Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 1450887 Details for
Bug 1590545
Clamd fails to run after upgrading to 0.100.0-2
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
libclamav-debug
libclamAV (text/plain), 415.56 KB, created by
Jeffrey Ross
on 2018-06-13 12:24:31 UTC
(
hide
)
Description:
libclamav-debug
Filename:
MIME Type:
Creator:
Jeffrey Ross
Created:
2018-06-13 12:24:31 UTC
Size:
415.56 KB
patch
obsolete
> LibClamAV debug: Initialized 0.100.0 engine > LibClamAV debug: Initializing phishcheck module > LibClamAV debug: Phishcheck: Compiling regex: ^ *(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$ > LibClamAV debug: Phishcheck module initialized > LibClamAV debug: Bytecode initialized in interpreter mode > LibClamAV debug: Loading databases from /var/lib/clamav > LibClamAV debug: /var/lib/clamav/securiteinfo.ign2 loaded > LibClamAV debug: /var/lib/clamav/sigwhitelist.ign2 loaded > LibClamAV debug: in cli_cvdload() > LibClamAV debug: in cli_tgzload() > LibClamAV debug: daily.info loaded > LibClamAV debug: in cli_tgzload_cleanup() > LibClamAV debug: in cli_tgzload() > LibClamAV debug: daily.cfg loaded > LibClamAV debug: daily.ign loaded > LibClamAV debug: hashtab.c:Growing hashtable 0x7f282b7ed2f0, because it has exceeded maxfill, old size:64 > LibClamAV debug: hashtab.c: new capacity: 128 > LibClamAV debug: Table 0x7f282b7ed2f0 size after grow:128 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f282b7ed2f0, because it has exceeded maxfill, old size:128 > LibClamAV debug: hashtab.c: new capacity: 256 > LibClamAV debug: Table 0x7f282b7ed2f0 size after grow:256 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f282b7ed2f0, because it has exceeded maxfill, old size:256 > LibClamAV debug: hashtab.c: new capacity: 512 > LibClamAV debug: Table 0x7f282b7ed2f0 size after grow:512 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f282b7ed2f0, because it has exceeded maxfill, old size:512 > LibClamAV debug: hashtab.c: new capacity: 1024 > LibClamAV debug: Table 0x7f282b7ed2f0 size after grow:1024 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f282b7ed2f0, because it has exceeded maxfill, old size:1024 > LibClamAV debug: hashtab.c: new capacity: 2048 > LibClamAV debug: Table 0x7f282b7ed2f0 size after grow:2048 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f282b7ed2f0, because it has exceeded maxfill, old size:2048 > LibClamAV debug: hashtab.c: new capacity: 4096 > LibClamAV debug: Table 0x7f282b7ed2f0 size after grow:4096 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f282b7ed2f0, because it has exceeded maxfill, old size:4096 > LibClamAV debug: hashtab.c: new capacity: 8192 > LibClamAV debug: Table 0x7f282b7ed2f0 size after grow:8192 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f282b7ed2f0, because it has exceeded maxfill, old size:8192 > LibClamAV debug: hashtab.c: new capacity: 16384 > LibClamAV debug: Table 0x7f282b7ed2f0 size after grow:16384 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f282b7ed2f0, because it has exceeded maxfill, old size:16384 > LibClamAV debug: hashtab.c: new capacity: 32768 > LibClamAV debug: Table 0x7f282b7ed2f0 size after grow:32768 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f282b7ed2f0, because it has exceeded maxfill, old size:32768 > LibClamAV debug: hashtab.c: new capacity: 65536 > LibClamAV debug: Table 0x7f282b7ed2f0 size after grow:65536 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f282b7ed2f0, because it has exceeded maxfill, old size:65536 > LibClamAV debug: hashtab.c: new capacity: 131072 > LibClamAV debug: Table 0x7f282b7ed2f0 size after grow:131072 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f282b7ed2f0, because it has exceeded maxfill, old size:131072 > LibClamAV debug: hashtab.c: new capacity: 262144 > LibClamAV debug: Table 0x7f282b7ed2f0 size after grow:262144 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f282b7ed2f0, because it has exceeded maxfill, old size:262144 > LibClamAV debug: hashtab.c: new capacity: 524288 > LibClamAV debug: Table 0x7f282b7ed2f0 size after grow:524288 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f282b7ed330, because it has exceeded maxfill, old size:64 > LibClamAV debug: hashtab.c: new capacity: 128 > LibClamAV debug: Table 0x7f282b7ed330 size after grow:128 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f282b7ed330, because it has exceeded maxfill, old size:128 > LibClamAV debug: hashtab.c: new capacity: 256 > LibClamAV debug: Table 0x7f282b7ed330 size after grow:256 > LibClamAV debug: daily.hsb loaded > LibClamAV debug: Loading regex_list > LibClamAV debug: daily.wdb loaded > LibClamAV debug: daily.sfp loaded > LibClamAV debug: Initializing engine->root[0] > LibClamAV debug: Initializing AC pattern matcher of root[0] > LibClamAV debug: cli_initroots: Initializing BM tables of root[0] > LibClamAV debug: Initializing engine->root[1] > LibClamAV debug: Initializing AC pattern matcher of root[1] > LibClamAV debug: cli_initroots: Initializing BM tables of root[1] > LibClamAV debug: Initializing engine->root[2] > LibClamAV debug: Initializing AC pattern matcher of root[2] > LibClamAV debug: Initializing engine->root[3] > LibClamAV debug: Initializing AC pattern matcher of root[3] > LibClamAV debug: Initializing engine->root[4] > LibClamAV debug: Initializing AC pattern matcher of root[4] > LibClamAV debug: Initializing engine->root[5] > LibClamAV debug: Initializing AC pattern matcher of root[5] > LibClamAV debug: Initializing engine->root[6] > LibClamAV debug: Initializing AC pattern matcher of root[6] > LibClamAV debug: Initializing engine->root[7] > LibClamAV debug: Initializing AC pattern matcher of root[7] > LibClamAV debug: Initializing engine->root[8] > LibClamAV debug: Initializing AC pattern matcher of root[8] > LibClamAV debug: Initializing engine->root[9] > LibClamAV debug: Initializing AC pattern matcher of root[9] > LibClamAV debug: Initializing engine->root[10] > LibClamAV debug: Initializing AC pattern matcher of root[10] > LibClamAV debug: Initializing engine->root[11] > LibClamAV debug: Initializing AC pattern matcher of root[11] > LibClamAV debug: Initializing engine->root[12] > LibClamAV debug: Initializing AC pattern matcher of root[12] > LibClamAV debug: Initializing engine->root[13] > LibClamAV debug: Initializing AC pattern matcher of root[13] > LibClamAV debug: Initializing engine->root[14] > LibClamAV debug: Initializing AC pattern matcher of root[14] > LibClamAV debug: Ignoring signature Win.Trojan.Win32-2 > LibClamAV debug: Ignoring signature Win.Trojan.Win32-3 > LibClamAV debug: Ignoring signature Html.Exploit.CVE_2016_7241-1 > LibClamAV debug: Ignoring signature Win.Adware.LoadMoney-3644756-1 > LibClamAV debug: daily.ldb loaded > LibClamAV debug: daily.cdb loaded > LibClamAV debug: hashtab.c:Growing hashtable 0x7f282b7ed2f0, because it has exceeded maxfill, old size:524288 > LibClamAV debug: hashtab.c: new capacity: 1048576 > LibClamAV debug: Table 0x7f282b7ed2f0 size after grow:1048576 > LibClamAV debug: daily.hdb loaded > LibClamAV debug: cli_loadcrt: subject: 4a532974c46ae5048824c6da8cfb8e163705b693 > LibClamAV debug: cli_loadcrt: public key: ABCAC1194D5A2DDB91CD71AA7464BEE3EF5CFF333343EFFDA9A43DD193BEDEDD3276FBEF27DD41E3C86D2A44670388D6DB3FDE36F3EE1F96DEA1304CEB49E7355CD0C2AB5A9DA2A599155AE9D3787B5413CB00C0CBBC02AF8A0FF2EF8DE3CFF39F1CB6B001933A0D8FC9ED17C21BC27FFDD85BB0D7960BC7B863722B2503CCEDA1991ACF429908C3DA06DE4D59E399616F7E71269C27041B0425B9209167E1471911222C501D9322646BCFB0DE921542A611476A2E0CB60AA356A7CBE23BC127B8B20062996266539ACF4BD4042CF088E75E61BFFF2AB3FEA4BB5AF8B0D7198CEF14F60BA4F5FECB181D2566125E2854FD8DD65FD7AE665AF723077A5A5F8695 > LibClamAV debug: cli_loadcrt: subject: 113bd86beddebcd4c5f10aa07ab2026b982f4b92 > LibClamAV debug: cli_loadcrt: public key: 00f35dfa8067d45aa7a90c2c9020d035083c7584cdb707899c89dadecec360fa91685a9e94712918767cc2e0c82576940e58fa043436e6dfaff780bae9580b2b93e59d05e3772291f734643c22911d5ee10990bc14fefc755819e179b70792a3ae885908d89f07ca0358fc68296d32d7d2a8cb4bfce10b48324fe6ebb8ad4fe45c6f139499db95d575dba81ab79491b4775bf5480c8f6a797d1470047d6daf90f5da70d847b7bf9b2f6ce705b7e11160ac7991147cc5d6a6e4e17ed5c37ee592d23c00b53682de79e16df3b56ef89f33c9cb527d739836db8ba16ba295979ba3dec24d26ff0696672506c8e7ace4ee1233953199c835084e34ca7953d5b5be6332594036c0a54e044d3ddb5b0733e458bfef3f5364d842593557fd0f457c24044d9ed6387411972290ce684474926fd54b6fb086e3c73642a0d0fcc1c05af9a361b9304771960a16b091c04295ef107f286ae32a1fb1e4cd033f777104c720fc490f1d4588a4d7cb7e88ad8e2dec45dbc45104c92afcec869e9a11975bdece5388e6e2b7fdac95c22840dbef0490df813339d9b245a5238706a5558931bb062d600e41187d1f2eb597cb11eb15d524a594ef151489fd4b73fa325bfcd13300f95962700732ea2eab402d7bcadd21671b30998f16aa23a841d1b06e119b36c4de40749ce15865c1601e7a5b38c88fbb04267cd41640e5b66b6caa86fd00bfcec135 > LibClamAV debug: cli_loadcrt: subject: 113bd86beddebcd4c5f10aa07ab2026b982f4b92 > LibClamAV debug: cli_loadcrt: public key: 00f35dfa8067d45aa7a90c2c9020d035083c7584cdb707899c89dadecec360fa91685a9e94712918767cc2e0c82576940e58fa043436e6dfaff780bae9580b2b93e59d05e3772291f734643c22911d5ee10990bc14fefc755819e179b70792a3ae885908d89f07ca0358fc68296d32d7d2a8cb4bfce10b48324fe6ebb8ad4fe45c6f139499db95d575dba81ab79491b4775bf5480c8f6a797d1470047d6daf90f5da70d847b7bf9b2f6ce705b7e11160ac7991147cc5d6a6e4e17ed5c37ee592d23c00b53682de79e16df3b56ef89f33c9cb527d739836db8ba16ba295979ba3dec24d26ff0696672506c8e7ace4ee1233953199c835084e34ca7953d5b5be6332594036c0a54e044d3ddb5b0733e458bfef3f5364d842593557fd0f457c24044d9ed6387411972290ce684474926fd54b6fb086e3c73642a0d0fcc1c05af9a361b9304771960a16b091c04295ef107f286ae32a1fb1e4cd033f777104c720fc490f1d4588a4d7cb7e88ad8e2dec45dbc45104c92afcec869e9a11975bdece5388e6e2b7fdac95c22840dbef0490df813339d9b245a5238706a5558931bb062d600e41187d1f2eb597cb11eb15d524a594ef151489fd4b73fa325bfcd13300f95962700732ea2eab402d7bcadd21671b30998f16aa23a841d1b06e119b36c4de40749ce15865c1601e7a5b38c88fbb04267cd41640e5b66b6caa86fd00bfcec135 > LibClamAV debug: cli_loadcrt: subject: 113bd86beddebcd4c5f10aa07ab2026b982f4b92 > LibClamAV debug: cli_loadcrt: public key: 00f35dfa8067d45aa7a90c2c9020d035083c7584cdb707899c89dadecec360fa91685a9e94712918767cc2e0c82576940e58fa043436e6dfaff780bae9580b2b93e59d05e3772291f734643c22911d5ee10990bc14fefc755819e179b70792a3ae885908d89f07ca0358fc68296d32d7d2a8cb4bfce10b48324fe6ebb8ad4fe45c6f139499db95d575dba81ab79491b4775bf5480c8f6a797d1470047d6daf90f5da70d847b7bf9b2f6ce705b7e11160ac7991147cc5d6a6e4e17ed5c37ee592d23c00b53682de79e16df3b56ef89f33c9cb527d739836db8ba16ba295979ba3dec24d26ff0696672506c8e7ace4ee1233953199c835084e34ca7953d5b5be6332594036c0a54e044d3ddb5b0733e458bfef3f5364d842593557fd0f457c24044d9ed6387411972290ce684474926fd54b6fb086e3c73642a0d0fcc1c05af9a361b9304771960a16b091c04295ef107f286ae32a1fb1e4cd033f777104c720fc490f1d4588a4d7cb7e88ad8e2dec45dbc45104c92afcec869e9a11975bdece5388e6e2b7fdac95c22840dbef0490df813339d9b245a5238706a5558931bb062d600e41187d1f2eb597cb11eb15d524a594ef151489fd4b73fa325bfcd13300f95962700732ea2eab402d7bcadd21671b30998f16aa23a841d1b06e119b36c4de40749ce15865c1601e7a5b38c88fbb04267cd41640e5b66b6caa86fd00bfcec135 > LibClamAV debug: cli_loadcrt: subject: 113bd86beddebcd4c5f10aa07ab2026b982f4b92 > LibClamAV debug: cli_loadcrt: public key: 00f35dfa8067d45aa7a90c2c9020d035083c7584cdb707899c89dadecec360fa91685a9e94712918767cc2e0c82576940e58fa043436e6dfaff780bae9580b2b93e59d05e3772291f734643c22911d5ee10990bc14fefc755819e179b70792a3ae885908d89f07ca0358fc68296d32d7d2a8cb4bfce10b48324fe6ebb8ad4fe45c6f139499db95d575dba81ab79491b4775bf5480c8f6a797d1470047d6daf90f5da70d847b7bf9b2f6ce705b7e11160ac7991147cc5d6a6e4e17ed5c37ee592d23c00b53682de79e16df3b56ef89f33c9cb527d739836db8ba16ba295979ba3dec24d26ff0696672506c8e7ace4ee1233953199c835084e34ca7953d5b5be6332594036c0a54e044d3ddb5b0733e458bfef3f5364d842593557fd0f457c24044d9ed6387411972290ce684474926fd54b6fb086e3c73642a0d0fcc1c05af9a361b9304771960a16b091c04295ef107f286ae32a1fb1e4cd033f777104c720fc490f1d4588a4d7cb7e88ad8e2dec45dbc45104c92afcec869e9a11975bdece5388e6e2b7fdac95c22840dbef0490df813339d9b245a5238706a5558931bb062d600e41187d1f2eb597cb11eb15d524a594ef151489fd4b73fa325bfcd13300f95962700732ea2eab402d7bcadd21671b30998f16aa23a841d1b06e119b36c4de40749ce15865c1601e7a5b38c88fbb04267cd41640e5b66b6caa86fd00bfcec135 > LibClamAV debug: cli_loadcrt: subject: 9a02278e9cb12876c47ab0bc75dd694e72d1b2bc > LibClamAV debug: cli_loadcrt: public key: 00d62b587861458653ea347b519cedb0e62e180efee05fa827d3b4c9e07c594e160e735460c17ff69f2ee93a8524153cdb470463c39ec4941a5adf4c7af3d9431d3c107a7925db90fef051e730d64100fd9f28df79be94bb9db614e32385d7a941e04ca479b02b1a8bf2f83b8a3e45ac719200b4904198fb5fedfab72e8af88837 > LibClamAV debug: cli_loadcrt: subject: adf79877065ef305eb95b56dbca9e63e9ab40d3b > LibClamAV debug: cli_loadcrt: public key: 00a902bdc170e63bf24e1b289f97785e30eaa2a98d255ff8fe954ca3b7fe9da2203e7c51a29ba28f60326bd1426479eeac76c954daf2eb9c861c8f9f8466b3c56b7a6223d61d3cde0f0192e896c4bf2d669a9a682699d03a2cbf0cb55826c146e70a3e38962ca92839a8ec498342e3840fbb9a6c5561ac827ca1602d774ce999b4643b9a501c310824149fa9e7912b18e63d986314605805659f1d375287f7a7ef9402c61bd3bf5545b38980bf3aec54944eaefda77a6d744eaf18cc96092821005790606937bb4b12073c56ff5bfba4660a08a6d2815657efb63b5e16817704daf6beae8095feb0cd7fd6a71a725c3ccabcf008a32230b30685c9b320771385df > LibClamAV debug: Number of certs: 4 > LibClamAV debug: daily.crb loaded > LibClamAV debug: daily.ndu skipped > LibClamAV debug: Loading regex_list > LibClamAV debug: daily.pdb loaded > LibClamAV debug: hashtab.c:Growing hashtable 0x7f2822c42650, because it has exceeded maxfill, old size:64 > LibClamAV debug: hashtab.c: new capacity: 128 > LibClamAV debug: Table 0x7f2822c42650 size after grow:128 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f2822c42650, because it has exceeded maxfill, old size:128 > LibClamAV debug: hashtab.c: new capacity: 256 > LibClamAV debug: Table 0x7f2822c42650 size after grow:256 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f2822c42650, because it has exceeded maxfill, old size:256 > LibClamAV debug: hashtab.c: new capacity: 512 > LibClamAV debug: Table 0x7f2822c42650 size after grow:512 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f2822c42650, because it has exceeded maxfill, old size:512 > LibClamAV debug: hashtab.c: new capacity: 1024 > LibClamAV debug: Table 0x7f2822c42650 size after grow:1024 > LibClamAV debug: daily.fp loaded > LibClamAV debug: daily.hsu skipped > LibClamAV debug: daily.ldu skipped > LibClamAV debug: daily.idb loaded > LibClamAV debug: daily.ign2 loaded > LibClamAV debug: daily.hdu skipped > LibClamAV debug: daily.ndb loaded > LibClamAV debug: Loaded 147 filetype definitions > LibClamAV debug: daily.ftm loaded > LibClamAV debug: daily.msb loaded > LibClamAV debug: daily.mdu skipped > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5530 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5531 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5657 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f2820239870, because it has exceeded maxfill, old size:64 > LibClamAV debug: hashtab.c: new capacity: 128 > LibClamAV debug: Table 0x7f2820239870 size after grow:128 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6071 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6072 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6452 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f2820239870, because it has exceeded maxfill, old size:128 > LibClamAV debug: hashtab.c: new capacity: 256 > LibClamAV debug: Table 0x7f2820239870 size after grow:256 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f2820239870, because it has exceeded maxfill, old size:256 > LibClamAV debug: hashtab.c: new capacity: 512 > LibClamAV debug: Table 0x7f2820239870 size after grow:512 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f2820239870, because it has exceeded maxfill, old size:512 > LibClamAV debug: hashtab.c: new capacity: 1024 > LibClamAV debug: Table 0x7f2820239870 size after grow:1024 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f2820239870, because it has exceeded maxfill, old size:1024 > LibClamAV debug: hashtab.c: new capacity: 2048 > LibClamAV debug: Table 0x7f2820239870 size after grow:2048 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f2820239870, because it has exceeded maxfill, old size:2048 > LibClamAV debug: hashtab.c: new capacity: 4096 > LibClamAV debug: Table 0x7f2820239870 size after grow:4096 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f2820239870, because it has exceeded maxfill, old size:4096 > LibClamAV debug: hashtab.c: new capacity: 8192 > LibClamAV debug: Table 0x7f2820239870 size after grow:8192 > LibClamAV debug: daily.mdb loaded > LibClamAV debug: daily.msu skipped > LibClamAV debug: in cli_tgzload_cleanup() > LibClamAV debug: /var/lib/clamav/daily.cld loaded > LibClamAV debug: Ignoring signature winnow.trojan.ts.test > LibClamAV debug: /var/lib/clamav/winnow_malware_links.ndb loaded > LibClamAV debug: load_oneyara: attempting to load OITC_pdf_with_emb_docm > LibClamAV debug: load_oneyara: hex string: [{ 25 50 44 46 2d }] => [255044462d] > LibClamAV debug: STRING_IS_ASCII no > LibClamAV debug: load_oneyara: generic string: [EmbeddedFile] => [456d62656464656446696c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [docm)] => [646f636d29] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [JavaScript] => [4a617661536372697074] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [255044462d] [*] [a] > LibClamAV debug: 1: [456d62656464656446696c65] [*] [a] > LibClamAV debug: 2: [646f636d29] [*] [a] > LibClamAV debug: 3: [4a617661536372697074] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.OITC_pdf_with_emb_docm > LibClamAV debug: load_oneyara: attempting to load INDICATOR_IMPLANT_Loader > LibClamAV debug: load_oneyara: hex string: [{F7 C1 00 00 00 04 BA 00 02 00 00 0F 45 C2 F7 C1 00 00 00 20}] => [F7C100000004BA000200000F45C2F7C100000020] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [F7C100000004BA000200000F45C2F7C100000020] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.INDICATOR_IMPLANT_Loader > LibClamAV debug: load_oneyara: attempting to load INDICATOR_Implant_Loader2 > LibClamAV debug: load_oneyara: generic string: [%ws_out%ws] => [2577735f6f7574257773] > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: 0: [2577735f6f7574257773] [*] [w] > LibClamAV debug: load_oneyara: successfully loaded YARA.INDICATOR_Implant_Loader2 > LibClamAV debug: load_oneyara: attempting to load IMPLANT2_3 > LibClamAV debug: load_oneyara: generic string: [miniDionis] => [6d696e6944696f6e6973] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [get_BotID] => [6765745f426f744944] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [TrExtractKey] => [5472457874726163744b6579] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [File {0} has been uploaded in {1}] => [46696c65207b307d20686173206265656e2075706c6f6164656420696e207b317d] > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [Process (pid:{1}) {0} has been started] => [50726f6365737320287069643a7b317d29207b307d20686173206265656e2073746172746564] > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: 0: [6d696e6944696f6e6973] [*] [a] > LibClamAV debug: 1: [6765745f426f744944] [*] [a] > LibClamAV debug: 2: [5472457874726163744b6579] [*] [a] > LibClamAV debug: 3: [46696c65207b307d20686173206265656e2075706c6f6164656420696e207b317d] [*] [w] > LibClamAV debug: 4: [50726f6365737320287069643a7b317d29207b307d20686173206265656e2073746172746564] [*] [w] > LibClamAV debug: load_oneyara: successfully loaded YARA.IMPLANT2_3 > LibClamAV debug: load_oneyara: attempting to load CryptoWall_Resume_phish > LibClamAV debug: load_oneyara: generic string: [my name is ] => [6d79206e616d6520697320] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [resume attached] => [726573756d65206174746163686564] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [my resume is pdf file] => [6d7920726573756d65206973207064662066696c65] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [attached is my resume] => [6174746163686564206973206d7920726573756d65] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [I would appreciate your ] => [4920776f756c64206170707265636961746520796f757220] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [I am looking forward to hearing from you] => [4920616d206c6f6f6b696e6720666f727761726420746f2068656172696e672066726f6d20796f75] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [I look forward to your reply] => [49206c6f6f6b20666f727761726420746f20796f7572207265706c79] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Please message me back] => [506c65617365206d657373616765206d65206261636b] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [our early reply will be appreciated] => [6f7572206561726c79207265706c792077696c6c206265206170707265636961746564] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [attach is my resume] => [617474616368206973206d7920726573756d65] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PDF file is my resume] => [5044462066696c65206973206d7920726573756d65] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Looking forward to see your response] => [4c6f6f6b696e6720666f727761726420746f2073656520796f757220726573706f6e7365] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [6d79206e616d6520697320] [*] [ia] > LibClamAV debug: 1: [726573756d65206174746163686564] [*] [ia] > LibClamAV debug: 2: [6d7920726573756d65206973207064662066696c65] [*] [ia] > LibClamAV debug: 3: [6174746163686564206973206d7920726573756d65] [*] [ia] > LibClamAV debug: 4: [4920776f756c64206170707265636961746520796f757220] [*] [ia] > LibClamAV debug: 5: [4920616d206c6f6f6b696e6720666f727761726420746f2068656172696e672066726f6d20796f75] [*] [ia] > LibClamAV debug: 6: [49206c6f6f6b20666f727761726420746f20796f7572207265706c79] [*] [ia] > LibClamAV debug: 7: [506c65617365206d657373616765206d65206261636b] [*] [ia] > LibClamAV debug: 8: [6f7572206561726c79207265706c792077696c6c206265206170707265636961746564] [*] [ia] > LibClamAV debug: 9: [617474616368206973206d7920726573756d65] [*] [ia] > LibClamAV debug: 10: [5044462066696c65206973206d7920726573756d65] [*] [ia] > LibClamAV debug: 11: [4c6f6f6b696e6720666f727761726420746f2073656520796f757220726573706f6e7365] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.CryptoWall_Resume_phish > LibClamAV debug: load_oneyara: attempting to load java_JSocket_20151217 > LibClamAV debug: load_oneyara: generic string: [PK] => [504b] > LibClamAV debug: STRING_IS_ASCII no > LibClamAV debug: load_oneyara: generic string: [META-INF/MANIFEST.MF] => [4d4554412d494e462f4d414e49464553542e4d46] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Main.class] => [4d61696e2e636c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.dat] => [2e646174] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [b/a/] => [622f612f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [c/a/a/] => [632f612f612f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [504b] [*] [a] > LibClamAV debug: 1: [4d4554412d494e462f4d414e49464553542e4d46] [*] [a] > LibClamAV debug: 2: [4d61696e2e636c617373] [*] [a] > LibClamAV debug: 3: [2e646174] [*] [a] > LibClamAV debug: 4: [622f612f] [*] [a] > LibClamAV debug: 5: [632f612f612f] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.java_JSocket_20151217 > LibClamAV debug: load_oneyara: attempting to load detect_powershell_precursor_downloader > LibClamAV debug: load_oneyara: generic string: [Security.CryPtography.RFc2898DeriveBytes] => [53656375726974792e43727950746f6772617068792e524663323839384465726976654279746573] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Security.Cryptography.CryptoStream] => [53656375726974792e43727970746f6772617068792e43727970746f53747265616d] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [System.IO.BinaryWriter] => [53797374656d2e494f2e42696e617279577269746572] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [System.SecuRity.Cryptography.RijndaelMaNaged] => [53797374656d2e53656375526974792e43727970746f6772617068792e52696a6e6461656c4d614e61676564] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [IO.MemoryStream] => [494f2e4d656d6f727953747265616d] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [sEtRequestHeader] => [73457452657175657374486561646572] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [open(] => [6f70656e28] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Directory.ToString()] => [4469726563746f72792e546f537472696e672829] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Your Personal identification ID] => [596f757220506572736f6e616c206964656e74696669636174696f6e204944] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [53656375726974792e43727950746f6772617068792e524663323839384465726976654279746573] [*] [ia] > LibClamAV debug: 1: [53656375726974792e43727970746f6772617068792e43727970746f53747265616d] [*] [ia] > LibClamAV debug: 2: [53797374656d2e494f2e42696e617279577269746572] [*] [ia] > LibClamAV debug: 3: [53797374656d2e53656375526974792e43727970746f6772617068792e52696a6e6461656c4d614e61676564] [*] [ia] > LibClamAV debug: 4: [494f2e4d656d6f727953747265616d] [*] [ia] > LibClamAV debug: 5: [73457452657175657374486561646572] [*] [ia] > LibClamAV debug: 6: [6f70656e28] [*] [ia] > LibClamAV debug: 7: [4469726563746f72792e546f537472696e672829] [*] [ia] > LibClamAV debug: 8: [596f757220506572736f6e616c206964656e74696669636174696f6e204944] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.detect_powershell_precursor_downloader > LibClamAV debug: load_oneyara: attempting to load kmon_cred_phish > LibClamAV debug: load_oneyara: generic string: [%PDF] => [25504446] > LibClamAV debug: STRING_IS_ASCII no > LibClamAV debug: load_oneyara: generic string: [/Author(K-MONTAGE)] => [2f417574686f72284b2d4d4f4e5441474529] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Action/S/URI/URI(] => [416374696f6e2f532f5552492f55524928] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [25504446] [*] [a] > LibClamAV debug: 1: [2f417574686f72284b2d4d4f4e5441474529] [*] [a] > LibClamAV debug: 2: [416374696f6e2f532f5552492f55524928] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.kmon_cred_phish > LibClamAV debug: load_oneyara: attempting to load rtf_phishing_script_lines > LibClamAV debug: load_oneyara: hex string: [{7B 5C 72 74 66 31}] => [7B5C72746631] > LibClamAV debug: STRING_IS_ASCII no > LibClamAV debug: load_oneyara: generic string: [schtasks /create] => [7363687461736b73202f637265617465] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Select * from Win32_Process] => [53656c656374202a2066726f6d2057696e33325f50726f63657373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [String.fromCharCode((parseInt] => [537472696e672e66726f6d43686172436f646528287061727365496e74] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [if (arguments.length)] => [69662028617267756d656e74732e6c656e67746829] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [7B5C72746631] [*] [a] > LibClamAV debug: 1: [7363687461736b73202f637265617465] [*] [a] > LibClamAV debug: 2: [53656c656374202a2066726f6d2057696e33325f50726f63657373] [*] [a] > LibClamAV debug: 3: [537472696e672e66726f6d43686172436f646528287061727365496e74] [*] [a] > LibClamAV debug: 4: [69662028617267756d656e74732e6c656e67746829] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.rtf_phishing_script_lines > LibClamAV debug: cli_loadyara: loaded 9 of 9 yara signatures from /var/lib/clamav/winnow_malware.yara > LibClamAV debug: /var/lib/clamav/winnow_malware.yara loaded > LibClamAV debug: Ignoring signature SecuriteInfo.com.HTML.Framer.30807.20170 > LibClamAV debug: Ignoring signature SecuriteInfo.com.HTML-2 > LibClamAV debug: Ignoring signature SecuriteInfo.com.JS.Obfus-398 > LibClamAV debug: Ignoring signature SecuriteInfo.com.Phish-8 > LibClamAV debug: Ignoring signature SecuriteInfo.com.AutoIT-11 > LibClamAV debug: Ignoring signature SecuriteInfo.com.AutoIT-21 > LibClamAV debug: Ignoring signature SecuriteInfo.com.AutoIT-32 > LibClamAV debug: Ignoring signature SecuriteInfo.com.Iframe.Gen-100 > LibClamAV debug: Ignoring signature SecuriteInfo.com.JS.Exploit-59 > LibClamAV debug: Ignoring signature SecuriteInfo.com.AutoIT-69 > LibClamAV debug: Ignoring signature SecuriteInfo.com.HTML-1477 > LibClamAV debug: Ignoring signature SecuriteInfo.com.BOO.Cidox.B > LibClamAV debug: Ignoring signature SecuriteInfo.com.EncryptedEXE-1 > LibClamAV debug: /var/lib/clamav/javascript.ndb loaded > LibClamAV debug: load_oneyara: attempting to load Sanesecurity_Spam_test > LibClamAV debug: load_oneyara: generic string: [this is a test rules from Sanesecurity] => [74686973206973206120746573742072756c65732066726f6d2053616e657365637572697479] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [74686973206973206120746573742072756c65732066726f6d2053616e657365637572697479] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_Spam_test > LibClamAV debug: load_oneyara: attempting to load Sanesecurity_Spam_pornspam > LibClamAV debug: load_oneyara: generic string: [F@cking] => [4640636b696e67] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [c0ck] => [6330636b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [pu$$y] => [7075242479] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [$ex] => [246578] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [p0rn] => [7030726e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [$luts] => [246c757473] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [h00kers] => [6830306b657273] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [cre@mpied] => [637265406d70696564] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [f@ck] => [6640636b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [f@cials] => [66406369616c73] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [b00bs] => [6230306273] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [@ss] => [407373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [bl0wjob] => [626c30776a6f62] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [deepthr0at] => [64656570746872306174] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [a$$] => [612424] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [pu**y] => [70752a2a79] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [F*ck] => [462a636b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [nymph0] => [6e796d706830] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [h00kup] => [6830306b7570] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [wh0re] => [7768307265] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [@nal] => [406e616c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [h*rd] => [682a7264] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [[ http:] => [5b20687474703a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [X-Mailer: PHPMailer 5.2.9] => [582d4d61696c65723a205048504d61696c657220352e322e39] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [4640636b696e67] [*] [a] > LibClamAV debug: 1: [6330636b] [*] [a] > LibClamAV debug: 2: [7075242479] [*] [a] > LibClamAV debug: 3: [246578] [*] [a] > LibClamAV debug: 4: [7030726e] [*] [a] > LibClamAV debug: 5: [246c757473] [*] [a] > LibClamAV debug: 6: [6830306b657273] [*] [a] > LibClamAV debug: 7: [637265406d70696564] [*] [a] > LibClamAV debug: 8: [6640636b] [*] [a] > LibClamAV debug: 9: [66406369616c73] [*] [a] > LibClamAV debug: 10: [6230306273] [*] [a] > LibClamAV debug: 11: [407373] [*] [a] > LibClamAV debug: 12: [626c30776a6f62] [*] [a] > LibClamAV debug: 13: [64656570746872306174] [*] [a] > LibClamAV debug: 14: [612424] [*] [a] > LibClamAV debug: 15: [70752a2a79] [*] [a] > LibClamAV debug: 16: [462a636b] [*] [a] > LibClamAV debug: 17: [6e796d706830] [*] [a] > LibClamAV debug: 18: [6830306b7570] [*] [a] > LibClamAV debug: 19: [7768307265] [*] [a] > LibClamAV debug: 20: [406e616c] [*] [a] > LibClamAV debug: 21: [682a7264] [*] [a] > LibClamAV debug: 22: [5b20687474703a] [*] [a] > LibClamAV debug: 23: [582d4d61696c65723a205048504d61696c657220352e322e39] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_Spam_pornspam > LibClamAV debug: cli_loadyara: loaded 2 of 2 yara signatures from /var/lib/clamav/Sanesecurity_spam.yara > LibClamAV debug: /var/lib/clamav/Sanesecurity_spam.yara loaded > LibClamAV debug: /var/lib/clamav/foxhole_generic.cdb loaded > LibClamAV debug: /var/lib/clamav/winnow_malware.hdb loaded > LibClamAV debug: load_oneyara: attempting to load crimepack_jar > LibClamAV debug: load_oneyara: generic string: [r.JM,IM] => [722e4a4d2c494d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [cpak/Crimepack$1.classPK] => [6370616b2f4372696d657061636b24312e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [cpak/KAVS.classPK] => [6370616b2f4b4156532e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [cpak/KAVS.classmQ] => [6370616b2f4b4156532e636c6173736d51] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [cpak/Crimepack$1.classmP[O] => [6370616b2f4372696d657061636b24312e636c6173736d505b4f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/MANIFEST.MF] => [4d4554412d494e462f4d414e49464553542e4d46] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/MANIFEST.MFPK] => [4d4554412d494e462f4d414e49464553542e4d46504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [722e4a4d2c494d] [*] [a] > LibClamAV debug: 1: [6370616b2f4372696d657061636b24312e636c617373504b] [*] [a] > LibClamAV debug: 2: [6370616b2f4b4156532e636c617373504b] [*] [a] > LibClamAV debug: 3: [6370616b2f4b4156532e636c6173736d51] [*] [a] > LibClamAV debug: 4: [6370616b2f4372696d657061636b24312e636c6173736d505b4f] [*] [a] > LibClamAV debug: 5: [4d4554412d494e462f4d414e49464553542e4d46] [*] [a] > LibClamAV debug: 6: [4d4554412d494e462f4d414e49464553542e4d46504b] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.crimepack_jar > LibClamAV debug: load_oneyara: attempting to load crimepack_jar3 > LibClamAV debug: load_oneyara: generic string: [payload.serPK] => [7061796c6f61642e736572504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vE/JD[j] => [76452f4a445b6a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [payload.ser[] => [7061796c6f61642e7365725b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Exploit$2.classPK] => [4578706c6f697424322e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Exploit$2.class] => [4578706c6f697424322e636c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Ho((i/] => [486f2828692f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/MANIFEST.MF] => [4d4554412d494e462f4d414e49464553542e4d46] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [H5641Yk] => [4835363431596b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Exploit$1.classPK] => [4578706c6f697424312e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Payloader.classPK] => [5061796c6f616465722e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [%p6$MCS] => [257036244d4353] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Exploit$1$1.classPK] => [4578706c6f6974243124312e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [7061796c6f61642e736572504b] [*] [a] > LibClamAV debug: 1: [76452f4a445b6a] [*] [a] > LibClamAV debug: 2: [7061796c6f61642e7365725b] [*] [a] > LibClamAV debug: 3: [4578706c6f697424322e636c617373504b] [*] [a] > LibClamAV debug: 4: [4578706c6f697424322e636c617373] [*] [a] > LibClamAV debug: 5: [486f2828692f] [*] [a] > LibClamAV debug: 6: [4d4554412d494e462f4d414e49464553542e4d46] [*] [a] > LibClamAV debug: 7: [4835363431596b] [*] [a] > LibClamAV debug: 8: [4578706c6f697424312e636c617373504b] [*] [a] > LibClamAV debug: 9: [5061796c6f616465722e636c617373504b] [*] [a] > LibClamAV debug: 10: [257036244d4353] [*] [a] > LibClamAV debug: 11: [4578706c6f6974243124312e636c617373504b] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.crimepack_jar3 > LibClamAV debug: cli_loadyara: loaded 2 of 2 yara signatures from /var/lib/clamav/EK_Crimepack.yar > LibClamAV debug: /var/lib/clamav/EK_Crimepack.yar loaded > LibClamAV debug: /var/lib/clamav/bofhland_malware_URL.ndb loaded > LibClamAV debug: Ignoring signature SecuriteInfo.com.TR.Symmi.10218.3878.4124.18740 > LibClamAV debug: Ignoring signature SecuriteInfo.com.Trojan.InstallCore.3235.2036.28907 > LibClamAV debug: Ignoring signature SecuriteInfo.com.TR.Symmi.10218.11.475.2318.11206 > LibClamAV debug: /var/lib/clamav/securiteinfo.hdb loaded > LibClamAV debug: load_oneyara: attempting to load sakura_jar > LibClamAV debug: load_oneyara: generic string: [Rotok.classPK] => [526f746f6b2e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [nnnolg] => [6e6e6e6f6c67] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [X$Z'\4^=aEbIdUmiprsxt}v<] => [58245a275c345e3d6145624964556d6970727378747d763c] > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [()Ljava/util/Set;] => [28294c6a6176612f7574696c2f5365743b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [(Ljava/lang/String;)V] => [284c6a6176612f6c616e672f537472696e673b2956] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Ljava/lang/Exception;] => [4c6a6176612f6c616e672f457863657074696f6e3b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [oooy32] => [6f6f6f793332] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Too.java] => [546f6f2e6a617661] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [bbfwkd] => [626266776b64] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Ljava/lang/Process;] => [4c6a6176612f6c616e672f50726f636573733b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [getParameter] => [676574506172616d65746572] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [length] => [6c656e677468] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Simio.java] => [53696d696f2e6a617661] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Ljavax/swing/JList;] => [4c6a617661782f7377696e672f4a4c6973743b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [-(Ljava/lang/String;)Ljava/lang/StringBuilder;] => [2d284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f537472696e674275696c6465723b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Ljava/io/InputStream;] => [4c6a6176612f696f2f496e70757453747265616d3b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vfnnnrof.exnnnroe] => [76666e6e6e726f662e65786e6e6e726f65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Olsnnfw] => [4f6c736e6e6677] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [526f746f6b2e636c617373504b] [*] [a] > LibClamAV debug: 1: [6e6e6e6f6c67] [*] [a] > LibClamAV debug: 2: [58245a275c345e3d6145624964556d6970727378747d763c] [*] [w] > LibClamAV debug: 3: [28294c6a6176612f7574696c2f5365743b] [*] [a] > LibClamAV debug: 4: [284c6a6176612f6c616e672f537472696e673b2956] [*] [a] > LibClamAV debug: 5: [4c6a6176612f6c616e672f457863657074696f6e3b] [*] [a] > LibClamAV debug: 6: [6f6f6f793332] [*] [a] > LibClamAV debug: 7: [546f6f2e6a617661] [*] [a] > LibClamAV debug: 8: [626266776b64] [*] [a] > LibClamAV debug: 9: [4c6a6176612f6c616e672f50726f636573733b] [*] [a] > LibClamAV debug: 10: [676574506172616d65746572] [*] [a] > LibClamAV debug: 11: [6c656e677468] [*] [a] > LibClamAV debug: 12: [53696d696f2e6a617661] [*] [a] > LibClamAV debug: 13: [4c6a617661782f7377696e672f4a4c6973743b] [*] [a] > LibClamAV debug: 14: [2d284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f537472696e674275696c6465723b] [*] [a] > LibClamAV debug: 15: [4c6a6176612f696f2f496e70757453747265616d3b] [*] [a] > LibClamAV debug: 16: [76666e6e6e726f662e65786e6e6e726f65] [*] [a] > LibClamAV debug: 17: [4f6c736e6e6677] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.sakura_jar > LibClamAV debug: load_oneyara: attempting to load sakura_jar2 > LibClamAV debug: load_oneyara: generic string: [getProperty] => [67657450726f7065727479] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [java/io/FileNotFoundException] => [6a6176612f696f2f46696c654e6f74466f756e64457863657074696f6e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [LLolp;] => [4c4c6f6c703b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [cjhgreshhnuf ] => [636a686772657368686e756620] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [StackMapTable] => [537461636b4d61705461626c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [onfwwa] => [6f6e66777761] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [(C)Ljava/lang/StringBuilder;] => [2843294c6a6176612f6c616e672f537472696e674275696c6465723b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [replace] => [7265706c616365] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [LEsia$fffgss;] => [4c45736961246666666773733b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [<clinit>] => [3c636c696e69743e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [()Ljava/io/InputStream;] => [28294c6a6176612f696f2f496e70757453747265616d3b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [openConnection] => [6f70656e436f6e6e656374696f6e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ gjhgreshhnijhgreshhrtSjhgreshhot.sjhgreshhihjhgreshht;)] => [20676a686772657368686e696a686772657368687274536a686772657368686f742e736a6867726573686869686a68677265736868743b29] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Oi.class] => [4f692e636c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ rjhgreshhorjhgreshhre rajhgreshhv] => [20726a686772657368686f726a6867726573686872652072616a6867726573686876] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [java/lang/String] => [6a6176612f6c616e672f537472696e67] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [java/net/URL] => [6a6176612f6e65742f55524c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Created-By: 1.7.0-b147 (Oracle Corporation)] => [437265617465642d42793a20312e372e302d6231343720284f7261636c6520436f72706f726174696f6e29] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [67657450726f7065727479] [*] [a] > LibClamAV debug: 1: [6a6176612f696f2f46696c654e6f74466f756e64457863657074696f6e] [*] [a] > LibClamAV debug: 2: [4c4c6f6c703b] [*] [a] > LibClamAV debug: 3: [636a686772657368686e756620] [*] [a] > LibClamAV debug: 4: [537461636b4d61705461626c65] [*] [a] > LibClamAV debug: 5: [6f6e66777761] [*] [a] > LibClamAV debug: 6: [2843294c6a6176612f6c616e672f537472696e674275696c6465723b] [*] [a] > LibClamAV debug: 7: [7265706c616365] [*] [a] > LibClamAV debug: 8: [4c45736961246666666773733b] [*] [a] > LibClamAV debug: 9: [3c636c696e69743e] [*] [a] > LibClamAV debug: 10: [28294c6a6176612f696f2f496e70757453747265616d3b] [*] [a] > LibClamAV debug: 11: [6f70656e436f6e6e656374696f6e] [*] [a] > LibClamAV debug: 12: [20676a686772657368686e696a686772657368687274536a686772657368686f742e736a6867726573686869686a68677265736868743b29] [*] [a] > LibClamAV debug: 13: [4f692e636c617373] [*] [a] > LibClamAV debug: 14: [20726a686772657368686f726a6867726573686872652072616a6867726573686876] [*] [a] > LibClamAV debug: 15: [6a6176612f6c616e672f537472696e67] [*] [a] > LibClamAV debug: 16: [6a6176612f6e65742f55524c] [*] [a] > LibClamAV debug: 17: [437265617465642d42793a20312e372e302d6231343720284f7261636c6520436f72706f726174696f6e29] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.sakura_jar2 > LibClamAV debug: cli_loadyara: loaded 2 of 2 yara signatures from /var/lib/clamav/EK_Sakura.yar > LibClamAV debug: /var/lib/clamav/EK_Sakura.yar loaded > LibClamAV debug: /var/lib/clamav/junk.ndb loaded > LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 497 undefined identifier "pe" > LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 512 undefined identifier "pe" > LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 528 undefined identifier "pe" > LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 544 undefined identifier "pe" > LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 557 undefined identifier "pe" > LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 603 undefined identifier "pe" > LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 614 undefined identifier "pe" > LibClamAV debug: load_oneyara: attempting to load DebuggerCheck__PEB > LibClamAV debug: load_oneyara: generic string: [IsDebugged] => [49734465627567676564] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [49734465627567676564] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.DebuggerCheck__PEB > LibClamAV debug: load_oneyara: attempting to load DebuggerCheck__GlobalFlags > LibClamAV debug: load_oneyara: generic string: [NtGlobalFlags] => [4e74476c6f62616c466c616773] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [4e74476c6f62616c466c616773] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.DebuggerCheck__GlobalFlags > LibClamAV debug: load_oneyara: attempting to load DebuggerCheck__QueryInfo > LibClamAV debug: load_oneyara: generic string: [QueryInformationProcess] => [5175657279496e666f726d6174696f6e50726f63657373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [5175657279496e666f726d6174696f6e50726f63657373] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.DebuggerCheck__QueryInfo > LibClamAV debug: load_oneyara: attempting to load DebuggerCheck__RemoteAPI > LibClamAV debug: load_oneyara: generic string: [CheckRemoteDebuggerPresent] => [436865636b52656d6f7465446562756767657250726573656e74] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [436865636b52656d6f7465446562756767657250726573656e74] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.DebuggerCheck__RemoteAPI > LibClamAV debug: load_oneyara: attempting to load DebuggerHiding__Thread > LibClamAV debug: load_oneyara: generic string: [SetInformationThread] => [536574496e666f726d6174696f6e546872656164] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [536574496e666f726d6174696f6e546872656164] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.DebuggerHiding__Thread > LibClamAV debug: load_oneyara: attempting to load DebuggerHiding__Active > LibClamAV debug: load_oneyara: generic string: [DebugActiveProcess] => [446562756741637469766550726f63657373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [446562756741637469766550726f63657373] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.DebuggerHiding__Active > LibClamAV debug: load_oneyara: attempting to load DebuggerException__ConsoleCtrl > LibClamAV debug: load_oneyara: generic string: [GenerateConsoleCtrlEvent] => [47656e6572617465436f6e736f6c654374726c4576656e74] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [47656e6572617465436f6e736f6c654374726c4576656e74] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.DebuggerException__ConsoleCtrl > LibClamAV debug: load_oneyara: attempting to load DebuggerException__SetConsoleCtrl > LibClamAV debug: load_oneyara: generic string: [SetConsoleCtrlHandler] => [536574436f6e736f6c654374726c48616e646c6572] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [536574436f6e736f6c654374726c48616e646c6572] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.DebuggerException__SetConsoleCtrl > LibClamAV debug: load_oneyara: attempting to load ThreadControl__Context > LibClamAV debug: load_oneyara: generic string: [SetThreadContext] => [536574546872656164436f6e74657874] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [536574546872656164436f6e74657874] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.ThreadControl__Context > LibClamAV debug: load_oneyara: attempting to load DebuggerCheck__DrWatson > LibClamAV debug: load_oneyara: generic string: [__invoke__watson] => [5f5f696e766f6b655f5f776174736f6e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [5f5f696e766f6b655f5f776174736f6e] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.DebuggerCheck__DrWatson > LibClamAV debug: load_oneyara: attempting to load SEH__v3 > LibClamAV debug: load_oneyara: generic string: [____except__handler3] => [5f5f5f5f6578636570745f5f68616e646c657233] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [____local__unwind3] => [5f5f5f5f6c6f63616c5f5f756e77696e6433] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [5f5f5f5f6578636570745f5f68616e646c657233] [*] [a] > LibClamAV debug: 1: [5f5f5f5f6c6f63616c5f5f756e77696e6433] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.SEH__v3 > LibClamAV debug: load_oneyara: attempting to load SEH__v4 > LibClamAV debug: load_oneyara: generic string: [____except__handler4] => [5f5f5f5f6578636570745f5f68616e646c657234] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [____local__unwind4] => [5f5f5f5f6c6f63616c5f5f756e77696e6434] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [__XcptFilter] => [5f5f5863707446696c746572] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [5f5f5f5f6578636570745f5f68616e646c657234] [*] [a] > LibClamAV debug: 1: [5f5f5f5f6c6f63616c5f5f756e77696e6434] [*] [a] > LibClamAV debug: 2: [5f5f5863707446696c746572] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.SEH__v4 > LibClamAV debug: load_oneyara: attempting to load SEH__vba > LibClamAV debug: load_oneyara: generic string: [vbaExceptHandler] => [76626145786365707448616e646c6572] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [76626145786365707448616e646c6572] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.SEH__vba > LibClamAV debug: load_oneyara: attempting to load SEH__vectored > LibClamAV debug: load_oneyara: generic string: [AddVectoredExceptionHandler] => [416464566563746f726564457863657074696f6e48616e646c6572] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RemoveVectoredExceptionHandler] => [52656d6f7665566563746f726564457863657074696f6e48616e646c6572] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [416464566563746f726564457863657074696f6e48616e646c6572] [*] [a] > LibClamAV debug: 1: [52656d6f7665566563746f726564457863657074696f6e48616e646c6572] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.SEH__vectored > LibClamAV debug: load_oneyara: attempting to load Check_Dlls > LibClamAV debug: load_oneyara: generic string: [sbiedll.dll] => [73626965646c6c2e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: STRING_IS_FULL_WORD yes > LibClamAV debug: load_oneyara: generic string: [dbghelp.dll] => [64626768656c702e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: STRING_IS_FULL_WORD yes > LibClamAV debug: load_oneyara: generic string: [api_log.dll] => [6170695f6c6f672e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: STRING_IS_FULL_WORD yes > LibClamAV debug: load_oneyara: generic string: [dir_watch.dll] => [6469725f77617463682e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: STRING_IS_FULL_WORD yes > LibClamAV debug: load_oneyara: generic string: [pstorec.dll] => [7073746f7265632e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: STRING_IS_FULL_WORD yes > LibClamAV debug: load_oneyara: generic string: [vmcheck.dll] => [766d636865636b2e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: STRING_IS_FULL_WORD yes > LibClamAV debug: load_oneyara: generic string: [wpespy.dll] => [7770657370792e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: STRING_IS_FULL_WORD yes > LibClamAV debug: 0: [73626965646c6c2e646c6c] [*] [ifwa] > LibClamAV debug: 1: [64626768656c702e646c6c] [*] [ifwa] > LibClamAV debug: 2: [6170695f6c6f672e646c6c] [*] [ifwa] > LibClamAV debug: 3: [6469725f77617463682e646c6c] [*] [ifwa] > LibClamAV debug: 4: [7073746f7265632e646c6c] [*] [ifwa] > LibClamAV debug: 5: [766d636865636b2e646c6c] [*] [ifwa] > LibClamAV debug: 6: [7770657370792e646c6c] [*] [ifwa] > LibClamAV debug: load_oneyara: successfully loaded YARA.Check_Dlls > LibClamAV debug: load_oneyara: attempting to load Check_Qemu_Description > LibClamAV debug: load_oneyara: generic string: [HARDWARE\Description\System] => [48415244574152455c4465736372697074696f6e5c53797374656d] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [SystemBiosVersion] => [53797374656d42696f7356657273696f6e] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [QEMU] => [51454d55] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: 0: [48415244574152455c4465736372697074696f6e5c53797374656d] [*] [iwa] > LibClamAV debug: 1: [53797374656d42696f7356657273696f6e] [*] [iwa] > LibClamAV debug: 2: [51454d55] [*] [iwa] > LibClamAV debug: load_oneyara: successfully loaded YARA.Check_Qemu_Description > LibClamAV debug: load_oneyara: attempting to load Check_Qemu_DeviceMap > LibClamAV debug: load_oneyara: generic string: [HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0] => [48415244574152455c4445564943454d41505c536373695c5363736920506f727420305c536373692042757320305c54617267657420496420305c4c6f676963616c20556e69742049642030] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [Identifier] => [4964656e746966696572] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [QEMU] => [51454d55] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: 0: [48415244574152455c4445564943454d41505c536373695c5363736920506f727420305c536373692042757320305c54617267657420496420305c4c6f676963616c20556e69742049642030] [*] [iwa] > LibClamAV debug: 1: [4964656e746966696572] [*] [iwa] > LibClamAV debug: 2: [51454d55] [*] [iwa] > LibClamAV debug: load_oneyara: successfully loaded YARA.Check_Qemu_DeviceMap > LibClamAV debug: load_oneyara: attempting to load Check_VBox_Description > LibClamAV debug: load_oneyara: generic string: [HARDWARE\Description\System] => [48415244574152455c4465736372697074696f6e5c53797374656d] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [SystemBiosVersion] => [53797374656d42696f7356657273696f6e] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [VBOX] => [56424f58] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: 0: [48415244574152455c4465736372697074696f6e5c53797374656d] [*] [iwa] > LibClamAV debug: 1: [53797374656d42696f7356657273696f6e] [*] [iwa] > LibClamAV debug: 2: [56424f58] [*] [iwa] > LibClamAV debug: load_oneyara: successfully loaded YARA.Check_VBox_Description > LibClamAV debug: load_oneyara: attempting to load Check_VBox_DeviceMap > LibClamAV debug: load_oneyara: generic string: [HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0] => [48415244574152455c4445564943454d41505c536373695c5363736920506f727420305c536373692042757320305c54617267657420496420305c4c6f676963616c20556e69742049642030] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [Identifier] => [4964656e746966696572] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [VBOX] => [56424f58] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: 0: [48415244574152455c4445564943454d41505c536373695c5363736920506f727420305c536373692042757320305c54617267657420496420305c4c6f676963616c20556e69742049642030] [*] [iwa] > LibClamAV debug: 1: [4964656e746966696572] [*] [iwa] > LibClamAV debug: 2: [56424f58] [*] [iwa] > LibClamAV debug: load_oneyara: successfully loaded YARA.Check_VBox_DeviceMap > LibClamAV debug: load_oneyara: attempting to load Check_VBox_Guest_Additions > LibClamAV debug: load_oneyara: generic string: [SOFTWARE\Oracle\VirtualBox Guest Additions] => [534f4654574152455c4f7261636c655c5669727475616c426f78204775657374204164646974696f6e73] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: 0: [534f4654574152455c4f7261636c655c5669727475616c426f78204775657374204164646974696f6e73] [*] [iwa] > LibClamAV debug: load_oneyara: successfully loaded YARA.Check_VBox_Guest_Additions > LibClamAV debug: load_oneyara: attempting to load Check_VBox_VideoDrivers > LibClamAV debug: load_oneyara: generic string: [HARDWARE\Description\System] => [48415244574152455c4465736372697074696f6e5c53797374656d] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [VideoBiosVersion] => [566964656f42696f7356657273696f6e] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [VIRTUALBOX] => [5649525455414c424f58] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: 0: [48415244574152455c4465736372697074696f6e5c53797374656d] [*] [iwa] > LibClamAV debug: 1: [566964656f42696f7356657273696f6e] [*] [iwa] > LibClamAV debug: 2: [5649525455414c424f58] [*] [iwa] > LibClamAV debug: load_oneyara: successfully loaded YARA.Check_VBox_VideoDrivers > LibClamAV debug: load_oneyara: attempting to load Check_VMWare_DeviceMap > LibClamAV debug: load_oneyara: generic string: [HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0] => [48415244574152455c4445564943454d41505c536373695c5363736920506f727420305c536373692042757320305c54617267657420496420305c4c6f676963616c20556e69742049642030] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [Identifier] => [4964656e746966696572] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [VMware] => [564d77617265] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: 0: [48415244574152455c4445564943454d41505c536373695c5363736920506f727420305c536373692042757320305c54617267657420496420305c4c6f676963616c20556e69742049642030] [*] [iwa] > LibClamAV debug: 1: [4964656e746966696572] [*] [iwa] > LibClamAV debug: 2: [564d77617265] [*] [iwa] > LibClamAV debug: load_oneyara: successfully loaded YARA.Check_VMWare_DeviceMap > LibClamAV debug: load_oneyara: attempting to load Check_VmTools > LibClamAV debug: load_oneyara: generic string: [SOFTWARE\VMware, Inc.\VMware Tools] => [534f4654574152455c564d776172652c20496e632e5c564d7761726520546f6f6c73] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: 0: [534f4654574152455c564d776172652c20496e632e5c564d7761726520546f6f6c73] [*] [iwa] > LibClamAV debug: load_oneyara: successfully loaded YARA.Check_VmTools > LibClamAV debug: load_oneyara: attempting to load Check_Wine > LibClamAV debug: load_oneyara: generic string: [wine_get_unix_file_name] => [77696e655f6765745f756e69785f66696c655f6e616d65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [77696e655f6765745f756e69785f66696c655f6e616d65] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.Check_Wine > LibClamAV debug: load_oneyara: attempting to load vmdetect > LibClamAV debug: load_oneyara: hex string: [{56 4D 58 68}] => [564D5868] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: hex string: [{0F 3F 07 0B}] => [0F3F070B] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: hex string: [{66 0F 70 ?? ?? 66 0F DB ?? ?? ?? ?? ?? 66 0F DB ?? ?? ?? ?? ?? 66 0F EF}] => [660F70????660FDB??????????660FDB??????????660FEF] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: hex string: [{45 C7 00 01}] => [45C70001] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: hex string: [{0F 01 0D 00 00 00 00 C3}] => [0F010D00000000C3] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [VMXh] => [564d5868] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Ven_VMware_] => [56656e5f564d776172655f] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Prod_VMware_Virtual_] => [50726f645f564d776172655f5669727475616c5f] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [hgfs.sys] => [686766732e737973] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [mhgfs.sys] => [6d686766732e737973] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [prleth.sys] => [70726c6574682e737973] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [prlfs.sys] => [70726c66732e737973] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [prlmouse.sys] => [70726c6d6f7573652e737973] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [prlvideo.sys] => [70726c766964656f2e737973] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [prl_pv32.sys] => [70726c5f707633322e737973] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vpc-s3.sys] => [7670632d73332e737973] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vmsrvc.sys] => [766d737276632e737973] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vmx86.sys] => [766d7838362e737973] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vmnet.sys] => [766d6e65742e737973] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vmicheartbeat] => [766d6963686561727462656174] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vmicvss] => [766d6963767373] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vmicshutdown] => [766d696373687574646f776e] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vmicexchange] => [766d696365786368616e6765] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vmdebug] => [766d6465627567] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vmmouse] => [766d6d6f757365] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vmtools] => [766d746f6f6c73] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [VMMEMCTL] => [564d4d454d43544c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vmx86] => [766d783836] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vmware] => [766d77617265] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vpcbus] => [767063627573] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vpc-s3] => [7670632d7333] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vpcuhub] => [76706375687562] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [msvmmouf] => [6d73766d6d6f7566] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [xenevtchn] => [78656e65767463686e] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [xennet] => [78656e6e6574] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [xennet6] => [78656e6e657436] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [xensvc] => [78656e737663] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [xenvdb] => [78656e766462] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [XenVMM] => [58656e564d4d] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [VBoxHook.dll] => [56426f78486f6f6b2e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [VBoxService] => [56426f7853657276696365] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [VBoxTray] => [56426f7854726179] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [VBoxMouse] => [56426f784d6f757365] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [VBoxGuest] => [56426f784775657374] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [VBoxSF] => [56426f785346] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [VBoxGuestAdditions] => [56426f7847756573744164646974696f6e73] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [VBOX HARDDISK] => [56424f5820484152444449534b] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [00-05-69] => [30302d30352d3639] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [00:05:69] => [30303a30353a3639] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [000569] => [303030353639] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [00-50-56] => [30302d35302d3536] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [00:50:56] => [30303a35303a3536] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [005056] => [303035303536] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [00-0C-29] => [30302d30432d3239] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [00:0C:29] => [30303a30433a3239] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [000C29] => [303030433239] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [00-1C-14] => [30302d31432d3134] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [00:1C:14] => [30303a31433a3134] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [001C14] => [303031433134] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [08-00-27] => [30382d30302d3237] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [08:00:27] => [30383a30303a3237] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [080027] => [303830303237] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [564D5868] [*] [a] > LibClamAV debug: 1: [0F3F070B] [*] [a] > LibClamAV debug: 2: [660F70????660FDB??????????660FDB??????????660FEF] [*] [a] > LibClamAV debug: 3: [45C70001] [*] [a] > LibClamAV debug: 4: [0F010D00000000C3] [*] [a] > LibClamAV debug: 5: [564d5868] [*] [a] > LibClamAV debug: 6: [56656e5f564d776172655f] [*] [ia] > LibClamAV debug: 7: [50726f645f564d776172655f5669727475616c5f] [*] [ia] > LibClamAV debug: 8: [686766732e737973] [*] [ia] > LibClamAV debug: 9: [6d686766732e737973] [*] [ia] > LibClamAV debug: 10: [70726c6574682e737973] [*] [ia] > LibClamAV debug: 11: [70726c66732e737973] [*] [ia] > LibClamAV debug: 12: [70726c6d6f7573652e737973] [*] [ia] > LibClamAV debug: 13: [70726c766964656f2e737973] [*] [ia] > LibClamAV debug: 14: [70726c5f707633322e737973] [*] [ia] > LibClamAV debug: 15: [7670632d73332e737973] [*] [ia] > LibClamAV debug: 16: [766d737276632e737973] [*] [ia] > LibClamAV debug: 17: [766d7838362e737973] [*] [ia] > LibClamAV debug: 18: [766d6e65742e737973] [*] [ia] > LibClamAV debug: 19: [766d6963686561727462656174] [*] [ia] > LibClamAV debug: 20: [766d6963767373] [*] [ia] > LibClamAV debug: 21: [766d696373687574646f776e] [*] [ia] > LibClamAV debug: 22: [766d696365786368616e6765] [*] [ia] > LibClamAV debug: 23: [766d6465627567] [*] [ia] > LibClamAV debug: 24: [766d6d6f757365] [*] [ia] > LibClamAV debug: 25: [766d746f6f6c73] [*] [ia] > LibClamAV debug: 26: [564d4d454d43544c] [*] [ia] > LibClamAV debug: 27: [766d783836] [*] [ia] > LibClamAV debug: 28: [766d77617265] [*] [ia] > LibClamAV debug: 29: [767063627573] [*] [ia] > LibClamAV debug: 30: [7670632d7333] [*] [ia] > LibClamAV debug: 31: [76706375687562] [*] [ia] > LibClamAV debug: 32: [6d73766d6d6f7566] [*] [ia] > LibClamAV debug: 33: [78656e65767463686e] [*] [ia] > LibClamAV debug: 34: [78656e6e6574] [*] [ia] > LibClamAV debug: 35: [78656e6e657436] [*] [ia] > LibClamAV debug: 36: [78656e737663] [*] [ia] > LibClamAV debug: 37: [78656e766462] [*] [ia] > LibClamAV debug: 38: [58656e564d4d] [*] [ia] > LibClamAV debug: 39: [56426f78486f6f6b2e646c6c] [*] [ia] > LibClamAV debug: 40: [56426f7853657276696365] [*] [ia] > LibClamAV debug: 41: [56426f7854726179] [*] [ia] > LibClamAV debug: 42: [56426f784d6f757365] [*] [ia] > LibClamAV debug: 43: [56426f784775657374] [*] [ia] > LibClamAV debug: 44: [56426f785346] [*] [ia] > LibClamAV debug: 45: [56426f7847756573744164646974696f6e73] [*] [ia] > LibClamAV debug: 46: [56424f5820484152444449534b] [*] [ia] > LibClamAV debug: 47: [30302d30352d3639] [*] [a] > LibClamAV debug: 48: [30303a30353a3639] [*] [a] > LibClamAV debug: 49: [303030353639] [*] [a] > LibClamAV debug: 50: [30302d35302d3536] [*] [a] > LibClamAV debug: 51: [30303a35303a3536] [*] [a] > LibClamAV debug: 52: [303035303536] [*] [a] > LibClamAV debug: 53: [30302d30432d3239] [*] [ia] > LibClamAV debug: 54: [30303a30433a3239] [*] [ia] > LibClamAV debug: 55: [303030433239] [*] [ia] > LibClamAV debug: 56: [30302d31432d3134] [*] [ia] > LibClamAV debug: 57: [30303a31433a3134] [*] [ia] > LibClamAV debug: 58: [303031433134] [*] [ia] > LibClamAV debug: 59: [30382d30302d3237] [*] [a] > LibClamAV debug: 60: [30383a30303a3237] [*] [a] > LibClamAV debug: 61: [303830303237] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.vmdetect > LibClamAV debug: load_oneyara: attempting to load WMI_VM_Detect > LibClamAV debug: load_oneyara: generic string: [\\.\PhysicalDrive0] => [5c5c2e5c506879736963616c447269766530] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: hex string: [{68 5c 40 07 00 [0-5] FF 15}] => [685c400700{0-5}FF15] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SANDBOX] => [53414e44424f58] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [\SAMPLE] => [5c53414d504c45] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [\VIRUS] => [5c5649525553] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [MALTEST] => [4d414c54455354] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [TEQUILABOOMBOOM] => [54455155494c41424f4f4d424f4f4d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [SANDBOX] => [53414e44424f58] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [VIRUS] => [5649525553] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [MALWARE] => [4d414c57415245] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [OLLYDBG] => [4f4c4c59444247] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [WinDbgFrameClass] => [57696e4462674672616d65436c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SELECT Description FROM Win32_VideoController] => [53454c454354204465736372697074696f6e2046524f4d2057696e33325f566964656f436f6e74726f6c6c6572] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [SELECT * FROM Win32_VideoController] => [53454c454354202a2046524f4d2057696e33325f566964656f436f6e74726f6c6c6572] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [virtualbox graphics adapter] => [7669727475616c626f782067726170686963732061646170746572] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vmware svga ii] => [766d776172652073766761206969] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vm additions s3 trio32/64] => [766d206164646974696f6e73207333207472696f33322f3634] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [parallel] => [706172616c6c656c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [remotefx] => [72656d6f74656678] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [cirrus logic] => [636972727573206c6f676963] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [matrox] => [6d6174726f78] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: 0: [5c5c2e5c506879736963616c447269766530] [*] [iwa] > LibClamAV debug: 1: [685c400700{0-5}FF15] [*] [a] > LibClamAV debug: 2: [53414e44424f58] [*] [wa] > LibClamAV debug: 3: [5c53414d504c45] [*] [wa] > LibClamAV debug: 4: [5c5649525553] [*] [wa] > LibClamAV debug: 5: [4d414c54455354] [*] [wa] > LibClamAV debug: 6: [54455155494c41424f4f4d424f4f4d] [*] [wa] > LibClamAV debug: 7: [53414e44424f58] [*] [wa] > LibClamAV debug: 8: [5649525553] [*] [wa] > LibClamAV debug: 9: [4d414c57415245] [*] [wa] > LibClamAV debug: 10: [4f4c4c59444247] [*] [a] > LibClamAV debug: 11: [57696e4462674672616d65436c617373] [*] [a] > LibClamAV debug: 12: [53454c454354204465736372697074696f6e2046524f4d2057696e33325f566964656f436f6e74726f6c6c6572] [*] [iwa] > LibClamAV debug: 13: [53454c454354202a2046524f4d2057696e33325f566964656f436f6e74726f6c6c6572] [*] [iwa] > LibClamAV debug: 14: [7669727475616c626f782067726170686963732061646170746572] [*] [iwa] > LibClamAV debug: 15: [766d776172652073766761206969] [*] [iwa] > LibClamAV debug: 16: [766d206164646974696f6e73207333207472696f33322f3634] [*] [iwa] > LibClamAV debug: 17: [706172616c6c656c] [*] [iwa] > LibClamAV debug: 18: [72656d6f74656678] [*] [iwa] > LibClamAV debug: 19: [636972727573206c6f676963] [*] [iwa] > LibClamAV debug: 20: [6d6174726f78] [*] [iwa] > LibClamAV debug: load_oneyara: successfully loaded YARA.WMI_VM_Detect > LibClamAV debug: load_oneyara: attempting to load anti_dbg > LibClamAV debug: load_oneyara: generic string: [Kernel32.dll] => [4b65726e656c33322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [CheckRemoteDebuggerPresent] => [436865636b52656d6f7465446562756767657250726573656e74] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [IsDebuggerPresent] => [4973446562756767657250726573656e74] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [OutputDebugString] => [4f75747075744465627567537472696e67] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ContinueDebugEvent] => [436f6e74696e756544656275674576656e74] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [DebugActiveProcess] => [446562756741637469766550726f63657373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [4b65726e656c33322e646c6c] [*] [ia] > LibClamAV debug: 1: [436865636b52656d6f7465446562756767657250726573656e74] [*] [a] > LibClamAV debug: 2: [4973446562756767657250726573656e74] [*] [a] > LibClamAV debug: 3: [4f75747075744465627567537472696e67] [*] [a] > LibClamAV debug: 4: [436f6e74696e756544656275674576656e74] [*] [a] > LibClamAV debug: 5: [446562756741637469766550726f63657373] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.anti_dbg > LibClamAV debug: load_oneyara: attempting to load anti_dbgtools > LibClamAV debug: load_oneyara: generic string: [procexp.exe] => [70726f636578702e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [procmon.exe] => [70726f636d6f6e2e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [processmonitor.exe] => [70726f636573736d6f6e69746f722e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [wireshark.exe] => [77697265736861726b2e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [fiddler.exe] => [666964646c65722e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [windbg.exe] => [77696e6462672e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ollydbg.exe] => [6f6c6c796462672e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [winhex.exe] => [77696e6865782e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [processhacker.exe] => [70726f636573736861636b65722e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [hiew32.exe] => [6869657733322e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [\\.\NTICE] => [5c5c2e5c4e54494345] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [\\.\SICE] => [5c5c2e5c53494345] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [\\.\Syser] => [5c5c2e5c5379736572] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [\\.\SyserBoot] => [5c5c2e5c5379736572426f6f74] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [\\.\SyserDbgMsg] => [5c5c2e5c53797365724462674d7367] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [70726f636578702e657865] [*] [ia] > LibClamAV debug: 1: [70726f636d6f6e2e657865] [*] [ia] > LibClamAV debug: 2: [70726f636573736d6f6e69746f722e657865] [*] [ia] > LibClamAV debug: 3: [77697265736861726b2e657865] [*] [ia] > LibClamAV debug: 4: [666964646c65722e657865] [*] [ia] > LibClamAV debug: 5: [77696e6462672e657865] [*] [ia] > LibClamAV debug: 6: [6f6c6c796462672e657865] [*] [ia] > LibClamAV debug: 7: [77696e6865782e657865] [*] [ia] > LibClamAV debug: 8: [70726f636573736861636b65722e657865] [*] [ia] > LibClamAV debug: 9: [6869657733322e657865] [*] [ia] > LibClamAV debug: 10: [5c5c2e5c4e54494345] [*] [a] > LibClamAV debug: 11: [5c5c2e5c53494345] [*] [a] > LibClamAV debug: 12: [5c5c2e5c5379736572] [*] [a] > LibClamAV debug: 13: [5c5c2e5c5379736572426f6f74] [*] [a] > LibClamAV debug: 14: [5c5c2e5c53797365724462674d7367] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.anti_dbgtools > LibClamAV debug: load_oneyara: attempting to load antisb_joesanbox > LibClamAV debug: load_oneyara: generic string: [Software\Microsoft\Windows\CurrentVersion] => [536f6674776172655c4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RegQueryValue] => [526567517565727956616c7565] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [55274-640-2673064-23950] => [35353237342d3634302d323637333036342d3233393530] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [536f6674776172655c4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e] [*] [ia] > LibClamAV debug: 1: [526567517565727956616c7565] [*] [a] > LibClamAV debug: 2: [35353237342d3634302d323637333036342d3233393530] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.antisb_joesanbox > LibClamAV debug: load_oneyara: attempting to load antisb_anubis > LibClamAV debug: load_oneyara: generic string: [Software\Microsoft\Windows\CurrentVersion] => [536f6674776172655c4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RegQueryValue] => [526567517565727956616c7565] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [76487-337-8429955-22614] => [37363438372d3333372d383432393935352d3232363134] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [76487-640-1457236-23837] => [37363438372d3634302d313435373233362d3233383337] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [536f6674776172655c4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e] [*] [ia] > LibClamAV debug: 1: [526567517565727956616c7565] [*] [a] > LibClamAV debug: 2: [37363438372d3333372d383432393935352d3232363134] [*] [a] > LibClamAV debug: 3: [37363438372d3634302d313435373233362d3233383337] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.antisb_anubis > LibClamAV debug: load_oneyara: attempting to load antisb_threatExpert > LibClamAV debug: load_oneyara: generic string: [dbghelp.dll] => [64626768656c702e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [64626768656c702e646c6c] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.antisb_threatExpert > LibClamAV debug: load_oneyara: attempting to load antisb_sandboxie > LibClamAV debug: load_oneyara: generic string: [SbieDLL.dll] => [53626965444c4c2e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [53626965444c4c2e646c6c] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.antisb_sandboxie > LibClamAV debug: load_oneyara: attempting to load antisb_cwsandbox > LibClamAV debug: load_oneyara: generic string: [Software\Microsoft\Windows\CurrentVersion] => [536f6674776172655c4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [76487-644-3177037-23510] => [37363438372d3634342d333137373033372d3233353130] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [536f6674776172655c4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e] [*] [ia] > LibClamAV debug: 1: [37363438372d3634342d333137373033372d3233353130] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.antisb_cwsandbox > LibClamAV debug: load_oneyara: attempting to load antivm_virtualbox > LibClamAV debug: load_oneyara: generic string: [VBoxService.exe] => [56426f78536572766963652e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [56426f78536572766963652e657865] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.antivm_virtualbox > LibClamAV debug: load_oneyara: attempting to load antivm_vmware > LibClamAV debug: load_oneyara: generic string: [vmware.exe] => [766d776172652e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vmware-authd.exe] => [766d776172652d61757468642e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vmware-hostd.exe] => [766d776172652d686f7374642e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vmware-tray.exe] => [766d776172652d747261792e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vmware-vmx.exe] => [766d776172652d766d782e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vmnetdhcp.exe] => [766d6e6574646863702e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vpxclient.exe] => [767078636c69656e742e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: hex string: [{ b868584d56bb00000000b90a000000ba58560000ed }] => [b868584d56bb00000000b90a000000ba58560000ed] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [766d776172652e657865] [*] [ia] > LibClamAV debug: 1: [766d776172652d61757468642e657865] [*] [ia] > LibClamAV debug: 2: [766d776172652d686f7374642e657865] [*] [ia] > LibClamAV debug: 3: [766d776172652d747261792e657865] [*] [ia] > LibClamAV debug: 4: [766d776172652d766d782e657865] [*] [ia] > LibClamAV debug: 5: [766d6e6574646863702e657865] [*] [ia] > LibClamAV debug: 6: [767078636c69656e742e657865] [*] [ia] > LibClamAV debug: 7: [b868584d56bb00000000b90a000000ba58560000ed] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.antivm_vmware > LibClamAV debug: load_oneyara: attempting to load antivm_bios > LibClamAV debug: load_oneyara: generic string: [HARDWARE\DESCRIPTION\System] => [48415244574152455c4445534352495054494f4e5c53797374656d] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [HARDWARE\DESCRIPTION\System\BIOS] => [48415244574152455c4445534352495054494f4e5c53797374656d5c42494f53] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RegQueryValue] => [526567517565727956616c7565] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SystemBiosVersion] => [53797374656d42696f7356657273696f6e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [VideoBiosVersion] => [566964656f42696f7356657273696f6e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SystemManufacturer] => [53797374656d4d616e756661637475726572] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [48415244574152455c4445534352495054494f4e5c53797374656d] [*] [ia] > LibClamAV debug: 1: [48415244574152455c4445534352495054494f4e5c53797374656d5c42494f53] [*] [ia] > LibClamAV debug: 2: [526567517565727956616c7565] [*] [a] > LibClamAV debug: 3: [53797374656d42696f7356657273696f6e] [*] [a] > LibClamAV debug: 4: [566964656f42696f7356657273696f6e] [*] [a] > LibClamAV debug: 5: [53797374656d4d616e756661637475726572] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.antivm_bios > LibClamAV debug: load_oneyara: attempting to load disable_antivirus > LibClamAV debug: load_oneyara: generic string: [Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun] => [536f6674776172655c4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e5c506f6c69636965735c4578706c6f7265725c446973616c6c6f7752756e] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Software\Microsoft\Windows\CurrentVersion\Uninstall\] => [536f6674776172655c4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e5c556e696e7374616c6c5c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SOFTWARE\Policies\Microsoft\Windows Defender] => [534f4654574152455c506f6c69636965735c4d6963726f736f66745c57696e646f777320446566656e646572] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RegSetValue] => [52656753657456616c7565] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [AntiVirusDisableNotify] => [416e7469566972757344697361626c654e6f74696679] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [DontReportInfectionInformation] => [446f6e745265706f7274496e66656374696f6e496e666f726d6174696f6e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [DisableAntiSpyware] => [44697361626c65416e746953707977617265] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RunInvalidSignatures] => [52756e496e76616c69645369676e617475726573] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [AntiVirusOverride] => [416e746956697275734f76657272696465] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [CheckExeSignatures] => [436865636b4578655369676e617475726573] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [blackd.exe] => [626c61636b642e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [blackice.exe] => [626c61636b6963652e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [lockdown.exe] => [6c6f636b646f776e2e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [lockdown2000.exe] => [6c6f636b646f776e323030302e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [taskkill.exe] => [7461736b6b696c6c2e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [tskill.exe] => [74736b696c6c2e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [smc.exe] => [736d632e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [sniffem.exe] => [736e696666656d2e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [zapro.exe] => [7a6170726f2e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [zlclient.exe] => [7a6c636c69656e742e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [zonealarm.exe] => [7a6f6e65616c61726d2e657865] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [536f6674776172655c4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e5c506f6c69636965735c4578706c6f7265725c446973616c6c6f7752756e] [*] [ia] > LibClamAV debug: 1: [536f6674776172655c4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e5c556e696e7374616c6c5c] [*] [ia] > LibClamAV debug: 2: [534f4654574152455c506f6c69636965735c4d6963726f736f66745c57696e646f777320446566656e646572] [*] [ia] > LibClamAV debug: 3: [52656753657456616c7565] [*] [a] > LibClamAV debug: 4: [416e7469566972757344697361626c654e6f74696679] [*] [a] > LibClamAV debug: 5: [446f6e745265706f7274496e66656374696f6e496e666f726d6174696f6e] [*] [a] > LibClamAV debug: 6: [44697361626c65416e746953707977617265] [*] [a] > LibClamAV debug: 7: [52756e496e76616c69645369676e617475726573] [*] [a] > LibClamAV debug: 8: [416e746956697275734f76657272696465] [*] [a] > LibClamAV debug: 9: [436865636b4578655369676e617475726573] [*] [a] > LibClamAV debug: 10: [626c61636b642e657865] [*] [ia] > LibClamAV debug: 11: [626c61636b6963652e657865] [*] [ia] > LibClamAV debug: 12: [6c6f636b646f776e2e657865] [*] [ia] > LibClamAV debug: 13: [6c6f636b646f776e323030302e657865] [*] [ia] > LibClamAV debug: 14: [7461736b6b696c6c2e657865] [*] [ia] > LibClamAV debug: 15: [74736b696c6c2e657865] [*] [ia] > LibClamAV debug: 16: [736d632e657865] [*] [ia] > LibClamAV debug: 17: [736e696666656d2e657865] [*] [ia] > LibClamAV debug: 18: [7a6170726f2e657865] [*] [ia] > LibClamAV debug: 19: [7a6c636c69656e742e657865] [*] [ia] > LibClamAV debug: 20: [7a6f6e65616c61726d2e657865] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.disable_antivirus > LibClamAV debug: load_oneyara: attempting to load disable_uax > LibClamAV debug: load_oneyara: generic string: [SOFTWARE\Microsoft\Security Center] => [534f4654574152455c4d6963726f736f66745c53656375726974792043656e746572] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [UACDisableNotify] => [55414344697361626c654e6f74696679] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [534f4654574152455c4d6963726f736f66745c53656375726974792043656e746572] [*] [ia] > LibClamAV debug: 1: [55414344697361626c654e6f74696679] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.disable_uax > LibClamAV debug: load_oneyara: attempting to load disable_firewall > LibClamAV debug: load_oneyara: generic string: [SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy] => [53595354454d5c43757272656e74436f6e74726f6c5365745c53657276696365735c5368617265644163636573735c506172616d65746572735c4669726577616c6c506f6c696379] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RegSetValue] => [52656753657456616c7565] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FirewallPolicy] => [4669726577616c6c506f6c696379] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [EnableFirewall] => [456e61626c654669726577616c6c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FirewallDisableNotify] => [4669726577616c6c44697361626c654e6f74696679] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [netsh firewall add allowedprogram] => [6e65747368206669726577616c6c2061646420616c6c6f77656470726f6772616d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [53595354454d5c43757272656e74436f6e74726f6c5365745c53657276696365735c5368617265644163636573735c506172616d65746572735c4669726577616c6c506f6c696379] [*] [ia] > LibClamAV debug: 1: [52656753657456616c7565] [*] [a] > LibClamAV debug: 2: [4669726577616c6c506f6c696379] [*] [a] > LibClamAV debug: 3: [456e61626c654669726577616c6c] [*] [a] > LibClamAV debug: 4: [4669726577616c6c44697361626c654e6f74696679] [*] [a] > LibClamAV debug: 5: [6e65747368206669726577616c6c2061646420616c6c6f77656470726f6772616d] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.disable_firewall > LibClamAV debug: load_oneyara: attempting to load disable_registry > LibClamAV debug: load_oneyara: generic string: [SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] => [534f4654574152455c4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e5c506f6c69636965735c53797374656d] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RegSetValue] => [52656753657456616c7565] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [DisableRegistryTools] => [44697361626c655265676973747279546f6f6c73] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [DisableRegedit] => [44697361626c6552656765646974] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [534f4654574152455c4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e5c506f6c69636965735c53797374656d] [*] [ia] > LibClamAV debug: 1: [52656753657456616c7565] [*] [a] > LibClamAV debug: 2: [44697361626c655265676973747279546f6f6c73] [*] [a] > LibClamAV debug: 3: [44697361626c6552656765646974] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.disable_registry > LibClamAV debug: load_oneyara: attempting to load disable_dep > LibClamAV debug: load_oneyara: generic string: [EnableExecuteProtectionSupport] => [456e61626c654578656375746550726f74656374696f6e537570706f7274] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [NtSetInformationProcess] => [4e74536574496e666f726d6174696f6e50726f63657373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [VirtualProctectEx] => [5669727475616c50726f63746563744578] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SetProcessDEPPolicy] => [53657450726f63657373444550506f6c696379] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ZwProtectVirtualMemory] => [5a7750726f746563745669727475616c4d656d6f7279] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [456e61626c654578656375746550726f74656374696f6e537570706f7274] [*] [a] > LibClamAV debug: 1: [4e74536574496e666f726d6174696f6e50726f63657373] [*] [a] > LibClamAV debug: 2: [5669727475616c50726f63746563744578] [*] [a] > LibClamAV debug: 3: [53657450726f63657373444550506f6c696379] [*] [a] > LibClamAV debug: 4: [5a7750726f746563745669727475616c4d656d6f7279] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.disable_dep > LibClamAV debug: load_oneyara: attempting to load disable_taskmanager > LibClamAV debug: load_oneyara: generic string: [SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] => [534f4654574152455c4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e5c506f6c69636965735c53797374656d] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [DisableTaskMgr] => [44697361626c655461736b4d6772] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [534f4654574152455c4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e5c506f6c69636965735c53797374656d] [*] [ia] > LibClamAV debug: 1: [44697361626c655461736b4d6772] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.disable_taskmanager > LibClamAV debug: load_oneyara: attempting to load inject_thread > LibClamAV debug: load_oneyara: generic string: [OpenProcess] => [4f70656e50726f63657373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [VirtualAllocEx] => [5669727475616c416c6c6f634578] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [NtWriteVirtualMemory] => [4e7457726974655669727475616c4d656d6f7279] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [WriteProcessMemory] => [577269746550726f636573734d656d6f7279] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [CreateRemoteThread] => [43726561746552656d6f7465546872656164] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [CreateThread] => [437265617465546872656164] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [OpenProcess] => [4f70656e50726f63657373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [4f70656e50726f63657373] [*] [a] > LibClamAV debug: 1: [5669727475616c416c6c6f634578] [*] [a] > LibClamAV debug: 2: [4e7457726974655669727475616c4d656d6f7279] [*] [a] > LibClamAV debug: 3: [577269746550726f636573734d656d6f7279] [*] [a] > LibClamAV debug: 4: [43726561746552656d6f7465546872656164] [*] [a] > LibClamAV debug: 5: [437265617465546872656164] [*] [a] > LibClamAV debug: 6: [4f70656e50726f63657373] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.inject_thread > LibClamAV debug: load_oneyara: attempting to load hijack_network > LibClamAV debug: load_oneyara: generic string: [SOFTWARE\Classes\PROTOCOLS\Handler] => [534f4654574152455c436c61737365735c50524f544f434f4c535c48616e646c6572] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SOFTWARE\Classes\PROTOCOLS\Filter] => [534f4654574152455c436c61737365735c50524f544f434f4c535c46696c746572] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer] => [4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e5c496e7465726e65742053657474696e67735c50726f7879536572766572] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [software\microsoft\windows\currentversion\internet settings\proxyenable] => [736f6674776172655c6d6963726f736f66745c77696e646f77735c63757272656e7476657273696f6e5c696e7465726e65742073657474696e67735c70726f7879656e61626c65] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [drivers\etc\hosts] => [647269766572735c6574635c686f737473] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [534f4654574152455c436c61737365735c50524f544f434f4c535c48616e646c6572] [*] [ia] > LibClamAV debug: 1: [534f4654574152455c436c61737365735c50524f544f434f4c535c46696c746572] [*] [ia] > LibClamAV debug: 2: [4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e5c496e7465726e65742053657474696e67735c50726f7879536572766572] [*] [ia] > LibClamAV debug: 3: [736f6674776172655c6d6963726f736f66745c77696e646f77735c63757272656e7476657273696f6e5c696e7465726e65742073657474696e67735c70726f7879656e61626c65] [*] [ia] > LibClamAV debug: 4: [647269766572735c6574635c686f737473] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.hijack_network > LibClamAV debug: load_oneyara: attempting to load create_service > LibClamAV debug: load_oneyara: generic string: [Advapi32.dll] => [41647661706933322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [CreateService] => [43726561746553657276696365] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ControlService] => [436f6e74726f6c53657276696365] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [StartService] => [537461727453657276696365] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [QueryServiceStatus] => [517565727953657276696365537461747573] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [41647661706933322e646c6c] [*] [ia] > LibClamAV debug: 1: [43726561746553657276696365] [*] [a] > LibClamAV debug: 2: [436f6e74726f6c53657276696365] [*] [a] > LibClamAV debug: 3: [537461727453657276696365] [*] [a] > LibClamAV debug: 4: [517565727953657276696365537461747573] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.create_service > LibClamAV debug: load_oneyara: attempting to load create_com_service > LibClamAV debug: load_oneyara: generic string: [DllCanUnloadNow] => [446c6c43616e556e6c6f61644e6f77] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [DllGetClassObject] => [446c6c476574436c6173734f626a656374] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [DllInstall] => [446c6c496e7374616c6c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [DllRegisterServer] => [446c6c5265676973746572536572766572] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [DllUnregisterServer] => [446c6c556e7265676973746572536572766572] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [446c6c43616e556e6c6f61644e6f77] [*] [ia] > LibClamAV debug: 1: [446c6c476574436c6173734f626a656374] [*] [a] > LibClamAV debug: 2: [446c6c496e7374616c6c] [*] [a] > LibClamAV debug: 3: [446c6c5265676973746572536572766572] [*] [a] > LibClamAV debug: 4: [446c6c556e7265676973746572536572766572] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.create_com_service > LibClamAV debug: load_oneyara: attempting to load network_udp_sock > LibClamAV debug: load_oneyara: generic string: [Ws2_32.dll] => [5773325f33322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [System.Net] => [53797374656d2e4e6574] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [wsock32.dll] => [77736f636b33322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [WSAStartup] => [57534153746172747570] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [sendto] => [73656e64746f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [recvfrom] => [7265637666726f6d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [WSASendTo] => [57534153656e64546f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [WSARecvFrom] => [5753415265637646726f6d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [UdpClient] => [556470436c69656e74] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [5773325f33322e646c6c] [*] [ia] > LibClamAV debug: 1: [53797374656d2e4e6574] [*] [ia] > LibClamAV debug: 2: [77736f636b33322e646c6c] [*] [ia] > LibClamAV debug: 3: [57534153746172747570] [*] [a] > LibClamAV debug: 4: [73656e64746f] [*] [a] > LibClamAV debug: 5: [7265637666726f6d] [*] [a] > LibClamAV debug: 6: [57534153656e64546f] [*] [a] > LibClamAV debug: 7: [5753415265637646726f6d] [*] [a] > LibClamAV debug: 8: [556470436c69656e74] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.network_udp_sock > LibClamAV debug: load_oneyara: attempting to load network_tcp_listen > LibClamAV debug: load_oneyara: generic string: [Ws2_32.dll] => [5773325f33322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Mswsock.dll] => [4d7377736f636b2e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [System.Net] => [53797374656d2e4e6574] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [wsock32.dll] => [77736f636b33322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [bind] => [62696e64] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [accept] => [616363657074] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [GetAcceptExSockaddrs] => [4765744163636570744578536f636b6164647273] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [AcceptEx] => [4163636570744578] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [WSAStartup] => [57534153746172747570] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [WSAAccept] => [575341416363657074] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [WSASocket] => [575341536f636b6574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [TcpListener] => [5463704c697374656e6572] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [AcceptTcpClient] => [416363657074546370436c69656e74] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [listen] => [6c697374656e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [5773325f33322e646c6c] [*] [ia] > LibClamAV debug: 1: [4d7377736f636b2e646c6c] [*] [ia] > LibClamAV debug: 2: [53797374656d2e4e6574] [*] [ia] > LibClamAV debug: 3: [77736f636b33322e646c6c] [*] [ia] > LibClamAV debug: 4: [62696e64] [*] [a] > LibClamAV debug: 5: [616363657074] [*] [a] > LibClamAV debug: 6: [4765744163636570744578536f636b6164647273] [*] [a] > LibClamAV debug: 7: [4163636570744578] [*] [a] > LibClamAV debug: 8: [57534153746172747570] [*] [a] > LibClamAV debug: 9: [575341416363657074] [*] [a] > LibClamAV debug: 10: [575341536f636b6574] [*] [a] > LibClamAV debug: 11: [5463704c697374656e6572] [*] [a] > LibClamAV debug: 12: [416363657074546370436c69656e74] [*] [a] > LibClamAV debug: 13: [6c697374656e] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.network_tcp_listen > LibClamAV debug: load_oneyara: attempting to load network_dyndns > LibClamAV debug: load_oneyara: generic string: [.no-ip.org] => [2e6e6f2d69702e6f7267] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.publicvm.com] => [2e7075626c6963766d2e636f6d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.linkpc.net] => [2e6c696e6b70632e6e6574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.dynu.com] => [2e64796e752e636f6d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.dynu.net] => [2e64796e752e6e6574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.afraid.org] => [2e6166726169642e6f7267] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.chickenkiller.com] => [2e636869636b656e6b696c6c65722e636f6d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.crabdance.com] => [2e6372616264616e63652e636f6d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.ignorelist.com] => [2e69676e6f72656c6973742e636f6d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.jumpingcrab.com] => [2e6a756d70696e67637261622e636f6d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.moo.com] => [2e6d6f6f2e636f6d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.strangled.com] => [2e737472616e676c65642e636f6d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.twillightparadox.com] => [2e7477696c6c6967687470617261646f782e636f6d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.us.to] => [2e75732e746f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.strangled.net] => [2e737472616e676c65642e6e6574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.info.tm] => [2e696e666f2e746d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.homenet.org] => [2e686f6d656e65742e6f7267] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.biz.tm] => [2e62697a2e746d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.continent.kz] => [2e636f6e74696e656e742e6b7a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.ax.lt] => [2e61782e6c74] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.system-ns.com] => [2e73797374656d2d6e732e636f6d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.adultdns.com] => [2e6164756c74646e732e636f6d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.craftx.biz] => [2e6372616674782e62697a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.ddns01.com] => [2e64646e7330312e636f6d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.dns53.biz] => [2e646e7335332e62697a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.dnsapi.info] => [2e646e736170692e696e666f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.dnsd.info] => [2e646e73642e696e666f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.dnsdynamic.com] => [2e646e7364796e616d69632e636f6d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.dnsdynamic.net] => [2e646e7364796e616d69632e6e6574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.dnsget.org] => [2e646e736765742e6f7267] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.fe100.net] => [2e66653130302e6e6574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.flashserv.net] => [2e666c617368736572762e6e6574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.ftp21.net] => [2e66747032312e6e6574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [2e6e6f2d69702e6f7267] [*] [a] > LibClamAV debug: 1: [2e7075626c6963766d2e636f6d] [*] [a] > LibClamAV debug: 2: [2e6c696e6b70632e6e6574] [*] [a] > LibClamAV debug: 3: [2e64796e752e636f6d] [*] [a] > LibClamAV debug: 4: [2e64796e752e6e6574] [*] [a] > LibClamAV debug: 5: [2e6166726169642e6f7267] [*] [a] > LibClamAV debug: 6: [2e636869636b656e6b696c6c65722e636f6d] [*] [a] > LibClamAV debug: 7: [2e6372616264616e63652e636f6d] [*] [a] > LibClamAV debug: 8: [2e69676e6f72656c6973742e636f6d] [*] [a] > LibClamAV debug: 9: [2e6a756d70696e67637261622e636f6d] [*] [a] > LibClamAV debug: 10: [2e6d6f6f2e636f6d] [*] [a] > LibClamAV debug: 11: [2e737472616e676c65642e636f6d] [*] [a] > LibClamAV debug: 12: [2e7477696c6c6967687470617261646f782e636f6d] [*] [a] > LibClamAV debug: 13: [2e75732e746f] [*] [a] > LibClamAV debug: 14: [2e737472616e676c65642e6e6574] [*] [a] > LibClamAV debug: 15: [2e696e666f2e746d] [*] [a] > LibClamAV debug: 16: [2e686f6d656e65742e6f7267] [*] [a] > LibClamAV debug: 17: [2e62697a2e746d] [*] [a] > LibClamAV debug: 18: [2e636f6e74696e656e742e6b7a] [*] [a] > LibClamAV debug: 19: [2e61782e6c74] [*] [a] > LibClamAV debug: 20: [2e73797374656d2d6e732e636f6d] [*] [a] > LibClamAV debug: 21: [2e6164756c74646e732e636f6d] [*] [a] > LibClamAV debug: 22: [2e6372616674782e62697a] [*] [a] > LibClamAV debug: 23: [2e64646e7330312e636f6d] [*] [a] > LibClamAV debug: 24: [2e646e7335332e62697a] [*] [a] > LibClamAV debug: 25: [2e646e736170692e696e666f] [*] [a] > LibClamAV debug: 26: [2e646e73642e696e666f] [*] [a] > LibClamAV debug: 27: [2e646e7364796e616d69632e636f6d] [*] [a] > LibClamAV debug: 28: [2e646e7364796e616d69632e6e6574] [*] [a] > LibClamAV debug: 29: [2e646e736765742e6f7267] [*] [a] > LibClamAV debug: 30: [2e66653130302e6e6574] [*] [a] > LibClamAV debug: 31: [2e666c617368736572762e6e6574] [*] [a] > LibClamAV debug: 32: [2e66747032312e6e6574] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.network_dyndns > LibClamAV debug: load_oneyara: attempting to load network_toredo > LibClamAV debug: load_oneyara: generic string: [FirewallAPI.dll] => [4669726577616c6c4150492e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\] => [5c43757272656e74436f6e74726f6c5365745c53657276696365735c5463706970365c506172616d65746572735c496e74657266616365735c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [4669726577616c6c4150492e646c6c] [*] [ia] > LibClamAV debug: 1: [5c43757272656e74436f6e74726f6c5365745c53657276696365735c5463706970365c506172616d65746572735c496e74657266616365735c] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.network_toredo > LibClamAV debug: load_oneyara: attempting to load network_smtp_dotNet > LibClamAV debug: load_oneyara: generic string: [System.Net.Mail] => [53797374656d2e4e65742e4d61696c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SmtpClient] => [536d7470436c69656e74] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [53797374656d2e4e65742e4d61696c] [*] [ia] > LibClamAV debug: 1: [536d7470436c69656e74] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.network_smtp_dotNet > LibClamAV debug: load_oneyara: attempting to load network_smtp_raw > LibClamAV debug: load_oneyara: generic string: [MAIL FROM:] => [4d41494c2046524f4d3a] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RCPT TO:] => [5243505420544f3a] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [4d41494c2046524f4d3a] [*] [ia] > LibClamAV debug: 1: [5243505420544f3a] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.network_smtp_raw > LibClamAV debug: load_oneyara: attempting to load network_smtp_vb > LibClamAV debug: load_oneyara: generic string: [CDO.Message] => [43444f2e4d657373616765] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [cdoSMTPServer] => [63646f534d5450536572766572] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [cdoSendUsingMethod] => [63646f53656e645573696e674d6574686f64] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [cdoex.dll] => [63646f65782e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [/cdo/configuration/smtpserver] => [2f63646f2f636f6e66696775726174696f6e2f736d7470736572766572] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [43444f2e4d657373616765] [*] [ia] > LibClamAV debug: 1: [63646f534d5450536572766572] [*] [ia] > LibClamAV debug: 2: [63646f53656e645573696e674d6574686f64] [*] [ia] > LibClamAV debug: 3: [63646f65782e646c6c] [*] [ia] > LibClamAV debug: 4: [2f63646f2f636f6e66696775726174696f6e2f736d7470736572766572] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.network_smtp_vb > LibClamAV debug: load_oneyara: attempting to load network_p2p_win > LibClamAV debug: load_oneyara: generic string: [PeerCollabExportContact] => [50656572436f6c6c61624578706f7274436f6e74616374] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PeerCollabGetApplicationRegistrationInfo] => [50656572436f6c6c61624765744170706c69636174696f6e526567697374726174696f6e496e666f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PeerCollabGetEndpointName] => [50656572436f6c6c6162476574456e64706f696e744e616d65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PeerCollabGetEventData] => [50656572436f6c6c61624765744576656e7444617461] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PeerCollabGetInvitationResponse] => [50656572436f6c6c6162476574496e7669746174696f6e526573706f6e7365] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PeerCollabGetPresenceInfo] => [50656572436f6c6c616247657450726573656e6365496e666f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PeerCollabGetSigninOptions] => [50656572436f6c6c61624765745369676e696e4f7074696f6e73] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PeerCollabInviteContact] => [50656572436f6c6c6162496e76697465436f6e74616374] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PeerCollabInviteEndpoint] => [50656572436f6c6c6162496e76697465456e64706f696e74] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PeerCollabParseContact] => [50656572436f6c6c61625061727365436f6e74616374] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PeerCollabQueryContactData] => [50656572436f6c6c61625175657279436f6e7461637444617461] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PeerCollabRefreshEndpointData] => [50656572436f6c6c616252656672657368456e64706f696e7444617461] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PeerCollabRegisterApplication] => [50656572436f6c6c616252656769737465724170706c69636174696f6e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PeerCollabRegisterEvent] => [50656572436f6c6c616252656769737465724576656e74] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PeerCollabSetEndpointName] => [50656572436f6c6c6162536574456e64706f696e744e616d65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PeerCollabSetObject] => [50656572436f6c6c61625365744f626a656374] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PeerCollabSetPresenceInfo] => [50656572436f6c6c616253657450726573656e6365496e666f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PeerCollabSignout] => [50656572436f6c6c61625369676e6f7574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PeerCollabUnregisterApplication] => [50656572436f6c6c6162556e72656769737465724170706c69636174696f6e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PeerCollabUpdateContact] => [50656572436f6c6c6162557064617465436f6e74616374] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [50656572436f6c6c61624578706f7274436f6e74616374] [*] [a] > LibClamAV debug: 1: [50656572436f6c6c61624765744170706c69636174696f6e526567697374726174696f6e496e666f] [*] [a] > LibClamAV debug: 2: [50656572436f6c6c6162476574456e64706f696e744e616d65] [*] [a] > LibClamAV debug: 3: [50656572436f6c6c61624765744576656e7444617461] [*] [a] > LibClamAV debug: 4: [50656572436f6c6c6162476574496e7669746174696f6e526573706f6e7365] [*] [a] > LibClamAV debug: 5: [50656572436f6c6c616247657450726573656e6365496e666f] [*] [a] > LibClamAV debug: 6: [50656572436f6c6c61624765745369676e696e4f7074696f6e73] [*] [a] > LibClamAV debug: 7: [50656572436f6c6c6162496e76697465436f6e74616374] [*] [a] > LibClamAV debug: 8: [50656572436f6c6c6162496e76697465456e64706f696e74] [*] [a] > LibClamAV debug: 9: [50656572436f6c6c61625061727365436f6e74616374] [*] [a] > LibClamAV debug: 10: [50656572436f6c6c61625175657279436f6e7461637444617461] [*] [a] > LibClamAV debug: 11: [50656572436f6c6c616252656672657368456e64706f696e7444617461] [*] [a] > LibClamAV debug: 12: [50656572436f6c6c616252656769737465724170706c69636174696f6e] [*] [a] > LibClamAV debug: 13: [50656572436f6c6c616252656769737465724576656e74] [*] [a] > LibClamAV debug: 14: [50656572436f6c6c6162536574456e64706f696e744e616d65] [*] [a] > LibClamAV debug: 15: [50656572436f6c6c61625365744f626a656374] [*] [a] > LibClamAV debug: 16: [50656572436f6c6c616253657450726573656e6365496e666f] [*] [a] > LibClamAV debug: 17: [50656572436f6c6c61625369676e6f7574] [*] [a] > LibClamAV debug: 18: [50656572436f6c6c6162556e72656769737465724170706c69636174696f6e] [*] [a] > LibClamAV debug: 19: [50656572436f6c6c6162557064617465436f6e74616374] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.network_p2p_win > LibClamAV debug: load_oneyara: attempting to load network_tor > LibClamAV debug: load_oneyara: generic string: [tor\hidden_service\private_key] => [746f725c68696464656e5f736572766963655c707269766174655f6b6579] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [tor\hidden_service\hostname] => [746f725c68696464656e5f736572766963655c686f73746e616d65] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [tor\lock] => [746f725c6c6f636b] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [tor\state] => [746f725c7374617465] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [746f725c68696464656e5f736572766963655c707269766174655f6b6579] [*] [ia] > LibClamAV debug: 1: [746f725c68696464656e5f736572766963655c686f73746e616d65] [*] [ia] > LibClamAV debug: 2: [746f725c6c6f636b] [*] [ia] > LibClamAV debug: 3: [746f725c7374617465] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.network_tor > LibClamAV debug: load_oneyara: attempting to load network_irc > LibClamAV debug: load_oneyara: generic string: [NICK] => [4e49434b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PING] => [50494e47] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [JOIN] => [4a4f494e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [USER] => [55534552] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [PRIVMSG] => [505249564d5347] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [4e49434b] [*] [a] > LibClamAV debug: 1: [50494e47] [*] [a] > LibClamAV debug: 2: [4a4f494e] [*] [a] > LibClamAV debug: 3: [55534552] [*] [a] > LibClamAV debug: 4: [505249564d5347] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.network_irc > LibClamAV debug: load_oneyara: attempting to load network_http > LibClamAV debug: load_oneyara: generic string: [wininet.dll] => [77696e696e65742e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [InternetConnect] => [496e7465726e6574436f6e6e656374] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [InternetOpen] => [496e7465726e65744f70656e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [InternetOpenUrl] => [496e7465726e65744f70656e55726c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [InternetReadFile] => [496e7465726e65745265616446696c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [InternetWriteFile] => [496e7465726e6574577269746546696c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [HttpOpenRequest] => [487474704f70656e52657175657374] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [HttpSendRequest] => [4874747053656e6452657175657374] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [IdHTTPHeaderInfo] => [496448545450486561646572496e666f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [77696e696e65742e646c6c] [*] [ia] > LibClamAV debug: 1: [496e7465726e6574436f6e6e656374] [*] [a] > LibClamAV debug: 2: [496e7465726e65744f70656e] [*] [a] > LibClamAV debug: 3: [496e7465726e65744f70656e55726c] [*] [a] > LibClamAV debug: 4: [496e7465726e65745265616446696c65] [*] [a] > LibClamAV debug: 5: [496e7465726e6574577269746546696c65] [*] [a] > LibClamAV debug: 6: [487474704f70656e52657175657374] [*] [a] > LibClamAV debug: 7: [4874747053656e6452657175657374] [*] [a] > LibClamAV debug: 8: [496448545450486561646572496e666f] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.network_http > LibClamAV debug: load_oneyara: attempting to load network_dropper > LibClamAV debug: load_oneyara: generic string: [urlmon.dll] => [75726c6d6f6e2e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [URLDownloadToFile] => [55524c446f776e6c6f6164546f46696c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [URLDownloadToCacheFile] => [55524c446f776e6c6f6164546f436163686546696c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [URLOpenStream] => [55524c4f70656e53747265616d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [URLOpenPullStream] => [55524c4f70656e50756c6c53747265616d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [75726c6d6f6e2e646c6c] [*] [ia] > LibClamAV debug: 1: [55524c446f776e6c6f6164546f46696c65] [*] [a] > LibClamAV debug: 2: [55524c446f776e6c6f6164546f436163686546696c65] [*] [a] > LibClamAV debug: 3: [55524c4f70656e53747265616d] [*] [a] > LibClamAV debug: 4: [55524c4f70656e50756c6c53747265616d] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.network_dropper > LibClamAV debug: load_oneyara: attempting to load network_ftp > LibClamAV debug: load_oneyara: generic string: [Wininet.dll] => [57696e696e65742e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FtpGetCurrentDirectory] => [46747047657443757272656e744469726563746f7279] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FtpGetFile] => [46747047657446696c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FtpPutFile] => [46747050757446696c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FtpSetCurrentDirectory] => [46747053657443757272656e744469726563746f7279] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FtpOpenFile] => [4674704f70656e46696c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FtpGetFileSize] => [46747047657446696c6553697a65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FtpDeleteFile] => [46747044656c65746546696c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FtpCreateDirectory] => [4674704372656174654469726563746f7279] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FtpRemoveDirectory] => [46747052656d6f76654469726563746f7279] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FtpRenameFile] => [46747052656e616d6546696c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FtpDownload] => [467470446f776e6c6f6164] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FtpUpload] => [46747055706c6f6164] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FtpGetDirectory] => [4674704765744469726563746f7279] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [57696e696e65742e646c6c] [*] [ia] > LibClamAV debug: 1: [46747047657443757272656e744469726563746f7279] [*] [a] > LibClamAV debug: 2: [46747047657446696c65] [*] [a] > LibClamAV debug: 3: [46747050757446696c65] [*] [a] > LibClamAV debug: 4: [46747053657443757272656e744469726563746f7279] [*] [a] > LibClamAV debug: 5: [4674704f70656e46696c65] [*] [a] > LibClamAV debug: 6: [46747047657446696c6553697a65] [*] [a] > LibClamAV debug: 7: [46747044656c65746546696c65] [*] [a] > LibClamAV debug: 8: [4674704372656174654469726563746f7279] [*] [a] > LibClamAV debug: 9: [46747052656d6f76654469726563746f7279] [*] [a] > LibClamAV debug: 10: [46747052656e616d6546696c65] [*] [a] > LibClamAV debug: 11: [467470446f776e6c6f6164] [*] [a] > LibClamAV debug: 12: [46747055706c6f6164] [*] [a] > LibClamAV debug: 13: [4674704765744469726563746f7279] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.network_ftp > LibClamAV debug: load_oneyara: attempting to load network_tcp_socket > LibClamAV debug: load_oneyara: generic string: [Ws2_32.dll] => [5773325f33322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [wsock32.dll] => [77736f636b33322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [WSASocket] => [575341536f636b6574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [socket] => [736f636b6574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [send] => [73656e64] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [WSASend] => [57534153656e64] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [WSAConnect] => [575341436f6e6e656374] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [connect] => [636f6e6e656374] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [WSAStartup] => [57534153746172747570] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [closesocket] => [636c6f7365736f636b6574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [WSACleanup] => [575341436c65616e7570] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [5773325f33322e646c6c] [*] [ia] > LibClamAV debug: 1: [77736f636b33322e646c6c] [*] [ia] > LibClamAV debug: 2: [575341536f636b6574] [*] [a] > LibClamAV debug: 3: [736f636b6574] [*] [a] > LibClamAV debug: 4: [73656e64] [*] [a] > LibClamAV debug: 5: [57534153656e64] [*] [a] > LibClamAV debug: 6: [575341436f6e6e656374] [*] [a] > LibClamAV debug: 7: [636f6e6e656374] [*] [a] > LibClamAV debug: 8: [57534153746172747570] [*] [a] > LibClamAV debug: 9: [636c6f7365736f636b6574] [*] [a] > LibClamAV debug: 10: [575341436c65616e7570] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.network_tcp_socket > LibClamAV debug: load_oneyara: attempting to load network_dns > LibClamAV debug: load_oneyara: generic string: [System.Net] => [53797374656d2e4e6574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Ws2_32.dll] => [5773325f33322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Dnsapi.dll] => [446e736170692e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [wsock32.dll] => [77736f636b33322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [GetHostEntry] => [476574486f7374456e747279] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [getaddrinfo] => [67657461646472696e666f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [gethostbyname] => [676574686f737462796e616d65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [WSAAsyncGetHostByName] => [5753414173796e63476574486f737442794e616d65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [DnsQuery] => [446e735175657279] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [53797374656d2e4e6574] [*] [a] > LibClamAV debug: 1: [5773325f33322e646c6c] [*] [ia] > LibClamAV debug: 2: [446e736170692e646c6c] [*] [ia] > LibClamAV debug: 3: [77736f636b33322e646c6c] [*] [ia] > LibClamAV debug: 4: [476574486f7374456e747279] [*] [a] > LibClamAV debug: 5: [67657461646472696e666f] [*] [a] > LibClamAV debug: 6: [676574686f737462796e616d65] [*] [a] > LibClamAV debug: 7: [5753414173796e63476574486f737442794e616d65] [*] [a] > LibClamAV debug: 8: [446e735175657279] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.network_dns > LibClamAV debug: load_oneyara: attempting to load network_ssl > LibClamAV debug: load_oneyara: generic string: [ssleay32.dll] => [73736c65617933322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [libeay32.dll] => [6c696265617933322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [libssl32.dll] => [6c696273736c33322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [IdSSLOpenSSL] => [496453534c4f70656e53534c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [73736c65617933322e646c6c] [*] [ia] > LibClamAV debug: 1: [6c696265617933322e646c6c] [*] [ia] > LibClamAV debug: 2: [6c696273736c33322e646c6c] [*] [ia] > LibClamAV debug: 3: [496453534c4f70656e53534c] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.network_ssl > LibClamAV debug: load_oneyara: attempting to load network_dga > LibClamAV debug: load_oneyara: generic string: [Advapi32.dll] => [41647661706933322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [wininet.dll] => [77696e696e65742e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Crypt32.dll] => [437279707433322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SystemTimeToFileTime] => [53797374656d54696d65546f46696c6554696d65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [GetSystemTime] => [47657453797374656d54696d65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [GetSystemTimeAsFileTime] => [47657453797374656d54696d65417346696c6554696d65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [CryptCreateHash] => [437279707443726561746548617368] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [CryptAcquireContext] => [437279707441637175697265436f6e74657874] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [CryptHashData] => [43727970744861736844617461] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [InternetOpen] => [496e7465726e65744f70656e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [InternetOpenUrl] => [496e7465726e65744f70656e55726c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [gethostbyname] => [676574686f737462796e616d65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [getaddrinfo] => [67657461646472696e666f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [41647661706933322e646c6c] [*] [ia] > LibClamAV debug: 1: [77696e696e65742e646c6c] [*] [ia] > LibClamAV debug: 2: [437279707433322e646c6c] [*] [ia] > LibClamAV debug: 3: [53797374656d54696d65546f46696c6554696d65] [*] [a] > LibClamAV debug: 4: [47657453797374656d54696d65] [*] [a] > LibClamAV debug: 5: [47657453797374656d54696d65417346696c6554696d65] [*] [a] > LibClamAV debug: 6: [437279707443726561746548617368] [*] [a] > LibClamAV debug: 7: [437279707441637175697265436f6e74657874] [*] [a] > LibClamAV debug: 8: [43727970744861736844617461] [*] [a] > LibClamAV debug: 9: [496e7465726e65744f70656e] [*] [a] > LibClamAV debug: 10: [496e7465726e65744f70656e55726c] [*] [a] > LibClamAV debug: 11: [676574686f737462796e616d65] [*] [a] > LibClamAV debug: 12: [67657461646472696e666f] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.network_dga > LibClamAV debug: load_oneyara: attempting to load bitcoin > LibClamAV debug: load_oneyara: generic string: [OpenCL.dll] => [4f70656e434c2e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [nvcuda.dll] => [6e76637564612e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [opengl32.dll] => [6f70656e676c33322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [cpuminer 2.2.2X-Mining-Extensions] => [6370756d696e657220322e322e32582d4d696e696e672d457874656e73696f6e73] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [cpuminer 2.2.3X-Mining-Extensions] => [6370756d696e657220322e322e33582d4d696e696e672d457874656e73696f6e73] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Ufasoft bitcoin-miner/0.20] => [556661736f667420626974636f696e2d6d696e65722f302e3230] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [bitcoin] => [626974636f696e] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [stratum] => [7374726174756d] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [4f70656e434c2e646c6c] [*] [ia] > LibClamAV debug: 1: [6e76637564612e646c6c] [*] [ia] > LibClamAV debug: 2: [6f70656e676c33322e646c6c] [*] [ia] > LibClamAV debug: 3: [6370756d696e657220322e322e32582d4d696e696e672d457874656e73696f6e73] [*] [a] > LibClamAV debug: 4: [6370756d696e657220322e322e33582d4d696e696e672d457874656e73696f6e73] [*] [a] > LibClamAV debug: 5: [556661736f667420626974636f696e2d6d696e65722f302e3230] [*] [a] > LibClamAV debug: 6: [626974636f696e] [*] [ia] > LibClamAV debug: 7: [7374726174756d] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.bitcoin > LibClamAV debug: load_oneyara: attempting to load certificate > LibClamAV debug: load_oneyara: generic string: [Crypt32.dll] => [437279707433322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [software\microsoft\systemcertificates\spc\certificates] => [736f6674776172655c6d6963726f736f66745c73797374656d6365727469666963617465735c7370635c636572746966696361746573] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [CertOpenSystemStore] => [436572744f70656e53797374656d53746f7265] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [437279707433322e646c6c] [*] [ia] > LibClamAV debug: 1: [736f6674776172655c6d6963726f736f66745c73797374656d6365727469666963617465735c7370635c636572746966696361746573] [*] [ia] > LibClamAV debug: 2: [436572744f70656e53797374656d53746f7265] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.certificate > LibClamAV debug: load_oneyara: attempting to load escalate_priv > LibClamAV debug: load_oneyara: generic string: [Advapi32.dll] => [41647661706933322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SeDebugPrivilege] => [5365446562756750726976696c656765] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [AdjustTokenPrivileges] => [41646a757374546f6b656e50726976696c65676573] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [41647661706933322e646c6c] [*] [ia] > LibClamAV debug: 1: [5365446562756750726976696c656765] [*] [a] > LibClamAV debug: 2: [41646a757374546f6b656e50726976696c65676573] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.escalate_priv > LibClamAV debug: load_oneyara: attempting to load screenshot > LibClamAV debug: load_oneyara: generic string: [Gdi32.dll] => [47646933322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [User32.dll] => [5573657233322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [BitBlt] => [426974426c74] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [GetDC] => [4765744443] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [47646933322e646c6c] [*] [ia] > LibClamAV debug: 1: [5573657233322e646c6c] [*] [ia] > LibClamAV debug: 2: [426974426c74] [*] [a] > LibClamAV debug: 3: [4765744443] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.screenshot > LibClamAV debug: load_oneyara: attempting to load lookupip > LibClamAV debug: load_oneyara: generic string: [checkip.dyndns.org] => [636865636b69702e64796e646e732e6f7267] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [whatismyip.org] => [7768617469736d7969702e6f7267] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [whatsmyipaddress.com] => [77686174736d796970616464726573732e636f6d] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [getmyip.org] => [6765746d7969702e6f7267] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [getmyip.co.uk] => [6765746d7969702e636f2e756b] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [636865636b69702e64796e646e732e6f7267] [*] [ia] > LibClamAV debug: 1: [7768617469736d7969702e6f7267] [*] [ia] > LibClamAV debug: 2: [77686174736d796970616464726573732e636f6d] [*] [ia] > LibClamAV debug: 3: [6765746d7969702e6f7267] [*] [ia] > LibClamAV debug: 4: [6765746d7969702e636f2e756b] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.lookupip > LibClamAV debug: load_oneyara: attempting to load dyndns > LibClamAV debug: load_oneyara: generic string: [SOFTWARE\Vitalwerks\DUC] => [534f4654574152455c566974616c7765726b735c445543] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [534f4654574152455c566974616c7765726b735c445543] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.dyndns > LibClamAV debug: load_oneyara: attempting to load lookupgeo > LibClamAV debug: load_oneyara: generic string: [j.maxmind.com] => [6a2e6d61786d696e642e636f6d] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [6a2e6d61786d696e642e636f6d] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.lookupgeo > LibClamAV debug: load_oneyara: attempting to load keylogger > LibClamAV debug: load_oneyara: generic string: [User32.dll] => [5573657233322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [GetAsyncKeyState] => [4765744173796e634b65795374617465] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [GetKeyState] => [4765744b65795374617465] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [MapVirtualKey] => [4d61705669727475616c4b6579] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [GetKeyboardType] => [4765744b6579626f61726454797065] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [5573657233322e646c6c] [*] [ia] > LibClamAV debug: 1: [4765744173796e634b65795374617465] [*] [a] > LibClamAV debug: 2: [4765744b65795374617465] [*] [a] > LibClamAV debug: 3: [4d61705669727475616c4b6579] [*] [a] > LibClamAV debug: 4: [4765744b6579626f61726454797065] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.keylogger > LibClamAV debug: load_oneyara: attempting to load cred_local > LibClamAV debug: load_oneyara: generic string: [LsaEnumerateLogonSessions] => [4c7361456e756d65726174654c6f676f6e53657373696f6e73] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SamIConnect] => [53616d49436f6e6e656374] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SamIGetPrivateData] => [53616d494765745072697661746544617461] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SamQueryInformationUse] => [53616d5175657279496e666f726d6174696f6e557365] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [CredEnumerateA] => [43726564456e756d657261746541] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [CredEnumerateW] => [43726564456e756d657261746557] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [software\microsoft\internet account manager] => [736f6674776172655c6d6963726f736f66745c696e7465726e6574206163636f756e74206d616e61676572] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [software\microsoft\identitycrl\creds] => [736f6674776172655c6d6963726f736f66745c6964656e7469747963726c5c6372656473] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Security\Policy\Secrets] => [53656375726974795c506f6c6963795c53656372657473] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [4c7361456e756d65726174654c6f676f6e53657373696f6e73] [*] [a] > LibClamAV debug: 1: [53616d49436f6e6e656374] [*] [a] > LibClamAV debug: 2: [53616d494765745072697661746544617461] [*] [a] > LibClamAV debug: 3: [53616d5175657279496e666f726d6174696f6e557365] [*] [a] > LibClamAV debug: 4: [43726564456e756d657261746541] [*] [a] > LibClamAV debug: 5: [43726564456e756d657261746557] [*] [a] > LibClamAV debug: 6: [736f6674776172655c6d6963726f736f66745c696e7465726e6574206163636f756e74206d616e61676572] [*] [ia] > LibClamAV debug: 7: [736f6674776172655c6d6963726f736f66745c6964656e7469747963726c5c6372656473] [*] [ia] > LibClamAV debug: 8: [53656375726974795c506f6c6963795c53656372657473] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.cred_local > LibClamAV debug: load_oneyara: attempting to load sniff_audio > LibClamAV debug: load_oneyara: generic string: [winmm.dll] => [77696e6d6d2e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [waveInStart] => [77617665496e5374617274] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [waveInReset] => [77617665496e5265736574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [waveInAddBuffer] => [77617665496e416464427566666572] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [waveInOpen] => [77617665496e4f70656e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [waveInClose] => [77617665496e436c6f7365] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [77696e6d6d2e646c6c] [*] [ia] > LibClamAV debug: 1: [77617665496e5374617274] [*] [a] > LibClamAV debug: 2: [77617665496e5265736574] [*] [a] > LibClamAV debug: 3: [77617665496e416464427566666572] [*] [a] > LibClamAV debug: 4: [77617665496e4f70656e] [*] [a] > LibClamAV debug: 5: [77617665496e436c6f7365] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.sniff_audio > LibClamAV debug: load_oneyara: attempting to load cred_ff > LibClamAV debug: load_oneyara: generic string: [signons.sqlite] => [7369676e6f6e732e73716c697465] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [signons3.txt] => [7369676e6f6e73332e747874] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [secmod.db] => [7365636d6f642e6462] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [cert8.db] => [63657274382e6462] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [key3.db] => [6b6579332e6462] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [7369676e6f6e732e73716c697465] [*] [a] > LibClamAV debug: 1: [7369676e6f6e73332e747874] [*] [a] > LibClamAV debug: 2: [7365636d6f642e6462] [*] [a] > LibClamAV debug: 3: [63657274382e6462] [*] [a] > LibClamAV debug: 4: [6b6579332e6462] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.cred_ff > LibClamAV debug: load_oneyara: attempting to load cred_vnc > LibClamAV debug: load_oneyara: generic string: [VNCPassView] => [564e435061737356696577] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [564e435061737356696577] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.cred_vnc > LibClamAV debug: load_oneyara: attempting to load cred_ie7 > LibClamAV debug: load_oneyara: generic string: [Crypt32.dll] => [437279707433322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [CryptUnprotectData] => [4372797074556e70726f7465637444617461] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [abe2869f-9b47-4cd9-a358-c22904dba7f7] => [61626532383639662d396234372d346364392d613335382d633232393034646261376637] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [437279707433322e646c6c] [*] [ia] > LibClamAV debug: 1: [4372797074556e70726f7465637444617461] [*] [a] > LibClamAV debug: 2: [61626532383639662d396234372d346364392d613335382d633232393034646261376637] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.cred_ie7 > LibClamAV debug: load_oneyara: attempting to load sniff_lan > LibClamAV debug: load_oneyara: generic string: [packet.dll] => [7061636b65742e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [npf.sys] => [6e70662e737973] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [wpcap.dll] => [77706361702e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [winpcap.dll] => [77696e706361702e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [7061636b65742e646c6c] [*] [ia] > LibClamAV debug: 1: [6e70662e737973] [*] [ia] > LibClamAV debug: 2: [77706361702e646c6c] [*] [ia] > LibClamAV debug: 3: [77696e706361702e646c6c] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.sniff_lan > LibClamAV debug: load_oneyara: attempting to load migrate_apc > LibClamAV debug: load_oneyara: generic string: [OpenThread] => [4f70656e546872656164] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [QueueUserAPC] => [517565756555736572415043] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [4f70656e546872656164] [*] [a] > LibClamAV debug: 1: [517565756555736572415043] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.migrate_apc > LibClamAV debug: load_oneyara: attempting to load spreading_file > LibClamAV debug: load_oneyara: generic string: [autorun.inf] => [6175746f72756e2e696e66] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [desktop.ini] => [6465736b746f702e696e69] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [desktop.lnk] => [6465736b746f702e6c6e6b] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [6175746f72756e2e696e66] [*] [ia] > LibClamAV debug: 1: [6465736b746f702e696e69] [*] [ia] > LibClamAV debug: 2: [6465736b746f702e6c6e6b] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.spreading_file > LibClamAV debug: load_oneyara: attempting to load spreading_share > LibClamAV debug: load_oneyara: generic string: [netapi32.dll] => [6e657461706933322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [NetShareGetInfo] => [4e65745368617265476574496e666f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [NetShareEnum] => [4e65745368617265456e756d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [6e657461706933322e646c6c] [*] [ia] > LibClamAV debug: 1: [4e65745368617265476574496e666f] [*] [a] > LibClamAV debug: 2: [4e65745368617265456e756d] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.spreading_share > LibClamAV debug: load_oneyara: attempting to load rat_vnc > LibClamAV debug: load_oneyara: generic string: [ultravnc.ini] => [756c747261766e632e696e69] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [StartVNC] => [5374617274564e43] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [StopVNC] => [53746f70564e43] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [756c747261766e632e696e69] [*] [ia] > LibClamAV debug: 1: [5374617274564e43] [*] [a] > LibClamAV debug: 2: [53746f70564e43] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.rat_vnc > LibClamAV debug: load_oneyara: attempting to load rat_rdp > LibClamAV debug: load_oneyara: generic string: [SYSTEM\CurrentControlSet\Control\Terminal Server] => [53595354454d5c43757272656e74436f6e74726f6c5365745c436f6e74726f6c5c5465726d696e616c20536572766572] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [software\microsoft\windows nt\currentversion\terminal server] => [736f6674776172655c6d6963726f736f66745c77696e646f7773206e745c63757272656e7476657273696f6e5c7465726d696e616c20736572766572] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp] => [53595354454d5c43757272656e74436f6e74726f6c5365745c436f6e74726f6c5c5465726d696e616c205365727665725c57696e53746174696f6e735c5244502d546370] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [EnableAdminTSRemote] => [456e61626c6541646d696e545352656d6f7465] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [net start termservice] => [6e6574207374617274207465726d73657276696365] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [sc config termservice start] => [736320636f6e666967207465726d73657276696365207374617274] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [53595354454d5c43757272656e74436f6e74726f6c5365745c436f6e74726f6c5c5465726d696e616c20536572766572] [*] [ia] > LibClamAV debug: 1: [736f6674776172655c6d6963726f736f66745c77696e646f7773206e745c63757272656e7476657273696f6e5c7465726d696e616c20736572766572] [*] [ia] > LibClamAV debug: 2: [53595354454d5c43757272656e74436f6e74726f6c5365745c436f6e74726f6c5c5465726d696e616c205365727665725c57696e53746174696f6e735c5244502d546370] [*] [ia] > LibClamAV debug: 3: [456e61626c6541646d696e545352656d6f7465] [*] [a] > LibClamAV debug: 4: [6e6574207374617274207465726d73657276696365] [*] [a] > LibClamAV debug: 5: [736320636f6e666967207465726d73657276696365207374617274] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.rat_rdp > LibClamAV debug: load_oneyara: attempting to load rat_telnet > LibClamAV debug: load_oneyara: generic string: [software\microsoft\telnetserver] => [736f6674776172655c6d6963726f736f66745c74656c6e6574736572766572] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [736f6674776172655c6d6963726f736f66745c74656c6e6574736572766572] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.rat_telnet > LibClamAV debug: load_oneyara: attempting to load rat_webcam > LibClamAV debug: load_oneyara: generic string: [avicap32.dll] => [61766963617033322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [capCreateCaptureWindow] => [6361704372656174654361707475726557696e646f77] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [61766963617033322e646c6c] [*] [ia] > LibClamAV debug: 1: [6361704372656174654361707475726557696e646f77] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.rat_webcam > LibClamAV debug: load_oneyara: attempting to load check_patchlevel > LibClamAV debug: load_oneyara: generic string: [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix] => [534f4654574152455c4d6963726f736f66745c57696e646f7773204e545c43757272656e7456657273696f6e5c486f74666978] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [534f4654574152455c4d6963726f736f66745c57696e646f7773204e545c43757272656e7456657273696f6e5c486f74666978] [*] [ia] > LibClamAV debug: load_oneyara: successfully loaded YARA.check_patchlevel > LibClamAV debug: load_oneyara: attempting to load win_mutex > LibClamAV debug: load_oneyara: generic string: [CreateMutex] => [4372656174654d75746578] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [4372656174654d75746578] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.win_mutex > LibClamAV debug: load_oneyara: attempting to load win_registry > LibClamAV debug: load_oneyara: generic string: [advapi32.dll] => [61647661706933322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RegQueryValueExA] => [526567517565727956616c7565457841] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RegOpenKeyExA] => [5265674f70656e4b6579457841] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RegCloseKey] => [526567436c6f73654b6579] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RegSetValueExA] => [52656753657456616c7565457841] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RegCreateKeyA] => [5265674372656174654b657941] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RegCloseKey] => [526567436c6f73654b6579] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [61647661706933322e646c6c] [*] [ia] > LibClamAV debug: 1: [526567517565727956616c7565457841] [*] [a] > LibClamAV debug: 2: [5265674f70656e4b6579457841] [*] [a] > LibClamAV debug: 3: [526567436c6f73654b6579] [*] [a] > LibClamAV debug: 4: [52656753657456616c7565457841] [*] [a] > LibClamAV debug: 5: [5265674372656174654b657941] [*] [a] > LibClamAV debug: 6: [526567436c6f73654b6579] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.win_registry > LibClamAV debug: load_oneyara: attempting to load win_token > LibClamAV debug: load_oneyara: generic string: [advapi32.dll] => [61647661706933322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [DuplicateTokenEx] => [4475706c6963617465546f6b656e4578] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [AdjustTokenPrivileges] => [41646a757374546f6b656e50726976696c65676573] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [OpenProcessToken] => [4f70656e50726f63657373546f6b656e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [LookupPrivilegeValueA] => [4c6f6f6b757050726976696c65676556616c756541] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [61647661706933322e646c6c] [*] [ia] > LibClamAV debug: 1: [4475706c6963617465546f6b656e4578] [*] [a] > LibClamAV debug: 2: [41646a757374546f6b656e50726976696c65676573] [*] [a] > LibClamAV debug: 3: [4f70656e50726f63657373546f6b656e] [*] [a] > LibClamAV debug: 4: [4c6f6f6b757050726976696c65676556616c756541] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.win_token > LibClamAV debug: load_oneyara: attempting to load win_private_profile > LibClamAV debug: load_oneyara: generic string: [kernel32.dll] => [6b65726e656c33322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [GetPrivateProfileIntA] => [4765745072697661746550726f66696c65496e7441] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [GetPrivateProfileStringA] => [4765745072697661746550726f66696c65537472696e6741] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [WritePrivateProfileStringA] => [57726974655072697661746550726f66696c65537472696e6741] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [6b65726e656c33322e646c6c] [*] [ia] > LibClamAV debug: 1: [4765745072697661746550726f66696c65496e7441] [*] [a] > LibClamAV debug: 2: [4765745072697661746550726f66696c65537472696e6741] [*] [a] > LibClamAV debug: 3: [57726974655072697661746550726f66696c65537472696e6741] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.win_private_profile > LibClamAV debug: load_oneyara: attempting to load win_files_operation > LibClamAV debug: load_oneyara: generic string: [kernel32.dll] => [6b65726e656c33322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [WriteFile] => [577269746546696c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SetFilePointer] => [53657446696c65506f696e746572] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [WriteFile] => [577269746546696c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ReadFile] => [5265616446696c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [DeleteFileA] => [44656c65746546696c6541] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [CreateFileA] => [43726561746546696c6541] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FindFirstFileA] => [46696e64466972737446696c6541] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [MoveFileExA] => [4d6f766546696c65457841] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FindClose] => [46696e64436c6f7365] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SetFileAttributesA] => [53657446696c654174747269627574657341] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [CopyFile] => [436f707946696c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [6b65726e656c33322e646c6c] [*] [ia] > LibClamAV debug: 1: [577269746546696c65] [*] [a] > LibClamAV debug: 2: [53657446696c65506f696e746572] [*] [a] > LibClamAV debug: 3: [577269746546696c65] [*] [a] > LibClamAV debug: 4: [5265616446696c65] [*] [a] > LibClamAV debug: 5: [44656c65746546696c6541] [*] [a] > LibClamAV debug: 6: [43726561746546696c6541] [*] [a] > LibClamAV debug: 7: [46696e64466972737446696c6541] [*] [a] > LibClamAV debug: 8: [4d6f766546696c65457841] [*] [a] > LibClamAV debug: 9: [46696e64436c6f7365] [*] [a] > LibClamAV debug: 10: [53657446696c654174747269627574657341] [*] [a] > LibClamAV debug: 11: [436f707946696c65] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.win_files_operation > LibClamAV debug: load_oneyara: attempting to load win_hook > LibClamAV debug: load_oneyara: generic string: [user32.dll] => [7573657233322e646c6c] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [UnhookWindowsHookEx] => [556e686f6f6b57696e646f7773486f6f6b4578] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SetWindowsHookExA] => [53657457696e646f7773486f6f6b457841] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [CallNextHookEx] => [43616c6c4e657874486f6f6b4578] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [7573657233322e646c6c] [*] [ia] > LibClamAV debug: 1: [556e686f6f6b57696e646f7773486f6f6b4578] [*] [a] > LibClamAV debug: 2: [53657457696e646f7773486f6f6b457841] [*] [a] > LibClamAV debug: 3: [43616c6c4e657874486f6f6b4578] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.win_hook > LibClamAV debug: load_oneyara: attempting to load vmdetect_misc > LibClamAV debug: load_oneyara: generic string: [VBoxService] => [56426f7853657276696365] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [VBoxTray] => [56426f7854726179] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [SOFTWARE\Oracle\VirtualBox Guest Additions] => [534f4654574152455c4f7261636c655c5669727475616c426f78204775657374204164646974696f6e73] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [SOFTWARE\\Oracle\\VirtualBox Guest Additions] => [534f4654574152455c5c4f7261636c655c5c5669727475616c426f78204775657374204164646974696f6e73] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [wine_get_unix_file_name] => [77696e655f6765745f756e69785f66696c655f6e616d65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vmmouse.sys] => [766d6d6f7573652e737973] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [VMware Virtual IDE Hard Drive] => [564d77617265205669727475616c204944452048617264204472697665] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [SYSTEM\ControlSet001\Services\Disk\Enum] => [53595354454d5c436f6e74726f6c5365743030315c53657276696365735c4469736b5c456e756d] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [SYSTEM\\ControlSet001\\Services\\Disk\\Enum] => [53595354454d5c5c436f6e74726f6c5365743030315c5c53657276696365735c5c4469736b5c5c456e756d] > LibClamAV debug: STRING_IS_NO_CASE yes > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [hgfs.sys] => [686766732e737973] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vmhgfs.sys] => [766d686766732e737973] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [prleth.sys] => [70726c6574682e737973] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [prlfs.sys] => [70726c66732e737973] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [prlmouse.sys] => [70726c6d6f7573652e737973] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [prlvideo.sys] => [70726c766964656f2e737973] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [prl_pv32.sys] => [70726c5f707633322e737973] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vpc-s3.sys] => [7670632d73332e737973] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vmsrvc.sys] => [766d737276632e737973] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vmx86.sys] => [766d7838362e737973] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vmnet.sys] => [766d6e65742e737973] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vmicheartbeat] => [766d6963686561727462656174] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vmicvss] => [766d6963767373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vmicshutdown] => [766d696373687574646f776e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vmicexchange] => [766d696365786368616e6765] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vmci] => [766d6369] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vmdebug] => [766d6465627567] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vmmouse] => [766d6d6f757365] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [VMTools] => [564d546f6f6c73] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [VMMEMCTL] => [564d4d454d43544c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vmware] => [766d77617265] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vmx86] => [766d783836] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vpcbus] => [767063627573] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vpc-s3] => [7670632d7333] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vpcuhub] => [76706375687562] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [msvmmouf] => [6d73766d6d6f7566] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [VBoxMouse] => [56426f784d6f757365] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [VBoxGuest] => [56426f784775657374] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [VBoxSF] => [56426f785346] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [xenevtchn] => [78656e65767463686e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [xennet] => [78656e6e6574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [xennet6] => [78656e6e657436] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [xensvc] => [78656e737663] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [xenvdb] => [78656e766462] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vmware2] => [766d7761726532] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vmount2] => [766d6f756e7432] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vmusrvc] => [766d7573727663] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vmsrvc] => [766d73727663] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vboxservice] => [76626f7873657276696365] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [vboxtray] => [76626f7874726179] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [xenservice] => [78656e73657276696365] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: STRING_IS_WIDE yes > LibClamAV debug: load_oneyara: generic string: [00-05-69] => [30302d30352d3639] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [00:05:69] => [30303a30353a3639] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [00-50-56] => [30302d35302d3536] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [00:50:56] => [30303a35303a3536] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [00-0C-29] => [30302d30432d3239] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [00:0C:29] => [30303a30433a3239] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [00-1C-14] => [30302d31432d3134] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [00:1C:14] => [30303a31433a3134] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [08-00-27] => [30382d30302d3237] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [08:00:27] => [30383a30303a3237] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [56426f7853657276696365] [*] [iwa] > LibClamAV debug: 1: [56426f7854726179] [*] [iwa] > LibClamAV debug: 2: [534f4654574152455c4f7261636c655c5669727475616c426f78204775657374204164646974696f6e73] [*] [iwa] > LibClamAV debug: 3: [534f4654574152455c5c4f7261636c655c5c5669727475616c426f78204775657374204164646974696f6e73] [*] [iwa] > LibClamAV debug: 4: [77696e655f6765745f756e69785f66696c655f6e616d65] [*] [wa] > LibClamAV debug: 5: [766d6d6f7573652e737973] [*] [wa] > LibClamAV debug: 6: [564d77617265205669727475616c204944452048617264204472697665] [*] [wa] > LibClamAV debug: 7: [53595354454d5c436f6e74726f6c5365743030315c53657276696365735c4469736b5c456e756d] [*] [iwa] > LibClamAV debug: 8: [53595354454d5c5c436f6e74726f6c5365743030315c5c53657276696365735c5c4469736b5c5c456e756d] [*] [iwa] > LibClamAV debug: 9: [686766732e737973] [*] [wa] > LibClamAV debug: 10: [766d686766732e737973] [*] [wa] > LibClamAV debug: 11: [70726c6574682e737973] [*] [wa] > LibClamAV debug: 12: [70726c66732e737973] [*] [wa] > LibClamAV debug: 13: [70726c6d6f7573652e737973] [*] [wa] > LibClamAV debug: 14: [70726c766964656f2e737973] [*] [wa] > LibClamAV debug: 15: [70726c5f707633322e737973] [*] [wa] > LibClamAV debug: 16: [7670632d73332e737973] [*] [wa] > LibClamAV debug: 17: [766d737276632e737973] [*] [wa] > LibClamAV debug: 18: [766d7838362e737973] [*] [wa] > LibClamAV debug: 19: [766d6e65742e737973] [*] [wa] > LibClamAV debug: 20: [766d6963686561727462656174] [*] [wa] > LibClamAV debug: 21: [766d6963767373] [*] [wa] > LibClamAV debug: 22: [766d696373687574646f776e] [*] [wa] > LibClamAV debug: 23: [766d696365786368616e6765] [*] [wa] > LibClamAV debug: 24: [766d6369] [*] [wa] > LibClamAV debug: 25: [766d6465627567] [*] [wa] > LibClamAV debug: 26: [766d6d6f757365] [*] [wa] > LibClamAV debug: 27: [564d546f6f6c73] [*] [wa] > LibClamAV debug: 28: [564d4d454d43544c] [*] [wa] > LibClamAV debug: 29: [766d77617265] [*] [wa] > LibClamAV debug: 30: [766d783836] [*] [wa] > LibClamAV debug: 31: [767063627573] [*] [wa] > LibClamAV debug: 32: [7670632d7333] [*] [wa] > LibClamAV debug: 33: [76706375687562] [*] [wa] > LibClamAV debug: 34: [6d73766d6d6f7566] [*] [wa] > LibClamAV debug: 35: [56426f784d6f757365] [*] [wa] > LibClamAV debug: 36: [56426f784775657374] [*] [wa] > LibClamAV debug: 37: [56426f785346] [*] [wa] > LibClamAV debug: 38: [78656e65767463686e] [*] [wa] > LibClamAV debug: 39: [78656e6e6574] [*] [wa] > LibClamAV debug: 40: [78656e6e657436] [*] [wa] > LibClamAV debug: 41: [78656e737663] [*] [wa] > LibClamAV debug: 42: [78656e766462] [*] [wa] > LibClamAV debug: 43: [766d7761726532] [*] [wa] > LibClamAV debug: 44: [766d6f756e7432] [*] [wa] > LibClamAV debug: 45: [766d7573727663] [*] [wa] > LibClamAV debug: 46: [766d73727663] [*] [wa] > LibClamAV debug: 47: [76626f7873657276696365] [*] [wa] > LibClamAV debug: 48: [76626f7874726179] [*] [wa] > LibClamAV debug: 49: [78656e73657276696365] [*] [wa] > LibClamAV debug: 50: [30302d30352d3639] [*] [a] > LibClamAV debug: 51: [30303a30353a3639] [*] [a] > LibClamAV debug: 52: [30302d35302d3536] [*] [a] > LibClamAV debug: 53: [30303a35303a3536] [*] [a] > LibClamAV debug: 54: [30302d30432d3239] [*] [a] > LibClamAV debug: 55: [30303a30433a3239] [*] [a] > LibClamAV debug: 56: [30302d31432d3134] [*] [a] > LibClamAV debug: 57: [30303a31433a3134] [*] [a] > LibClamAV debug: 58: [30382d30302d3237] [*] [a] > LibClamAV debug: 59: [30383a30303a3237] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.vmdetect_misc > LibClamAV Warning: cli_loadyara: failed to parse or load 7 yara rules from file /var/lib/clamav/antidebug_antivm.yar, successfully loaded 92 rules. > LibClamAV debug: cli_loadyara: loaded 92 of 92 yara signatures from /var/lib/clamav/antidebug_antivm.yar > LibClamAV debug: /var/lib/clamav/antidebug_antivm.yar loaded > LibClamAV debug: load_oneyara: attempting to load phoenix_html > LibClamAV debug: load_oneyara: generic string: ['></applet><body id] => [273e3c2f6170706c65743e3c626f6479206964] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [<applet mayscript] => [3c6170706c6574206d6179736372697074] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [/gmi,String.fromCharCode(2] => [2f676d692c537472696e672e66726f6d43686172436f64652832] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [/gmi,' ').replace(/] => [2f676d692c272027292e7265706c616365282f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [pe;i;;.j1s->c] => [70653b693b3b2e6a31732d3e63] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [es4Det] => [657334446574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [<textarea>function] => [3c74657874617265613e66756e6374696f6e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.replace(/] => [2e7265706c616365282f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.jar' code] => [2e6a61722720636f6465] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [;iFc;ft'b)h{s] => [3b6946633b6674276229687b73] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [273e3c2f6170706c65743e3c626f6479206964] [*] [a] > LibClamAV debug: 1: [3c6170706c6574206d6179736372697074] [*] [a] > LibClamAV debug: 2: [2f676d692c537472696e672e66726f6d43686172436f64652832] [*] [a] > LibClamAV debug: 3: [2f676d692c272027292e7265706c616365282f] [*] [a] > LibClamAV debug: 4: [70653b693b3b2e6a31732d3e63] [*] [a] > LibClamAV debug: 5: [657334446574] [*] [a] > LibClamAV debug: 6: [3c74657874617265613e66756e6374696f6e] [*] [a] > LibClamAV debug: 7: [2e7265706c616365282f] [*] [a] > LibClamAV debug: 8: [2e6a61722720636f6465] [*] [a] > LibClamAV debug: 9: [3b6946633b6674276229687b73] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html > LibClamAV debug: load_oneyara: attempting to load phoenix_html10 > LibClamAV debug: load_oneyara: generic string: [pae>crAeahoilL] => [7061653e6372416561686f696c4c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [D11C0002C0069733E60656F6462070D000402DFF200696E] => [4431314330303032433030363937333345363036353646363436323037304430303034303244464632303036393645] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [nbte)bbn] => [6e6274652962626e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [v9o16,0')0B80002328203;)82F00223A216ifA160A262A462(a] => [76396f31362c302729304238303030323332383230333b2938324630303232334132313669664131363041323632413436322861] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0442DFD2E30EC80E42D2E00AC3F3D53C9CAEBFF7E1E805080B044057CB1C0EF7F263DC64E0CBE47C2A21E370EE4A] => [3034343244464432453330454338304534324432453030414333463344353343394341454246463745314538303530383042303434303537434231433045463746323633444336344530434245343743324132314533373045453441] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [;)npeits0e.uvr;][tvr] => [3b296e706569747330652e7576723b5d5b747672] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [433EBE90242003E00C606D04036563435805000102000v020E656wa.i118,0',9F902F282620''C62022646660}{A780232A] => [343333454245393032343230303345303043363036443034303336353633343335383035303030313032303030763032304536353677612e693131382c30272c39463930324632383236323027274336323032323634363636307d7b4137383032333241] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [350;var ysjzyq] => [3335303b7661722079736a7a7971] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [aSmd'lm/t/im.}d.-Ljg,l-] => [61536d64276c6d2f742f696d2e7d642e2d4c6a672c6c2d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0017687F6164706E6967060002008101'2176045ckb] => [30303137363837463631363437303645363936373036303030323030383130312732313736303435636b62] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [63(dcma)nenn869] => [36332864636d61296e656e6e383639] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [').replace(/] => [27292e7265706c616365282f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [xd'c0lrls09sare] => [78642763306c726c73303973617265] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [(]t.(7u(<p] => [285d742e283775283c70] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [d{et;bdBcriYtc:eayF20'F62;23C4AABA3B84FE21C2B0B066C0038B8353AF5C0B4DF8FF43E85FB6F05CEC4080236F3CDE6E] => [647b65743b6264426372695974633a656179463230274636323b3233433441414241334238344645323143324230423036364330303338423833353341463543304234444638464634334538354642364630354345433430383032333646334344453645] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [/var another;</textarea>] => [2f76617220616e6f746865723b3c2f74657874617265613e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Fa527496C62eShHmar(bA,pPec] => [4661353237343936433632655368486d61722862412c70506563] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FaA244A676C,150e62A5B2B61,'2F] => [46614132343441363736432c313530653632413542324236312c273246] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [7061653e6372416561686f696c4c] [*] [a] > LibClamAV debug: 1: [4431314330303032433030363937333345363036353646363436323037304430303034303244464632303036393645] [*] [a] > LibClamAV debug: 2: [6e6274652962626e] [*] [a] > LibClamAV debug: 3: [76396f31362c302729304238303030323332383230333b2938324630303232334132313669664131363041323632413436322861] [*] [a] > LibClamAV debug: 4: [3034343244464432453330454338304534324432453030414333463344353343394341454246463745314538303530383042303434303537434231433045463746323633444336344530434245343743324132314533373045453441] [*] [a] > LibClamAV debug: 5: [3b296e706569747330652e7576723b5d5b747672] [*] [a] > LibClamAV debug: 6: [343333454245393032343230303345303043363036443034303336353633343335383035303030313032303030763032304536353677612e693131382c30272c39463930324632383236323027274336323032323634363636307d7b4137383032333241] [*] [a] > LibClamAV debug: 7: [3335303b7661722079736a7a7971] [*] [a] > LibClamAV debug: 8: [61536d64276c6d2f742f696d2e7d642e2d4c6a672c6c2d] [*] [a] > LibClamAV debug: 9: [30303137363837463631363437303645363936373036303030323030383130312732313736303435636b62] [*] [a] > LibClamAV debug: 10: [36332864636d61296e656e6e383639] [*] [a] > LibClamAV debug: 11: [27292e7265706c616365282f] [*] [a] > LibClamAV debug: 12: [78642763306c726c73303973617265] [*] [a] > LibClamAV debug: 13: [285d742e283775283c70] [*] [a] > LibClamAV debug: 14: [647b65743b6264426372695974633a656179463230274636323b3233433441414241334238344645323143324230423036364330303338423833353341463543304234444638464634334538354642364630354345433430383032333646334344453645] [*] [a] > LibClamAV debug: 15: [2f76617220616e6f746865723b3c2f74657874617265613e] [*] [a] > LibClamAV debug: 16: [4661353237343936433632655368486d61722862412c70506563] [*] [a] > LibClamAV debug: 17: [46614132343441363736432c313530653632413542324236312c273246] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html10 > LibClamAV debug: load_oneyara: attempting to load phoenix_html11 > LibClamAV debug: load_oneyara: generic string: [D'0009F0C6941617C43427A76080001000F47020C606volv99,0,6,] => [4427303030394630433639343136313743343334323741373630383030303130303046343730323043363036766f6c7639392c302c362c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [';)nWd] => [273b296e5764] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [IW'eeCn)s.a9e;0CF300FF379011078E047873754163636960496270486264416455747D69737812060209011301010104D0] => [4957276565436e29732e6139653b3043463330304646333739303131303738453034373837333735343136333633363936303439363237303438363236343431363435353734374436393733373831323036303230393031313330313031303130344430] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [D8D51F5100019006D60667F2E056940170E01010747] => [44384435314635313030303139303036443630363637463245303536393430313730453031303130373437] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [515F2F436WemBh2A4560683aFanoi(utse.o1/f;pistelzi] => [35313546324634333657656d42683241343536303638336146616e6f6928757473652e6f312f663b70697374656c7a69] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [/p(e/oah)FHw'aaarDsnwi-] => [2f7028652f6f616829464877276161617244736e77692d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [COa506u%db10u%1057u%f850u%f500u%0683u%05a8u%0030u%0706u%d300u%585du%38d0u%0080u%5612u'u%A2DdF6u%1M:.] => [434f61353036752564623130752531303537752566383530752566353030752530363833752530356138752530303330752530373036752564333030752535383564752533386430752530303830752535363132752775254132446446367525314d3a2e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [S(yt)Dj] => [5328797429446a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FaA26285325,150e8292A6968,'2F] => [46614132363238353332352c313530653832393241363936382c273246] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0200e{b<0:D>r5d4u%c005u%0028u%251eu%a095u%6028u%0028u%2500u%f7f7u%70d7u%2025u%9008u%08f8u%c607usu%37] => [30323030657b623c303a443e72356434752563303035752530303238752532353165752561303935752536303238752530303238752532353030752566376637752537306437752532303235752539303038752530386638752563363037757375253337] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [(mEtlltopo{{e] => [286d45746c6c746f706f7b7b65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [aSmd'lm/t/im.}d.-Ljg,l-] => [61536d64276c6d2f742f696d2e7d642e2d4c6a672c6c2d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [r)C4snfapfuo}] => [72294334736e66617066756f7d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [').replace(/] => [27292e7265706c616365282f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [A282A5ifA160F2628206(a] => [41323832413569664131363046323632383230362861] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [obn0cf] => [6f626e306366] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [d(i'C)rtr.'pvif)iv1ilW)S((Ltl.)2,0,9;0se] => [6428692743297274722e277076696629697631696c57295328284c746c2e29322c302c393b307365] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [E23s3003476B18703C179396D08B841BC554F11678F0FEB9505FB355E044F33A540F61743738327E32D97D070FA37D87s000] => [45323373333030333437364231383730334331373933393644303842383431424335353446313136373846304645423935303546423335354530343446333341353430463631373433373338333237453332443937443037304641333744383773303030] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [603742E545904575'294E20680,6F902E292A60''E6202A4E6468},e))tep] => [36303337343245353435393034353735273239344532303638302c36463930324532393241363027274536323032413445363436387d2c652929746570] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [4427303030394630433639343136313743343334323741373630383030303130303046343730323043363036766f6c7639392c302c362c] [*] [a] > LibClamAV debug: 1: [273b296e5764] [*] [a] > LibClamAV debug: 2: [4957276565436e29732e6139653b3043463330304646333739303131303738453034373837333735343136333633363936303439363237303438363236343431363435353734374436393733373831323036303230393031313330313031303130344430] [*] [a] > LibClamAV debug: 3: [44384435314635313030303139303036443630363637463245303536393430313730453031303130373437] [*] [a] > LibClamAV debug: 4: [35313546324634333657656d42683241343536303638336146616e6f6928757473652e6f312f663b70697374656c7a69] [*] [a] > LibClamAV debug: 5: [2f7028652f6f616829464877276161617244736e77692d] [*] [a] > LibClamAV debug: 6: [434f61353036752564623130752531303537752566383530752566353030752530363833752530356138752530303330752530373036752564333030752535383564752533386430752530303830752535363132752775254132446446367525314d3a2e] [*] [a] > LibClamAV debug: 7: [5328797429446a] [*] [a] > LibClamAV debug: 8: [46614132363238353332352c313530653832393241363936382c273246] [*] [a] > LibClamAV debug: 9: [30323030657b623c303a443e72356434752563303035752530303238752532353165752561303935752536303238752530303238752532353030752566376637752537306437752532303235752539303038752530386638752563363037757375253337] [*] [a] > LibClamAV debug: 10: [286d45746c6c746f706f7b7b65] [*] [a] > LibClamAV debug: 11: [61536d64276c6d2f742f696d2e7d642e2d4c6a672c6c2d] [*] [a] > LibClamAV debug: 12: [72294334736e66617066756f7d] [*] [a] > LibClamAV debug: 13: [27292e7265706c616365282f] [*] [a] > LibClamAV debug: 14: [41323832413569664131363046323632383230362861] [*] [a] > LibClamAV debug: 15: [6f626e306366] [*] [a] > LibClamAV debug: 16: [6428692743297274722e277076696629697631696c57295328284c746c2e29322c302c393b307365] [*] [a] > LibClamAV debug: 17: [45323373333030333437364231383730334331373933393644303842383431424335353446313136373846304645423935303546423335354530343446333341353430463631373433373338333237453332443937443037304641333744383773303030] [*] [a] > LibClamAV debug: 18: [36303337343245353435393034353735273239344532303638302c36463930324532393241363027274536323032413445363436387d2c652929746570] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html11 > LibClamAV debug: load_oneyara: attempting to load phoenix_html2 > LibClamAV debug: load_oneyara: generic string: [Pec.lilsD)E)i-gonP(mgge.eOmn] => [5065632e6c696c7344294529692d676f6e50286d6767652e654f6d6e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [(trt;oo] => [287472743b6f6f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [aceeC:0h] => [61636565433a3068] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Vubb.oec.n)a.] => [567562622e6f65632e6e29612e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [t;o{(bspd}ci:0OO[g(cfjdh}1sN}ntnrlt;0pwf{-] => [743b6f7b28627370647d63693a304f4f5b672863666a64687d31734e7d6e746e726c743b307077667b2d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [seierb)gMle(}ev;is{(b;ga] => [73656965726229674d6c65287d65763b69737b28623b6761] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [e)}ift] => [65297d696674] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Dud{rt] => [4475647b7274] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [blecroeely}diuFI-] => [626c6563726f65656c797d64697546492d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ttec]tr] => [747465635d7472] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [fSgcso] => [66536763736f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [eig.t)eR{t}aeesbdtbl{1sr)m] => [6569672e742965527b747d61656573626474626c7b317372296d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [).}n,Raa.s] => [292e7d6e2c5261612e73] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [sLtfcb.nrf{Wiantscncad1ac)scb0eo]}Diuu(nar] => [734c746663622e6e72667b5769616e7473636e6361643161632973636230656f5d7d44697575286e6172] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [dxc.,:tfr(ucxRn] => [6478632e2c3a74667228756378526e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [eDnnforbyri(tbmns).[i.ee;dl(aNimp(l(h[u[ti;u)] => [65446e6e666f72627972692874626d6e73292e5b692e65653b646c28614e696d70286c28685b755b74693b7529] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [}tn)i{ebr,_.ns(Nes,,gm(ar.t] => [7d746e29697b6562722c5f2e6e73284e65732c2c676d2861722e74] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [l]it}N(pe3,iaaLds.)lqea:Ps00Hc;[{Euihlc)LiLI] => [6c5d69747d4e287065332c6961614c64732e296c7165613a5073303048633b5b7b457569686c63294c694c49] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [5065632e6c696c7344294529692d676f6e50286d6767652e654f6d6e] [*] [a] > LibClamAV debug: 1: [287472743b6f6f] [*] [a] > LibClamAV debug: 2: [61636565433a3068] [*] [a] > LibClamAV debug: 3: [567562622e6f65632e6e29612e] [*] [a] > LibClamAV debug: 4: [743b6f7b28627370647d63693a304f4f5b672863666a64687d31734e7d6e746e726c743b307077667b2d] [*] [a] > LibClamAV debug: 5: [73656965726229674d6c65287d65763b69737b28623b6761] [*] [a] > LibClamAV debug: 6: [65297d696674] [*] [a] > LibClamAV debug: 7: [4475647b7274] [*] [a] > LibClamAV debug: 8: [626c6563726f65656c797d64697546492d] [*] [a] > LibClamAV debug: 9: [747465635d7472] [*] [a] > LibClamAV debug: 10: [66536763736f] [*] [a] > LibClamAV debug: 11: [6569672e742965527b747d61656573626474626c7b317372296d] [*] [a] > LibClamAV debug: 12: [292e7d6e2c5261612e73] [*] [a] > LibClamAV debug: 13: [734c746663622e6e72667b5769616e7473636e6361643161632973636230656f5d7d44697575286e6172] [*] [a] > LibClamAV debug: 14: [6478632e2c3a74667228756378526e] [*] [a] > LibClamAV debug: 15: [65446e6e666f72627972692874626d6e73292e5b692e65653b646c28614e696d70286c28685b755b74693b7529] [*] [a] > LibClamAV debug: 16: [7d746e29697b6562722c5f2e6e73284e65732c2c676d2861722e74] [*] [a] > LibClamAV debug: 17: [6c5d69747d4e287065332c6961614c64732e296c7165613a5073303048633b5b7b457569686c63294c694c49] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html2 > LibClamAV debug: load_oneyara: attempting to load phoenix_html3 > LibClamAV debug: load_oneyara: generic string: [mtfla/,)asaf)'}] => [6d74666c612f2c296173616629277d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [72267E7C'A3035CFC415DFAAA834B208D8C230FD303E2EFFE386BE05960C588C6E85650746E690C39F706F97DC74349BA134] => [37323236374537432741333033354346433431354446414141383334423230384438433233304644333033453245464645333836424530353936304335383843364538353635303734364536393043333946373036463937444337343334394241313334] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [N'eiui7F6e617e00F145A002645E527BFF264842F877B2FFC1FE84BCC6A50F0305B5B0C36A019F53674FD4D3736C494BD5C2] => [4e276569756937463665363137653030463134354130303236343545353237424646323634383432463837374232464643314645383442434336413530463033303542354230433336413031394635333637344644344433373336433439344244354332] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [lndl}})<>] => [6c6e646c7d7d293c3e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [otodc};b<0:D>r5d4u%c005u%0028u%251eu%a095u%6028u%0028u%2500u%f7f7u%70d7u%2025u%9008u%08f8u%c607usu%3] => [6f746f64637d3b623c303a443e723564347525633030357525303032387525323531657525613039357525363032387525303032387525323530307525663766377525373064377525323032357525393030387525303866387525633630377573752533] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [tuJaboaopb] => [74754a61626f616f7062] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [a(vxf{p'tSowa.i,1NIWm(] => [61287678667b702774536f77612e692c314e49576d28] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [2004et] => [323030346574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [2054sttE5356496478] => [323035347374744535333536343936343738] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [yi%A%%A%%A%%A%Cvld3,5314,004,6211,931,,,011394617,983,1154,5,1,,1,1,13,08,4304,1] => [796925412525412525412525412543766c64332c353331342c3030342c363231312c3933312c2c2c3031313339343631372c3938332c313135342c352c312c2c312c312c31332c30382c343330342c31] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0ovel04ervEeieeem)h))B(ihsAE;u%04b8u%1c08u%0e50u%a000u%1010u%4000u%20afu%0006u%2478u%0020u%1065u%210] => [306f76656c30346572764565696565656d29682929422869687341453b7525303462387525316330387525306535307525613030307525313031307525343030307525323061667525303030367525323437387525303032307525313036357525323130] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [/gmi,String.fromCharCode(2] => [2f676d692c537472696e672e66726f6d43686172436f64652832] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ncBcaocta.ye] => [6e634263616f6374612e7965] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0201010030004A033102090;na] => [30323031303130303330303034413033333130323039303b6e61] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [66u%0(ec'h{iis%%A%%A%%A%%A%frS1,,8187,1,4,11,91516,,61,,10841,1,13,,,11248,01818849,23,,,,791meits0e] => [363675253028656327687b69697325254125254125254125254125667253312c2c383138372c312c342c31312c39313531362c2c36312c2c31303834312c312c31332c2c2c31313234382c30313831383834392c32332c2c2c2c3739316d656974733065] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [D11C0002C0069733E60656F6462070D000402DFF200696E] => [4431314330303032433030363937333345363036353646363436323037304430303034303244464632303036393645] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [810p0y98] => [3831307030793938] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [9,0,e'Fm692E583760] => [392c302c6527466d36393245353833373630] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [57784234633a)(u] => [353737383432333436333361292875] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [6d74666c612f2c296173616629277d] [*] [a] > LibClamAV debug: 1: [37323236374537432741333033354346433431354446414141383334423230384438433233304644333033453245464645333836424530353936304335383843364538353635303734364536393043333946373036463937444337343334394241313334] [*] [a] > LibClamAV debug: 2: [4e276569756937463665363137653030463134354130303236343545353237424646323634383432463837374232464643314645383442434336413530463033303542354230433336413031394635333637344644344433373336433439344244354332] [*] [a] > LibClamAV debug: 3: [6c6e646c7d7d293c3e] [*] [a] > LibClamAV debug: 4: [6f746f64637d3b623c303a443e723564347525633030357525303032387525323531657525613039357525363032387525303032387525323530307525663766377525373064377525323032357525393030387525303866387525633630377573752533] [*] [a] > LibClamAV debug: 5: [74754a61626f616f7062] [*] [a] > LibClamAV debug: 6: [61287678667b702774536f77612e692c314e49576d28] [*] [a] > LibClamAV debug: 7: [323030346574] [*] [a] > LibClamAV debug: 8: [323035347374744535333536343936343738] [*] [a] > LibClamAV debug: 9: [796925412525412525412525412543766c64332c353331342c3030342c363231312c3933312c2c2c3031313339343631372c3938332c313135342c352c312c2c312c312c31332c30382c343330342c31] [*] [a] > LibClamAV debug: 10: [306f76656c30346572764565696565656d29682929422869687341453b7525303462387525316330387525306535307525613030307525313031307525343030307525323061667525303030367525323437387525303032307525313036357525323130] [*] [a] > LibClamAV debug: 11: [2f676d692c537472696e672e66726f6d43686172436f64652832] [*] [a] > LibClamAV debug: 12: [6e634263616f6374612e7965] [*] [a] > LibClamAV debug: 13: [30323031303130303330303034413033333130323039303b6e61] [*] [a] > LibClamAV debug: 14: [363675253028656327687b69697325254125254125254125254125667253312c2c383138372c312c342c31312c39313531362c2c36312c2c31303834312c312c31332c2c2c31313234382c30313831383834392c32332c2c2c2c3739316d656974733065] [*] [a] > LibClamAV debug: 15: [4431314330303032433030363937333345363036353646363436323037304430303034303244464632303036393645] [*] [a] > LibClamAV debug: 16: [3831307030793938] [*] [a] > LibClamAV debug: 17: [392c302c6527466d36393245353833373630] [*] [a] > LibClamAV debug: 18: [353737383432333436333361292875] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html3 > LibClamAV debug: load_oneyara: attempting to load phoenix_html4 > LibClamAV debug: load_oneyara: generic string: [/dr.php] => [2f64722e706870] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => [41414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [launchjnlp] => [6c61756e63686a6e6c70] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA] => [636c7369643a43414645454641432d444543372d303030302d303030302d414243444546464544434241] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [urlmon.dll] => [75726c6d6f6e2e646c6c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [<body>] => [3c626f64793e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ docbase] => [20646f6362617365] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [</html>] => [3c2f68746d6c3e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ classid] => [20636c6173736964] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => [4141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [63AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => [36334141414141414141414141414141414141414141414141414141414141414141] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [</object>] => [3c2f6f626a6563743e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [application/x-java-applet] => [6170706c69636174696f6e2f782d6a6176612d6170706c6574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [java_obj] => [6a6176615f6f626a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [2f64722e706870] [*] [a] > LibClamAV debug: 1: [41414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141] [*] [a] > LibClamAV debug: 2: [6c61756e63686a6e6c70] [*] [a] > LibClamAV debug: 3: [636c7369643a43414645454641432d444543372d303030302d303030302d414243444546464544434241] [*] [a] > LibClamAV debug: 4: [75726c6d6f6e2e646c6c] [*] [a] > LibClamAV debug: 5: [3c626f64793e] [*] [a] > LibClamAV debug: 6: [20646f6362617365] [*] [a] > LibClamAV debug: 7: [3c2f68746d6c3e] [*] [a] > LibClamAV debug: 8: [20636c6173736964] [*] [a] > LibClamAV debug: 9: [4141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141] [*] [a] > LibClamAV debug: 10: [36334141414141414141414141414141414141414141414141414141414141414141] [*] [a] > LibClamAV debug: 11: [3c2f6f626a6563743e] [*] [a] > LibClamAV debug: 12: [6170706c69636174696f6e2f782d6a6176612d6170706c6574] [*] [a] > LibClamAV debug: 13: [6a6176615f6f626a] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html4 > LibClamAV debug: load_oneyara: attempting to load phoenix_html5 > LibClamAV debug: load_oneyara: generic string: [dtesu}] => [64746573757d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [<textarea>function gvgsxoy(gwcqg1){return gwcqg1.replace(/] => [3c74657874617265613e66756e6374696f6e2067766773786f7928677763716731297b72657475726e206777637167312e7265706c616365282f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [v}Ahnhxwet] => [767d41686e6878776574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0125C6BBA2B84F7A1D2940C04C8B7449A40EEB0D14C8003535C0042D75E05F0D7F3E0A7B4E33EB4D8D47119290FC] => [3031323543364242413242383446374131443239343043303443384237343439413430454542304431344338303033353335433030343244373545303546304437463345304137423445333345423444384434373131393239304643] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [a2Fs2325223869e'Fm2873367130] => [61324673323332353232333836396527466d32383733333637313330] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [m0000F0F6E66607C71646F6607000107FA61021F6060(aeWWIN] => [6d303030304630463645363636303743373136343646363630373030303130374641363130323146363036302861655757494e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [)(r>hd1/dNasmd(fpas] => [2928723e6864312f644e61736d642866706173] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [9,0,e'Fm692E583760] => [392c302c6527466d36393245353833373630] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [5ud(dis] => [35756428646973] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [nacmambuntcmi] => [6e61636d616d62756e74636d69] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Fa078597467,1C0e674366871,'2F] => [46613037383539373436372c314330653637343336363837312c273246] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Fa56F386A76,180e828592024,'2F] => [46613536463338364137362c313830653832383539323032342c273246] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [alA)(2avoyOi;ic)t6])teptp,an}tnv0i'fms<uic] => [616c4129283261766f794f693b69632974365d2974657074702c616e7d746e76306927666d733c756963] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [iR'nandee] => [6952276e616e646565] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [('0.aEa-9leal] => [2827302e6145612d396c65616c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [bsD0seF] => [62734430736546] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [t.ck263/6F3a001CE7A2684067F98BEC18B738801EF1F7F7E49A088695050C000865FC38080FE23727E0E8DE9CB53E748472] => [742e636b3236332f3646336130303143453741323638343036374639384245433138423733383830314546314637463745343941303838363935303530433030303836354643333830383046453233373237453045384445394342353345373438343732] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [64746573757d] [*] [a] > LibClamAV debug: 1: [3c74657874617265613e66756e6374696f6e2067766773786f7928677763716731297b72657475726e206777637167312e7265706c616365282f] [*] [a] > LibClamAV debug: 2: [767d41686e6878776574] [*] [a] > LibClamAV debug: 3: [3031323543364242413242383446374131443239343043303443384237343439413430454542304431344338303033353335433030343244373545303546304437463345304137423445333345423444384434373131393239304643] [*] [a] > LibClamAV debug: 4: [61324673323332353232333836396527466d32383733333637313330] [*] [a] > LibClamAV debug: 5: [6d303030304630463645363636303743373136343646363630373030303130374641363130323146363036302861655757494e] [*] [a] > LibClamAV debug: 6: [2928723e6864312f644e61736d642866706173] [*] [a] > LibClamAV debug: 7: [392c302c6527466d36393245353833373630] [*] [a] > LibClamAV debug: 8: [35756428646973] [*] [a] > LibClamAV debug: 9: [6e61636d616d62756e74636d69] [*] [a] > LibClamAV debug: 10: [46613037383539373436372c314330653637343336363837312c273246] [*] [a] > LibClamAV debug: 11: [46613536463338364137362c313830653832383539323032342c273246] [*] [a] > LibClamAV debug: 12: [616c4129283261766f794f693b69632974365d2974657074702c616e7d746e76306927666d733c756963] [*] [a] > LibClamAV debug: 13: [6952276e616e646565] [*] [a] > LibClamAV debug: 14: [2827302e6145612d396c65616c] [*] [a] > LibClamAV debug: 15: [62734430736546] [*] [a] > LibClamAV debug: 16: [742e636b3236332f3646336130303143453741323638343036374639384245433138423733383830314546314637463745343941303838363935303530433030303836354643333830383046453233373237453045384445394342353345373438343732] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html5 > LibClamAV debug: load_oneyara: attempting to load phoenix_html6 > LibClamAV debug: load_oneyara: generic string: [F4B6B2E67)A780A373A633;ast2316363677fa'es6F3635244] => [463442364232453637294137383041333733413633333b617374323331363336333637376661276573364633363335323434] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [piia.a}rneecc.cnuoir] => [706969612e617d726e656563632e636e756f6972] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0448D5A54BE10A5DA628100AC3F3D53C9CAEBFF7E1E805080B044057CB1C0EF7F263DC64E0CBE47C2A21E55E9EA620000106] => [30343438443541353442453130413544413632383130304143334633443533433943414542464637453145383035303830423034343035374342314330454637463236334443363445304342453437433241323145353545394541363230303030313036] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [],enEn..o] => [5d2c656e456e2e2e6f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [o;1()sna] => [6f3b312829736e61] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [(eres(0.,] => [286572657328302e2c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [}fs2he}o.t] => [7d66733268657d6f2e74] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [f'u>jisch3;)Ie)C'eO] => [6627753e6a69736368333b294965294327654f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [refhiacei] => [726566686961636569] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0026632528(sCE7A2684067F98BEC1s00000F512Fm286631666] => [30303236363332353238287343453741323638343036374639384245433173303030303046353132466d323836363331363636] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vev%80b4u%ee18u%28b8u%2617u%5c08u%0e50u%a000u%9006u%76efu%b1cbu%ba2fu%6850u%0524u%9720u%f70<}1msa950] => [766576253830623475256565313875253238623875253236313775253563303875253065353075256130303075253930303675253736656675256231636275256261326675253638353075253035323475253937323075256637303c7d316d7361393530] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [pdu,xziien,ie] => [7064752c787a6969656e2c6965] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [rr)l;.)vr.nbl] => [7272296c3b2e2976722e6e626c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ii)ruccs)1e] => [6969297275636373293165] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [F30476737930anD<tAhnhxwet] => [463330343736373337393330616e443c7441686e6878776574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [)yf{(ee..erneef] => [2979667b2865652e2e65726e656566] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ieiiXuMkCSwetEet] => [6965696958754d6b4353776574456574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [F308477E7A7itme] => [463330383437374537413769746d65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [463442364232453637294137383041333733413633333b617374323331363336333637376661276573364633363335323434] [*] [a] > LibClamAV debug: 1: [706969612e617d726e656563632e636e756f6972] [*] [a] > LibClamAV debug: 2: [30343438443541353442453130413544413632383130304143334633443533433943414542464637453145383035303830423034343035374342314330454637463236334443363445304342453437433241323145353545394541363230303030313036] [*] [a] > LibClamAV debug: 3: [5d2c656e456e2e2e6f] [*] [a] > LibClamAV debug: 4: [6f3b312829736e61] [*] [a] > LibClamAV debug: 5: [286572657328302e2c] [*] [a] > LibClamAV debug: 6: [7d66733268657d6f2e74] [*] [a] > LibClamAV debug: 7: [6627753e6a69736368333b294965294327654f] [*] [a] > LibClamAV debug: 8: [726566686961636569] [*] [a] > LibClamAV debug: 9: [30303236363332353238287343453741323638343036374639384245433173303030303046353132466d323836363331363636] [*] [a] > LibClamAV debug: 10: [766576253830623475256565313875253238623875253236313775253563303875253065353075256130303075253930303675253736656675256231636275256261326675253638353075253035323475253937323075256637303c7d316d7361393530] [*] [a] > LibClamAV debug: 11: [7064752c787a6969656e2c6965] [*] [a] > LibClamAV debug: 12: [7272296c3b2e2976722e6e626c] [*] [a] > LibClamAV debug: 13: [6969297275636373293165] [*] [a] > LibClamAV debug: 14: [463330343736373337393330616e443c7441686e6878776574] [*] [a] > LibClamAV debug: 15: [2979667b2865652e2e65726e656566] [*] [a] > LibClamAV debug: 16: [6965696958754d6b4353776574456574] [*] [a] > LibClamAV debug: 17: [463330383437374537413769746d65] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html6 > LibClamAV debug: load_oneyara: attempting to load phoenix_html7 > LibClamAV debug: load_oneyara: generic string: [EBF0a0001B05D266503046C7A491A0C00044F0002035D0D0twl''WIN] => [45424630613030303142303544323636353033303436433741343931413043303030343446303030323033354430443074776c272757494e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ah80672528657] => [61683830363732353238363537] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [n);tctt)Eltc(Dj] => [6e293b7463747429456c746328446a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [;cnt2<tEf] => [3b636e74323c744566] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [iwkne){bvfvgzg5] => [69776b6e65297b62766676677a6735] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [..'an{ea-Ect'8-huJ.)/l'/tCaaa}<Ct95l] => [2e2e27616e7b65612d45637427382d68754a2e292f6c272f74436161617d3c437439356c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: ['WIWhaFtF662F6577IseFe427347637] => [27574957686146744636363246363537374973654665343237333437363337] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ddTh75e{] => [646454683735657b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Ae'n,,9] => [4165276e2c2c39] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [%E7E3Vemtyi] => [254537453356656d747969] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [cf'treran] => [63662774726572616e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ncBcaocta.ye] => [6e634263616f6374612e7965] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [)'0,p8k] => [2927302c70386b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0;{tc4F}c;eptdpduoCuuedPl80evD] => [303b7b746334467d633b657074647064756f4375756564506c3830657644] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [iq,q,Nd(nccfr'Bearc'nBtpw] => [69712c712c4e64286e63636672274265617263276e42747077] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [;)npeits0e.uvhF$I'] => [3b296e706569747330652e75766846244927] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [nvasai0.-] => [6e7661736169302e2d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [lmzv'is'] => [6c6d7a7627697327] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [45424630613030303142303544323636353033303436433741343931413043303030343446303030323033354430443074776c272757494e] [*] [a] > LibClamAV debug: 1: [61683830363732353238363537] [*] [a] > LibClamAV debug: 2: [6e293b7463747429456c746328446a] [*] [a] > LibClamAV debug: 3: [3b636e74323c744566] [*] [a] > LibClamAV debug: 4: [69776b6e65297b62766676677a6735] [*] [a] > LibClamAV debug: 5: [2e2e27616e7b65612d45637427382d68754a2e292f6c272f74436161617d3c437439356c] [*] [a] > LibClamAV debug: 6: [27574957686146744636363246363537374973654665343237333437363337] [*] [a] > LibClamAV debug: 7: [646454683735657b] [*] [a] > LibClamAV debug: 8: [4165276e2c2c39] [*] [a] > LibClamAV debug: 9: [254537453356656d747969] [*] [a] > LibClamAV debug: 10: [63662774726572616e] [*] [a] > LibClamAV debug: 11: [6e634263616f6374612e7965] [*] [a] > LibClamAV debug: 12: [2927302c70386b] [*] [a] > LibClamAV debug: 13: [303b7b746334467d633b657074647064756f4375756564506c3830657644] [*] [a] > LibClamAV debug: 14: [69712c712c4e64286e63636672274265617263276e42747077] [*] [a] > LibClamAV debug: 15: [3b296e706569747330652e75766846244927] [*] [a] > LibClamAV debug: 16: [6e7661736169302e2d] [*] [a] > LibClamAV debug: 17: [6c6d7a7627697327] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html7 > LibClamAV debug: load_oneyara: attempting to load phoenix_html8 > LibClamAV debug: load_oneyara: generic string: [0x5)).replace(/] => [30783529292e7265706c616365282f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [%A%%A%%nc(,145,9,84037,1711,,4121,56,1,,0505,,651,,3,514101,01,29,7868,90] => [254125254125256e63282c3134352c392c38343033372c313731312c2c343132312c35362c312c2c303530352c2c3635312c2c332c3531343130312c30312c32392c373836382c3930] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [/gmi,String.fromCharCode(2] => [2f676d692c537472696e672e66726f6d43686172436f64652832] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [turt;oo)s] => [747572743b6f6f2973] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [91;var jtdpar] => [39313b766172206a7464706172] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [R(,13,7,63,48140601,5057,,319,,6,1,1,2,,110,0,1011171,2319,,,,10vEAs)tfmneyeh%A%%A%%A%%A%s<u91,4693,] => [52282c31332c372c36332c34383134303630312c353035372c2c3331392c2c362c312c312c322c2c3131302c302c313031313137312c323331392c2c2c2c3130764541732974666d6e65796568254125254125254125254125733c7539312c343639332c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [y%%A%%A%%A%%A.meo21117,7,1,,10,1,9,8,1,9,100,6,141003,74181,163,441114,43,207,,remc'ut] => [792525412525412525412525412e6d656f32313131372c372c312c2c31302c312c392c382c312c392c3130302c362c3134313030332c37343138312c3136332c3434313131342c34332c3230372c2c72656d63277574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [epjtjqe){jtdpar] => [65706a746a7165297b6a7464706172] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [/gmi,'] => [2f676d692c27] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [<font></font><body id] => [3c666f6e743e3c2f666f6e743e3c626f6479206964] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ epjtjqe; fqczi > 0; fqczi--){for (bwjmgl7 ] => [2065706a746a71653b206671637a69203e20303b206671637a692d2d297b666f72202862776a6d676c3720] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [nbte)bb(egs%A%%A%%A%%A%%m] => [6e62746529626228656773254125254125254125254125256d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [fvC9614165,,,1,1801151030,,0,,487641114,,1,141,914810036,,888,201te.)'etdc:ysaA%%A%%A%%A%%5sao,61,0,] => [667643393631343136352c2c2c312c313830313135313033302c2c302c2c3438373634313131342c2c312c3134312c3931343831303033362c2c3838382c32303174652e2927657464633a7973614125254125254125254125253573616f2c36312c302c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [(tiAmrd{/tnA%%A%%A%%A%%Aiin11,,1637,34191,626958314,11007,,61145,411,7,9,1821,,43,8311,26;d'ebt.dyvs] => [287469416d72647b2f746e4125254125254125254125254169696e31312c2c313633372c33343139312c3632363935383331342c31313030372c2c36313134352c3431312c372c392c313832312c2c34332c383331312c32363b64276562742e64797673] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [A%%A%%A%%Ao] => [412525412525412525416f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [hrksywd(cpkwisk4);/] => [68726b737977642863706b7769736b34293b2f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [;</script>] => [3b3c2f7363726970743e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [30783529292e7265706c616365282f] [*] [a] > LibClamAV debug: 1: [254125254125256e63282c3134352c392c38343033372c313731312c2c343132312c35362c312c2c303530352c2c3635312c2c332c3531343130312c30312c32392c373836382c3930] [*] [a] > LibClamAV debug: 2: [2f676d692c537472696e672e66726f6d43686172436f64652832] [*] [a] > LibClamAV debug: 3: [747572743b6f6f2973] [*] [a] > LibClamAV debug: 4: [39313b766172206a7464706172] [*] [a] > LibClamAV debug: 5: [52282c31332c372c36332c34383134303630312c353035372c2c3331392c2c362c312c312c322c2c3131302c302c313031313137312c323331392c2c2c2c3130764541732974666d6e65796568254125254125254125254125733c7539312c343639332c] [*] [a] > LibClamAV debug: 6: [792525412525412525412525412e6d656f32313131372c372c312c2c31302c312c392c382c312c392c3130302c362c3134313030332c37343138312c3136332c3434313131342c34332c3230372c2c72656d63277574] [*] [a] > LibClamAV debug: 7: [65706a746a7165297b6a7464706172] [*] [a] > LibClamAV debug: 8: [2f676d692c27] [*] [a] > LibClamAV debug: 9: [3c666f6e743e3c2f666f6e743e3c626f6479206964] [*] [a] > LibClamAV debug: 10: [2065706a746a71653b206671637a69203e20303b206671637a692d2d297b666f72202862776a6d676c3720] [*] [a] > LibClamAV debug: 11: [6e62746529626228656773254125254125254125254125256d] [*] [a] > LibClamAV debug: 12: [667643393631343136352c2c2c312c313830313135313033302c2c302c2c3438373634313131342c2c312c3134312c3931343831303033362c2c3838382c32303174652e2927657464633a7973614125254125254125254125253573616f2c36312c302c] [*] [a] > LibClamAV debug: 13: [287469416d72647b2f746e4125254125254125254125254169696e31312c2c313633372c33343139312c3632363935383331342c31313030372c2c36313134352c3431312c372c392c313832312c2c34332c383331312c32363b64276562742e64797673] [*] [a] > LibClamAV debug: 14: [412525412525412525416f] [*] [a] > LibClamAV debug: 15: [68726b737977642863706b7769736b34293b2f] [*] [a] > LibClamAV debug: 16: [3b3c2f7363726970743e] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html8 > LibClamAV debug: load_oneyara: attempting to load phoenix_html9 > LibClamAV debug: load_oneyara: generic string: [tute)bbr:] => [74757465296262723a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [nfho(tghRx] => [6e66686f287467685278] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [()irfE/Rt..cOcC] => [2829697266452f52742e2e634f6343] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [NcEnevbf] => [4e63456e65766266] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [63FB8B4296BBC290A0.'0000079'Fh20216B6A6arA;<] => [3633464238423432393642424332393041302e27303030303037392746683230323136423641366172413b3c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [wHe(cLnyeyet(a.i,r.{..] => [77486528634c6e796579657428612e692c722e7b2e2e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [tute)bbdfiiix'bcr] => [7475746529626264666969697827626372] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [itifdf)d1L2f'asau%d004u%8e00u%0419u%a58du%2093u%ec10u%0050u%00d4u%4622u%bcd1u%b1ceu%5000u%f7f5u%5606] => [6974696664662964314c326627617361752564303034752538653030752530343139752561353864752532303933752565633130752530303530752530306434752534363232752562636431752562316365752535303030752566376635752535363036] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [2F4693529783'82F076676C38'te] => [32463436393335323937383327383246303736363736433338277465] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [sm(teoeoi)cfh))pihnipeeeo}.,(.((] => [736d2874656f656f692963666829297069686e69706565656f7d2e2c282e2828] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ao)ntavlll{))ynlcoix}hiN.il'tes1ad)bm;] => [616f296e7461766c6c6c7b2929796e6c636f69787d68694e2e696c2774657331616429626d3b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [i)}m0f(eClei(/te] => [69297d6d30662865436c6569282f7465] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [}aetsc] => [7d6165747363] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [irefnig.pT] => [697265666e69672e7054] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [a0mrIif/tbne,(wsk,] => [61306d724969662f74626e652c2877736b2c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [500F14B06000000630E6B72636F60632C6E711C6E762E646F147F44767F650A0804061901020009006B120005A2006L] => [353030463134423036303030303030363330453642373236333646363036333243364537313143364537363245363436463134374634343736374636353041303830343036313930313032303030393030364231323030303541323030364c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [.hB.Csf)ddeSs] => [2e68422e437366296464655373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [tnne,IPd4Le] => [746e6e652c495064344c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [hMdarc'nBtpw] => [684d64617263276e42747077] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [74757465296262723a] [*] [a] > LibClamAV debug: 1: [6e66686f287467685278] [*] [a] > LibClamAV debug: 2: [2829697266452f52742e2e634f6343] [*] [a] > LibClamAV debug: 3: [4e63456e65766266] [*] [a] > LibClamAV debug: 4: [3633464238423432393642424332393041302e27303030303037392746683230323136423641366172413b3c] [*] [a] > LibClamAV debug: 5: [77486528634c6e796579657428612e692c722e7b2e2e] [*] [a] > LibClamAV debug: 6: [7475746529626264666969697827626372] [*] [a] > LibClamAV debug: 7: [6974696664662964314c326627617361752564303034752538653030752530343139752561353864752532303933752565633130752530303530752530306434752534363232752562636431752562316365752535303030752566376635752535363036] [*] [a] > LibClamAV debug: 8: [32463436393335323937383327383246303736363736433338277465] [*] [a] > LibClamAV debug: 9: [736d2874656f656f692963666829297069686e69706565656f7d2e2c282e2828] [*] [a] > LibClamAV debug: 10: [616f296e7461766c6c6c7b2929796e6c636f69787d68694e2e696c2774657331616429626d3b] [*] [a] > LibClamAV debug: 11: [69297d6d30662865436c6569282f7465] [*] [a] > LibClamAV debug: 12: [7d6165747363] [*] [a] > LibClamAV debug: 13: [697265666e69672e7054] [*] [a] > LibClamAV debug: 14: [61306d724969662f74626e652c2877736b2c] [*] [a] > LibClamAV debug: 15: [353030463134423036303030303030363330453642373236333646363036333243364537313143364537363245363436463134374634343736374636353041303830343036313930313032303030393030364231323030303541323030364c] [*] [a] > LibClamAV debug: 16: [2e68422e437366296464655373] [*] [a] > LibClamAV debug: 17: [746e6e652c495064344c65] [*] [a] > LibClamAV debug: 18: [684d64617263276e42747077] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html9 > LibClamAV debug: load_oneyara: attempting to load phoenix_jar > LibClamAV debug: load_oneyara: generic string: [r.JM,IM] => [722e4a4d2c494d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [qX$8$a] => [715824382461] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/services/javax.sound.midi.spi.MidiDeviceProvider5] => [4d4554412d494e462f73657276696365732f6a617661782e736f756e642e6d6964692e7370692e4d69646944657669636550726f766964657235] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [a.classPK] => [612e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [6;\Q]Q] => [363b5c515d51] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [h[s] X] => [685b735d2058] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ToolsDemoSubClass.classPK] => [546f6f6c7344656d6f537562436c6173732e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [a.class] => [612e636c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/MANIFEST.MFPK] => [4d4554412d494e462f4d414e49464553542e4d46504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ToolsDemoSubClass.classeO] => [546f6f6c7344656d6f537562436c6173732e636c617373654f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/services/javax.sound.midi.spi.MidiDeviceProviderPK] => [4d4554412d494e462f73657276696365732f6a617661782e736f756e642e6d6964692e7370692e4d69646944657669636550726f7669646572504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [722e4a4d2c494d] [*] [a] > LibClamAV debug: 1: [715824382461] [*] [a] > LibClamAV debug: 2: [4d4554412d494e462f73657276696365732f6a617661782e736f756e642e6d6964692e7370692e4d69646944657669636550726f766964657235] [*] [a] > LibClamAV debug: 3: [612e636c617373504b] [*] [a] > LibClamAV debug: 4: [363b5c515d51] [*] [a] > LibClamAV debug: 5: [685b735d2058] [*] [a] > LibClamAV debug: 6: [546f6f6c7344656d6f537562436c6173732e636c617373504b] [*] [a] > LibClamAV debug: 7: [612e636c617373] [*] [a] > LibClamAV debug: 8: [4d4554412d494e462f4d414e49464553542e4d46504b] [*] [a] > LibClamAV debug: 9: [546f6f6c7344656d6f537562436c6173732e636c617373654f] [*] [a] > LibClamAV debug: 10: [4d4554412d494e462f73657276696365732f6a617661782e736f756e642e6d6964692e7370692e4d69646944657669636550726f7669646572504b] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_jar > LibClamAV debug: load_oneyara: attempting to load phoenix_jar2 > LibClamAV debug: load_oneyara: generic string: [a66d578f084.classeQ] => [61363664353738663038342e636c6173736551] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [a4cb9b1a8a5.class] => [61346362396231613861352e636c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [)szNu\MutK] => [29737a4e755c4d75744b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [qCCwBU] => [714343774255] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/MANIFEST.MF] => [4d4554412d494e462f4d414e49464553542e4d46] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [QR,GOX] => [51522c474f58] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ab5601d4848.classmT] => [61623536303164343834382e636c6173736d54] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [a6a7a760c0e[] => [61366137613736306330655b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [2ZUK[L] => [325a554b5b4c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [2VT(Au5] => [32565428417535] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [a6a7a760c0ePK] => [6136613761373630633065504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [aa79d1019d8.class] => [61613739643130313964382e636c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [aa79d1019d8.classPK] => [61613739643130313964382e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/MANIFEST.MFPK] => [4d4554412d494e462f4d414e49464553542e4d46504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ab5601d4848.classPK] => [61623536303164343834382e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [61363664353738663038342e636c6173736551] [*] [a] > LibClamAV debug: 1: [61346362396231613861352e636c617373] [*] [a] > LibClamAV debug: 2: [29737a4e755c4d75744b] [*] [a] > LibClamAV debug: 3: [714343774255] [*] [a] > LibClamAV debug: 4: [4d4554412d494e462f4d414e49464553542e4d46] [*] [a] > LibClamAV debug: 5: [51522c474f58] [*] [a] > LibClamAV debug: 6: [61623536303164343834382e636c6173736d54] [*] [a] > LibClamAV debug: 7: [61366137613736306330655b] [*] [a] > LibClamAV debug: 8: [325a554b5b4c] [*] [a] > LibClamAV debug: 9: [32565428417535] [*] [a] > LibClamAV debug: 10: [6136613761373630633065504b] [*] [a] > LibClamAV debug: 11: [61613739643130313964382e636c617373] [*] [a] > LibClamAV debug: 12: [61613739643130313964382e636c617373504b] [*] [a] > LibClamAV debug: 13: [4d4554412d494e462f4d414e49464553542e4d46504b] [*] [a] > LibClamAV debug: 14: [61623536303164343834382e636c617373504b] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_jar2 > LibClamAV debug: load_oneyara: attempting to load phoenix_jar3 > LibClamAV debug: load_oneyara: generic string: ['> >$>] => [273e203e243e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [bpac/PK] => [627061632f504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [bpac/purok$1.classmP]K] => [627061632f7075726f6b24312e636c6173736d505d4b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [bpac/KAVS.classmQ] => [627061632f4b4156532e636c6173736d51] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: ['n n$n] => [276e206e246e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [bpac/purok$1.classPK] => [627061632f7075726f6b24312e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [$.4aX,Gt<] => [242e3461582c47743c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [bpac/KAVS.classPK] => [627061632f4b4156532e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [bpac/b.classPK] => [627061632f622e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [bpac/b.class] => [627061632f622e636c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [273e203e243e] [*] [a] > LibClamAV debug: 1: [627061632f504b] [*] [a] > LibClamAV debug: 2: [627061632f7075726f6b24312e636c6173736d505d4b] [*] [a] > LibClamAV debug: 3: [627061632f4b4156532e636c6173736d51] [*] [a] > LibClamAV debug: 4: [276e206e246e] [*] [a] > LibClamAV debug: 5: [627061632f7075726f6b24312e636c617373504b] [*] [a] > LibClamAV debug: 6: [242e3461582c47743c] [*] [a] > LibClamAV debug: 7: [627061632f4b4156532e636c617373504b] [*] [a] > LibClamAV debug: 8: [627061632f622e636c617373504b] [*] [a] > LibClamAV debug: 9: [627061632f622e636c617373] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_jar3 > LibClamAV debug: load_oneyara: attempting to load phoenix_pdf > LibClamAV debug: load_oneyara: generic string: [0000000254 00000 n] => [30303030303030323534203030303030206e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0000000295 00000 n] => [30303030303030323935203030303030206e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [trailer<</Root 1 0 R /Size 7>>] => [747261696c65723c3c2f526f6f74203120302052202f53697a6520373e3e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0000000000 65535 f] => [303030303030303030302036353533352066] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [3 0 obj<</JavaScript 5 0 R >>endobj] => [332030206f626a3c3c2f4a617661536372697074203520302052203e3e656e646f626a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0000000120 00000 n] => [30303030303030313230203030303030206e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [%PDF-1.0] => [255044462d312e30] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [startxref] => [737461727478726566] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0000000068 00000 n] => [30303030303030303638203030303030206e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [endobjxref] => [656e646f626a78726566] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [)6 0 R ]>>endobj] => [293620302052205d3e3e656e646f626a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0000000010 00000 n] => [30303030303030303130203030303030206e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [30303030303030323534203030303030206e] [*] [a] > LibClamAV debug: 1: [30303030303030323935203030303030206e] [*] [a] > LibClamAV debug: 2: [747261696c65723c3c2f526f6f74203120302052202f53697a6520373e3e] [*] [a] > LibClamAV debug: 3: [303030303030303030302036353533352066] [*] [a] > LibClamAV debug: 4: [332030206f626a3c3c2f4a617661536372697074203520302052203e3e656e646f626a] [*] [a] > LibClamAV debug: 5: [30303030303030313230203030303030206e] [*] [a] > LibClamAV debug: 6: [255044462d312e30] [*] [a] > LibClamAV debug: 7: [737461727478726566] [*] [a] > LibClamAV debug: 8: [30303030303030303638203030303030206e] [*] [a] > LibClamAV debug: 9: [656e646f626a78726566] [*] [a] > LibClamAV debug: 10: [293620302052205d3e3e656e646f626a] [*] [a] > LibClamAV debug: 11: [30303030303030303130203030303030206e] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_pdf > LibClamAV debug: load_oneyara: attempting to load phoenix_pdf2 > LibClamAV debug: load_oneyara: generic string: [\nQb<%] => [5c6e51623c25] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0000000254 00000 n] => [30303030303030323534203030303030206e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [:S3>v0$EF] => [3a53333e7630244546] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [trailer<</Root 1 0 R /Size 7>>] => [747261696c65723c3c2f526f6f74203120302052202f53697a6520373e3e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [%PDF-1.0] => [255044462d312e30] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0000000000 65535 f] => [303030303030303030302036353533352066] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [endstream] => [656e6473747265616d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0000000010 00000 n] => [30303030303030303130203030303030206e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [6 0 obj<</JS 7 0 R/S/JavaScript>>endobj] => [362030206f626a3c3c2f4a532037203020522f532f4a6176615363726970743e3e656e646f626a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [3 0 obj<</JavaScript 5 0 R >>endobj] => [332030206f626a3c3c2f4a617661536372697074203520302052203e3e656e646f626a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [}pr2IE] => [7d7072324945] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0000000157 00000 n] => [30303030303030313537203030303030206e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [1 0 obj<</Type/Catalog/Pages 2 0 R /Names 3 0 R >>endobj] => [312030206f626a3c3c2f547970652f436174616c6f672f5061676573203220302052202f4e616d6573203320302052203e3e656e646f626a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [5 0 obj<</Names[(] => [352030206f626a3c3c2f4e616d65735b28] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [5c6e51623c25] [*] [a] > LibClamAV debug: 1: [30303030303030323534203030303030206e] [*] [a] > LibClamAV debug: 2: [3a53333e7630244546] [*] [a] > LibClamAV debug: 3: [747261696c65723c3c2f526f6f74203120302052202f53697a6520373e3e] [*] [a] > LibClamAV debug: 4: [255044462d312e30] [*] [a] > LibClamAV debug: 5: [303030303030303030302036353533352066] [*] [a] > LibClamAV debug: 6: [656e6473747265616d] [*] [a] > LibClamAV debug: 7: [30303030303030303130203030303030206e] [*] [a] > LibClamAV debug: 8: [362030206f626a3c3c2f4a532037203020522f532f4a6176615363726970743e3e656e646f626a] [*] [a] > LibClamAV debug: 9: [332030206f626a3c3c2f4a617661536372697074203520302052203e3e656e646f626a] [*] [a] > LibClamAV debug: 10: [7d7072324945] [*] [a] > LibClamAV debug: 11: [30303030303030313537203030303030206e] [*] [a] > LibClamAV debug: 12: [312030206f626a3c3c2f547970652f436174616c6f672f5061676573203220302052202f4e616d6573203320302052203e3e656e646f626a] [*] [a] > LibClamAV debug: 13: [352030206f626a3c3c2f4e616d65735b28] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_pdf2 > LibClamAV debug: load_oneyara: attempting to load phoenix_pdf3 > LibClamAV debug: load_oneyara: generic string: [trailer<</Root 1 0 R /Size 7>>] => [747261696c65723c3c2f526f6f74203120302052202f53697a6520373e3e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [stream] => [73747265616d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [;_oI5z] => [3b5f6f49357a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0000000010 00000 n] => [30303030303030303130203030303030206e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [3 0 obj<</JavaScript 5 0 R >>endobj] => [332030206f626a3c3c2f4a617661536372697074203520302052203e3e656e646f626a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [7 0 obj<</Filter[ /FlateDecode /ASCIIHexDecode /ASCII85Decode ]/Length 3324>>] => [372030206f626a3c3c2f46696c7465725b202f466c6174654465636f6465202f41534349494865784465636f6465202f415343494938354465636f6465205d2f4c656e67746820333332343e3e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [endobjxref] => [656e646f626a78726566] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [L%}gE(] => [4c257d674528] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0000000157 00000 n] => [30303030303030313537203030303030206e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [1 0 obj<</Type/Catalog/Pages 2 0 R /Names 3 0 R >>endobj] => [312030206f626a3c3c2f547970652f436174616c6f672f5061676573203220302052202f4e616d6573203320302052203e3e656e646f626a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0000000120 00000 n] => [30303030303030313230203030303030206e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [4 0 obj<</Type/Page/Parent 2 0 R /Contents 12 0 R>>endobj] => [342030206f626a3c3c2f547970652f506167652f506172656e74203220302052202f436f6e74656e7473203132203020523e3e656e646f626a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [747261696c65723c3c2f526f6f74203120302052202f53697a6520373e3e] [*] [a] > LibClamAV debug: 1: [73747265616d] [*] [a] > LibClamAV debug: 2: [3b5f6f49357a] [*] [a] > LibClamAV debug: 3: [30303030303030303130203030303030206e] [*] [a] > LibClamAV debug: 4: [332030206f626a3c3c2f4a617661536372697074203520302052203e3e656e646f626a] [*] [a] > LibClamAV debug: 5: [372030206f626a3c3c2f46696c7465725b202f466c6174654465636f6465202f41534349494865784465636f6465202f415343494938354465636f6465205d2f4c656e67746820333332343e3e] [*] [a] > LibClamAV debug: 6: [656e646f626a78726566] [*] [a] > LibClamAV debug: 7: [4c257d674528] [*] [a] > LibClamAV debug: 8: [30303030303030313537203030303030206e] [*] [a] > LibClamAV debug: 9: [312030206f626a3c3c2f547970652f436174616c6f672f5061676573203220302052202f4e616d6573203320302052203e3e656e646f626a] [*] [a] > LibClamAV debug: 10: [30303030303030313230203030303030206e] [*] [a] > LibClamAV debug: 11: [342030206f626a3c3c2f547970652f506167652f506172656e74203220302052202f436f6e74656e7473203132203020523e3e656e646f626a] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_pdf3 > LibClamAV debug: cli_loadyara: loaded 17 of 17 yara signatures from /var/lib/clamav/EK_Phoenix.yar > LibClamAV debug: /var/lib/clamav/EK_Phoenix.yar loaded > LibClamAV debug: hashtab.c:Growing hashtable 0x7f282b7ed330, because it has exceeded maxfill, old size:256 > LibClamAV debug: hashtab.c: new capacity: 512 > LibClamAV debug: Table 0x7f282b7ed330 size after grow:512 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f282b7ed330, because it has exceeded maxfill, old size:512 > LibClamAV debug: hashtab.c: new capacity: 1024 > LibClamAV debug: Table 0x7f282b7ed330 size after grow:1024 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f282b7ed330, because it has exceeded maxfill, old size:1024 > LibClamAV debug: hashtab.c: new capacity: 2048 > LibClamAV debug: Table 0x7f282b7ed330 size after grow:2048 > LibClamAV debug: /var/lib/clamav/rogue.hdb loaded > LibClamAV debug: /var/lib/clamav/malwarepatrol.db loaded > LibClamAV debug: load_oneyara: attempting to load blackhole2_jar > LibClamAV debug: load_oneyara: generic string: [k0/3;N] => [6b302f333b4e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [g:WlY0] => [673a576c5930] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [(ww6Ou] => [287777364f75] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SOUGX[] => [534f5547585b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [7X2ANb] => [375832414e62] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [r8L<;zYH)] => [72384c3c3b7a594829] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [fbeatbea/fbeatbee.classPK] => [66626561746265612f66626561746265652e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [fbeatbea/fbeatbec.class] => [66626561746265612f66626561746265632e636c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [fbeatbea/fbeatbef.class] => [66626561746265612f66626561746265662e636c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [fbeatbea/fbeatbef.classPK] => [66626561746265612f66626561746265662e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [fbeatbea/fbeatbea.class] => [66626561746265612f66626561746265612e636c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [fbeatbea/fbeatbeb.classPK] => [66626561746265612f66626561746265622e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [nOJh-2] => [6e4f4a682d32] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [[af:Fr] => [5b61663a4672] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [6b302f333b4e] [*] [a] > LibClamAV debug: 1: [673a576c5930] [*] [a] > LibClamAV debug: 2: [287777364f75] [*] [a] > LibClamAV debug: 3: [534f5547585b] [*] [a] > LibClamAV debug: 4: [375832414e62] [*] [a] > LibClamAV debug: 5: [72384c3c3b7a594829] [*] [a] > LibClamAV debug: 6: [66626561746265612f66626561746265652e636c617373504b] [*] [a] > LibClamAV debug: 7: [66626561746265612f66626561746265632e636c617373] [*] [a] > LibClamAV debug: 8: [66626561746265612f66626561746265662e636c617373] [*] [a] > LibClamAV debug: 9: [66626561746265612f66626561746265662e636c617373504b] [*] [a] > LibClamAV debug: Ignoring signature Win.Trojan.Agent-590271 > LibClamAV debug: Ignoring signature Win.Trojan.Nuker-30 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-609913 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-618373 > LibClamAV debug: Ignoring signature Win.Adware.Gator-75 > LibClamAV debug: Ignoring signature Win.Trojan.4301523-1 > LibClamAV debug: Ignoring signature Win.Trojan.Genome-3632 > LibClamAV debug: Ignoring signature Win.Trojan.Mumawow-2 > LibClamAV debug: Ignoring signature Win.Trojan.DsBot-282 > LibClamAV debug: Ignoring signature Win.Trojan.Swrort-5596 > LibClamAV debug: Ignoring signature Win.Trojan.Swrort-6067 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-724797 > LibClamAV debug: Ignoring signature Win.Trojan.Startpage-4118 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-2873 > LibClamAV debug: Ignoring signature Win.Trojan.DsBot-308 > LibClamAV debug: Ignoring signature Win.Trojan.Pepatch-122 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-767396 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-773127 > LibClamAV debug: Ignoring signature Win.Trojan.Spy-817 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-782294 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-785674 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-825770 > LibClamAV debug: Ignoring signature Win.Trojan.Gothicobfus-1 > LibClamAV debug: Ignoring signature Win.Trojan.Firewallbypass-65 > LibClamAV debug: Ignoring signature Win.Trojan.Newrest-290 > LibClamAV debug: Ignoring signature Win.Trojan.Rootkit-9712 > LibClamAV debug: Ignoring signature Win.Trojan.Nuker-45 > LibClamAV debug: Ignoring signature Win.Trojan.Tftpd-2 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-939893 > LibClamAV debug: Ignoring signature Win.Trojan.Riskware-16 > LibClamAV debug: Ignoring signature Win.Trojan.3635180-1 > LibClamAV debug: Ignoring signature Win.Trojan.9273975-1 > LibClamAV debug: Ignoring signature Win.Trojan.3933176-1 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-980323 > LibClamAV debug: Ignoring signature Win.Trojan.Anserin-4 > LibClamAV debug: Ignoring signature Win.Trojan.Riskware-20 > LibClamAV debug: Ignoring signature Win.Trojan.17013-3 > LibClamAV debug: Ignoring signature Win.Trojan.Frethog-59 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1010155 > LibClamAV debug: Ignoring signature Win.Trojan.Slugin-112 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1014848 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1014855 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1020873 > LibClamAV debug: Ignoring signature Win.Trojan.Rootkit-10771 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1024818 > LibClamAV debug: Ignoring signature Win.Trojan.6968321-1 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-3922 > LibClamAV debug: Ignoring signature Win.Trojan.Enistery-3 > LibClamAV debug: Ignoring signature Win.Trojan.Viking-481 > LibClamAV debug: Ignoring signature Win.Trojan.8527159-1 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1067770 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1072185 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-4050 > LibClamAV debug: Ignoring signature Win.Trojan.Startpage-6340 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1084956 > LibClamAV debug: Ignoring signature Win.Adware.Downware-561 > LibClamAV debug: Ignoring signature Win.Trojan.5776118-1 > LibClamAV debug: Ignoring signature Win.Trojan.Remotekill-1 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1106167 > LibClamAV debug: hashtab.c:Growing hashtable 0x7f2820239870, because it has exceeded maxfill, old size:131072 > LibClamAV debug: hashtab.c: new capacity: 262144 > LibClamAV debug: Table 0x7f2820239870 size after grow:262144 > LibClamAV debug: Ignoring signature Win.Trojan.8886870-1 > LibClamAV debug: Ignoring signature Win.Trojan.Fakesmoke-50 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1129593 > LibClamAV debug: Ignoring signature Win.Trojan.Mabezat-3844 > LibClamAV debug: Ignoring signature Win.Trojan.Dropped-1581 > LibClamAV debug: Ignoring signature Win.Trojan.Processhijack-15 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1138635 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1138771 > LibClamAV debug: Ignoring signature Win.Worm.Agent-1139475 > LibClamAV debug: Ignoring signature Win.Trojan.Genome-10670 > LibClamAV debug: Ignoring signature Win.Trojan.11441326-1 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1144337 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1144564 > LibClamAV debug: Ignoring signature Win.Worm.Chir-545 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1152248 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1154787 > LibClamAV debug: Ignoring signature Win.Trojan.7900563-1 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1156402 > LibClamAV debug: Ignoring signature Win.Worm.Tenga-35 > LibClamAV debug: Ignoring signature Win.Worm.Chir-598 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1163304 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1168763 > LibClamAV debug: Ignoring signature Win.Trojan.Tufik-124 > LibClamAV debug: Ignoring signature Win.Trojan.Generickd-908 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1199814 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1222162 > LibClamAV debug: Ignoring signature Win.Trojan.Loadmoney-5415 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1223960 > LibClamAV debug: Ignoring signature Win.Trojan.Dropped-1664 > LibClamAV debug: Ignoring signature Win.Trojan.Alman-45 > LibClamAV debug: Ignoring signature Win.Trojan.9156163-1 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1232407 > LibClamAV debug: Ignoring signature Win.Worm.532209-1 > LibClamAV debug: Ignoring signature Win.Worm.530490-1 > LibClamAV debug: Ignoring signature Win.Worm.Runouce-267 > LibClamAV debug: Ignoring signature Win.Worm.Tenga-58 > LibClamAV debug: Ignoring signature Win.Trojan.Dropped-1685 > LibClamAV debug: Ignoring signature Win.Worm.Chir-1223 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1249645 > LibClamAV debug: Ignoring signature Win.Worm.Whiteice-61 > LibClamAV debug: Ignoring signature Win.Trojan.Rozena-1089 > LibClamAV debug: Ignoring signature Win.Trojan.Autoit-1906 > LibClamAV debug: Ignoring signature Win.Trojan.Dropped-1752 > LibClamAV debug: Ignoring signature Win.Worm.Chir-1467 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1273624 > LibClamAV debug: Ignoring signature Win.Trojan.Generickd-2462 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1276168 > LibClamAV debug: Ignoring signature Win.Worm.Runouce-381 > LibClamAV debug: Ignoring signature Win.Worm.Chir-1530 > LibClamAV debug: Ignoring signature Win.Trojan.14499797-1 > LibClamAV debug: Ignoring signature Win.Trojan.Vbkrypt-30182 > LibClamAV debug: Ignoring signature Win.Trojan.Swrort-16715 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1301681 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1302583 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1306183 > LibClamAV debug: Ignoring signature Win.Trojan.Dropped-1848 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1306315 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5231 > LibClamAV debug: Ignoring signature Win.Worm.Agent-1312039 > LibClamAV debug: Ignoring signature Win.Trojan.11668576-1 > LibClamAV debug: Ignoring signature Win.Trojan.Kazy-7316 > LibClamAV debug: Ignoring signature Win.Trojan.12593112-1 > LibClamAV debug: Ignoring signature Win.Worm.Chir-1905 > LibClamAV debug: Ignoring signature Win.Worm.Tenga-89 > LibClamAV debug: Ignoring signature Win.Worm.Chir-1993 > LibClamAV debug: Ignoring signature Win.Worm.Agent-1331081 > LibClamAV debug: Ignoring signature Win.Trojan.Fileinfector-97 > LibClamAV debug: Ignoring signature Win.Worm.Chir-2025 > LibClamAV debug: Ignoring signature Win.Worm.Whiteice-91 > LibClamAV debug: Ignoring signature Win.Worm.Chir-2031 > LibClamAV debug: Ignoring signature Win.Worm.Nimda-39 > LibClamAV debug: Ignoring signature Win.Trojan.Virtob-1297 > LibClamAV debug: Ignoring signature Win.Worm.Chir-2074 > LibClamAV debug: Ignoring signature Win.Trojan.Slugin-316 > LibClamAV debug: Ignoring signature Win.Trojan.Diple-8382 > LibClamAV debug: Ignoring signature Win.Trojan.Parite-530 > LibClamAV debug: Ignoring signature Win.Trojan.Alman-114 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5426 > LibClamAV debug: Ignoring signature Win.Trojan.Dropped-1960 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1344331 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5512 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5590 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5591 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5592 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5593 > LibClamAV debug: Ignoring signature Win.Trojan.Viking-3356 > LibClamAV debug: Ignoring signature Win.Trojan.Fraudload-8017 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5647 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5672 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5695 > LibClamAV debug: Ignoring signature Win.Trojan.Parite-674 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5726 > LibClamAV debug: Ignoring signature Win.Trojan.Virtob-1500 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5813 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5863 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5864 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5877 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5878 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5879 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5880 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-5923 > LibClamAV debug: Ignoring signature Win.Trojan.Nimnul-23 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1347036 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6073 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1347060 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6098 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6161 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6191 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6201 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6255 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6256 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6318 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6319 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6365 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6366 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6385 > LibClamAV debug: Ignoring signature Win.Trojan.Virtob-1580 > LibClamAV debug: Ignoring signature Win.Trojan.Parite-1025 > LibClamAV debug: Ignoring signature Win.Trojan.Parite-1034 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6543 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6678 > LibClamAV debug: Ignoring signature Win.Trojan.Otwycal-167 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6726 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6881 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6882 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6930 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-6997 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-7001 > LibClamAV debug: Ignoring signature Win.Trojan.Virtob-1624 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-7035 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-7122 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-7165 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-7182 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1350021 > LibClamAV debug: Ignoring signature Win.Trojan.Virtob-1648 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1350111 > LibClamAV debug: Ignoring signature Win.Worm.Nimda-51 > LibClamAV debug: Ignoring signature Win.Worm.Chir-2253 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-7248 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-7249 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-7250 > LibClamAV debug: Ignoring signature Win.Worm.Tenga-147 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-7388 > LibClamAV debug: Ignoring signature Win.Trojan.Coinminer-8 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1362785 > LibClamAV debug: Ignoring signature Win.Adware.Swiftbrowse-2068 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-1363354 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-7457 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-7471 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-7472 > LibClamAV debug: Ignoring signature Win.Worm.Tenga-154 > LibClamAV debug: Ignoring signature Win.Trojan.Adload-7736 > LibClamAV debug: Ignoring signature Win.Worm.Chir-2349 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-7498 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-7521 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-7522 > LibClamAV debug: Ignoring signature Win.Trojan.Ramnit-7523 > LibClamAV debug: Ignoring signature Win.Adware.Agent-1368128 > LibClamAV debug: Ignoring signature Win.Worm.Tenga-160 > LibClamAV debug: Ignoring signature Win.Worm.Runouce-1007 > LibClamAV debug: Ignoring signature Win.Trojan.Pagipef-7 > LibClamAV debug: Ignoring signature Win.Worm.Runouce-1011 > LibClamAV debug: Ignoring signature Win.Worm.Chir-2423 > LibClamAV debug: main.mdb loaded > LibClamAV debug: main.msb loaded > LibClamAV debug: Ignoring signature Win.Trojan.URLspoof-2 > LibClamAV debug: Ignoring signature Win.Trojan.LoveLetter-1 > LibClamAV debug: Ignoring signature Win.Trojan.Dialer-77 > LibClamAV debug: Ignoring signature Win.Trojan.Eddie-4 > LibClamAV debug: Ignoring signature Win.Joke.Scr-1 > LibClamAV debug: Ignoring signature Win.Trojan.Plastique2900-1 > LibClamAV debug: Ignoring signature Win.Trojan.Violetta-8 > LibClamAV debug: Ignoring signature Win.Trojan.Perelett-1 > LibClamAV debug: Ignoring signature Win.Worm.PWS-4 > LibClamAV debug: Ignoring signature Win.Trojan.Junkie-6 > LibClamAV debug: Ignoring signature Html.Exploit.MHTRedir-7 > LibClamAV debug: Ignoring signature Win.Trojan.Agent-31289 > LibClamAV debug: Ignoring signature Win.Trojan.Qhost-66 > LibClamAV debug: Ignoring signature Win.Trojan.Concept-26 > LibClamAV debug: Ignoring signature Html.Phishing.Bank-541 > LibClamAV debug: Ignoring signature Html.Phishing.Pay-187 > LibClamAV debug: Ignoring signature Email.Trojan.Foolball-3 > LibClamAV debug: Ignoring signature Doc.Trojan.Marker-34 > LibClamAV debug: Ignoring signature Win.Trojan.Dropper-78 > LibClamAV debug: Ignoring signature Win.Adware.BHO-91 > LibClamAV debug: Ignoring signature Win.Trojan.Delete-2 > LibClamAV debug: Ignoring signature Win.Trojan.Drop-2 > LibClamAV debug: Ignoring signature Win.Trojan.Autoit-136 > LibClamAV debug: Ignoring signature Html.Phishing.Bank-184 > LibClamAV debug: Ignoring signature Win.Exploit.Iframe-9 > LibClamAV debug: Ignoring signature Win.Trojan.Virut-54 > LibClamAV debug: Ignoring signature Win.Trojan.Virut-247 > LibClamAV debug: Ignoring signature Win.Trojan.Virut-249 > LibClamAV debug: Ignoring signature Win.Trojan.Virut-370 > LibClamAV debug: Ignoring signature Win.Trojan.Virut-371 > LibClamAV debug: Ignoring signature Win.Trojan.Virut-372 > LibClamAV debug: Ignoring signature Win.Worm.VB-1081 > LibClamAV debug: Ignoring signature Win.Trojan.Shutdown-13 > LibClamAV debug: Ignoring signature Win.Trojan.CMDFlood-1 > LibClamAV debug: Ignoring signature Win.Trojan.CMDFlood-2 > LibClamAV debug: Ignoring signature Win.Trojan.Qhost-154 > LibClamAV debug: Ignoring signature Win.Trojan.CVE_2005_1342-1 > LibClamAV debug: Ignoring signature Html.Trojan.XSSShell-1 > LibClamAV debug: Ignoring signature Pdf.Exploit.Dropped-80 > LibClamAV debug: Ignoring signature Pdf.Exploit.Dropped-82 > LibClamAV debug: Ignoring signature Win.Exploit.Alpha_Upper_JS-1 > LibClamAV debug: Ignoring signature Email.Trojan.Trojan-927 > LibClamAV debug: Ignoring signature Win.Trojan.Peed-433 > LibClamAV debug: Ignoring signature Email.Trojan.Trojan-995 > LibClamAV debug: Ignoring signature Win.Exploit.CVE_2012_1856-1 > LibClamAV debug: Ignoring signature Win.Trojan.NCX-1 > LibClamAV debug: Ignoring signature Andr.Trojan.FakeiMessage-1 > LibClamAV debug: Ignoring signature Html.Exploit.Himan-1 > LibClamAV debug: Ignoring signature Win.Trojan.Tuxido-1 > LibClamAV debug: Ignoring signature Win.Adware.Multiplug-3 > LibClamAV debug: Ignoring signature Php.Trojan.MSShellcode-78 > LibClamAV debug: Ignoring signature Swf.Exploit.CVE_2015_0322-1 > LibClamAV debug: Ignoring signature Win.Exploit.CVE_2015_0076-1 > LibClamAV debug: Ignoring signature Rtf.Exploit.CVE_2015_1649-1 > LibClamAV debug: Ignoring signature Win.Exploit.CVE_2012_1436-1 > LibClamAV debug: Ignoring signature Win.Adware.Somoto-13 > LibClamAV debug: Ignoring signature Swf.Exploit.CVE_2015_5556-2 > LibClamAV debug: Ignoring signature Osx.Adware.MacCleaner-5577275-0 > LibClamAV debug: main.ndb loaded > LibClamAV debug: hashtab.c:Growing hashtable 0x7f2822c42650, because it has exceeded maxfill, old size:1024 > LibClamAV debug: hashtab.c: new capacity: 2048 > LibClamAV debug: Table 0x7f2822c42650 size after grow:2048 > LibClamAV debug: main.fp loaded > LibClamAV debug: main.sfp loaded > LibClamAV debug: Number of certs: 4 > LibClamAV debug: main.crb loaded > LibClamAV debug: in cli_tgzload_cleanup() > LibClamAV debug: /var/lib/clamav/main.cvd loaded > LibClamAV debug: /var/lib/clamav/foxhole_filename.cdb loaded > LibClamAV debug: /var/lib/clamav/rfxn.hdb loaded > LibClamAV debug: load_oneyara: attempting to load zerox88_js2 > LibClamAV debug: load_oneyara: generic string: [function gSH() {] => [66756e6374696f6e206753482829207b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [200 HEIGHT] => [32303020484549474854] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: ['sh.js'><\/SCRIPT>] => [2773682e6a73273e3c5c2f5343524950543e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ 2 - 26;] => [2032202d2032363b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [<IFRAME ID] => [3c494652414d45204944] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [,100);] => [2c313030293b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [200></IFRAME>] => [3230303e3c2f494652414d453e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [setTimeout(] => [73657454696d656f757428] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: ['about:blank' WIDTH] => [2761626f75743a626c616e6b27205749445448] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [mf.document.write(] => [6d662e646f63756d656e742e777269746528] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [document.write(] => [646f63756d656e742e777269746528] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Kasper ] => [4b617370657220] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [66756e6374696f6e206753482829207b] [*] [a] > LibClamAV debug: 1: [32303020484549474854] [*] [a] > LibClamAV debug: 2: [2773682e6a73273e3c5c2f5343524950543e] [*] [a] > LibClamAV debug: 3: [2032202d2032363b] [*] [a] > LibClamAV debug: 4: [3c494652414d45204944] [*] [a] > LibClamAV debug: 5: [2c313030293b] [*] [a] > LibClamAV debug: 6: [3230303e3c2f494652414d453e] [*] [a] > LibClamAV debug: 7: [73657454696d656f757428] [*] [a] > LibClamAV debug: 8: [2761626f75743a626c616e6b27205749445448] [*] [a] > LibClamAV debug: 9: [6d662e646f63756d656e742e777269746528] [*] [a] > LibClamAV debug: 10: [646f63756d656e742e777269746528] [*] [a] > LibClamAV debug: 11: [4b617370657220] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.zerox88_js2 > LibClamAV debug: load_oneyara: attempting to load zerox88_js3 > LibClamAV debug: load_oneyara: generic string: [ new ActiveXObject(szHTTP); ] => [206e657720416374697665584f626a65637428737a48545450293b20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ Csa2;] => [20437361323b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [var ADO ] => [7661722041444f20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ new ActiveXObject(szOx88);] => [206e657720416374697665584f626a65637428737a4f783838293b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ unescape(] => [20756e65736361706528] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [/test.exe] => [2f746573742e657865] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ szEtYij;] => [20737a457459696a3b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [var HTTP ] => [766172204854545020] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [%41%44%4F%44%42%2E] => [253431253434253446253434253432253245] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [%4D%65%64%69%61] => [253444253635253634253639253631] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [var szSRjq] => [76617220737a53526a71] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [%43%3A%5C%5C%50%72%6F%67%72%61%6D] => [253433253341253543253543253530253732253646253637253732253631253644] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [var METHOD ] => [766172204d4554484f4420] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ADO.Mode ] => [41444f2e4d6f646520] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [%61%79%65%72] => [253631253739253635253732] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [%2E%58%4D%4C%48%54%54%50] => [253245253538253444253443253438253534253534253530] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ 7 - 6; HTTP.Open(METHOD, szURL, i-3); ] => [2037202d20363b20485454502e4f70656e284d4554484f442c20737a55524c2c20692d33293b20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [206e657720416374697665584f626a65637428737a48545450293b20] [*] [a] > LibClamAV debug: 1: [20437361323b] [*] [a] > LibClamAV debug: 2: [7661722041444f20] [*] [a] > LibClamAV debug: 3: [206e657720416374697665584f626a65637428737a4f783838293b] [*] [a] > LibClamAV debug: 4: [20756e65736361706528] [*] [a] > LibClamAV debug: 5: [2f746573742e657865] [*] [a] > LibClamAV debug: 6: [20737a457459696a3b] [*] [a] > LibClamAV debug: 7: [766172204854545020] [*] [a] > LibClamAV debug: 8: [253431253434253446253434253432253245] [*] [a] > LibClamAV debug: 9: [253444253635253634253639253631] [*] [a] > LibClamAV debug: 10: [76617220737a53526a71] [*] [a] > LibClamAV debug: 11: [253433253341253543253543253530253732253646253637253732253631253644] [*] [a] > LibClamAV debug: 12: [766172204d4554484f4420] [*] [a] > LibClamAV debug: 13: [41444f2e4d6f646520] [*] [a] > LibClamAV debug: 14: [253631253739253635253732] [*] [a] > LibClamAV debug: 15: [253245253538253444253443253438253534253534253530] [*] [a] > LibClamAV debug: 16: [2037202d20363b20485454502e4f70656e284d4554484f442c20737a55524c2c20692d33293b20] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.zerox88_js3 > LibClamAV debug: cli_loadyara: loaded 2 of 2 yara signatures from /var/lib/clamav/EK_Zerox88.yar > LibClamAV debug: /var/lib/clamav/EK_Zerox88.yar loaded > LibClamAV debug: /var/lib/clamav/bofhland_malware_attach.hdb loaded > LibClamAV debug: /var/lib/clamav/securiteinfoandroid.hdb loaded > LibClamAV debug: load_oneyara: attempting to load eleonore_jar > LibClamAV debug: load_oneyara: generic string: [r.JM,IM] => [722e4a4d2c494d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [dev/s/DyesyasZ.classPK] => [6465762f732f447965737961735a2e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [k4kjRv] => [6b346b6a5276] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [dev/s/LoaderX.class}V[t] => [6465762f732f4c6f61646572582e636c6173737d565b74] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [dev/s/PK] => [6465762f732f504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Hsz6%y] => [48737a362579] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/MANIFEST.MF] => [4d4554412d494e462f4d414e49464553542e4d46] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [dev/PK] => [6465762f504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [dev/s/AdgredY.class] => [6465762f732f416467726564592e636c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [dev/s/DyesyasZ.class] => [6465762f732f447965737961735a2e636c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [dev/s/LoaderX.classPK] => [6465762f732f4c6f61646572582e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [eS0L5d] => [6553304c3564] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [8E{4ON] => [38457b344f4e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [722e4a4d2c494d] [*] [a] > LibClamAV debug: 1: [6465762f732f447965737961735a2e636c617373504b] [*] [a] > LibClamAV debug: 2: [6b346b6a5276] [*] [a] > LibClamAV debug: 3: [6465762f732f4c6f61646572582e636c6173737d565b74] [*] [a] > LibClamAV debug: 4: [6465762f732f504b] [*] [a] > LibClamAV debug: 5: [48737a362579] [*] [a] > LibClamAV debug: 6: [4d4554412d494e462f4d414e49464553542e4d46] [*] [a] > LibClamAV debug: 7: [6465762f504b] [*] [a] > LibClamAV debug: 8: [6465762f732f416467726564592e636c617373] [*] [a] > LibClamAV debug: 9: [6465762f732f447965737961735a2e636c617373] [*] [a] > LibClamAV debug: 10: [6465762f732f4c6f61646572582e636c617373504b] [*] [a] > LibClamAV debug: 11: [6553304c3564] [*] [a] > LibClamAV debug: 12: [38457b344f4e] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_jar > LibClamAV debug: load_oneyara: attempting to load eleonore_jar2 > LibClamAV debug: load_oneyara: generic string: [META-INF/MANIFEST.MFManifest-Version: 1.0] => [4d4554412d494e462f4d414e49464553542e4d464d616e69666573742d56657273696f6e3a20312e30] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [wPVvVyz] => [7750567656797a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [JavaFX.class] => [4a61766146582e636c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [{%D@'\] => [7b254440275c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [JavaFXColor.class] => [4a6176614658436f6c6f722e636c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [bWxEBI}Y] => [6257784542497d59] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [$(2}UoD] => [2428327d556f44] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [j%4muR] => [6a25346d7552] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vqKBZi] => [76714b425a69] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [l6gs8;] => [6c366773383b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [JavaFXTrueColor.classeSKo] => [4a617661465854727565436f6c6f722e636c61737365534b6f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ZyYQx ] => [5a7959517820] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/] => [4d4554412d494e462f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [JavaFX.classPK] => [4a61766146582e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [;Ie8{A] => [3b4965387b41] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [4d4554412d494e462f4d414e49464553542e4d464d616e69666573742d56657273696f6e3a20312e30] [*] [a] > LibClamAV debug: 1: [7750567656797a] [*] [a] > LibClamAV debug: 2: [4a61766146582e636c617373] [*] [a] > LibClamAV debug: 3: [7b254440275c] [*] [a] > LibClamAV debug: 4: [4a6176614658436f6c6f722e636c617373] [*] [a] > LibClamAV debug: 5: [6257784542497d59] [*] [a] > LibClamAV debug: 6: [2428327d556f44] [*] [a] > LibClamAV debug: 7: [6a25346d7552] [*] [a] > LibClamAV debug: 8: [76714b425a69] [*] [a] > LibClamAV debug: 9: [6c366773383b] [*] [a] > LibClamAV debug: 10: [4a617661465854727565436f6c6f722e636c61737365534b6f] [*] [a] > LibClamAV debug: 11: [5a7959517820] [*] [a] > LibClamAV debug: 12: [4d4554412d494e462f] [*] [a] > LibClamAV debug: 13: [4a61766146582e636c617373504b] [*] [a] > LibClamAV debug: 14: [3b4965387b41] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_jar2 > LibClamAV debug: load_oneyara: attempting to load eleonore_jar3 > LibClamAV debug: load_oneyara: generic string: [16lNYF2V] => [31366c4e59463256] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/MANIFEST.MFPK] => [4d4554412d494e462f4d414e49464553542e4d46504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ghsdr/Jewredd.classPK] => [67687364722f4a6577726564642e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ghsdr/Gedsrdc.class] => [67687364722f476564737264632e636c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [e[<n55] => [655b3c6e3535] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ghsdr/Gedsrdc.classPK] => [67687364722f476564737264632e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/] => [4d4554412d494e462f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [na}pyO] => [6e617d70794f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [9A1.F\] => [3941312e465c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ghsdr/Kocer.class] => [67687364722f4b6f6365722e636c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [MXGXO8] => [4d5847584f38] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ghsdr/Kocer.classPK] => [67687364722f4b6f6365722e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ghsdr/Jewredd.class] => [67687364722f4a6577726564642e636c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [31366c4e59463256] [*] [a] > LibClamAV debug: 1: [4d4554412d494e462f4d414e49464553542e4d46504b] [*] [a] > LibClamAV debug: 2: [67687364722f4a6577726564642e636c617373504b] [*] [a] > LibClamAV debug: 3: [67687364722f476564737264632e636c617373] [*] [a] > LibClamAV debug: 4: [655b3c6e3535] [*] [a] > LibClamAV debug: 5: [67687364722f476564737264632e636c617373504b] [*] [a] > LibClamAV debug: 6: [4d4554412d494e462f] [*] [a] > LibClamAV debug: 7: [6e617d70794f] [*] [a] > LibClamAV debug: 8: [3941312e465c] [*] [a] > LibClamAV debug: 9: [67687364722f4b6f6365722e636c617373] [*] [a] > LibClamAV debug: 10: [4d5847584f38] [*] [a] > LibClamAV debug: 11: [67687364722f4b6f6365722e636c617373504b] [*] [a] > LibClamAV debug: 12: [67687364722f4a6577726564642e636c617373] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_jar3 > LibClamAV debug: load_oneyara: attempting to load eleonore_js > LibClamAV debug: load_oneyara: generic string: [var de] => [766172206465] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [sdjk];] => [73646a6b5d3b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [return dfshk;] => [72657475726e20646673686b3b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [function jkshdk(){] => [66756e6374696f6e206a6b7368646b28297b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: ['val';] => [2776616c273b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [var sdjk] => [7661722073646a6b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [return fsdjkl;] => [72657475726e206673646a6b6c3b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ window[d] => [2077696e646f775b64] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [var fsdjkl] => [766172206673646a6b6c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [function jklsdjfk() {] => [66756e6374696f6e206a6b6c73646a666b2829207b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [function rewiry(yiyr,fjkhd){] => [66756e6374696f6e2072657769727928796979722c666a6b6864297b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ sdjd ] => [2073646a6420] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [766172206465] [*] [a] > LibClamAV debug: 1: [73646a6b5d3b] [*] [a] > LibClamAV debug: 2: [72657475726e20646673686b3b] [*] [a] > LibClamAV debug: 3: [66756e6374696f6e206a6b7368646b28297b] [*] [a] > LibClamAV debug: 4: [2776616c273b] [*] [a] > LibClamAV debug: 5: [7661722073646a6b] [*] [a] > LibClamAV debug: 6: [72657475726e206673646a6b6c3b] [*] [a] > LibClamAV debug: 7: [2077696e646f775b64] [*] [a] > LibClamAV debug: 8: [766172206673646a6b6c] [*] [a] > LibClamAV debug: 9: [66756e6374696f6e206a6b6c73646a666b2829207b] [*] [a] > LibClamAV debug: 10: [66756e6374696f6e2072657769727928796979722c666a6b6864297b] [*] [a] > LibClamAV debug: 11: [2073646a6420] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_js > LibClamAV debug: load_oneyara: attempting to load eleonore_js2 > LibClamAV debug: load_oneyara: generic string: [var dfshk ] => [76617220646673686b20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [arrow_next_down] => [6172726f775f6e6578745f646f776e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [return eval('yiyr.replac'] => [72657475726e206576616c2827796979722e7265706c616327] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [arrow_next_over] => [6172726f775f6e6578745f6f766572] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [arrow_prev_over] => [6172726f775f707265765f6f766572] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [xcCSSWeekdayBlock] => [78634353535765656b646179426c6f636b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [xcCSSHeadBlock] => [786343535348656164426c6f636b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [xcCSSDaySpecial] => [78634353534461795370656369616c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [xcCSSDay] => [7863435353446179] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ window[df ] => [2077696e646f775b646620] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [day_special] => [6461795f7370656369616c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [var df] => [766172206466] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [function jklsdjfk() {] => [66756e6374696f6e206a6b6c73646a666b2829207b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ sdjd ] => [2073646a6420] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: ['e(/kljf hdfk sdf/g,fjkhd);');] => [2765282f6b6c6a66206864666b207364662f672c666a6b6864293b27293b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [arrow_next] => [6172726f775f6e657874] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [76617220646673686b20] [*] [a] > LibClamAV debug: 1: [6172726f775f6e6578745f646f776e] [*] [a] > LibClamAV debug: 2: [72657475726e206576616c2827796979722e7265706c616327] [*] [a] > LibClamAV debug: 3: [6172726f775f6e6578745f6f766572] [*] [a] > LibClamAV debug: 4: [6172726f775f707265765f6f766572] [*] [a] > LibClamAV debug: 5: [78634353535765656b646179426c6f636b] [*] [a] > LibClamAV debug: 6: [786343535348656164426c6f636b] [*] [a] > LibClamAV debug: 7: [78634353534461795370656369616c] [*] [a] > LibClamAV debug: 8: [7863435353446179] [*] [a] > LibClamAV debug: 9: [2077696e646f775b646620] [*] [a] > LibClamAV debug: 10: [6461795f7370656369616c] [*] [a] > LibClamAV debug: 11: [766172206466] [*] [a] > LibClamAV debug: 12: [66756e6374696f6e206a6b6c73646a666b2829207b] [*] [a] > LibClamAV debug: 13: [2073646a6420] [*] [a] > LibClamAV debug: 14: [2765282f6b6c6a66206864666b207364662f672c666a6b6864293b27293b] [*] [a] > LibClamAV debug: 15: [6172726f775f6e657874] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_js2 > LibClamAV debug: load_oneyara: attempting to load eleonore_js3 > LibClamAV debug: load_oneyara: generic string: [@mozilla.org/file/directory_service;1] => [406d6f7a696c6c612e6f72672f66696c652f6469726563746f72795f736572766963653b31] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [var exe ] => [7661722065786520] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [var file ] => [7661722066696c6520] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [foStream.write(data, data.length);] => [666f53747265616d2e777269746528646174612c20646174612e6c656e677468293b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ var file_data ] => [20207661722066696c655f6461746120] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [return ] => [72657475726e20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ Components.classes[] => [20436f6d706f6e656e74732e636c61737365735b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [url : ] => [75726c203a20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [].createInstance(Components.interfaces.nsILocalFile);] => [5d2e637265617465496e7374616e636528436f6d706f6e656e74732e696e74657266616365732e6e73494c6f63616c46696c65293b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ var bstream ] => [2020766172206273747265616d20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ bstream.readBytes(size); ] => [206273747265616d2e7265616442797465732873697a65293b20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [@mozilla.org/supports-string;1] => [406d6f7a696c6c612e6f72672f737570706f7274732d737472696e673b31] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ var channel ] => [2020766172206368616e6e656c20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [tmp.exe] => [746d702e657865] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ if (channel instanceof Components.interfaces.nsIHttpChannel ] => [2020696620286368616e6e656c20696e7374616e63656f6620436f6d706f6e656e74732e696e74657266616365732e6e7349487474704368616e6e656c20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [@mozilla.org/network/io-service;1] => [406d6f7a696c6c612e6f72672f6e6574776f726b2f696f2d736572766963653b31] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ bstream.available()) { ] => [206273747265616d2e617661696c61626c65282929207b20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [].getService(Components.interfaces.nsIIOService); ] => [5d2e6765745365727669636528436f6d706f6e656e74732e696e74657266616365732e6e7349494f53657276696365293b20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [406d6f7a696c6c612e6f72672f66696c652f6469726563746f72795f736572766963653b31] [*] [a] > LibClamAV debug: 1: [7661722065786520] [*] [a] > LibClamAV debug: 2: [7661722066696c6520] [*] [a] > LibClamAV debug: 3: [666f53747265616d2e777269746528646174612c20646174612e6c656e677468293b] [*] [a] > LibClamAV debug: 4: [20207661722066696c655f6461746120] [*] [a] > LibClamAV debug: 5: [72657475726e20] [*] [a] > LibClamAV debug: 6: [20436f6d706f6e656e74732e636c61737365735b] [*] [a] > LibClamAV debug: 7: [75726c203a20] [*] [a] > LibClamAV debug: 8: [5d2e637265617465496e7374616e636528436f6d706f6e656e74732e696e74657266616365732e6e73494c6f63616c46696c65293b] [*] [a] > LibClamAV debug: 9: [2020766172206273747265616d20] [*] [a] > LibClamAV debug: 10: [206273747265616d2e7265616442797465732873697a65293b20] [*] [a] > LibClamAV debug: 11: [406d6f7a696c6c612e6f72672f737570706f7274732d737472696e673b31] [*] [a] > LibClamAV debug: 12: [2020766172206368616e6e656c20] [*] [a] > LibClamAV debug: 13: [746d702e657865] [*] [a] > LibClamAV debug: 14: [2020696620286368616e6e656c20696e7374616e63656f6620436f6d706f6e656e74732e696e74657266616365732e6e7349487474704368616e6e656c20] [*] [a] > LibClamAV debug: 15: [406d6f7a696c6c612e6f72672f6e6574776f726b2f696f2d736572766963653b31] [*] [a] > LibClamAV debug: 16: [206273747265616d2e617661696c61626c65282929207b20] [*] [a] > LibClamAV debug: 17: [5d2e6765745365727669636528436f6d706f6e656e74732e696e74657266616365732e6e7349494f53657276696365293b20] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_js3 > LibClamAV debug: cli_loadyara: loaded 6 of 6 yara signatures from /var/lib/clamav/EK_Eleonore.yar > LibClamAV debug: /var/lib/clamav/EK_Eleonore.yar loaded > LibClamAV debug: /var/lib/clamav/bofhland_cracked_URL.ndb loaded > LibClamAV debug: load_oneyara: attempting to load bleedinglife2_adobe_2010_1297_exploit > LibClamAV debug: load_oneyara: generic string: [getSharedStyle] => [6765745368617265645374796c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [currentCount] => [63757272656e74436f756e74] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [String] => [537472696e67] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [setSelection] => [73657453656c656374696f6e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [BOTTOM] => [424f54544f4d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [classToInstancesDict] => [636c617373546f496e7374616e63657344696374] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [buttonDown] => [627574746f6e446f776e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [focusRect] => [666f63757352656374] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [pill11] => [70696c6c3131] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [TEXT_INPUT] => [544558545f494e505554] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [restrict] => [7265737472696374] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [defaultButtonEnabled] => [64656661756c74427574746f6e456e61626c6564] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [copyStylesToChild] => [636f70795374796c6573546f4368696c64] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ xmlns:xmpMM] => [20786d6c6e733a786d704d4d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [_editable] => [5f6564697461626c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [classToDefaultStylesDict] => [636c617373546f44656661756c745374796c657344696374] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [IMEConversionMode] => [494d45436f6e76657273696f6e4d6f6465] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Scene 1] => [5363656e652031] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [6765745368617265645374796c65] [*] [a] > LibClamAV debug: 1: [63757272656e74436f756e74] [*] [a] > LibClamAV debug: 2: [537472696e67] [*] [a] > LibClamAV debug: 3: [73657453656c656374696f6e] [*] [a] > LibClamAV debug: 4: [424f54544f4d] [*] [a] > LibClamAV debug: 5: [636c617373546f496e7374616e63657344696374] [*] [a] > LibClamAV debug: 6: [627574746f6e446f776e] [*] [a] > LibClamAV debug: 7: [666f63757352656374] [*] [a] > LibClamAV debug: 8: [70696c6c3131] [*] [a] > LibClamAV debug: 9: [544558545f494e505554] [*] [a] > LibClamAV debug: 10: [7265737472696374] [*] [a] > LibClamAV debug: 11: [64656661756c74427574746f6e456e61626c6564] [*] [a] > LibClamAV debug: 12: [636f70795374796c6573546f4368696c64] [*] [a] > LibClamAV debug: 13: [20786d6c6e733a786d704d4d] [*] [a] > LibClamAV debug: 14: [5f6564697461626c65] [*] [a] > LibClamAV debug: 15: [636c617373546f44656661756c745374796c657344696374] [*] [a] > LibClamAV debug: 16: [494d45436f6e76657273696f6e4d6f6465] [*] [a] > LibClamAV debug: 17: [5363656e652031] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.bleedinglife2_adobe_2010_1297_exploit > LibClamAV debug: load_oneyara: attempting to load bleedinglife2_adobe_2010_2884_exploit > LibClamAV debug: load_oneyara: generic string: [_autoRepeat] => [5f6175746f526570656174] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [embedFonts] => [656d626564466f6e7473] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [KeyboardEvent] => [4b6579626f6172644576656e74] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [instanceStyles] => [696e7374616e63655374796c6573] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [InvalidationType] => [496e76616c69646174696f6e54797065] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [autoRepeat] => [6175746f526570656174] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [getScaleX] => [6765745363616c6558] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RadioButton_selectedDownIcon] => [526164696f427574746f6e5f73656c6563746564446f776e49636f6e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [configUI] => [636f6e6669675549] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [deactivate] => [64656163746976617465] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [fl.controls:Button] => [666c2e636f6e74726f6c733a427574746f6e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [_mouseStateLocked] => [5f6d6f75736553746174654c6f636b6564] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [fl.core.ComponentShim] => [666c2e636f72652e436f6d706f6e656e745368696d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [toString] => [746f537472696e67] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [_group] => [5f67726f7570] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [addRadioButton] => [616464526164696f427574746f6e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [inCallLaterPhase] => [696e43616c6c4c617465725068617365] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [oldMouseState] => [6f6c644d6f7573655374617465] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [5f6175746f526570656174] [*] [a] > LibClamAV debug: 1: [656d626564466f6e7473] [*] [a] > LibClamAV debug: 2: [4b6579626f6172644576656e74] [*] [a] > LibClamAV debug: 3: [696e7374616e63655374796c6573] [*] [a] > LibClamAV debug: 4: [496e76616c69646174696f6e54797065] [*] [a] > LibClamAV debug: 5: [6175746f526570656174] [*] [a] > LibClamAV debug: 6: [6765745363616c6558] [*] [a] > LibClamAV debug: 7: [526164696f427574746f6e5f73656c6563746564446f776e49636f6e] [*] [a] > LibClamAV debug: 8: [636f6e6669675549] [*] [a] > LibClamAV debug: 9: [64656163746976617465] [*] [a] > LibClamAV debug: 10: [666c2e636f6e74726f6c733a427574746f6e] [*] [a] > LibClamAV debug: 11: [5f6d6f75736553746174654c6f636b6564] [*] [a] > LibClamAV debug: 12: [666c2e636f72652e436f6d706f6e656e745368696d] [*] [a] > LibClamAV debug: 13: [746f537472696e67] [*] [a] > LibClamAV debug: 14: [5f67726f7570] [*] [a] > LibClamAV debug: 15: [616464526164696f427574746f6e] [*] [a] > LibClamAV debug: 16: [696e43616c6c4c617465725068617365] [*] [a] > LibClamAV debug: 17: [6f6c644d6f7573655374617465] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.bleedinglife2_adobe_2010_2884_exploit > LibClamAV debug: load_oneyara: attempting to load bleedinglife2_jar2 > LibClamAV debug: load_oneyara: generic string: [META-INF/MANIFEST.MFPK] => [4d4554412d494e462f4d414e49464553542e4d46504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RequiredJavaComponent.classPK] => [52657175697265644a617661436f6d706f6e656e742e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/JAVA.SFm] => [4d4554412d494e462f4a4156412e53466d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RequiredJavaComponent.class] => [52657175697265644a617661436f6d706f6e656e742e636c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/MANIFEST.MF] => [4d4554412d494e462f4d414e49464553542e4d46] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/JAVA.DSAPK] => [4d4554412d494e462f4a4156412e445341504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/JAVA.SFPK] => [4d4554412d494e462f4a4156412e5346504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [5EVTwkx] => [35455654776b78] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/JAVA.DSA3hb] => [4d4554412d494e462f4a4156412e445341336862] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [y\Dw -] => [795c4477202d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [4d4554412d494e462f4d414e49464553542e4d46504b] [*] [a] > LibClamAV debug: 1: [52657175697265644a617661436f6d706f6e656e742e636c617373504b] [*] [a] > LibClamAV debug: 2: [4d4554412d494e462f4a4156412e53466d] [*] [a] > LibClamAV debug: 3: [52657175697265644a617661436f6d706f6e656e742e636c617373] [*] [a] > LibClamAV debug: 4: [4d4554412d494e462f4d414e49464553542e4d46] [*] [a] > LibClamAV debug: 5: [4d4554412d494e462f4a4156412e445341504b] [*] [a] > LibClamAV debug: 6: [4d4554412d494e462f4a4156412e5346504b] [*] [a] > LibClamAV debug: 7: [35455654776b78] [*] [a] > LibClamAV debug: 8: [4d4554412d494e462f4a4156412e445341336862] [*] [a] > LibClamAV debug: 9: [795c4477202d] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.bleedinglife2_jar2 > LibClamAV debug: load_oneyara: attempting to load bleedinglife2_java_2010_0842_exploit > LibClamAV debug: load_oneyara: generic string: [META-INF/MANIFEST.MFManifest-Version: 1.0] => [4d4554412d494e462f4d414e49464553542e4d464d616e69666573742d56657273696f6e3a20312e30] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ToolsDemo.classPK] => [546f6f6c7344656d6f2e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/services/javax.sound.midi.spi.MidiDeviceProvider5] => [4d4554412d494e462f73657276696365732f6a617661782e736f756e642e6d6964692e7370692e4d69646944657669636550726f766964657235] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Created-By: 1.6.0_22 (Sun Microsystems Inc.)] => [437265617465642d42793a20312e362e305f3232202853756e204d6963726f73797374656d7320496e632e29] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/PK] => [4d4554412d494e462f504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ToolsDemo.class] => [546f6f6c7344656d6f2e636c617373] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/services/PK] => [4d4554412d494e462f73657276696365732f504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ToolsDemoSubClass.classPK] => [546f6f6c7344656d6f537562436c6173732e636c617373504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [META-INF/MANIFEST.MFPK] => [4d4554412d494e462f4d414e49464553542e4d46504b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ToolsDemoSubClass.classeN] => [546f6f6c7344656d6f537562436c6173732e636c617373654e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [4d4554412d494e462f4d414e49464553542e4d464d616e69666573742d56657273696f6e3a20312e30] [*] [a] > LibClamAV debug: 1: [546f6f6c7344656d6f2e636c617373504b] [*] [a] > LibClamAV debug: 2: [4d4554412d494e462f73657276696365732f6a617661782e736f756e642e6d6964692e7370692e4d69646944657669636550726f766964657235] [*] [a] > LibClamAV debug: 3: [437265617465642d42793a20312e362e305f3232202853756e204d6963726f73797374656d7320496e632e29] [*] [a] > LibClamAV debug: 4: [4d4554412d494e462f504b] [*] [a] > LibClamAV debug: 5: [546f6f6c7344656d6f2e636c617373] [*] [a] > LibClamAV debug: 6: [4d4554412d494e462f73657276696365732f504b] [*] [a] > LibClamAV debug: 7: [546f6f6c7344656d6f537562436c6173732e636c617373504b] [*] [a] > LibClamAV debug: 8: [4d4554412d494e462f4d414e49464553542e4d46504b] [*] [a] > LibClamAV debug: 9: [546f6f6c7344656d6f537562436c6173732e636c617373654e] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.bleedinglife2_java_2010_0842_exploit > LibClamAV debug: cli_loadyara: loaded 4 of 4 yara signatures from /var/lib/clamav/EK_BleedingLife.yar > LibClamAV debug: /var/lib/clamav/EK_BleedingLife.yar loaded > LibClamAV debug: /var/lib/clamav/scam.ndb loaded > LibClamAV debug: load_oneyara: attempting to load Sanesecurity_TestSig_Type4_Hdr_2 > LibClamAV debug: load_oneyara: hex string: [{ 5375626a6563743a[0-30]727267363355686a32554379454363727558374438334134716435554135766e6c67774a70366236666d505a704f625a4a4162667465687568524158466279 }] => [5375626a6563743a{0-30}727267363355686a32554379454363727558374438334134716435554135766e6c67774a70366236666d505a704f625a4a4162667465687568524158466279] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [5375626a6563743a{0-30}727267363355686a32554379454363727558374438334134716435554135766e6c67774a70366236666d505a704f625a4a4162667465687568524158466279] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_TestSig_Type4_Hdr_2 > LibClamAV debug: load_oneyara: attempting to load Sanesecurity_TestSig_Type3_Bdy_4 > LibClamAV debug: load_oneyara: hex string: [{ 626f64795f727267363375686a32756379656363727578376438336134716435756135766e6c67776a70366236666d707a706f627a6a61626674656875687261786662797a7a7a7a7a }] => [626f64795f727267363375686a32756379656363727578376438336134716435756135766e6c67776a70366236666d707a706f627a6a61626674656875687261786662797a7a7a7a7a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [626f64795f727267363375686a32756379656363727578376438336134716435756135766e6c67776a70366236666d707a706f627a6a61626674656875687261786662797a7a7a7a7a] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_TestSig_Type3_Bdy_4 > LibClamAV debug: load_oneyara: attempting to load Sanesecurity_TestSig_Type4_Bdy_3 > LibClamAV debug: load_oneyara: hex string: [{ 626f64795f727267363355686a32554379454363727558374438334134716435554135766e6c67774a70366236666d505a30616a646a6b776a6e535344667364667364666e77657264 }] => [626f64795f727267363355686a32554379454363727558374438334134716435554135766e6c67774a70366236666d505a30616a646a6b776a6e535344667364667364666e77657264] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [626f64795f727267363355686a32554379454363727558374438334134716435554135766e6c67774a70366236666d505a30616a646a6b776a6e535344667364667364666e77657264] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_TestSig_Type4_Bdy_3 > LibClamAV debug: load_oneyara: attempting to load Sanesecurity_PhishingTestSig_1 > LibClamAV debug: load_oneyara: hex string: [{ 3c73616e6573656375726974793e64723161796c6172696164696178215f216c6562725f61776f6577696568693573316f6170726f38796c2363686c6163376975746f657a6f75716c75766975643c2f73616e6573656375726974793e }] => [3c73616e6573656375726974793e64723161796c6172696164696178215f216c6562725f61776f6577696568693573316f6170726f38796c2363686c6163376975746f657a6f75716c75766975643c2f73616e6573656375726974793e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [3c73616e6573656375726974793e64723161796c6172696164696178215f216c6562725f61776f6577696568693573316f6170726f38796c2363686c6163376975746f657a6f75716c75766975643c2f73616e6573656375726974793e] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_PhishingTestSig_1 > LibClamAV debug: cli_loadyara: loaded 4 of 4 yara signatures from /var/lib/clamav/Sanesecurity_sigtest.yara > LibClamAV debug: /var/lib/clamav/Sanesecurity_sigtest.yara loaded > LibClamAV debug: /var/lib/clamav/winnow_extended_malware.hdb loaded > LibClamAV debug: Ignoring signature {HEX}php.malware.magento.609 > LibClamAV debug: /var/lib/clamav/rfxn.ndb loaded > LibClamAV debug: /var/lib/clamav/jurlbl.ndb loaded > LibClamAV debug: /var/lib/clamav/spamattach.hdb loaded > LibClamAV debug: load_oneyara: attempting to load fragus_htm > LibClamAV debug: load_oneyara: generic string: [>Hello, ] => [3e48656c6c6f2c20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [http://www.clantemplates.com] => [687474703a2f2f7777772e636c616e74656d706c617465732e636f6d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [this template was created by Bl1nk and is downloadable at <B>ClanTemplates.com<BR></B>Replace ] => [746869732074656d706c61746520776173206372656174656420627920426c316e6b20616e6420697320646f776e6c6f616461626c65206174203c423e436c616e54656d706c617465732e636f6d3c42523e3c2f423e5265706c61636520] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [></TD></TR></TABLE> ] => [3e3c2f54443e3c2f54523e3c2f5441424c453e20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Image21] => [496d6167653231] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [scrollbar etc.<BR><BR>Enjoy, Bl1nk</FONT></TD></TR></TABLE><BR></CENTER></TD></TR> ] => [7363726f6c6c626172206574632e3c42523e3c42523e456e6a6f792c20426c316e6b3c2f464f4e543e3c2f54443e3c2f54523e3c2f5441424c453e3c42523e3c2f43454e5445523e3c2f54443e3c2f54523e20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [to this WarCraft Template] => [746f20746869732057617243726166742054656d706c617465] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ document.getElementById) x] => [20646f63756d656e742e676574456c656d656e7442794964292078] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ if (a[i].indexOf(] => [2020202069662028615b695d2e696e6465784f6628] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [x.oSrc;] => [782e6f5372633b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [x.src; x.src] => [782e7372633b20782e737263] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [<HTML>] => [3c48544d4c3e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FFFFFF] => [464646464646] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ CELLSPACING] => [2043454c4c53504143494e47] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [images/layoutnormal_03.gif] => [696d616765732f6c61796f75746e6f726d616c5f30332e676966] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [<TR> <TD ] => [3c54523e203c544420] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ CELLPADDING] => [2043454c4c50414444494e47] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [3e48656c6c6f2c20] [*] [a] > LibClamAV debug: 1: [687474703a2f2f7777772e636c616e74656d706c617465732e636f6d] [*] [a] > LibClamAV debug: 2: [746869732074656d706c61746520776173206372656174656420627920426c316e6b20616e6420697320646f776e6c6f616461626c65206174203c423e436c616e54656d706c617465732e636f6d3c42523e3c2f423e5265706c61636520] [*] [a] > LibClamAV debug: 3: [3e3c2f54443e3c2f54523e3c2f5441424c453e20] [*] [a] > LibClamAV debug: 4: [496d6167653231] [*] [a] > LibClamAV debug: 5: [7363726f6c6c626172206574632e3c42523e3c42523e456e6a6f792c20426c316e6b3c2f464f4e543e3c2f54443e3c2f54523e3c2f5441424c453e3c42523e3c2f43454e5445523e3c2f54443e3c2f54523e20] [*] [a] > LibClamAV debug: 6: [746f20746869732057617243726166742054656d706c617465] [*] [a] > LibClamAV debug: 7: [20646f63756d656e742e676574456c656d656e7442794964292078] [*] [a] > LibClamAV debug: 8: [2020202069662028615b695d2e696e6465784f6628] [*] [a] > LibClamAV debug: 9: [782e6f5372633b] [*] [a] > LibClamAV debug: 10: [782e7372633b20782e737263] [*] [a] > LibClamAV debug: 11: [3c48544d4c3e] [*] [a] > LibClamAV debug: 12: [464646464646] [*] [a] > LibClamAV debug: 13: [2043454c4c53504143494e47] [*] [a] > LibClamAV debug: 14: [696d616765732f6c61796f75746e6f726d616c5f30332e676966] [*] [a] > LibClamAV debug: 15: [3c54523e203c544420] [*] [a] > LibClamAV debug: 16: [2043454c4c50414444494e47] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_htm > LibClamAV debug: load_oneyara: attempting to load fragus_js > LibClamAV debug: load_oneyara: generic string: [));ELI6Q3PZ] => [29293b454c49365133505a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [VGhNU2pWQmMyUXhPSFI2TTNCVGVEUXpSR3huYm1aeE5UaFhXRFI0ZFhCQVMxWkRNVGh0V0hZNFZVYzBXWFJpTVRoVFpFUklaVGxG] => [5647684e55327057516d4d79555868505346493254544e43564756455558705352336875596d31616545355561466858524649305a46684351564d78576b524e564768305630685a4e465a56597a425857464a705456526f56467046556b6c6156477847] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [eFgweDNaek5YZDFkaWFtTlhZbDlmV2tGa09Va3pSMlEyT0dwSFFIQlZRblpEYzBKRWNFeGZOVmx6V0RSU1JEYzJjRlY0TVY5SFkw] => [6546677765444e61656b35595a44466b61574674546c685a62446c6d5632744761303956613370534d6c45795430647753464649516c5a52626c7045597a424b52574e4665475a4f566d78365630525355314a45597a4a6a526c59305456593553466b77] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [TkhXa0ZrT1haNGRFSXhRM3BrTkRoVGMxZEJSMmcyT0dwNlkzSTJYM1pCYkZnMVVqQmpWMEZIYURZNGFucGpjalpmZGtGc1dERXpT] => [546b685861305a72543168614e475246535868524d334272546b526f56474d785a454a534d6d6379543064774e6c6b7a53544a594d317043596b5a6e4d565671516d70574d455a495955525a4e4746756347706a616c706d5a4774476331644552587054] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [byKZKkpZU<<18] => [62794b5a4b6b705a553c3c3138] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [);CUer0x] => [293b435565723078] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [bzWRebpU3yE>>16] => [627a5752656270553379453e3e3136] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RUJEWlVvMGNsVTVNMEpNWDNaNGJVSkpPRUJrUlVwRVQwQlNaR2cyY0ZWSE5GbDBRVFZ5UjFnMk9HVldOWGhMYUdFelRIZG5NMWQz] => [52554a45576c56764d474e735654564e4d45704e57444e614e474a56536b705052554a72556c567752565177516c4e615232637959305a57534535476244425256465a35556a466e4d6b3948566c644f5747684d59556446656c52495a47354e4d57517a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [WnZSVGxuT1ZSRkwwaFZSelZGUm5GRlJFVTBLVHQ0UWxKQ1drdzBiWEJ5WkhSdVBtdG9XVWd6TVVGSGFFeDVTMlk3ZUVKU1FscE1O] => [576e5a535647787554315a53526b777761465a53656c5a47556d3547526c4a465654424c564851305557784b51316472647a426957454a35576b68536456427464473958565764365456564753474646654456544d6c6b335a55564b553146736345314f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [QmZjMGN4YjBCd1oyOXBURUJJZEhvMFdYcGtOamhFV1ZwU01GVlZZbXBpUUZKV1lqTXpWMDAwY0dSNlF6aE1SekZ5ZEc4ME9FeEtN] => [516d5a6a4d474e34596a424364316f794f58425552554a4a5a4568764d4664596347744f616d684656315a7755303147566c5a5a6258427055555a4b56316c71545870574d444177593064534e6c463661453153656b5a355a4563344d4539466545744e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SCpMaWXOuME(] => [5343704d6157584f754d4528] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [VjJKcVkxZGlYMTlhUVdRNVNUTkhaRFk0YWpsYWJsWkRNVGh0V0hZNFZVYzBXWFJ2Tm5CVmFEUlpWVmhDT0ZWV05YaDBRa1ZTUkUw] => [566a4a4b63566b785a476c594d546c68555664524e564e55546b686152466b305957707359574a73576b524e564768305630685a4e465a56597a425857464a32546d3543566d4645556c7057566d684454305a57563035596144425261315a54556b5577] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [2;}else{Yuii37DWU] => [323b7d656c73657b597569693337445755] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ELI6Q3PZ] => [454c49365133505a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ZUhNNVZYQlZlRFY0UUZnMk9HMVlORkpFYkRsNGMxbEpPRUJSTVY5SGNETllPRXB0YjBsaloySnhPVVZ3UkZWQVgzTllORGgwV0RS] => [5a55684e4e565a59516c5a6c5246593055555a6e4d6b39484d566c4f526b7046596b52734e474d786245705052554a535456593553474e45546c6c5052584230596a4273616c6f79536e685056565a33556b5a575156677a546c6c4f5247677756305253] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [S05GbE1lalk0Vm1ORmVEWnpXbEpXZDBWaU5ubzJjRlkzVjFsbFgwVmlURlpuYnpCUE5HNTBhRFpaVEZrMVFYTjZObkIwWTBVNE4x] => [533035476245316c616c6b30566d314f526d5645576e7058624570585a44425761553575627a4a6a526c6b7a566a467362466777566d6c55526c7075596e7043554535484e5442685246706156455a724d564659546a5a4f626b4977575442564e453478] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Vm5CWFFVZG9OamhxZW1OeU5sOTJRV3hZTVROSlpEWTRVM294V1VSUFFFdFdZalE0WlVjeGNsSmtObmhBYURVNFZVZEFjRlZDZGtO] => [566d3543574646565a47394f616d68785a57314f655535734f544a525633685a5456524f536c7045575452564d32393456315653554646466446645a616c4530576c566a65474e73536d744f626d6842595552564e465a565a45466a526c5a445a47744f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Yuii37DWU<<12] => [5975696933374457553c3c3132] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [;while(hdnR9eo3pZ6E3<ZZeD3LjJQ.length){eMImGB] => [3b7768696c652868646e5239656f33705a3645333c5a5a6544334c6a4a512e6c656e677468297b654d496d4742] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [29293b454c49365133505a] [*] [a] > LibClamAV debug: 1: [5647684e55327057516d4d79555868505346493254544e43564756455558705352336875596d31616545355561466858524649305a46684351564d78576b524e564768305630685a4e465a56597a425857464a705456526f56467046556b6c6156477847] [*] [a] > LibClamAV debug: 2: [6546677765444e61656b35595a44466b61574674546c685a62446c6d5632744761303956613370534d6c45795430647753464649516c5a52626c7045597a424b52574e4665475a4f566d78365630525355314a45597a4a6a526c59305456593553466b77] [*] [a] > LibClamAV debug: 3: [546b685861305a72543168614e475246535868524d334272546b526f56474d785a454a534d6d6379543064774e6c6b7a53544a594d317043596b5a6e4d565671516d70574d455a495955525a4e4746756347706a616c706d5a4774476331644552587054] [*] [a] > LibClamAV debug: 4: [62794b5a4b6b705a553c3c3138] [*] [a] > LibClamAV debug: 5: [293b435565723078] [*] [a] > LibClamAV debug: 6: [627a5752656270553379453e3e3136] [*] [a] > LibClamAV debug: 7: [52554a45576c56764d474e735654564e4d45704e57444e614e474a56536b705052554a72556c567752565177516c4e615232637959305a57534535476244425256465a35556a466e4d6b3948566c644f5747684d59556446656c52495a47354e4d57517a] [*] [a] > LibClamAV debug: 8: [576e5a535647787554315a53526b777761465a53656c5a47556d3547526c4a465654424c564851305557784b51316472647a426957454a35576b68536456427464473958565764365456564753474646654456544d6c6b335a55564b553146736345314f] [*] [a] > LibClamAV debug: 9: [516d5a6a4d474e34596a424364316f794f58425552554a4a5a4568764d4664596347744f616d684656315a7755303147566c5a5a6258427055555a4b56316c71545870574d444177593064534e6c463661453153656b5a355a4563344d4539466545744e] [*] [a] > LibClamAV debug: 10: [5343704d6157584f754d4528] [*] [a] > LibClamAV debug: 11: [566a4a4b63566b785a476c594d546c68555664524e564e55546b686152466b305957707359574a73576b524e564768305630685a4e465a56597a425857464a32546d3543566d4645556c7057566d684454305a57563035596144425261315a54556b5577] [*] [a] > LibClamAV debug: 12: [323b7d656c73657b597569693337445755] [*] [a] > LibClamAV debug: 13: [454c49365133505a] [*] [a] > LibClamAV debug: 14: [5a55684e4e565a59516c5a6c5246593055555a6e4d6b39484d566c4f526b7046596b52734e474d786245705052554a535456593553474e45546c6c5052584230596a4273616c6f79536e685056565a33556b5a575156677a546c6c4f5247677756305253] [*] [a] > LibClamAV debug: 15: [533035476245316c616c6b30566d314f526d5645576e7058624570585a44425761553575627a4a6a526c6b7a566a467362466777566d6c55526c7075596e7043554535484e5442685246706156455a724d564659546a5a4f626b4977575442564e453478] [*] [a] > LibClamAV debug: 16: [566d3543574646565a47394f616d68785a57314f655535734f544a525633685a5456524f536c7045575452564d32393456315653554646466446645a616c4530576c566a65474e73536d744f626d6842595552564e465a565a45466a526c5a445a47744f] [*] [a] > LibClamAV debug: 17: [5975696933374457553c3c3132] [*] [a] > LibClamAV debug: 18: [3b7768696c652868646e5239656f33705a3645333c5a5a6544334c6a4a512e6c656e677468297b654d496d4742] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js > LibClamAV debug: load_oneyara: attempting to load fragus_js2 > LibClamAV debug: load_oneyara: generic string: [(ELI6Q3PZ] => [28454c49365133505a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SnJTbVJqV2tOa09VbGZSMHcwY0ZWZmRrRjBjRFY0Y3psVmNGVjROWGhBV0RZNGJWZzBVa1J4TjNCVlgwVmlhRjkyZURaS1NWOUhj] => [536e4a5462564a715632744f6130395662475a534d48637759305a575a6d5272526a426a5246593059337073566d4e47566a524f574768425630525a4e474a575a7a425661314a34546a4e43566c6777566d6c68526a6b795a55526153314e574f55686a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [eFgweDNaek5YZDFkaWFtTlhZbDlmV2tGa09Va3pSMlEyT0dwSFFIQlZRblpEYzBKRWNFeGZOVmx6V0RSU1JEYzJjRlY0TVY5SFkw] => [6546677765444e61656b35595a44466b61574674546c685a62446c6d5632744761303956613370534d6c45795430647753464649516c5a52626c7045597a424b52574e4665475a4f566d78365630525355314a45597a4a6a526c59305456593553466b77] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [VUpKUVdWS05ISlZjMXBTTUdWRlNFQmpaMjlrVDBCTFYzY3pZbGRpZG5oeldFUndkSE16YjB4M2JXSnFZMWRpZVY4ellreDNaMko1] => [5655704b5556645753303549536c5a6a4d58425454556457526c4e46516d70614d6a6c72564442435446597a5933705a624752705a47356f656c6446556e646b53453136596a42344d324a58536e465a4d5752705a565934656c6c7265444e614d6b6f31] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [((Yuii37DWU] => [2828597569693337445755] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [YURVNFZXUlhjRlZDZGxsQVJ6UlNaRTlBUzFkM00ySlhiekU0ZEhnMWNrUjZZM0kyWDNaQmJGZ3hNMGxrTmpoVGVqRlpkSEUyV1dW] => [595552564e465a58556c686a526c5a445a47787351564a36556c4e6152546c42557a466b4d303079536c6869656b55305a45686e4d574e72556a5a5a4d306b7957444e61516d4a475a33684e4d477872546d706f56475671526c706b5345557956316457] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [String.fromCharCode(ZZeD3LjJQ);}else if(QIyZsvvbEmVOpp] => [537472696e672e66726f6d43686172436f6465285a5a6544334c6a4a51293b7d656c7365206966285149795a73767662456d564f7070] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [1);ELI6Q3PZ] => [31293b454c49365133505a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [));Yuii37DWU] => [29293b597569693337445755] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [);CUer0x] => [293b435565723078] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [T1ZaQ05IUkRTVGhqT1VWd1ZWOUpRMlZLZG5oNlQwQkxWM2N6WWxkQmRrRkFPVmR3VlRsYWJsWnNOWGhKT1ZkeFZWazFRbEU1UlZK] => [54315a6151303549556b5254564768715431565764315a574f5570524d6c5a4c5a47356f4e6c5177516b78574d324e365757786b516d5272526b4650566d5233566c527359574a73576e4e4f5747684b54315a6b65465a57617a465262455531556c5a4b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [TlpkM2wxS3lzcExUUTRYU2s4UEhocFVqRk9jazA3SUdsbUtIaHBVakZPY2swcGV5QkdWek5NVnlzOVVrSklWVE0wVDJ0NlpTZzJP] => [546c706b4d32777853336c7a6345785555545259553273345545686f63465671526b396a617a4133535564736255744961484256616b5a505932737763475635516b6457656b354e566e6c7a4f565672536b6c575645307756444a304e6c70545a7a4a50] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [String.fromCharCode(((eMImGB] => [537472696e672e66726f6d43686172436f6465282828654d496d4742] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [RGRDUkV0WFV6VkJkRkV4WHpCalYwRkhhRFk0YW5wamNqWmZka0ZzV0RaSWExZzBXWEZDUlZsQVpEWkJOMEoyZUhwd1duSlRXVE5J] => [52475244556b563057465636566b4a6b526b563457487043616c5977526b686852466b3059573577616d4e71576d5a6b61305a7a56305261535745785a7a425857455a44556c5a7351567045576b4a4f4d456f795a55687764316475536c52585645354a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [SCpMaWXOuME(mi1mm8bu87rL0W);eval(Pcii3iVk1AG);</script></body></html>] => [5343704d6157584f754d45286d69316d6d3862753837724c3057293b6576616c28506369693369566b314147293b3c2f7363726970743e3c2f626f64793e3c2f68746d6c3e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Yuii37DWU] => [597569693337445755] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Yuii37DWU<<12] => [5975696933374457553c3c3132] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [eTVzWlc1bmRHZ3NJRWhWUnpWRlJuRkZSRVUwUFRFd01qUXNJR2hQVlZsRVJFVmxVaXdnZUVKU1FscE1ORzF3Y21SMGJpd2dSbGN6] => [6554567a576c6331626d52485a334e4a52576857556e7057526c4a75526b5a5352565577554652466430317155584e4a52326851566c5a7352564a46566d78566158646e5a55564b553146736345314f527a4633593231534d474a706432645362474e36] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [28454c49365133505a] [*] [a] > LibClamAV debug: 1: [536e4a5462564a715632744f6130395662475a534d48637759305a575a6d5272526a426a5246593059337073566d4e47566a524f574768425630525a4e474a575a7a425661314a34546a4e43566c6777566d6c68526a6b795a55526153314e574f55686a] [*] [a] > LibClamAV debug: 2: [6546677765444e61656b35595a44466b61574674546c685a62446c6d5632744761303956613370534d6c45795430647753464649516c5a52626c7045597a424b52574e4665475a4f566d78365630525355314a45597a4a6a526c59305456593553466b77] [*] [a] > LibClamAV debug: 3: [5655704b5556645753303549536c5a6a4d58425454556457526c4e46516d70614d6a6c72564442435446597a5933705a624752705a47356f656c6446556e646b53453136596a42344d324a58536e465a4d5752705a565934656c6c7265444e614d6b6f31] [*] [a] > LibClamAV debug: 4: [2828597569693337445755] [*] [a] > LibClamAV debug: 5: [595552564e465a58556c686a526c5a445a47787351564a36556c4e6152546c42557a466b4d303079536c6869656b55305a45686e4d574e72556a5a5a4d306b7957444e61516d4a475a33684e4d477872546d706f56475671526c706b5345557956316457] [*] [a] > LibClamAV debug: 6: [537472696e672e66726f6d43686172436f6465285a5a6544334c6a4a51293b7d656c7365206966285149795a73767662456d564f7070] [*] [a] > LibClamAV debug: 7: [31293b454c49365133505a] [*] [a] > LibClamAV debug: 8: [29293b597569693337445755] [*] [a] > LibClamAV debug: 9: [293b435565723078] [*] [a] > LibClamAV debug: 10: [54315a6151303549556b5254564768715431565764315a574f5570524d6c5a4c5a47356f4e6c5177516b78574d324e365757786b516d5272526b4650566d5233566c527359574a73576e4e4f5747684b54315a6b65465a57617a465262455531556c5a4b] [*] [a] > LibClamAV debug: 11: [546c706b4d32777853336c7a6345785555545259553273345545686f63465671526b396a617a4133535564736255744961484256616b5a505932737763475635516b6457656b354e566e6c7a4f565672536b6c575645307756444a304e6c70545a7a4a50] [*] [a] > LibClamAV debug: 12: [537472696e672e66726f6d43686172436f6465282828654d496d4742] [*] [a] > LibClamAV debug: 13: [52475244556b563057465636566b4a6b526b563457487043616c5977526b686852466b3059573577616d4e71576d5a6b61305a7a56305261535745785a7a425857455a44556c5a7351567045576b4a4f4d456f795a55687764316475536c52585645354a] [*] [a] > LibClamAV debug: 14: [5343704d6157584f754d45286d69316d6d3862753837724c3057293b6576616c28506369693369566b314147293b3c2f7363726970743e3c2f626f64793e3c2f68746d6c3e] [*] [a] > LibClamAV debug: 15: [597569693337445755] [*] [a] > LibClamAV debug: 16: [5975696933374457553c3c3132] [*] [a] > LibClamAV debug: 17: [6554567a576c6331626d52485a334e4a52576857556e7057526c4a75526b5a5352565577554652466430317155584e4a52326851566c5a7352564a46566d78566158646e5a55564b553146736345314f527a4633593231534d474a706432645362474e36] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js2 > LibClamAV debug: load_oneyara: attempting to load fragus_js_flash > LibClamAV debug: load_oneyara: generic string: [document.appendChild(bdy);try{for (i] => [646f63756d656e742e617070656e644368696c6428626479293b7472797b666f72202869] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0; i<10; i] => [303b20693c31303b2069] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [default] => [64656661756c74] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [var m ] => [766172206d20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [/g, document.getElementById('divid').innerHTML));] => [2f672c20646f63756d656e742e676574456c656d656e74427949642827646976696427292e696e6e657248544d4c29293b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ n.substring(0,r/2);] => [206e2e737562737472696e6728302c722f32293b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [document.getElementById('f').innerHTML] => [646f63756d656e742e676574456c656d656e744279496428276627292e696e6e657248544d4c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: ['atk' onclick] => [2761746b27206f6e636c69636b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [function MAKEHEAP()] => [66756e6374696f6e204d414b45484541502829] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [document.createElement('div');] => [646f63756d656e742e637265617465456c656d656e74282764697627293b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [<button id] => [3c627574746f6e206964] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [/g, document.getElementById('divid').innerHTML);] => [2f672c20646f63756d656e742e676574456c656d656e74427949642827646976696427292e696e6e657248544d4c293b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [document.body.appendChild(gg);] => [646f63756d656e742e626f64792e617070656e644368696c64286767293b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [var bdy ] => [7661722062647920] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [var gg] => [766172206767] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ unescape(gg);while(n.length<r/2) { n] => [20756e657363617065286767293b7768696c65286e2e6c656e6774683c722f3229207b206e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [646f63756d656e742e617070656e644368696c6428626479293b7472797b666f72202869] [*] [a] > LibClamAV debug: 1: [303b20693c31303b2069] [*] [a] > LibClamAV debug: 2: [64656661756c74] [*] [a] > LibClamAV debug: 3: [766172206d20] [*] [a] > LibClamAV debug: 4: [2f672c20646f63756d656e742e676574456c656d656e74427949642827646976696427292e696e6e657248544d4c29293b] [*] [a] > LibClamAV debug: 5: [206e2e737562737472696e6728302c722f32293b] [*] [a] > LibClamAV debug: 6: [646f63756d656e742e676574456c656d656e744279496428276627292e696e6e657248544d4c] [*] [a] > LibClamAV debug: 7: [2761746b27206f6e636c69636b] [*] [a] > LibClamAV debug: 8: [66756e6374696f6e204d414b45484541502829] [*] [a] > LibClamAV debug: 9: [646f63756d656e742e637265617465456c656d656e74282764697627293b] [*] [a] > LibClamAV debug: 10: [3c627574746f6e206964] [*] [a] > LibClamAV debug: 11: [2f672c20646f63756d656e742e676574456c656d656e74427949642827646976696427292e696e6e657248544d4c293b] [*] [a] > LibClamAV debug: 12: [646f63756d656e742e626f64792e617070656e644368696c64286767293b] [*] [a] > LibClamAV debug: 13: [7661722062647920] [*] [a] > LibClamAV debug: 14: [766172206767] [*] [a] > LibClamAV debug: 15: [20756e657363617065286767293b7768696c65286e2e6c656e6774683c722f3229207b206e] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js_flash > LibClamAV debug: load_oneyara: attempting to load fragus_js_java > LibClamAV debug: load_oneyara: generic string: [I></XML><SPAN DATASRC] => [493e3c2f584d4c3e3c5350414e2044415441535243] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [setTimeout('vparivatel()',8000);function vparivatel(){document.write('<iframe src] => [73657454696d656f757428277670617269766174656c2829272c38303030293b66756e6374696f6e207670617269766174656c28297b646f63756d656e742e777269746528273c696672616d6520737263] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [I DATAFLD] => [492044415441464c44] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ unescape(] => [20756e65736361706528] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [, 1);swf.setAttribute(] => [2c2031293b7377662e73657441747472696275746528] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [function XMLNEW(){var spray ] => [66756e6374696f6e20584d4c4e455728297b76617220737072617920] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vparivatel.php] => [7670617269766174656c2e706870] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [6) ){if ( (lv] => [362920297b6966202820286c76] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: ['WIN 9,0,16,0')] => [2757494e20392c302c31362c302729] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [d:/Program Files/Outlook Express/WAB.EXE] => [643a2f50726f6772616d2046696c65732f4f75746c6f6f6b20457870726573732f5741422e455845] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [<XML ID] => [3c584d4c204944] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [new ActiveXObject(] => [6e657720416374697665584f626a65637428] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: ['7.1.0') ){SHOWPDF('iepdf.php] => [27372e312e30272920297b53484f57504446282769657064662e706870] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [function SWF(){try{sv] => [66756e6374696f6e2053574628297b7472797b7376] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: ['WIN 9,0,28,0')] => [2757494e20392c302c32382c302729] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [C DATAFORMATAS] => [432044415441464f524d41544153] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ shellcode;xmlcode ] => [207368656c6c636f64653b786d6c636f646520] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [function SNAPSHOT(){var a] => [66756e6374696f6e20534e415053484f5428297b7661722061] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [493e3c2f584d4c3e3c5350414e2044415441535243] [*] [a] > LibClamAV debug: 1: [73657454696d656f757428277670617269766174656c2829272c38303030293b66756e6374696f6e207670617269766174656c28297b646f63756d656e742e777269746528273c696672616d6520737263] [*] [a] > LibClamAV debug: 2: [492044415441464c44] [*] [a] > LibClamAV debug: 3: [20756e65736361706528] [*] [a] > LibClamAV debug: 4: [2c2031293b7377662e73657441747472696275746528] [*] [a] > LibClamAV debug: 5: [66756e6374696f6e20584d4c4e455728297b76617220737072617920] [*] [a] > LibClamAV debug: 6: [7670617269766174656c2e706870] [*] [a] > LibClamAV debug: 7: [362920297b6966202820286c76] [*] [a] > LibClamAV debug: 8: [2757494e20392c302c31362c302729] [*] [a] > LibClamAV debug: 9: [643a2f50726f6772616d2046696c65732f4f75746c6f6f6b20457870726573732f5741422e455845] [*] [a] > LibClamAV debug: 10: [3c584d4c204944] [*] [a] > LibClamAV debug: 11: [6e657720416374697665584f626a65637428] [*] [a] > LibClamAV debug: 12: [27372e312e30272920297b53484f57504446282769657064662e706870] [*] [a] > LibClamAV debug: 13: [66756e6374696f6e2053574628297b7472797b7376] [*] [a] > LibClamAV debug: 14: [2757494e20392c302c32382c302729] [*] [a] > LibClamAV debug: 15: [432044415441464f524d41544153] [*] [a] > LibClamAV debug: 16: [207368656c6c636f64653b786d6c636f646520] [*] [a] > LibClamAV debug: 17: [66756e6374696f6e20534e415053484f5428297b7661722061] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js_java > LibClamAV debug: load_oneyara: attempting to load fragus_js_quicktime > LibClamAV debug: load_oneyara: generic string: [ setTimeout(] => [2020202020202020202020202020202073657454696d656f757428] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [wnd.location] => [776e642e6c6f636174696f6e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [window;] => [77696e646f773b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ var pls ] => [202020202020202076617220706c7320] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ mem_flag ] => [20202020202020206d656d5f666c616720] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [, 1500);} else{ PRyyt4O3wvgz(1);}] => [2c2031353030293b7d20656c73657b205052797974344f337776677a2831293b7d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ } catch(e) { }] => [2020202020202020207d206361746368286529207b207d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ mem_flag) JP7RXLyEu();] => [206d656d5f666c616729204a503752584c79457528293b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ 0x400000;] => [2030783430303030303b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [----------------------------------------------------------------------------------------------------] => [2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ heapBlocks ] => [202020202020202068656170426c6f636b7320] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ return mm;] => [202020202020202072657475726e206d6d3b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0x38);] => [30783338293b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ h();] => [20202020202020206828293b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ getb(b,bSize);] => [206765746228622c6253697a65293b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [getfile.php] => [67657466696c652e706870] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [2020202020202020202020202020202073657454696d656f757428] [*] [a] > LibClamAV debug: 1: [776e642e6c6f636174696f6e] [*] [a] > LibClamAV debug: 2: [77696e646f773b] [*] [a] > LibClamAV debug: 3: [202020202020202076617220706c7320] [*] [a] > LibClamAV debug: 4: [20202020202020206d656d5f666c616720] [*] [a] > LibClamAV debug: 5: [2c2031353030293b7d20656c73657b205052797974344f337776677a2831293b7d] [*] [a] > LibClamAV debug: 6: [2020202020202020207d206361746368286529207b207d] [*] [a] > LibClamAV debug: 7: [206d656d5f666c616729204a503752584c79457528293b] [*] [a] > LibClamAV debug: 8: [2030783430303030303b] [*] [a] > LibClamAV debug: 9: [2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d] [*] [a] > LibClamAV debug: 10: [202020202020202068656170426c6f636b7320] [*] [a] > LibClamAV debug: 11: [202020202020202072657475726e206d6d3b] [*] [a] > LibClamAV debug: 12: [30783338293b] [*] [a] > LibClamAV debug: 13: [20202020202020206828293b] [*] [a] > LibClamAV debug: 14: [206765746228622c6253697a65293b] [*] [a] > LibClamAV debug: 15: [67657466696c652e706870] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js_quicktime > LibClamAV debug: load_oneyara: attempting to load fragus_js_vml > LibClamAV debug: load_oneyara: generic string: [ 0x100000;] => [2030783130303030303b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ var gg ] => [20202020202020202020202076617220676720] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [/g, document.getElementById('divid').innerHTML));] => [2f672c20646f63756d656e742e676574456c656d656e74427949642827646976696427292e696e6e657248544d4c29293b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ var sss ] => [20202020202020202020202020202020202020202020202020202020202020207661722073737320] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ }] => [202020202020202020202020202020207d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ document.body.appendChild(obj);] => [202020202020202020202020202020202020202020202020646f63756d656e742e626f64792e617070656e644368696c64286f626a293b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ var hbs ] => [20202020202020202020202020202020202020202020202020202020202020207661722068627320] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ shcode; }] => [207368636f64653b207d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ '<div id] => [20273c646976206964] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ hbs - (shcode.length] => [20686273202d20287368636f64652e6c656e677468] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [){ m[i] ] => [297b206d5b695d20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ unescape(gg);] => [20756e657363617065286767293b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ var z ] => [2020202020202020202020202020202020202020202020202020202020202020766172207a20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ var hb ] => [202020202020202020202020202020202020202020202020202020202020202076617220686220] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ Math.ceil('0'] => [204d6174682e6365696c28273027] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [2030783130303030303b] [*] [a] > LibClamAV debug: 1: [20202020202020202020202076617220676720] [*] [a] > LibClamAV debug: 2: [2f672c20646f63756d656e742e676574456c656d656e74427949642827646976696427292e696e6e657248544d4c29293b] [*] [a] > LibClamAV debug: 3: [20202020202020202020202020202020202020202020202020202020202020207661722073737320] [*] [a] > LibClamAV debug: 4: [202020202020202020202020202020207d] [*] [a] > LibClamAV debug: 5: [202020202020202020202020202020202020202020202020646f63756d656e742e626f64792e617070656e644368696c64286f626a293b] [*] [a] > LibClamAV debug: 6: [20202020202020202020202020202020202020202020202020202020202020207661722068627320] [*] [a] > LibClamAV debug: 7: [207368636f64653b207d] [*] [a] > LibClamAV debug: 8: [20273c646976206964] [*] [a] > LibClamAV debug: 9: [20686273202d20287368636f64652e6c656e677468] [*] [a] > LibClamAV debug: 10: [297b206d5b695d20] [*] [a] > LibClamAV debug: 11: [20756e657363617065286767293b] [*] [a] > LibClamAV debug: 12: [2020202020202020202020202020202020202020202020202020202020202020766172207a20] [*] [a] > LibClamAV debug: 13: [202020202020202020202020202020202020202020202020202020202020202076617220686220] [*] [a] > LibClamAV debug: 14: [204d6174682e6365696c28273027] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js_vml > LibClamAV debug: cli_loadyara: loaded 7 of 7 yara signatures from /var/lib/clamav/EK_Fragus.yar > LibClamAV debug: /var/lib/clamav/EK_Fragus.yar loaded > LibClamAV debug: load_oneyara: attempting to load zeroaccess_css > LibClamAV debug: load_oneyara: generic string: [close-mail{right:130px ] => [636c6f73652d6d61696c7b72696768743a313330707820] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ccc;box-shadow:0 0 5px 1px ] => [6363633b626f782d736861646f773a302030203570782031707820] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [757575;border-bottom:1px solid ] => [3735373537353b626f726465722d626f74746f6d3a31707820736f6c696420] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [777;height:1.8em;line-height:1.9em;display:block;float:left;padding:1px 15px;margin:0;text-shadow:-1] => [3737373b6865696768743a312e38656d3b6c696e652d6865696768743a312e39656d3b646973706c61793a626c6f636b3b666c6f61743a6c6566743b70616464696e673a31707820313570783b6d617267696e3a303b746578742d736861646f773a2d31] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [C4C4C4;}] => [4334433443343b7d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [999;-webkit-box-shadow:0 0 3px ] => [3939393b2d7765626b69742d626f782d736861646f773a3020302033707820] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [header div.service-links ul{display:inline;margin:10px 0 0;}] => [686561646572206469762e736572766963652d6c696e6b7320756c7b646973706c61793a696e6c696e653b6d617267696e3a31307078203020303b7d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [t div h2.title{padding:0;margin:0;}.box5-condition-news h2.pane-title{display:block;margin:0 0 9px;p] => [74206469762068322e7469746c657b70616464696e673a303b6d617267696e3a303b7d2e626f78352d636f6e646974696f6e2d6e6577732068322e70616e652d7469746c657b646973706c61793a626c6f636b3b6d617267696e3a302030203970783b70] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [footer div.comp-info p{color:] => [666f6f746572206469762e636f6d702d696e666f20707b636f6c6f723a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [pcmi-listing-center .full-page-listing{width:490px;}] => [70636d692d6c697374696e672d63656e746572202e66756c6c2d706167652d6c697374696e677b77696474683a34393070783b7d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [pcmi-content-top .photo img,] => [70636d692d636f6e74656e742d746f70202e70686f746f20696d672c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [333;}div.tfw-header a var{display:inline-block;margin:0;line-height:20px;height:20px;width:120px;bac] => [3333333b7d6469762e7466772d6865616465722061207661727b646973706c61793a696e6c696e652d626c6f636b3b6d617267696e3a303b6c696e652d6865696768743a323070783b6865696768743a323070783b77696474683a31323070783b626163] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ay:none;text-decoration:none;outline:none;padding:4px;text-align:center;font-size:9px;color:] => [61793a6e6f6e653b746578742d6465636f726174696f6e3a6e6f6e653b6f75746c696e653a6e6f6e653b70616464696e673a3470783b746578742d616c69676e3a63656e7465723b666f6e742d73697a653a3970783b636f6c6f723a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [333;}body.page-videoplayer div] => [3333333b7d626f64792e706167652d766964656f706c6179657220646976] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [373737;position:relative;}body.node-type-video div] => [3337333733373b706f736974696f6e3a72656c61746976653b7d626f64792e6e6f64652d747970652d766964656f20646976] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [pcmi-content-sidebara,.page-error-page ] => [70636d692d636f6e74656e742d73696465626172612c2e706167652d6572726f722d7061676520] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [fff;text-decoration:none;}] => [6666663b746578742d6465636f726174696f6e3a6e6f6e653b7d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [qtabs-list li a,] => [71746162732d6c697374206c6920612c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [cdn2.dailyrx.com] => [63646e322e6461696c7972782e636f6d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [636c6f73652d6d61696c7b72696768743a313330707820] [*] [a] > LibClamAV debug: 1: [6363633b626f782d736861646f773a302030203570782031707820] [*] [a] > LibClamAV debug: 2: [3735373537353b626f726465722d626f74746f6d3a31707820736f6c696420] [*] [a] > LibClamAV debug: 3: [3737373b6865696768743a312e38656d3b6c696e652d6865696768743a312e39656d3b646973706c61793a626c6f636b3b666c6f61743a6c6566743b70616464696e673a31707820313570783b6d617267696e3a303b746578742d736861646f773a2d31] [*] [a] > LibClamAV debug: 4: [4334433443343b7d] [*] [a] > LibClamAV debug: 5: [3939393b2d7765626b69742d626f782d736861646f773a3020302033707820] [*] [a] > LibClamAV debug: 6: [686561646572206469762e736572766963652d6c696e6b7320756c7b646973706c61793a696e6c696e653b6d617267696e3a31307078203020303b7d] [*] [a] > LibClamAV debug: 7: [74206469762068322e7469746c657b70616464696e673a303b6d617267696e3a303b7d2e626f78352d636f6e646974696f6e2d6e6577732068322e70616e652d7469746c657b646973706c61793a626c6f636b3b6d617267696e3a302030203970783b70] [*] [a] > LibClamAV debug: 8: [666f6f746572206469762e636f6d702d696e666f20707b636f6c6f723a] [*] [a] > LibClamAV debug: 9: [70636d692d6c697374696e672d63656e746572202e66756c6c2d706167652d6c697374696e677b77696474683a34393070783b7d] [*] [a] > LibClamAV debug: 10: [70636d692d636f6e74656e742d746f70202e70686f746f20696d672c] [*] [a] > LibClamAV debug: 11: [3333333b7d6469762e7466772d6865616465722061207661727b646973706c61793a696e6c696e652d626c6f636b3b6d617267696e3a303b6c696e652d6865696768743a323070783b6865696768743a323070783b77696474683a31323070783b626163] [*] [a] > LibClamAV debug: 12: [61793a6e6f6e653b746578742d6465636f726174696f6e3a6e6f6e653b6f75746c696e653a6e6f6e653b70616464696e673a3470783b746578742d616c69676e3a63656e7465723b666f6e742d73697a653a3970783b636f6c6f723a] [*] [a] > LibClamAV debug: 13: [3333333b7d626f64792e706167652d766964656f706c6179657220646976] [*] [a] > LibClamAV debug: 14: [3337333733373b706f736974696f6e3a72656c61746976653b7d626f64792e6e6f64652d747970652d766964656f20646976] [*] [a] > LibClamAV debug: 15: [70636d692d636f6e74656e742d73696465626172612c2e706167652d6572726f722d7061676520] [*] [a] > LibClamAV debug: 16: [6666663b746578742d6465636f726174696f6e3a6e6f6e653b7d] [*] [a] > LibClamAV debug: 17: [71746162732d6c697374206c6920612c] [*] [a] > LibClamAV debug: 18: [63646e322e6461696c7972782e636f6d] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_css > LibClamAV debug: load_oneyara: attempting to load zeroaccess_css2 > LibClamAV debug: load_oneyara: generic string: [er div.panel-hide{display:block;position:absolute;z-index:200;margin-top:-1.5em;}div.panel-pane div.] => [6572206469762e70616e656c2d686964657b646973706c61793a626c6f636b3b706f736974696f6e3a6162736f6c7574653b7a2d696e6465783a3230303b6d617267696e2d746f703a2d312e35656d3b7d6469762e70616e656c2d70616e65206469762e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ve.gif) right center no-repeat;}div.ctools-ajaxing{float:left;width:18px;background:url(http://cdn3.] => [76652e676966292072696768742063656e746572206e6f2d7265706561743b7d6469762e63746f6f6c732d616a6178696e677b666c6f61743a6c6566743b77696474683a313870783b6261636b67726f756e643a75726c28687474703a2f2f63646e332e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [cdn2.dailyrx.com] => [63646e322e6461696c7972782e636f6d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [efefef;margin:5px 0 5px 0;}] => [6566656665663b6d617267696e3a35707820302035707820303b7d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [node{margin:0;padding:0;}div.panel-pane div.feed a{float:right;}] => [6e6f64657b6d617267696e3a303b70616464696e673a303b7d6469762e70616e656c2d70616e65206469762e6665656420617b666c6f61743a72696768743b7d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [:0 5px 0 0;float:left;}div.tweets-pulled-listing div.tweet-authorphoto img{max-height:40px;max-width] => [3a3020357078203020303b666c6f61743a6c6566743b7d6469762e7477656574732d70756c6c65642d6c697374696e67206469762e74776565742d617574686f7270686f746f20696d677b6d61782d6865696768743a343070783b6d61782d7769647468] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [i a{color:] => [6920617b636f6c6f723a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [:bold;}div.tweets-pulled-listing .tweet-time a{color:silver;}div.tweets-pulled-listing div.tweet-di] => [3a626f6c643b7d6469762e7477656574732d70756c6c65642d6c697374696e67202e74776565742d74696d6520617b636f6c6f723a73696c7665723b7d6469762e7477656574732d70756c6c65642d6c697374696e6720206469762e74776565742d6469] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [div.panel-pane div.admin-links{font-size:xx-small;margin-right:1em;}div.panel-pane div.admin-links l] => [6469762e70616e656c2d70616e65206469762e61646d696e2d6c696e6b737b666f6e742d73697a653a78782d736d616c6c3b6d617267696e2d72696768743a31656d3b7d6469762e70616e656c2d70616e65206469762e61646d696e2d6c696e6b73206c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [div.tweets-pulled-listing ul{list-style:none;}div.tweets-pulled-listing div.tweet-authorphoto{margin] => [6469762e7477656574732d70756c6c65642d6c697374696e6720756c7b6c6973742d7374796c653a6e6f6e653b7d6469762e7477656574732d70756c6c65642d6c697374696e67206469762e74776565742d617574686f7270686f746f7b6d617267696e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FFFFDD none repeat scroll 0 0;border:1px solid ] => [464646464444206e6f6e6520726570656174207363726f6c6c203020303b626f726465723a31707820736f6c696420] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [vider{clear:left;border-bottom:1px solid ] => [76696465727b636c6561723a6c6566743b626f726465722d626f74746f6d3a31707820736f6c696420] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [6572206469762e70616e656c2d686964657b646973706c61793a626c6f636b3b706f736974696f6e3a6162736f6c7574653b7a2d696e6465783a3230303b6d617267696e2d746f703a2d312e35656d3b7d6469762e70616e656c2d70616e65206469762e] [*] [a] > LibClamAV debug: 1: [76652e676966292072696768742063656e746572206e6f2d7265706561743b7d6469762e63746f6f6c732d616a6178696e677b666c6f61743a6c6566743b77696474683a313870783b6261636b67726f756e643a75726c28687474703a2f2f63646e332e] [*] [a] > LibClamAV debug: 2: [63646e322e6461696c7972782e636f6d] [*] [a] > LibClamAV debug: 3: [6566656665663b6d617267696e3a35707820302035707820303b7d] [*] [a] > LibClamAV debug: 4: [6e6f64657b6d617267696e3a303b70616464696e673a303b7d6469762e70616e656c2d70616e65206469762e6665656420617b666c6f61743a72696768743b7d] [*] [a] > LibClamAV debug: 5: [3a3020357078203020303b666c6f61743a6c6566743b7d6469762e7477656574732d70756c6c65642d6c697374696e67206469762e74776565742d617574686f7270686f746f20696d677b6d61782d6865696768743a343070783b6d61782d7769647468] [*] [a] > LibClamAV debug: 6: [6920617b636f6c6f723a] [*] [a] > LibClamAV debug: 7: [3a626f6c643b7d6469762e7477656574732d70756c6c65642d6c697374696e67202e74776565742d74696d6520617b636f6c6f723a73696c7665723b7d6469762e7477656574732d70756c6c65642d6c697374696e6720206469762e74776565742d6469] [*] [a] > LibClamAV debug: 8: [6469762e70616e656c2d70616e65206469762e61646d696e2d6c696e6b737b666f6e742d73697a653a78782d736d616c6c3b6d617267696e2d72696768743a31656d3b7d6469762e70616e656c2d70616e65206469762e61646d696e2d6c696e6b73206c] [*] [a] > LibClamAV debug: 9: [6469762e7477656574732d70756c6c65642d6c697374696e6720756c7b6c6973742d7374796c653a6e6f6e653b7d6469762e7477656574732d70756c6c65642d6c697374696e67206469762e74776565742d617574686f7270686f746f7b6d617267696e] [*] [a] > LibClamAV debug: 10: [464646464444206e6f6e6520726570656174207363726f6c6c203020303b626f726465723a31707820736f6c696420] [*] [a] > LibClamAV debug: 11: [76696465727b636c6561723a6c6566743b626f726465722d626f74746f6d3a31707820736f6c696420] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_css2 > LibClamAV debug: load_oneyara: attempting to load zeroaccess_htm > LibClamAV debug: load_oneyara: generic string: [screen.height:] => [73637265656e2e6865696768743a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [</script></head><body onload] => [3c2f7363726970743e3c2f686561643e3c626f6479206f6e6c6f6164] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Fx0ZAQRKXUVgbh0qNDRJVxYwGg4tGh8aHQoAVQQSNyo0NElXFjAaDi0NFQYESl1FBBNnTFoSPiBmADwnPTQxPSdKWUUEE2UcGR0z] => [4678305a4151524b58555667626830714e44524a56785977476734744768386148516f41565151534e796f304e456c58466a41614469304e46515945536c314642424e6e54466f535069426d4144776e505451785053644b57555545453255634752307a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0);-10<b] => [30293b2d31303c62] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [function fl(){var a] => [66756e6374696f6e20666c28297b7661722061] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [0);else if(navigator.mimeTypes] => [30293b656c7365206966286e6176696761746f722e6d696d655479706573] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [);b.href] => [293b622e68726566] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [/presults.jsp] => [2f70726573756c74732e6a7370] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [128.164.107.221] => [3132382e3136342e3130372e323231] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [)[0].clientWidth] => [295b305d2e636c69656e745769647468] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [presults.jsp] => [70726573756c74732e6a7370] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [:escape(c),e] => [3a6573636170652863292c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [navigator.plugins.length)navigator.plugins[] => [6e6176696761746f722e706c7567696e732e6c656e677468296e6176696761746f722e706c7567696e735b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [window;d] => [77696e646f773b64] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [gr(),j] => [677228292c6a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [VIEWPORT] => [56494557504f5254] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FQV2D0ZAH1VGDxgZVg9COwYCAwkcTzAcBxscBFoKAAMHUFVuWF5EVVYVdVtUR18bA1QdAU8HQjgeUFYeAEZ4SBEcEk1FTxsdUlVA] => [4651563244305a41483156474478675a566739434f77594341776b63547a41634278736342466f4b41414d4855465675574635455656595664567455523138624131516441553848516a67655546596541455a3453424563456b314654787364556c5641] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [73637265656e2e6865696768743a] [*] [a] > LibClamAV debug: 1: [3c2f7363726970743e3c2f686561643e3c626f6479206f6e6c6f6164] [*] [a] > LibClamAV debug: 2: [4678305a4151524b58555667626830714e44524a56785977476734744768386148516f41565151534e796f304e456c58466a41614469304e46515945536c314642424e6e54466f535069426d4144776e505451785053644b57555545453255634752307a] [*] [a] > LibClamAV debug: 3: [30293b2d31303c62] [*] [a] > LibClamAV debug: 4: [66756e6374696f6e20666c28297b7661722061] [*] [a] > LibClamAV debug: 5: [30293b656c7365206966286e6176696761746f722e6d696d655479706573] [*] [a] > LibClamAV debug: 6: [293b622e68726566] [*] [a] > LibClamAV debug: 7: [2f70726573756c74732e6a7370] [*] [a] > LibClamAV debug: 8: [3132382e3136342e3130372e323231] [*] [a] > LibClamAV debug: 9: [295b305d2e636c69656e745769647468] [*] [a] > LibClamAV debug: 10: [70726573756c74732e6a7370] [*] [a] > LibClamAV debug: 11: [3a6573636170652863292c65] [*] [a] > LibClamAV debug: 12: [6e6176696761746f722e706c7567696e732e6c656e677468296e6176696761746f722e706c7567696e735b] [*] [a] > LibClamAV debug: 13: [77696e646f773b64] [*] [a] > LibClamAV debug: 14: [677228292c6a] [*] [a] > LibClamAV debug: 15: [56494557504f5254] [*] [a] > LibClamAV debug: 16: [4651563244305a41483156474478675a566739434f77594341776b63547a41634278736342466f4b41414d4855465675574635455656595664567455523138624131516441553848516a67655546596541455a3453424563456b314654787364556c5641] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_htm > LibClamAV debug: load_oneyara: attempting to load zeroaccess_js > LibClamAV debug: load_oneyara: generic string: [Square ad tag (tile] => [5371756172652061642074616720202874696c65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ adRandNum ] => [2020616452616e644e756d20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ cellspacing] => [2063656c6c73706163696e67] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [\n//-->\n</script>] => [5c6e2f2f2d2d3e5c6e3c2f7363726970743e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [format] => [666f726d6174] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [//-->' ] => [2f2f2d2d3e2720] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [2287974446] => [32323837393734343436] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [NoScrBeg ] => [4e6f53637242656720] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [-- start adblade -->' ] => [2d2d207374617274206164626c616465202d2d3e2720] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [3427054556] => [33343237303534353536] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ while (i >] => [20202020202020207768696c65202869203e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [return '<table width] => [72657475726e20273c7461626c65207769647468] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [</scr' ] => [3c2f7363722720] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ s.substring(0, i] => [20732e737562737472696e6728302c2069] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ /></a></noscript>' ] => [202f3e3c2f613e3c2f6e6f7363726970743e2720] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ else { isEmail ] => [20202020656c7365207b206973456d61696c20] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [).submit();] => [292e7375626d697428293b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [ border] => [20626f72646572] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [pub-8301011321395982] => [7075622d38333031303131333231333935393832] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [5371756172652061642074616720202874696c65] [*] [a] > LibClamAV debug: 1: [2020616452616e644e756d20] [*] [a] > LibClamAV debug: 2: [2063656c6c73706163696e67] [*] [a] > LibClamAV debug: 3: [5c6e2f2f2d2d3e5c6e3c2f7363726970743e] [*] [a] > LibClamAV debug: 4: [666f726d6174] [*] [a] > LibClamAV debug: 5: [2f2f2d2d3e2720] [*] [a] > LibClamAV debug: 6: [32323837393734343436] [*] [a] > LibClamAV debug: 7: [4e6f53637242656720] [*] [a] > LibClamAV debug: 8: [2d2d207374617274206164626c616465202d2d3e2720] [*] [a] > LibClamAV debug: 9: [33343237303534353536] [*] [a] > LibClamAV debug: 10: [20202020202020207768696c65202869203e] [*] [a] > LibClamAV debug: 11: [72657475726e20273c7461626c65207769647468] [*] [a] > LibClamAV debug: 12: [3c2f7363722720] [*] [a] > LibClamAV debug: 13: [20732e737562737472696e6728302c2069] [*] [a] > LibClamAV debug: 14: [202f3e3c2f613e3c2f6e6f7363726970743e2720] [*] [a] > LibClamAV debug: 15: [20202020656c7365207b206973456d61696c20] [*] [a] > LibClamAV debug: 16: [292e7375626d697428293b] [*] [a] > LibClamAV debug: 17: [20626f72646572] [*] [a] > LibClamAV debug: 18: [7075622d38333031303131333231333935393832] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_js > LibClamAV debug: load_oneyara: attempting to load zeroaccess_js2 > LibClamAV debug: load_oneyara: generic string: [ApiClientConfig] => [417069436c69656e74436f6e666967] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [function/.test(pa.toString())] => [66756e6374696f6e2f2e746573742870612e746f537472696e67282929] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [background-image:url(http:\/\/static.ak.fbcdn.net\/rsrc.php\/v2\/y6\/x\/s816eWC-2sl.gif)}] => [6261636b67726f756e642d696d6167653a75726c28687474703a5c2f5c2f7374617469632e616b2e666263646e2e6e65745c2f727372632e7068705c2f76325c2f79365c2f785c2f733831366557432d32736c2e676966297d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [Music.init] => [4d757369632e696e6974] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [',header:'bool',recommendations:'bool',site:'hostname'},create_event_button:{},degrees:{href:'url'},] => [272c6865616465723a27626f6f6c272c7265636f6d6d656e646174696f6e733a27626f6f6c272c736974653a27686f73746e616d65277d2c6372656174655f6576656e745f627574746f6e3a7b7d2c646567726565733a7b687265663a2775726c277d2c] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [cca6477272fc5cb805f85a84f20fca1d] => [6363613634373732373266633563623830356638356138346632306663613164] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [document.createElement('form');c.action] => [646f63756d656e742e637265617465456c656d656e742827666f726d27293b632e616374696f6e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [javascript:false] => [6a6176617363726970743a66616c7365] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [s.onMessage){j.error('An instance without whenReady or onMessage makes no sense');throw new Error('A] => [732e6f6e4d657373616765297b6a2e6572726f722827416e20696e7374616e636520776974686f7574207768656e5265616479206f72206f6e4d657373616765206d616b6573206e6f2073656e736527293b7468726f77206e6577204572726f72282741] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [NaN;}else h] => [4e614e3b7d656c73652068] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [sprintf] => [737072696e7466] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [window,j] => [77696e646f772c6a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [o.getUserID(),da] => [6f2e67657455736572494428292c6461] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [FB.Runtime.getLoginStatus();if(b] => [46422e52756e74696d652e6765744c6f67696e53746174757328293b69662862] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [)');k.toString] => [2927293b6b2e746f537472696e67] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [rovide('XFBML.Send',{Dimensions:{width:80,height:25}});] => [726f7669646528275846424d4c2e53656e64272c7b44696d656e73696f6e733a7b77696474683a38302c6865696768743a32357d7d293b] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [{log:i};e.exports] => [7b6c6f673a697d3b652e6578706f727473] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [a;FB.api('/fql','GET',f,function(g){if(g.error){ES5(ES5('Object','keys',false,b),'forEach',true,func] => [613b46422e61706928272f66716c272c27474554272c662c66756e6374696f6e2867297b696628672e6572726f72297b4553352845533528274f626a656374272c276b657973272c66616c73652c62292c27666f7245616368272c747275652c66756e63] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [true;}}var ia] => [747275653b7d7d766172206961] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [417069436c69656e74436f6e666967] [*] [a] > LibClamAV debug: 1: [66756e6374696f6e2f2e746573742870612e746f537472696e67282929] [*] [a] > LibClamAV debug: 2: [6261636b67726f756e642d696d6167653a75726c28687474703a5c2f5c2f7374617469632e616b2e666263646e2e6e65745c2f727372632e7068705c2f76325c2f79365c2f785c2f733831366557432d32736c2e676966297d] [*] [a] > LibClamAV debug: 3: [4d757369632e696e6974] [*] [a] > LibClamAV debug: 4: [272c6865616465723a27626f6f6c272c7265636f6d6d656e646174696f6e733a27626f6f6c272c736974653a27686f73746e616d65277d2c6372656174655f6576656e745f627574746f6e3a7b7d2c646567726565733a7b687265663a2775726c277d2c] [*] [a] > LibClamAV debug: 5: [6363613634373732373266633563623830356638356138346632306663613164] [*] [a] > LibClamAV debug: 6: [646f63756d656e742e637265617465456c656d656e742827666f726d27293b632e616374696f6e] [*] [a] > LibClamAV debug: 7: [6a6176617363726970743a66616c7365] [*] [a] > LibClamAV debug: 8: [732e6f6e4d657373616765297b6a2e6572726f722827416e20696e7374616e636520776974686f7574207768656e5265616479206f72206f6e4d657373616765206d616b6573206e6f2073656e736527293b7468726f77206e6577204572726f72282741] [*] [a] > LibClamAV debug: 9: [4e614e3b7d656c73652068] [*] [a] > LibClamAV debug: 10: [737072696e7466] [*] [a] > LibClamAV debug: 11: [77696e646f772c6a] [*] [a] > LibClamAV debug: 12: [6f2e67657455736572494428292c6461] [*] [a] > LibClamAV debug: 13: [46422e52756e74696d652e6765744c6f67696e53746174757328293b69662862] [*] [a] > LibClamAV debug: 14: [2927293b6b2e746f537472696e67] [*] [a] > LibClamAV debug: 15: [726f7669646528275846424d4c2e53656e64272c7b44696d656e73696f6e733a7b77696474683a38302c6865696768743a32357d7d293b] [*] [a] > LibClamAV debug: 16: [7b6c6f673a697d3b652e6578706f727473] [*] [a] > LibClamAV debug: 17: [613b46422e61706928272f66716c272c27474554272c662c66756e6374696f6e2867297b696628672e6572726f72297b4553352845533528274f626a656374272c276b657973272c66616c73652c62292c27666f7245616368272c747275652c66756e63] [*] [a] > LibClamAV debug: 18: [747275653b7d7d766172206961] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_js2 > LibClamAV debug: load_oneyara: attempting to load zeroaccess_js3 > LibClamAV debug: load_oneyara: generic string: [document.createDocumentFragment();img.src] => [646f63756d656e742e637265617465446f63756d656e74467261676d656e7428293b696d672e737263] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [typeOf(events)] => [747970654f66286576656e747329] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [var i,x,y,ARRcookies] => [76617220692c782c792c415252636f6f6b696573] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [callbacks.length;j<l;j] => [63616c6c6261636b732e6c656e6774683b6a3c6c3b6a] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [encodeURIComponent(value);if(options.domain)value] => [656e636f6465555249436f6d706f6e656e742876616c7565293b6966286f7074696f6e732e646f6d61696e2976616c7565] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [event,HG.components.get('windowEvent_'] => [6576656e742c48472e636f6d706f6e656e74732e676574282777696e646f774576656e745f27] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: ['read'in Cookie){return Cookie.read(c_name);}] => [277265616427696e20436f6f6b6965297b72657475726e20436f6f6b69652e7265616428635f6e616d65293b7d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [item;},get:function(name,def){return HG.components.exists(name)] => [6974656d3b7d2c6765743a66756e6374696f6e286e616d652c646566297b72657475726e2048472e636f6d706f6e656e74732e657869737473286e616d6529] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [){window.addEvent(windowEvents[i],function(){var callbacks] => [297b77696e646f772e6164644576656e742877696e646f774576656e74735b695d2c66756e6374696f6e28297b7661722063616c6c6261636b73] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [reunload:function(callback){HG.events.add('beforeunload',callback);},add:function(event,callback){HG] => [7265756e6c6f61643a66756e6374696f6e2863616c6c6261636b297b48472e6576656e74732e61646428276265666f7265756e6c6f6164272c63616c6c6261636b293b7d2c6164643a66756e6374696f6e286576656e742c63616c6c6261636b297b4847] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [name){if(HG.components.exists(name)){delete HG.componentList[name];}}},util:{uuid:function(){return'] => [6e616d65297b69662848472e636f6d706f6e656e74732e657869737473286e616d6529297b64656c6574652048472e636f6d706f6e656e744c6973745b6e616d655d3b7d7d7d2c7574696c3a7b757569643a66756e6374696f6e28297b72657475726e27] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [window.HG] => [77696e646f772e4847] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [x.replace(/] => [782e7265706c616365282f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [encodeURIComponent(this.attr[key]));}] => [656e636f6465555249436f6d706f6e656e7428746869732e617474725b6b65795d29293b7d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [options.domain;if(options.path)value] => [6f7074696f6e732e646f6d61696e3b6966286f7074696f6e732e706174682976616c7565] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [this.page_sid;this.attr.user_sid] => [746869732e706167655f7369643b746869732e617474722e757365725f736964] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [646f63756d656e742e637265617465446f63756d656e74467261676d656e7428293b696d672e737263] [*] [a] > LibClamAV debug: 1: [747970654f66286576656e747329] [*] [a] > LibClamAV debug: 2: [76617220692c782c792c415252636f6f6b696573] [*] [a] > LibClamAV debug: 3: [63616c6c6261636b732e6c656e6774683b6a3c6c3b6a] [*] [a] > LibClamAV debug: 4: [656e636f6465555249436f6d706f6e656e742876616c7565293b6966286f7074696f6e732e646f6d61696e2976616c7565] [*] [a] > LibClamAV debug: 5: [6576656e742c48472e636f6d706f6e656e74732e676574282777696e646f774576656e745f27] [*] [a] > LibClamAV debug: 6: [277265616427696e20436f6f6b6965297b72657475726e20436f6f6b69652e7265616428635f6e616d65293b7d] [*] [a] > LibClamAV debug: 7: [6974656d3b7d2c6765743a66756e6374696f6e286e616d652c646566297b72657475726e2048472e636f6d706f6e656e74732e657869737473286e616d6529] [*] [a] > LibClamAV debug: 8: [297b77696e646f772e6164644576656e742877696e646f774576656e74735b695d2c66756e6374696f6e28297b7661722063616c6c6261636b73] [*] [a] > LibClamAV debug: 9: [7265756e6c6f61643a66756e6374696f6e2863616c6c6261636b297b48472e6576656e74732e61646428276265666f7265756e6c6f6164272c63616c6c6261636b293b7d2c6164643a66756e6374696f6e286576656e742c63616c6c6261636b297b4847] [*] [a] > LibClamAV debug: 10: [6e616d65297b69662848472e636f6d706f6e656e74732e657869737473286e616d6529297b64656c6574652048472e636f6d706f6e656e744c6973745b6e616d655d3b7d7d7d2c7574696c3a7b757569643a66756e6374696f6e28297b72657475726e27] [*] [a] > LibClamAV debug: 11: [77696e646f772e4847] [*] [a] > LibClamAV debug: 12: [782e7265706c616365282f] [*] [a] > LibClamAV debug: 13: [656e636f6465555249436f6d706f6e656e7428746869732e617474725b6b65795d29293b7d] [*] [a] > LibClamAV debug: 14: [6f7074696f6e732e646f6d61696e3b6966286f7074696f6e732e706174682976616c7565] [*] [a] > LibClamAV debug: 15: [746869732e706167655f7369643b746869732e617474722e757365725f736964] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_js3 > LibClamAV debug: load_oneyara: attempting to load zeroaccess_js4 > LibClamAV debug: load_oneyara: generic string: [).join(] => [292e6a6f696e28] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [JSON.stringify:function(o){if(o] => [4a534f4e2e737472696e676966793a66756e6374696f6e286f297b6966286f] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [){try{var a] => [297b7472797b7661722061] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [);return $.jqotecache[i]] => [293b72657475726e20242e6a716f746563616368655b695d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [o.getUTCFullYear(),hours] => [6f2e67657455544346756c6c5965617228292c686f757273] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [seconds] => [7365636f6e6473] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [')');};$.secureEvalJSON] => [272927293b7d3b242e7365637572654576616c4a534f4e] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [isFinite(n);},secondsToTime:function(sec_numb){sec_numb] => [697346696e697465286e293b7d2c7365636f6e6473546f54696d653a66756e6374696f6e287365635f6e756d62297b7365635f6e756d62] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [')');}else{throw new SyntaxError('Error parsing JSON, source is not valid.');}};$.quoteString] => [272927293b7d656c73657b7468726f77206e65772053796e7461784572726f7228274572726f722070617273696e67204a534f4e2c20736f75726365206973206e6f742076616c69642e27293b7d7d3b242e71756f7465537472696e67] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [o[name];var ret] => [6f5b6e616d655d3b76617220726574] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [a[m].substr(2)] => [615b6d5d2e737562737472283229] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [);if(d){return true;}}}catch(e){return false;}}] => [293b69662864297b72657475726e20747275653b7d7d7d63617463682865297b72657475726e2066616c73653b7d7d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [a.length;m<k;m] => [612e6c656e6774683b6d3c6b3b6d] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [if(parentClasses.length] => [696628706172656e74436c61737365732e6c656e677468] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [o.getUTCHours(),minutes] => [6f2e676574555443486f75727328292c6d696e75746573] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [$.jqote(e,d,t),$$] => [242e6a716f746528652c642c74292c2424] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [q.test(x)){e] => [712e74657374287829297b65] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: load_oneyara: generic string: [{};HGWidget.creator] => [7b7d3b48475769646765742e63726561746f72] > LibClamAV debug: STRING_IS_ASCII yes > LibClamAV debug: 0: [292e6a6f696e28] [*] [a] > LibClamAV debug: 1: [4a534f4e2e737472696e676966793a66756e6374696f6e286f297b6966286f] [*] [a] > LibClamAV debug: 2: [297b7472797b7661722061] [*] [a] > LibClamAV debug: 3: [293b72657475726e20242e6a716f746563616368655b695d] [*] [a] > LibClamAV debug: 4: [6f2e67657455544346756c6c5965617228292c686f757273] [*] [a] > LibClamAV debug: 5: [7365636f6e6473] [*] [a] > LibClamAV debug: 6: [272927293b7d3b242e7365637572654576616c4a534f4e] [*] [a] > LibClamAV debug: 7: [697346696e697465286e293b7d2c7365636f6e6473546f54696d653a66756e6374696f6e287365635f6e756d62297b7365635f6e756d62] [*] [a] > LibClamAV debug: 8: [272927293b7d656c73657b7468726f77206e65772053796e7461784572726f7228274572726f722070617273696e67204a534f4e2c20736f75726365206973206e6f742076616c69642e27293b7d7d3b242e71756f7465537472696e67] [*] [a] > LibClamAV debug: 9: [6f5b6e616d655d3b76617220726574] [*] [a] > LibClamAV debug: 10: [615b6d5d2e737562737472283229] [*] [a] > LibClamAV debug: 11: [293b69662864297b72657475726e20747275653b7d7d7d63617463682865297b72657475726e2066616c73653b7d7d] [*] [a] > LibClamAV debug: 12: [612e6c656e6774683b6d3c6b3b6d] [*] [a] > LibClamAV debug: 13: [696628706172656e74436c61737365732e6c656e677468] [*] [a] > LibClamAV debug: 14: [6f2e676574555443486f75727328292c6d696e75746573] [*] [a] > LibClamAV debug: 15: [242e6a716f746528652c642c74292c2424] [*] [a] > LibClamAV debug: 16: [712e74657374287829297b65] [*] [a] > LibClamAV debug: 17: [7b7d3b48475769646765742e63726561746f72] [*] [a] > LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_js4 > LibClamAV debug: cli_loadyara: loaded 7 of 7 yara signatures from /var/lib/clamav/EK_ZeroAcces.yar > LibClamAV debug: /var/lib/clamav/EK_ZeroAcces.yar loaded > LibClamAV debug: /var/lib/clamav/winnow_bad_cw.hdb loaded > LibClamAV debug: /var/lib/clamav/blurl.ndb loaded > LibClamAV debug: $$$$$$$$$$$$ YARA $$$$$$$$$$$$ > LibClamAV debug: #011Total Rules: 181 > LibClamAV debug: #011Rules Loaded: 181 > LibClamAV debug: #011Complex Conditions: 0 > LibClamAV debug: #011Malformed/Unsupported Rules: 0 > LibClamAV debug: #011Empty Rules: 0 > LibClamAV debug: $$$$$$$$$$$$ YARA $$$$$$$$$$$$ > LibClamAV debug: Stat()ing files in /var/lib/clamav > LibClamAV debug: Using filter for trie 0 > LibClamAV debug: Matcher[0]: GENERIC: AC sigs: 53177 (reloff: 9, absoff: 0) BM sigs: 209265 (reloff: 15, absoff: 222) PCREs: 434 (reloff: 0, absoff: 0) maxpatlen 2906 > LibClamAV debug: Using filter for trie 1 > LibClamAV debug: Matcher[1]: PE: AC sigs: 36829 (reloff: 5226, absoff: 0) BM sigs: 49370 (reloff: 45021, absoff: 4349) PCREs: 15 (reloff: 3, absoff: 0) maxpatlen 5584 > LibClamAV debug: Matcher[2]: OLE2: AC sigs: 3296 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 43 (reloff: 0, absoff: 1) maxpatlen 508 (ac_only mode) > LibClamAV debug: Matcher[3]: HTML: AC sigs: 87756 (reloff: 1, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 18 (reloff: 0, absoff: 0) maxpatlen 861 (ac_only mode) > LibClamAV debug: Using filter for trie 4 > LibClamAV debug: Matcher[4]: MAIL: AC sigs: 120141 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 608 (reloff: 0, absoff: 0) maxpatlen 344 (ac_only mode) > LibClamAV debug: Matcher[5]: GRAPHICS: AC sigs: 59 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 1 (reloff: 0, absoff: 0) maxpatlen 227 (ac_only mode) > LibClamAV debug: Matcher[6]: ELF: AC sigs: 540 (reloff: 34, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 400 (ac_only mode) > LibClamAV debug: Using filter for trie 7 > LibClamAV debug: Matcher[7]: ASCII: AC sigs: 19979 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 16 (reloff: 0, absoff: 2) maxpatlen 596 (ac_only mode) > LibClamAV debug: Matcher[8]: NOT USED: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) > LibClamAV debug: Matcher[9]: MACH-O: AC sigs: 976 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 147 (ac_only mode) > LibClamAV debug: Matcher[10]: PDF: AC sigs: 664 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 22 (reloff: 0, absoff: 0) maxpatlen 211 (ac_only mode) > LibClamAV debug: Matcher[11]: FLASH: AC sigs: 705 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 128 (ac_only mode) > LibClamAV debug: Matcher[12]: JAVA: AC sigs: 100 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 127 (ac_only mode) > LibClamAV debug: Matcher[13]: INTERNAL: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) > LibClamAV debug: Matcher[14]: OTHER: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) > LibClamAV debug: Building regex list > LibClamAV debug: Using filter for trie 0 > LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 > LibClamAV debug: Building regex list > LibClamAV debug: Using filter for trie 0 > LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 > LibClamAV debug: Dynamic engine configuration settings: > LibClamAV debug: -------------------------------------- > LibClamAV debug: Module PE: On > LibClamAV debug: * Submodule PARITE:#011On > LibClamAV debug: * Submodule KRIZ:#011On > LibClamAV debug: * Submodule MAGISTR:#011On > LibClamAV debug: * Submodule POLIPOS:#011On > LibClamAV debug: * Submodule MD5SECT:#011On > LibClamAV debug: * Submodule UPX:#011On > LibClamAV debug: * Submodule FSG:#011On > LibClamAV debug: * Submodule SWIZZOR:#011** Off ** > LibClamAV debug: * Submodule PETITE:#011On > LibClamAV debug: * Submodule PESPIN:#011On > LibClamAV debug: * Submodule YC:#011On > LibClamAV debug: * Submodule WWPACK:#011On > LibClamAV debug: * Submodule NSPACK:#011On > LibClamAV debug: * Submodule MEW:#011On > LibClamAV debug: * Submodule UPACK:#011On > LibClamAV debug: * Submodule ASPACK:#011On > LibClamAV debug: * Submodule CATALOG:#011On > LibClamAV debug: * Submodule CERTS:#011On > LibClamAV debug: * Submodule MATCHICON:#011On > LibClamAV debug: * Submodule IMPTBL:#011On > LibClamAV debug: Module ELF: On > LibClamAV debug: Module MACHO: On > LibClamAV debug: Module ARCHIVE: On > LibClamAV debug: * Submodule RAR:#011On > LibClamAV debug: * Submodule ZIP:#011On > LibClamAV debug: * Submodule GZIP:#011On > LibClamAV debug: * Submodule BZIP:#011On > LibClamAV debug: * Submodule ARJ:#011On > LibClamAV debug: * Submodule SZDD:#011On > LibClamAV debug: * Submodule CAB:#011On > LibClamAV debug: * Submodule CHM:#011On > LibClamAV debug: * Submodule OLE2:#011On > LibClamAV debug: * Submodule TAR:#011On > LibClamAV debug: * Submodule CPIO:#011On > LibClamAV debug: * Submodule BINHEX:#011On > LibClamAV debug: * Submodule SIS:#011On > LibClamAV debug: * Submodule NSIS:#011On > LibClamAV debug: * Submodule AUTOIT:#011On > LibClamAV debug: * Submodule ISHIELD:#011On > LibClamAV debug: * Submodule 7zip:#011On > LibClamAV debug: * Submodule ISO9660:#011On > LibClamAV debug: * Submodule DMG:#011On > LibClamAV debug: * Submodule XAR:#011On > LibClamAV debug: * Submodule HFSPLUS:#011On > LibClamAV debug: * Submodule XZ:#011On > LibClamAV debug: * Submodule PASSWD:#011On > LibClamAV debug: * Submodule MBR:#011On > LibClamAV debug: * Submodule GPT:#011On > LibClamAV debug: * Submodule APM:#011On > LibClamAV debug: Module DOCUMENT: On > LibClamAV debug: * Submodule HTML:#011On > LibClamAV debug: * Submodule RTF:#011On > LibClamAV debug: * Submodule PDF:#011On > LibClamAV debug: * Submodule SCRIPT:#011On > LibClamAV debug: * Submodule HTMLSKIPRAW:#011On > LibClamAV debug: * Submodule JSNORM:#011On > LibClamAV debug: * Submodule SWF:#011On > LibClamAV debug: * Submodule OOXML:#011On > LibClamAV debug: * Submodule MSPML:#011On > LibClamAV debug: * Submodule HWP:#011On > LibClamAV debug: Module MAIL: On > LibClamAV debug: * Submodule MBOX:#011On > LibClamAV debug: * Submodule TNEF:#011On > LibClamAV debug: Module OTHER: On > LibClamAV debug: * Submodule UUENCODED:#011On > LibClamAV debug: * Submodule SCRENC:#011On > LibClamAV debug: * Submodule RIFF:#011On > LibClamAV debug: * Submodule JPEG:#011On > LibClamAV debug: * Submodule CRYPTFF:#011On > LibClamAV debug: * Submodule DLP:#011On > LibClamAV debug: * Submodule MYDOOMLOG:#011On > LibClamAV debug: * Submodule PREFILTERING:#011On > LibClamAV debug: * Submodule PDFNAMEOBJ:#011On > LibClamAV debug: * Submodule PRTNINTXN:#011On > LibClamAV debug: * Submodule LZW:#011On > LibClamAV debug: Module PHISHING On > LibClamAV debug: * Submodule ENGINE:#011On > LibClamAV debug: * Submodule ENTCONV:#011On > LibClamAV debug: Module BYTECODE On > LibClamAV debug: * Submodule INTERPRETER:#011On > LibClamAV debug: * Submodule JIT X86:#011On > LibClamAV debug: * Submodule JIT PPC:#011On > LibClamAV debug: * Submodule JIT ARM:#011** Off ** > LibClamAV debug: Module STATS Off > LibClamAV debug: Module PCRE On > LibClamAV debug: * Submodule SUPPORT:#011On > LibClamAV debug: * Submodule OPTIONS:#011On > LibClamAV debug: * Submodule GLOBAL:#011On > LibClamAV debug: pool memory used: 865.757 MB > LibClamAV debug: environment detected: > LibClamAV debug: check_platform(0x0a215b5b, 0x08000000, 0x00080101) > LibClamAV debug: check_platform(0x0a 2 1 5b 5b,0x0 8 00 00 00,0x00 08 01 01) > LibClamAV debug: check_platform( OS CPU COM FL DCONF,BE PTR CXX VV.VV.VV, FLG CC VV.VV.VV) > LibClamAV debug: Engine version: 0.100.0 > LibClamAV debug: Host triple: > LibClamAV debug: Host CPU: > LibClamAV debug: OS: Linux > LibClamAV debug: OS release: 4.16.14-300.fc28.x86_64 > LibClamAV debug: OS version: #1 SMP Tue Jun 5 16:23:44 UTC 2018 > LibClamAV debug: OS hardware: x86_64 > LibClamAV debug: OS LLVM category: 0 > LibClamAV debug: Has JIT compiled: 0 > LibClamAV debug: ------------------------------------------------------ > LibClamAV debug: Bytecode: mode is 0 > LibClamAV debug: Loading trusted bytecode > LibClamAV debug: bytecode: Parsed 9 APIcalls, maxapi 74 > LibClamAV debug: unknown inst type: 96 > LibClamAV debug: unknown inst type: 67 > LibClamAV debug: unknown inst type: 67 > LibClamAV debug: Parsed 53 BBs, 226 instructions > LibClamAV debug: Parsed 1 functions > LibClamAV debug: Bytecode: BC_STARTUP running (builtin) > LibClamAV debug: Bytecode 0: executing in interpreter mode > LibClamAV debug: bytecode: registered ctx variable at 0x7f283126a3e0 (+256) id 6 > LibClamAV debug: bytecode: registered ctx variable at 0x7f283126a3cc (+2) id 2 > LibClamAV debug: bytecode: registered ctx variable at 0x7f283126a4e0 (+256) id 1 > LibClamAV debug: bytecode: registered ctx variable at 0x7f283126a3c8 (+4) id 5 > LibClamAV debug: bytecode: registered ctx variable at 0x7f283126a140 (+648) id 4 > LibClamAV debug: bytecode: registered ctx variable at 0x557da834f9b0 (+744) id 7 > LibClamAV debug: bytecode debug: startup: bytecode execution in auto mode > LibClamAV debug: interpreter bytecode run finished in 13us, after executing 96 opcodes > LibClamAV debug: Bytecode: disable status is 0 > LibClamAV debug: bytecode: JIT disabled > LibClamAV debug: Cannot prepare for JIT, LLVM is not compiled or not linked > LibClamAV debug: Bytecode: 0 bytecode prepared with JIT, 75 prepared with interpreter, 75 total > BlockMax heuristic detection disabled. > Received 0 file descriptor(s) from systemd.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1450887">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1590545
: 1450887