Skip to content

Instantly share code, notes, and snippets.

@HydraDragonAntivirus

HydraDragonAntivirus/antivirus

Created July 22, 2024 11:05
Show Gist options
  • Save HydraDragonAntivirus/885530abda0175c515856aaa9d37f153 to your computer and use it in GitHub Desktop.
Save HydraDragonAntivirus/885530abda0175c515856aaa9d37f153 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
antivirus
2024-07-22 13:34:17,126 - ERROR - Failed to stop ClamAV.
2024-07-22 13:35:54,622 - INFO - ClamAV restarted successfully.
2024-07-22 13:51:05,657 - ERROR - Failed to stop ClamAV.
2024-07-22 13:52:35,422 - INFO - ClamAV restarted successfully.
2024-07-22 13:52:39,239 - INFO - Running analysis for: C:/Users/hydradragonantivirus/Desktop/K1/aaa.exe
2024-07-22 13:52:39,239 - INFO - Performing sandbox analysis on: C:/Users/hydradragonantivirus/Desktop/K1/aaa.exe
2024-07-22 13:52:39,406 - INFO - Real-time web protection observer started
2024-07-22 13:52:39,410 - INFO - Scanning file: C:\Users\hydradragonantivirus\Desktop\K1\aaa.exe
2024-07-22 13:52:39,540 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-07-22 13:52:39,540 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-07-22 13:52:39,985 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-07-22 13:52:39,998 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-07-22 13:52:39,998 - INFO - Started scanning file: C:\Users\hydradragonantivirus\Desktop\K1\aaa.exe
2024-07-22 13:52:39,998 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-07-22 13:52:39,998 - INFO - Event detected: modified for file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-07-22 13:52:39,998 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-07-22 13:52:39,998 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-07-22 13:52:40,426 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-07-22 13:52:40,440 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: desktop.ini
2024-07-22 13:52:40,468 - INFO - Running Sandboxie control.
2024-07-22 13:52:40,468 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-07-22 13:52:40,473 - INFO - Sandbox analysis started. Please check log after you close program. There is no limit to scan time.
2024-07-22 13:52:40,473 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-07-22 13:52:40,473 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-07-22 13:52:40,813 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-07-22 13:52:41,019 - INFO - Rule reversing_tool_process_name is excluded.
2024-07-22 13:52:41,019 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:41,019 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:52:41,098 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini - No viruses detected
2024-07-22 13:52:41,098 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini'
2024-07-22 13:52:41,110 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' with parts '['desktop', 'ini']'
2024-07-22 13:52:41,110 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:41,110 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini'
2024-07-22 13:52:41,165 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' is not a PE file, skipping worm detection.
2024-07-22 13:52:41,175 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-07-22 13:52:41,175 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-07-22 13:52:41,176 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-07-22 13:52:41,679 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-07-22 13:52:41,698 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-07-22 13:52:41,776 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-07-22 13:52:41,789 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-07-22 13:52:41,789 - INFO - Sandboxie control output:
2024-07-22 13:52:41,811 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-07-22 13:52:41,860 - INFO - Rule reversing_tool_process_name is excluded.
2024-07-22 13:52:41,860 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:41,860 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:52:41,899 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini - No viruses detected
2024-07-22 13:52:41,899 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini'
2024-07-22 13:52:41,899 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' with parts '['desktop', 'ini']'
2024-07-22 13:52:41,899 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:41,899 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini'
2024-07-22 13:52:41,899 - INFO - Rule reversing_tool_process_name is excluded.
2024-07-22 13:52:41,899 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:41,899 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:52:41,939 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini - No viruses detected
2024-07-22 13:52:41,939 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini'
2024-07-22 13:52:41,939 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' with parts '['desktop', 'ini']'
2024-07-22 13:52:41,939 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:41,939 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini'
2024-07-22 13:52:41,942 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:41,942 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:52:41,983 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT - No viruses detected
2024-07-22 13:52:41,983 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT'
2024-07-22 13:52:41,983 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' with parts '['DONT-USE', 'TXT']'
2024-07-22 13:52:41,983 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:41,983 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT'
2024-07-22 13:52:41,996 - INFO - Rule reversing_tool_process_name is excluded.
2024-07-22 13:52:41,996 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:41,996 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:52:42,034 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini - No viruses detected
2024-07-22 13:52:42,034 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini'
2024-07-22 13:52:42,034 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' with parts '['desktop', 'ini']'
2024-07-22 13:52:42,034 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:42,034 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini'
2024-07-22 13:52:42,034 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' is not a PE file, skipping worm detection.
2024-07-22 13:52:42,034 - INFO - Rule reversing_tool_process_name is excluded.
2024-07-22 13:52:42,034 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-07-22 13:52:42,034 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' is not a PE file, skipping worm detection.
2024-07-22 13:52:42,152 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' is not a PE file, skipping worm detection.
2024-07-22 13:52:42,152 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' is not a PE file, skipping worm detection.
2024-07-22 13:52:42,152 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:42,158 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-07-22 13:52:42,158 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-07-22 13:52:42,158 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: DONT-USE.TXT
2024-07-22 13:52:42,158 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-07-22 13:52:42,158 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:52:42,158 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini
2024-07-22 13:52:42,158 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-07-22 13:52:42,158 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-07-22 13:52:42,199 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini - No viruses detected
2024-07-22 13:52:42,199 - ERROR - An error occurred while checking signature: 'utf-16-le' codec can't decode byte 0x0a in position 6: truncated data
2024-07-22 13:52:42,199 - INFO - Event detected: modified for file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-07-22 13:52:42,212 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-07-22 13:52:42,212 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini'
2024-07-22 13:52:42,212 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-07-22 13:52:42,212 - INFO - Valid signature detected for file: C:\Users\hydradragonantivirus\Desktop\K1\aaa.exe
2024-07-22 13:52:42,212 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-07-22 13:52:42,212 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' with parts '['desktop', 'ini']'
2024-07-22 13:52:42,332 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:42,332 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini'
2024-07-22 13:52:42,212 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-07-22 13:52:42,332 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-07-22 13:52:42,357 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-07-22 13:52:42,795 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-07-22 13:52:43,354 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\desktop.ini' is not a PE file, skipping worm detection.
2024-07-22 13:52:43,391 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-07-22 13:52:43,424 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:43,424 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:52:43,678 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:43,678 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:52:43,934 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT - No viruses detected
2024-07-22 13:52:43,934 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT'
2024-07-22 13:52:43,934 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' with parts '['DONT-USE', 'TXT']'
2024-07-22 13:52:43,934 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:43,934 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT'
2024-07-22 13:52:43,934 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-07-22 13:52:44,533 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-07-22 13:52:44,533 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-07-22 13:52:44,533 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-07-22 13:52:44,533 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-07-22 13:52:44,533 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:44,533 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-07-22 13:52:44,533 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' is not a PE file, skipping worm detection.
2024-07-22 13:52:44,542 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-07-22 13:52:44,542 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-07-22 13:52:44,542 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' is not a PE file, skipping worm detection.
2024-07-22 13:52:44,542 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive
2024-07-22 13:52:44,542 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-07-22 13:52:44,542 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-07-22 13:52:44,542 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-07-22 13:52:44,542 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-07-22 13:52:44,542 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-07-22 13:52:44,542 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT - No viruses detected
2024-07-22 13:52:44,542 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-07-22 13:52:44,605 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT'
2024-07-22 13:52:44,730 - INFO - No malware detected by Machine Learning in file: C:\Users\hydradragonantivirus\Desktop\K1\aaa.exe
2024-07-22 13:52:44,730 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' with parts '['DONT-USE', 'TXT']'
2024-07-22 13:52:44,730 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:44,730 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT'
2024-07-22 13:52:44,863 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:44,863 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:52:44,928 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT - No viruses detected
2024-07-22 13:52:44,928 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT'
2024-07-22 13:52:44,928 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' with parts '['DONT-USE', 'TXT']'
2024-07-22 13:52:44,928 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:44,928 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT'
2024-07-22 13:52:44,928 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' is not a PE file, skipping worm detection.
2024-07-22 13:52:44,928 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-07-22 13:52:44,928 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-07-22 13:52:44,928 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-07-22 13:52:44,928 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' is not a PE file, skipping worm detection.
2024-07-22 13:52:44,928 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-07-22 13:52:44,928 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-07-22 13:52:45,415 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT
2024-07-22 13:52:45,495 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:45,495 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:52:45,651 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT - No viruses detected
2024-07-22 13:52:45,651 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT'
2024-07-22 13:52:45,651 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' with parts '['DONT-USE', 'TXT']'
2024-07-22 13:52:45,658 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:45,658 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT'
2024-07-22 13:52:45,658 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-07-22 13:52:45,658 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-07-22 13:52:45,658 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-07-22 13:52:45,658 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-07-22 13:52:45,658 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:45,658 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-07-22 13:52:45,658 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\DONT-USE.TXT' is not a PE file, skipping worm detection.
2024-07-22 13:52:45,658 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C
2024-07-22 13:52:45,658 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\drive\\C'
2024-07-22 13:52:45,658 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C
2024-07-22 13:52:45,658 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' is not a PE file, skipping worm detection.
2024-07-22 13:52:45,658 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-07-22 13:52:45,658 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-07-22 13:52:45,658 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-07-22 13:52:45,658 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive'
2024-07-22 13:52:45,658 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-07-22 13:52:45,658 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-07-22 13:52:45,658 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-07-22 13:52:45,658 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:45,658 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-07-22 13:52:45,658 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' is not a PE file, skipping worm detection.
2024-07-22 13:52:45,658 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive.LOG1
2024-07-22 13:52:45,658 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-07-22 13:52:45,658 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-07-22 13:52:45,658 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-07-22 13:52:45,658 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-07-22 13:52:45,658 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-07-22 13:52:45,658 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1'
2024-07-22 13:52:45,658 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' with parts '['RegHive', 'LOG1']'
2024-07-22 13:52:45,658 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:45,658 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1'
2024-07-22 13:52:45,658 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' is not a PE file, skipping worm detection.
2024-07-22 13:52:45,658 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-07-22 13:52:45,743 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-07-22 13:52:45,743 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-07-22 13:52:45,743 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-07-22 13:52:45,983 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-07-22 13:52:45,983 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1
2024-07-22 13:52:45,983 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C
2024-07-22 13:52:45,993 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-07-22 13:52:46,003 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1'
2024-07-22 13:52:46,003 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG1'
2024-07-22 13:52:46,026 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-07-22 13:52:46,027 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' with parts '['RegHive', 'LOG1']'
2024-07-22 13:52:46,048 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\drive\\C'
2024-07-22 13:52:46,059 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1'
2024-07-22 13:52:46,070 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:46,092 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C'
2024-07-22 13:52:46,103 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-07-22 13:52:46,160 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' with parts '['RegHive', 'LOG1']'
2024-07-22 13:52:46,192 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1'
2024-07-22 13:52:46,219 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C' with parts '['C']'
2024-07-22 13:52:46,245 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2'
2024-07-22 13:52:46,257 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:46,292 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1'
2024-07-22 13:52:46,292 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' with parts '['RegHive', 'LOG2']'
2024-07-22 13:52:46,292 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:46,292 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2'
2024-07-22 13:52:46,292 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' is not a PE file, skipping worm detection.
2024-07-22 13:52:46,292 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf
2024-07-22 13:52:46,292 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf
2024-07-22 13:52:46,292 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' is not a PE file, skipping worm detection.
2024-07-22 13:52:46,292 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-07-22 13:52:46,292 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-07-22 13:52:46,292 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-07-22 13:52:46,280 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:46,292 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C'
2024-07-22 13:52:46,292 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C' is not a PE file, skipping worm detection.
2024-07-22 13:52:46,292 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current
2024-07-22 13:52:46,292 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current'
2024-07-22 13:52:46,292 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current
2024-07-22 13:52:46,292 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG1' is not a PE file, skipping worm detection.
2024-07-22 13:52:46,292 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive.LOG2
2024-07-22 13:52:46,292 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-07-22 13:52:46,292 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-07-22 13:52:46,292 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-07-22 13:52:46,313 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf
2024-07-22 13:52:46,328 - INFO - Event detected: modified for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf
2024-07-22 13:52:46,328 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf
2024-07-22 13:52:46,352 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf
2024-07-22 13:52:46,352 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-07-22 13:52:46,427 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2
2024-07-22 13:52:46,438 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-07-22 13:52:46,438 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2'
2024-07-22 13:52:46,438 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' with parts '['RegHive', 'LOG2']'
2024-07-22 13:52:46,438 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:46,438 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2'
2024-07-22 13:52:46,438 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\RegHive.LOG2'
2024-07-22 13:52:46,438 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2'
2024-07-22 13:52:46,453 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' with parts '['RegHive', 'LOG2']'
2024-07-22 13:52:46,465 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' is not a PE file, skipping worm detection.
2024-07-22 13:52:46,465 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf
2024-07-22 13:52:46,465 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:46,511 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2'
2024-07-22 13:52:46,511 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf
2024-07-22 13:52:46,531 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive.LOG2' is not a PE file, skipping worm detection.
2024-07-22 13:52:46,531 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf
2024-07-22 13:52:46,548 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf
2024-07-22 13:52:46,548 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf
2024-07-22 13:52:46,676 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf
2024-07-22 13:52:46,700 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf
2024-07-22 13:52:46,794 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf
2024-07-22 13:52:46,884 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf
2024-07-22 13:52:47,257 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:47,257 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:52:47,349 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:47,349 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:52:47,420 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf - No viruses detected
2024-07-22 13:52:47,420 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf'
2024-07-22 13:52:47,420 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf' with parts '['RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}', 'TM', 'blf']'
2024-07-22 13:52:47,420 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf' does not meet ransomware conditions
2024-07-22 13:52:47,420 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf'
2024-07-22 13:52:47,420 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf - No viruses detected
2024-07-22 13:52:47,420 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf'
2024-07-22 13:52:47,420 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf' with parts '['RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}', 'TM', 'blf']'
2024-07-22 13:52:47,420 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf' does not meet ransomware conditions
2024-07-22 13:52:47,706 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf'
2024-07-22 13:52:47,706 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:47,706 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:52:47,706 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf - No viruses detected
2024-07-22 13:52:47,706 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf'
2024-07-22 13:52:47,706 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf' with parts '['RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}', 'TM', 'blf']'
2024-07-22 13:52:47,706 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf' does not meet ransomware conditions
2024-07-22 13:52:47,706 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf'
2024-07-22 13:52:47,893 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:47,893 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:52:47,946 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf' is not a PE file, skipping worm detection.
2024-07-22 13:52:48,259 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf
2024-07-22 13:52:48,259 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf
2024-07-22 13:52:48,259 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf' is not a PE file, skipping worm detection.
2024-07-22 13:52:48,259 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf - No viruses detected
2024-07-22 13:52:48,259 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf'
2024-07-22 13:52:48,259 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf' with parts '['RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}', 'TM', 'blf']'
2024-07-22 13:52:48,259 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf' does not meet ransomware conditions
2024-07-22 13:52:48,259 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf'
2024-07-22 13:52:48,259 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf' is not a PE file, skipping worm detection.
2024-07-22 13:52:48,268 - INFO - Event detected: modified for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-07-22 13:52:48,268 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-07-22 13:52:48,268 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-07-22 13:52:48,268 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-07-22 13:52:48,270 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-07-22 13:52:48,270 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-07-22 13:52:48,270 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-07-22 13:52:48,270 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-07-22 13:52:48,281 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TM.blf' is not a PE file, skipping worm detection.
2024-07-22 13:52:48,281 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-07-22 13:52:48,281 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-07-22 13:52:48,309 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-07-22 13:52:49,772 - INFO - No malware detected by ClamAV in file: C:\Users\hydradragonantivirus\Desktop\K1\aaa.exe
2024-07-22 13:52:49,772 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-07-22 13:52:49,800 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-07-22 13:52:49,800 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-07-22 13:52:49,800 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-07-22 13:52:50,657 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:50,657 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:52:50,773 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms - No viruses detected
2024-07-22 13:52:50,773 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-07-22 13:52:50,773 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' with parts '['RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}', 'TMContainer00000000000000000001', 'regtrans-ms']'
2024-07-22 13:52:50,773 - INFO - Previous extension '.tmcontainer00000000000000000001' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not known, not flagged as ransomware
2024-07-22 13:52:50,773 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-07-22 13:52:50,773 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:50,773 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:52:50,863 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:50,863 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:52:50,911 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms - No viruses detected
2024-07-22 13:52:50,911 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-07-22 13:52:50,911 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' with parts '['RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}', 'TMContainer00000000000000000001', 'regtrans-ms']'
2024-07-22 13:52:50,911 - INFO - Previous extension '.tmcontainer00000000000000000001' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not known, not flagged as ransomware
2024-07-22 13:52:50,911 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-07-22 13:52:50,933 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:50,933 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:52:50,992 - INFO - Scanning domain: wpad.home
2024-07-22 13:52:51,464 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms - No viruses detected
2024-07-22 13:52:51,464 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-07-22 13:52:51,464 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' with parts '['RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}', 'TMContainer00000000000000000001', 'regtrans-ms']'
2024-07-22 13:52:51,464 - INFO - Previous extension '.tmcontainer00000000000000000001' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not known, not flagged as ransomware
2024-07-22 13:52:51,892 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not a PE file, skipping worm detection.
2024-07-22 13:52:51,902 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-07-22 13:52:51,941 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current
2024-07-22 13:52:51,941 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-07-22 13:52:51,941 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-07-22 13:52:51,941 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms - No viruses detected
2024-07-22 13:52:51,941 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-07-22 13:52:52,012 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\current'
2024-07-22 13:52:52,021 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' with parts '['RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}', 'TMContainer00000000000000000001', 'regtrans-ms']'
2024-07-22 13:52:52,021 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current'
2024-07-22 13:52:52,160 - INFO - Previous extension '.tmcontainer00000000000000000001' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not known, not flagged as ransomware
2024-07-22 13:52:53,020 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms'
2024-07-22 13:52:52,170 - INFO - DNS Query (IPv4): wpad.home
2024-07-22 13:52:52,170 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-07-22 13:52:53,011 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not a PE file, skipping worm detection.
2024-07-22 13:52:52,160 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current' with parts '['current']'
2024-07-22 13:52:53,029 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:53,020 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-07-22 13:52:53,020 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not a PE file, skipping worm detection.
2024-07-22 13:52:53,043 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox: RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-07-22 13:52:53,043 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-07-22 13:52:53,029 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current'
2024-07-22 13:52:53,031 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms
2024-07-22 13:52:53,031 - INFO - DNS Query (IPv4): wpad.home
2024-07-22 13:52:53,065 - INFO - Event detected: modified for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-07-22 13:52:53,086 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000001.regtrans-ms' is not a PE file, skipping worm detection.
2024-07-22 13:52:53,086 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-07-22 13:52:53,086 - INFO - DNS Query (IPv4): wpad.home
2024-07-22 13:52:53,086 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-07-22 13:52:53,095 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-07-22 13:52:53,207 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current' is not a PE file, skipping worm detection.
2024-07-22 13:52:53,207 - INFO - Rule _Microsoft_Visual_Cpp_v50v60_MFC_ is excluded.
2024-07-22 13:52:53,228 - INFO - Rule _Borland_Delphi_v60__v70_ is excluded.
2024-07-22 13:52:53,228 - INFO - Rule _Borland_Delphi_v40__v50_ is excluded.
2024-07-22 13:52:53,228 - INFO - Rule _Borland_Delphi_v30_ is excluded.
2024-07-22 13:52:53,228 - INFO - Rule _Borland_Delphi_Setup_Module_ is excluded.
2024-07-22 13:52:53,228 - INFO - Rule _Borland_Delphi_DLL_ is excluded.
2024-07-22 13:52:53,228 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-07-22 13:52:53,228 - INFO - Rule DebuggerOutput__String is excluded.
2024-07-22 13:52:53,228 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-07-22 13:52:53,228 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-07-22 13:52:53,228 - INFO - Rule DebuggerPattern__SEH_Saves is excluded.
2024-07-22 13:52:53,228 - INFO - Rule DebuggerPattern__SEH_Inits is excluded.
2024-07-22 13:52:53,228 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-07-22 13:52:53,228 - INFO - Rule head_mz is excluded.
2024-07-22 13:52:53,228 - INFO - Rule head_pe_unsigned is excluded.
2024-07-22 13:52:53,228 - INFO - Rule pe_unsigned_uncommon_product_name is excluded.
2024-07-22 13:52:53,228 - INFO - DNS Query (IPv4): wpad.home
2024-07-22 13:52:53,252 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:53,252 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-07-22 13:52:53,261 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-07-22 13:52:53,261 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-07-22 13:52:53,414 - INFO - Rule head_mz_e_med_1mb_10mb is excluded.
2024-07-22 13:52:53,414 - INFO - Rule Contains_PE_File is excluded.
2024-07-22 13:52:53,414 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-07-22 13:52:53,426 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-07-22 13:52:53,438 - INFO - Rule maldoc_find_kernel32_base_method_1 is excluded.
2024-07-22 13:52:53,447 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-07-22 13:52:53,447 - INFO - Rule PEiD_00055_Alias_PIX_Vivid_IMG_Graphics_format_ is excluded.
2024-07-22 13:52:53,447 - INFO - Rule http is excluded.
2024-07-22 13:52:53,447 - INFO - Rule Hunting_resources_noimps is excluded.
2024-07-22 13:52:53,447 - INFO - Rule Big_Numbers1 is excluded.
2024-07-22 13:52:53,447 - INFO - Rule CRC32_poly_Constant is excluded.
2024-07-22 13:52:53,447 - INFO - Rule MD5_Constants is excluded.
2024-07-22 13:52:53,447 - INFO - Rule SEH_Save is excluded.
2024-07-22 13:52:53,447 - INFO - Rule SEH_Init is excluded.
2024-07-22 13:52:53,447 - INFO - Rule anti_dbg is excluded.
2024-07-22 13:52:53,447 - INFO - Rule win_hook is excluded.
2024-07-22 13:52:53,447 - INFO - Rule escalate_priv is excluded.
2024-07-22 13:52:53,447 - INFO - Rule screenshot is excluded.
2024-07-22 13:52:53,447 - INFO - Rule win_mutex is excluded.
2024-07-22 13:52:53,447 - INFO - Rule win_registry is excluded.
2024-07-22 13:52:53,447 - INFO - Rule win_token is excluded.
2024-07-22 13:52:53,447 - INFO - Rule win_files_operation is excluded.
2024-07-22 13:52:53,447 - INFO - Rule misc_no_dosmode_header is excluded.
2024-07-22 13:52:53,447 - INFO - Rule misc_pe_signature is excluded.
2024-07-22 13:52:53,447 - INFO - Rule obfuscation_singlebyte_mov is excluded.
2024-07-22 13:52:53,447 - INFO - Rule GenerateTLSClientHelloPacket_Test is excluded.
2024-07-22 13:52:53,447 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-07-22 13:52:53,447 - INFO - Rule IsPE32 is excluded.
2024-07-22 13:52:53,447 - INFO - Rule IsWindowsGUI is excluded.
2024-07-22 13:52:53,447 - INFO - Rule HasOverlay is excluded.
2024-07-22 13:52:53,447 - INFO - Rule HasDigitalSignature is excluded.
2024-07-22 13:52:53,447 - INFO - Rule DLL_inject is excluded.
2024-07-22 13:52:53,447 - INFO - Rule Borland is excluded.
2024-07-22 13:52:53,447 - INFO - Rule IsNotPacked is excluded.
2024-07-22 13:52:53,447 - INFO - Rule Borland_Delphi_40_additional is excluded.
2024-07-22 13:52:53,447 - INFO - Rule Microsoft_Visual_Cpp_v50v60_MFC is excluded.
2024-07-22 13:52:53,447 - INFO - Rule Borland_Delphi_30_additional is excluded.
2024-07-22 13:52:53,447 - INFO - Rule Borland_Delphi_30_ is excluded.
2024-07-22 13:52:53,447 - INFO - Rule Borland_Delphi_Setup_Module is excluded.
2024-07-22 13:52:53,447 - INFO - Rule Borland_Delphi_40 is excluded.
2024-07-22 13:52:53,466 - INFO - Rule Borland_Delphi_v40_v50 is excluded.
2024-07-22 13:52:53,466 - INFO - Rule Borland_Delphi_v30 is excluded.
2024-07-22 13:52:53,466 - INFO - Rule Borland_Delphi_DLL is excluded.
2024-07-22 13:52:53,521 - WARNING - Infected file detected (YARA): C:\Users\hydradragonantivirus\Desktop\K1\aaa.exe - Virus: ['PEiD_00319_BobSoft_Mini_Delphi____BoB___BobSoft_', 'PEiD_00347_Borland_Delphi_v6_0___v7_0_', 'Win_Spyware_Zbot_1279', 'BobSoftMiniDelphiBoBBobSoft', 'shellcode_at_entry_point', '_BobSoft_Mini_Delphi__BoB__BobSoft_', 'Borland_Delphi_v60_v70_additional', 'BobSoft_Mini_Delphi_BoB_BobSoft_additional']
2024-07-22 13:52:53,521 - INFO - Running ransomware alert check for file 'C:\Users\hydradragonantivirus\Desktop\K1\aaa.exe'
2024-07-22 13:52:53,521 - INFO - Checking ransomware conditions for file 'C:\Users\hydradragonantivirus\Desktop\K1\aaa.exe' with parts '['aaa', 'exe']'
2024-07-22 13:52:53,521 - INFO - File 'C:\Users\hydradragonantivirus\Desktop\K1\aaa.exe' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:53,521 - INFO - Running worm detection for file 'C:\Users\hydradragonantivirus\Desktop\K1\aaa.exe'
2024-07-22 13:52:53,784 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-07-22 13:52:53,832 - INFO - File 'C:\Users\hydradragonantivirus\Desktop\K1\aaa.exe' is identified as a PE file. Proceeding with worm detection.
2024-07-22 13:52:53,892 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-07-22 13:52:54,305 - ERROR - An error occurred while checking signature: 'utf-16-le' codec can't decode byte 0x0a in position 6: truncated data
2024-07-22 13:52:54,305 - WARNING - File 'C:\Users\hydradragonantivirus\Desktop\K1\aaa.exe' does not have a valid signature. Proceeding with unknown...
2024-07-22 13:52:54,312 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:54,312 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:52:54,329 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms - No viruses detected
2024-07-22 13:52:54,329 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-07-22 13:52:54,329 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' with parts '['RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}', 'TMContainer00000000000000000002', 'regtrans-ms']'
2024-07-22 13:52:54,329 - INFO - Previous extension '.tmcontainer00000000000000000002' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not known, not flagged as ransomware
2024-07-22 13:52:54,329 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-07-22 13:52:54,329 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:54,329 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:52:54,395 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:54,395 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:52:54,436 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms - No viruses detected
2024-07-22 13:52:54,436 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-07-22 13:52:54,436 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' with parts '['RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}', 'TMContainer00000000000000000002', 'regtrans-ms']'
2024-07-22 13:52:54,436 - INFO - Previous extension '.tmcontainer00000000000000000002' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not known, not flagged as ransomware
2024-07-22 13:52:54,436 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-07-22 13:52:54,508 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-07-22 13:52:54,735 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms - No viruses detected
2024-07-22 13:52:54,735 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-07-22 13:52:54,735 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' with parts '['RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}', 'TMContainer00000000000000000002', 'regtrans-ms']'
2024-07-22 13:52:54,735 - INFO - Previous extension '.tmcontainer00000000000000000002' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not known, not flagged as ransomware
2024-07-22 13:52:54,735 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-07-22 13:52:54,738 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not a PE file, skipping worm detection.
2024-07-22 13:52:54,800 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not a PE file, skipping worm detection.
2024-07-22 13:52:54,839 - WARNING - Original file 'C:Windows\aaa.exe' or sandbox file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\aaa.exe' not found. Skipping worm detection.
2024-07-22 13:52:54,839 - WARNING - File C:\Users\hydradragonantivirus\Desktop\K1\aaa.exe is malicious. Viruses: PEiD_00319_BobSoft_Mini_Delphi____BoB___BobSoft_, PEiD_00347_Borland_Delphi_v6_0___v7_0_, Win_Spyware_Zbot_1279, BobSoftMiniDelphiBoBBobSoft, shellcode_at_entry_point, _BobSoft_Mini_Delphi__BoB__BobSoft_, Borland_Delphi_v60_v70_additional, BobSoft_Mini_Delphi_BoB_BobSoft_additional
2024-07-22 13:52:54,839 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive
2024-07-22 13:52:54,892 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\drive'
2024-07-22 13:52:54,892 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive
2024-07-22 13:52:54,892 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not a PE file, skipping worm detection.
2024-07-22 13:52:54,980 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
2024-07-22 13:52:54,980 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
2024-07-22 13:52:54,984 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319: MSBuild.exe
2024-07-22 13:52:54,984 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
2024-07-22 13:52:54,984 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
2024-07-22 13:52:55,010 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive
2024-07-22 13:52:55,016 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
2024-07-22 13:52:55,016 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
2024-07-22 13:52:55,016 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
2024-07-22 13:52:55,025 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\drive'
2024-07-22 13:52:55,025 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive'
2024-07-22 13:52:55,025 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive' with parts '['drive']'
2024-07-22 13:52:55,025 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:55,025 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive'
2024-07-22 13:52:55,025 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive' is not a PE file, skipping worm detection.
2024-07-22 13:52:55,117 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
2024-07-22 13:52:55,459 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:55,459 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:52:55,545 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe - No viruses detected
2024-07-22 13:52:55,545 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe'
2024-07-22 13:52:55,545 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe' with parts '['MSBuild', 'exe']'
2024-07-22 13:52:55,556 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms - No viruses detected
2024-07-22 13:52:55,573 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:55,581 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-07-22 13:52:55,614 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe'
2024-07-22 13:52:55,640 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' with parts '['RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}', 'TMContainer00000000000000000002', 'regtrans-ms']'
2024-07-22 13:52:55,650 - INFO - Previous extension '.tmcontainer00000000000000000002' of file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not known, not flagged as ransomware
2024-07-22 13:52:55,667 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms'
2024-07-22 13:52:55,650 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe' is not a PE file, skipping worm detection.
2024-07-22 13:52:55,667 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user
2024-07-22 13:52:55,667 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user'
2024-07-22 13:52:55,667 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user
2024-07-22 13:52:55,667 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini
2024-07-22 13:52:55,705 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini
2024-07-22 13:52:55,756 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms' is not a PE file, skipping worm detection.
2024-07-22 13:52:55,794 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-07-22 13:52:55,794 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive{e318b1d3-4672-11ef-a1df-080027d8bb25}.TMContainer00000000000000000002.regtrans-ms
2024-07-22 13:52:55,800 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
2024-07-22 13:52:55,865 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini
2024-07-22 13:52:55,865 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
2024-07-22 13:52:55,917 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user
2024-07-22 13:52:55,917 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe - No viruses detected
2024-07-22 13:52:55,917 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
2024-07-22 13:52:56,008 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini - No viruses detected
2024-07-22 13:52:56,028 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini'
2024-07-22 13:52:56,028 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
2024-07-22 13:52:56,028 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user'
2024-07-22 13:52:56,021 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe'
2024-07-22 13:52:56,028 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini' with parts '['parre', 'ini']'
2024-07-22 13:52:56,028 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user'
2024-07-22 13:52:56,056 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe - No viruses detected
2024-07-22 13:52:56,056 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe' with parts '['MSBuild', 'exe']'
2024-07-22 13:52:56,074 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:56,074 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe'
2024-07-22 13:52:56,074 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user' with parts '['user']'
2024-07-22 13:52:56,056 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:56,074 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini'
2024-07-22 13:52:56,074 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini' is not a PE file, skipping worm detection.
2024-07-22 13:52:56,074 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe' is not a PE file, skipping worm detection.
2024-07-22 13:52:56,074 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:56,114 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user'
2024-07-22 13:52:56,114 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user' is not a PE file, skipping worm detection.
2024-07-22 13:52:56,114 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\all
2024-07-22 13:52:56,114 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\all'
2024-07-22 13:52:56,114 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\all
2024-07-22 13:52:56,086 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk
2024-07-22 13:52:56,074 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe'
2024-07-22 13:52:56,150 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe' with parts '['MSBuild', 'exe']'
2024-07-22 13:52:56,150 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:56,150 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe'
2024-07-22 13:52:56,150 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current: parre.ini
2024-07-22 13:52:56,159 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini
2024-07-22 13:52:56,159 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\all
2024-07-22 13:52:56,159 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe' is not a PE file, skipping worm detection.
2024-07-22 13:52:56,168 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\all. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\all'
2024-07-22 13:52:56,191 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\all'
2024-07-22 13:52:56,191 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\all' with parts '['all']'
2024-07-22 13:52:56,191 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\all' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:56,191 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\all'
2024-07-22 13:52:56,196 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini
2024-07-22 13:52:56,196 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk
2024-07-22 13:52:56,198 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\all' is not a PE file, skipping worm detection.
2024-07-22 13:52:56,236 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public
2024-07-22 13:52:56,236 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\public'
2024-07-22 13:52:56,244 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public
2024-07-22 13:52:56,236 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
2024-07-22 13:52:56,244 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini
2024-07-22 13:52:56,244 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini
2024-07-22 13:52:56,244 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini
2024-07-22 13:52:56,433 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe - No viruses detected
2024-07-22 13:52:56,433 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe'
2024-07-22 13:52:56,433 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe' with parts '['MSBuild', 'exe']'
2024-07-22 13:52:56,433 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:56,433 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe'
2024-07-22 13:52:56,433 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe' is not a PE file, skipping worm detection.
2024-07-22 13:52:56,433 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
2024-07-22 13:52:56,433 - INFO - Processed all files in directory: C:\Sandbox\hydradragonantivirus\DefaultBox\drive
2024-07-22 13:52:56,433 - INFO - Directory event detected: C:\Sandbox\hydradragonantivirus\DefaultBox\drive
2024-07-22 13:52:56,433 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public
2024-07-22 13:52:56,433 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini
2024-07-22 13:52:56,439 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\public'
2024-07-22 13:52:56,439 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public'
2024-07-22 13:52:56,439 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public' with parts '['public']'
2024-07-22 13:52:56,439 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:56,439 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public'
2024-07-22 13:52:56,439 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public' is not a PE file, skipping worm detection.
2024-07-22 13:52:56,439 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos
2024-07-22 13:52:56,439 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\public\\Videos'
2024-07-22 13:52:56,440 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos
2024-07-22 13:52:56,442 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini
2024-07-22 13:52:56,457 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini
2024-07-22 13:52:56,523 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini - No viruses detected
2024-07-22 13:52:56,523 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini'
2024-07-22 13:52:56,523 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini' with parts '['parre', 'ini']'
2024-07-22 13:52:56,523 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:56,523 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini'
2024-07-22 13:52:56,550 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk
2024-07-22 13:52:56,550 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini' is not a PE file, skipping worm detection.
2024-07-22 13:52:56,550 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk
2024-07-22 13:52:56,615 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk
2024-07-22 13:52:56,615 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk
2024-07-22 13:52:56,615 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos
2024-07-22 13:52:56,615 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\public\\Videos'
2024-07-22 13:52:56,615 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos'
2024-07-22 13:52:56,618 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos' with parts '['Videos']'
2024-07-22 13:52:56,618 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:56,618 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos'
2024-07-22 13:52:56,618 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini - No viruses detected
2024-07-22 13:52:56,618 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini'
2024-07-22 13:52:56,618 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini' with parts '['parre', 'ini']'
2024-07-22 13:52:56,618 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:56,618 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini'
2024-07-22 13:52:56,618 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos' is not a PE file, skipping worm detection.
2024-07-22 13:52:56,624 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini
2024-07-22 13:52:56,624 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini
2024-07-22 13:52:56,643 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini
2024-07-22 13:52:56,652 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini' is not a PE file, skipping worm detection.
2024-07-22 13:52:56,652 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current: stimulis.lnk
2024-07-22 13:52:56,660 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk
2024-07-22 13:52:56,911 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk
2024-07-22 13:52:56,942 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:56,942 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:52:56,942 - INFO - Rule PEiD_01130_Microsoft_Windows_Shortcut_file_ is excluded.
2024-07-22 13:52:56,942 - INFO - Rule isLNK is excluded.
2024-07-22 13:52:56,977 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk. Error: cannot access local variable 'signature_check' where it is not associated with a value
2024-07-22 13:52:56,977 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk'
2024-07-22 13:52:56,977 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk' with parts '['stimulis', 'lnk']'
2024-07-22 13:52:56,977 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:56,977 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk'
2024-07-22 13:52:56,985 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk
2024-07-22 13:52:56,985 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk' is not a PE file, skipping worm detection.
2024-07-22 13:52:56,998 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk
2024-07-22 13:52:57,135 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini
2024-07-22 13:52:57,135 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini
2024-07-22 13:52:57,143 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:57,151 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:57,151 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini - No viruses detected
2024-07-22 13:52:57,151 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:52:57,173 - INFO - Rule PEiD_01130_Microsoft_Windows_Shortcut_file_ is excluded.
2024-07-22 13:52:57,172 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini'
2024-07-22 13:52:57,173 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
2024-07-22 13:52:57,170 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:52:57,173 - INFO - Rule isLNK is excluded.
2024-07-22 13:52:57,174 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:57,176 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini' with parts '['parre', 'ini']'
2024-07-22 13:52:57,210 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:57,210 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk. Error: cannot access local variable 'signature_check' where it is not associated with a value
2024-07-22 13:52:57,210 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini - No viruses detected
2024-07-22 13:52:57,213 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini'
2024-07-22 13:52:57,213 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini' with parts '['alfred', 'ini']'
2024-07-22 13:52:57,213 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:57,213 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini'
2024-07-22 13:52:57,210 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:52:57,177 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
2024-07-22 13:52:57,213 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini'
2024-07-22 13:52:57,213 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk'
2024-07-22 13:52:57,216 - INFO - Rule PEiD_01130_Microsoft_Windows_Shortcut_file_ is excluded.
2024-07-22 13:52:57,216 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk' with parts '['stimulis', 'lnk']'
2024-07-22 13:52:57,216 - INFO - Rule isLNK is excluded.
2024-07-22 13:52:57,219 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:57,241 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk'
2024-07-22 13:52:57,241 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk. Error: cannot access local variable 'signature_check' where it is not associated with a value
2024-07-22 13:52:57,241 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk'
2024-07-22 13:52:57,241 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk' with parts '['stimulis', 'lnk']'
2024-07-22 13:52:57,241 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:57,241 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk'
2024-07-22 13:52:57,243 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini' is not a PE file, skipping worm detection.
2024-07-22 13:52:57,243 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\personificerer
2024-07-22 13:52:57,243 - ERROR - Error checking PE header: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\public\\Videos\\personificerer'
2024-07-22 13:52:57,246 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\personificerer
2024-07-22 13:52:57,247 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini' is not a PE file, skipping worm detection.
2024-07-22 13:52:57,247 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\parre.ini
2024-07-22 13:52:57,247 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk
2024-07-22 13:52:57,247 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk' is not a PE file, skipping worm detection.
2024-07-22 13:52:57,247 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk' is not a PE file, skipping worm detection.
2024-07-22 13:52:57,255 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk
2024-07-22 13:52:57,269 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
2024-07-22 13:52:57,269 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
2024-07-22 13:52:57,272 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell: ModuleAnalysisCache
2024-07-22 13:52:57,272 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
2024-07-22 13:52:57,272 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
2024-07-22 13:52:57,272 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
2024-07-22 13:52:57,282 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
2024-07-22 13:52:57,282 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\personificerer
2024-07-22 13:52:57,287 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\personificerer. Error: [Errno 13] Permission denied: 'C:\\Sandbox\\hydradragonantivirus\\DefaultBox\\user\\public\\Videos\\personificerer'
2024-07-22 13:52:57,287 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\personificerer'
2024-07-22 13:52:57,287 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\personificerer' with parts '['personificerer']'
2024-07-22 13:52:57,287 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\personificerer' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:57,287 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\personificerer'
2024-07-22 13:52:57,494 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\personificerer' is not a PE file, skipping worm detection.
2024-07-22 13:52:57,605 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk
2024-07-22 13:52:57,621 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
2024-07-22 13:52:57,637 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:57,637 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:52:57,637 - INFO - Rule PEiD_01130_Microsoft_Windows_Shortcut_file_ is excluded.
2024-07-22 13:52:57,637 - INFO - Rule isLNK is excluded.
2024-07-22 13:52:57,663 - ERROR - An error occurred while scanning file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk. Error: cannot access local variable 'signature_check' where it is not associated with a value
2024-07-22 13:52:57,663 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk'
2024-07-22 13:52:57,663 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk' with parts '['stimulis', 'lnk']'
2024-07-22 13:52:57,663 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:57,663 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk'
2024-07-22 13:52:57,672 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
2024-07-22 13:52:57,672 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:57,672 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:52:57,689 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache - No viruses detected
2024-07-22 13:52:57,689 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache'
2024-07-22 13:52:57,689 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache' with parts '['ModuleAnalysisCache']'
2024-07-22 13:52:57,689 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:57,689 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache'
2024-07-22 13:52:57,693 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:57,693 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:52:57,710 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk' is not a PE file, skipping worm detection.
2024-07-22 13:52:57,710 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\stimulis.lnk
2024-07-22 13:52:57,712 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache - No viruses detected
2024-07-22 13:52:57,712 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache'
2024-07-22 13:52:57,712 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache' with parts '['ModuleAnalysisCache']'
2024-07-22 13:52:57,712 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:57,712 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache'
2024-07-22 13:52:57,715 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache' is not a PE file, skipping worm detection.
2024-07-22 13:52:57,745 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:57,745 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:52:57,761 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache - No viruses detected
2024-07-22 13:52:57,761 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache'
2024-07-22 13:52:57,761 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache' with parts '['ModuleAnalysisCache']'
2024-07-22 13:52:57,761 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:57,761 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache'
2024-07-22 13:52:57,861 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache' is not a PE file, skipping worm detection.
2024-07-22 13:52:57,963 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini
2024-07-22 13:52:57,963 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini
2024-07-22 13:52:57,971 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache' is not a PE file, skipping worm detection.
2024-07-22 13:52:57,988 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini
2024-07-22 13:52:57,988 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini
2024-07-22 13:52:57,988 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp: peroxiding.ini
2024-07-22 13:52:57,988 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini
2024-07-22 13:52:57,988 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini
2024-07-22 13:52:58,002 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
2024-07-22 13:52:58,002 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
2024-07-22 13:52:58,002 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini
2024-07-22 13:52:58,068 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini
2024-07-22 13:52:58,086 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini
2024-07-22 13:52:58,190 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini - No viruses detected
2024-07-22 13:52:58,190 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini'
2024-07-22 13:52:58,190 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini' with parts '['peroxiding', 'ini']'
2024-07-22 13:52:58,190 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:58,190 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini'
2024-07-22 13:52:58,198 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
2024-07-22 13:52:58,201 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini' is not a PE file, skipping worm detection.
2024-07-22 13:52:58,202 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini
2024-07-22 13:52:58,259 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini - No viruses detected
2024-07-22 13:52:58,259 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini'
2024-07-22 13:52:58,259 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini' with parts '['peroxiding', 'ini']'
2024-07-22 13:52:58,259 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:58,259 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini'
2024-07-22 13:52:58,267 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:52:58,269 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:52:58,269 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:52:58,269 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:52:58,275 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache - No viruses detected
2024-07-22 13:52:58,275 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache'
2024-07-22 13:52:58,275 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache' with parts '['ModuleAnalysisCache']'
2024-07-22 13:52:58,275 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:58,288 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache'
2024-07-22 13:52:58,288 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache' is not a PE file, skipping worm detection.
2024-07-22 13:52:58,288 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
2024-07-22 13:52:58,288 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini
2024-07-22 13:52:58,288 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini
2024-07-22 13:52:58,288 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini' is not a PE file, skipping worm detection.
2024-07-22 13:52:58,288 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:52:58,316 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:52:58,344 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini - No viruses detected
2024-07-22 13:52:58,344 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini'
2024-07-22 13:52:58,344 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini' with parts '['peroxiding', 'ini']'
2024-07-22 13:52:58,344 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:58,344 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini'
2024-07-22 13:52:58,431 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:52:58,431 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini' is not a PE file, skipping worm detection.
2024-07-22 13:52:58,463 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin: 4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:52:58,463 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:52:58,494 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:52:58,681 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini
2024-07-22 13:52:58,780 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini - No viruses detected
2024-07-22 13:52:58,780 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini'
2024-07-22 13:52:58,780 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini' with parts '['peroxiding', 'ini']'
2024-07-22 13:52:58,780 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:52:58,780 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini'
2024-07-22 13:52:58,780 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini' is not a PE file, skipping worm detection.
2024-07-22 13:52:58,780 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\peroxiding.ini
2024-07-22 13:52:58,806 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:52:58,806 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:52:58,979 - ERROR - An error occurred while checking signature: UTF-16 stream does not start with BOM
2024-07-22 13:52:58,983 - INFO - Valid signature detected for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:52:59,013 - ERROR - An error occurred while checking signature: UTF-16 stream does not start with BOM
2024-07-22 13:52:59,013 - INFO - Valid signature detected for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:52:59,136 - ERROR - An error occurred while checking signature: UTF-16 stream does not start with BOM
2024-07-22 13:52:59,233 - INFO - Valid signature detected for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:52:59,459 - ERROR - An error occurred while checking signature: UTF-16 stream does not start with BOM
2024-07-22 13:52:59,459 - INFO - Valid signature detected for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:52:59,829 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:00,068 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:00,350 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:00,366 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:00,465 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:00,588 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:00,588 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:00,627 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:02,110 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-07-22 13:53:02,110 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-07-22 13:53:02,110 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-07-22 13:53:02,110 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-07-22 13:53:02,110 - INFO - Rule head_mz is excluded.
2024-07-22 13:53:02,110 - INFO - Rule head_pe_unsigned is excluded.
2024-07-22 13:53:02,110 - INFO - Rule pe_unsigned_uncommon_product_name is excluded.
2024-07-22 13:53:02,110 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:02,110 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:02,110 - INFO - Rule head_mz_d_med_100kb_1mb is excluded.
2024-07-22 13:53:02,110 - INFO - Rule Contains_PE_File is excluded.
2024-07-22 13:53:02,110 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-07-22 13:53:02,110 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-07-22 13:53:02,110 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-07-22 13:53:02,110 - INFO - Rule http is excluded.
2024-07-22 13:53:02,110 - INFO - Rule Hunting_resources_noimps is excluded.
2024-07-22 13:53:02,110 - INFO - Rule CRC32_poly_Constant is excluded.
2024-07-22 13:53:02,110 - INFO - Rule escalate_priv is excluded.
2024-07-22 13:53:02,110 - INFO - Rule screenshot is excluded.
2024-07-22 13:53:02,110 - INFO - Rule win_registry is excluded.
2024-07-22 13:53:02,110 - INFO - Rule win_token is excluded.
2024-07-22 13:53:02,110 - INFO - Rule win_private_profile is excluded.
2024-07-22 13:53:02,110 - INFO - Rule win_files_operation is excluded.
2024-07-22 13:53:02,110 - INFO - Rule Nsis_archive_signature__8_byt_16_ is excluded.
2024-07-22 13:53:02,110 - INFO - Rule misc_pe_signature is excluded.
2024-07-22 13:53:02,112 - INFO - Rule research_pe_signed_outside_timestamp is excluded.
2024-07-22 13:53:02,112 - INFO - Rule create_process is excluded.
2024-07-22 13:53:02,112 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-07-22 13:53:02,112 - INFO - Rule IsPE32 is excluded.
2024-07-22 13:53:02,112 - INFO - Rule IsWindowsGUI is excluded.
2024-07-22 13:53:02,112 - INFO - Rule HasOverlay is excluded.
2024-07-22 13:53:02,112 - INFO - Rule HasRichSignature is excluded.
2024-07-22 13:53:02,112 - INFO - Rule Nullsoft_NSIS is excluded.
2024-07-22 13:53:02,112 - INFO - Rule IsNotPacked is excluded.
2024-07-22 13:53:02,137 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe - Virus: ['Ins_NSIS_Buer_Nov_2020_1']
2024-07-22 13:53:02,137 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe'
2024-07-22 13:53:02,137 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' with parts '['4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f', 'exe']'
2024-07-22 13:53:02,137 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:02,137 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe'
2024-07-22 13:53:02,242 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-07-22 13:53:02,242 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-07-22 13:53:02,242 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-07-22 13:53:02,242 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-07-22 13:53:02,242 - INFO - Rule head_mz is excluded.
2024-07-22 13:53:02,244 - INFO - Rule head_pe_unsigned is excluded.
2024-07-22 13:53:02,244 - INFO - Rule pe_unsigned_uncommon_product_name is excluded.
2024-07-22 13:53:02,246 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:02,246 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:02,246 - INFO - Rule head_mz_d_med_100kb_1mb is excluded.
2024-07-22 13:53:02,247 - INFO - Rule Contains_PE_File is excluded.
2024-07-22 13:53:02,247 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-07-22 13:53:02,247 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-07-22 13:53:02,247 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-07-22 13:53:02,271 - INFO - Rule http is excluded.
2024-07-22 13:53:02,271 - INFO - Rule Hunting_resources_noimps is excluded.
2024-07-22 13:53:02,271 - INFO - Rule CRC32_poly_Constant is excluded.
2024-07-22 13:53:02,271 - INFO - Rule escalate_priv is excluded.
2024-07-22 13:53:02,271 - INFO - Rule screenshot is excluded.
2024-07-22 13:53:02,271 - INFO - Rule win_registry is excluded.
2024-07-22 13:53:02,271 - INFO - Rule win_token is excluded.
2024-07-22 13:53:02,271 - INFO - Rule win_private_profile is excluded.
2024-07-22 13:53:02,271 - INFO - Rule win_files_operation is excluded.
2024-07-22 13:53:02,271 - INFO - Rule Nsis_archive_signature__8_byt_16_ is excluded.
2024-07-22 13:53:02,271 - INFO - Rule misc_pe_signature is excluded.
2024-07-22 13:53:02,271 - INFO - Rule research_pe_signed_outside_timestamp is excluded.
2024-07-22 13:53:02,271 - INFO - Rule create_process is excluded.
2024-07-22 13:53:02,272 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-07-22 13:53:02,272 - INFO - Rule IsPE32 is excluded.
2024-07-22 13:53:02,272 - INFO - Rule IsWindowsGUI is excluded.
2024-07-22 13:53:02,272 - INFO - Rule HasOverlay is excluded.
2024-07-22 13:53:02,272 - INFO - Rule HasRichSignature is excluded.
2024-07-22 13:53:02,272 - INFO - Rule Nullsoft_NSIS is excluded.
2024-07-22 13:53:02,272 - INFO - Rule IsNotPacked is excluded.
2024-07-22 13:53:02,289 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' is identified as a PE file. Proceeding with worm detection.
2024-07-22 13:53:02,316 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe - Virus: ['Ins_NSIS_Buer_Nov_2020_1']
2024-07-22 13:53:02,316 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe'
2024-07-22 13:53:02,316 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' with parts '['4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f', 'exe']'
2024-07-22 13:53:02,316 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:02,316 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe'
2024-07-22 13:53:02,316 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-07-22 13:53:02,316 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-07-22 13:53:02,325 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-07-22 13:53:02,325 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-07-22 13:53:02,325 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-07-22 13:53:02,316 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-07-22 13:53:02,325 - INFO - Rule head_mz is excluded.
2024-07-22 13:53:02,325 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' is identified as a PE file. Proceeding with worm detection.
2024-07-22 13:53:02,352 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-07-22 13:53:02,352 - INFO - Rule head_pe_unsigned is excluded.
2024-07-22 13:53:02,354 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-07-22 13:53:02,360 - INFO - Rule head_mz is excluded.
2024-07-22 13:53:02,360 - INFO - Rule head_pe_unsigned is excluded.
2024-07-22 13:53:02,360 - INFO - Rule pe_unsigned_uncommon_product_name is excluded.
2024-07-22 13:53:02,360 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:02,360 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:02,360 - INFO - Rule head_mz_d_med_100kb_1mb is excluded.
2024-07-22 13:53:02,360 - INFO - Rule Contains_PE_File is excluded.
2024-07-22 13:53:02,360 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-07-22 13:53:02,360 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-07-22 13:53:02,360 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-07-22 13:53:02,360 - INFO - Rule http is excluded.
2024-07-22 13:53:02,360 - INFO - Rule Hunting_resources_noimps is excluded.
2024-07-22 13:53:02,360 - INFO - Rule CRC32_poly_Constant is excluded.
2024-07-22 13:53:02,360 - INFO - Rule escalate_priv is excluded.
2024-07-22 13:53:02,360 - INFO - Rule screenshot is excluded.
2024-07-22 13:53:02,360 - INFO - Rule win_registry is excluded.
2024-07-22 13:53:02,360 - INFO - Rule win_token is excluded.
2024-07-22 13:53:02,360 - INFO - Rule win_private_profile is excluded.
2024-07-22 13:53:02,360 - INFO - Rule pe_unsigned_uncommon_product_name is excluded.
2024-07-22 13:53:02,360 - INFO - Rule win_files_operation is excluded.
2024-07-22 13:53:02,377 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:02,494 - INFO - Rule Nsis_archive_signature__8_byt_16_ is excluded.
2024-07-22 13:53:02,494 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:02,494 - INFO - Rule misc_pe_signature is excluded.
2024-07-22 13:53:02,498 - INFO - Rule head_mz_d_med_100kb_1mb is excluded.
2024-07-22 13:53:02,498 - INFO - Rule research_pe_signed_outside_timestamp is excluded.
2024-07-22 13:53:02,498 - INFO - Rule Contains_PE_File is excluded.
2024-07-22 13:53:02,502 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-07-22 13:53:02,498 - INFO - Rule create_process is excluded.
2024-07-22 13:53:02,502 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-07-22 13:53:02,502 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-07-22 13:53:02,502 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-07-22 13:53:02,505 - INFO - Rule IsPE32 is excluded.
2024-07-22 13:53:02,505 - INFO - Rule http is excluded.
2024-07-22 13:53:02,505 - INFO - Rule IsWindowsGUI is excluded.
2024-07-22 13:53:02,505 - INFO - Rule Hunting_resources_noimps is excluded.
2024-07-22 13:53:02,505 - INFO - Rule HasOverlay is excluded.
2024-07-22 13:53:02,505 - INFO - Rule CRC32_poly_Constant is excluded.
2024-07-22 13:53:02,505 - INFO - Rule escalate_priv is excluded.
2024-07-22 13:53:02,505 - INFO - Rule HasRichSignature is excluded.
2024-07-22 13:53:02,505 - INFO - Rule Nullsoft_NSIS is excluded.
2024-07-22 13:53:02,505 - INFO - Rule IsNotPacked is excluded.
2024-07-22 13:53:02,505 - INFO - Rule screenshot is excluded.
2024-07-22 13:53:02,540 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe - Virus: ['Ins_NSIS_Buer_Nov_2020_1']
2024-07-22 13:53:02,540 - INFO - Rule win_registry is excluded.
2024-07-22 13:53:02,544 - INFO - Rule win_token is excluded.
2024-07-22 13:53:02,544 - INFO - Rule win_private_profile is excluded.
2024-07-22 13:53:02,544 - INFO - Rule win_files_operation is excluded.
2024-07-22 13:53:02,544 - INFO - Rule Nsis_archive_signature__8_byt_16_ is excluded.
2024-07-22 13:53:02,544 - INFO - Rule misc_pe_signature is excluded.
2024-07-22 13:53:02,544 - INFO - Rule research_pe_signed_outside_timestamp is excluded.
2024-07-22 13:53:02,544 - INFO - Rule create_process is excluded.
2024-07-22 13:53:02,544 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-07-22 13:53:02,544 - INFO - Rule IsPE32 is excluded.
2024-07-22 13:53:02,544 - INFO - Rule IsWindowsGUI is excluded.
2024-07-22 13:53:02,544 - INFO - Rule HasOverlay is excluded.
2024-07-22 13:53:02,544 - INFO - Rule HasRichSignature is excluded.
2024-07-22 13:53:02,544 - INFO - Rule Nullsoft_NSIS is excluded.
2024-07-22 13:53:02,544 - INFO - Rule IsNotPacked is excluded.
2024-07-22 13:53:02,544 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe'
2024-07-22 13:53:02,568 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe - Virus: ['Ins_NSIS_Buer_Nov_2020_1']
2024-07-22 13:53:02,568 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' with parts '['4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f', 'exe']'
2024-07-22 13:53:02,568 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe'
2024-07-22 13:53:02,568 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:02,568 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' with parts '['4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f', 'exe']'
2024-07-22 13:53:02,568 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe'
2024-07-22 13:53:02,576 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:02,576 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe'
2024-07-22 13:53:02,619 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' is identified as a PE file. Proceeding with worm detection.
2024-07-22 13:53:02,628 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' is identified as a PE file. Proceeding with worm detection.
2024-07-22 13:53:02,628 - ERROR - An error occurred while checking signature: UTF-16 stream does not start with BOM
2024-07-22 13:53:02,628 - WARNING - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' does not have a valid signature. Proceeding with unknown...
2024-07-22 13:53:02,654 - WARNING - Original file 'C:Windows\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' or sandbox file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' not found. Skipping worm detection.
2024-07-22 13:53:02,654 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe is malicious. Viruses: Ins_NSIS_Buer_Nov_2020_1
2024-07-22 13:53:02,654 - ERROR - An error occurred while checking signature: UTF-16 stream does not start with BOM
2024-07-22 13:53:02,654 - WARNING - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' does not have a valid signature. Proceeding with unknown...
2024-07-22 13:53:02,686 - WARNING - Original file 'C:Windows\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' or sandbox file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' not found. Skipping worm detection.
2024-07-22 13:53:02,686 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe is malicious. Viruses: Ins_NSIS_Buer_Nov_2020_1
2024-07-22 13:53:02,694 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg
2024-07-22 13:53:02,694 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg
2024-07-22 13:53:02,694 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg
2024-07-22 13:53:02,703 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg
2024-07-22 13:53:02,703 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg
2024-07-22 13:53:02,764 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg
2024-07-22 13:53:02,813 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg
2024-07-22 13:53:03,600 - ERROR - An error occurred while checking signature: UTF-16 stream does not start with BOM
2024-07-22 13:53:03,600 - ERROR - An error occurred while checking signature: UTF-16 stream does not start with BOM
2024-07-22 13:53:03,600 - WARNING - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' does not have a valid signature. Proceeding with unknown...
2024-07-22 13:53:03,600 - WARNING - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' does not have a valid signature. Proceeding with unknown...
2024-07-22 13:53:03,693 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-07-22 13:53:03,693 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-07-22 13:53:03,693 - INFO - Rule DontDoThatNoReally is excluded.
2024-07-22 13:53:03,693 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:03,693 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:03,726 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg - No viruses detected
2024-07-22 13:53:03,729 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg'
2024-07-22 13:53:03,729 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg' with parts '['Penanced', 'Spg']'
2024-07-22 13:53:03,729 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:03,729 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg'
2024-07-22 13:53:03,729 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-07-22 13:53:03,729 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-07-22 13:53:03,729 - INFO - Rule DontDoThatNoReally is excluded.
2024-07-22 13:53:03,729 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:03,729 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:03,758 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg - No viruses detected
2024-07-22 13:53:03,758 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg'
2024-07-22 13:53:03,758 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg' with parts '['Penanced', 'Spg']'
2024-07-22 13:53:03,758 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:03,758 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg'
2024-07-22 13:53:03,786 - WARNING - Original file 'C:Windows\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' or sandbox file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' not found. Skipping worm detection.
2024-07-22 13:53:03,786 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe is malicious. Viruses: Ins_NSIS_Buer_Nov_2020_1
2024-07-22 13:53:03,786 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg' is not a PE file, skipping worm detection.
2024-07-22 13:53:03,815 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg' is not a PE file, skipping worm detection.
2024-07-22 13:53:03,823 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin: Penanced.Spg
2024-07-22 13:53:03,823 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg
2024-07-22 13:53:03,879 - WARNING - Original file 'C:Windows\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' or sandbox file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' not found. Skipping worm detection.
2024-07-22 13:53:03,879 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe is malicious. Viruses: Ins_NSIS_Buer_Nov_2020_1
2024-07-22 13:53:03,898 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg
2024-07-22 13:53:03,898 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:03,930 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:03,930 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg
2024-07-22 13:53:03,930 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:03,930 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:03,938 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:03,954 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg
2024-07-22 13:53:04,243 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:04,419 - INFO - Scanning domain: officeclient.microsoft.com
2024-07-22 13:53:04,507 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg
2024-07-22 13:53:04,533 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg
2024-07-22 13:53:05,194 - ERROR - An error occurred while checking signature: UTF-16 stream does not start with BOM
2024-07-22 13:53:05,214 - ERROR - An error occurred while checking signature: UTF-16 stream does not start with BOM
2024-07-22 13:53:05,214 - INFO - Valid signature detected for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:05,252 - INFO - Valid signature detected for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:05,602 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-07-22 13:53:05,602 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-07-22 13:53:05,602 - INFO - Rule DontDoThatNoReally is excluded.
2024-07-22 13:53:05,602 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:05,602 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:05,893 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-07-22 13:53:05,893 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-07-22 13:53:05,893 - INFO - Rule DontDoThatNoReally is excluded.
2024-07-22 13:53:05,893 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:05,893 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:05,910 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg - No viruses detected
2024-07-22 13:53:05,910 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg'
2024-07-22 13:53:05,910 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg' with parts '['Penanced', 'Spg']'
2024-07-22 13:53:05,910 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:05,910 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg'
2024-07-22 13:53:05,924 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg - No viruses detected
2024-07-22 13:53:05,924 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg'
2024-07-22 13:53:05,924 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg' with parts '['Penanced', 'Spg']'
2024-07-22 13:53:05,924 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:05,924 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg'
2024-07-22 13:53:05,984 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg' is not a PE file, skipping worm detection.
2024-07-22 13:53:06,393 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg' is not a PE file, skipping worm detection.
2024-07-22 13:53:06,393 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Penanced.Spg
2024-07-22 13:53:06,411 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:06,436 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge: 4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:06,436 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:07,094 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:07,241 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:07,461 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:07,469 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:07,549 - INFO - DNS Query (IPv4): officeclient.microsoft.com
2024-07-22 13:53:08,055 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:08,110 - INFO - DNS Query (IPv4): officeclient.microsoft.com
2024-07-22 13:53:08,110 - INFO - DNS Answer (IPv4): officeclient.microsoft.com
2024-07-22 13:53:08,110 - INFO - Skipping local IP address: 192.168.1.1
2024-07-22 13:53:08,110 - INFO - Skipping local IP address: 10.0.2.15
2024-07-22 13:53:08,110 - INFO - Scanning domain: config.officeapps.live.com
2024-07-22 13:53:08,487 - ERROR - An error occurred while checking signature: UTF-16 stream does not start with BOM
2024-07-22 13:53:08,487 - ERROR - An error occurred while checking signature: UTF-16 stream does not start with BOM
2024-07-22 13:53:09,098 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:09,098 - INFO - Valid signature detected for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:09,098 - INFO - Valid signature detected for file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:09,106 - INFO - DNS Answer (IPv4): config.officeapps.live.com
2024-07-22 13:53:09,837 - INFO - Scanning domain: prod.configsvc1.live.com.akadns.net
2024-07-22 13:53:11,214 - INFO - DNS Answer (IPv4): prod.configsvc1.live.com.akadns.net
2024-07-22 13:53:11,214 - INFO - Scanning domain: europe.configsvc1.live.com.akadns.net
2024-07-22 13:53:13,241 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-07-22 13:53:13,241 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-07-22 13:53:13,241 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-07-22 13:53:13,241 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-07-22 13:53:13,241 - INFO - Rule head_mz is excluded.
2024-07-22 13:53:13,241 - INFO - Rule head_pe_unsigned is excluded.
2024-07-22 13:53:13,241 - INFO - Rule pe_unsigned_uncommon_product_name is excluded.
2024-07-22 13:53:13,241 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:13,241 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:13,241 - INFO - Rule head_mz_d_med_100kb_1mb is excluded.
2024-07-22 13:53:13,241 - INFO - Rule Contains_PE_File is excluded.
2024-07-22 13:53:13,241 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-07-22 13:53:13,241 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-07-22 13:53:13,241 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-07-22 13:53:13,241 - INFO - Rule http is excluded.
2024-07-22 13:53:13,241 - INFO - Rule Hunting_resources_noimps is excluded.
2024-07-22 13:53:13,241 - INFO - Rule CRC32_poly_Constant is excluded.
2024-07-22 13:53:13,241 - INFO - Rule escalate_priv is excluded.
2024-07-22 13:53:13,241 - INFO - Rule screenshot is excluded.
2024-07-22 13:53:13,355 - INFO - Rule win_registry is excluded.
2024-07-22 13:53:13,406 - INFO - DNS Answer (IPv4): europe.configsvc1.live.com.akadns.net
2024-07-22 13:53:13,527 - INFO - Scanning domain: ukw-azsc-config.officeapps.live.com
2024-07-22 13:53:13,406 - INFO - Rule win_token is excluded.
2024-07-22 13:53:13,527 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-07-22 13:53:13,553 - INFO - Rule win_private_profile is excluded.
2024-07-22 13:53:13,597 - INFO - Rule win_files_operation is excluded.
2024-07-22 13:53:13,597 - INFO - Rule Nsis_archive_signature__8_byt_16_ is excluded.
2024-07-22 13:53:13,597 - INFO - Rule misc_pe_signature is excluded.
2024-07-22 13:53:13,597 - INFO - Rule research_pe_signed_outside_timestamp is excluded.
2024-07-22 13:53:13,597 - INFO - Rule create_process is excluded.
2024-07-22 13:53:13,597 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-07-22 13:53:13,597 - INFO - Rule IsPE32 is excluded.
2024-07-22 13:53:13,597 - INFO - Rule IsWindowsGUI is excluded.
2024-07-22 13:53:13,597 - INFO - Rule HasOverlay is excluded.
2024-07-22 13:53:13,597 - INFO - Rule HasRichSignature is excluded.
2024-07-22 13:53:13,597 - INFO - Rule Nullsoft_NSIS is excluded.
2024-07-22 13:53:13,561 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-07-22 13:53:13,606 - INFO - Rule IsNotPacked is excluded.
2024-07-22 13:53:13,640 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-07-22 13:53:15,096 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe - Virus: ['Ins_NSIS_Buer_Nov_2020_1']
2024-07-22 13:53:15,113 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-07-22 13:53:15,161 - INFO - Rule head_mz is excluded.
2024-07-22 13:53:15,161 - INFO - Rule head_pe_unsigned is excluded.
2024-07-22 13:53:15,161 - INFO - Rule pe_unsigned_uncommon_product_name is excluded.
2024-07-22 13:53:15,161 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:15,161 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:15,161 - INFO - Rule head_mz_d_med_100kb_1mb is excluded.
2024-07-22 13:53:15,161 - INFO - Rule Contains_PE_File is excluded.
2024-07-22 13:53:15,161 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-07-22 13:53:15,161 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-07-22 13:53:15,161 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-07-22 13:53:15,161 - INFO - Rule http is excluded.
2024-07-22 13:53:15,131 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe'
2024-07-22 13:53:15,161 - INFO - Rule Hunting_resources_noimps is excluded.
2024-07-22 13:53:15,223 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' with parts '['4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f', 'exe']'
2024-07-22 13:53:15,309 - INFO - Rule CRC32_poly_Constant is excluded.
2024-07-22 13:53:15,346 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:15,381 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe'
2024-07-22 13:53:15,364 - INFO - Rule escalate_priv is excluded.
2024-07-22 13:53:15,381 - INFO - Rule screenshot is excluded.
2024-07-22 13:53:15,389 - INFO - Rule win_registry is excluded.
2024-07-22 13:53:15,389 - INFO - Rule win_token is excluded.
2024-07-22 13:53:15,389 - INFO - Rule win_private_profile is excluded.
2024-07-22 13:53:15,389 - INFO - Rule win_files_operation is excluded.
2024-07-22 13:53:15,389 - INFO - Rule Nsis_archive_signature__8_byt_16_ is excluded.
2024-07-22 13:53:15,389 - INFO - Rule misc_pe_signature is excluded.
2024-07-22 13:53:15,389 - INFO - Rule research_pe_signed_outside_timestamp is excluded.
2024-07-22 13:53:15,389 - INFO - Rule create_process is excluded.
2024-07-22 13:53:15,389 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-07-22 13:53:15,389 - INFO - Rule IsPE32 is excluded.
2024-07-22 13:53:15,389 - INFO - Rule IsWindowsGUI is excluded.
2024-07-22 13:53:15,389 - INFO - Rule HasOverlay is excluded.
2024-07-22 13:53:15,389 - INFO - Rule HasRichSignature is excluded.
2024-07-22 13:53:15,389 - INFO - Rule Nullsoft_NSIS is excluded.
2024-07-22 13:53:15,389 - INFO - Rule IsNotPacked is excluded.
2024-07-22 13:53:15,480 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:15,527 - INFO - No malware detected by Machine Learning in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:15,573 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe - Virus: ['Ins_NSIS_Buer_Nov_2020_1']
2024-07-22 13:53:15,574 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe'
2024-07-22 13:53:15,574 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' with parts '['4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f', 'exe']'
2024-07-22 13:53:15,574 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:15,594 - INFO - DNS Answer (IPv4): ukw-azsc-config.officeapps.live.com
2024-07-22 13:53:15,610 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe'
2024-07-22 13:53:15,661 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' is identified as a PE file. Proceeding with worm detection.
2024-07-22 13:53:15,694 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' is identified as a PE file. Proceeding with worm detection.
2024-07-22 13:53:15,772 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:15,813 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:16,133 - ERROR - An error occurred while checking signature: UTF-16 stream does not start with BOM
2024-07-22 13:53:16,133 - ERROR - An error occurred while checking signature: UTF-16 stream does not start with BOM
2024-07-22 13:53:16,133 - WARNING - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' does not have a valid signature. Proceeding with unknown...
2024-07-22 13:53:16,133 - WARNING - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' does not have a valid signature. Proceeding with unknown...
2024-07-22 13:53:16,382 - WARNING - Original file 'C:Windows\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' or sandbox file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' not found. Skipping worm detection.
2024-07-22 13:53:16,382 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe is malicious. Viruses: Ins_NSIS_Buer_Nov_2020_1
2024-07-22 13:53:16,382 - WARNING - Original file 'C:Windows\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' or sandbox file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' not found. Skipping worm detection.
2024-07-22 13:53:16,418 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe is malicious. Viruses: Ins_NSIS_Buer_Nov_2020_1
2024-07-22 13:53:16,420 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm
2024-07-22 13:53:16,421 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm
2024-07-22 13:53:16,421 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm
2024-07-22 13:53:16,423 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm
2024-07-22 13:53:16,423 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm
2024-07-22 13:53:16,610 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm
2024-07-22 13:53:16,650 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm
2024-07-22 13:53:17,783 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:17,783 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-07-22 13:53:17,816 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:17,816 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-07-22 13:53:17,855 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-07-22 13:53:17,856 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm - No viruses detected
2024-07-22 13:53:17,856 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-07-22 13:53:17,857 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm - No viruses detected
2024-07-22 13:53:17,857 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm'
2024-07-22 13:53:17,860 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-07-22 13:53:17,860 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm'
2024-07-22 13:53:17,864 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm' with parts '['tyvestykspakken', 'usm']'
2024-07-22 13:53:17,862 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-07-22 13:53:17,864 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:17,867 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm'
2024-07-22 13:53:17,867 - INFO - Rule DebuggerTiming__Ticks is excluded.
2024-07-22 13:53:17,867 - INFO - Rule head_mz is excluded.
2024-07-22 13:53:17,862 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm' with parts '['tyvestykspakken', 'usm']'
2024-07-22 13:53:17,870 - INFO - Rule DebuggerPattern__RDTSC is excluded.
2024-07-22 13:53:17,870 - INFO - Rule head_pe_unsigned is excluded.
2024-07-22 13:53:17,870 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:17,911 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm'
2024-07-22 13:53:17,911 - INFO - Rule DebuggerPattern__CPUID is excluded.
2024-07-22 13:53:17,911 - INFO - Rule pe_unsigned_uncommon_product_name is excluded.
2024-07-22 13:53:17,907 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm' is not a PE file, skipping worm detection.
2024-07-22 13:53:17,961 - INFO - Rule INFO_MPRESS_PACKER is excluded.
2024-07-22 13:53:17,961 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:17,961 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm' is not a PE file, skipping worm detection.
2024-07-22 13:53:17,965 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt
2024-07-22 13:53:17,965 - INFO - Rule head_mz is excluded.
2024-07-22 13:53:17,965 - INFO - Rule head_pe_unsigned is excluded.
2024-07-22 13:53:17,965 - INFO - Rule pe_unsigned_uncommon_product_name is excluded.
2024-07-22 13:53:17,965 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:17,965 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:17,965 - INFO - Rule head_mz_d_med_100kb_1mb is excluded.
2024-07-22 13:53:17,965 - INFO - Rule Contains_PE_File is excluded.
2024-07-22 13:53:17,965 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-07-22 13:53:17,965 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-07-22 13:53:17,965 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-07-22 13:53:17,965 - INFO - Rule http is excluded.
2024-07-22 13:53:17,965 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt
2024-07-22 13:53:17,965 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:17,981 - INFO - Rule head_mz_d_med_100kb_1mb is excluded.
2024-07-22 13:53:17,981 - INFO - Rule Contains_PE_File is excluded.
2024-07-22 13:53:17,981 - INFO - Rule maldoc_function_prolog_signature is excluded.
2024-07-22 13:53:17,981 - INFO - Rule maldoc_suspicious_strings is excluded.
2024-07-22 13:53:17,975 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt
2024-07-22 13:53:17,965 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt
2024-07-22 13:53:18,005 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt
2024-07-22 13:53:17,981 - INFO - Rule PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ is excluded.
2024-07-22 13:53:18,005 - INFO - Rule http is excluded.
2024-07-22 13:53:18,005 - INFO - Rule Hunting_resources_noimps is excluded.
2024-07-22 13:53:18,005 - INFO - Rule CRC32_poly_Constant is excluded.
2024-07-22 13:53:18,005 - INFO - Rule escalate_priv is excluded.
2024-07-22 13:53:18,005 - INFO - Rule screenshot is excluded.
2024-07-22 13:53:18,005 - INFO - Rule win_registry is excluded.
2024-07-22 13:53:18,005 - INFO - Rule win_token is excluded.
2024-07-22 13:53:18,005 - INFO - Rule win_private_profile is excluded.
2024-07-22 13:53:18,005 - INFO - Rule win_files_operation is excluded.
2024-07-22 13:53:18,005 - INFO - Rule Nsis_archive_signature__8_byt_16_ is excluded.
2024-07-22 13:53:18,005 - INFO - Rule misc_pe_signature is excluded.
2024-07-22 13:53:18,005 - INFO - Rule research_pe_signed_outside_timestamp is excluded.
2024-07-22 13:53:18,005 - INFO - Rule create_process is excluded.
2024-07-22 13:53:18,005 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-07-22 13:53:18,005 - INFO - Rule IsPE32 is excluded.
2024-07-22 13:53:18,005 - INFO - Rule IsWindowsGUI is excluded.
2024-07-22 13:53:18,005 - INFO - Rule HasOverlay is excluded.
2024-07-22 13:53:18,005 - INFO - Rule HasRichSignature is excluded.
2024-07-22 13:53:18,005 - INFO - Rule Nullsoft_NSIS is excluded.
2024-07-22 13:53:18,005 - INFO - Rule IsNotPacked is excluded.
2024-07-22 13:53:17,965 - INFO - Rule Hunting_resources_noimps is excluded.
2024-07-22 13:53:18,066 - INFO - Rule CRC32_poly_Constant is excluded.
2024-07-22 13:53:18,066 - INFO - Rule escalate_priv is excluded.
2024-07-22 13:53:18,066 - INFO - Rule screenshot is excluded.
2024-07-22 13:53:18,066 - INFO - Rule win_registry is excluded.
2024-07-22 13:53:18,066 - INFO - Rule win_token is excluded.
2024-07-22 13:53:18,066 - INFO - Rule win_private_profile is excluded.
2024-07-22 13:53:18,066 - INFO - Rule win_files_operation is excluded.
2024-07-22 13:53:18,066 - INFO - Rule Nsis_archive_signature__8_byt_16_ is excluded.
2024-07-22 13:53:18,066 - INFO - Rule misc_pe_signature is excluded.
2024-07-22 13:53:18,066 - INFO - Rule research_pe_signed_outside_timestamp is excluded.
2024-07-22 13:53:18,066 - INFO - Rule create_process is excluded.
2024-07-22 13:53:18,066 - INFO - Rule Anti_Automated_Sandbox is excluded.
2024-07-22 13:53:18,066 - INFO - Rule IsPE32 is excluded.
2024-07-22 13:53:18,066 - INFO - Rule IsWindowsGUI is excluded.
2024-07-22 13:53:18,045 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe - Virus: ['Ins_NSIS_Buer_Nov_2020_1']
2024-07-22 13:53:18,066 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe'
2024-07-22 13:53:18,066 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' with parts '['4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f', 'exe']'
2024-07-22 13:53:18,066 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:18,066 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe'
2024-07-22 13:53:18,066 - INFO - Rule HasOverlay is excluded.
2024-07-22 13:53:18,107 - INFO - Rule HasRichSignature is excluded.
2024-07-22 13:53:18,108 - INFO - Rule Nullsoft_NSIS is excluded.
2024-07-22 13:53:18,108 - INFO - Rule IsNotPacked is excluded.
2024-07-22 13:53:18,121 - WARNING - Infected file detected (YARA): C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe - Virus: ['Ins_NSIS_Buer_Nov_2020_1']
2024-07-22 13:53:18,121 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe'
2024-07-22 13:53:18,121 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' with parts '['4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f', 'exe']'
2024-07-22 13:53:18,121 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:18,121 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe'
2024-07-22 13:53:18,161 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' is identified as a PE file. Proceeding with worm detection.
2024-07-22 13:53:18,190 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt
2024-07-22 13:53:18,242 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt
2024-07-22 13:53:18,250 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:18,250 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:53:18,270 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' is identified as a PE file. Proceeding with worm detection.
2024-07-22 13:53:18,280 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt - No viruses detected
2024-07-22 13:53:18,280 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt'
2024-07-22 13:53:18,280 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt' with parts '['viceamtsborgmestrene', 'txt']'
2024-07-22 13:53:18,280 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:18,280 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt'
2024-07-22 13:53:18,296 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt' is not a PE file, skipping worm detection.
2024-07-22 13:53:18,296 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky
2024-07-22 13:53:18,296 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky
2024-07-22 13:53:18,296 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:18,296 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:53:18,296 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky
2024-07-22 13:53:18,348 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt - No viruses detected
2024-07-22 13:53:18,348 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt'
2024-07-22 13:53:18,348 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt' with parts '['viceamtsborgmestrene', 'txt']'
2024-07-22 13:53:18,348 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:18,348 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt'
2024-07-22 13:53:18,381 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt' is not a PE file, skipping worm detection.
2024-07-22 13:53:18,381 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky
2024-07-22 13:53:18,381 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky
2024-07-22 13:53:18,628 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky
2024-07-22 13:53:18,628 - ERROR - An error occurred while checking signature: UTF-16 stream does not start with BOM
2024-07-22 13:53:18,628 - WARNING - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' does not have a valid signature. Proceeding with unknown...
2024-07-22 13:53:18,670 - ERROR - An error occurred while checking signature: UTF-16 stream does not start with BOM
2024-07-22 13:53:18,670 - WARNING - Original file 'C:Windows\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' or sandbox file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' not found. Skipping worm detection.
2024-07-22 13:53:18,670 - WARNING - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' does not have a valid signature. Proceeding with unknown...
2024-07-22 13:53:18,670 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe is malicious. Viruses: Ins_NSIS_Buer_Nov_2020_1
2024-07-22 13:53:18,679 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky
2024-07-22 13:53:18,679 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge: tyvestykspakken.usm
2024-07-22 13:53:18,679 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm
2024-07-22 13:53:18,708 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm
2024-07-22 13:53:18,708 - WARNING - Original file 'C:Windows\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' or sandbox file 'C:\Sandbox\hydradragonantivirus\DefaultBox\drive\C\Windows\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe' not found. Skipping worm detection.
2024-07-22 13:53:18,708 - WARNING - File C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe is malicious. Viruses: Ins_NSIS_Buer_Nov_2020_1
2024-07-22 13:53:18,716 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\4b23416ddb5edceb2bcfd5c8b16fc0b739e2d470e69a7c85a033fbbedcac520f.exe
2024-07-22 13:53:18,716 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm
2024-07-22 13:53:18,716 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm
2024-07-22 13:53:19,043 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm
2024-07-22 13:53:19,161 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm
2024-07-22 13:53:19,161 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:19,161 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:19,231 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky - No viruses detected
2024-07-22 13:53:19,231 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky'
2024-07-22 13:53:19,231 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky' with parts '['afvrgningen', 'sky']'
2024-07-22 13:53:19,231 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:19,231 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky'
2024-07-22 13:53:19,241 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:19,241 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:19,304 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky - No viruses detected
2024-07-22 13:53:19,304 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky'
2024-07-22 13:53:19,304 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky' with parts '['afvrgningen', 'sky']'
2024-07-22 13:53:19,304 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:19,304 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky'
2024-07-22 13:53:19,374 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky' is not a PE file, skipping worm detection.
2024-07-22 13:53:19,374 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa
2024-07-22 13:53:19,374 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa
2024-07-22 13:53:20,153 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky' is not a PE file, skipping worm detection.
2024-07-22 13:53:20,180 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa
2024-07-22 13:53:20,180 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa
2024-07-22 13:53:20,191 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa
2024-07-22 13:53:20,199 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:20,199 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-07-22 13:53:20,199 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:20,225 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-07-22 13:53:20,217 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm - No viruses detected
2024-07-22 13:53:20,243 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm - No viruses detected
2024-07-22 13:53:20,243 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm'
2024-07-22 13:53:20,361 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm'
2024-07-22 13:53:20,361 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm' with parts '['tyvestykspakken', 'usm']'
2024-07-22 13:53:20,361 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm' with parts '['tyvestykspakken', 'usm']'
2024-07-22 13:53:20,361 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:20,367 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:20,376 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm'
2024-07-22 13:53:20,376 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm'
2024-07-22 13:53:20,443 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm' is not a PE file, skipping worm detection.
2024-07-22 13:53:20,443 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm
2024-07-22 13:53:20,443 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt
2024-07-22 13:53:20,453 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\tyvestykspakken.usm' is not a PE file, skipping worm detection.
2024-07-22 13:53:20,453 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge: viceamtsborgmestrene.txt
2024-07-22 13:53:20,453 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt
2024-07-22 13:53:20,461 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa
2024-07-22 13:53:20,470 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt
2024-07-22 13:53:20,478 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa
2024-07-22 13:53:20,487 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt
2024-07-22 13:53:20,615 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt
2024-07-22 13:53:20,619 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt
2024-07-22 13:53:20,619 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:20,624 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:20,624 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:53:20,633 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:20,633 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:53:20,676 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:20,676 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:53:20,676 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa - No viruses detected
2024-07-22 13:53:20,691 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa - No viruses detected
2024-07-22 13:53:20,691 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:53:20,725 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt - No viruses detected
2024-07-22 13:53:20,725 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa'
2024-07-22 13:53:20,725 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa'
2024-07-22 13:53:20,749 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt'
2024-07-22 13:53:20,749 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa' with parts '['asexuality', 'Laa']'
2024-07-22 13:53:20,757 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:20,749 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa' with parts '['asexuality', 'Laa']'
2024-07-22 13:53:20,749 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt' with parts '['viceamtsborgmestrene', 'txt']'
2024-07-22 13:53:20,758 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:20,758 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt'
2024-07-22 13:53:20,758 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:20,757 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa'
2024-07-22 13:53:20,749 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt - No viruses detected
2024-07-22 13:53:20,758 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa'
2024-07-22 13:53:20,777 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt' is not a PE file, skipping worm detection.
2024-07-22 13:53:20,777 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt'
2024-07-22 13:53:21,092 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa' is not a PE file, skipping worm detection.
2024-07-22 13:53:21,097 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt
2024-07-22 13:53:21,097 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa' is not a PE file, skipping worm detection.
2024-07-22 13:53:21,097 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt' with parts '['viceamtsborgmestrene', 'txt']'
2024-07-22 13:53:21,097 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc
2024-07-22 13:53:21,101 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:21,101 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt'
2024-07-22 13:53:21,101 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc
2024-07-22 13:53:21,101 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc
2024-07-22 13:53:21,101 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky
2024-07-22 13:53:21,101 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc
2024-07-22 13:53:21,101 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc
2024-07-22 13:53:21,101 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Enlarge\viceamtsborgmestrene.txt' is not a PE file, skipping worm detection.
2024-07-22 13:53:21,125 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky
2024-07-22 13:53:21,133 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike: afvrgningen.sky
2024-07-22 13:53:21,133 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky
2024-07-22 13:53:21,207 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky
2024-07-22 13:53:21,241 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc
2024-07-22 13:53:21,308 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky
2024-07-22 13:53:21,458 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky
2024-07-22 13:53:21,462 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc
2024-07-22 13:53:21,814 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:21,814 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:21,872 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky - No viruses detected
2024-07-22 13:53:21,872 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky'
2024-07-22 13:53:21,872 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky' with parts '['afvrgningen', 'sky']'
2024-07-22 13:53:21,872 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:21,872 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky'
2024-07-22 13:53:21,892 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky' is not a PE file, skipping worm detection.
2024-07-22 13:53:21,892 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky
2024-07-22 13:53:21,892 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa
2024-07-22 13:53:21,895 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa
2024-07-22 13:53:22,052 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:22,052 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:22,087 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky - No viruses detected
2024-07-22 13:53:22,087 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky'
2024-07-22 13:53:22,087 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky' with parts '['afvrgningen', 'sky']'
2024-07-22 13:53:22,087 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:22,087 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky'
2024-07-22 13:53:22,128 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:22,128 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-07-22 13:53:22,191 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc - No viruses detected
2024-07-22 13:53:22,191 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa
2024-07-22 13:53:22,205 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc'
2024-07-22 13:53:22,205 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\afvrgningen.sky' is not a PE file, skipping worm detection.
2024-07-22 13:53:22,211 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc' with parts '['blameres', 'voc']'
2024-07-22 13:53:22,238 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:22,238 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc'
2024-07-22 13:53:22,238 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike: asexuality.Laa
2024-07-22 13:53:22,238 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa
2024-07-22 13:53:22,347 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa
2024-07-22 13:53:22,378 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:22,378 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:53:22,415 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc' is not a PE file, skipping worm detection.
2024-07-22 13:53:22,415 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa - No viruses detected
2024-07-22 13:53:22,415 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa'
2024-07-22 13:53:22,415 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa' with parts '['asexuality', 'Laa']'
2024-07-22 13:53:22,415 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:22,415 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa'
2024-07-22 13:53:22,415 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab
2024-07-22 13:53:22,430 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab
2024-07-22 13:53:22,430 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:22,430 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-07-22 13:53:22,448 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc - No viruses detected
2024-07-22 13:53:22,448 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc'
2024-07-22 13:53:22,448 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc' with parts '['blameres', 'voc']'
2024-07-22 13:53:22,448 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:22,448 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc'
2024-07-22 13:53:22,457 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab
2024-07-22 13:53:22,473 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa' is not a PE file, skipping worm detection.
2024-07-22 13:53:22,473 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa
2024-07-22 13:53:22,508 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc' is not a PE file, skipping worm detection.
2024-07-22 13:53:22,508 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab
2024-07-22 13:53:22,508 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc
2024-07-22 13:53:22,508 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab
2024-07-22 13:53:22,508 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc
2024-07-22 13:53:22,580 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa
2024-07-22 13:53:22,720 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab
2024-07-22 13:53:22,720 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:22,720 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:53:22,761 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa - No viruses detected
2024-07-22 13:53:22,769 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa'
2024-07-22 13:53:22,769 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa' with parts '['asexuality', 'Laa']'
2024-07-22 13:53:22,769 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:22,769 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa'
2024-07-22 13:53:22,786 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab
2024-07-22 13:53:23,423 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:23,423 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:23,423 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\asexuality.Laa' is not a PE file, skipping worm detection.
2024-07-22 13:53:23,433 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable: blameres.voc
2024-07-22 13:53:23,433 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc
2024-07-22 13:53:23,423 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:23,429 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:23,423 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc
2024-07-22 13:53:23,433 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc
2024-07-22 13:53:23,433 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab - No viruses detected
2024-07-22 13:53:23,476 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab'
2024-07-22 13:53:23,476 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab' with parts '['constituter', 'tab']'
2024-07-22 13:53:23,476 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:23,476 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab'
2024-07-22 13:53:23,470 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab - No viruses detected
2024-07-22 13:53:23,495 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab' is not a PE file, skipping worm detection.
2024-07-22 13:53:23,495 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab'
2024-07-22 13:53:23,525 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att
2024-07-22 13:53:23,525 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab' with parts '['constituter', 'tab']'
2024-07-22 13:53:23,682 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att
2024-07-22 13:53:23,682 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:23,682 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab'
2024-07-22 13:53:23,689 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att
2024-07-22 13:53:23,689 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab' is not a PE file, skipping worm detection.
2024-07-22 13:53:23,689 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att
2024-07-22 13:53:23,730 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att
2024-07-22 13:53:23,765 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc
2024-07-22 13:53:23,832 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att
2024-07-22 13:53:24,132 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:24,132 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-07-22 13:53:24,186 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc - No viruses detected
2024-07-22 13:53:24,186 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc'
2024-07-22 13:53:24,186 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc' with parts '['blameres', 'voc']'
2024-07-22 13:53:24,186 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:24,186 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc'
2024-07-22 13:53:24,231 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc' is not a PE file, skipping worm detection.
2024-07-22 13:53:24,231 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc
2024-07-22 13:53:24,231 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab
2024-07-22 13:53:24,247 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att
2024-07-22 13:53:24,255 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab
2024-07-22 13:53:24,754 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:24,754 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-07-22 13:53:24,782 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc - No viruses detected
2024-07-22 13:53:24,782 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc'
2024-07-22 13:53:24,782 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc' with parts '['blameres', 'voc']'
2024-07-22 13:53:24,782 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:24,782 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc'
2024-07-22 13:53:24,782 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:24,782 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-07-22 13:53:24,799 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att - No viruses detected
2024-07-22 13:53:24,799 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att'
2024-07-22 13:53:24,799 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att' with parts '['stdfanger', 'att']'
2024-07-22 13:53:24,799 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:24,799 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att'
2024-07-22 13:53:24,834 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\blameres.voc' is not a PE file, skipping worm detection.
2024-07-22 13:53:24,834 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable: constituter.tab
2024-07-22 13:53:24,834 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab
2024-07-22 13:53:24,869 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att' is not a PE file, skipping worm detection.
2024-07-22 13:53:24,869 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab
2024-07-22 13:53:24,894 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab
2024-07-22 13:53:24,900 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
2024-07-22 13:53:24,900 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
2024-07-22 13:53:24,900 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
2024-07-22 13:53:25,516 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:25,516 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-07-22 13:53:25,559 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab
2024-07-22 13:53:25,565 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:25,570 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:25,605 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att - No viruses detected
2024-07-22 13:53:25,605 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att'
2024-07-22 13:53:25,605 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att' with parts '['stdfanger', 'att']'
2024-07-22 13:53:25,605 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:25,605 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att'
2024-07-22 13:53:25,609 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab - No viruses detected
2024-07-22 13:53:25,609 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab'
2024-07-22 13:53:25,609 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab' with parts '['constituter', 'tab']'
2024-07-22 13:53:25,609 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:25,609 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab'
2024-07-22 13:53:25,622 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab' is not a PE file, skipping worm detection.
2024-07-22 13:53:25,622 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab
2024-07-22 13:53:25,622 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att
2024-07-22 13:53:25,637 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att
2024-07-22 13:53:25,657 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
2024-07-22 13:53:25,657 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att' is not a PE file, skipping worm detection.
2024-07-22 13:53:26,141 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
2024-07-22 13:53:26,218 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
2024-07-22 13:53:26,297 - INFO - Rule head_doc is excluded.
2024-07-22 13:53:26,297 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:26,297 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:53:26,297 - INFO - Rule maldoc_OLE_file_magic_number is excluded.
2024-07-22 13:53:26,297 - INFO - Rule PEiD_01130_Microsoft_Windows_Shortcut_file_ is excluded.
2024-07-22 13:53:26,297 - INFO - Rule Big_Numbers1 is excluded.
2024-07-22 13:53:26,297 - INFO - Rule Big_Numbers2 is excluded.
2024-07-22 13:53:26,297 - INFO - Rule Big_Numbers3 is excluded.
2024-07-22 13:53:26,297 - INFO - Rule spreading_file is excluded.
2024-07-22 13:53:26,297 - INFO - Rule ft_ole_cf is excluded.
2024-07-22 13:53:26,297 - INFO - Rule office_magic_bytes is excluded.
2024-07-22 13:53:26,297 - INFO - Rule MSI is excluded.
2024-07-22 13:53:26,336 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms - No viruses detected
2024-07-22 13:53:26,349 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms'
2024-07-22 13:53:26,349 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms' with parts '['5f7b5f1e01b83767', 'automaticDestinations-ms']'
2024-07-22 13:53:26,349 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:26,368 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms'
2024-07-22 13:53:26,401 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms' is not a PE file, skipping worm detection.
2024-07-22 13:53:26,401 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
2024-07-22 13:53:26,401 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
2024-07-22 13:53:26,410 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
2024-07-22 13:53:26,431 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att
2024-07-22 13:53:26,434 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
2024-07-22 13:53:26,549 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
2024-07-22 13:53:26,580 - INFO - Rule head_doc is excluded.
2024-07-22 13:53:26,580 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:26,580 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:53:26,580 - INFO - Rule maldoc_OLE_file_magic_number is excluded.
2024-07-22 13:53:26,580 - INFO - Rule PEiD_01130_Microsoft_Windows_Shortcut_file_ is excluded.
2024-07-22 13:53:26,580 - INFO - Rule Big_Numbers1 is excluded.
2024-07-22 13:53:26,580 - INFO - Rule Big_Numbers2 is excluded.
2024-07-22 13:53:26,580 - INFO - Rule Big_Numbers3 is excluded.
2024-07-22 13:53:26,580 - INFO - Rule spreading_file is excluded.
2024-07-22 13:53:26,580 - INFO - Rule ft_ole_cf is excluded.
2024-07-22 13:53:26,580 - INFO - Rule office_magic_bytes is excluded.
2024-07-22 13:53:26,585 - INFO - Rule MSI is excluded.
2024-07-22 13:53:26,656 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms - No viruses detected
2024-07-22 13:53:26,657 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms'
2024-07-22 13:53:26,657 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms' with parts '['5f7b5f1e01b83767', 'automaticDestinations-ms']'
2024-07-22 13:53:26,657 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:26,657 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms'
2024-07-22 13:53:26,664 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms' is not a PE file, skipping worm detection.
2024-07-22 13:53:26,664 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
2024-07-22 13:53:26,686 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
2024-07-22 13:53:26,876 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:26,876 - INFO - Rule ct_size_100kb_1000kb is excluded.
2024-07-22 13:53:26,952 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab - No viruses detected
2024-07-22 13:53:26,954 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab'
2024-07-22 13:53:26,954 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab' with parts '['constituter', 'tab']'
2024-07-22 13:53:26,954 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:26,954 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab'
2024-07-22 13:53:26,995 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\constituter.tab' is not a PE file, skipping worm detection.
2024-07-22 13:53:26,995 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable: stdfanger.att
2024-07-22 13:53:26,995 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att
2024-07-22 13:53:27,000 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att
2024-07-22 13:53:27,017 - INFO - Rule head_doc is excluded.
2024-07-22 13:53:27,017 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:27,017 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:53:27,017 - INFO - Rule maldoc_OLE_file_magic_number is excluded.
2024-07-22 13:53:27,017 - INFO - Rule PEiD_01130_Microsoft_Windows_Shortcut_file_ is excluded.
2024-07-22 13:53:27,017 - INFO - Rule Big_Numbers1 is excluded.
2024-07-22 13:53:27,017 - INFO - Rule Big_Numbers2 is excluded.
2024-07-22 13:53:27,017 - INFO - Rule Big_Numbers3 is excluded.
2024-07-22 13:53:27,017 - INFO - Rule ft_ole_cf is excluded.
2024-07-22 13:53:27,017 - INFO - Rule office_magic_bytes is excluded.
2024-07-22 13:53:27,017 - INFO - Rule MSI is excluded.
2024-07-22 13:53:27,293 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms - No viruses detected
2024-07-22 13:53:27,293 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms'
2024-07-22 13:53:27,293 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms' with parts '['f01b4d95cf55d32a', 'automaticDestinations-ms']'
2024-07-22 13:53:27,293 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:27,293 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms'
2024-07-22 13:53:27,365 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms' is not a PE file, skipping worm detection.
2024-07-22 13:53:27,538 - INFO - New file detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini
2024-07-22 13:53:27,538 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini
2024-07-22 13:53:27,538 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini
2024-07-22 13:53:27,715 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
2024-07-22 13:53:27,763 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att
2024-07-22 13:53:27,763 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini
2024-07-22 13:53:28,389 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:28,389 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:53:28,427 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini - No viruses detected
2024-07-22 13:53:28,427 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini'
2024-07-22 13:53:28,427 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini' with parts '['alfred', 'ini']'
2024-07-22 13:53:28,427 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:28,436 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini'
2024-07-22 13:53:28,436 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:28,436 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-07-22 13:53:28,479 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att - No viruses detected
2024-07-22 13:53:28,479 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att'
2024-07-22 13:53:28,479 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att' with parts '['stdfanger', 'att']'
2024-07-22 13:53:28,479 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:28,479 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att'
2024-07-22 13:53:28,487 - INFO - Rule head_doc is excluded.
2024-07-22 13:53:28,487 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:28,487 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:53:28,487 - INFO - Rule maldoc_OLE_file_magic_number is excluded.
2024-07-22 13:53:28,487 - INFO - Rule PEiD_01130_Microsoft_Windows_Shortcut_file_ is excluded.
2024-07-22 13:53:28,487 - INFO - Rule Big_Numbers1 is excluded.
2024-07-22 13:53:28,487 - INFO - Rule Big_Numbers2 is excluded.
2024-07-22 13:53:28,487 - INFO - Rule Big_Numbers3 is excluded.
2024-07-22 13:53:28,487 - INFO - Rule ft_ole_cf is excluded.
2024-07-22 13:53:28,487 - INFO - Rule office_magic_bytes is excluded.
2024-07-22 13:53:28,487 - INFO - Rule MSI is excluded.
2024-07-22 13:53:28,525 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms - No viruses detected
2024-07-22 13:53:28,525 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms'
2024-07-22 13:53:28,525 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms' with parts '['f01b4d95cf55d32a', 'automaticDestinations-ms']'
2024-07-22 13:53:28,525 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:28,525 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms'
2024-07-22 13:53:28,530 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini' is not a PE file, skipping worm detection.
2024-07-22 13:53:28,534 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms' is not a PE file, skipping worm detection.
2024-07-22 13:53:28,573 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att' is not a PE file, skipping worm detection.
2024-07-22 13:53:28,573 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att
2024-07-22 13:53:28,573 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini
2024-07-22 13:53:28,573 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini
2024-07-22 13:53:28,577 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:28,577 - INFO - Rule ct_size_1mb_10mb is excluded.
2024-07-22 13:53:28,615 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att - No viruses detected
2024-07-22 13:53:28,615 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att'
2024-07-22 13:53:28,615 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att' with parts '['stdfanger', 'att']'
2024-07-22 13:53:28,615 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:28,624 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att'
2024-07-22 13:53:28,664 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Local\Temp\Stilstandsperioden\shonkinite\nigranilin\Popelike\Conscionable\stdfanger.att' is not a PE file, skipping worm detection.
2024-07-22 13:53:28,664 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
2024-07-22 13:53:28,664 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations: 5f7b5f1e01b83767.automaticDestinations-ms
2024-07-22 13:53:28,664 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
2024-07-22 13:53:28,664 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
2024-07-22 13:53:28,664 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
2024-07-22 13:53:28,737 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini
2024-07-22 13:53:29,433 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
2024-07-22 13:53:29,495 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:29,502 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:53:29,564 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini - No viruses detected
2024-07-22 13:53:29,564 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini'
2024-07-22 13:53:29,594 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini' with parts '['alfred', 'ini']'
2024-07-22 13:53:29,594 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:29,584 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
2024-07-22 13:53:29,985 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini'
2024-07-22 13:53:29,998 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini' is not a PE file, skipping worm detection.
2024-07-22 13:53:30,008 - INFO - Rule head_doc is excluded.
2024-07-22 13:53:30,016 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:30,016 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:53:30,018 - INFO - Rule maldoc_OLE_file_magic_number is excluded.
2024-07-22 13:53:30,018 - INFO - Rule PEiD_01130_Microsoft_Windows_Shortcut_file_ is excluded.
2024-07-22 13:53:30,018 - INFO - Rule Big_Numbers1 is excluded.
2024-07-22 13:53:30,018 - INFO - Rule Big_Numbers2 is excluded.
2024-07-22 13:53:30,018 - INFO - Rule Big_Numbers3 is excluded.
2024-07-22 13:53:30,018 - INFO - Rule spreading_file is excluded.
2024-07-22 13:53:30,018 - INFO - Rule ft_ole_cf is excluded.
2024-07-22 13:53:30,018 - INFO - Rule office_magic_bytes is excluded.
2024-07-22 13:53:30,018 - INFO - Rule MSI is excluded.
2024-07-22 13:53:30,046 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms - No viruses detected
2024-07-22 13:53:30,046 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms'
2024-07-22 13:53:30,046 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms' with parts '['5f7b5f1e01b83767', 'automaticDestinations-ms']'
2024-07-22 13:53:30,046 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:30,046 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms'
2024-07-22 13:53:30,198 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms' is not a PE file, skipping worm detection.
2024-07-22 13:53:30,198 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations: f01b4d95cf55d32a.automaticDestinations-ms
2024-07-22 13:53:30,198 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
2024-07-22 13:53:30,206 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
2024-07-22 13:53:30,215 - INFO - Rule head_doc is excluded.
2024-07-22 13:53:30,215 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:30,215 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:53:30,215 - INFO - Rule maldoc_OLE_file_magic_number is excluded.
2024-07-22 13:53:30,215 - INFO - Rule PEiD_01130_Microsoft_Windows_Shortcut_file_ is excluded.
2024-07-22 13:53:30,215 - INFO - Rule Big_Numbers1 is excluded.
2024-07-22 13:53:30,215 - INFO - Rule Big_Numbers2 is excluded.
2024-07-22 13:53:30,215 - INFO - Rule Big_Numbers3 is excluded.
2024-07-22 13:53:30,215 - INFO - Rule spreading_file is excluded.
2024-07-22 13:53:30,215 - INFO - Rule ft_ole_cf is excluded.
2024-07-22 13:53:30,217 - INFO - Rule office_magic_bytes is excluded.
2024-07-22 13:53:30,217 - INFO - Rule MSI is excluded.
2024-07-22 13:53:30,229 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms - No viruses detected
2024-07-22 13:53:30,229 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms'
2024-07-22 13:53:30,229 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms' with parts '['5f7b5f1e01b83767', 'automaticDestinations-ms']'
2024-07-22 13:53:30,229 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:30,229 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms'
2024-07-22 13:53:30,240 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms' is not a PE file, skipping worm detection.
2024-07-22 13:53:30,240 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
2024-07-22 13:53:30,240 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
2024-07-22 13:53:30,254 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
2024-07-22 13:53:30,300 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
2024-07-22 13:53:30,366 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
2024-07-22 13:53:30,467 - INFO - Rule head_doc is excluded.
2024-07-22 13:53:30,469 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:30,469 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:53:30,469 - INFO - Rule maldoc_OLE_file_magic_number is excluded.
2024-07-22 13:53:30,469 - INFO - Rule PEiD_01130_Microsoft_Windows_Shortcut_file_ is excluded.
2024-07-22 13:53:30,469 - INFO - Rule Big_Numbers1 is excluded.
2024-07-22 13:53:30,469 - INFO - Rule Big_Numbers2 is excluded.
2024-07-22 13:53:30,469 - INFO - Rule Big_Numbers3 is excluded.
2024-07-22 13:53:30,469 - INFO - Rule ft_ole_cf is excluded.
2024-07-22 13:53:30,469 - INFO - Rule office_magic_bytes is excluded.
2024-07-22 13:53:30,469 - INFO - Rule MSI is excluded.
2024-07-22 13:53:30,514 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms - No viruses detected
2024-07-22 13:53:30,514 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms'
2024-07-22 13:53:30,514 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms' with parts '['f01b4d95cf55d32a', 'automaticDestinations-ms']'
2024-07-22 13:53:30,514 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:30,514 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms'
2024-07-22 13:53:30,524 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms' is not a PE file, skipping worm detection.
2024-07-22 13:53:30,587 - INFO - File detected in C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos: alfred.ini
2024-07-22 13:53:30,587 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini
2024-07-22 13:53:30,587 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini
2024-07-22 13:53:30,627 - INFO - Rule head_doc is excluded.
2024-07-22 13:53:30,629 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:30,629 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:53:30,629 - INFO - Rule maldoc_OLE_file_magic_number is excluded.
2024-07-22 13:53:30,629 - INFO - Rule PEiD_01130_Microsoft_Windows_Shortcut_file_ is excluded.
2024-07-22 13:53:30,629 - INFO - Rule Big_Numbers1 is excluded.
2024-07-22 13:53:30,629 - INFO - Rule Big_Numbers2 is excluded.
2024-07-22 13:53:30,629 - INFO - Rule Big_Numbers3 is excluded.
2024-07-22 13:53:30,629 - INFO - Rule ft_ole_cf is excluded.
2024-07-22 13:53:30,629 - INFO - Rule office_magic_bytes is excluded.
2024-07-22 13:53:30,629 - INFO - Rule MSI is excluded.
2024-07-22 13:53:30,650 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms - No viruses detected
2024-07-22 13:53:30,650 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms'
2024-07-22 13:53:30,650 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms' with parts '['f01b4d95cf55d32a', 'automaticDestinations-ms']'
2024-07-22 13:53:30,650 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:30,650 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms'
2024-07-22 13:53:30,709 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms' is not a PE file, skipping worm detection.
2024-07-22 13:53:30,709 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\current\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
2024-07-22 13:53:30,719 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini
2024-07-22 13:53:30,723 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini
2024-07-22 13:53:30,781 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini
2024-07-22 13:53:30,810 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini
2024-07-22 13:53:30,832 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:30,837 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:53:30,908 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini - No viruses detected
2024-07-22 13:53:30,908 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini'
2024-07-22 13:53:30,908 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini' with parts '['alfred', 'ini']'
2024-07-22 13:53:30,908 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:30,908 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini'
2024-07-22 13:53:31,047 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:31,047 - INFO - Rule ct_size_0_1kb is excluded.
2024-07-22 13:53:31,068 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini - No viruses detected
2024-07-22 13:53:31,068 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini'
2024-07-22 13:53:31,068 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini' with parts '['alfred', 'ini']'
2024-07-22 13:53:31,068 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:31,068 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini'
2024-07-22 13:53:31,068 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini' is not a PE file, skipping worm detection.
2024-07-22 13:53:31,070 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini' is not a PE file, skipping worm detection.
2024-07-22 13:53:31,070 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\user\public\Videos\alfred.ini
2024-07-22 13:53:31,077 - INFO - Processed all files in directory: C:\Sandbox\hydradragonantivirus\DefaultBox\user
2024-07-22 13:53:31,077 - INFO - Directory event detected: C:\Sandbox\hydradragonantivirus\DefaultBox\user
2024-07-22 13:53:55,784 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-07-22 13:53:55,784 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-07-22 13:53:55,788 - INFO - Event detected: modified for file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-07-22 13:53:55,789 - INFO - Scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-07-22 13:53:55,796 - INFO - Started scanning file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-07-22 13:53:55,995 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-07-22 13:53:56,112 - INFO - No malware detected by ClamAV in file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-07-22 13:53:56,210 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:56,210 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:53:56,210 - INFO - Rule Big_Numbers1 is excluded.
2024-07-22 13:53:56,210 - INFO - Rule Big_Numbers2 is excluded.
2024-07-22 13:53:56,210 - INFO - Rule Big_Numbers3 is excluded.
2024-07-22 13:53:56,248 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive - No viruses detected
2024-07-22 13:53:56,248 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-07-22 13:53:56,248 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-07-22 13:53:56,248 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:56,248 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-07-22 13:53:56,304 - INFO - Rule ct_size_gt0 is excluded.
2024-07-22 13:53:56,304 - INFO - Rule ct_size_10kb_100kb is excluded.
2024-07-22 13:53:56,304 - INFO - Rule Big_Numbers1 is excluded.
2024-07-22 13:53:56,304 - INFO - Rule Big_Numbers2 is excluded.
2024-07-22 13:53:56,304 - INFO - Rule Big_Numbers3 is excluded.
2024-07-22 13:53:56,347 - INFO - Scanned file with YARA: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive - No viruses detected
2024-07-22 13:53:56,347 - INFO - Running ransomware alert check for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-07-22 13:53:56,347 - INFO - Checking ransomware conditions for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' with parts '['RegHive']'
2024-07-22 13:53:56,347 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' does not have multiple extensions, not flagged as ransomware
2024-07-22 13:53:56,347 - INFO - Running worm detection for file 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive'
2024-07-22 13:53:56,376 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' is not a PE file, skipping worm detection.
2024-07-22 13:53:56,376 - INFO - Processed file: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-07-22 13:53:56,376 - INFO - File modified: C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive
2024-07-22 13:53:56,376 - INFO - File 'C:\Sandbox\hydradragonantivirus\DefaultBox\RegHive' is not a PE file, skipping worm detection.
2024-07-22 13:53:59,795 - INFO - Scanning domain: edge.microsoft.com
2024-07-22 13:54:03,725 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-07-22 13:54:03,846 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-07-22 13:54:03,847 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-07-22 13:54:03,847 - INFO - DNS Answer (IPv4): edge.microsoft.com
2024-07-22 13:54:03,847 - INFO - Scanning domain: edge-microsoft-com.dual-a-0036.a-msedge.net
2024-07-22 13:54:06,186 - INFO - DNS Answer (IPv4): edge-microsoft-com.dual-a-0036.a-msedge.net
2024-07-22 13:54:06,998 - INFO - DNS Query (IPv4): edge.microsoft.com
2024-07-22 13:54:06,998 - INFO - DNS Answer (IPv4): edge.microsoft.com
2024-07-22 13:54:06,998 - INFO - DNS Answer (IPv4): edge-microsoft-com.dual-a-0036.a-msedge.net
2024-07-22 13:54:06,998 - INFO - Scanning domain: dual-a-0036.a-msedge.net
2024-07-22 13:54:07,973 - INFO - DNS Answer (IPv4): dual-a-0036.a-msedge.net
2024-07-22 13:54:10,491 - INFO - DNS Answer (IPv4): dual-a-0036.a-msedge.net
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment