: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_4.c - No viruses detected
2024-08-03 14:18:15,342 - INFO - Running ransomware alert check for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_4.c'
2024-08-03 14:18:15,342 - INFO - Checking ransomware conditions for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_4.c' with parts '['decompiled_output_4', 'c']'
2024-08-03 14:18:15,342 - INFO - File 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_4.c' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:18:15,342 - INFO - Scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_5.c
2024-08-03 14:18:16,271 - INFO - File is in the decompile directory: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_5.c. Scanning file.
2024-08-03 14:18:17,206 - INFO - Started scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_5.c
2024-08-03 14:19:37,786 - INFO - No malware detected by ClamAV in file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_5.c
2024-08-03 14:20:04,897 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 14:20:07,686 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 14:20:22,685 - INFO - Rule DebuggerOutput__String is excluded.
2024-08-03 14:20:22,685 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:20:22,685 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-08-03 14:20:22,685 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-08-03 14:20:22,685 - INFO - Rule http is excluded.
2024-08-03 14:20:22,685 - INFO - Rule donut is excluded.
2024-08-03 14:20:22,685 - INFO - Rule Str_Win32_Wininet_Library is excluded.
2024-08-03 14:20:22,685 - INFO - Rule Str_Win32_Internet_API is excluded.
2024-08-03 14:20:22,685 - INFO - Rule Str_Win32_Http_API is excluded.
2024-08-03 14:20:22,685 - INFO - Rule network_http is excluded.
2024-08-03 14:20:22,685 - INFO - Rule embedded_win_api is excluded.
2024-08-03 14:20:22,685 - INFO - Rule DLL_inject is excluded.
2024-08-03 14:20:23,836 - INFO - Scanned file with YARA: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_5.c - No viruses detected
2024-08-03 14:20:23,836 - INFO - Running ransomware alert check for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_5.c'
2024-08-03 14:20:23,836 - INFO - Checking ransomware conditions for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_5.c' with parts '['decompiled_output_5', 'c']'
2024-08-03 14:20:23,836 - INFO - File 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_5.c' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:20:23,948 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:20:23,980 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:21:11,497 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2024-08-03 14:21:13,949 - INFO - Rule FE_PCAPs0 is excluded.
2024-08-03 14:21:13,949 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:21:13,949 - INFO - Rule ct_size_0_1kb is excluded.
2024-08-03 14:21:13,949 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat - No viruses detected
2024-08-03 14:21:13,949 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat'
2024-08-03 14:21:13,949 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat' with parts '['SbiePst', 'dat']'
2024-08-03 14:21:13,949 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\WINDOWS\SbiePst.dat' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:21:17,163 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-08-03 14:21:17,177 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-08-03 14:21:17,240 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-08-03 14:21:17,240 - INFO - DNS Answer (IPv4): edge.microsoft.com
2024-08-03 14:21:17,240 - INFO - DNS Answer (IPv4): edge-microsoft-com.dual-a-0036.a-msedge.net
2024-08-03 14:21:17,240 - INFO - DNS Answer (IPv4): dual-a-0036.a-msedge.net
2024-08-03 14:21:17,240 - INFO - DNS Answer (IPv4): dual-a-0036.a-msedge.net
2024-08-03 14:21:17,813 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-08-03 14:21:17,813 - INFO - DNS Answer (IPv4): edge.microsoft.com
2024-08-03 14:21:41,721 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 14:21:42,635 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 14:21:42,635 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 14:21:42,760 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 14:21:43,574 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 14:21:43,633 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 14:21:43,828 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 14:22:13,914 - INFO - DNS Query (IPv4): wpad.home
2024-08-03 14:23:01,615 - INFO - Scanning domain: dns.msftncsi.com
2024-08-03 14:24:33,253 - INFO - DNS Query (IPv4): dns.msftncsi.com
2024-08-03 14:24:33,820 - INFO - DNS Query (IPv4): dns.msftncsi.com
2024-08-03 14:24:33,820 - INFO - DNS Answer (IPv4): dns.msftncsi.com
2024-08-03 14:24:33,820 - INFO - DNS Query (IPv4): browser.events.data.msn.com
2024-08-03 14:24:33,820 - INFO - DNS Query (IPv4): browser.events.data.msn.com
2024-08-03 14:24:33,820 - INFO - DNS Query (IPv4): browser.events.data.msn.com
2024-08-03 14:24:33,820 - INFO - DNS Answer (IPv4): browser.events.data.msn.com
2024-08-03 14:24:33,820 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 14:24:33,820 - INFO - Scanning domain: onedscolprdeus09.eastus.cloudapp.azure.com
2024-08-03 14:24:41,010 - INFO - DNS Answer (IPv4): onedscolprdeus09.eastus.cloudapp.azure.com
2024-08-03 14:24:41,010 - INFO - DNS Query (IPv4): browser.events.data.msn.com
2024-08-03 14:24:41,010 - INFO - DNS Answer (IPv4): browser.events.data.msn.com
2024-08-03 14:24:41,010 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 14:25:02,113 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:25:02,183 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:25:02,254 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:25:02,254 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 14:25:02,254 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 14:25:02,313 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:25:02,313 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 14:25:02,313 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 14:25:02,331 - INFO - Scanning domain: onedscolprdcus13.centralus.cloudapp.azure.com
2024-08-03 14:25:20,325 - INFO - DNS Answer (IPv4): onedscolprdcus13.centralus.cloudapp.azure.com
2024-08-03 14:25:26,932 - INFO - Scanning domain: edgeservices.bing.com
2024-08-03 14:25:51,220 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:25:51,220 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:25:51,290 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:25:51,290 - INFO - DNS Answer (IPv4): edgeservices.bing.com
2024-08-03 14:25:51,352 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 14:25:51,352 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 14:25:51,352 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 14:25:51,352 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:25:51,352 - INFO - DNS Answer (IPv4): edgeservices.bing.com
2024-08-03 14:25:51,352 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 14:25:51,352 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 14:25:51,352 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 14:25:51,352 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:25:51,352 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:25:51,352 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:25:51,352 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:25:51,352 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:25:51,352 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:25:51,352 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:25:51,352 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:25:51,352 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:25:58,969 - INFO - Scanning domain: proteus-assetstore.azurewebsites.net
2024-08-03 14:26:23,031 - INFO - DNS Query (IPv4): proteus-assetstore.azurewebsites.net
2024-08-03 14:26:23,077 - INFO - DNS Query (IPv4): proteus-assetstore.azurewebsites.net
2024-08-03 14:26:23,077 - INFO - DNS Query (IPv4): proteus-assetstore.azurewebsites.net
2024-08-03 14:26:23,077 - INFO - DNS Answer (IPv4): proteus-assetstore.azurewebsites.net
2024-08-03 14:26:23,077 - INFO - Scanning domain: waws-prod-mwh-025.sip.azurewebsites.windows.net
2024-08-03 14:26:38,321 - INFO - DNS Answer (IPv4): waws-prod-mwh-025.sip.azurewebsites.windows.net
2024-08-03 14:26:38,321 - INFO - DNS Query (IPv4): proteus-assetstore.azurewebsites.net
2024-08-03 14:26:38,321 - INFO - DNS Answer (IPv4): proteus-assetstore.azurewebsites.net
2024-08-03 14:26:38,321 - INFO - DNS Answer (IPv4): waws-prod-mwh-025.sip.azurewebsites.windows.net
2024-08-03 14:26:38,321 - INFO - Scanning domain: waws-prod-mwh-025.westus2.cloudapp.azure.com
2024-08-03 14:26:48,852 - INFO - DNS Answer (IPv4): waws-prod-mwh-025.westus2.cloudapp.azure.com
2024-08-03 14:26:48,852 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:26:48,852 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:26:48,852 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:26:48,852 - INFO - DNS Answer (IPv4): edgeservices.bing.com
2024-08-03 14:26:48,852 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 14:26:48,852 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 14:26:48,852 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 14:26:48,852 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:48,852 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:48,852 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:48,852 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:48,852 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:48,852 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:48,852 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:48,852 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:48,852 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:49,147 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:26:49,147 - INFO - DNS Answer (IPv4): edgeservices.bing.com
2024-08-03 14:26:49,147 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 14:26:49,147 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 14:26:49,147 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 14:26:49,147 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:26:49,147 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:26:49,147 - INFO - DNS Answer (IPv4): edgeservices.bing.com
2024-08-03 14:26:49,147 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 14:26:49,147 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 14:26:49,147 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 14:26:49,147 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:49,147 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:49,147 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:49,147 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:49,147 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:49,147 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:49,147 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:49,147 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:49,147 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:56,109 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:26:56,109 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): edgeservices.bing.com
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:56,109 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:26:56,109 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:26:56,109 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): edgeservices.bing.com
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:56,109 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:26:56,843 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:26:56,843 - INFO - DNS Answer (IPv4): edgeservices.bing.com
2024-08-03 14:26:56,843 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 14:26:56,843 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 14:26:56,843 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 14:26:56,843 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 14:27:03,768 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 14:27:03,768 - INFO - DNS Query (IPv4): _microsoft_mcc._tcp.local
2024-08-03 14:27:04,526 - INFO - DNS Query (IPv6): _microsoft_mcc._tcp.local
2024-08-03 14:27:44,690 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:27:44,718 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:27:44,718 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:27:44,732 - INFO - DNS Answer (IPv4): edgeservices.bing.com
2024-08-03 14:27:44,732 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 14:27:44,732 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 14:27:44,732 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 14:27:44,743 - INFO - DNS Query (IPv4): edgeservices.bing.com
2024-08-03 14:27:44,751 - INFO - DNS Answer (IPv4): edgeservices.bing.com
2024-08-03 14:27:44,780 - INFO - DNS Answer (IPv4): www.bing.com
2024-08-03 14:27:44,783 - INFO - DNS Answer (IPv4): www-www.bing.com.trafficmanager.net
2024-08-03 14:27:44,783 - INFO - DNS Answer (IPv4): www.bing.com.edgekey.net
2024-08-03 14:27:44,784 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:27:44,790 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:27:44,790 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:27:44,790 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:27:44,790 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:27:44,790 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:27:44,790 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:27:44,790 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:27:44,794 - INFO - DNS Answer (IPv4): e86303.dscx.akamaiedge.net
2024-08-03 14:28:05,794 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:28:05,992 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:28:05,992 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:28:05,992 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 14:28:05,992 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 14:28:05,992 - INFO - DNS Query (IPv4): functional.events.data.microsoft.com
2024-08-03 14:28:05,992 - INFO - DNS Answer (IPv4): functional.events.data.microsoft.com
2024-08-03 14:28:05,992 - INFO - DNS Answer (IPv4): global.asimov.events.data.trafficmanager.net
2024-08-03 14:28:05,992 - INFO - Scanning domain: onedscolprdwus20.westus.cloudapp.azure.com
2024-08-03 14:28:09,467 - INFO - DNS Answer (IPv4): onedscolprdwus20.westus.cloudapp.azure.com
2024-08-03 14:28:10,352 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 14:28:10,379 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 14:28:10,431 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 14:28:10,600 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 14:28:10,601 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 14:28:10,611 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 14:28:10,741 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 14:28:10,820 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 14:28:10,820 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 14:28:10,820 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 14:28:10,834 - INFO - DNS Query (IPv4): v10.events.data.microsoft.com
2024-08-03 14:28:10,838 - INFO - DNS Query (IPv4): v10.events.data.microsoft.com
2024-08-03 14:28:10,838 - INFO - DNS Answer (IPv4): v10.events.data.microsoft.com
2024-08-03 14:28:10,838 - INFO - DNS Answer (IPv4): win-global-asimov-leafs-events-data.trafficmanager.net
2024-08-03 14:28:10,838 - INFO - Scanning domain: onedscolprdcus17.centralus.cloudapp.azure.com
2024-08-03 14:28:14,798 - INFO - DNS Answer (IPv4): onedscolprdcus17.centralus.cloudapp.azure.com
2024-08-03 14:28:15,096 - INFO - DNS Query (IPv4): v20.events.data.microsoft.com
2024-08-03 14:28:15,096 - INFO - DNS Query (IPv4): v20.events.data.microsoft.com
2024-08-03 14:28:15,096 - INFO - DNS Answer (IPv4): v20.events.data.microsoft.com
2024-08-03 14:28:15,096 - INFO - DNS Answer (IPv4): win-global-asimov-leafs-events-data.trafficmanager.net
2024-08-03 14:28:15,096 - INFO - DNS Answer (IPv4): onedscolprdeus14.eastus.cloudapp.azure.com
2024-08-03 14:28:19,204 - INFO - Scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_6.c
2024-08-03 14:28:19,204 - INFO - File is in the decompile directory: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_6.c. Scanning file.
2024-08-03 14:28:19,204 - INFO - Started scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_6.c
2024-08-03 14:28:21,821 - INFO - No malware detected by ClamAV in file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_6.c
2024-08-03 14:28:25,021 - INFO - Scanning domain: displaycatalog.mp.microsoft.com
2024-08-03 14:28:25,771 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:28:25,771 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 14:28:26,846 - INFO - Scanned file with YARA: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_6.c - No viruses detected
2024-08-03 14:28:26,846 - INFO - Running ransomware alert check for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_6.c'
2024-08-03 14:28:26,846 - INFO - Checking ransomware conditions for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_6.c' with parts '['decompiled_output_6', 'c']'
2024-08-03 14:28:26,846 - INFO - File 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_6.c' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:28:26,952 - INFO - Scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_7.c
2024-08-03 14:28:26,952 - INFO - File is in the decompile directory: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_7.c. Scanning file.
2024-08-03 14:28:26,952 - INFO - Started scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_7.c
2024-08-03 14:28:28,024 - INFO - No malware detected by ClamAV in file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_7.c
2024-08-03 14:28:28,235 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:28:28,235 - INFO - Rule ct_size_1kb_10kb is excluded.
2024-08-03 14:28:28,239 - INFO - Scanned file with YARA: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_7.c - No viruses detected
2024-08-03 14:28:28,239 - INFO - Running ransomware alert check for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_7.c'
2024-08-03 14:28:28,239 - INFO - Checking ransomware conditions for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_7.c' with parts '['decompiled_output_7', 'c']'
2024-08-03 14:28:28,239 - INFO - File 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_7.c' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:28:29,488 - INFO - DNS Query (IPv4): displaycatalog.mp.microsoft.com
2024-08-03 14:28:29,488 - INFO - DNS Query (IPv4): displaycatalog.mp.microsoft.com
2024-08-03 14:28:29,488 - INFO - DNS Answer (IPv4): displaycatalog.mp.microsoft.com
2024-08-03 14:28:29,488 - INFO - Scanning domain: displaycatalog-rp.md.mp.microsoft.com.akadns.net
2024-08-03 14:28:33,268 - INFO - DNS Answer (IPv4): displaycatalog-rp.md.mp.microsoft.com.akadns.net
2024-08-03 14:28:33,268 - INFO - Scanning domain: rp-consumer-prod-displaycatalog-geomap.trafficmanager.net
2024-08-03 14:28:35,398 - INFO - DNS Answer (IPv4): rp-consumer-prod-displaycatalog-geomap.trafficmanager.net
2024-08-03 14:28:35,398 - INFO - Scanning domain: neus1c-displaycatalog.frontdoor.bigcatalog.commerce.microsoft.com
2024-08-03 14:28:37,272 - INFO - DNS Answer (IPv4): neus1c-displaycatalog.frontdoor.bigcatalog.commerce.microsoft.com
2024-08-03 14:28:53,631 - INFO - Scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_8.c
2024-08-03 14:28:53,633 - INFO - File is in the decompile directory: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_8.c. Scanning file.
2024-08-03 14:28:53,635 - INFO - Started scanning file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_8.c
2024-08-03 14:28:55,110 - INFO - No malware detected by ClamAV in file: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_8.c
2024-08-03 14:28:55,502 - INFO - Rule ct_size_gt0 is excluded.
2024-08-03 14:28:55,502 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-08-03 14:28:55,529 - INFO - Scanned file with YARA: C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_8.c - No viruses detected
2024-08-03 14:28:55,529 - INFO - Running ransomware alert check for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_8.c'
2024-08-03 14:28:55,529 - INFO - Checking ransomware conditions for file 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_8.c' with parts '['decompiled_output_8', 'c']'
2024-08-03 14:28:55,529 - INFO - File 'C:\Program Files\HydraDragonAntivirus\decompile\decompiled_output_8.c' does not have multiple extensions, not flagged as ransomware
2024-08-03 14:29:12,853 - INFO - DNS Query (IPv4): ctldl.windowsupdate.com
2024-08-03 14:29:12,905 - INFO - DNS Query (IPv4): ctldl.windowsupdate.com
2024-08-03 14:29:12,905 - INFO - DNS Answer (IPv4): ctldl.windowsupdate.com
2024-08-03 14:29:12,921 - INFO - DNS Answer (IPv4): ctldl.windowsupdate.com.delivery.microsoft.com
2024-08-03 14:29:12,921 - INFO - DNS Answer (IPv4): wu-b-net.trafficmanager.net
2024-08-03 14:29:12,921 - INFO - Scanning domain: bg.microsoft.map.fastly.net
2024-08-03 14:29:33,660 - INFO - DNS Answer (IPv4): bg.microsoft.map.fastly.net
2024-08-03 14:29:41,766 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 14:29:42,508 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 14:29:42,508 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 14:29:42,508 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 14:29:42,907 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 14:29:44,088 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 14:29:44,088 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 14:30:09,090 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 14:30:09,090 - INFO - DNS Query (IPv4): victim._dosvc._tcp.local
2024-08-03 14:30:09,090 - INFO - DNS Query (IPv6): victim._dosvc._tcp.local
2024-08-03 14:30:09,090 - INFO - DNS Answer (IPv4): _dosvc._tcp.local
2024-08-03 14:30:09,090 - INFO - DNS Answer (IPv6): _dosvc._tcp.local
2024-08-03 14:30:09,090 - INFO - DNS Answer (IPv4): victim._dosvc._tcp.local
2024-08-03 14:30:09,231 - INFO - DNS Answer (IPv6): victim._dosvc._tcp.local
2024-08-03 14:30:25,285 - INFO - Scanning domain: fe3cr.delivery.mp.microsoft.com
2024-08-03 14:30:33,989 - INFO - DNS Query (IPv4): fe3cr.delivery.mp.microsoft.com
2024-08-03 14:30:33,989 - INFO - DNS Query (IPv4): fe3cr.delivery.mp.microsoft.com
2024-08-03 14:30:33,989 - INFO - DNS Answer (IPv4): fe3cr.delivery.mp.microsoft.com
2024-08-03 14:30:33,989 - INFO - Scanning domain: fe3.delivery.mp.microsoft.com
2024-08-03 14:30:43,285 - INFO - DNS Answer (IPv4): fe3.delivery.mp.microsoft.com
2024-08-03 14:30:43,285 - INFO - Scanning domain: glb.cws.prod.dcat.dsp.trafficmanager.net
2024-08-03 14:30:53,121 - INFO - DNS Answer (IPv4): glb.cws.prod.dcat.dsp.trafficmanager.net
2024-08-03 14:31:33,152 - INFO - DNS Query (IPv4): wpad.home