# Kernel Telemetry Analysis Automation

This notebook automates the process of executing malware samples in a controlled VM environment with kernel-level telemetry collection:
1. Restore VM to snapshot 35
2. Start the VM
3. Install kernel driver (install.bat)
4. Start GP driver service (sc start gp-driver)
5. Execute malware sample (already present in VM)
6. Terminate malware process
7. Process telemetry data (rename main.py.dll to main.py)
8. Run Python analysis script
9. Copy CSV results to shared folder

In [158]:
import os
import time
import subprocess
import itertools
import re
import shutil
import datetime

In [159]:
# Create necessary directories
os.system('mkdir -p [new]screenshots')
os.system('mkdir -p [new]kernel-telemetry-results')

0

In [160]:
# VM configuration
vm_name = 'windows11-clone Clone'  # Updated VM name
snapshot_no = 35  # Updated snapshot number

# Command templates
vm_open_cmd = f'vboxmanage startvm "{vm_name}"'
run_cmd = f'vboxmanage guestcontrol "{vm_name}" run --username wineleven --password therealtreasure -- '
run_cmd += '"C:\\Windows\\System32\\cmd.exe" "/c" '
copyfrom_cmd = f'vboxmanage guestcontrol "{vm_name}" --username wineleven --password therealtreasure copyfrom '

# Paths and directories
output_folder = '[new]kernel-telemetry-results'
hafidz_dir = 'C:\\Users\\wineleven\\Documents\\Hafidz\\'
shared_folder_path = "C:\\Users\\wineleven\\Desktop\\Shared"
z_drive = "Z:"

In [161]:
# Utility functions

def tstamp():
    """Get current timestamp in readable format."""
    t = time.time()
    return time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(t)) + ("%.3f" % (t % 1))[1:]

def check_output_t(command):
    """Execute command and return output."""
    ret = subprocess.check_output(command, shell=True)
    return ret

def run_vm_command(command, wait_time=2):
    """Execute command in VM and wait for completion."""
    full_cmd = run_cmd + f'"{command}"'
    print(f"[{tstamp()}] Executing: {command}")
    try:
        result = subprocess.run(full_cmd, shell=True, capture_output=True, text=True, timeout=60)
        if result.returncode != 0:
            print(f"Warning: Command failed with return code {result.returncode}")
            print(f"Error: {result.stderr}")
        time.sleep(wait_time)
        return result
    except subprocess.TimeoutExpired:
        print(f"Command timed out: {command}")
        return None

In [162]:
# VM operations

def restore(snap_no):
    """Restore VM to specified snapshot."""
    print(f"[{tstamp()}] Restoring snapshot {snap_no}")
    check_output_t(f'vboxmanage snapshot "{vm_name}" restore "Snapshot {snap_no}"')
    print(f"[{tstamp()}] Restoring snapshot {snap_no} done")

def shutdown_and_restore(snap_no):
    """Power off VM and restore to snapshot."""
    print(f"[{tstamp()}] Powering off VM")
    try:
        check_output_t(f'vboxmanage controlvm "{vm_name}" poweroff')
        print(f"[{tstamp()}] Powering off VM done")
    except:
        print('VM (probably) already off')
    time.sleep(3)
    restore(snap_no)

def start_vm():
    """Start the VM."""
    print(f"[{tstamp()}] Starting up VM")
    check_output_t(vm_open_cmd)
    print(f"[{tstamp()}] Starting up VM done")

def take_screenshot(filename):
    """Take a screenshot of the VM."""
    print(f"[{tstamp()}] Taking screenshot")
    os.system(f'vboxmanage controlvm "{vm_name}" screenshotpng [new]screenshots/{filename}.png')
    print(f"[{tstamp()}] Taking screenshot done")

In [163]:
# Kernel driver and telemetry operations

def install_kernel_driver():
    """Install kernel driver using install.bat."""
    print(f"[{tstamp()}] Installing kernel driver")
    # Change to Hafidz directory and run install.bat
    install_cmd = f"cd /d {hafidz_dir} && install.bat"
    run_vm_command(install_cmd, wait_time=3)
    print(f"[{tstamp()}] Kernel driver installation completed")

def start_gp_driver():
    """Start the GP driver service."""
    print(f"[{tstamp()}] Starting GP driver service")
    # Change to Hafidz directory and start service
    start_cmd = f"cd /d {hafidz_dir} && sc start gp-driver"
    run_vm_command(start_cmd, wait_time=3)
    print(f"[{tstamp()}] GP driver service started")
    
def process_alert_data(malware_family, malware_name):
    """Process alert data using IOCTL export-csv command."""
    print(f"[{tstamp()}] Processing alert data")
    print(f"Malware Family: {malware_family}")
    print(f"Malware Name: {malware_name}")
    
    timestamp = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
    original_alerts_filename = f"alerts_{timestamp}.csv"

    clean_malware_family = malware_family.split('\\')[-1]
    print(f"Clean Malware Family: {clean_malware_family}")
    
    clean_malware_name = malware_name.replace('.exe', '')
    print(f"Clean Malware Name: {clean_malware_name}")
    renamed_alerts_filename = f"alert_{clean_malware_family}_{clean_malware_name}.csv.dll"
    
    # Jalankan perintah export
    alert_cmd = (
        f'cd /d {hafidz_dir} && '
        f'IOCTL.exe export-csv {original_alerts_filename} alerts && '
        f'ren {original_alerts_filename} {renamed_alerts_filename} '
        f'copy {renamed_alerts_filename} {z_drive}'  # <- Tambahkan ini
    )

    run_vm_command(alert_cmd, wait_time=3)

    print(f"[{tstamp()}] Alert data processing completed - saved as {renamed_alerts_filename}")


def process_telemetry_data(malware_family, malware_name):
    """Process telemetry data: rename dll, run python script, convert CSV to DLL, copy DLL files."""
    print(f"[{tstamp()}] Processing telemetry data")
    print(f"Malware Family: {malware_family}")
    print(f"Malware Name: {malware_name}")

    # Nama file target berdasarkan format yang diinginkan
    clean_malware_family = malware_family.split('\\')[-1]
    print(f"Clean Malware Family: {clean_malware_family}")
    
    clean_malware_name = malware_name.replace('.exe', '')
    print(f"Clean Malware Name: {clean_malware_name}")
    new_name = f"registry_{clean_malware_family}_{clean_malware_name}.csv.dll"

    process_cmd = (
        f"cd /d {hafidz_dir} && "
        f"ren main.py.dll main.py && "
        f"python main.py && "
        f"for %f in (registry_data_*.csv) do ren \"%f\" \"{new_name}\" && "
        f"copy {new_name} {z_drive}"
    )

    run_vm_command(process_cmd, wait_time=3)

    print(f"[{tstamp()}] Telemetry data processing completed")


def copy_dll_results():
    """Copy DLL results from VM to host."""
    print(f"[{tstamp()}] Copying DLL results to host")

    # Search for DLL files in the shared folder (Z: drive maps to shared folder)
    dll_search_cmd = f"dir {z_drive}\\*.dll /b"

    try:
        result = run_vm_command(dll_search_cmd)
        if result and result.stdout:
            dll_files = result.stdout.strip().split('\n')

            for dll_file in dll_files:
                dll_file = dll_file.strip()
                if dll_file:  # Skip empty results
                    src_path = f"{z_drive}\\{dll_file}"
                    dst_path = f"{output_folder}/{dll_file}"

                    # Copy file from VM to host
                    copy_cmd = f'{copyfrom_cmd} "{src_path}" "{dst_path}"'
                    os.system(copy_cmd)
                    print(f"[{tstamp()}] Copied {dll_file} to {output_folder}")
    except Exception as e:
        print(f"[{tstamp()}] Error copying DLL files from VM: {e}")

    print(f"[{tstamp()}] DLL results copying from VM to host completed")

    # Copy DLL files from shared folder to final destination
    print(f"[{tstamp()}] Copying DLL results from sharedfolder to [NEW]DatasetHafidz")

    source_folder = "/home/markany-3/Documents/sharedfolder"
    destination_folder = "/home/markany-3/Documents/[NEW]DatasetHafidz"

    try:
        # Ensure destination folder exists
        os.makedirs(destination_folder, exist_ok=True)

        # Loop all DLL files and copy
        for filename in os.listdir(source_folder):
            if filename.lower().endswith(".dll"):
                src_path = os.path.join(source_folder, filename)
                dst_path = os.path.join(destination_folder, filename)

                shutil.copy2(src_path, dst_path)
                print(f"[{tstamp()}] Copied: {filename}")

    except Exception as e:
        print(f"[{tstamp()}] Error copying DLL files: {e}")

    print(f"[{tstamp()}] DLL results copying completed")

    # 🧹 Delete all files in Z: drive (inside VM)
    print(f"[{tstamp()}] Cleaning up Z: drive contents")
    try:
        cleanup_cmd = f'del /q {z_drive}\\*'
        run_vm_command(cleanup_cmd)
        print(f"[{tstamp()}] Z: drive cleanup completed")
    except Exception as e:
        print(f"[{tstamp()}] Error during Z: drive cleanup: {e}")


In [164]:
# Malware operations

def execute_malware(malware_path):
    print(f"[{tstamp()}] Executing malware sample: {malware_path}")

    full_cmd = [
        "vboxmanage", "guestcontrol", vm_name, "run",
        "--username", "wineleven",
        "--password", "therealtreasure",
        "--", "cmd.exe", "/c", "start", "", malware_path
    ]

    # Jalankan di background tanpa blocking
    subprocess.Popen(full_cmd)

    print(f"[{tstamp()}] Malware execution started")

def wait_malware(wait_time):
    """Wait for specified time with progress indicator."""
    print(f"[{tstamp()}] Waiting for {wait_time} seconds for malware execution")
    for i in range(wait_time):
        print('\r[' + '#' * (i+1) + '_' * (wait_time-i-1) + f'] {i+1}/{wait_time}s', end='')
        time.sleep(1)
    print('\r[' + '#' * wait_time + f'] {wait_time}/{wait_time}s - Complete!')

def terminate_malware(malware_name):
    """Terminate the malware process."""
    print(f"[{tstamp()}] Terminating malware: {malware_name}")
    
    # Kill process by executable name
    kill_cmd = f"taskkill /f /im {malware_name}"
    run_vm_command(kill_cmd, wait_time=2)
    
    print(f"[{tstamp()}] Malware termination completed")

In [165]:
def run_kernel_telemetry_analysis(malware_path, malware_name, malware_family, execution_time=60):
    """Run the complete kernel telemetry analysis workflow."""
    print(f"[{tstamp()}] Starting kernel telemetry analysis for {malware_path}")
    print(f"[{tstamp()}] Malware execution time: {execution_time} seconds")
    
    # Initialize timing
    t0 = time.time()
    
    try:
        # Step 1: Restore snapshot and start VM
        restore(snapshot_no)
        start_vm()
        
        # Step 2: Install kernel driver
        install_kernel_driver()
        
        # Step 3: Start GP driver service
        start_gp_driver()
        
        # Step 5: Execute malware (already present in VM)
        execute_malware(malware_path)
        
        # Step 6: Wait for malware execution
        wait_malware(execution_time)
        
        # Step 7: Take screenshot for evidence
        screenshot_name = f"{malware_name}_execution"
        take_screenshot(screenshot_name)
        
        # Step 8: Terminate malware
        terminate_malware(malware_name)
        
        # Step 9: Process alert data
        process_alert_data(malware_family, malware_name)
        
        # Step 10: Process telemetry data
        process_telemetry_data(malware_family, malware_name)
        
        # Step 11: Copy CSV results to host
        copy_dll_results()
        
        # Step 12: Take final screenshot
        final_screenshot = f"{malware_name}_final"
        take_screenshot(final_screenshot)
        
        # Step 13: Shutdown and restore VM
        shutdown_and_restore(snapshot_no)
        
    except Exception as e:
        print(f"Error during analysis: {e}")
        # Emergency cleanup
        try:
            terminate_malware(malware_name)
        except:
            pass
        shutdown_and_restore(snapshot_no)
    
    elapsed = time.time() - t0
    print(f'[{tstamp()}] Kernel telemetry analysis completed in {elapsed:.1f} seconds.\n')

## Run Analysis for a Single Malware Sample

Use this cell to analyze a single malware sample with kernel telemetry. The malware should already be present in the VM.

In [157]:
# Path to malware sample in VM and its executable name
malware_path = r"D:\new\ransomware_high_confidence\avoslocker\0b1f19ba8740b10ed017671aab023228756a6864fb008bf23f3c606189bdcd98.exe"  # Full path in VM
malware_name = "0b1f19ba8740b10ed017671aab023228756a6864fb008bf23f3c606189bdcd98.exe"  # Just the executable name for process killing
malware_family = r"D:\new\ransomware_high_confidence\avoslocker"

# Execution time in seconds (how long to let malware run)
execution_time = 5  # Default: 60 seconds

# Uncomment the line below to run analysis on a single sample
run_kernel_telemetry_analysis(malware_path, malware_name, malware_family, execution_time)

[2025-05-26 12:04:54.692] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\0b1f19ba8740b10ed017671aab023228756a6864fb008bf23f3c606189bdcd98.exe
[2025-05-26 12:04:54.692] Malware execution time: 5 seconds
[2025-05-26 12:04:54.692] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:04:56.473] Restoring snapshot 35 done
[2025-05-26 12:04:56.473] Starting up VM
[2025-05-26 12:05:03.185] Starting up VM done
[2025-05-26 12:05:03.185] Installing kernel driver
[2025-05-26 12:05:03.185] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:05:07.220] Kernel driver installation completed
[2025-05-26 12:05:07.220] Starting GP driver service
[2025-05-26 12:05:07.220] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:05:10.368] GP driver service started
[2025-05-26 12:05:10.368] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\0b1f19ba8740b10ed017671aab023228756a6864fb008bf23f3c606189bdcd98.exe
[2025-05-26 12:05:10.369] Malware execution started
[2025-05-26 12:05:10.369] Waiting for 5 seconds for malware execution
[#####] 5/5s - Complete!
[2025-05-26 12:05:15.369] Taking screenshot
[2025-05-26 12:05:15.429] Taking screenshot done
[2025-05-26 12:05:15.429] Terminating 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:05:34.592] Powering off VM done
[2025-05-26 12:05:37.592] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...

[2025-05-26 12:05:39.004] Restoring snapshot 35 done
[2025-05-26 12:05:39.004] Kernel telemetry analysis completed in 44.3 seconds.



60%...70%...80%...90%...100%


## Run Analysis for Multiple Samples

Use this cell to analyze multiple malware samples already present in the VM.

In [None]:
import os
import time

# List of ransomware family directories
ransomware_directories = [
    "D:\\new\\ransomware_high_confidence\\avaddon",
    "D:\\new\\ransomware_high_confidence\\avoslocker",
    "D:\\new\\ransomware_high_confidence\\babuk",
    "D:\\new\\ransomware_high_confidence\\bianlian",
    "D:\\new\\ransomware_high_confidence\\blackbasta",
    "D:\\new\\ransomware_high_confidence\\blackbyte",
    "D:\\new\\ransomware_high_confidence\\blackcat",
    "D:\\new\\ransomware_high_confidence\\blackmatter",
    "D:\\new\\ransomware_high_confidence\\bluesky",
    "D:\\new\\ransomware_high_confidence\\clop",
    "D:\\new\\ransomware_high_confidence\\conti",
    "D:\\new\\ransomware_high_confidence\\darkside",
    "D:\\new\\ransomware_high_confidence\\dharma",
    "D:\\new\\ransomware_high_confidence\\doppelpaymer",
    "D:\\new\\ransomware_high_confidence\\exorcist",
    "D:\\new\\ransomware_high_confidence\\gandcrab",
    "D:\\new\\ransomware_high_confidence\\hive",
    "D:\\new\\ransomware_high_confidence\\holyghost",
    "D:\\new\\ransomware_high_confidence\\karma",
    "D:\\new\\ransomware_high_confidence\\lockbit",
    "D:\\new\\ransomware_high_confidence\\lorenz",
    "D:\\new\\ransomware_high_confidence\\makop",
    "D:\\new\\ransomware_high_confidence\\maui",
    "D:\\new\\ransomware_high_confidence\\maze",
    "D:\\new\\ransomware_high_confidence\\mountlocker",
    "D:\\new\\ransomware_high_confidence\\nefilim",
    "D:\\new\\ransomware_high_confidence\\netwalker",
    "D:\\new\\ransomware_high_confidence\\nightsky",
    "D:\\new\\ransomware_high_confidence\\phobos",
    "D:\\new\\ransomware_high_confidence\\playcrypt",
    "D:\\new\\ransomware_high_confidence\\pysa",
    "D:\\new\\ransomware_high_confidence\\quantum",
    "D:\\new\\ransomware_high_confidence\\ragnarok",
    "D:\\new\\ransomware_high_confidence\\ransomexx",
    "D:\\new\\ransomware_high_confidence\\revil",
    "D:\\new\\ransomware_high_confidence\\ryuk",
    "D:\\new\\ransomware_high_confidence\\stop",
    "D:\\new\\ransomware_high_confidence\\thanos",
    "D:\\new\\ransomware_high_confidence\\wastedlocker",
    "D:\\new\\ransomware_high_confidence\\zeppelin"
]

def get_all_malware_samples():
    """
    Scan semua direktori ransomware dan dapatkan list semua file .exe
    Returns: List of tuples (full_path, executable_name, family_name)
    """
    all_samples = []
    
    print(f"[{tstamp()}] Scanning malware directories...")
    
    for directory in ransomware_directories:
        family_name = os.path.basename(directory)
        print(f"[{tstamp()}] Scanning {family_name}...")
        
        # Periksa apakah direktori ada di VM (simulasi dengan list files)
        # Dalam implementasi nyata, ini akan menggunakan VM command
        list_cmd = f"dir {directory}\\*.exe /b"
        
        try:
            result = run_vm_command(list_cmd, wait_time=1)
            
            if result and result.stdout.strip():
                exe_files = result.stdout.strip().split('\n')
                
                for exe_file in exe_files:
                    exe_file = exe_file.strip()
                    if exe_file and exe_file.endswith('.exe'):
                        full_path = f"{directory}\\{exe_file}"
                        all_samples.append((full_path, exe_file, family_name))
                        
                print(f"[{tstamp()}] Found {len(exe_files)} samples in {family_name}")
            else:
                print(f"[{tstamp()}] No .exe files found in {family_name}")
                
        except Exception as e:
            print(f"[{tstamp()}] Error scanning {family_name}: {e}")
            continue
    
    print(f"[{tstamp()}] Total samples found: {len(all_samples)}")
    return all_samples

def run_batch_malware_analysis(execution_time=60, max_samples=None, skip_families=None, only_families=None):
    """
    Jalankan analisis batch untuk semua malware samples
    
    Args:
        execution_time (int): Waktu eksekusi per sample dalam detik
        max_samples (int): Maksimal jumlah sample yang dianalisis (None = semua)
        skip_families (list): List family yang di-skip
        only_families (list): Hanya analisis family tertentu
    """
    
    print(f"[{tstamp()}] =" * 80)
    print(f"[{tstamp()}] STARTING BATCH MALWARE ANALYSIS")
    print(f"[{tstamp()}] Execution time per sample: {execution_time} seconds")
    print(f"[{tstamp()}] =" * 80)
    
    # Dapatkan semua samples
    all_samples = get_all_malware_samples()
    
    if not all_samples:
        print(f"[{tstamp()}] No malware samples found! Exiting...")
        return
    
    # Filter berdasarkan parameter
    filtered_samples = []
    
    for sample in all_samples:
        full_path, exe_name, family_name = sample
        
        # Skip families jika ditentukan
        if skip_families and family_name in skip_families:
            continue
            
        # Hanya analisis families tertentu jika ditentukan
        if only_families and family_name not in only_families:
            continue
            
        filtered_samples.append(sample)
    
    # Batasi jumlah sample jika ditentukan
    if max_samples and len(filtered_samples) > max_samples:
        filtered_samples = filtered_samples[:max_samples]
    
    total_samples = len(filtered_samples)
    print(f"[{tstamp()}] Samples to analyze: {total_samples}")
    
    # Estimasi waktu total
    estimated_time = total_samples * (execution_time + 120)  # +120 untuk overhead setup/cleanup
    hours = estimated_time // 3600
    minutes = (estimated_time % 3600) // 60
    print(f"[{tstamp()}] Estimated total time: {hours}h {minutes}m")
    
    # Konfirmasi
    print(f"[{tstamp()}] Press Enter to continue or Ctrl+C to cancel...")
    input()
    
    # Tracking progress
    successful_analyses = 0
    failed_analyses = 0
    analysis_start_time = time.time()
    
    # Log file untuk tracking
    log_file = f"batch_analysis_log_{time.strftime('%Y%m%d_%H%M%S')}.txt"
    
    with open(log_file, 'w') as log:
        log.write(f"Batch Malware Analysis Log\\n")
        log.write(f"Started: {time.strftime('%Y-%m-%d %H:%M:%S')}\\n")
        log.write(f"Total samples: {total_samples}\\n")
        log.write(f"Execution time per sample: {execution_time}s\\n\\n")
        
        for i, (full_path, exe_name, family_name) in enumerate(filtered_samples, 1):
            
            print(f"\\n[{tstamp()}] " + "=" * 60)
            print(f"[{tstamp()}] SAMPLE {i}/{total_samples}")
            print(f"[{tstamp()}] Family: {family_name}")
            print(f"[{tstamp()}] File: {exe_name}")
            print(f"[{tstamp()}] Path: {full_path}")
            print(f"[{tstamp()}] " + "=" * 60)
            
            log.write(f"Sample {i}/{total_samples}: {family_name}/{exe_name}\\n")
            log.flush()
            
            try:
                # Jalankan analisis
                run_kernel_telemetry_analysis(full_path, exe_name, family_name, execution_time)
                
                successful_analyses += 1
                print(f"[{tstamp()}] ✅ Analysis completed successfully!")
                log.write(f"  Status: SUCCESS\\n")
                
            except Exception as e:
                failed_analyses += 1
                print(f"[{tstamp()}] ❌ Analysis failed: {e}")
                log.write(f"  Status: FAILED - {e}\\n")
                
                # Emergency cleanup jika terjadi error
                try:
                    print(f"[{tstamp()}] Attempting emergency cleanup...")
                    shutdown_and_restore(snapshot_no)
                except:
                    pass
            
            # Progress update
            progress = (i / total_samples) * 100
            elapsed = time.time() - analysis_start_time
            avg_time = elapsed / i
            remaining = (total_samples - i) * avg_time
            
            print(f"[{tstamp()}] Progress: {progress:.1f}% ({i}/{total_samples})")
            print(f"[{tstamp()}] Successful: {successful_analyses}, Failed: {failed_analyses}")
            print(f"[{tstamp()}] Time remaining: {remaining/3600:.1f}h")
            
            log.write(f"  Progress: {progress:.1f}%\\n")
            log.write(f"  Time elapsed: {elapsed/3600:.1f}h\\n\\n")
            log.flush()
            
            # Jeda antar sample
            if i < total_samples:
                print(f"[{tstamp()}] Waiting 5 seconds before next sample...")
                time.sleep(5)
    
    # Summary
    total_time = time.time() - analysis_start_time
    print(f"\\n[{tstamp()}] " + "=" * 80)
    print(f"[{tstamp()}] BATCH ANALYSIS COMPLETED!")
    print(f"[{tstamp()}] Total samples processed: {total_samples}")
    print(f"[{tstamp()}] Successful: {successful_analyses}")
    print(f"[{tstamp()}] Failed: {failed_analyses}")
    print(f"[{tstamp()}] Total time: {total_time/3600:.1f} hours")
    print(f"[{tstamp()}] Log saved to: {log_file}")
    print(f"[{tstamp()}] " + "=" * 80)

def quick_test_analysis():
    """
    Test dengan beberapa sample saja untuk memastikan sistem berjalan
    """
    print(f"[{tstamp()}] Running quick test analysis (3 samples, 30s each)...")
    run_batch_malware_analysis(
        execution_time=30,
        max_samples=3,
        only_families=['avaddon', 'avoslocker']  # Test dengan 2 family saja
    )

def run_specific_families(families, execution_time=60):
    """
    Analisis hanya family tertentu
    
    Args:
        families (list): List nama family yang ingin dianalisis
        execution_time (int): Waktu eksekusi per sample
    """
    print(f"[{tstamp()}] Running analysis for specific families: {families}")
    run_batch_malware_analysis(
        execution_time=execution_time,
        only_families=families
    )

def run_all_families_full_analysis(execution_time=60):
    """
    Analisis semua family dengan full execution time
    """
    print(f"[{tstamp()}] Running FULL ANALYSIS for ALL families...")
    print(f"[{tstamp()}] This will take a very long time!")
    run_batch_malware_analysis(execution_time=execution_time)

# ===============================================================================
# CONTOH PENGGUNAAN:
# ===============================================================================

# 1. Test cepat dengan 3 sample saja (30 detik per sample)
# quick_test_analysis()

# 2. Analisis family tertentu saja
# run_specific_families(['avaddon', 'avoslocker', 'babuk'], execution_time=5)

# 3. Analisis semua family dengan waktu eksekusi pendek (testing)
# run_batch_malware_analysis(execution_time=30, max_samples=10)

# 4. Analisis penuh semua family (HATI-HATI: AKAN SANGAT LAMA!)
run_all_families_full_analysis(execution_time=60)

# 5. Skip family tertentu
# run_batch_malware_analysis(
#     execution_time=45, 
#     skip_families=['stop', 'dharma'],  # Skip family yang banyak sample
#     max_samples=50
# )

[2025-05-26 12:08:02.707] Running FULL ANALYSIS for ALL families...
[2025-05-26 12:08:02.707] This will take a very long time!
[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-26 12:08:02.707] =[2025-05-

 


[2025-05-26 12:09:26.963] SAMPLE 1/1408
[2025-05-26 12:09:26.963] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:09:26.963] File: 05af0cf40590aef24b28fa04c6b4998b7ab3b7f26e60c507adb84f3d837778f2.exe
[2025-05-26 12:09:26.963] Path: D:\new\ransomware_high_confidence\avaddon\05af0cf40590aef24b28fa04c6b4998b7ab3b7f26e60c507adb84f3d837778f2.exe
[2025-05-26 12:09:26.964] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\05af0cf40590aef24b28fa04c6b4998b7ab3b7f26e60c507adb84f3d837778f2.exe
[2025-05-26 12:09:26.964] Malware execution time: 60 seconds
[2025-05-26 12:09:26.964] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:09:28.750] Restoring snapshot 35 done
[2025-05-26 12:09:28.750] Starting up VM
[2025-05-26 12:09:35.478] Starting up VM done
[2025-05-26 12:09:35.478] Installing kernel driver
[2025-05-26 12:09:35.478] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:09:40.241] Kernel driver installation completed
[2025-05-26 12:09:40.241] Starting GP driver service
[2025-05-26 12:09:40.241] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:09:43.390] GP driver service started
[2025-05-26 12:09:43.390] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\05af0cf40590aef24b28fa04c6b4998b7ab3b7f26e60c507adb84f3d837778f2.exe
[2025-05-26 12:09:43.390] Malware execution started
[2025-05-26 12:09:43.390] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:10:43.398] Taking screenshot
[2025-05-26 12:10:43.461] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:11:37.356] Powering off VM done
[2025-05-26 12:11:40.356] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:11:41.675] Restoring snapshot 35 done
[2025-05-26 12:11:41.675] Kernel telemetry analysis completed in 134.7 seconds.

[2025-05-26 12:11:41.675] ✅ Analysis completed successfully!
[2025-05-26 12:11:41.675] Progress: 0.1% (1/1408)
[2025-05-26 12:11:41.675] Successful: 1, Failed: 0
[2025-05-26 12:11:41.675] Time remaining: 52.6h
[2025-05-26 12:11:41.675] Waiting 5 seconds before next sample...
[2025-05-26 12:11:46.675] SAMPLE 2/1408
[2025-05-26 12:11:46.675] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:11:46.675] File: 09f01f2256663969229c2c954f7b29751b41a0c2b36cdb9b67c9491b76c04898.exe
[2025-05-26 12:11:46.675] Path: D:\new\ransomware_high_confidence\avaddon\09f01f2256663969229c2c954f7b29751b41a0c2b36cdb9b67c9491b76c04898.exe
[2025-05-26 12:11:46.675] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\09f01f2256663969229c2c954f7b29751b41a0c2b36cdb9b67c9491b76c04898.exe
[2025-05-26 12:11:46.675] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:11:47.975] Restoring snapshot 35 done
[2025-05-26 12:11:47.975] Starting up VM
[2025-05-26 12:11:54.335] Starting up VM done
[2025-05-26 12:11:54.336] Installing kernel driver
[2025-05-26 12:11:54.336] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:11:58.658] Kernel driver installation completed
[2025-05-26 12:11:58.659] Starting GP driver service
[2025-05-26 12:11:58.659] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:12:01.812] GP driver service started
[2025-05-26 12:12:01.812] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\09f01f2256663969229c2c954f7b29751b41a0c2b36cdb9b67c9491b76c04898.exe
[2025-05-26 12:12:01.813] Malware execution started
[2025-05-26 12:12:01.813] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:13:01.821] Taking screenshot
[2025-05-26 12:13:01.884] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:14:02.564] Powering off VM done
[2025-05-26 12:14:05.564] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:14:06.590] Restoring snapshot 35 done
[2025-05-26 12:14:06.590] Kernel telemetry analysis completed in 139.9 seconds.

[2025-05-26 12:14:06.591] ✅ Analysis completed successfully!
[2025-05-26 12:14:06.591] Progress: 0.1% (2/1408)
[2025-05-26 12:14:06.591] Successful: 2, Failed: 0
[2025-05-26 12:14:06.591] Time remaining: 54.6h
[2025-05-26 12:14:06.591] Waiting 5 seconds before next sample...
[2025-05-26 12:14:11.591] SAMPLE 3/1408
[2025-05-26 12:14:11.591] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:14:11.591] File: 0ff4058f709d278ed662719b9627618c48e7a656c59f6bfecda9081c7cbd742b.exe
[2025-05-26 12:14:11.591] Path: D:\new\ransomware_high_confidence\avaddon\0ff4058f709d278ed662719b9627618c48e7a656c59f6bfecda9081c7cbd742b.exe
[2025-05-26 12:14:11.591] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\0ff4058f709d278ed662719b9627618c48e7a656c59f6bfecda9081c7cbd742b.exe
[2025-05-26 12:14:11.591] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:14:13.296] Restoring snapshot 35 done
[2025-05-26 12:14:13.296] Starting up VM
[2025-05-26 12:14:19.437] Starting up VM done
[2025-05-26 12:14:19.437] Installing kernel driver
[2025-05-26 12:14:19.437] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:14:23.809] Kernel driver installation completed
[2025-05-26 12:14:23.809] Starting GP driver service
[2025-05-26 12:14:23.809] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:14:26.965] GP driver service started
[2025-05-26 12:14:26.965] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\0ff4058f709d278ed662719b9627618c48e7a656c59f6bfecda9081c7cbd742b.exe
[2025-05-26 12:14:26.965] Malware execution started
[2025-05-26 12:14:26.965] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:15:26.974] Taking screenshot
[2025-05-26 12:15:27.039] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:16:20.647] Powering off VM done
[2025-05-26 12:16:23.648] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:16:24.866] Restoring snapshot 35 done
[2025-05-26 12:16:24.866] Kernel telemetry analysis completed in 133.3 seconds.

[2025-05-26 12:16:24.866] ✅ Analysis completed successfully!
[2025-05-26 12:16:24.866] Progress: 0.2% (3/1408)
[2025-05-26 12:16:24.866] Successful: 3, Failed: 0
[2025-05-26 12:16:24.866] Time remaining: 54.4h
[2025-05-26 12:16:24.867] Waiting 5 seconds before next sample...
[2025-05-26 12:16:29.867] SAMPLE 4/1408
[2025-05-26 12:16:29.867] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:16:29.867] File: 1228d0f04f0ba82569fc1c0609f9fd6c377a91b9ea44c1e7f9f84b2b90552da2.exe
[2025-05-26 12:16:29.867] Path: D:\new\ransomware_high_confidence\avaddon\1228d0f04f0ba82569fc1c0609f9fd6c377a91b9ea44c1e7f9f84b2b90552da2.exe
[2025-05-26 12:16:29.867] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\1228d0f04f0ba82569fc1c0609f9fd6c377a91b9ea44c1e7f9f84b2b90552da2.exe
[2025-05-26 12:16:29.867] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:16:31.272] Restoring snapshot 35 done
[2025-05-26 12:16:31.272] Starting up VM
[2025-05-26 12:16:37.279] Starting up VM done
[2025-05-26 12:16:37.280] Installing kernel driver
[2025-05-26 12:16:37.280] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:16:41.606] Kernel driver installation completed
[2025-05-26 12:16:41.606] Starting GP driver service
[2025-05-26 12:16:41.606] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:16:44.774] GP driver service started
[2025-05-26 12:16:44.774] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\1228d0f04f0ba82569fc1c0609f9fd6c377a91b9ea44c1e7f9f84b2b90552da2.exe
[2025-05-26 12:16:44.774] Malware execution started
[2025-05-26 12:16:44.775] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:17:44.783] Taking screenshot
[2025-05-26 12:17:44.847] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:18:44.741] Powering off VM done
[2025-05-26 12:18:47.741] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:18:49.398] Restoring snapshot 35 done
[2025-05-26 12:18:49.398] Kernel telemetry analysis completed in 139.5 seconds.

[2025-05-26 12:18:49.398] ✅ Analysis completed successfully!
[2025-05-26 12:18:49.398] Progress: 0.3% (4/1408)
[2025-05-26 12:18:49.398] Successful: 4, Failed: 0
[2025-05-26 12:18:49.398] Time remaining: 54.8h
[2025-05-26 12:18:49.398] Waiting 5 seconds before next sample...
[2025-05-26 12:18:54.398] SAMPLE 5/1408
[2025-05-26 12:18:54.398] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:18:54.398] File: 146712f0832c4e2fbe24245d18f2913746436e38d5438f5eca15dfd0fb50ec24.exe
[2025-05-26 12:18:54.398] Path: D:\new\ransomware_high_confidence\avaddon\146712f0832c4e2fbe24245d18f2913746436e38d5438f5eca15dfd0fb50ec24.exe
[2025-05-26 12:18:54.398] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\146712f0832c4e2fbe24245d18f2913746436e38d5438f5eca15dfd0fb50ec24.exe
[2025-05-26 12:18:54.398] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:18:55.843] Restoring snapshot 35 done
[2025-05-26 12:18:55.843] Starting up VM
[2025-05-26 12:19:02.275] Starting up VM done
[2025-05-26 12:19:02.275] Installing kernel driver
[2025-05-26 12:19:02.275] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:19:06.713] Kernel driver installation completed
[2025-05-26 12:19:06.713] Starting GP driver service
[2025-05-26 12:19:06.713] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:19:09.872] GP driver service started
[2025-05-26 12:19:09.872] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\146712f0832c4e2fbe24245d18f2913746436e38d5438f5eca15dfd0fb50ec24.exe
[2025-05-26 12:19:09.873] Malware execution started
[2025-05-26 12:19:09.873] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:20:09.881] Taking screenshot
[2025-05-26 12:20:09.942] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:21:16.063] Powering off VM done
[2025-05-26 12:21:19.063] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:21:20.477] Restoring snapshot 35 done
[2025-05-26 12:21:20.477] Kernel telemetry analysis completed in 146.1 seconds.

[2025-05-26 12:21:20.477] ✅ Analysis completed successfully!
[2025-05-26 12:21:20.477] Progress: 0.4% (5/1408)
[2025-05-26 12:21:20.477] Successful: 5, Failed: 0
[2025-05-26 12:21:20.477] Time remaining: 55.6h
[2025-05-26 12:21:20.477] Waiting 5 seconds before next sample...
[2025-05-26 12:21:25.478] SAMPLE 6/1408
[2025-05-26 12:21:25.478] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:21:25.478] File: 17e68e1fb7737ec554eab4b7aea90ebb2fb23c953d920b8d8f1ab4825c3faede.exe
[2025-05-26 12:21:25.478] Path: D:\new\ransomware_high_confidence\avaddon\17e68e1fb7737ec554eab4b7aea90ebb2fb23c953d920b8d8f1ab4825c3faede.exe
[2025-05-26 12:21:25.478] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\17e68e1fb7737ec554eab4b7aea90ebb2fb23c953d920b8d8f1ab4825c3faede.exe
[2025-05-26 12:21:25.478] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:21:26.932] Restoring snapshot 35 done
[2025-05-26 12:21:26.932] Starting up VM
[2025-05-26 12:21:33.502] Starting up VM done
[2025-05-26 12:21:33.502] Installing kernel driver
[2025-05-26 12:21:33.503] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:21:37.837] Kernel driver installation completed
[2025-05-26 12:21:37.837] Starting GP driver service
[2025-05-26 12:21:37.837] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:21:40.993] GP driver service started
[2025-05-26 12:21:40.993] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\17e68e1fb7737ec554eab4b7aea90ebb2fb23c953d920b8d8f1ab4825c3faede.exe
[2025-05-26 12:21:40.993] Malware execution started
[2025-05-26 12:21:40.993] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:22:41.001] Taking screenshot
[2025-05-26 12:22:41.063] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:23:33.765] Powering off VM done
[2025-05-26 12:23:36.765] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:23:38.109] Restoring snapshot 35 done
[2025-05-26 12:23:38.109] Kernel telemetry analysis completed in 132.6 seconds.

[2025-05-26 12:23:38.109] ✅ Analysis completed successfully!
[2025-05-26 12:23:38.109] Progress: 0.4% (6/1408)
[2025-05-26 12:23:38.109] Successful: 6, Failed: 0
[2025-05-26 12:23:38.109] Time remaining: 55.2h
[2025-05-26 12:23:38.109] Waiting 5 seconds before next sample...
[2025-05-26 12:23:43.110] SAMPLE 7/1408
[2025-05-26 12:23:43.110] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:23:43.110] File: 17efb277d1893fe4255b9178e9bf6ce55d8a514f9805fd2ab8f7065498c53d97.exe
[2025-05-26 12:23:43.110] Path: D:\new\ransomware_high_confidence\avaddon\17efb277d1893fe4255b9178e9bf6ce55d8a514f9805fd2ab8f7065498c53d97.exe
[2025-05-26 12:23:43.110] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\17efb277d1893fe4255b9178e9bf6ce55d8a514f9805fd2ab8f7065498c53d97.exe
[2025-05-26 12:23:43.110] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:23:44.769] Restoring snapshot 35 done
[2025-05-26 12:23:44.769] Starting up VM
[2025-05-26 12:23:50.554] Starting up VM done
[2025-05-26 12:23:50.554] Installing kernel driver
[2025-05-26 12:23:50.554] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:23:55.069] Kernel driver installation completed
[2025-05-26 12:23:55.069] Starting GP driver service
[2025-05-26 12:23:55.069] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:23:58.231] GP driver service started
[2025-05-26 12:23:58.231] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\17efb277d1893fe4255b9178e9bf6ce55d8a514f9805fd2ab8f7065498c53d97.exe
[2025-05-26 12:23:58.231] Malware execution started
[2025-05-26 12:23:58.231] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:24:58.239] Taking screenshot
[2025-05-26 12:24:58.303] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:26:00.899] Powering off VM done
[2025-05-26 12:26:03.900] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:26:05.249] Restoring snapshot 35 done
[2025-05-26 12:26:05.249] Kernel telemetry analysis completed in 142.1 seconds.

[2025-05-26 12:26:05.249] ✅ Analysis completed successfully!
[2025-05-26 12:26:05.249] Progress: 0.5% (7/1408)
[2025-05-26 12:26:05.249] Successful: 7, Failed: 0
[2025-05-26 12:26:05.249] Time remaining: 55.5h
[2025-05-26 12:26:05.249] Waiting 5 seconds before next sample...
[2025-05-26 12:26:10.249] SAMPLE 8/1408
[2025-05-26 12:26:10.249] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:26:10.249] File: 1c53a211e69cb490911485d71573fd1a4210d7167094a6d7b28926157acd31f0.exe
[2025-05-26 12:26:10.249] Path: D:\new\ransomware_high_confidence\avaddon\1c53a211e69cb490911485d71573fd1a4210d7167094a6d7b28926157acd31f0.exe
[2025-05-26 12:26:10.250] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\1c53a211e69cb490911485d71573fd1a4210d7167094a6d7b28926157acd31f0.exe
[2025-05-26 12:26:10.250] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:26:11.664] Restoring snapshot 35 done
[2025-05-26 12:26:11.665] Starting up VM
[2025-05-26 12:26:17.927] Starting up VM done
[2025-05-26 12:26:17.928] Installing kernel driver
[2025-05-26 12:26:17.928] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:26:21.653] Kernel driver installation completed
[2025-05-26 12:26:21.653] Starting GP driver service
[2025-05-26 12:26:21.653] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:26:24.805] GP driver service started
[2025-05-26 12:26:24.805] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\1c53a211e69cb490911485d71573fd1a4210d7167094a6d7b28926157acd31f0.exe
[2025-05-26 12:26:24.806] Malware execution started
[2025-05-26 12:26:24.806] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:27:24.814] Taking screenshot
[2025-05-26 12:27:24.875] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:28:43.376] Powering off VM done
[2025-05-26 12:28:46.377] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:28:47.498] Restoring snapshot 35 done
[2025-05-26 12:28:47.498] Kernel telemetry analysis completed in 157.2 seconds.

[2025-05-26 12:28:47.498] ✅ Analysis completed successfully!
[2025-05-26 12:28:47.498] Progress: 0.6% (8/1408)
[2025-05-26 12:28:47.498] Successful: 8, Failed: 0
[2025-05-26 12:28:47.498] Time remaining: 56.4h
[2025-05-26 12:28:47.498] Waiting 5 seconds before next sample...
[2025-05-26 12:28:52.498] SAMPLE 9/1408
[2025-05-26 12:28:52.498] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:28:52.498] File: 1d5f21f26caefe394d6b217a654f0effb6a6a986257229daf447e8b8966f693e.exe
[2025-05-26 12:28:52.498] Path: D:\new\ransomware_high_confidence\avaddon\1d5f21f26caefe394d6b217a654f0effb6a6a986257229daf447e8b8966f693e.exe
[2025-05-26 12:28:52.498] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\1d5f21f26caefe394d6b217a654f0effb6a6a986257229daf447e8b8966f693e.exe
[2025-05-26 12:28:52.498] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:28:54.055] Restoring snapshot 35 done
[2025-05-26 12:28:54.055] Starting up VM
[2025-05-26 12:29:00.498] Starting up VM done
[2025-05-26 12:29:00.498] Installing kernel driver
[2025-05-26 12:29:00.498] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:29:04.221] Kernel driver installation completed
[2025-05-26 12:29:04.221] Starting GP driver service
[2025-05-26 12:29:04.221] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:29:07.374] GP driver service started
[2025-05-26 12:29:07.374] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\1d5f21f26caefe394d6b217a654f0effb6a6a986257229daf447e8b8966f693e.exe
[2025-05-26 12:29:07.375] Malware execution started
[2025-05-26 12:29:07.375] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:30:07.383] Taking screenshot
[2025-05-26 12:30:07.444] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:31:55.884] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:31:57.303] Restoring snapshot 35 done
[2025-05-26 12:31:57.303] Kernel telemetry analysis completed in 184.8 seconds.

[2025-05-26 12:31:57.303] ✅ Analysis completed successfully!
[2025-05-26 12:31:57.303] Progress: 0.6% (9/1408)
[2025-05-26 12:31:57.303] Successful: 9, Failed: 0
[2025-05-26 12:31:57.303] Time remaining: 58.3h
[2025-05-26 12:31:57.303] Waiting 5 seconds before next sample...
[2025-05-26 12:32:02.304] SAMPLE 10/1408
[2025-05-26 12:32:02.304] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:32:02.304] File: 1e8df42c2e51f919886eaf955c8fc9630ba9aca8bba47b1541ead131feb55a11.exe
[2025-05-26 12:32:02.304] Path: D:\new\ransomware_high_confidence\avaddon\1e8df42c2e51f919886eaf955c8fc9630ba9aca8bba47b1541ead131feb55a11.exe
[2025-05-26 12:32:02.304] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\1e8df42c2e51f919886eaf955c8fc9630ba9aca8bba47b1541ead131feb55a11.exe
[2025-05-26 12:32:02.304] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:32:03.732] Restoring snapshot 35 done
[2025-05-26 12:32:03.732] Starting up VM
[2025-05-26 12:32:10.167] Starting up VM done
[2025-05-26 12:32:10.167] Installing kernel driver
[2025-05-26 12:32:10.167] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:32:14.713] Kernel driver installation completed
[2025-05-26 12:32:14.714] Starting GP driver service
[2025-05-26 12:32:14.714] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:32:17.867] GP driver service started
[2025-05-26 12:32:17.867] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\1e8df42c2e51f919886eaf955c8fc9630ba9aca8bba47b1541ead131feb55a11.exe
[2025-05-26 12:32:17.867] Malware execution started
[2025-05-26 12:32:17.867] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:33:17.875] Taking screenshot
[2025-05-26 12:33:17.936] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:34:58.993] Powering off VM done
[2025-05-26 12:35:01.994] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:35:03.339] Restoring snapshot 35 done
[2025-05-26 12:35:03.339] Kernel telemetry analysis completed in 181.0 seconds.

[2025-05-26 12:35:03.339] ✅ Analysis completed successfully!
[2025-05-26 12:35:03.339] Progress: 0.7% (10/1408)
[2025-05-26 12:35:03.339] Successful: 10, Failed: 0
[2025-05-26 12:35:03.339] Time remaining: 59.7h
[2025-05-26 12:35:03.339] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-26 12:35:08.340] SAMPLE 11/1408
[2025-05-26 12:35:08.340] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:35:08.340] File: 240d0e4653fdcac298777ad397af4df50fe355aa87fd82146ae40e9e998eab90.exe
[2025-05-26 12:35:08.340] Path: D:\new\ransomware_high_confidence\avaddon\240d0e4653fdcac298777ad397af4df50fe355aa87fd82146ae40e9e998eab90.exe
[2025-05-26 12:35:08.340] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\240d0e4653fdcac298777ad397af4df50fe355aa87fd82146ae40e9e998eab90.exe
[2025-05-26 12:35:08.340] Malware execution time: 60 seconds
[2025-05-26 12:35:08.340] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:35:10.035] Restoring snapshot 35 done
[2025-05-26 12:35:10.035] Starting up VM
[2025-05-26 12:35:16.723] Starting up VM done
[2025-05-26 12:35:16.723] Installing kernel driver
[2025-05-26 12:35:16.723] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:35:21.088] Kernel driver installation completed
[2025-05-26 12:35:21.088] Starting GP driver service
[2025-05-26 12:35:21.088] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:35:24.245] GP driver service started
[2025-05-26 12:35:24.245] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\240d0e4653fdcac298777ad397af4df50fe355aa87fd82146ae40e9e998eab90.exe
[2025-05-26 12:35:24.246] Malware execution started
[2025-05-26 12:35:24.246] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:36:24.254] Taking screenshot
[2025-05-26 12:36:24.316] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:37:35.740] Powering off VM done
[2025-05-26 12:37:38.740] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:37:40.083] Restoring snapshot 35 done
[2025-05-26 12:37:40.083] Kernel telemetry analysis completed in 151.7 seconds.

[2025-05-26 12:37:40.083] ✅ Analysis completed successfully!
[2025-05-26 12:37:40.083] Progress: 0.8% (11/1408)
[2025-05-26 12:37:40.083] Successful: 11, Failed: 0
[2025-05-26 12:37:40.083] Time remaining: 59.7h
[2025-05-26 12:37:40.083] Waiting 5 seconds before next sample...
[2025-05-26 12:37:45.083] SAMPLE 12/1408
[2025-05-26 12:37:45.083] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:37:45.083] File: 2462a1cc358704bf1f12d266a0cc596bce16ba58f8611aa0fdeb094f61f1631a.exe
[2025-05-26 12:37:45.083] Path: D:\new\ransomware_high_confidence\avaddon\2462a1cc358704bf1f12d266a0cc596bce16ba58f8611aa0fdeb094f61f1631a.exe
[2025-05-26 12:37:45.083] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\2462a1cc358704bf1f12d266a0cc596bce16ba58f8611aa0fdeb094f61f1631a.exe
[2025-05-26 12:37:45.083] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:37:46.693] Restoring snapshot 35 done
[2025-05-26 12:37:46.693] Starting up VM
[2025-05-26 12:37:53.669] Starting up VM done
[2025-05-26 12:37:53.670] Installing kernel driver
[2025-05-26 12:37:53.670] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:37:58.049] Kernel driver installation completed
[2025-05-26 12:37:58.049] Starting GP driver service
[2025-05-26 12:37:58.049] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:38:01.196] GP driver service started
[2025-05-26 12:38:01.196] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\2462a1cc358704bf1f12d266a0cc596bce16ba58f8611aa0fdeb094f61f1631a.exe
[2025-05-26 12:38:01.197] Malware execution started
[2025-05-26 12:38:01.197] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:39:01.205] Taking screenshot
[2025-05-26 12:39:01.267] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:40:10.623] Powering off VM done
[2025-05-26 12:40:13.624] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:40:14.947] Restoring snapshot 35 done
[2025-05-26 12:40:14.947] Kernel telemetry analysis completed in 149.9 seconds.

[2025-05-26 12:40:14.947] ✅ Analysis completed successfully!
[2025-05-26 12:40:14.947] Progress: 0.9% (12/1408)
[2025-05-26 12:40:14.947] Successful: 12, Failed: 0
[2025-05-26 12:40:14.947] Time remaining: 59.7h
[2025-05-26 12:40:14.947] Waiting 5 seconds before next sample...
[2025-05-26 12:40:19.947] SAMPLE 13/1408
[2025-05-26 12:40:19.947] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:40:19.947] File: 2a63fd5330739eaf96adab4e1f4162655ab0e1d977787fb0495f0a2ed137b96b.exe
[2025-05-26 12:40:19.947] Path: D:\new\ransomware_high_confidence\avaddon\2a63fd5330739eaf96adab4e1f4162655ab0e1d977787fb0495f0a2ed137b96b.exe
[2025-05-26 12:40:19.947] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\2a63fd5330739eaf96adab4e1f4162655ab0e1d977787fb0495f0a2ed137b96b.exe
[2025-05-26 12:40:19.947] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:40:21.907] Restoring snapshot 35 done
[2025-05-26 12:40:21.907] Starting up VM
[2025-05-26 12:40:27.952] Starting up VM done
[2025-05-26 12:40:27.952] Installing kernel driver
[2025-05-26 12:40:27.952] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:40:32.174] Kernel driver installation completed
[2025-05-26 12:40:32.174] Starting GP driver service
[2025-05-26 12:40:32.174] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:40:35.325] GP driver service started
[2025-05-26 12:40:35.325] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\2a63fd5330739eaf96adab4e1f4162655ab0e1d977787fb0495f0a2ed137b96b.exe
[2025-05-26 12:40:35.326] Malware execution started
[2025-05-26 12:40:35.326] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:41:35.334] Taking screenshot
[2025-05-26 12:41:35.397] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:43:21.102] Powering off VM done
[2025-05-26 12:43:24.102] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:43:25.124] Restoring snapshot 35 done
[2025-05-26 12:43:25.124] Kernel telemetry analysis completed in 185.2 seconds.

[2025-05-26 12:43:25.124] ✅ Analysis completed successfully!
[2025-05-26 12:43:25.124] Progress: 0.9% (13/1408)
[2025-05-26 12:43:25.124] Successful: 13, Failed: 0
[2025-05-26 12:43:25.124] Time remaining: 60.8h
[2025-05-26 12:43:25.124] Waiting 5 seconds before next sample...
[2025-05-26 12:43:30.125] SAMPLE 14/1408
[2025-05-26 12:43:30.125] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:43:30.125] File: 2bfdaec2c8e4b66d6c9c3b5887c8cd94e4e590c593169c1e11b06e3240c87803.exe
[2025-05-26 12:43:30.125] Path: D:\new\ransomware_high_confidence\avaddon\2bfdaec2c8e4b66d6c9c3b5887c8cd94e4e590c593169c1e11b06e3240c87803.exe
[2025-05-26 12:43:30.125] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\2bfdaec2c8e4b66d6c9c3b5887c8cd94e4e590c593169c1e11b06e3240c87803.exe
[2025-05-26 12:43:30.125] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:43:31.802] Restoring snapshot 35 done
[2025-05-26 12:43:31.802] Starting up VM
[2025-05-26 12:43:38.143] Starting up VM done
[2025-05-26 12:43:38.143] Installing kernel driver
[2025-05-26 12:43:38.143] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:43:42.511] Kernel driver installation completed
[2025-05-26 12:43:42.511] Starting GP driver service
[2025-05-26 12:43:42.511] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:43:45.666] GP driver service started
[2025-05-26 12:43:45.666] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\2bfdaec2c8e4b66d6c9c3b5887c8cd94e4e590c593169c1e11b06e3240c87803.exe
[2025-05-26 12:43:45.666] Malware execution started
[2025-05-26 12:43:45.666] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:44:45.674] Taking screenshot
[2025-05-26 12:44:45.737] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:45:09.322] Powering off VM done
[2025-05-26 12:45:12.322] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:45:13.866] Restoring snapshot 35 done
[2025-05-26 12:45:13.866] Kernel telemetry analysis completed in 103.7 seconds.

[2025-05-26 12:45:13.866] ✅ Analysis completed successfully!
[2025-05-26 12:45:13.866] Progress: 1.0% (14/1408)
[2025-05-26 12:45:13.866] Successful: 14, Failed: 0
[2025-05-26 12:45:13.866] Time remaining: 59.4h
[2025-05-26 12:45:13.866] Waiting 5 seconds before next sample...
[2025-05-26 12:45:18.866] SAMPLE 15/1408
[2025-05-26 12:45:18.866] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:45:18.866] File: 2c277c4960f11e457fdc506d139d6a6064c3b967834d1e986c68b508cae55cd0.exe
[2025-05-26 12:45:18.866] Path: D:\new\ransomware_high_confidence\avaddon\2c277c4960f11e457fdc506d139d6a6064c3b967834d1e986c68b508cae55cd0.exe
[2025-05-26 12:45:18.867] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\2c277c4960f11e457fdc506d139d6a6064c3b967834d1e986c68b508cae55cd0.exe
[2025-05-26 12:45:18.867] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:45:20.486] Restoring snapshot 35 done
[2025-05-26 12:45:20.486] Starting up VM
[2025-05-26 12:45:26.683] Starting up VM done
[2025-05-26 12:45:26.683] Installing kernel driver
[2025-05-26 12:45:26.683] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:45:30.899] Kernel driver installation completed
[2025-05-26 12:45:30.899] Starting GP driver service
[2025-05-26 12:45:30.899] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:45:34.049] GP driver service started
[2025-05-26 12:45:34.049] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\2c277c4960f11e457fdc506d139d6a6064c3b967834d1e986c68b508cae55cd0.exe
[2025-05-26 12:45:34.050] Malware execution started
[2025-05-26 12:45:34.050] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:46:34.058] Taking screenshot
[2025-05-26 12:46:34.119] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:47:00.271] Powering off VM done
[2025-05-26 12:47:03.272] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:47:05.488] Restoring snapshot 35 done
[2025-05-26 12:47:05.488] Kernel telemetry analysis completed in 106.6 seconds.

[2025-05-26 12:47:05.488] ✅ Analysis completed successfully!
[2025-05-26 12:47:05.488] Progress: 1.1% (15/1408)
[2025-05-26 12:47:05.488] Successful: 15, Failed: 0
[2025-05-26 12:47:05.488] Time remaining: 58.3h
[2025-05-26 12:47:05.489] Waiting 5 seconds before next sample...
[2025-05-26 12:47:10.489] SAMPLE 16/1408
[2025-05-26 12:47:10.489] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:47:10.489] File: 319ec1a54148644197b40ed4d73b8fe5646c4f6ebf76d1487bce40a72d37baa7.exe
[2025-05-26 12:47:10.489] Path: D:\new\ransomware_high_confidence\avaddon\319ec1a54148644197b40ed4d73b8fe5646c4f6ebf76d1487bce40a72d37baa7.exe
[2025-05-26 12:47:10.489] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\319ec1a54148644197b40ed4d73b8fe5646c4f6ebf76d1487bce40a72d37baa7.exe
[2025-05-26 12:47:10.489] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:47:12.344] Restoring snapshot 35 done
[2025-05-26 12:47:12.344] Starting up VM
[2025-05-26 12:47:18.518] Starting up VM done
[2025-05-26 12:47:18.519] Installing kernel driver
[2025-05-26 12:47:18.519] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:47:22.963] Kernel driver installation completed
[2025-05-26 12:47:22.963] Starting GP driver service
[2025-05-26 12:47:22.963] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:47:26.122] GP driver service started
[2025-05-26 12:47:26.122] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\319ec1a54148644197b40ed4d73b8fe5646c4f6ebf76d1487bce40a72d37baa7.exe
[2025-05-26 12:47:26.122] Malware execution started
[2025-05-26 12:47:26.122] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:48:26.130] Taking screenshot
[2025-05-26 12:48:26.191] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:49:29.731] Powering off VM done
[2025-05-26 12:49:32.732] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:49:33.886] Restoring snapshot 35 done
[2025-05-26 12:49:33.886] Kernel telemetry analysis completed in 143.4 seconds.

[2025-05-26 12:49:33.886] ✅ Analysis completed successfully!
[2025-05-26 12:49:33.886] Progress: 1.1% (16/1408)
[2025-05-26 12:49:33.886] Successful: 16, Failed: 0
[2025-05-26 12:49:33.886] Time remaining: 58.2h
[2025-05-26 12:49:33.886] Waiting 5 seconds before next sample...
[2025-05-26 12:49:38.886] SAMPLE 17/1408
[2025-05-26 12:49:38.886] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:49:38.886] File: 32643547aefae01363ff01beb15fa818827896088670a78e814a227ca120975a.exe
[2025-05-26 12:49:38.886] Path: D:\new\ransomware_high_confidence\avaddon\32643547aefae01363ff01beb15fa818827896088670a78e814a227ca120975a.exe
[2025-05-26 12:49:38.887] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\32643547aefae01363ff01beb15fa818827896088670a78e814a227ca120975a.exe
[2025-05-26 12:49:38.887] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:49:42.650] Restoring snapshot 35 done
[2025-05-26 12:49:42.650] Starting up VM
[2025-05-26 12:49:48.751] Starting up VM done
[2025-05-26 12:49:48.751] Installing kernel driver
[2025-05-26 12:49:48.751] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:49:53.180] Kernel driver installation completed
[2025-05-26 12:49:53.180] Starting GP driver service
[2025-05-26 12:49:53.180] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:49:56.330] GP driver service started
[2025-05-26 12:49:56.330] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\32643547aefae01363ff01beb15fa818827896088670a78e814a227ca120975a.exe
[2025-05-26 12:49:56.331] Malware execution started
[2025-05-26 12:49:56.331] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:50:56.339] Taking screenshot
[2025-05-26 12:50:56.399] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:51:24.594] Powering off VM done
[2025-05-26 12:51:27.595] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:51:29.009] Restoring snapshot 35 done
[2025-05-26 12:51:29.009] Kernel telemetry analysis completed in 110.1 seconds.

[2025-05-26 12:51:29.009] ✅ Analysis completed successfully!
[2025-05-26 12:51:29.009] Progress: 1.2% (17/1408)
[2025-05-26 12:51:29.009] Successful: 17, Failed: 0
[2025-05-26 12:51:29.009] Time remaining: 57.3h
[2025-05-26 12:51:29.009] Waiting 5 seconds before next sample...
[2025-05-26 12:51:34.010] SAMPLE 18/1408
[2025-05-26 12:51:34.010] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:51:34.010] File: 3e9dba43f0b8303ca3f57a09c2b829806720064e6aada312fab2c52484004db2.exe
[2025-05-26 12:51:34.010] Path: D:\new\ransomware_high_confidence\avaddon\3e9dba43f0b8303ca3f57a09c2b829806720064e6aada312fab2c52484004db2.exe
[2025-05-26 12:51:34.010] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\3e9dba43f0b8303ca3f57a09c2b829806720064e6aada312fab2c52484004db2.exe
[2025-05-26 12:51:34.010] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:51:35.762] Restoring snapshot 35 done
[2025-05-26 12:51:35.762] Starting up VM
[2025-05-26 12:51:42.618] Starting up VM done
[2025-05-26 12:51:42.618] Installing kernel driver
[2025-05-26 12:51:42.618] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:51:47.017] Kernel driver installation completed
[2025-05-26 12:51:47.018] Starting GP driver service
[2025-05-26 12:51:47.018] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:51:50.178] GP driver service started
[2025-05-26 12:51:50.179] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\3e9dba43f0b8303ca3f57a09c2b829806720064e6aada312fab2c52484004db2.exe
[2025-05-26 12:51:50.179] Malware execution started
[2025-05-26 12:51:50.179] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:52:50.187] Taking screenshot
[2025-05-26 12:52:50.250] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:54:19.846] Powering off VM done
[2025-05-26 12:54:22.846] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:54:24.313] Restoring snapshot 35 done
[2025-05-26 12:54:24.313] Kernel telemetry analysis completed in 170.3 seconds.

[2025-05-26 12:54:24.313] ✅ Analysis completed successfully!
[2025-05-26 12:54:24.313] Progress: 1.3% (18/1408)
[2025-05-26 12:54:24.313] Successful: 18, Failed: 0
[2025-05-26 12:54:24.313] Time remaining: 57.9h
[2025-05-26 12:54:24.313] Waiting 5 seconds before next sample...
[2025-05-26 12:54:29.313] SAMPLE 19/1408
[2025-05-26 12:54:29.313] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:54:29.313] File: 41302ba84885fcc5960d4e474d71f6af7c2a631c24d691179ff0a733eb1a4970.exe
[2025-05-26 12:54:29.313] Path: D:\new\ransomware_high_confidence\avaddon\41302ba84885fcc5960d4e474d71f6af7c2a631c24d691179ff0a733eb1a4970.exe
[2025-05-26 12:54:29.313] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\41302ba84885fcc5960d4e474d71f6af7c2a631c24d691179ff0a733eb1a4970.exe
[2025-05-26 12:54:29.313] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:54:31.008] Restoring snapshot 35 done
[2025-05-26 12:54:31.008] Starting up VM
[2025-05-26 12:54:37.063] Starting up VM done
[2025-05-26 12:54:37.063] Installing kernel driver
[2025-05-26 12:54:37.063] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:54:41.299] Kernel driver installation completed
[2025-05-26 12:54:41.299] Starting GP driver service
[2025-05-26 12:54:41.299] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:54:44.451] GP driver service started
[2025-05-26 12:54:44.451] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\41302ba84885fcc5960d4e474d71f6af7c2a631c24d691179ff0a733eb1a4970.exe
[2025-05-26 12:54:44.452] Malware execution started
[2025-05-26 12:54:44.452] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:55:44.459] Taking screenshot
[2025-05-26 12:55:44.520] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:57:31.199] Powering off VM done
[2025-05-26 12:57:34.199] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:57:35.916] Restoring snapshot 35 done
[2025-05-26 12:57:35.916] Kernel telemetry analysis completed in 186.6 seconds.

[2025-05-26 12:57:35.916] ✅ Analysis completed successfully!
[2025-05-26 12:57:35.916] Progress: 1.3% (19/1408)
[2025-05-26 12:57:35.917] Successful: 19, Failed: 0
[2025-05-26 12:57:35.917] Time remaining: 58.7h
[2025-05-26 12:57:35.917] Waiting 5 seconds before next sample...
[2025-05-26 12:57:40.917] SAMPLE 20/1408
[2025-05-26 12:57:40.917] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 12:57:40.917] File: 433875f694fb7f96b4fe51e4c3d9a45515e849d1ffd9aa528fb9b23f6323e106.exe
[2025-05-26 12:57:40.917] Path: D:\new\ransomware_high_confidence\avaddon\433875f694fb7f96b4fe51e4c3d9a45515e849d1ffd9aa528fb9b23f6323e106.exe
[2025-05-26 12:57:40.917] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\433875f694fb7f96b4fe51e4c3d9a45515e849d1ffd9aa528fb9b23f6323e106.exe
[2025-05-26 12:57:40.917] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 12:57:42.331] Restoring snapshot 35 done
[2025-05-26 12:57:42.331] Starting up VM
[2025-05-26 12:57:48.707] Starting up VM done
[2025-05-26 12:57:48.707] Installing kernel driver
[2025-05-26 12:57:48.707] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 12:57:53.712] Kernel driver installation completed
[2025-05-26 12:57:53.712] Starting GP driver service
[2025-05-26 12:57:53.712] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 12:57:56.860] GP driver service started
[2025-05-26 12:57:56.860] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\433875f694fb7f96b4fe51e4c3d9a45515e849d1ffd9aa528fb9b23f6323e106.exe
[2025-05-26 12:57:56.861] Malware execution started
[2025-05-26 12:57:56.861] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 12:58:56.869] Taking screenshot
[2025-05-26 12:58:56.930] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:00:41.605] Powering off VM done
[2025-05-26 13:00:44.606] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:00:45.931] Restoring snapshot 35 done
[2025-05-26 13:00:45.931] Kernel telemetry analysis completed in 185.0 seconds.

[2025-05-26 13:00:45.931] ✅ Analysis completed successfully!
[2025-05-26 13:00:45.931] Progress: 1.4% (20/1408)
[2025-05-26 13:00:45.931] Successful: 20, Failed: 0
[2025-05-26 13:00:45.931] Time remaining: 59.4h
[2025-05-26 13:00:45.932] Waiting 5 seconds before next sample...
[2025-05-26 13:00:50.932] SAMPLE 21/1408
[2025-05-26 13:00:50.932] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:00:50.932] File: 46a8c1e768f632d69d06bfbd93932d102965c9e3f7c37d4a92e30aaeca905675.exe
[2025-05-26 13:00:50.932] Path: D:\new\ransomware_high_confidence\avaddon\46a8c1e768f632d69d06bfbd93932d102965c9e3f7c37d4a92e30aaeca905675.exe
[2025-05-26 13:00:50.932] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\46a8c1e768f632d69d06bfbd93932d102965c9e3f7c37d4a92e30aaeca905675.exe
[2025-05-26 13:00:50.932] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:00:52.525] Restoring snapshot 35 done
[2025-05-26 13:00:52.525] Starting up VM
[2025-05-26 13:00:59.370] Starting up VM done
[2025-05-26 13:00:59.370] Installing kernel driver
[2025-05-26 13:00:59.370] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:01:03.676] Kernel driver installation completed
[2025-05-26 13:01:03.676] Starting GP driver service
[2025-05-26 13:01:03.676] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:01:06.828] GP driver service started
[2025-05-26 13:01:06.828] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\46a8c1e768f632d69d06bfbd93932d102965c9e3f7c37d4a92e30aaeca905675.exe
[2025-05-26 13:01:06.829] Malware execution started
[2025-05-26 13:01:06.829] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:02:06.837] Taking screenshot
[2025-05-26 13:02:06.899] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:04:05.365] Powering off VM done
[2025-05-26 13:04:08.365] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:04:09.590] Restoring snapshot 35 done
[2025-05-26 13:04:09.591] Kernel telemetry analysis completed in 198.7 seconds.

[2025-05-26 13:04:09.591] ✅ Analysis completed successfully!
[2025-05-26 13:04:09.591] Progress: 1.5% (21/1408)
[2025-05-26 13:04:09.591] Successful: 21, Failed: 0
[2025-05-26 13:04:09.591] Time remaining: 60.2h
[2025-05-26 13:04:09.591] Waiting 5 seconds before next sample...
[2025-05-26 13:04:14.591] SAMPLE 22/1408
[2025-05-26 13:04:14.591] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:04:14.591] File: 476991b5d212883d22cf78d6830b61f13ce3b9ea8ff2c4d4e6dbd5fcad4b9a95.exe
[2025-05-26 13:04:14.591] Path: D:\new\ransomware_high_confidence\avaddon\476991b5d212883d22cf78d6830b61f13ce3b9ea8ff2c4d4e6dbd5fcad4b9a95.exe
[2025-05-26 13:04:14.591] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\476991b5d212883d22cf78d6830b61f13ce3b9ea8ff2c4d4e6dbd5fcad4b9a95.exe
[2025-05-26 13:04:14.591] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:04:16.247] Restoring snapshot 35 done
[2025-05-26 13:04:16.247] Starting up VM
[2025-05-26 13:04:22.389] Starting up VM done
[2025-05-26 13:04:22.389] Installing kernel driver
[2025-05-26 13:04:22.389] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:04:26.695] Kernel driver installation completed
[2025-05-26 13:04:26.696] Starting GP driver service
[2025-05-26 13:04:26.696] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:04:29.854] GP driver service started
[2025-05-26 13:04:29.854] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\476991b5d212883d22cf78d6830b61f13ce3b9ea8ff2c4d4e6dbd5fcad4b9a95.exe
[2025-05-26 13:04:29.855] Malware execution started
[2025-05-26 13:04:29.855] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:05:29.863] Taking screenshot
[2025-05-26 13:05:29.923] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:06:35.690] Powering off VM done
[2025-05-26 13:06:38.690] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:06:40.354] Restoring snapshot 35 done
[2025-05-26 13:06:40.355] Kernel telemetry analysis completed in 145.8 seconds.

[2025-05-26 13:06:40.355] ✅ Analysis completed successfully!
[2025-05-26 13:06:40.355] Progress: 1.6% (22/1408)
[2025-05-26 13:06:40.355] Successful: 22, Failed: 0
[2025-05-26 13:06:40.355] Time remaining: 60.1h
[2025-05-26 13:06:40.355] Waiting 5 seconds before next sample...
[2025-05-26 13:06:45.355] SAMPLE 23/1408
[2025-05-26 13:06:45.355] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:06:45.355] File: 48d7cd572f14aed7a90d6b66097a885a889e6e7416a6aaa2eb442706ff661275.exe
[2025-05-26 13:06:45.355] Path: D:\new\ransomware_high_confidence\avaddon\48d7cd572f14aed7a90d6b66097a885a889e6e7416a6aaa2eb442706ff661275.exe
[2025-05-26 13:06:45.355] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\48d7cd572f14aed7a90d6b66097a885a889e6e7416a6aaa2eb442706ff661275.exe
[2025-05-26 13:06:45.355] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:06:47.008] Restoring snapshot 35 done
[2025-05-26 13:06:47.008] Starting up VM
[2025-05-26 13:06:53.161] Starting up VM done
[2025-05-26 13:06:53.161] Installing kernel driver
[2025-05-26 13:06:53.161] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:06:57.619] Kernel driver installation completed
[2025-05-26 13:06:57.619] Starting GP driver service
[2025-05-26 13:06:57.619] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:07:00.772] GP driver service started
[2025-05-26 13:07:00.772] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\48d7cd572f14aed7a90d6b66097a885a889e6e7416a6aaa2eb442706ff661275.exe
[2025-05-26 13:07:00.772] Malware execution started
[2025-05-26 13:07:00.772] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:08:00.780] Taking screenshot
[2025-05-26 13:08:00.844] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:09:29.629] Powering off VM done
[2025-05-26 13:09:32.629] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:09:34.095] Restoring snapshot 35 done
[2025-05-26 13:09:34.095] Kernel telemetry analysis completed in 168.7 seconds.

[2025-05-26 13:09:34.095] ✅ Analysis completed successfully!
[2025-05-26 13:09:34.095] Progress: 1.6% (23/1408)
[2025-05-26 13:09:34.095] Successful: 23, Failed: 0
[2025-05-26 13:09:34.095] Time remaining: 60.3h
[2025-05-26 13:09:34.095] Waiting 5 seconds before next sample...
[2025-05-26 13:09:39.096] SAMPLE 24/1408
[2025-05-26 13:09:39.096] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:09:39.096] File: 4c4477f81ec823fa43bc2499d0fac1c8ccc1e828f1086aa8bfc7ba7122605da2.exe
[2025-05-26 13:09:39.096] Path: D:\new\ransomware_high_confidence\avaddon\4c4477f81ec823fa43bc2499d0fac1c8ccc1e828f1086aa8bfc7ba7122605da2.exe
[2025-05-26 13:09:39.096] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\4c4477f81ec823fa43bc2499d0fac1c8ccc1e828f1086aa8bfc7ba7122605da2.exe
[2025-05-26 13:09:39.096] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:09:40.635] Restoring snapshot 35 done
[2025-05-26 13:09:40.635] Starting up VM
[2025-05-26 13:09:46.453] Starting up VM done
[2025-05-26 13:09:46.453] Installing kernel driver
[2025-05-26 13:09:46.453] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:09:49.608] Kernel driver installation completed
[2025-05-26 13:09:49.608] Starting GP driver service
[2025-05-26 13:09:49.608] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:09:52.761] GP driver service started
[2025-05-26 13:09:52.761] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\4c4477f81ec823fa43bc2499d0fac1c8ccc1e828f1086aa8bfc7ba7122605da2.exe
[2025-05-26 13:09:52.762] Malware execution started
[2025-05-26 13:09:52.762] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:10:52.770] Taking screenshot
[2025-05-26 13:10:52.832] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:11:33.328] Powering off VM done
[2025-05-26 13:11:36.329] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:11:37.714] Restoring snapshot 35 done
[2025-05-26 13:11:37.715] Kernel telemetry analysis completed in 118.6 seconds.

[2025-05-26 13:11:37.715] ✅ Analysis completed successfully!
[2025-05-26 13:11:37.715] Progress: 1.7% (24/1408)
[2025-05-26 13:11:37.715] Successful: 24, Failed: 0
[2025-05-26 13:11:37.715] Time remaining: 59.8h
[2025-05-26 13:11:37.715] Waiting 5 seconds before next sample...
[2025-05-26 13:11:42.715] SAMPLE 25/1408
[2025-05-26 13:11:42.715] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:11:42.715] File: 5f171bd6646d203350bab1ac76aa789479b0af70616022d40b9c1efd9fd73cb9.exe
[2025-05-26 13:11:42.715] Path: D:\new\ransomware_high_confidence\avaddon\5f171bd6646d203350bab1ac76aa789479b0af70616022d40b9c1efd9fd73cb9.exe
[2025-05-26 13:11:42.715] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\5f171bd6646d203350bab1ac76aa789479b0af70616022d40b9c1efd9fd73cb9.exe
[2025-05-26 13:11:42.715] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:11:44.260] Restoring snapshot 35 done
[2025-05-26 13:11:44.260] Starting up VM
[2025-05-26 13:11:50.445] Starting up VM done
[2025-05-26 13:11:50.445] Installing kernel driver
[2025-05-26 13:11:50.445] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:11:54.952] Kernel driver installation completed
[2025-05-26 13:11:54.952] Starting GP driver service
[2025-05-26 13:11:54.952] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:11:58.112] GP driver service started
[2025-05-26 13:11:58.112] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\5f171bd6646d203350bab1ac76aa789479b0af70616022d40b9c1efd9fd73cb9.exe
[2025-05-26 13:11:58.113] Malware execution started
[2025-05-26 13:11:58.113] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:12:58.121] Taking screenshot
[2025-05-26 13:12:58.182] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:13:20.248] Powering off VM done
[2025-05-26 13:13:23.248] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:13:24.882] Restoring snapshot 35 done
[2025-05-26 13:13:24.882] Kernel telemetry analysis completed in 102.2 seconds.

[2025-05-26 13:13:24.882] ✅ Analysis completed successfully!
[2025-05-26 13:13:24.882] Progress: 1.8% (25/1408)
[2025-05-26 13:13:24.882] Successful: 25, Failed: 0
[2025-05-26 13:13:24.882] Time remaining: 59.0h
[2025-05-26 13:13:24.882] Waiting 5 seconds before next sample...
[2025-05-26 13:13:29.882] SAMPLE 26/1408
[2025-05-26 13:13:29.882] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:13:29.882] File: 63d793d1815aa1b119d580312630569fb2eb1880396df7cbe339adcd5c3ae2de.exe
[2025-05-26 13:13:29.882] Path: D:\new\ransomware_high_confidence\avaddon\63d793d1815aa1b119d580312630569fb2eb1880396df7cbe339adcd5c3ae2de.exe
[2025-05-26 13:13:29.882] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\63d793d1815aa1b119d580312630569fb2eb1880396df7cbe339adcd5c3ae2de.exe
[2025-05-26 13:13:29.882] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:13:31.397] Restoring snapshot 35 done
[2025-05-26 13:13:31.397] Starting up VM
[2025-05-26 13:13:37.396] Starting up VM done
[2025-05-26 13:13:37.396] Installing kernel driver
[2025-05-26 13:13:37.396] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:13:41.714] Kernel driver installation completed
[2025-05-26 13:13:41.714] Starting GP driver service
[2025-05-26 13:13:41.714] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:13:44.879] GP driver service started
[2025-05-26 13:13:44.879] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\63d793d1815aa1b119d580312630569fb2eb1880396df7cbe339adcd5c3ae2de.exe
[2025-05-26 13:13:44.880] Malware execution started
[2025-05-26 13:13:44.880] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:14:44.888] Taking screenshot
[2025-05-26 13:14:44.949] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:16:16.427] Powering off VM done
[2025-05-26 13:16:19.427] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:16:20.832] Restoring snapshot 35 done
[2025-05-26 13:16:20.832] Kernel telemetry analysis completed in 171.0 seconds.

[2025-05-26 13:16:20.832] ✅ Analysis completed successfully!
[2025-05-26 13:16:20.832] Progress: 1.8% (26/1408)
[2025-05-26 13:16:20.832] Successful: 26, Failed: 0
[2025-05-26 13:16:20.832] Time remaining: 59.3h
[2025-05-26 13:16:20.832] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-26 13:16:25.833] SAMPLE 27/1408
[2025-05-26 13:16:25.833] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:16:25.833] File: 6c40bc4bd88759b8bab164742f0d617a576e5488d816a7ce53e9ee71918fbd5e.exe
[2025-05-26 13:16:25.833] Path: D:\new\ransomware_high_confidence\avaddon\6c40bc4bd88759b8bab164742f0d617a576e5488d816a7ce53e9ee71918fbd5e.exe
[2025-05-26 13:16:25.833] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\6c40bc4bd88759b8bab164742f0d617a576e5488d816a7ce53e9ee71918fbd5e.exe
[2025-05-26 13:16:25.833] Malware execution time: 60 seconds
[2025-05-26 13:16:25.833] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:16:27.237] Restoring snapshot 35 done
[2025-05-26 13:16:27.237] Starting up VM
[2025-05-26 13:16:33.000] Starting up VM done
[2025-05-26 13:16:33.000] Installing kernel driver
[2025-05-26 13:16:33.000] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:16:38.324] Kernel driver installation completed
[2025-05-26 13:16:38.324] Starting GP driver service
[2025-05-26 13:16:38.324] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:16:41.481] GP driver service started
[2025-05-26 13:16:41.481] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\6c40bc4bd88759b8bab164742f0d617a576e5488d816a7ce53e9ee71918fbd5e.exe
[2025-05-26 13:16:41.481] Malware execution started
[2025-05-26 13:16:41.481] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:17:41.489] Taking screenshot
[2025-05-26 13:17:41.551] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:18:27.847] Powering off VM done
[2025-05-26 13:18:30.848] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:18:31.960] Restoring snapshot 35 done
[2025-05-26 13:18:31.960] Kernel telemetry analysis completed in 126.1 seconds.

[2025-05-26 13:18:31.960] ✅ Analysis completed successfully!
[2025-05-26 13:18:31.960] Progress: 1.9% (27/1408)
[2025-05-26 13:18:31.960] Successful: 27, Failed: 0
[2025-05-26 13:18:31.960] Time remaining: 58.9h
[2025-05-26 13:18:31.960] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-26 13:18:36.961] SAMPLE 28/1408
[2025-05-26 13:18:36.961] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:18:36.961] File: 7777b09e492304a37ac771a33be44dcf685ec528f20faaecf84bcafe3b870a6a.exe
[2025-05-26 13:18:36.961] Path: D:\new\ransomware_high_confidence\avaddon\7777b09e492304a37ac771a33be44dcf685ec528f20faaecf84bcafe3b870a6a.exe
[2025-05-26 13:18:36.961] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\7777b09e492304a37ac771a33be44dcf685ec528f20faaecf84bcafe3b870a6a.exe
[2025-05-26 13:18:36.961] Malware execution time: 60 seconds
[2025-05-26 13:18:36.961] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:18:38.452] Restoring snapshot 35 done
[2025-05-26 13:18:38.452] Starting up VM
[2025-05-26 13:18:44.239] Starting up VM done
[2025-05-26 13:18:44.239] Installing kernel driver
[2025-05-26 13:18:44.239] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:18:47.940] Kernel driver installation completed
[2025-05-26 13:18:47.940] Starting GP driver service
[2025-05-26 13:18:47.940] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:18:51.095] GP driver service started
[2025-05-26 13:18:51.095] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\7777b09e492304a37ac771a33be44dcf685ec528f20faaecf84bcafe3b870a6a.exe
[2025-05-26 13:18:51.096] Malware execution started
[2025-05-26 13:18:51.096] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:19:51.103] Taking screenshot
[2025-05-26 13:19:51.164] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:20:23.403] Powering off VM done
[2025-05-26 13:20:26.404] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:20:27.934] Restoring snapshot 35 done
[2025-05-26 13:20:27.934] Kernel telemetry analysis completed in 111.0 seconds.

[2025-05-26 13:20:27.934] ✅ Analysis completed successfully!
[2025-05-26 13:20:27.934] Progress: 2.0% (28/1408)
[2025-05-26 13:20:27.934] Successful: 28, Failed: 0
[2025-05-26 13:20:27.934] Time remaining: 58.3h
[2025-05-26 13:20:27.935] Waiting 5 seconds before next sample...
[2025-05-26 13:20:32.935] SAMPLE 29/1408
[2025-05-26 13:20:32.935] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:20:32.935] File: 81493b11fc6acd0d4d8bb653dd9fcdaec16affbcbb509c01f6377db68efceee3.exe
[2025-05-26 13:20:32.935] Path: D:\new\ransomware_high_confidence\avaddon\81493b11fc6acd0d4d8bb653dd9fcdaec16affbcbb509c01f6377db68efceee3.exe
[2025-05-26 13:20:32.935] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\81493b11fc6acd0d4d8bb653dd9fcdaec16affbcbb509c01f6377db68efceee3.exe
[2025-05-26 13:20:32.935] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:20:34.457] Restoring snapshot 35 done
[2025-05-26 13:20:34.457] Starting up VM
[2025-05-26 13:20:41.163] Starting up VM done
[2025-05-26 13:20:41.163] Installing kernel driver
[2025-05-26 13:20:41.163] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:20:48.115] Kernel driver installation completed
[2025-05-26 13:20:48.115] Starting GP driver service
[2025-05-26 13:20:48.115] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:20:51.275] GP driver service started
[2025-05-26 13:20:51.275] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\81493b11fc6acd0d4d8bb653dd9fcdaec16affbcbb509c01f6377db68efceee3.exe
[2025-05-26 13:20:51.275] Malware execution started
[2025-05-26 13:20:51.275] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:21:51.283] Taking screenshot
[2025-05-26 13:21:51.346] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:22:20.884] Powering off VM done
[2025-05-26 13:22:23.884] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:22:25.519] Restoring snapshot 35 done
[2025-05-26 13:22:25.519] Kernel telemetry analysis completed in 112.6 seconds.

[2025-05-26 13:22:25.519] ✅ Analysis completed successfully!
[2025-05-26 13:22:25.519] Progress: 2.1% (29/1408)
[2025-05-26 13:22:25.519] Successful: 29, Failed: 0
[2025-05-26 13:22:25.519] Time remaining: 57.8h
[2025-05-26 13:22:25.519] Waiting 5 seconds before next sample...
[2025-05-26 13:22:30.519] SAMPLE 30/1408
[2025-05-26 13:22:30.519] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:22:30.519] File: 898a9d34e5e5c49b03fcc27216fb83f1c9690e4fc75a9e9aa144f4d93d564471.exe
[2025-05-26 13:22:30.519] Path: D:\new\ransomware_high_confidence\avaddon\898a9d34e5e5c49b03fcc27216fb83f1c9690e4fc75a9e9aa144f4d93d564471.exe
[2025-05-26 13:22:30.519] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\898a9d34e5e5c49b03fcc27216fb83f1c9690e4fc75a9e9aa144f4d93d564471.exe
[2025-05-26 13:22:30.520] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:22:32.149] Restoring snapshot 35 done
[2025-05-26 13:22:32.150] Starting up VM
[2025-05-26 13:22:38.333] Starting up VM done
[2025-05-26 13:22:38.333] Installing kernel driver
[2025-05-26 13:22:38.333] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:22:42.457] Kernel driver installation completed
[2025-05-26 13:22:42.457] Starting GP driver service
[2025-05-26 13:22:42.457] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:22:45.635] GP driver service started
[2025-05-26 13:22:45.635] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\898a9d34e5e5c49b03fcc27216fb83f1c9690e4fc75a9e9aa144f4d93d564471.exe
[2025-05-26 13:22:45.635] Malware execution started
[2025-05-26 13:22:45.635] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:23:45.643] Taking screenshot
[2025-05-26 13:23:45.705] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:25:04.833] Powering off VM done
[2025-05-26 13:25:07.833] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:25:08.945] Restoring snapshot 35 done
[2025-05-26 13:25:08.945] Kernel telemetry analysis completed in 158.4 seconds.

[2025-05-26 13:25:08.945] ✅ Analysis completed successfully!
[2025-05-26 13:25:08.945] Progress: 2.1% (30/1408)
[2025-05-26 13:25:08.945] Successful: 30, Failed: 0
[2025-05-26 13:25:08.945] Time remaining: 58.0h
[2025-05-26 13:25:08.945] Waiting 5 seconds before next sample...
[2025-05-26 13:25:13.946] SAMPLE 31/1408
[2025-05-26 13:25:13.946] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:25:13.946] File: 90ebe699b4485af1eede919d39c1d080f5046a3d572ac4cd56d591de32e1746f.exe
[2025-05-26 13:25:13.946] Path: D:\new\ransomware_high_confidence\avaddon\90ebe699b4485af1eede919d39c1d080f5046a3d572ac4cd56d591de32e1746f.exe
[2025-05-26 13:25:13.946] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\90ebe699b4485af1eede919d39c1d080f5046a3d572ac4cd56d591de32e1746f.exe
[2025-05-26 13:25:13.946] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:25:15.673] Restoring snapshot 35 done
[2025-05-26 13:25:15.673] Starting up VM
[2025-05-26 13:25:21.807] Starting up VM done
[2025-05-26 13:25:21.807] Installing kernel driver
[2025-05-26 13:25:21.807] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:25:26.094] Kernel driver installation completed
[2025-05-26 13:25:26.094] Starting GP driver service
[2025-05-26 13:25:26.095] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:25:29.264] GP driver service started
[2025-05-26 13:25:29.264] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\90ebe699b4485af1eede919d39c1d080f5046a3d572ac4cd56d591de32e1746f.exe
[2025-05-26 13:25:29.264] Malware execution started
[2025-05-26 13:25:29.264] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:26:29.272] Taking screenshot
[2025-05-26 13:26:29.332] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:27:31.036] Powering off VM done
[2025-05-26 13:27:34.036] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:27:35.461] Restoring snapshot 35 done
[2025-05-26 13:27:35.461] Kernel telemetry analysis completed in 141.5 seconds.

[2025-05-26 13:27:35.461] ✅ Analysis completed successfully!
[2025-05-26 13:27:35.461] Progress: 2.2% (31/1408)
[2025-05-26 13:27:35.461] Successful: 31, Failed: 0
[2025-05-26 13:27:35.461] Time remaining: 57.9h
[2025-05-26 13:27:35.461] Waiting 5 seconds before next sample...
[2025-05-26 13:27:40.461] SAMPLE 32/1408
[2025-05-26 13:27:40.461] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:27:40.461] File: 99f433c40fae957a270e150dd6a3946fe746503cfb19efe53e0d8e52ad12f5fe.exe
[2025-05-26 13:27:40.461] Path: D:\new\ransomware_high_confidence\avaddon\99f433c40fae957a270e150dd6a3946fe746503cfb19efe53e0d8e52ad12f5fe.exe
[2025-05-26 13:27:40.462] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\99f433c40fae957a270e150dd6a3946fe746503cfb19efe53e0d8e52ad12f5fe.exe
[2025-05-26 13:27:40.462] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:27:42.217] Restoring snapshot 35 done
[2025-05-26 13:27:42.217] Starting up VM
[2025-05-26 13:27:48.642] Starting up VM done
[2025-05-26 13:27:48.642] Installing kernel driver
[2025-05-26 13:27:48.642] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:27:54.007] Kernel driver installation completed
[2025-05-26 13:27:54.007] Starting GP driver service
[2025-05-26 13:27:54.007] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:27:57.164] GP driver service started
[2025-05-26 13:27:57.164] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\99f433c40fae957a270e150dd6a3946fe746503cfb19efe53e0d8e52ad12f5fe.exe
[2025-05-26 13:27:57.165] Malware execution started
[2025-05-26 13:27:57.165] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:28:57.172] Taking screenshot
[2025-05-26 13:28:57.234] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:30:34.594] Powering off VM done
[2025-05-26 13:30:37.594] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:30:38.612] Restoring snapshot 35 done
[2025-05-26 13:30:38.612] Kernel telemetry analysis completed in 178.2 seconds.

[2025-05-26 13:30:38.612] ✅ Analysis completed successfully!
[2025-05-26 13:30:38.612] Progress: 2.3% (32/1408)
[2025-05-26 13:30:38.612] Successful: 32, Failed: 0
[2025-05-26 13:30:38.612] Time remaining: 58.2h
[2025-05-26 13:30:38.612] Waiting 5 seconds before next sample...
[2025-05-26 13:30:43.613] SAMPLE 33/1408
[2025-05-26 13:30:43.613] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:30:43.613] File: 9bf8178897ad95d55f2c74eb3827419164228f3d2dcb25cd71190f758dad8b91.exe
[2025-05-26 13:30:43.613] Path: D:\new\ransomware_high_confidence\avaddon\9bf8178897ad95d55f2c74eb3827419164228f3d2dcb25cd71190f758dad8b91.exe
[2025-05-26 13:30:43.613] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\9bf8178897ad95d55f2c74eb3827419164228f3d2dcb25cd71190f758dad8b91.exe
[2025-05-26 13:30:43.613] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:30:45.345] Restoring snapshot 35 done
[2025-05-26 13:30:45.345] Starting up VM
[2025-05-26 13:30:51.394] Starting up VM done
[2025-05-26 13:30:51.394] Installing kernel driver
[2025-05-26 13:30:51.394] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:30:55.639] Kernel driver installation completed
[2025-05-26 13:30:55.640] Starting GP driver service
[2025-05-26 13:30:55.640] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:30:58.795] GP driver service started
[2025-05-26 13:30:58.796] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\9bf8178897ad95d55f2c74eb3827419164228f3d2dcb25cd71190f758dad8b91.exe
[2025-05-26 13:30:58.796] Malware execution started
[2025-05-26 13:30:58.796] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:31:58.804] Taking screenshot
[2025-05-26 13:31:58.865] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:33:51.986] Powering off VM done
[2025-05-26 13:33:54.987] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:33:56.135] Restoring snapshot 35 done
[2025-05-26 13:33:56.135] Kernel telemetry analysis completed in 192.5 seconds.

[2025-05-26 13:33:56.135] ✅ Analysis completed successfully!
[2025-05-26 13:33:56.135] Progress: 2.3% (33/1408)
[2025-05-26 13:33:56.135] Successful: 33, Failed: 0
[2025-05-26 13:33:56.135] Time remaining: 58.7h
[2025-05-26 13:33:56.135] Waiting 5 seconds before next sample...
[2025-05-26 13:34:01.135] SAMPLE 34/1408
[2025-05-26 13:34:01.135] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:34:01.135] File: a714d94634dfc13ed21a8a9b7fb1990c257050f809b0a53c9a5928e3c220f45d.exe
[2025-05-26 13:34:01.135] Path: D:\new\ransomware_high_confidence\avaddon\a714d94634dfc13ed21a8a9b7fb1990c257050f809b0a53c9a5928e3c220f45d.exe
[2025-05-26 13:34:01.136] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\a714d94634dfc13ed21a8a9b7fb1990c257050f809b0a53c9a5928e3c220f45d.exe
[2025-05-26 13:34:01.136] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:34:02.995] Restoring snapshot 35 done
[2025-05-26 13:34:02.995] Starting up VM
[2025-05-26 13:34:09.876] Starting up VM done
[2025-05-26 13:34:09.876] Installing kernel driver
[2025-05-26 13:34:09.876] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:34:14.728] Kernel driver installation completed
[2025-05-26 13:34:14.728] Starting GP driver service
[2025-05-26 13:34:14.728] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:34:17.879] GP driver service started
[2025-05-26 13:34:17.879] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\a714d94634dfc13ed21a8a9b7fb1990c257050f809b0a53c9a5928e3c220f45d.exe
[2025-05-26 13:34:17.880] Malware execution started
[2025-05-26 13:34:17.880] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:35:17.888] Taking screenshot
[2025-05-26 13:35:17.951] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:36:34.740] Powering off VM done
[2025-05-26 13:36:37.740] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:36:39.266] Restoring snapshot 35 done
[2025-05-26 13:36:39.266] Kernel telemetry analysis completed in 158.1 seconds.

[2025-05-26 13:36:39.266] ✅ Analysis completed successfully!
[2025-05-26 13:36:39.266] Progress: 2.4% (34/1408)
[2025-05-26 13:36:39.266] Successful: 34, Failed: 0
[2025-05-26 13:36:39.266] Time remaining: 58.7h
[2025-05-26 13:36:39.266] Waiting 5 seconds before next sample...
[2025-05-26 13:36:44.266] SAMPLE 35/1408
[2025-05-26 13:36:44.266] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:36:44.266] File: accdf7be34e793269c8e340d73a34199a9a4b3503e9b2120e9f3ef250f18922c.exe
[2025-05-26 13:36:44.266] Path: D:\new\ransomware_high_confidence\avaddon\accdf7be34e793269c8e340d73a34199a9a4b3503e9b2120e9f3ef250f18922c.exe
[2025-05-26 13:36:44.267] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\accdf7be34e793269c8e340d73a34199a9a4b3503e9b2120e9f3ef250f18922c.exe
[2025-05-26 13:36:44.267] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:36:45.687] Restoring snapshot 35 done
[2025-05-26 13:36:45.687] Starting up VM
[2025-05-26 13:36:51.669] Starting up VM done
[2025-05-26 13:36:51.669] Installing kernel driver
[2025-05-26 13:36:51.669] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:36:55.961] Kernel driver installation completed
[2025-05-26 13:36:55.961] Starting GP driver service
[2025-05-26 13:36:55.961] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:36:59.119] GP driver service started
[2025-05-26 13:36:59.119] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\accdf7be34e793269c8e340d73a34199a9a4b3503e9b2120e9f3ef250f18922c.exe
[2025-05-26 13:36:59.119] Malware execution started
[2025-05-26 13:36:59.119] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:37:59.128] Taking screenshot
[2025-05-26 13:37:59.189] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:39:12.339] Powering off VM done
[2025-05-26 13:39:15.340] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:39:16.721] Restoring snapshot 35 done
[2025-05-26 13:39:16.721] Kernel telemetry analysis completed in 152.5 seconds.

[2025-05-26 13:39:16.721] ✅ Analysis completed successfully!
[2025-05-26 13:39:16.721] Progress: 2.5% (35/1408)
[2025-05-26 13:39:16.721] Successful: 35, Failed: 0
[2025-05-26 13:39:16.721] Time remaining: 58.7h
[2025-05-26 13:39:16.721] Waiting 5 seconds before next sample...
[2025-05-26 13:39:21.721] SAMPLE 36/1408
[2025-05-26 13:39:21.721] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:39:21.721] File: adc2ccee19ca8ffb238053f98d87d1ae41cfa794248db23dce8e2db80a8cad56.exe
[2025-05-26 13:39:21.721] Path: D:\new\ransomware_high_confidence\avaddon\adc2ccee19ca8ffb238053f98d87d1ae41cfa794248db23dce8e2db80a8cad56.exe
[2025-05-26 13:39:21.721] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\adc2ccee19ca8ffb238053f98d87d1ae41cfa794248db23dce8e2db80a8cad56.exe
[2025-05-26 13:39:21.721] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:39:23.385] Restoring snapshot 35 done
[2025-05-26 13:39:23.385] Starting up VM
[2025-05-26 13:39:29.392] Starting up VM done
[2025-05-26 13:39:29.392] Installing kernel driver
[2025-05-26 13:39:29.392] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:39:33.747] Kernel driver installation completed
[2025-05-26 13:39:33.747] Starting GP driver service
[2025-05-26 13:39:33.747] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:39:36.907] GP driver service started
[2025-05-26 13:39:36.907] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\adc2ccee19ca8ffb238053f98d87d1ae41cfa794248db23dce8e2db80a8cad56.exe
[2025-05-26 13:39:36.908] Malware execution started
[2025-05-26 13:39:36.908] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:40:36.916] Taking screenshot
[2025-05-26 13:40:36.977] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:43:14.176] Powering off VM done
[2025-05-26 13:43:17.177] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:43:18.363] Restoring snapshot 35 done
[2025-05-26 13:43:18.363] Kernel telemetry analysis completed in 236.6 seconds.

[2025-05-26 13:43:18.363] ✅ Analysis completed successfully!
[2025-05-26 13:43:18.363] Progress: 2.6% (36/1408)
[2025-05-26 13:43:18.363] Successful: 36, Failed: 0
[2025-05-26 13:43:18.363] Time remaining: 59.6h
[2025-05-26 13:43:18.363] Waiting 5 seconds before next sample...
[2025-05-26 13:43:23.363] SAMPLE 37/1408
[2025-05-26 13:43:23.363] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:43:23.363] File: b83e430f6f40dc470096516a1780dc87e707a7cb3db07533ea672fdaf2a3ebf5.exe
[2025-05-26 13:43:23.363] Path: D:\new\ransomware_high_confidence\avaddon\b83e430f6f40dc470096516a1780dc87e707a7cb3db07533ea672fdaf2a3ebf5.exe
[2025-05-26 13:43:23.364] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\b83e430f6f40dc470096516a1780dc87e707a7cb3db07533ea672fdaf2a3ebf5.exe
[2025-05-26 13:43:23.364] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:43:25.203] Restoring snapshot 35 done
[2025-05-26 13:43:25.203] Starting up VM
[2025-05-26 13:43:31.631] Starting up VM done
[2025-05-26 13:43:31.632] Installing kernel driver
[2025-05-26 13:43:31.632] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:43:36.088] Kernel driver installation completed
[2025-05-26 13:43:36.088] Starting GP driver service
[2025-05-26 13:43:36.088] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:43:39.237] GP driver service started
[2025-05-26 13:43:39.237] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\b83e430f6f40dc470096516a1780dc87e707a7cb3db07533ea672fdaf2a3ebf5.exe
[2025-05-26 13:43:39.238] Malware execution started
[2025-05-26 13:43:39.238] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:44:39.246] Taking screenshot
[2025-05-26 13:44:39.308] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:45:40.867] Powering off VM done
[2025-05-26 13:45:43.867] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:45:45.187] Restoring snapshot 35 done
[2025-05-26 13:45:45.187] Kernel telemetry analysis completed in 141.8 seconds.

[2025-05-26 13:45:45.187] ✅ Analysis completed successfully!
[2025-05-26 13:45:45.187] Progress: 2.6% (37/1408)
[2025-05-26 13:45:45.187] Successful: 37, Failed: 0
[2025-05-26 13:45:45.187] Time remaining: 59.5h
[2025-05-26 13:45:45.188] Waiting 5 seconds before next sample...
[2025-05-26 13:45:50.188] SAMPLE 38/1408
[2025-05-26 13:45:50.188] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:45:50.188] File: ba410968db8d8b0d7faa1c48862c1235f78bc01a3f0929bd8ef9ac644fed3b70.exe
[2025-05-26 13:45:50.188] Path: D:\new\ransomware_high_confidence\avaddon\ba410968db8d8b0d7faa1c48862c1235f78bc01a3f0929bd8ef9ac644fed3b70.exe
[2025-05-26 13:45:50.188] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\ba410968db8d8b0d7faa1c48862c1235f78bc01a3f0929bd8ef9ac644fed3b70.exe
[2025-05-26 13:45:50.188] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:45:51.708] Restoring snapshot 35 done
[2025-05-26 13:45:51.708] Starting up VM
[2025-05-26 13:45:58.416] Starting up VM done
[2025-05-26 13:45:58.417] Installing kernel driver
[2025-05-26 13:45:58.417] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:46:02.338] Kernel driver installation completed
[2025-05-26 13:46:02.338] Starting GP driver service
[2025-05-26 13:46:02.338] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:46:05.489] GP driver service started
[2025-05-26 13:46:05.489] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\ba410968db8d8b0d7faa1c48862c1235f78bc01a3f0929bd8ef9ac644fed3b70.exe
[2025-05-26 13:46:05.490] Malware execution started
[2025-05-26 13:46:05.490] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:47:05.498] Taking screenshot
[2025-05-26 13:47:05.560] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:48:52.976] Powering off VM done
[2025-05-26 13:48:55.976] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:48:57.402] Restoring snapshot 35 done
[2025-05-26 13:48:57.402] Kernel telemetry analysis completed in 187.2 seconds.

[2025-05-26 13:48:57.402] ✅ Analysis completed successfully!
[2025-05-26 13:48:57.402] Progress: 2.7% (38/1408)
[2025-05-26 13:48:57.402] Successful: 38, Failed: 0
[2025-05-26 13:48:57.402] Time remaining: 59.8h
[2025-05-26 13:48:57.402] Waiting 5 seconds before next sample...
[2025-05-26 13:49:02.402] SAMPLE 39/1408
[2025-05-26 13:49:02.402] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:49:02.402] File: bc5c264c4dc0207f6d500c47f870cc2aef641c4bf0efa3b1a408b83922cc61ac.exe
[2025-05-26 13:49:02.402] Path: D:\new\ransomware_high_confidence\avaddon\bc5c264c4dc0207f6d500c47f870cc2aef641c4bf0efa3b1a408b83922cc61ac.exe
[2025-05-26 13:49:02.402] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\bc5c264c4dc0207f6d500c47f870cc2aef641c4bf0efa3b1a408b83922cc61ac.exe
[2025-05-26 13:49:02.402] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:49:04.058] Restoring snapshot 35 done
[2025-05-26 13:49:04.058] Starting up VM
[2025-05-26 13:49:10.579] Starting up VM done
[2025-05-26 13:49:10.579] Installing kernel driver
[2025-05-26 13:49:10.579] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:49:15.037] Kernel driver installation completed
[2025-05-26 13:49:15.037] Starting GP driver service
[2025-05-26 13:49:15.037] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:49:18.186] GP driver service started
[2025-05-26 13:49:18.186] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\bc5c264c4dc0207f6d500c47f870cc2aef641c4bf0efa3b1a408b83922cc61ac.exe
[2025-05-26 13:49:18.186] Malware execution started
[2025-05-26 13:49:18.187] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:50:18.195] Taking screenshot
[2025-05-26 13:50:18.255] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:51:31.146] Powering off VM done
[2025-05-26 13:51:34.146] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:51:35.540] Restoring snapshot 35 done
[2025-05-26 13:51:35.540] Kernel telemetry analysis completed in 153.1 seconds.

[2025-05-26 13:51:35.540] ✅ Analysis completed successfully!
[2025-05-26 13:51:35.540] Progress: 2.8% (39/1408)
[2025-05-26 13:51:35.540] Successful: 39, Failed: 0
[2025-05-26 13:51:35.540] Time remaining: 59.8h
[2025-05-26 13:51:35.540] Waiting 5 seconds before next sample...
[2025-05-26 13:51:40.541] SAMPLE 40/1408
[2025-05-26 13:51:40.541] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:51:40.541] File: ce9236f9e823ce5613746d27660bc6613b16fb63e90ddf1ca77b11fa483a115c.exe
[2025-05-26 13:51:40.541] Path: D:\new\ransomware_high_confidence\avaddon\ce9236f9e823ce5613746d27660bc6613b16fb63e90ddf1ca77b11fa483a115c.exe
[2025-05-26 13:51:40.541] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\ce9236f9e823ce5613746d27660bc6613b16fb63e90ddf1ca77b11fa483a115c.exe
[2025-05-26 13:51:40.541] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:51:41.937] Restoring snapshot 35 done
[2025-05-26 13:51:41.937] Starting up VM
[2025-05-26 13:51:48.215] Starting up VM done
[2025-05-26 13:51:48.215] Installing kernel driver
[2025-05-26 13:51:48.215] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:51:52.704] Kernel driver installation completed
[2025-05-26 13:51:52.704] Starting GP driver service
[2025-05-26 13:51:52.704] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:51:55.853] GP driver service started
[2025-05-26 13:51:55.853] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\ce9236f9e823ce5613746d27660bc6613b16fb63e90ddf1ca77b11fa483a115c.exe
[2025-05-26 13:51:55.853] Malware execution started
[2025-05-26 13:51:55.853] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:52:55.861] Taking screenshot
[2025-05-26 13:52:55.923] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:54:52.105] Powering off VM done
[2025-05-26 13:54:55.105] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:54:56.658] Restoring snapshot 35 done
[2025-05-26 13:54:56.658] Kernel telemetry analysis completed in 196.1 seconds.

[2025-05-26 13:54:56.658] ✅ Analysis completed successfully!
[2025-05-26 13:54:56.658] Progress: 2.8% (40/1408)
[2025-05-26 13:54:56.658] Successful: 40, Failed: 0
[2025-05-26 13:54:56.658] Time remaining: 60.1h
[2025-05-26 13:54:56.658] Waiting 5 seconds before next sample...
[2025-05-26 13:55:01.659] SAMPLE 41/1408
[2025-05-26 13:55:01.659] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:55:01.659] File: d084e7c9160b96e53d799ef955a676aa28290cf51a2ba3354ccdd33829638175.exe
[2025-05-26 13:55:01.659] Path: D:\new\ransomware_high_confidence\avaddon\d084e7c9160b96e53d799ef955a676aa28290cf51a2ba3354ccdd33829638175.exe
[2025-05-26 13:55:01.659] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\d084e7c9160b96e53d799ef955a676aa28290cf51a2ba3354ccdd33829638175.exe
[2025-05-26 13:55:01.659] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:55:03.416] Restoring snapshot 35 done
[2025-05-26 13:55:03.416] Starting up VM
[2025-05-26 13:55:09.389] Starting up VM done
[2025-05-26 13:55:09.389] Installing kernel driver
[2025-05-26 13:55:09.389] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:55:13.148] Kernel driver installation completed
[2025-05-26 13:55:13.148] Starting GP driver service
[2025-05-26 13:55:13.148] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:55:16.310] GP driver service started
[2025-05-26 13:55:16.310] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\d084e7c9160b96e53d799ef955a676aa28290cf51a2ba3354ccdd33829638175.exe
[2025-05-26 13:55:16.311] Malware execution started
[2025-05-26 13:55:16.311] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:56:16.319] Taking screenshot
[2025-05-26 13:56:16.381] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:56:41.181] Powering off VM done
[2025-05-26 13:56:44.182] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:56:45.811] Restoring snapshot 35 done
[2025-05-26 13:56:45.811] Kernel telemetry analysis completed in 104.2 seconds.

[2025-05-26 13:56:45.811] ✅ Analysis completed successfully!
[2025-05-26 13:56:45.811] Progress: 2.9% (41/1408)
[2025-05-26 13:56:45.811] Successful: 41, Failed: 0
[2025-05-26 13:56:45.811] Time remaining: 59.6h
[2025-05-26 13:56:45.811] Waiting 5 seconds before next sample...
[2025-05-26 13:56:50.812] SAMPLE 42/1408
[2025-05-26 13:56:50.812] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 13:56:50.812] File: d8470ac79ec2e92a5bbbab94cfa02f5162d23c6bf9cfb15d42edb97c6b9d0095.exe
[2025-05-26 13:56:50.812] Path: D:\new\ransomware_high_confidence\avaddon\d8470ac79ec2e92a5bbbab94cfa02f5162d23c6bf9cfb15d42edb97c6b9d0095.exe
[2025-05-26 13:56:50.812] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\d8470ac79ec2e92a5bbbab94cfa02f5162d23c6bf9cfb15d42edb97c6b9d0095.exe
[2025-05-26 13:56:50.812] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:56:52.311] Restoring snapshot 35 done
[2025-05-26 13:56:52.311] Starting up VM
[2025-05-26 13:56:58.460] Starting up VM done
[2025-05-26 13:56:58.460] Installing kernel driver
[2025-05-26 13:56:58.460] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 13:57:02.704] Kernel driver installation completed
[2025-05-26 13:57:02.704] Starting GP driver service
[2025-05-26 13:57:02.704] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 13:57:05.855] GP driver service started
[2025-05-26 13:57:05.855] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\d8470ac79ec2e92a5bbbab94cfa02f5162d23c6bf9cfb15d42edb97c6b9d0095.exe
[2025-05-26 13:57:05.855] Malware execution started
[2025-05-26 13:57:05.855] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 13:58:05.863] Taking screenshot
[2025-05-26 13:58:05.927] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:59:50.548] Powering off VM done
[2025-05-26 13:59:53.549] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 13:59:55.149] Restoring snapshot 35 done
[2025-05-26 13:59:55.149] Kernel telemetry analysis completed in 184.3 seconds.

[2025-05-26 13:59:55.149] ✅ Analysis completed successfully!
[2025-05-26 13:59:55.149] Progress: 3.0% (42/1408)
[2025-05-26 13:59:55.149] Successful: 42, Failed: 0
[2025-05-26 13:59:55.149] Time remaining: 59.9h
[2025-05-26 13:59:55.149] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-26 14:00:00.150] SAMPLE 43/1408
[2025-05-26 14:00:00.150] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 14:00:00.150] File: dab7eb2503e0d61d02e6156a47361da97afc53c1dee17c420a0a05de891172c3.exe
[2025-05-26 14:00:00.150] Path: D:\new\ransomware_high_confidence\avaddon\dab7eb2503e0d61d02e6156a47361da97afc53c1dee17c420a0a05de891172c3.exe
[2025-05-26 14:00:00.150] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\dab7eb2503e0d61d02e6156a47361da97afc53c1dee17c420a0a05de891172c3.exe
[2025-05-26 14:00:00.150] Malware execution time: 60 seconds
[2025-05-26 14:00:00.150] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:00:02.635] Restoring snapshot 35 done
[2025-05-26 14:00:02.635] Starting up VM
[2025-05-26 14:00:09.303] Starting up VM done
[2025-05-26 14:00:09.303] Installing kernel driver
[2025-05-26 14:00:09.303] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:00:13.816] Kernel driver installation completed
[2025-05-26 14:00:13.816] Starting GP driver service
[2025-05-26 14:00:13.816] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:00:16.973] GP driver service started
[2025-05-26 14:00:16.973] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\dab7eb2503e0d61d02e6156a47361da97afc53c1dee17c420a0a05de891172c3.exe
[2025-05-26 14:00:16.973] Malware execution started
[2025-05-26 14:00:16.973] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:01:16.981] Taking screenshot
[2025-05-26 14:01:17.043] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:02:50.295] Powering off VM done
[2025-05-26 14:02:53.295] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:02:55.184] Restoring snapshot 35 done
[2025-05-26 14:02:55.184] Kernel telemetry analysis completed in 175.0 seconds.

[2025-05-26 14:02:55.184] ✅ Analysis completed successfully!
[2025-05-26 14:02:55.184] Progress: 3.1% (43/1408)
[2025-05-26 14:02:55.184] Successful: 43, Failed: 0
[2025-05-26 14:02:55.184] Time remaining: 60.0h
[2025-05-26 14:02:55.184] Waiting 5 seconds before next sample...
[2025-05-26 14:03:00.185] SAMPLE 44/1408
[2025-05-26 14:03:00.185] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 14:03:00.185] File: dcb49ab9ec92111797dbf28f8a4df23729648d250f1abf9b06562d95afc400f6.exe
[2025-05-26 14:03:00.185] Path: D:\new\ransomware_high_confidence\avaddon\dcb49ab9ec92111797dbf28f8a4df23729648d250f1abf9b06562d95afc400f6.exe
[2025-05-26 14:03:00.185] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\dcb49ab9ec92111797dbf28f8a4df23729648d250f1abf9b06562d95afc400f6.exe
[2025-05-26 14:03:00.185] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:03:01.876] Restoring snapshot 35 done
[2025-05-26 14:03:01.876] Starting up VM
[2025-05-26 14:03:08.881] Starting up VM done
[2025-05-26 14:03:08.881] Installing kernel driver
[2025-05-26 14:03:08.881] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:03:13.158] Kernel driver installation completed
[2025-05-26 14:03:13.158] Starting GP driver service
[2025-05-26 14:03:13.158] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:03:16.314] GP driver service started
[2025-05-26 14:03:16.314] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\dcb49ab9ec92111797dbf28f8a4df23729648d250f1abf9b06562d95afc400f6.exe
[2025-05-26 14:03:16.314] Malware execution started
[2025-05-26 14:03:16.314] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:04:16.322] Taking screenshot
[2025-05-26 14:04:16.384] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:06:03.529] Powering off VM done
[2025-05-26 14:06:06.529] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:06:07.577] Restoring snapshot 35 done
[2025-05-26 14:06:07.577] Kernel telemetry analysis completed in 187.4 seconds.

[2025-05-26 14:06:07.577] ✅ Analysis completed successfully!
[2025-05-26 14:06:07.577] Progress: 3.1% (44/1408)
[2025-05-26 14:06:07.577] Successful: 44, Failed: 0
[2025-05-26 14:06:07.577] Time remaining: 60.3h
[2025-05-26 14:06:07.578] Waiting 5 seconds before next sample...
[2025-05-26 14:06:12.578] SAMPLE 45/1408
[2025-05-26 14:06:12.578] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 14:06:12.578] File: e3493fea655027d88224954f32985caff0aebaa858df3314747f6f4e4a92ac8d.exe
[2025-05-26 14:06:12.578] Path: D:\new\ransomware_high_confidence\avaddon\e3493fea655027d88224954f32985caff0aebaa858df3314747f6f4e4a92ac8d.exe
[2025-05-26 14:06:12.578] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\e3493fea655027d88224954f32985caff0aebaa858df3314747f6f4e4a92ac8d.exe
[2025-05-26 14:06:12.578] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:06:14.035] Restoring snapshot 35 done
[2025-05-26 14:06:14.035] Starting up VM
[2025-05-26 14:06:21.057] Starting up VM done
[2025-05-26 14:06:21.057] Installing kernel driver
[2025-05-26 14:06:21.057] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:06:25.516] Kernel driver installation completed
[2025-05-26 14:06:25.517] Starting GP driver service
[2025-05-26 14:06:25.517] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:06:28.680] GP driver service started
[2025-05-26 14:06:28.680] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\e3493fea655027d88224954f32985caff0aebaa858df3314747f6f4e4a92ac8d.exe
[2025-05-26 14:06:28.681] Malware execution started
[2025-05-26 14:06:28.681] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:07:28.689] Taking screenshot
[2025-05-26 14:07:28.749] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:08:42.303] Powering off VM done
[2025-05-26 14:08:45.303] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:08:46.868] Restoring snapshot 35 done
[2025-05-26 14:08:46.868] Kernel telemetry analysis completed in 154.3 seconds.

[2025-05-26 14:08:46.868] ✅ Analysis completed successfully!
[2025-05-26 14:08:46.868] Progress: 3.2% (45/1408)
[2025-05-26 14:08:46.868] Successful: 45, Failed: 0
[2025-05-26 14:08:46.868] Time remaining: 60.2h
[2025-05-26 14:08:46.868] Waiting 5 seconds before next sample...
[2025-05-26 14:08:51.868] SAMPLE 46/1408
[2025-05-26 14:08:51.868] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 14:08:51.868] File: e3f39c3866a3b619e9f2b0eaa346bd9dae42b3330be1392828bbfb3d3619cdac.exe
[2025-05-26 14:08:51.868] Path: D:\new\ransomware_high_confidence\avaddon\e3f39c3866a3b619e9f2b0eaa346bd9dae42b3330be1392828bbfb3d3619cdac.exe
[2025-05-26 14:08:51.868] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\e3f39c3866a3b619e9f2b0eaa346bd9dae42b3330be1392828bbfb3d3619cdac.exe
[2025-05-26 14:08:51.868] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:08:53.449] Restoring snapshot 35 done
[2025-05-26 14:08:53.449] Starting up VM
[2025-05-26 14:08:59.607] Starting up VM done
[2025-05-26 14:08:59.607] Installing kernel driver
[2025-05-26 14:08:59.607] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:09:04.516] Kernel driver installation completed
[2025-05-26 14:09:04.516] Starting GP driver service
[2025-05-26 14:09:04.516] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:09:07.678] GP driver service started
[2025-05-26 14:09:07.678] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\e3f39c3866a3b619e9f2b0eaa346bd9dae42b3330be1392828bbfb3d3619cdac.exe
[2025-05-26 14:09:07.678] Malware execution started
[2025-05-26 14:09:07.678] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:10:07.686] Taking screenshot
[2025-05-26 14:10:07.748] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:11:12.511] Powering off VM done
[2025-05-26 14:11:15.511] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:11:16.709] Restoring snapshot 35 done
[2025-05-26 14:11:16.709] Kernel telemetry analysis completed in 144.8 seconds.

[2025-05-26 14:11:16.709] ✅ Analysis completed successfully!
[2025-05-26 14:11:16.709] Progress: 3.3% (46/1408)
[2025-05-26 14:11:16.709] Successful: 46, Failed: 0
[2025-05-26 14:11:16.709] Time remaining: 60.1h
[2025-05-26 14:11:16.709] Waiting 5 seconds before next sample...
[2025-05-26 14:11:21.710] SAMPLE 47/1408
[2025-05-26 14:11:21.710] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 14:11:21.710] File: f50ba2fd7e441ef2bffeb6355d33f367248097351d0fa42932c59c6dd26557b5.exe
[2025-05-26 14:11:21.710] Path: D:\new\ransomware_high_confidence\avaddon\f50ba2fd7e441ef2bffeb6355d33f367248097351d0fa42932c59c6dd26557b5.exe
[2025-05-26 14:11:21.710] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\f50ba2fd7e441ef2bffeb6355d33f367248097351d0fa42932c59c6dd26557b5.exe
[2025-05-26 14:11:21.710] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:11:23.432] Restoring snapshot 35 done
[2025-05-26 14:11:23.432] Starting up VM
[2025-05-26 14:11:29.787] Starting up VM done
[2025-05-26 14:11:29.787] Installing kernel driver
[2025-05-26 14:11:29.787] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:11:34.125] Kernel driver installation completed
[2025-05-26 14:11:34.125] Starting GP driver service
[2025-05-26 14:11:34.125] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:11:37.284] GP driver service started
[2025-05-26 14:11:37.285] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\f50ba2fd7e441ef2bffeb6355d33f367248097351d0fa42932c59c6dd26557b5.exe
[2025-05-26 14:11:37.285] Malware execution started
[2025-05-26 14:11:37.285] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:12:37.293] Taking screenshot
[2025-05-26 14:12:37.353] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:13:52.234] Powering off VM done
[2025-05-26 14:13:55.234] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:13:56.921] Restoring snapshot 35 done
[2025-05-26 14:13:56.921] Kernel telemetry analysis completed in 155.2 seconds.

[2025-05-26 14:13:56.921] ✅ Analysis completed successfully!
[2025-05-26 14:13:56.921] Progress: 3.3% (47/1408)
[2025-05-26 14:13:56.921] Successful: 47, Failed: 0
[2025-05-26 14:13:56.921] Time remaining: 60.1h
[2025-05-26 14:13:56.921] Waiting 5 seconds before next sample...
[2025-05-26 14:14:01.922] SAMPLE 48/1408
[2025-05-26 14:14:01.922] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 14:14:01.922] File: fc42cbd5939fcb8b6851021497041c80acd81ce7a43b952ab7807d5a05d2ed97.exe
[2025-05-26 14:14:01.922] Path: D:\new\ransomware_high_confidence\avaddon\fc42cbd5939fcb8b6851021497041c80acd81ce7a43b952ab7807d5a05d2ed97.exe
[2025-05-26 14:14:01.922] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\fc42cbd5939fcb8b6851021497041c80acd81ce7a43b952ab7807d5a05d2ed97.exe
[2025-05-26 14:14:01.922] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:14:03.614] Restoring snapshot 35 done
[2025-05-26 14:14:03.614] Starting up VM
[2025-05-26 14:14:10.912] Starting up VM done
[2025-05-26 14:14:10.912] Installing kernel driver
[2025-05-26 14:14:10.912] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:14:14.696] Kernel driver installation completed
[2025-05-26 14:14:14.696] Starting GP driver service
[2025-05-26 14:14:14.696] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:14:17.846] GP driver service started
[2025-05-26 14:14:17.846] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\fc42cbd5939fcb8b6851021497041c80acd81ce7a43b952ab7807d5a05d2ed97.exe
[2025-05-26 14:14:17.847] Malware execution started
[2025-05-26 14:14:17.847] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:15:17.855] Taking screenshot
[2025-05-26 14:15:17.916] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:16:27.968] Powering off VM done
[2025-05-26 14:16:30.968] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:16:32.439] Restoring snapshot 35 done
[2025-05-26 14:16:32.439] Kernel telemetry analysis completed in 150.5 seconds.

[2025-05-26 14:16:32.439] ✅ Analysis completed successfully!
[2025-05-26 14:16:32.439] Progress: 3.4% (48/1408)
[2025-05-26 14:16:32.439] Successful: 48, Failed: 0
[2025-05-26 14:16:32.439] Time remaining: 60.0h
[2025-05-26 14:16:32.439] Waiting 5 seconds before next sample...
[2025-05-26 14:16:37.439] SAMPLE 49/1408
[2025-05-26 14:16:37.439] Family: D:\new\ransomware_high_confidence\avaddon
[2025-05-26 14:16:37.439] File: fcdb893993c8b5e81fa9f73c40384a6c8cec4d9e5b06f8a2ec6ebb3d5a886db2.exe
[2025-05-26 14:16:37.439] Path: D:\new\ransomware_high_confidence\avaddon\fcdb893993c8b5e81fa9f73c40384a6c8cec4d9e5b06f8a2ec6ebb3d5a886db2.exe
[2025-05-26 14:16:37.440] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avaddon\fcdb893993c8b5e81fa9f73c40384a6c8cec4d9e5b06f8a2ec6ebb3d5a886db2.exe
[2025-05-26 14:16:37.440] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:16:39.213] Restoring snapshot 35 done
[2025-05-26 14:16:39.213] Starting up VM
[2025-05-26 14:16:45.887] Starting up VM done
[2025-05-26 14:16:45.887] Installing kernel driver
[2025-05-26 14:16:45.887] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:16:50.124] Kernel driver installation completed
[2025-05-26 14:16:50.124] Starting GP driver service
[2025-05-26 14:16:50.124] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:16:53.271] GP driver service started
[2025-05-26 14:16:53.271] Executing malware sample: D:\new\ransomware_high_confidence\avaddon\fcdb893993c8b5e81fa9f73c40384a6c8cec4d9e5b06f8a2ec6ebb3d5a886db2.exe
[2025-05-26 14:16:53.272] Malware execution started
[2025-05-26 14:16:53.272] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:17:53.280] Taking screenshot
[2025-05-26 14:17:53.340] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:19:14.935] Powering off VM done
[2025-05-26 14:19:17.935] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:19:19.449] Restoring snapshot 35 done
[2025-05-26 14:19:19.449] Kernel telemetry analysis completed in 162.0 seconds.

[2025-05-26 14:19:19.449] ✅ Analysis completed successfully!
[2025-05-26 14:19:19.449] Progress: 3.5% (49/1408)
[2025-05-26 14:19:19.449] Successful: 49, Failed: 0
[2025-05-26 14:19:19.449] Time remaining: 60.0h
[2025-05-26 14:19:19.449] Waiting 5 seconds before next sample...
[2025-05-26 14:19:24.449] SAMPLE 50/1408
[2025-05-26 14:19:24.449] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 14:19:24.449] File: 002e70b8fde758f88adc506f3c71df1eb32ce1a2b5bec45f3e8e43dba923709f.exe
[2025-05-26 14:19:24.449] Path: D:\new\ransomware_high_confidence\avoslocker\002e70b8fde758f88adc506f3c71df1eb32ce1a2b5bec45f3e8e43dba923709f.exe
[2025-05-26 14:19:24.449] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\002e70b8fde758f88adc506f3c71df1eb32ce1a2b5bec45f3e8e43dba923709f.exe
[2025-05-26 14:19:24.449] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:19:25.992] Restoring snapshot 35 done
[2025-05-26 14:19:25.992] Starting up VM
[2025-05-26 14:19:31.852] Starting up VM done
[2025-05-26 14:19:31.852] Installing kernel driver
[2025-05-26 14:19:31.852] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:19:36.232] Kernel driver installation completed
[2025-05-26 14:19:36.233] Starting GP driver service
[2025-05-26 14:19:36.233] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:19:39.386] GP driver service started
[2025-05-26 14:19:39.386] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\002e70b8fde758f88adc506f3c71df1eb32ce1a2b5bec45f3e8e43dba923709f.exe
[2025-05-26 14:19:39.387] Malware execution started
[2025-05-26 14:19:39.387] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:20:39.395] Taking screenshot
[2025-05-26 14:20:39.457] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:22:30.607] Powering off VM done
[2025-05-26 14:22:33.607] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:22:34.961] Restoring snapshot 35 done
[2025-05-26 14:22:34.961] Kernel telemetry analysis completed in 190.5 seconds.

[2025-05-26 14:22:34.961] ✅ Analysis completed successfully!
[2025-05-26 14:22:34.961] Progress: 3.6% (50/1408)
[2025-05-26 14:22:34.961] Successful: 50, Failed: 0
[2025-05-26 14:22:34.961] Time remaining: 60.3h
[2025-05-26 14:22:34.961] Waiting 5 seconds before next sample...
[2025-05-26 14:22:39.962] SAMPLE 51/1408
[2025-05-26 14:22:39.962] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 14:22:39.962] File: 01792043e07a0db52664c5878b253531b293754dc6fd6a8426899c1a66ddd61f.exe
[2025-05-26 14:22:39.962] Path: D:\new\ransomware_high_confidence\avoslocker\01792043e07a0db52664c5878b253531b293754dc6fd6a8426899c1a66ddd61f.exe
[2025-05-26 14:22:39.962] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\01792043e07a0db52664c5878b253531b293754dc6fd6a8426899c1a66ddd61f.exe
[2025-05-26 14:22:39.962] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:22:41.382] Restoring snapshot 35 done
[2025-05-26 14:22:41.382] Starting up VM
[2025-05-26 14:22:47.700] Starting up VM done
[2025-05-26 14:22:47.700] Installing kernel driver
[2025-05-26 14:22:47.700] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:22:52.101] Kernel driver installation completed
[2025-05-26 14:22:52.101] Starting GP driver service
[2025-05-26 14:22:52.101] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:22:55.254] GP driver service started
[2025-05-26 14:22:55.254] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\01792043e07a0db52664c5878b253531b293754dc6fd6a8426899c1a66ddd61f.exe
[2025-05-26 14:22:55.254] Malware execution started
[2025-05-26 14:22:55.254] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:23:55.262] Taking screenshot
[2025-05-26 14:23:55.325] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:24:14.329] Powering off VM done
[2025-05-26 14:24:17.329] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:24:18.298] Restoring snapshot 35 done
[2025-05-26 14:24:18.298] Kernel telemetry analysis completed in 98.3 seconds.

[2025-05-26 14:24:18.298] ✅ Analysis completed successfully!
[2025-05-26 14:24:18.298] Progress: 3.6% (51/1408)
[2025-05-26 14:24:18.298] Successful: 51, Failed: 0
[2025-05-26 14:24:18.298] Time remaining: 59.8h
[2025-05-26 14:24:18.298] Waiting 5 seconds before next sample...
[2025-05-26 14:24:23.298] SAMPLE 52/1408
[2025-05-26 14:24:23.298] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 14:24:23.298] File: 05f6252ae8441e6198a97e7bbae93c03fff0850e082406d6d784274d5ae07122.exe
[2025-05-26 14:24:23.298] Path: D:\new\ransomware_high_confidence\avoslocker\05f6252ae8441e6198a97e7bbae93c03fff0850e082406d6d784274d5ae07122.exe
[2025-05-26 14:24:23.298] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\05f6252ae8441e6198a97e7bbae93c03fff0850e082406d6d784274d5ae07122.exe
[2025-05-26 14:24:23.298] Malware execution

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:24:24.785] Restoring snapshot 35 done
[2025-05-26 14:24:24.785] Starting up VM
[2025-05-26 14:24:30.979] Starting up VM done
[2025-05-26 14:24:30.979] Installing kernel driver
[2025-05-26 14:24:30.979] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:24:35.637] Kernel driver installation completed
[2025-05-26 14:24:35.637] Starting GP driver service
[2025-05-26 14:24:35.637] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:24:38.791] GP driver service started
[2025-05-26 14:24:38.792] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\05f6252ae8441e6198a97e7bbae93c03fff0850e082406d6d784274d5ae07122.exe
[2025-05-26 14:24:38.792] Malware execution started
[2025-05-26 14:24:38.792] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:25:38.801] Taking screenshot
[2025-05-26 14:25:38.929] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:26:12.846] Powering off VM done
[2025-05-26 14:26:15.846] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:26:17.320] Restoring snapshot 35 done
[2025-05-26 14:26:17.320] Kernel telemetry analysis completed in 114.0 seconds.

[2025-05-26 14:26:17.320] ✅ Analysis completed successfully!
[2025-05-26 14:26:17.320] Progress: 3.7% (52/1408)
[2025-05-26 14:26:17.320] Successful: 52, Failed: 0
[2025-05-26 14:26:17.320] Time remaining: 59.5h
[2025-05-26 14:26:17.320] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-26 14:26:22.320] SAMPLE 53/1408
[2025-05-26 14:26:22.320] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 14:26:22.320] File: 0b1f19ba8740b10ed017671aab023228756a6864fb008bf23f3c606189bdcd98.exe
[2025-05-26 14:26:22.320] Path: D:\new\ransomware_high_confidence\avoslocker\0b1f19ba8740b10ed017671aab023228756a6864fb008bf23f3c606189bdcd98.exe
[2025-05-26 14:26:22.320] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\0b1f19ba8740b10ed017671aab023228756a6864fb008bf23f3c606189bdcd98.exe
[2025-05-26 14:26:22.321] Malware execution time: 60 seconds
[2025-05-26 14:26:22.321] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:26:23.967] Restoring snapshot 35 done
[2025-05-26 14:26:23.967] Starting up VM
[2025-05-26 14:26:30.512] Starting up VM done
[2025-05-26 14:26:30.512] Installing kernel driver
[2025-05-26 14:26:30.512] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:26:35.270] Kernel driver installation completed
[2025-05-26 14:26:35.270] Starting GP driver service
[2025-05-26 14:26:35.270] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:26:38.419] GP driver service started
[2025-05-26 14:26:38.419] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\0b1f19ba8740b10ed017671aab023228756a6864fb008bf23f3c606189bdcd98.exe
[2025-05-26 14:26:38.419] Malware execution started
[2025-05-26 14:26:38.419] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:27:38.428] Taking screenshot
[2025-05-26 14:27:38.488] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:29:19.099] Powering off VM done
[2025-05-26 14:29:22.100] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:29:23.426] Restoring snapshot 35 done
[2025-05-26 14:29:23.426] Kernel telemetry analysis completed in 181.1 seconds.

[2025-05-26 14:29:23.426] ✅ Analysis completed successfully!
[2025-05-26 14:29:23.426] Progress: 3.8% (53/1408)
[2025-05-26 14:29:23.427] Successful: 53, Failed: 0
[2025-05-26 14:29:23.427] Time remaining: 59.6h
[2025-05-26 14:29:23.427] Waiting 5 seconds before next sample...
[2025-05-26 14:29:28.427] SAMPLE 54/1408
[2025-05-26 14:29:28.427] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 14:29:28.427] File: 0befaa4e0feb435459faba84b6952dd7ebfa77d74059a6f7d154d75491fd1c14.exe
[2025-05-26 14:29:28.427] Path: D:\new\ransomware_high_confidence\avoslocker\0befaa4e0feb435459faba84b6952dd7ebfa77d74059a6f7d154d75491fd1c14.exe
[2025-05-26 14:29:28.427] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\0befaa4e0feb435459faba84b6952dd7ebfa77d74059a6f7d154d75491fd1c14.exe
[2025-05-26 14:29:28.427] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:29:29.852] Restoring snapshot 35 done
[2025-05-26 14:29:29.852] Starting up VM
[2025-05-26 14:29:36.128] Starting up VM done
[2025-05-26 14:29:36.128] Installing kernel driver
[2025-05-26 14:29:36.128] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:29:40.570] Kernel driver installation completed
[2025-05-26 14:29:40.570] Starting GP driver service
[2025-05-26 14:29:40.570] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:29:43.727] GP driver service started
[2025-05-26 14:29:43.727] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\0befaa4e0feb435459faba84b6952dd7ebfa77d74059a6f7d154d75491fd1c14.exe
[2025-05-26 14:29:43.727] Malware execution started
[2025-05-26 14:29:43.727] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:30:43.735] Taking screenshot
[2025-05-26 14:30:43.794] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:32:05.310] Powering off VM done
[2025-05-26 14:32:08.310] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:32:09.639] Restoring snapshot 35 done
[2025-05-26 14:32:09.639] Kernel telemetry analysis completed in 161.2 seconds.

[2025-05-26 14:32:09.639] ✅ Analysis completed successfully!
[2025-05-26 14:32:09.639] Progress: 3.8% (54/1408)
[2025-05-26 14:32:09.639] Successful: 54, Failed: 0
[2025-05-26 14:32:09.639] Time remaining: 59.6h
[2025-05-26 14:32:09.639] Waiting 5 seconds before next sample...
[2025-05-26 14:32:14.640] SAMPLE 55/1408
[2025-05-26 14:32:14.640] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 14:32:14.640] File: 0c50b3543005814bebd996484e72eb53d57d369781f9b979f78d70733672278b.exe
[2025-05-26 14:32:14.640] Path: D:\new\ransomware_high_confidence\avoslocker\0c50b3543005814bebd996484e72eb53d57d369781f9b979f78d70733672278b.exe
[2025-05-26 14:32:14.640] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\0c50b3543005814bebd996484e72eb53d57d369781f9b979f78d70733672278b.exe
[2025-05-26 14:32:14.640] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:32:16.462] Restoring snapshot 35 done
[2025-05-26 14:32:16.462] Starting up VM
[2025-05-26 14:32:22.593] Starting up VM done
[2025-05-26 14:32:22.593] Installing kernel driver
[2025-05-26 14:32:22.593] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:32:27.098] Kernel driver installation completed
[2025-05-26 14:32:27.098] Starting GP driver service
[2025-05-26 14:32:27.098] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:32:30.248] GP driver service started
[2025-05-26 14:32:30.248] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\0c50b3543005814bebd996484e72eb53d57d369781f9b979f78d70733672278b.exe
[2025-05-26 14:32:30.249] Malware execution started
[2025-05-26 14:32:30.249] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:33:30.257] Taking screenshot
[2025-05-26 14:33:30.317] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:34:40.842] Powering off VM done
[2025-05-26 14:34:43.843] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:34:44.869] Restoring snapshot 35 done
[2025-05-26 14:34:44.869] Kernel telemetry analysis completed in 150.2 seconds.

[2025-05-26 14:34:44.869] ✅ Analysis completed successfully!
[2025-05-26 14:34:44.869] Progress: 3.9% (55/1408)
[2025-05-26 14:34:44.869] Successful: 55, Failed: 0
[2025-05-26 14:34:44.869] Time remaining: 59.6h
[2025-05-26 14:34:44.869] Waiting 5 seconds before next sample...
[2025-05-26 14:34:49.870] SAMPLE 56/1408
[2025-05-26 14:34:49.870] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 14:34:49.870] File: 0d094770db65ec637489116e1510ee787a48d6d130aad26ae40f7dbca6fe7182.exe
[2025-05-26 14:34:49.870] Path: D:\new\ransomware_high_confidence\avoslocker\0d094770db65ec637489116e1510ee787a48d6d130aad26ae40f7dbca6fe7182.exe
[2025-05-26 14:34:49.870] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\0d094770db65ec637489116e1510ee787a48d6d130aad26ae40f7dbca6fe7182.exe
[2025-05-26 14:34:49.870] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:34:51.283] Restoring snapshot 35 done
[2025-05-26 14:34:51.283] Starting up VM
[2025-05-26 14:34:57.824] Starting up VM done
[2025-05-26 14:34:57.824] Installing kernel driver
[2025-05-26 14:34:57.824] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:35:02.152] Kernel driver installation completed
[2025-05-26 14:35:02.152] Starting GP driver service
[2025-05-26 14:35:02.152] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:35:05.308] GP driver service started
[2025-05-26 14:35:05.308] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\0d094770db65ec637489116e1510ee787a48d6d130aad26ae40f7dbca6fe7182.exe
[2025-05-26 14:35:05.308] Malware execution started
[2025-05-26 14:35:05.308] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:36:05.316] Taking screenshot
[2025-05-26 14:36:05.376] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:38:02.518] Powering off VM done
[2025-05-26 14:38:05.518] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:38:06.985] Restoring snapshot 35 done
[2025-05-26 14:38:06.985] Kernel telemetry analysis completed in 197.1 seconds.

[2025-05-26 14:38:06.985] ✅ Analysis completed successfully!
[2025-05-26 14:38:06.985] Progress: 4.0% (56/1408)
[2025-05-26 14:38:06.985] Successful: 56, Failed: 0
[2025-05-26 14:38:06.985] Time remaining: 59.8h
[2025-05-26 14:38:06.986] Waiting 5 seconds before next sample...
[2025-05-26 14:38:11.986] SAMPLE 57/1408
[2025-05-26 14:38:11.986] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 14:38:11.986] File: 0f22ae8e435cfeb4e527199c9083e7093c79892656eff686d55909e8528493db.exe
[2025-05-26 14:38:11.986] Path: D:\new\ransomware_high_confidence\avoslocker\0f22ae8e435cfeb4e527199c9083e7093c79892656eff686d55909e8528493db.exe
[2025-05-26 14:38:11.986] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\0f22ae8e435cfeb4e527199c9083e7093c79892656eff686d55909e8528493db.exe
[2025-05-26 14:38:11.986] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:38:13.433] Restoring snapshot 35 done
[2025-05-26 14:38:13.433] Starting up VM
[2025-05-26 14:38:19.772] Starting up VM done
[2025-05-26 14:38:19.772] Installing kernel driver
[2025-05-26 14:38:19.772] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:38:24.184] Kernel driver installation completed
[2025-05-26 14:38:24.184] Starting GP driver service
[2025-05-26 14:38:24.184] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:38:27.332] GP driver service started
[2025-05-26 14:38:27.332] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\0f22ae8e435cfeb4e527199c9083e7093c79892656eff686d55909e8528493db.exe
[2025-05-26 14:38:27.332] Malware execution started
[2025-05-26 14:38:27.332] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:39:27.341] Taking screenshot
[2025-05-26 14:39:27.401] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:41:45.486] Powering off VM done
[2025-05-26 14:41:48.486] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:41:49.966] Restoring snapshot 35 done
[2025-05-26 14:41:49.966] Kernel telemetry analysis completed in 218.0 seconds.

[2025-05-26 14:41:49.966] ✅ Analysis completed successfully!
[2025-05-26 14:41:49.966] Progress: 4.0% (57/1408)
[2025-05-26 14:41:49.966] Successful: 57, Failed: 0
[2025-05-26 14:41:49.966] Time remaining: 60.2h
[2025-05-26 14:41:49.966] Waiting 5 seconds before next sample...
[2025-05-26 14:41:54.967] SAMPLE 58/1408
[2025-05-26 14:41:54.967] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 14:41:54.967] File: 123888ff76ffd20da224ef3afed3fd564c4f6fef6c2169bccdbb81a9d7cc9d0b.exe
[2025-05-26 14:41:54.967] Path: D:\new\ransomware_high_confidence\avoslocker\123888ff76ffd20da224ef3afed3fd564c4f6fef6c2169bccdbb81a9d7cc9d0b.exe
[2025-05-26 14:41:54.967] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\123888ff76ffd20da224ef3afed3fd564c4f6fef6c2169bccdbb81a9d7cc9d0b.exe
[2025-05-26 14:41:54.967] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:41:56.628] Restoring snapshot 35 done
[2025-05-26 14:41:56.628] Starting up VM
[2025-05-26 14:42:02.934] Starting up VM done
[2025-05-26 14:42:02.934] Installing kernel driver
[2025-05-26 14:42:02.934] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:42:08.054] Kernel driver installation completed
[2025-05-26 14:42:08.054] Starting GP driver service
[2025-05-26 14:42:08.054] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:42:11.212] GP driver service started
[2025-05-26 14:42:11.212] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\123888ff76ffd20da224ef3afed3fd564c4f6fef6c2169bccdbb81a9d7cc9d0b.exe
[2025-05-26 14:42:11.213] Malware execution started
[2025-05-26 14:42:11.213] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:43:11.221] Taking screenshot
[2025-05-26 14:43:11.280] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:44:04.190] Powering off VM done
[2025-05-26 14:44:07.191] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:44:08.619] Restoring snapshot 35 done
[2025-05-26 14:44:08.619] Kernel telemetry analysis completed in 133.7 seconds.

[2025-05-26 14:44:08.619] ✅ Analysis completed successfully!
[2025-05-26 14:44:08.619] Progress: 4.1% (58/1408)
[2025-05-26 14:44:08.619] Successful: 58, Failed: 0
[2025-05-26 14:44:08.619] Time remaining: 60.0h
[2025-05-26 14:44:08.619] Waiting 5 seconds before next sample...
[2025-05-26 14:44:13.620] SAMPLE 59/1408
[2025-05-26 14:44:13.620] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 14:44:13.620] File: 1b0433a15184ab1859a01b0092ccc9d56d9e5536fbf91493ba4b9e681165122a.exe
[2025-05-26 14:44:13.620] Path: D:\new\ransomware_high_confidence\avoslocker\1b0433a15184ab1859a01b0092ccc9d56d9e5536fbf91493ba4b9e681165122a.exe
[2025-05-26 14:44:13.620] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\1b0433a15184ab1859a01b0092ccc9d56d9e5536fbf91493ba4b9e681165122a.exe
[2025-05-26 14:44:13.620] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:44:15.376] Restoring snapshot 35 done
[2025-05-26 14:44:15.376] Starting up VM
[2025-05-26 14:44:21.977] Starting up VM done
[2025-05-26 14:44:21.977] Installing kernel driver
[2025-05-26 14:44:21.977] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:44:26.487] Kernel driver installation completed
[2025-05-26 14:44:26.487] Starting GP driver service
[2025-05-26 14:44:26.487] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:44:29.638] GP driver service started
[2025-05-26 14:44:29.638] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\1b0433a15184ab1859a01b0092ccc9d56d9e5536fbf91493ba4b9e681165122a.exe
[2025-05-26 14:44:29.638] Malware execution started
[2025-05-26 14:44:29.638] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:45:29.646] Taking screenshot
[2025-05-26 14:45:29.705] Tak

VBoxManage: error: Error starting guest session (current status is: starting)


[2025-05-26 14:47:29.865] Copied registry_avoslocker_1b0433a15184ab1859a01b0092ccc9d56d9e5536fbf91493ba4b9e681165122a.csv.dll to [new]kernel-telemetry-results
[2025-05-26 14:47:29.865] DLL results copying from VM to host completed
[2025-05-26 14:47:29.865] Copying DLL results from sharedfolder to [NEW]DatasetHafidz
[2025-05-26 14:47:29.865] Copied: alert_avoslocker_1b0433a15184ab1859a01b0092ccc9d56d9e5536fbf91493ba4b9e681165122a.csv.dll
[2025-05-26 14:47:29.865] Copied: registry_avoslocker_1b0433a15184ab1859a01b0092ccc9d56d9e5536fbf91493ba4b9e681165122a.csv.dll
[2025-05-26 14:47:29.865] DLL results copying completed
[2025-05-26 14:47:29.865] Cleaning up Z: drive contents
[2025-05-26 14:47:29.865] Executing: del /q Z:\*
Error: VBoxManage: error: Waiting for guest process failed: VERR_DUPLICATE
VBoxManage: error: Details: code VBOX_E_IPRT_ERROR (0x80bb0005), component GuestSessionWrap, interface IGuestSession, callee nsISupports
VBoxManage: error: Context: "WaitForArray(ComSafeArrayAsInP

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:47:40.702] Powering off VM done
[2025-05-26 14:47:43.703] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:47:45.035] Restoring snapshot 35 done
[2025-05-26 14:47:45.035] Kernel telemetry analysis completed in 211.4 seconds.

[2025-05-26 14:47:45.035] ✅ Analysis completed successfully!
[2025-05-26 14:47:45.035] Progress: 4.2% (59/1408)
[2025-05-26 14:47:45.035] Successful: 59, Failed: 0
[2025-05-26 14:47:45.035] Time remaining: 60.3h
[2025-05-26 14:47:45.035] Waiting 5 seconds before next sample...
[2025-05-26 14:47:50.035] SAMPLE 60/1408
[2025-05-26 14:47:50.035] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 14:47:50.035] File: 1f102cc8bb6a14cc2bd9b9311acb66ed5a6035e8510ea34a328a7bc09d9a3a81.exe
[2025-05-26 14:47:50.035] Path: D:\new\ransomware_high_confidence\avoslocker\1f102cc8bb6a14cc2bd9b9311acb66ed5a6035e8510ea34a328a7bc09d9a3a81.exe
[2025-05-26 14:47:50.035] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\1f102cc8bb6a14cc2bd9b9311acb66ed5a6035e8510ea34a328a7bc09d9a3a81.exe
[2025-05-26 14:47:50.035] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:47:51.631] Restoring snapshot 35 done
[2025-05-26 14:47:51.631] Starting up VM
[2025-05-26 14:47:58.940] Starting up VM done
[2025-05-26 14:47:58.941] Installing kernel driver
[2025-05-26 14:47:58.941] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:48:03.959] Kernel driver installation completed
[2025-05-26 14:48:03.959] Starting GP driver service
[2025-05-26 14:48:03.959] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:48:07.111] GP driver service started
[2025-05-26 14:48:07.111] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\1f102cc8bb6a14cc2bd9b9311acb66ed5a6035e8510ea34a328a7bc09d9a3a81.exe
[2025-05-26 14:48:07.111] Malware execution started
[2025-05-26 14:48:07.111] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:49:07.120] Taking screenshot
[2025-05-26 14:49:07.181] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:50:34.354] Powering off VM done
[2025-05-26 14:50:37.355] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:50:38.689] Restoring snapshot 35 done
[2025-05-26 14:50:38.689] Kernel telemetry analysis completed in 168.7 seconds.

[2025-05-26 14:50:38.689] ✅ Analysis completed successfully!
[2025-05-26 14:50:38.689] Progress: 4.3% (60/1408)
[2025-05-26 14:50:38.689] Successful: 60, Failed: 0
[2025-05-26 14:50:38.689] Time remaining: 60.4h
[2025-05-26 14:50:38.689] Waiting 5 seconds before next sample...
[2025-05-26 14:50:43.690] SAMPLE 61/1408
[2025-05-26 14:50:43.690] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 14:50:43.690] File: 2736d807b3d6e2dc3bedbfcd1d460df0b5065b36258ea6dc820f565d82f5d0a7.exe
[2025-05-26 14:50:43.690] Path: D:\new\ransomware_high_confidence\avoslocker\2736d807b3d6e2dc3bedbfcd1d460df0b5065b36258ea6dc820f565d82f5d0a7.exe
[2025-05-26 14:50:43.690] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\2736d807b3d6e2dc3bedbfcd1d460df0b5065b36258ea6dc820f565d82f5d0a7.exe
[2025-05-26 14:50:43.690] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:50:45.120] Restoring snapshot 35 done
[2025-05-26 14:50:45.120] Starting up VM
[2025-05-26 14:50:51.623] Starting up VM done
[2025-05-26 14:50:51.623] Installing kernel driver
[2025-05-26 14:50:51.623] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:50:56.082] Kernel driver installation completed
[2025-05-26 14:50:56.082] Starting GP driver service
[2025-05-26 14:50:56.082] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:50:59.239] GP driver service started
[2025-05-26 14:50:59.239] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\2736d807b3d6e2dc3bedbfcd1d460df0b5065b36258ea6dc820f565d82f5d0a7.exe
[2025-05-26 14:50:59.239] Malware execution started
[2025-05-26 14:50:59.239] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:51:59.247] Taking screenshot
[2025-05-26 14:51:59.307] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:52:59.332] Powering off VM done
[2025-05-26 14:53:02.332] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:53:03.649] Restoring snapshot 35 done
[2025-05-26 14:53:03.649] Kernel telemetry analysis completed in 140.0 seconds.

[2025-05-26 14:53:03.649] ✅ Analysis completed successfully!
[2025-05-26 14:53:03.649] Progress: 4.3% (61/1408)
[2025-05-26 14:53:03.649] Successful: 61, Failed: 0
[2025-05-26 14:53:03.649] Time remaining: 60.2h
[2025-05-26 14:53:03.649] Waiting 5 seconds before next sample...
[2025-05-26 14:53:08.650] SAMPLE 62/1408
[2025-05-26 14:53:08.650] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 14:53:08.650] File: 27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.exe
[2025-05-26 14:53:08.650] Path: D:\new\ransomware_high_confidence\avoslocker\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.exe
[2025-05-26 14:53:08.650] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.exe
[2025-05-26 14:53:08.650] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:53:11.812] Restoring snapshot 35 done
[2025-05-26 14:53:11.812] Starting up VM
[2025-05-26 14:53:18.430] Starting up VM done
[2025-05-26 14:53:18.430] Installing kernel driver
[2025-05-26 14:53:18.430] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:53:25.410] Kernel driver installation completed
[2025-05-26 14:53:25.410] Starting GP driver service
[2025-05-26 14:53:25.410] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:53:28.564] GP driver service started
[2025-05-26 14:53:28.564] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.exe
[2025-05-26 14:53:28.565] Malware execution started
[2025-05-26 14:53:28.565] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:54:28.573] Taking screenshot
[2025-05-26 14:54:28.644] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:54:52.011] Powering off VM done
[2025-05-26 14:54:55.011] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:54:56.568] Restoring snapshot 35 done
[2025-05-26 14:54:56.568] Kernel telemetry analysis completed in 107.9 seconds.

[2025-05-26 14:54:56.568] ✅ Analysis completed successfully!
[2025-05-26 14:54:56.568] Progress: 4.4% (62/1408)
[2025-05-26 14:54:56.568] Successful: 62, Failed: 0
[2025-05-26 14:54:56.568] Time remaining: 59.9h
[2025-05-26 14:54:56.568] Waiting 5 seconds before next sample...
[2025-05-26 14:55:01.569] SAMPLE 63/1408
[2025-05-26 14:55:01.569] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 14:55:01.569] File: 29910ea42c8e2abb22d5a88053e1725c93a104e61560a2f8d88716d619bcaa08.exe
[2025-05-26 14:55:01.569] Path: D:\new\ransomware_high_confidence\avoslocker\29910ea42c8e2abb22d5a88053e1725c93a104e61560a2f8d88716d619bcaa08.exe
[2025-05-26 14:55:01.569] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\29910ea42c8e2abb22d5a88053e1725c93a104e61560a2f8d88716d619bcaa08.exe
[2025-05-26 14:55:01.569] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:55:03.279] Restoring snapshot 35 done
[2025-05-26 14:55:03.279] Starting up VM
[2025-05-26 14:55:09.800] Starting up VM done
[2025-05-26 14:55:09.800] Installing kernel driver
[2025-05-26 14:55:09.800] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:55:13.593] Kernel driver installation completed
[2025-05-26 14:55:13.593] Starting GP driver service
[2025-05-26 14:55:13.593] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:55:16.751] GP driver service started
[2025-05-26 14:55:16.751] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\29910ea42c8e2abb22d5a88053e1725c93a104e61560a2f8d88716d619bcaa08.exe
[2025-05-26 14:55:16.751] Malware execution started
[2025-05-26 14:55:16.751] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:56:16.759] Taking screenshot
[2025-05-26 14:56:16.828] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:56:40.270] Powering off VM done
[2025-05-26 14:56:43.270] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:56:44.149] Restoring snapshot 35 done
[2025-05-26 14:56:44.150] Kernel telemetry analysis completed in 102.6 seconds.

[2025-05-26 14:56:44.150] ✅ Analysis completed successfully!
[2025-05-26 14:56:44.150] Progress: 4.5% (63/1408)
[2025-05-26 14:56:44.150] Successful: 63, Failed: 0
[2025-05-26 14:56:44.150] Time remaining: 59.5h
[2025-05-26 14:56:44.150] Waiting 5 seconds before next sample...
[2025-05-26 14:56:49.150] SAMPLE 64/1408
[2025-05-26 14:56:49.150] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 14:56:49.150] File: 31a6ddb891c3470c6d32ced24aaa5de84c77b24042a44c157d456e31c9325402.exe
[2025-05-26 14:56:49.150] Path: D:\new\ransomware_high_confidence\avoslocker\31a6ddb891c3470c6d32ced24aaa5de84c77b24042a44c157d456e31c9325402.exe
[2025-05-26 14:56:49.150] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\31a6ddb891c3470c6d32ced24aaa5de84c77b24042a44c157d456e31c9325402.exe
[2025-05-26 14:56:49.150] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:56:50.963] Restoring snapshot 35 done
[2025-05-26 14:56:50.963] Starting up VM
[2025-05-26 14:56:56.917] Starting up VM done
[2025-05-26 14:56:56.917] Installing kernel driver
[2025-05-26 14:56:56.917] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:57:00.766] Kernel driver installation completed
[2025-05-26 14:57:00.766] Starting GP driver service
[2025-05-26 14:57:00.766] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:57:03.915] GP driver service started
[2025-05-26 14:57:03.915] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\31a6ddb891c3470c6d32ced24aaa5de84c77b24042a44c157d456e31c9325402.exe
[2025-05-26 14:57:03.915] Malware execution started
[2025-05-26 14:57:03.915] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 14:58:03.923] Taking screenshot
[2025-05-26 14:58:03.983] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:59:14.064] Powering off VM done
[2025-05-26 14:59:17.064] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:59:18.371] Restoring snapshot 35 done
[2025-05-26 14:59:18.372] Kernel telemetry analysis completed in 149.2 seconds.

[2025-05-26 14:59:18.372] ✅ Analysis completed successfully!
[2025-05-26 14:59:18.372] Progress: 4.5% (64/1408)
[2025-05-26 14:59:18.372] Successful: 64, Failed: 0
[2025-05-26 14:59:18.372] Time remaining: 59.4h
[2025-05-26 14:59:18.372] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-26 14:59:23.372] SAMPLE 65/1408
[2025-05-26 14:59:23.372] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 14:59:23.372] File: 373a791f058539d72983e38ebe68e98132fcf996d04e9a181145f22a96689386.exe
[2025-05-26 14:59:23.372] Path: D:\new\ransomware_high_confidence\avoslocker\373a791f058539d72983e38ebe68e98132fcf996d04e9a181145f22a96689386.exe
[2025-05-26 14:59:23.372] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\373a791f058539d72983e38ebe68e98132fcf996d04e9a181145f22a96689386.exe
[2025-05-26 14:59:23.372] Malware execution time: 60 seconds
[2025-05-26 14:59:23.372] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 14:59:24.789] Restoring snapshot 35 done
[2025-05-26 14:59:24.789] Starting up VM
[2025-05-26 14:59:31.090] Starting up VM done
[2025-05-26 14:59:31.090] Installing kernel driver
[2025-05-26 14:59:31.090] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 14:59:35.113] Kernel driver installation completed
[2025-05-26 14:59:35.113] Starting GP driver service
[2025-05-26 14:59:35.113] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 14:59:38.262] GP driver service started
[2025-05-26 14:59:38.262] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\373a791f058539d72983e38ebe68e98132fcf996d04e9a181145f22a96689386.exe
[2025-05-26 14:59:38.263] Malware execution started
[2025-05-26 14:59:38.263] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:00:38.271] Taking screenshot
[2025-05-26 15:00:38.336] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:01:27.273] Powering off VM done
[2025-05-26 15:01:30.273] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:01:31.689] Restoring snapshot 35 done
[2025-05-26 15:01:31.689] Kernel telemetry analysis completed in 128.3 seconds.

[2025-05-26 15:01:31.689] ✅ Analysis completed successfully!
[2025-05-26 15:01:31.689] Progress: 4.6% (65/1408)
[2025-05-26 15:01:31.689] Successful: 65, Failed: 0
[2025-05-26 15:01:31.689] Time remaining: 59.3h
[2025-05-26 15:01:31.690] Waiting 5 seconds before next sample...
[2025-05-26 15:01:36.690] SAMPLE 66/1408
[2025-05-26 15:01:36.690] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:01:36.690] File: 380275cac2a1793403674bd8cb686b478f457d65c25e3d58a3a1f856f829723b.exe
[2025-05-26 15:01:36.690] Path: D:\new\ransomware_high_confidence\avoslocker\380275cac2a1793403674bd8cb686b478f457d65c25e3d58a3a1f856f829723b.exe
[2025-05-26 15:01:36.690] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\380275cac2a1793403674bd8cb686b478f457d65c25e3d58a3a1f856f829723b.exe
[2025-05-26 15:01:36.690] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:01:38.105] Restoring snapshot 35 done
[2025-05-26 15:01:38.105] Starting up VM
[2025-05-26 15:01:44.044] Starting up VM done
[2025-05-26 15:01:44.045] Installing kernel driver
[2025-05-26 15:01:44.045] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:01:48.534] Kernel driver installation completed
[2025-05-26 15:01:48.534] Starting GP driver service
[2025-05-26 15:01:48.534] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:01:51.688] GP driver service started
[2025-05-26 15:01:51.688] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\380275cac2a1793403674bd8cb686b478f457d65c25e3d58a3a1f856f829723b.exe
[2025-05-26 15:01:51.689] Malware execution started
[2025-05-26 15:01:51.689] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:02:51.696] Taking screenshot
[2025-05-26 15:02:51.756] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:04:46.414] Powering off VM done
[2025-05-26 15:04:49.414] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:04:51.210] Restoring snapshot 35 done
[2025-05-26 15:04:51.210] Kernel telemetry analysis completed in 194.5 seconds.

[2025-05-26 15:04:51.210] ✅ Analysis completed successfully!
[2025-05-26 15:04:51.210] Progress: 4.7% (66/1408)
[2025-05-26 15:04:51.210] Successful: 66, Failed: 0
[2025-05-26 15:04:51.210] Time remaining: 59.4h
[2025-05-26 15:04:51.210] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-26 15:04:56.210] SAMPLE 67/1408
[2025-05-26 15:04:56.210] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:04:56.210] File: 43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe
[2025-05-26 15:04:56.210] Path: D:\new\ransomware_high_confidence\avoslocker\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe
[2025-05-26 15:04:56.210] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe
[2025-05-26 15:04:56.211] Malware execution time: 60 seconds
[2025-05-26 15:04:56.211] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:04:57.624] Restoring snapshot 35 done
[2025-05-26 15:04:57.624] Starting up VM
[2025-05-26 15:05:03.953] Starting up VM done
[2025-05-26 15:05:03.953] Installing kernel driver
[2025-05-26 15:05:03.953] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:05:08.259] Kernel driver installation completed
[2025-05-26 15:05:08.259] Starting GP driver service
[2025-05-26 15:05:08.259] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:05:11.416] GP driver service started
[2025-05-26 15:05:11.416] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856.exe
[2025-05-26 15:05:11.416] Malware execution started
[2025-05-26 15:05:11.416] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:06:11.424] Taking screenshot
[2025-05-26 15:06:11.487] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:06:38.699] Powering off VM done
[2025-05-26 15:06:41.700] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:06:42.886] Restoring snapshot 35 done
[2025-05-26 15:06:42.886] Kernel telemetry analysis completed in 106.7 seconds.

[2025-05-26 15:06:42.886] ✅ Analysis completed successfully!
[2025-05-26 15:06:42.886] Progress: 4.8% (67/1408)
[2025-05-26 15:06:42.886] Successful: 67, Failed: 0
[2025-05-26 15:06:42.886] Time remaining: 59.1h
[2025-05-26 15:06:42.886] Waiting 5 seconds before next sample...
[2025-05-26 15:06:47.887] SAMPLE 68/1408
[2025-05-26 15:06:47.887] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:06:47.887] File: 452967e7a2a6102a50036faa6f348b57ca5c514992bf8f7e0416d2dd9b1ab13a.exe
[2025-05-26 15:06:47.887] Path: D:\new\ransomware_high_confidence\avoslocker\452967e7a2a6102a50036faa6f348b57ca5c514992bf8f7e0416d2dd9b1ab13a.exe
[2025-05-26 15:06:47.887] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\452967e7a2a6102a50036faa6f348b57ca5c514992bf8f7e0416d2dd9b1ab13a.exe
[2025-05-26 15:06:47.887] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:06:49.546] Restoring snapshot 35 done
[2025-05-26 15:06:49.546] Starting up VM
[2025-05-26 15:06:56.043] Starting up VM done
[2025-05-26 15:06:56.043] Installing kernel driver
[2025-05-26 15:06:56.043] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:07:00.510] Kernel driver installation completed
[2025-05-26 15:07:00.510] Starting GP driver service
[2025-05-26 15:07:00.510] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:07:03.671] GP driver service started
[2025-05-26 15:07:03.671] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\452967e7a2a6102a50036faa6f348b57ca5c514992bf8f7e0416d2dd9b1ab13a.exe
[2025-05-26 15:07:03.671] Malware execution started
[2025-05-26 15:07:03.672] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:08:03.679] Taking screenshot
[2025-05-26 15:08:03.740] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:09:08.037] Powering off VM done
[2025-05-26 15:09:11.037] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:09:12.350] Restoring snapshot 35 done
[2025-05-26 15:09:12.350] Kernel telemetry analysis completed in 144.5 seconds.

[2025-05-26 15:09:12.350] ✅ Analysis completed successfully!
[2025-05-26 15:09:12.350] Progress: 4.8% (68/1408)
[2025-05-26 15:09:12.350] Successful: 68, Failed: 0
[2025-05-26 15:09:12.350] Time remaining: 59.0h
[2025-05-26 15:09:12.350] Waiting 5 seconds before next sample...
[2025-05-26 15:09:17.351] SAMPLE 69/1408
[2025-05-26 15:09:17.351] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:09:17.351] File: 45b95b6ee5a726bf41b6a52020bb03cdf128e381998f317d8bd34deb4074cf62.exe
[2025-05-26 15:09:17.351] Path: D:\new\ransomware_high_confidence\avoslocker\45b95b6ee5a726bf41b6a52020bb03cdf128e381998f317d8bd34deb4074cf62.exe
[2025-05-26 15:09:17.351] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\45b95b6ee5a726bf41b6a52020bb03cdf128e381998f317d8bd34deb4074cf62.exe
[2025-05-26 15:09:17.351] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:09:18.758] Restoring snapshot 35 done
[2025-05-26 15:09:18.758] Starting up VM
[2025-05-26 15:09:24.610] Starting up VM done
[2025-05-26 15:09:24.610] Installing kernel driver
[2025-05-26 15:09:24.610] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:09:28.235] Kernel driver installation completed
[2025-05-26 15:09:28.235] Starting GP driver service
[2025-05-26 15:09:28.235] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:09:31.397] GP driver service started
[2025-05-26 15:09:31.398] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\45b95b6ee5a726bf41b6a52020bb03cdf128e381998f317d8bd34deb4074cf62.exe
[2025-05-26 15:09:31.398] Malware execution started
[2025-05-26 15:09:31.398] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:10:31.406] Taking screenshot
[2025-05-26 15:10:31.468] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:11:38.577] Powering off VM done
[2025-05-26 15:11:41.578] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:11:42.802] Restoring snapshot 35 done
[2025-05-26 15:11:42.802] Kernel telemetry analysis completed in 145.5 seconds.

[2025-05-26 15:11:42.802] ✅ Analysis completed successfully!
[2025-05-26 15:11:42.802] Progress: 4.9% (69/1408)
[2025-05-26 15:11:42.802] Successful: 69, Failed: 0
[2025-05-26 15:11:42.802] Time remaining: 58.9h
[2025-05-26 15:11:42.802] Waiting 5 seconds before next sample...
[2025-05-26 15:11:47.802] SAMPLE 70/1408
[2025-05-26 15:11:47.802] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:11:47.802] File: 5b7bed7349f6b1499b7eac111d7264101b13eeb9684830a4a93bab5f9d79d77e.exe
[2025-05-26 15:11:47.802] Path: D:\new\ransomware_high_confidence\avoslocker\5b7bed7349f6b1499b7eac111d7264101b13eeb9684830a4a93bab5f9d79d77e.exe
[2025-05-26 15:11:47.803] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\5b7bed7349f6b1499b7eac111d7264101b13eeb9684830a4a93bab5f9d79d77e.exe
[2025-05-26 15:11:47.803] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:11:49.353] Restoring snapshot 35 done
[2025-05-26 15:11:49.353] Starting up VM
[2025-05-26 15:11:55.665] Starting up VM done
[2025-05-26 15:11:55.665] Installing kernel driver
[2025-05-26 15:11:55.665] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:12:00.147] Kernel driver installation completed
[2025-05-26 15:12:00.147] Starting GP driver service
[2025-05-26 15:12:00.147] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:12:03.308] GP driver service started
[2025-05-26 15:12:03.308] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\5b7bed7349f6b1499b7eac111d7264101b13eeb9684830a4a93bab5f9d79d77e.exe
[2025-05-26 15:12:03.309] Malware execution started
[2025-05-26 15:12:03.309] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:13:03.317] Taking screenshot
[2025-05-26 15:13:03.383] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:14:17.746] Powering off VM done
[2025-05-26 15:14:20.746] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:14:22.138] Restoring snapshot 35 done
[2025-05-26 15:14:22.138] Kernel telemetry analysis completed in 154.3 seconds.

[2025-05-26 15:14:22.138] ✅ Analysis completed successfully!
[2025-05-26 15:14:22.138] Progress: 5.0% (70/1408)
[2025-05-26 15:14:22.138] Successful: 70, Failed: 0
[2025-05-26 15:14:22.138] Time remaining: 58.9h
[2025-05-26 15:14:22.138] Waiting 5 seconds before next sample...
[2025-05-26 15:14:27.139] SAMPLE 71/1408
[2025-05-26 15:14:27.139] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:14:27.139] File: 5d6e4bd7bd7239fab20e043fb292974497297af89759b1b0d48d7d006e5e96fa.exe
[2025-05-26 15:14:27.139] Path: D:\new\ransomware_high_confidence\avoslocker\5d6e4bd7bd7239fab20e043fb292974497297af89759b1b0d48d7d006e5e96fa.exe
[2025-05-26 15:14:27.139] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\5d6e4bd7bd7239fab20e043fb292974497297af89759b1b0d48d7d006e5e96fa.exe
[2025-05-26 15:14:27.139] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:14:28.958] Restoring snapshot 35 done
[2025-05-26 15:14:28.958] Starting up VM
[2025-05-26 15:14:36.112] Starting up VM done
[2025-05-26 15:14:36.112] Installing kernel driver
[2025-05-26 15:14:36.112] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:14:40.190] Kernel driver installation completed
[2025-05-26 15:14:40.190] Starting GP driver service
[2025-05-26 15:14:40.190] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:14:43.342] GP driver service started
[2025-05-26 15:14:43.342] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\5d6e4bd7bd7239fab20e043fb292974497297af89759b1b0d48d7d006e5e96fa.exe
[2025-05-26 15:14:43.342] Malware execution started
[2025-05-26 15:14:43.342] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:15:43.351] Taking screenshot
[2025-05-26 15:15:43.411] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:16:57.661] Powering off VM done
[2025-05-26 15:17:00.662] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:17:02.270] Restoring snapshot 35 done
[2025-05-26 15:17:02.270] Kernel telemetry analysis completed in 155.1 seconds.

[2025-05-26 15:17:02.270] ✅ Analysis completed successfully!
[2025-05-26 15:17:02.270] Progress: 5.0% (71/1408)
[2025-05-26 15:17:02.270] Successful: 71, Failed: 0
[2025-05-26 15:17:02.270] Time remaining: 58.9h
[2025-05-26 15:17:02.270] Waiting 5 seconds before next sample...
[2025-05-26 15:17:07.271] SAMPLE 72/1408
[2025-05-26 15:17:07.271] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:17:07.271] File: 5db3f3c20f7860682ea6d7ebbe3db042337aa18d874f26699213cef2a5764304.exe
[2025-05-26 15:17:07.271] Path: D:\new\ransomware_high_confidence\avoslocker\5db3f3c20f7860682ea6d7ebbe3db042337aa18d874f26699213cef2a5764304.exe
[2025-05-26 15:17:07.271] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\5db3f3c20f7860682ea6d7ebbe3db042337aa18d874f26699213cef2a5764304.exe
[2025-05-26 15:17:07.271] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:17:09.053] Restoring snapshot 35 done
[2025-05-26 15:17:09.053] Starting up VM
[2025-05-26 15:17:15.423] Starting up VM done
[2025-05-26 15:17:15.423] Installing kernel driver
[2025-05-26 15:17:15.423] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:17:19.845] Kernel driver installation completed
[2025-05-26 15:17:19.845] Starting GP driver service
[2025-05-26 15:17:19.845] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:17:23.002] GP driver service started
[2025-05-26 15:17:23.002] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\5db3f3c20f7860682ea6d7ebbe3db042337aa18d874f26699213cef2a5764304.exe
[2025-05-26 15:17:23.003] Malware execution started
[2025-05-26 15:17:23.003] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:18:23.011] Taking screenshot
[2025-05-26 15:18:23.071] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:18:43.980] Powering off VM done
[2025-05-26 15:18:46.980] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:18:48.316] Restoring snapshot 35 done
[2025-05-26 15:18:48.316] Kernel telemetry analysis completed in 101.0 seconds.

[2025-05-26 15:18:48.316] ✅ Analysis completed successfully!
[2025-05-26 15:18:48.316] Progress: 5.1% (72/1408)
[2025-05-26 15:18:48.316] Successful: 72, Failed: 0
[2025-05-26 15:18:48.316] Time remaining: 58.6h
[2025-05-26 15:18:48.316] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-26 15:18:53.317] SAMPLE 73/1408
[2025-05-26 15:18:53.317] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:18:53.317] File: 603b5241cb49ef17c2522b60600b15d9e1273ccbf4d39aec4d34e16297968955.exe
[2025-05-26 15:18:53.317] Path: D:\new\ransomware_high_confidence\avoslocker\603b5241cb49ef17c2522b60600b15d9e1273ccbf4d39aec4d34e16297968955.exe
[2025-05-26 15:18:53.317] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\603b5241cb49ef17c2522b60600b15d9e1273ccbf4d39aec4d34e16297968955.exe
[2025-05-26 15:18:53.317] Malware execution time: 60 seconds
[2025-05-26 15:18:53.317] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:18:55.193] Restoring snapshot 35 done
[2025-05-26 15:18:55.193] Starting up VM
[2025-05-26 15:19:01.437] Starting up VM done
[2025-05-26 15:19:01.437] Installing kernel driver
[2025-05-26 15:19:01.437] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:19:05.348] Kernel driver installation completed
[2025-05-26 15:19:05.348] Starting GP driver service
[2025-05-26 15:19:05.348] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:19:08.511] GP driver service started
[2025-05-26 15:19:08.511] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\603b5241cb49ef17c2522b60600b15d9e1273ccbf4d39aec4d34e16297968955.exe
[2025-05-26 15:19:08.512] Malware execution started
[2025-05-26 15:19:08.512] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:20:08.520] Taking screenshot
[2025-05-26 15:20:08.581] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:21:34.997] Powering off VM done
[2025-05-26 15:21:37.997] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:21:39.299] Restoring snapshot 35 done
[2025-05-26 15:21:39.299] Kernel telemetry analysis completed in 166.0 seconds.

[2025-05-26 15:21:39.299] ✅ Analysis completed successfully!
[2025-05-26 15:21:39.299] Progress: 5.2% (73/1408)
[2025-05-26 15:21:39.299] Successful: 73, Failed: 0
[2025-05-26 15:21:39.299] Time remaining: 58.6h
[2025-05-26 15:21:39.299] Waiting 5 seconds before next sample...
[2025-05-26 15:21:44.300] SAMPLE 74/1408
[2025-05-26 15:21:44.300] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:21:44.300] File: 62a8e739d111437b798d1b5f9286366c10cb48a1a7818519babc7f3a9bb5124e.exe
[2025-05-26 15:21:44.300] Path: D:\new\ransomware_high_confidence\avoslocker\62a8e739d111437b798d1b5f9286366c10cb48a1a7818519babc7f3a9bb5124e.exe
[2025-05-26 15:21:44.300] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\62a8e739d111437b798d1b5f9286366c10cb48a1a7818519babc7f3a9bb5124e.exe
[2025-05-26 15:21:44.300] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:21:46.089] Restoring snapshot 35 done
[2025-05-26 15:21:46.089] Starting up VM
[2025-05-26 15:21:51.843] Starting up VM done
[2025-05-26 15:21:51.843] Installing kernel driver
[2025-05-26 15:21:51.843] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:21:56.286] Kernel driver installation completed
[2025-05-26 15:21:56.286] Starting GP driver service
[2025-05-26 15:21:56.286] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:21:59.443] GP driver service started
[2025-05-26 15:21:59.443] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\62a8e739d111437b798d1b5f9286366c10cb48a1a7818519babc7f3a9bb5124e.exe
[2025-05-26 15:21:59.443] Malware execution started
[2025-05-26 15:21:59.443] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:22:59.452] Taking screenshot
[2025-05-26 15:22:59.512] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:24:24.079] Powering off VM done
[2025-05-26 15:24:27.079] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:24:28.559] Restoring snapshot 35 done
[2025-05-26 15:24:28.559] Kernel telemetry analysis completed in 164.3 seconds.

[2025-05-26 15:24:28.559] ✅ Analysis completed successfully!
[2025-05-26 15:24:28.559] Progress: 5.3% (74/1408)
[2025-05-26 15:24:28.559] Successful: 74, Failed: 0
[2025-05-26 15:24:28.559] Time remaining: 58.6h
[2025-05-26 15:24:28.559] Waiting 5 seconds before next sample...
[2025-05-26 15:24:33.559] SAMPLE 75/1408
[2025-05-26 15:24:33.559] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:24:33.559] File: 66de24f5e32ddf0b20d64701862f3c23071018cc0758e34f487cdf795a89b73b.exe
[2025-05-26 15:24:33.559] Path: D:\new\ransomware_high_confidence\avoslocker\66de24f5e32ddf0b20d64701862f3c23071018cc0758e34f487cdf795a89b73b.exe
[2025-05-26 15:24:33.559] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\66de24f5e32ddf0b20d64701862f3c23071018cc0758e34f487cdf795a89b73b.exe
[2025-05-26 15:24:33.559] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:24:35.326] Restoring snapshot 35 done
[2025-05-26 15:24:35.326] Starting up VM
[2025-05-26 15:24:41.456] Starting up VM done
[2025-05-26 15:24:41.457] Installing kernel driver
[2025-05-26 15:24:41.457] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:24:45.686] Kernel driver installation completed
[2025-05-26 15:24:45.687] Starting GP driver service
[2025-05-26 15:24:45.687] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:24:48.843] GP driver service started
[2025-05-26 15:24:48.843] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\66de24f5e32ddf0b20d64701862f3c23071018cc0758e34f487cdf795a89b73b.exe
[2025-05-26 15:24:48.844] Malware execution started
[2025-05-26 15:24:48.844] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:25:48.852] Taking screenshot
[2025-05-26 15:25:48.912] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:26:34.284] Powering off VM done
[2025-05-26 15:26:37.285] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:26:38.680] Restoring snapshot 35 done
[2025-05-26 15:26:38.680] Kernel telemetry analysis completed in 125.1 seconds.

[2025-05-26 15:26:38.680] ✅ Analysis completed successfully!
[2025-05-26 15:26:38.680] Progress: 5.3% (75/1408)
[2025-05-26 15:26:38.680] Successful: 75, Failed: 0
[2025-05-26 15:26:38.680] Time remaining: 58.4h
[2025-05-26 15:26:38.680] Waiting 5 seconds before next sample...
[2025-05-26 15:26:43.680] SAMPLE 76/1408
[2025-05-26 15:26:43.680] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:26:43.680] File: 6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe
[2025-05-26 15:26:43.680] Path: D:\new\ransomware_high_confidence\avoslocker\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe
[2025-05-26 15:26:43.680] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe
[2025-05-26 15:26:43.680] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:26:45.387] Restoring snapshot 35 done
[2025-05-26 15:26:45.387] Starting up VM
[2025-05-26 15:26:51.467] Starting up VM done
[2025-05-26 15:26:51.467] Installing kernel driver
[2025-05-26 15:26:51.467] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:26:55.816] Kernel driver installation completed
[2025-05-26 15:26:55.816] Starting GP driver service
[2025-05-26 15:26:55.817] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:26:58.975] GP driver service started
[2025-05-26 15:26:58.976] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.exe
[2025-05-26 15:26:58.976] Malware execution started
[2025-05-26 15:26:58.976] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:27:58.984] Taking screenshot
[2025-05-26 15:27:59.050] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:29:28.378] Powering off VM done
[2025-05-26 15:29:31.378] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:29:32.399] Restoring snapshot 35 done
[2025-05-26 15:29:32.399] Kernel telemetry analysis completed in 168.7 seconds.

[2025-05-26 15:29:32.399] ✅ Analysis completed successfully!
[2025-05-26 15:29:32.399] Progress: 5.4% (76/1408)
[2025-05-26 15:29:32.399] Successful: 76, Failed: 0
[2025-05-26 15:29:32.399] Time remaining: 58.4h
[2025-05-26 15:29:32.399] Waiting 5 seconds before next sample...
[2025-05-26 15:29:37.399] SAMPLE 77/1408
[2025-05-26 15:29:37.399] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:29:37.399] File: 718810b8eeb682fc70df602d952c0c83e028c5a5bfa44c506756980caf2edebb.exe
[2025-05-26 15:29:37.399] Path: D:\new\ransomware_high_confidence\avoslocker\718810b8eeb682fc70df602d952c0c83e028c5a5bfa44c506756980caf2edebb.exe
[2025-05-26 15:29:37.399] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\718810b8eeb682fc70df602d952c0c83e028c5a5bfa44c506756980caf2edebb.exe
[2025-05-26 15:29:37.399] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:29:39.221] Restoring snapshot 35 done
[2025-05-26 15:29:39.221] Starting up VM
[2025-05-26 15:29:45.578] Starting up VM done
[2025-05-26 15:29:45.578] Installing kernel driver
[2025-05-26 15:29:45.578] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:29:50.302] Kernel driver installation completed
[2025-05-26 15:29:50.302] Starting GP driver service
[2025-05-26 15:29:50.302] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:29:53.593] GP driver service started
[2025-05-26 15:29:53.594] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\718810b8eeb682fc70df602d952c0c83e028c5a5bfa44c506756980caf2edebb.exe
[2025-05-26 15:29:53.594] Malware execution started
[2025-05-26 15:29:53.594] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:30:53.602] Taking screenshot
[2025-05-26 15:30:53.670] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:32:08.097] Powering off VM done
[2025-05-26 15:32:11.097] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:32:12.493] Restoring snapshot 35 done
[2025-05-26 15:32:12.493] Kernel telemetry analysis completed in 155.1 seconds.

[2025-05-26 15:32:12.493] ✅ Analysis completed successfully!
[2025-05-26 15:32:12.493] Progress: 5.5% (77/1408)
[2025-05-26 15:32:12.493] Successful: 77, Failed: 0
[2025-05-26 15:32:12.493] Time remaining: 58.4h
[2025-05-26 15:32:12.493] Waiting 5 seconds before next sample...
[2025-05-26 15:32:17.493] SAMPLE 78/1408
[2025-05-26 15:32:17.493] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:32:17.493] File: 7d1e470e36c68e1156a7828f8002254dcde68dc61f998ab5636c12ba63f472dd.exe
[2025-05-26 15:32:17.493] Path: D:\new\ransomware_high_confidence\avoslocker\7d1e470e36c68e1156a7828f8002254dcde68dc61f998ab5636c12ba63f472dd.exe
[2025-05-26 15:32:17.493] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\7d1e470e36c68e1156a7828f8002254dcde68dc61f998ab5636c12ba63f472dd.exe
[2025-05-26 15:32:17.493] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:32:19.266] Restoring snapshot 35 done
[2025-05-26 15:32:19.266] Starting up VM
[2025-05-26 15:32:25.316] Starting up VM done
[2025-05-26 15:32:25.316] Installing kernel driver
[2025-05-26 15:32:25.316] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:32:29.426] Kernel driver installation completed
[2025-05-26 15:32:29.426] Starting GP driver service
[2025-05-26 15:32:29.426] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:32:32.573] GP driver service started
[2025-05-26 15:32:32.574] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\7d1e470e36c68e1156a7828f8002254dcde68dc61f998ab5636c12ba63f472dd.exe
[2025-05-26 15:32:32.574] Malware execution started
[2025-05-26 15:32:32.574] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:33:32.582] Taking screenshot
[2025-05-26 15:33:32.642] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:34:52.002] Powering off VM done
[2025-05-26 15:34:55.003] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:34:56.890] Restoring snapshot 35 done
[2025-05-26 15:34:56.890] Kernel telemetry analysis completed in 159.4 seconds.

[2025-05-26 15:34:56.890] ✅ Analysis completed successfully!
[2025-05-26 15:34:56.890] Progress: 5.5% (78/1408)
[2025-05-26 15:34:56.890] Successful: 78, Failed: 0
[2025-05-26 15:34:56.890] Time remaining: 58.4h
[2025-05-26 15:34:56.890] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-26 15:35:01.891] SAMPLE 79/1408
[2025-05-26 15:35:01.891] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:35:01.891] File: 8374cd9a8c03d900eefcd0bae936eed24532868c9090e919f6c303d9e0029c9d.exe
[2025-05-26 15:35:01.891] Path: D:\new\ransomware_high_confidence\avoslocker\8374cd9a8c03d900eefcd0bae936eed24532868c9090e919f6c303d9e0029c9d.exe
[2025-05-26 15:35:01.891] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\8374cd9a8c03d900eefcd0bae936eed24532868c9090e919f6c303d9e0029c9d.exe
[2025-05-26 15:35:01.891] Malware execution time: 60 seconds
[2025-05-26 15:35:01.891] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:35:03.362] Restoring snapshot 35 done
[2025-05-26 15:35:03.362] Starting up VM
[2025-05-26 15:35:09.438] Starting up VM done
[2025-05-26 15:35:09.438] Installing kernel driver
[2025-05-26 15:35:09.438] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:35:13.884] Kernel driver installation completed
[2025-05-26 15:35:13.884] Starting GP driver service
[2025-05-26 15:35:13.884] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:35:17.037] GP driver service started
[2025-05-26 15:35:17.037] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\8374cd9a8c03d900eefcd0bae936eed24532868c9090e919f6c303d9e0029c9d.exe
[2025-05-26 15:35:17.037] Malware execution started
[2025-05-26 15:35:17.038] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:36:17.046] Taking screenshot
[2025-05-26 15:36:17.105] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:37:38.103] Powering off VM done
[2025-05-26 15:37:41.103] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:37:43.049] Restoring snapshot 35 done
[2025-05-26 15:37:43.049] Kernel telemetry analysis completed in 161.2 seconds.

[2025-05-26 15:37:43.049] ✅ Analysis completed successfully!
[2025-05-26 15:37:43.049] Progress: 5.6% (79/1408)
[2025-05-26 15:37:43.049] Successful: 79, Failed: 0
[2025-05-26 15:37:43.049] Time remaining: 58.4h
[2025-05-26 15:37:43.049] Waiting 5 seconds before next sample...
[2025-05-26 15:37:48.049] SAMPLE 80/1408
[2025-05-26 15:37:48.049] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:37:48.049] File: 84d94c032543e8797a514323b0b8fd8bd69b4183f17351628b13d1464093af2d.exe
[2025-05-26 15:37:48.049] Path: D:\new\ransomware_high_confidence\avoslocker\84d94c032543e8797a514323b0b8fd8bd69b4183f17351628b13d1464093af2d.exe
[2025-05-26 15:37:48.049] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\84d94c032543e8797a514323b0b8fd8bd69b4183f17351628b13d1464093af2d.exe
[2025-05-26 15:37:48.050] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:37:49.586] Restoring snapshot 35 done
[2025-05-26 15:37:49.586] Starting up VM
[2025-05-26 15:37:55.779] Starting up VM done
[2025-05-26 15:37:55.779] Installing kernel driver
[2025-05-26 15:37:55.779] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:38:00.250] Kernel driver installation completed
[2025-05-26 15:38:00.251] Starting GP driver service
[2025-05-26 15:38:00.251] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:38:03.401] GP driver service started
[2025-05-26 15:38:03.401] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\84d94c032543e8797a514323b0b8fd8bd69b4183f17351628b13d1464093af2d.exe
[2025-05-26 15:38:03.401] Malware execution started
[2025-05-26 15:38:03.401] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:39:03.409] Taking screenshot
[2025-05-26 15:39:03.477] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:40:10.385] Powering off VM done
[2025-05-26 15:40:13.385] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:40:14.773] Restoring snapshot 35 done
[2025-05-26 15:40:14.773] Kernel telemetry analysis completed in 146.7 seconds.

[2025-05-26 15:40:14.773] ✅ Analysis completed successfully!
[2025-05-26 15:40:14.773] Progress: 5.7% (80/1408)
[2025-05-26 15:40:14.773] Successful: 80, Failed: 0
[2025-05-26 15:40:14.773] Time remaining: 58.3h
[2025-05-26 15:40:14.773] Waiting 5 seconds before next sample...
[2025-05-26 15:40:19.773] SAMPLE 81/1408
[2025-05-26 15:40:19.773] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:40:19.773] File: 85115951fe456441a3f6fccd09b9101b12255ac4e029c3b0c8be1ab450a4bc6c.exe
[2025-05-26 15:40:19.773] Path: D:\new\ransomware_high_confidence\avoslocker\85115951fe456441a3f6fccd09b9101b12255ac4e029c3b0c8be1ab450a4bc6c.exe
[2025-05-26 15:40:19.773] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\85115951fe456441a3f6fccd09b9101b12255ac4e029c3b0c8be1ab450a4bc6c.exe
[2025-05-26 15:40:19.773] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:40:21.485] Restoring snapshot 35 done
[2025-05-26 15:40:21.485] Starting up VM
[2025-05-26 15:40:27.736] Starting up VM done
[2025-05-26 15:40:27.736] Installing kernel driver
[2025-05-26 15:40:27.736] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:40:32.196] Kernel driver installation completed
[2025-05-26 15:40:32.196] Starting GP driver service
[2025-05-26 15:40:32.196] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:40:35.351] GP driver service started
[2025-05-26 15:40:35.351] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\85115951fe456441a3f6fccd09b9101b12255ac4e029c3b0c8be1ab450a4bc6c.exe
[2025-05-26 15:40:35.351] Malware execution started
[2025-05-26 15:40:35.351] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:41:35.360] Taking screenshot
[2025-05-26 15:41:35.420] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:43:14.691] Powering off VM done
[2025-05-26 15:43:17.692] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:43:20.252] Restoring snapshot 35 done
[2025-05-26 15:43:20.252] Kernel telemetry analysis completed in 180.5 seconds.

[2025-05-26 15:43:20.252] ✅ Analysis completed successfully!
[2025-05-26 15:43:20.252] Progress: 5.8% (81/1408)
[2025-05-26 15:43:20.252] Successful: 81, Failed: 0
[2025-05-26 15:43:20.252] Time remaining: 58.4h
[2025-05-26 15:43:20.252] Waiting 5 seconds before next sample...
[2025-05-26 15:43:25.253] SAMPLE 82/1408
[2025-05-26 15:43:25.253] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:43:25.253] File: 8ac411f4b10581c38be5c2767747ee0a9279eb4faf02d8e7842b8376e8f742bf.exe
[2025-05-26 15:43:25.253] Path: D:\new\ransomware_high_confidence\avoslocker\8ac411f4b10581c38be5c2767747ee0a9279eb4faf02d8e7842b8376e8f742bf.exe
[2025-05-26 15:43:25.253] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\8ac411f4b10581c38be5c2767747ee0a9279eb4faf02d8e7842b8376e8f742bf.exe
[2025-05-26 15:43:25.253] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:43:27.150] Restoring snapshot 35 done
[2025-05-26 15:43:27.150] Starting up VM
[2025-05-26 15:43:33.686] Starting up VM done
[2025-05-26 15:43:33.686] Installing kernel driver
[2025-05-26 15:43:33.686] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:43:38.055] Kernel driver installation completed
[2025-05-26 15:43:38.055] Starting GP driver service
[2025-05-26 15:43:38.055] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:43:41.205] GP driver service started
[2025-05-26 15:43:41.205] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\8ac411f4b10581c38be5c2767747ee0a9279eb4faf02d8e7842b8376e8f742bf.exe
[2025-05-26 15:43:41.205] Malware execution started
[2025-05-26 15:43:41.205] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:44:41.213] Taking screenshot
[2025-05-26 15:44:41.274] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:46:31.773] Powering off VM done
[2025-05-26 15:46:34.773] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:46:36.252] Restoring snapshot 35 done
[2025-05-26 15:46:36.252] Kernel telemetry analysis completed in 191.0 seconds.

[2025-05-26 15:46:36.252] ✅ Analysis completed successfully!
[2025-05-26 15:46:36.252] Progress: 5.8% (82/1408)
[2025-05-26 15:46:36.252] Successful: 82, Failed: 0
[2025-05-26 15:46:36.252] Time remaining: 58.5h
[2025-05-26 15:46:36.252] Waiting 5 seconds before next sample...
[2025-05-26 15:46:41.252] SAMPLE 83/1408
[2025-05-26 15:46:41.252] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:46:41.252] File: 93b11a9a72d51d4aa80c0791c19dcc49cc164ae98b67cdff619743766611e947.exe
[2025-05-26 15:46:41.252] Path: D:\new\ransomware_high_confidence\avoslocker\93b11a9a72d51d4aa80c0791c19dcc49cc164ae98b67cdff619743766611e947.exe
[2025-05-26 15:46:41.252] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\93b11a9a72d51d4aa80c0791c19dcc49cc164ae98b67cdff619743766611e947.exe
[2025-05-26 15:46:41.252] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:46:42.932] Restoring snapshot 35 done
[2025-05-26 15:46:42.932] Starting up VM
[2025-05-26 15:46:49.413] Starting up VM done
[2025-05-26 15:46:49.413] Installing kernel driver
[2025-05-26 15:46:49.413] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:46:53.665] Kernel driver installation completed
[2025-05-26 15:46:53.665] Starting GP driver service
[2025-05-26 15:46:53.665] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:46:56.820] GP driver service started
[2025-05-26 15:46:56.820] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\93b11a9a72d51d4aa80c0791c19dcc49cc164ae98b67cdff619743766611e947.exe
[2025-05-26 15:46:56.821] Malware execution started
[2025-05-26 15:46:56.821] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:47:56.829] Taking screenshot
[2025-05-26 15:47:56.889] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:50:27.625] Powering off VM done
[2025-05-26 15:50:30.625] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:50:31.732] Restoring snapshot 35 done
[2025-05-26 15:50:31.733] Kernel telemetry analysis completed in 230.5 seconds.

[2025-05-26 15:50:31.733] ✅ Analysis completed successfully!
[2025-05-26 15:50:31.733] Progress: 5.9% (83/1408)
[2025-05-26 15:50:31.733] Successful: 83, Failed: 0
[2025-05-26 15:50:31.733] Time remaining: 58.8h
[2025-05-26 15:50:31.733] Waiting 5 seconds before next sample...
[2025-05-26 15:50:36.733] SAMPLE 84/1408
[2025-05-26 15:50:36.733] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:50:36.733] File: 9a2c0204689a19d372560fb1da472e25c9747289178a81a8aa4e3622a63fe773.exe
[2025-05-26 15:50:36.733] Path: D:\new\ransomware_high_confidence\avoslocker\9a2c0204689a19d372560fb1da472e25c9747289178a81a8aa4e3622a63fe773.exe
[2025-05-26 15:50:36.733] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\9a2c0204689a19d372560fb1da472e25c9747289178a81a8aa4e3622a63fe773.exe
[2025-05-26 15:50:36.733] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:50:37.575] Restoring snapshot 35 done
[2025-05-26 15:50:37.575] Starting up VM
[2025-05-26 15:50:43.985] Starting up VM done
[2025-05-26 15:50:43.985] Installing kernel driver
[2025-05-26 15:50:43.985] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:50:48.295] Kernel driver installation completed
[2025-05-26 15:50:48.295] Starting GP driver service
[2025-05-26 15:50:48.295] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:50:51.451] GP driver service started
[2025-05-26 15:50:51.451] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\9a2c0204689a19d372560fb1da472e25c9747289178a81a8aa4e3622a63fe773.exe
[2025-05-26 15:50:51.451] Malware execution started
[2025-05-26 15:50:51.451] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:51:51.460] Taking screenshot
[2025-05-26 15:51:51.520] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:52:52.732] Powering off VM done
[2025-05-26 15:52:55.732] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:52:57.038] Restoring snapshot 35 done
[2025-05-26 15:52:57.038] Kernel telemetry analysis completed in 140.3 seconds.

[2025-05-26 15:52:57.038] ✅ Analysis completed successfully!
[2025-05-26 15:52:57.038] Progress: 6.0% (84/1408)
[2025-05-26 15:52:57.038] Successful: 84, Failed: 0
[2025-05-26 15:52:57.038] Time remaining: 58.7h
[2025-05-26 15:52:57.038] Waiting 5 seconds before next sample...
[2025-05-26 15:53:02.038] SAMPLE 85/1408
[2025-05-26 15:53:02.038] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:53:02.038] File: 9e4b3871a7ea10afc1ad09f93f9205b6aa1863a984c729ee764eac2215d322e6.exe
[2025-05-26 15:53:02.038] Path: D:\new\ransomware_high_confidence\avoslocker\9e4b3871a7ea10afc1ad09f93f9205b6aa1863a984c729ee764eac2215d322e6.exe
[2025-05-26 15:53:02.038] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\9e4b3871a7ea10afc1ad09f93f9205b6aa1863a984c729ee764eac2215d322e6.exe
[2025-05-26 15:53:02.038] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:53:03.440] Restoring snapshot 35 done
[2025-05-26 15:53:03.440] Starting up VM
[2025-05-26 15:53:09.679] Starting up VM done
[2025-05-26 15:53:09.679] Installing kernel driver
[2025-05-26 15:53:09.679] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:53:14.342] Kernel driver installation completed
[2025-05-26 15:53:14.342] Starting GP driver service
[2025-05-26 15:53:14.342] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:53:17.503] GP driver service started
[2025-05-26 15:53:17.503] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\9e4b3871a7ea10afc1ad09f93f9205b6aa1863a984c729ee764eac2215d322e6.exe
[2025-05-26 15:53:17.503] Malware execution started
[2025-05-26 15:53:17.503] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:54:17.512] Taking screenshot
[2025-05-26 15:54:17.575] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:55:44.839] Powering off VM done
[2025-05-26 15:55:47.840] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:55:49.208] Restoring snapshot 35 done
[2025-05-26 15:55:49.208] Kernel telemetry analysis completed in 167.2 seconds.

[2025-05-26 15:55:49.208] ✅ Analysis completed successfully!
[2025-05-26 15:55:49.208] Progress: 6.0% (85/1408)
[2025-05-26 15:55:49.208] Successful: 85, Failed: 0
[2025-05-26 15:55:49.208] Time remaining: 58.7h
[2025-05-26 15:55:49.208] Waiting 5 seconds before next sample...
[2025-05-26 15:55:54.209] SAMPLE 86/1408
[2025-05-26 15:55:54.209] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:55:54.209] File: a1b504b8e34200d8029f6d75491d517e460162cb9df438257ee4ed85f61c18bc.exe
[2025-05-26 15:55:54.209] Path: D:\new\ransomware_high_confidence\avoslocker\a1b504b8e34200d8029f6d75491d517e460162cb9df438257ee4ed85f61c18bc.exe
[2025-05-26 15:55:54.209] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\a1b504b8e34200d8029f6d75491d517e460162cb9df438257ee4ed85f61c18bc.exe
[2025-05-26 15:55:54.209] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:55:55.728] Restoring snapshot 35 done
[2025-05-26 15:55:55.728] Starting up VM
[2025-05-26 15:56:01.963] Starting up VM done
[2025-05-26 15:56:01.963] Installing kernel driver
[2025-05-26 15:56:01.963] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:56:06.146] Kernel driver installation completed
[2025-05-26 15:56:06.146] Starting GP driver service
[2025-05-26 15:56:06.146] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:56:09.304] GP driver service started
[2025-05-26 15:56:09.304] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\a1b504b8e34200d8029f6d75491d517e460162cb9df438257ee4ed85f61c18bc.exe
[2025-05-26 15:56:09.305] Malware execution started
[2025-05-26 15:56:09.305] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 15:57:09.313] Taking screenshot
[2025-05-26 15:57:09.379] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:58:54.166] Powering off VM done
[2025-05-26 15:58:57.167] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:58:58.197] Restoring snapshot 35 done
[2025-05-26 15:58:58.197] Kernel telemetry analysis completed in 184.0 seconds.

[2025-05-26 15:58:58.197] ✅ Analysis completed successfully!
[2025-05-26 15:58:58.197] Progress: 6.1% (86/1408)
[2025-05-26 15:58:58.197] Successful: 86, Failed: 0
[2025-05-26 15:58:58.197] Time remaining: 58.8h
[2025-05-26 15:58:58.197] Waiting 5 seconds before next sample...
[2025-05-26 15:59:03.198] SAMPLE 87/1408
[2025-05-26 15:59:03.198] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 15:59:03.198] File: b4c4e9aabd821e6a664fb320a043c133e4e3d0381342079a50e12ca017f489bc.exe
[2025-05-26 15:59:03.198] Path: D:\new\ransomware_high_confidence\avoslocker\b4c4e9aabd821e6a664fb320a043c133e4e3d0381342079a50e12ca017f489bc.exe
[2025-05-26 15:59:03.198] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\b4c4e9aabd821e6a664fb320a043c133e4e3d0381342079a50e12ca017f489bc.exe
[2025-05-26 15:59:03.198] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 15:59:04.623] Restoring snapshot 35 done
[2025-05-26 15:59:04.623] Starting up VM
[2025-05-26 15:59:11.325] Starting up VM done
[2025-05-26 15:59:11.325] Installing kernel driver
[2025-05-26 15:59:11.325] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 15:59:15.661] Kernel driver installation completed
[2025-05-26 15:59:15.661] Starting GP driver service
[2025-05-26 15:59:15.661] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 15:59:18.808] GP driver service started
[2025-05-26 15:59:18.809] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\b4c4e9aabd821e6a664fb320a043c133e4e3d0381342079a50e12ca017f489bc.exe
[2025-05-26 15:59:18.809] Malware execution started
[2025-05-26 15:59:18.809] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:00:18.817] Taking screenshot
[2025-05-26 16:00:18.879] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:01:07.256] Powering off VM done
[2025-05-26 16:01:10.256] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:01:11.701] Restoring snapshot 35 done
[2025-05-26 16:01:11.701] Kernel telemetry analysis completed in 128.5 seconds.

[2025-05-26 16:01:11.701] ✅ Analysis completed successfully!
[2025-05-26 16:01:11.701] Progress: 6.2% (87/1408)
[2025-05-26 16:01:11.701] Successful: 87, Failed: 0
[2025-05-26 16:01:11.701] Time remaining: 58.6h
[2025-05-26 16:01:11.702] Waiting 5 seconds before next sample...
[2025-05-26 16:01:16.702] SAMPLE 88/1408
[2025-05-26 16:01:16.702] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 16:01:16.702] File: bff12a83b1fc2e0ad0000ad9b68abc8eada559bb1094caaf5b9f52887df23705.exe
[2025-05-26 16:01:16.702] Path: D:\new\ransomware_high_confidence\avoslocker\bff12a83b1fc2e0ad0000ad9b68abc8eada559bb1094caaf5b9f52887df23705.exe
[2025-05-26 16:01:16.702] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\bff12a83b1fc2e0ad0000ad9b68abc8eada559bb1094caaf5b9f52887df23705.exe
[2025-05-26 16:01:16.702] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:01:18.367] Restoring snapshot 35 done
[2025-05-26 16:01:18.367] Starting up VM
[2025-05-26 16:01:24.733] Starting up VM done
[2025-05-26 16:01:24.733] Installing kernel driver
[2025-05-26 16:01:24.733] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:01:29.057] Kernel driver installation completed
[2025-05-26 16:01:29.057] Starting GP driver service
[2025-05-26 16:01:29.057] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:01:32.205] GP driver service started
[2025-05-26 16:01:32.205] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\bff12a83b1fc2e0ad0000ad9b68abc8eada559bb1094caaf5b9f52887df23705.exe
[2025-05-26 16:01:32.206] Malware execution started
[2025-05-26 16:01:32.206] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:02:32.214] Taking screenshot
[2025-05-26 16:02:32.274] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:04:05.611] Powering off VM done
[2025-05-26 16:04:08.611] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:04:09.940] Restoring snapshot 35 done
[2025-05-26 16:04:09.940] Kernel telemetry analysis completed in 173.2 seconds.

[2025-05-26 16:04:09.940] ✅ Analysis completed successfully!
[2025-05-26 16:04:09.940] Progress: 6.2% (88/1408)
[2025-05-26 16:04:09.940] Successful: 88, Failed: 0
[2025-05-26 16:04:09.940] Time remaining: 58.7h
[2025-05-26 16:04:09.940] Waiting 5 seconds before next sample...
[2025-05-26 16:04:14.941] SAMPLE 89/1408
[2025-05-26 16:04:14.941] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 16:04:14.941] File: c0a42741eef72991d9d0ee8b6c0531fc19151457a8b59bdcf7b6373d1fe56e02.exe
[2025-05-26 16:04:14.941] Path: D:\new\ransomware_high_confidence\avoslocker\c0a42741eef72991d9d0ee8b6c0531fc19151457a8b59bdcf7b6373d1fe56e02.exe
[2025-05-26 16:04:14.941] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\c0a42741eef72991d9d0ee8b6c0531fc19151457a8b59bdcf7b6373d1fe56e02.exe
[2025-05-26 16:04:14.941] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:04:16.378] Restoring snapshot 35 done
[2025-05-26 16:04:16.378] Starting up VM
[2025-05-26 16:04:23.174] Starting up VM done
[2025-05-26 16:04:23.174] Installing kernel driver
[2025-05-26 16:04:23.174] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:04:27.555] Kernel driver installation completed
[2025-05-26 16:04:27.555] Starting GP driver service
[2025-05-26 16:04:27.555] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:04:30.906] GP driver service started
[2025-05-26 16:04:30.907] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\c0a42741eef72991d9d0ee8b6c0531fc19151457a8b59bdcf7b6373d1fe56e02.exe
[2025-05-26 16:04:30.907] Malware execution started
[2025-05-26 16:04:30.907] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:05:30.915] Taking screenshot
[2025-05-26 16:05:30.977] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:06:54.644] Powering off VM done
[2025-05-26 16:06:57.645] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:06:58.667] Restoring snapshot 35 done
[2025-05-26 16:06:58.667] Kernel telemetry analysis completed in 163.7 seconds.

[2025-05-26 16:06:58.667] ✅ Analysis completed successfully!
[2025-05-26 16:06:58.667] Progress: 6.3% (89/1408)
[2025-05-26 16:06:58.667] Successful: 89, Failed: 0
[2025-05-26 16:06:58.667] Time remaining: 58.7h
[2025-05-26 16:06:58.667] Waiting 5 seconds before next sample...
[2025-05-26 16:07:03.668] SAMPLE 90/1408
[2025-05-26 16:07:03.668] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 16:07:03.668] File: c65547704c20045f006d0653144101bbdf9dd5d2aa6b4db61b83f847704b10f6.exe
[2025-05-26 16:07:03.668] Path: D:\new\ransomware_high_confidence\avoslocker\c65547704c20045f006d0653144101bbdf9dd5d2aa6b4db61b83f847704b10f6.exe
[2025-05-26 16:07:03.668] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\c65547704c20045f006d0653144101bbdf9dd5d2aa6b4db61b83f847704b10f6.exe
[2025-05-26 16:07:03.668] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:07:05.085] Restoring snapshot 35 done
[2025-05-26 16:07:05.085] Starting up VM
[2025-05-26 16:07:11.198] Starting up VM done
[2025-05-26 16:07:11.199] Installing kernel driver
[2025-05-26 16:07:11.199] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:07:15.260] Kernel driver installation completed
[2025-05-26 16:07:15.260] Starting GP driver service
[2025-05-26 16:07:15.260] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:07:18.416] GP driver service started
[2025-05-26 16:07:18.416] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\c65547704c20045f006d0653144101bbdf9dd5d2aa6b4db61b83f847704b10f6.exe
[2025-05-26 16:07:18.416] Malware execution started
[2025-05-26 16:07:18.417] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:08:18.425] Taking screenshot
[2025-05-26 16:08:18.485] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:09:39.985] Powering off VM done
[2025-05-26 16:09:42.985] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:09:43.904] Restoring snapshot 35 done
[2025-05-26 16:09:43.904] Kernel telemetry analysis completed in 160.2 seconds.

[2025-05-26 16:09:43.904] ✅ Analysis completed successfully!
[2025-05-26 16:09:43.904] Progress: 6.4% (90/1408)
[2025-05-26 16:09:43.904] Successful: 90, Failed: 0
[2025-05-26 16:09:43.904] Time remaining: 58.6h
[2025-05-26 16:09:43.904] Waiting 5 seconds before next sample...
[2025-05-26 16:09:48.904] SAMPLE 91/1408
[2025-05-26 16:09:48.904] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 16:09:48.904] File: c7307b1cfd6685c2b3a19a7239a40e8afa5432ffe039bb4b3caca8a70ad1eed6.exe
[2025-05-26 16:09:48.904] Path: D:\new\ransomware_high_confidence\avoslocker\c7307b1cfd6685c2b3a19a7239a40e8afa5432ffe039bb4b3caca8a70ad1eed6.exe
[2025-05-26 16:09:48.904] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\c7307b1cfd6685c2b3a19a7239a40e8afa5432ffe039bb4b3caca8a70ad1eed6.exe
[2025-05-26 16:09:48.904] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:09:50.324] Restoring snapshot 35 done
[2025-05-26 16:09:50.324] Starting up VM
[2025-05-26 16:09:56.588] Starting up VM done
[2025-05-26 16:09:56.588] Installing kernel driver
[2025-05-26 16:09:56.588] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:10:01.192] Kernel driver installation completed
[2025-05-26 16:10:01.192] Starting GP driver service
[2025-05-26 16:10:01.192] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:10:04.342] GP driver service started
[2025-05-26 16:10:04.342] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\c7307b1cfd6685c2b3a19a7239a40e8afa5432ffe039bb4b3caca8a70ad1eed6.exe
[2025-05-26 16:10:04.342] Malware execution started
[2025-05-26 16:10:04.342] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:11:04.351] Taking screenshot
[2025-05-26 16:11:04.411] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:11:21.790] Powering off VM done
[2025-05-26 16:11:24.791] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:11:26.625] Restoring snapshot 35 done
[2025-05-26 16:11:26.625] Kernel telemetry analysis completed in 97.7 seconds.

[2025-05-26 16:11:26.625] ✅ Analysis completed successfully!
[2025-05-26 16:11:26.625] Progress: 6.5% (91/1408)
[2025-05-26 16:11:26.625] Successful: 91, Failed: 0
[2025-05-26 16:11:26.625] Time remaining: 58.4h
[2025-05-26 16:11:26.625] Waiting 5 seconds before next sample...
[2025-05-26 16:11:31.626] SAMPLE 92/1408
[2025-05-26 16:11:31.626] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 16:11:31.626] File: da6e60b4e39c6c556836a18a09a52cd83c47f9cf6dc9e3ad298cbcb925a62a96.exe
[2025-05-26 16:11:31.626] Path: D:\new\ransomware_high_confidence\avoslocker\da6e60b4e39c6c556836a18a09a52cd83c47f9cf6dc9e3ad298cbcb925a62a96.exe
[2025-05-26 16:11:31.626] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\da6e60b4e39c6c556836a18a09a52cd83c47f9cf6dc9e3ad298cbcb925a62a96.exe
[2025-05-26 16:11:31.626] Malware execution

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:11:33.326] Restoring snapshot 35 done
[2025-05-26 16:11:33.326] Starting up VM
[2025-05-26 16:11:39.578] Starting up VM done
[2025-05-26 16:11:39.578] Installing kernel driver
[2025-05-26 16:11:39.578] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:11:44.123] Kernel driver installation completed
[2025-05-26 16:11:44.123] Starting GP driver service
[2025-05-26 16:11:44.123] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:11:47.272] GP driver service started
[2025-05-26 16:11:47.272] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\da6e60b4e39c6c556836a18a09a52cd83c47f9cf6dc9e3ad298cbcb925a62a96.exe
[2025-05-26 16:11:47.273] Malware execution started
[2025-05-26 16:11:47.273] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:12:47.281] Taking screenshot
[2025-05-26 16:12:47.341] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:13:48.440] Powering off VM done
[2025-05-26 16:13:51.440] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:13:52.493] Restoring snapshot 35 done
[2025-05-26 16:13:52.493] Kernel telemetry analysis completed in 140.9 seconds.

[2025-05-26 16:13:52.493] ✅ Analysis completed successfully!
[2025-05-26 16:13:52.493] Progress: 6.5% (92/1408)
[2025-05-26 16:13:52.493] Successful: 92, Failed: 0
[2025-05-26 16:13:52.493] Time remaining: 58.3h
[2025-05-26 16:13:52.493] Waiting 5 seconds before next sample...
[2025-05-26 16:13:57.494] SAMPLE 93/1408
[2025-05-26 16:13:57.494] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 16:13:57.494] File: e2a945032dc77a8a9d36b709438612aca5858eee52d7c0ad1e375f9e9e080305.exe
[2025-05-26 16:13:57.494] Path: D:\new\ransomware_high_confidence\avoslocker\e2a945032dc77a8a9d36b709438612aca5858eee52d7c0ad1e375f9e9e080305.exe
[2025-05-26 16:13:57.494] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\e2a945032dc77a8a9d36b709438612aca5858eee52d7c0ad1e375f9e9e080305.exe
[2025-05-26 16:13:57.494] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:13:58.935] Restoring snapshot 35 done
[2025-05-26 16:13:58.935] Starting up VM
[2025-05-26 16:14:05.119] Starting up VM done
[2025-05-26 16:14:05.119] Installing kernel driver
[2025-05-26 16:14:05.119] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:14:08.833] Kernel driver installation completed
[2025-05-26 16:14:08.833] Starting GP driver service
[2025-05-26 16:14:08.833] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:14:11.984] GP driver service started
[2025-05-26 16:14:11.984] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\e2a945032dc77a8a9d36b709438612aca5858eee52d7c0ad1e375f9e9e080305.exe
[2025-05-26 16:14:11.984] Malware execution started
[2025-05-26 16:14:11.984] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:15:11.992] Taking screenshot
[2025-05-26 16:15:12.052] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:16:22.994] Powering off VM done
[2025-05-26 16:16:25.994] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:16:27.001] Restoring snapshot 35 done
[2025-05-26 16:16:27.001] Kernel telemetry analysis completed in 149.5 seconds.

[2025-05-26 16:16:27.001] ✅ Analysis completed successfully!
[2025-05-26 16:16:27.001] Progress: 6.6% (93/1408)
[2025-05-26 16:16:27.001] Successful: 93, Failed: 0
[2025-05-26 16:16:27.001] Time remaining: 58.2h
[2025-05-26 16:16:27.001] Waiting 5 seconds before next sample...
[2025-05-26 16:16:32.001] SAMPLE 94/1408
[2025-05-26 16:16:32.001] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 16:16:32.001] File: e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a.exe
[2025-05-26 16:16:32.001] Path: D:\new\ransomware_high_confidence\avoslocker\e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a.exe
[2025-05-26 16:16:32.001] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a.exe
[2025-05-26 16:16:32.001] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:16:33.699] Restoring snapshot 35 done
[2025-05-26 16:16:33.700] Starting up VM
[2025-05-26 16:16:39.451] Starting up VM done
[2025-05-26 16:16:39.451] Installing kernel driver
[2025-05-26 16:16:39.451] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:16:43.844] Kernel driver installation completed
[2025-05-26 16:16:43.844] Starting GP driver service
[2025-05-26 16:16:43.844] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:16:46.997] GP driver service started
[2025-05-26 16:16:46.998] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\e62c0bdf69b88a5bd95872cbcf4da4de4eef226bc9ef0452ee652eeee519b15a.exe
[2025-05-26 16:16:46.998] Malware execution started
[2025-05-26 16:16:46.998] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:17:47.007] Taking screenshot
[2025-05-26 16:17:47.074] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:19:00.731] Powering off VM done
[2025-05-26 16:19:03.731] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:19:05.070] Restoring snapshot 35 done
[2025-05-26 16:19:05.070] Kernel telemetry analysis completed in 153.1 seconds.

[2025-05-26 16:19:05.070] ✅ Analysis completed successfully!
[2025-05-26 16:19:05.070] Progress: 6.7% (94/1408)
[2025-05-26 16:19:05.070] Successful: 94, Failed: 0
[2025-05-26 16:19:05.070] Time remaining: 58.2h
[2025-05-26 16:19:05.070] Waiting 5 seconds before next sample...
[2025-05-26 16:19:10.070] SAMPLE 95/1408
[2025-05-26 16:19:10.070] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 16:19:10.070] File: ec955f589f25d0d28e55964a1aa79c27492026982994cd4ca1faf7e8a78db4bc.exe
[2025-05-26 16:19:10.070] Path: D:\new\ransomware_high_confidence\avoslocker\ec955f589f25d0d28e55964a1aa79c27492026982994cd4ca1faf7e8a78db4bc.exe
[2025-05-26 16:19:10.070] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\ec955f589f25d0d28e55964a1aa79c27492026982994cd4ca1faf7e8a78db4bc.exe
[2025-05-26 16:19:10.070] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:19:12.530] Restoring snapshot 35 done
[2025-05-26 16:19:12.530] Starting up VM
[2025-05-26 16:19:18.519] Starting up VM done
[2025-05-26 16:19:18.519] Installing kernel driver
[2025-05-26 16:19:18.519] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:19:22.044] Kernel driver installation completed
[2025-05-26 16:19:22.044] Starting GP driver service
[2025-05-26 16:19:22.044] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:19:25.198] GP driver service started
[2025-05-26 16:19:25.198] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\ec955f589f25d0d28e55964a1aa79c27492026982994cd4ca1faf7e8a78db4bc.exe
[2025-05-26 16:19:25.198] Malware execution started
[2025-05-26 16:19:25.198] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:20:25.206] Taking screenshot
[2025-05-26 16:20:25.267] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:21:34.245] Powering off VM done
[2025-05-26 16:21:37.246] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:21:38.789] Restoring snapshot 35 done
[2025-05-26 16:21:38.789] Kernel telemetry analysis completed in 148.7 seconds.

[2025-05-26 16:21:38.789] ✅ Analysis completed successfully!
[2025-05-26 16:21:38.789] Progress: 6.7% (95/1408)
[2025-05-26 16:21:38.789] Successful: 95, Failed: 0
[2025-05-26 16:21:38.789] Time remaining: 58.1h
[2025-05-26 16:21:38.789] Waiting 5 seconds before next sample...
[2025-05-26 16:21:43.790] SAMPLE 96/1408
[2025-05-26 16:21:43.790] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 16:21:43.790] File: f810deb1ba171cea5b595c6d3f816127fb182833f7a08a98de93226d4f6a336f.exe
[2025-05-26 16:21:43.790] Path: D:\new\ransomware_high_confidence\avoslocker\f810deb1ba171cea5b595c6d3f816127fb182833f7a08a98de93226d4f6a336f.exe
[2025-05-26 16:21:43.790] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\f810deb1ba171cea5b595c6d3f816127fb182833f7a08a98de93226d4f6a336f.exe
[2025-05-26 16:21:43.790] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:21:45.225] Restoring snapshot 35 done
[2025-05-26 16:21:45.225] Starting up VM
[2025-05-26 16:21:51.425] Starting up VM done
[2025-05-26 16:21:51.425] Installing kernel driver
[2025-05-26 16:21:51.425] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:21:55.611] Kernel driver installation completed
[2025-05-26 16:21:55.611] Starting GP driver service
[2025-05-26 16:21:55.611] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:21:58.773] GP driver service started
[2025-05-26 16:21:58.773] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\f810deb1ba171cea5b595c6d3f816127fb182833f7a08a98de93226d4f6a336f.exe
[2025-05-26 16:21:58.774] Malware execution started
[2025-05-26 16:21:58.774] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:22:58.782] Taking screenshot
[2025-05-26 16:22:58.844] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:23:46.784] Powering off VM done
[2025-05-26 16:23:49.785] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:23:51.462] Restoring snapshot 35 done
[2025-05-26 16:23:51.462] Kernel telemetry analysis completed in 127.7 seconds.

[2025-05-26 16:23:51.462] ✅ Analysis completed successfully!
[2025-05-26 16:23:51.462] Progress: 6.8% (96/1408)
[2025-05-26 16:23:51.462] Successful: 96, Failed: 0
[2025-05-26 16:23:51.462] Time remaining: 57.9h
[2025-05-26 16:23:51.463] Waiting 5 seconds before next sample...
[2025-05-26 16:23:56.463] SAMPLE 97/1408
[2025-05-26 16:23:56.463] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 16:23:56.463] File: f8e99bbacc62b0f72aa12f5f92e35607fa0382a881fe4a4b9476fc6b87a03c78.exe
[2025-05-26 16:23:56.463] Path: D:\new\ransomware_high_confidence\avoslocker\f8e99bbacc62b0f72aa12f5f92e35607fa0382a881fe4a4b9476fc6b87a03c78.exe
[2025-05-26 16:23:56.463] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\f8e99bbacc62b0f72aa12f5f92e35607fa0382a881fe4a4b9476fc6b87a03c78.exe
[2025-05-26 16:23:56.463] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:23:57.861] Restoring snapshot 35 done
[2025-05-26 16:23:57.861] Starting up VM
[2025-05-26 16:24:04.620] Starting up VM done
[2025-05-26 16:24:04.620] Installing kernel driver
[2025-05-26 16:24:04.620] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:24:08.874] Kernel driver installation completed
[2025-05-26 16:24:08.874] Starting GP driver service
[2025-05-26 16:24:08.874] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:24:12.032] GP driver service started
[2025-05-26 16:24:12.033] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\f8e99bbacc62b0f72aa12f5f92e35607fa0382a881fe4a4b9476fc6b87a03c78.exe
[2025-05-26 16:24:12.033] Malware execution started
[2025-05-26 16:24:12.033] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:25:12.041] Taking screenshot
[2025-05-26 16:25:12.103] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:26:14.817] Powering off VM done
[2025-05-26 16:26:17.817] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:26:19.287] Restoring snapshot 35 done
[2025-05-26 16:26:19.287] Kernel telemetry analysis completed in 142.8 seconds.

[2025-05-26 16:26:19.287] ✅ Analysis completed successfully!
[2025-05-26 16:26:19.287] Progress: 6.9% (97/1408)
[2025-05-26 16:26:19.287] Successful: 97, Failed: 0
[2025-05-26 16:26:19.287] Time remaining: 57.9h
[2025-05-26 16:26:19.287] Waiting 5 seconds before next sample...
[2025-05-26 16:26:24.287] SAMPLE 98/1408
[2025-05-26 16:26:24.287] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 16:26:24.287] File: fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe
[2025-05-26 16:26:24.287] Path: D:\new\ransomware_high_confidence\avoslocker\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe
[2025-05-26 16:26:24.287] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe
[2025-05-26 16:26:24.287] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:26:25.902] Restoring snapshot 35 done
[2025-05-26 16:26:25.902] Starting up VM
[2025-05-26 16:26:31.000] Starting up VM done
[2025-05-26 16:26:31.000] Installing kernel driver
[2025-05-26 16:26:31.000] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:26:36.258] Kernel driver installation completed
[2025-05-26 16:26:36.258] Starting GP driver service
[2025-05-26 16:26:36.258] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:26:39.410] GP driver service started
[2025-05-26 16:26:39.410] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe
[2025-05-26 16:26:39.410] Malware execution started
[2025-05-26 16:26:39.410] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:27:39.419] Taking screenshot
[2025-05-26 16:27:39.483] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:27:57.512] Powering off VM done
[2025-05-26 16:28:00.512] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:28:01.848] Restoring snapshot 35 done
[2025-05-26 16:28:01.848] Kernel telemetry analysis completed in 97.6 seconds.

[2025-05-26 16:28:01.848] ✅ Analysis completed successfully!
[2025-05-26 16:28:01.848] Progress: 7.0% (98/1408)
[2025-05-26 16:28:01.848] Successful: 98, Failed: 0
[2025-05-26 16:28:01.849] Time remaining: 57.6h
[2025-05-26 16:28:01.849] Waiting 5 seconds before next sample...
[2025-05-26 16:28:06.849] SAMPLE 99/1408
[2025-05-26 16:28:06.849] Family: D:\new\ransomware_high_confidence\avoslocker
[2025-05-26 16:28:06.849] File: ffd933ad53f22a0f10cceb4986087258f72dffdd36999b7014c6b37c157ee45f.exe
[2025-05-26 16:28:06.849] Path: D:\new\ransomware_high_confidence\avoslocker\ffd933ad53f22a0f10cceb4986087258f72dffdd36999b7014c6b37c157ee45f.exe
[2025-05-26 16:28:06.849] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\avoslocker\ffd933ad53f22a0f10cceb4986087258f72dffdd36999b7014c6b37c157ee45f.exe
[2025-05-26 16:28:06.849] Malware execution

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:28:08.257] Restoring snapshot 35 done
[2025-05-26 16:28:08.258] Starting up VM
[2025-05-26 16:28:14.275] Starting up VM done
[2025-05-26 16:28:14.275] Installing kernel driver
[2025-05-26 16:28:14.275] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:28:18.592] Kernel driver installation completed
[2025-05-26 16:28:18.592] Starting GP driver service
[2025-05-26 16:28:18.592] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:28:21.746] GP driver service started
[2025-05-26 16:28:21.746] Executing malware sample: D:\new\ransomware_high_confidence\avoslocker\ffd933ad53f22a0f10cceb4986087258f72dffdd36999b7014c6b37c157ee45f.exe
[2025-05-26 16:28:21.747] Malware execution started
[2025-05-26 16:28:21.747] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:29:21.755] Taking screenshot
[2025-05-26 16:29:21.815] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:30:41.014] Powering off VM done
[2025-05-26 16:30:44.014] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:30:45.229] Restoring snapshot 35 done
[2025-05-26 16:30:45.229] Kernel telemetry analysis completed in 158.4 seconds.

[2025-05-26 16:30:45.229] ✅ Analysis completed successfully!
[2025-05-26 16:30:45.229] Progress: 7.0% (99/1408)
[2025-05-26 16:30:45.229] Successful: 99, Failed: 0
[2025-05-26 16:30:45.229] Time remaining: 57.6h
[2025-05-26 16:30:45.229] Waiting 5 seconds before next sample...
[2025-05-26 16:30:50.229] SAMPLE 100/1408
[2025-05-26 16:30:50.229] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 16:30:50.229] File: 0099963e7285aeafc09e4214a45a6a210253d514cbd0d4b0c3997647a0afe879.exe
[2025-05-26 16:30:50.229] Path: D:\new\ransomware_high_confidence\babuk\0099963e7285aeafc09e4214a45a6a210253d514cbd0d4b0c3997647a0afe879.exe
[2025-05-26 16:30:50.229] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\0099963e7285aeafc09e4214a45a6a210253d514cbd0d4b0c3997647a0afe879.exe
[2025-05-26 16:30:50.229] Malware execution time: 60 sec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:30:51.648] Restoring snapshot 35 done
[2025-05-26 16:30:51.648] Starting up VM
[2025-05-26 16:30:57.958] Starting up VM done
[2025-05-26 16:30:57.958] Installing kernel driver
[2025-05-26 16:30:57.958] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:31:02.851] Kernel driver installation completed
[2025-05-26 16:31:02.851] Starting GP driver service
[2025-05-26 16:31:02.851] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:31:05.000] GP driver service started
[2025-05-26 16:31:05.000] Executing malware sample: D:\new\ransomware_high_confidence\babuk\0099963e7285aeafc09e4214a45a6a210253d514cbd0d4b0c3997647a0afe879.exe
[2025-05-26 16:31:06.000] Malware execution started
[2025-05-26 16:31:06.000] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:32:06.008] Taking screenshot
[2025-05-26 16:32:06.072] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:33:47.817] Powering off VM done
[2025-05-26 16:33:50.817] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:33:52.382] Restoring snapshot 35 done
[2025-05-26 16:33:52.382] Kernel telemetry analysis completed in 182.2 seconds.

[2025-05-26 16:33:52.382] ✅ Analysis completed successfully!
[2025-05-26 16:33:52.382] Progress: 7.1% (100/1408)
[2025-05-26 16:33:52.382] Successful: 100, Failed: 0
[2025-05-26 16:33:52.382] Time remaining: 57.6h
[2025-05-26 16:33:52.382] Waiting 5 seconds before next sample...
[2025-05-26 16:33:57.382] SAMPLE 101/1408
[2025-05-26 16:33:57.383] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 16:33:57.383] File: 01c647838c374e91e8f9fe967fd25235d72264414bb0d5b82c4fbd4151a9717f.exe
[2025-05-26 16:33:57.383] Path: D:\new\ransomware_high_confidence\babuk\01c647838c374e91e8f9fe967fd25235d72264414bb0d5b82c4fbd4151a9717f.exe
[2025-05-26 16:33:57.383] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\01c647838c374e91e8f9fe967fd25235d72264414bb0d5b82c4fbd4151a9717f.exe
[2025-05-26 16:33:57.383] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:33:59.021] Restoring snapshot 35 done
[2025-05-26 16:33:59.021] Starting up VM
[2025-05-26 16:34:04.873] Starting up VM done
[2025-05-26 16:34:04.874] Installing kernel driver
[2025-05-26 16:34:04.874] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:34:09.120] Kernel driver installation completed
[2025-05-26 16:34:09.120] Starting GP driver service
[2025-05-26 16:34:09.120] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:34:12.278] GP driver service started
[2025-05-26 16:34:12.278] Executing malware sample: D:\new\ransomware_high_confidence\babuk\01c647838c374e91e8f9fe967fd25235d72264414bb0d5b82c4fbd4151a9717f.exe
[2025-05-26 16:34:12.279] Malware execution started
[2025-05-26 16:34:12.279] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:35:12.287] Taking screenshot
[2025-05-26 16:35:12.349] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:36:34.818] Powering off VM done
[2025-05-26 16:36:37.819] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:36:39.068] Restoring snapshot 35 done
[2025-05-26 16:36:39.068] Kernel telemetry analysis completed in 161.7 seconds.

[2025-05-26 16:36:39.068] ✅ Analysis completed successfully!
[2025-05-26 16:36:39.068] Progress: 7.2% (101/1408)
[2025-05-26 16:36:39.068] Successful: 101, Failed: 0
[2025-05-26 16:36:39.068] Time remaining: 57.6h
[2025-05-26 16:36:39.068] Waiting 5 seconds before next sample...
[2025-05-26 16:36:44.069] SAMPLE 102/1408
[2025-05-26 16:36:44.069] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 16:36:44.069] File: 028facff67136de55fe200177a190da625c8e1713b4e7d95bf5fc5412a5afffc.exe
[2025-05-26 16:36:44.069] Path: D:\new\ransomware_high_confidence\babuk\028facff67136de55fe200177a190da625c8e1713b4e7d95bf5fc5412a5afffc.exe
[2025-05-26 16:36:44.069] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\028facff67136de55fe200177a190da625c8e1713b4e7d95bf5fc5412a5afffc.exe
[2025-05-26 16:36:44.069] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:36:45.489] Restoring snapshot 35 done
[2025-05-26 16:36:45.489] Starting up VM
[2025-05-26 16:36:51.937] Starting up VM done
[2025-05-26 16:36:51.937] Installing kernel driver
[2025-05-26 16:36:51.937] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:36:56.047] Kernel driver installation completed
[2025-05-26 16:36:56.047] Starting GP driver service
[2025-05-26 16:36:56.047] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:36:59.195] GP driver service started
[2025-05-26 16:36:59.195] Executing malware sample: D:\new\ransomware_high_confidence\babuk\028facff67136de55fe200177a190da625c8e1713b4e7d95bf5fc5412a5afffc.exe
[2025-05-26 16:36:59.196] Malware execution started
[2025-05-26 16:36:59.196] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:37:59.204] Taking screenshot
[2025-05-26 16:37:59.266] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:39:04.250] Powering off VM done
[2025-05-26 16:39:07.251] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:39:08.727] Restoring snapshot 35 done
[2025-05-26 16:39:08.727] Kernel telemetry analysis completed in 144.7 seconds.

[2025-05-26 16:39:08.727] ✅ Analysis completed successfully!
[2025-05-26 16:39:08.727] Progress: 7.2% (102/1408)
[2025-05-26 16:39:08.727] Successful: 102, Failed: 0
[2025-05-26 16:39:08.727] Time remaining: 57.6h
[2025-05-26 16:39:08.727] Waiting 5 seconds before next sample...
[2025-05-26 16:39:13.727] SAMPLE 103/1408
[2025-05-26 16:39:13.727] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 16:39:13.727] File: 0294114d5f411b6c47eb255d4ed6865df99d1c5252f4f585aabf44e6cbacaa59.exe
[2025-05-26 16:39:13.727] Path: D:\new\ransomware_high_confidence\babuk\0294114d5f411b6c47eb255d4ed6865df99d1c5252f4f585aabf44e6cbacaa59.exe
[2025-05-26 16:39:13.727] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\0294114d5f411b6c47eb255d4ed6865df99d1c5252f4f585aabf44e6cbacaa59.exe
[2025-05-26 16:39:13.727] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:39:15.429] Restoring snapshot 35 done
[2025-05-26 16:39:15.429] Starting up VM
[2025-05-26 16:39:22.270] Starting up VM done
[2025-05-26 16:39:22.270] Installing kernel driver
[2025-05-26 16:39:22.270] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:39:25.937] Kernel driver installation completed
[2025-05-26 16:39:25.937] Starting GP driver service
[2025-05-26 16:39:25.937] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:39:31.666] GP driver service started
[2025-05-26 16:39:31.666] Executing malware sample: D:\new\ransomware_high_confidence\babuk\0294114d5f411b6c47eb255d4ed6865df99d1c5252f4f585aabf44e6cbacaa59.exe
[2025-05-26 16:39:31.667] Malware execution started
[2025-05-26 16:39:31.667] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:40:31.675] Taking screenshot
[2025-05-26 16:40:31.737] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:41:35.805] Powering off VM done
[2025-05-26 16:41:38.806] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:41:40.553] Restoring snapshot 35 done
[2025-05-26 16:41:40.553] Kernel telemetry analysis completed in 146.8 seconds.

[2025-05-26 16:41:40.553] ✅ Analysis completed successfully!
[2025-05-26 16:41:40.553] Progress: 7.3% (103/1408)
[2025-05-26 16:41:40.553] Successful: 103, Failed: 0
[2025-05-26 16:41:40.553] Time remaining: 57.5h
[2025-05-26 16:41:40.553] Waiting 5 seconds before next sample...
[2025-05-26 16:41:45.553] SAMPLE 104/1408
[2025-05-26 16:41:45.553] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 16:41:45.553] File: 03110baa5aad9d01610293f2b8cd21b44cc7efa0a465e677d6b3f92510a4b1d7.exe
[2025-05-26 16:41:45.553] Path: D:\new\ransomware_high_confidence\babuk\03110baa5aad9d01610293f2b8cd21b44cc7efa0a465e677d6b3f92510a4b1d7.exe
[2025-05-26 16:41:45.553] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\03110baa5aad9d01610293f2b8cd21b44cc7efa0a465e677d6b3f92510a4b1d7.exe
[2025-05-26 16:41:45.553] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:41:47.695] Restoring snapshot 35 done
[2025-05-26 16:41:47.695] Starting up VM
[2025-05-26 16:41:54.537] Starting up VM done
[2025-05-26 16:41:54.537] Installing kernel driver
[2025-05-26 16:41:54.537] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:41:58.873] Kernel driver installation completed
[2025-05-26 16:41:58.873] Starting GP driver service
[2025-05-26 16:41:58.873] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:42:02.025] GP driver service started
[2025-05-26 16:42:02.025] Executing malware sample: D:\new\ransomware_high_confidence\babuk\03110baa5aad9d01610293f2b8cd21b44cc7efa0a465e677d6b3f92510a4b1d7.exe
[2025-05-26 16:42:02.026] Malware execution started
[2025-05-26 16:42:02.026] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:43:02.034] Taking screenshot
[2025-05-26 16:43:02.097] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:44:12.426] Powering off VM done
[2025-05-26 16:44:15.426] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:44:17.131] Restoring snapshot 35 done
[2025-05-26 16:44:17.131] Kernel telemetry analysis completed in 151.6 seconds.

[2025-05-26 16:44:17.131] ✅ Analysis completed successfully!
[2025-05-26 16:44:17.131] Progress: 7.4% (104/1408)
[2025-05-26 16:44:17.131] Successful: 104, Failed: 0
[2025-05-26 16:44:17.131] Time remaining: 57.4h
[2025-05-26 16:44:17.131] Waiting 5 seconds before next sample...
[2025-05-26 16:44:22.131] SAMPLE 105/1408
[2025-05-26 16:44:22.131] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 16:44:22.131] File: 04126b30c1c2663cdf2b6386781aedbfce2ef418a0b01de510bd536903f577e3.exe
[2025-05-26 16:44:22.131] Path: D:\new\ransomware_high_confidence\babuk\04126b30c1c2663cdf2b6386781aedbfce2ef418a0b01de510bd536903f577e3.exe
[2025-05-26 16:44:22.132] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\04126b30c1c2663cdf2b6386781aedbfce2ef418a0b01de510bd536903f577e3.exe
[2025-05-26 16:44:22.132] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:44:23.679] Restoring snapshot 35 done
[2025-05-26 16:44:23.679] Starting up VM
[2025-05-26 16:44:29.449] Starting up VM done
[2025-05-26 16:44:29.449] Installing kernel driver
[2025-05-26 16:44:29.449] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:44:33.755] Kernel driver installation completed
[2025-05-26 16:44:33.755] Starting GP driver service
[2025-05-26 16:44:33.755] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:44:36.903] GP driver service started
[2025-05-26 16:44:36.903] Executing malware sample: D:\new\ransomware_high_confidence\babuk\04126b30c1c2663cdf2b6386781aedbfce2ef418a0b01de510bd536903f577e3.exe
[2025-05-26 16:44:36.903] Malware execution started
[2025-05-26 16:44:36.903] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:45:36.912] Taking screenshot
[2025-05-26 16:45:36.974] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:46:15.763] Powering off VM done
[2025-05-26 16:46:18.763] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:46:19.808] Restoring snapshot 35 done
[2025-05-26 16:46:19.808] Kernel telemetry analysis completed in 117.7 seconds.

[2025-05-26 16:46:19.808] ✅ Analysis completed successfully!
[2025-05-26 16:46:19.808] Progress: 7.5% (105/1408)
[2025-05-26 16:46:19.808] Successful: 105, Failed: 0
[2025-05-26 16:46:19.808] Time remaining: 57.3h
[2025-05-26 16:46:19.808] Waiting 5 seconds before next sample...
[2025-05-26 16:46:24.809] SAMPLE 106/1408
[2025-05-26 16:46:24.809] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 16:46:24.809] File: 049e53f72c8afa5ccb850429d55a00e2fbe799e68247fd13f5058146cf0f4cf8.exe
[2025-05-26 16:46:24.809] Path: D:\new\ransomware_high_confidence\babuk\049e53f72c8afa5ccb850429d55a00e2fbe799e68247fd13f5058146cf0f4cf8.exe
[2025-05-26 16:46:24.809] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\049e53f72c8afa5ccb850429d55a00e2fbe799e68247fd13f5058146cf0f4cf8.exe
[2025-05-26 16:46:24.809] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:46:26.530] Restoring snapshot 35 done
[2025-05-26 16:46:26.530] Starting up VM
[2025-05-26 16:46:33.275] Starting up VM done
[2025-05-26 16:46:33.275] Installing kernel driver
[2025-05-26 16:46:33.275] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:46:38.017] Kernel driver installation completed
[2025-05-26 16:46:38.017] Starting GP driver service
[2025-05-26 16:46:38.017] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:46:41.175] GP driver service started
[2025-05-26 16:46:41.175] Executing malware sample: D:\new\ransomware_high_confidence\babuk\049e53f72c8afa5ccb850429d55a00e2fbe799e68247fd13f5058146cf0f4cf8.exe
[2025-05-26 16:46:41.176] Malware execution started
[2025-05-26 16:46:41.176] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:47:41.184] Taking screenshot
[2025-05-26 16:47:41.248] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:48:29.067] Powering off VM done
[2025-05-26 16:48:32.067] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:48:33.091] Restoring snapshot 35 done
[2025-05-26 16:48:33.091] Kernel telemetry analysis completed in 128.3 seconds.

[2025-05-26 16:48:33.091] ✅ Analysis completed successfully!
[2025-05-26 16:48:33.091] Progress: 7.5% (106/1408)
[2025-05-26 16:48:33.091] Successful: 106, Failed: 0
[2025-05-26 16:48:33.091] Time remaining: 57.1h
[2025-05-26 16:48:33.091] Waiting 5 seconds before next sample...
[2025-05-26 16:48:38.092] SAMPLE 107/1408
[2025-05-26 16:48:38.092] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 16:48:38.092] File: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe
[2025-05-26 16:48:38.092] Path: D:\new\ransomware_high_confidence\babuk\06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe
[2025-05-26 16:48:38.092] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe
[2025-05-26 16:48:38.092] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:48:39.923] Restoring snapshot 35 done
[2025-05-26 16:48:39.923] Starting up VM
[2025-05-26 16:48:46.227] Starting up VM done
[2025-05-26 16:48:46.227] Installing kernel driver
[2025-05-26 16:48:46.227] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:48:50.530] Kernel driver installation completed
[2025-05-26 16:48:50.530] Starting GP driver service
[2025-05-26 16:48:50.530] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:48:53.687] GP driver service started
[2025-05-26 16:48:53.687] Executing malware sample: D:\new\ransomware_high_confidence\babuk\06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe
[2025-05-26 16:48:53.687] Malware execution started
[2025-05-26 16:48:53.687] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:49:53.695] Taking screenshot
[2025-05-26 16:49:53.758] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:50:35.451] Powering off VM done
[2025-05-26 16:50:38.452] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:50:40.001] Restoring snapshot 35 done
[2025-05-26 16:50:40.001] Kernel telemetry analysis completed in 121.9 seconds.

[2025-05-26 16:50:40.001] ✅ Analysis completed successfully!
[2025-05-26 16:50:40.001] Progress: 7.6% (107/1408)
[2025-05-26 16:50:40.001] Successful: 107, Failed: 0
[2025-05-26 16:50:40.001] Time remaining: 57.0h
[2025-05-26 16:50:40.001] Waiting 5 seconds before next sample...
[2025-05-26 16:50:45.001] SAMPLE 108/1408
[2025-05-26 16:50:45.001] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 16:50:45.001] File: 105af5c40c65f51979308e022c25dd285db3cd20e9656caaba0e9b1fc253898b.exe
[2025-05-26 16:50:45.001] Path: D:\new\ransomware_high_confidence\babuk\105af5c40c65f51979308e022c25dd285db3cd20e9656caaba0e9b1fc253898b.exe
[2025-05-26 16:50:45.002] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\105af5c40c65f51979308e022c25dd285db3cd20e9656caaba0e9b1fc253898b.exe
[2025-05-26 16:50:45.002] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:50:49.045] Restoring snapshot 35 done
[2025-05-26 16:50:49.045] Starting up VM
[2025-05-26 16:50:55.426] Starting up VM done
[2025-05-26 16:50:55.426] Installing kernel driver
[2025-05-26 16:50:55.426] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:50:59.626] Kernel driver installation completed
[2025-05-26 16:50:59.626] Starting GP driver service
[2025-05-26 16:50:59.626] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:51:02.777] GP driver service started
[2025-05-26 16:51:02.778] Executing malware sample: D:\new\ransomware_high_confidence\babuk\105af5c40c65f51979308e022c25dd285db3cd20e9656caaba0e9b1fc253898b.exe
[2025-05-26 16:51:02.778] Malware execution started
[2025-05-26 16:51:02.778] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:52:02.786] Taking screenshot
[2025-05-26 16:52:02.849] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:52:19.071] Powering off VM done
[2025-05-26 16:52:22.072] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:52:23.730] Restoring snapshot 35 done
[2025-05-26 16:52:23.730] Kernel telemetry analysis completed in 98.7 seconds.

[2025-05-26 16:52:23.730] ✅ Analysis completed successfully!
[2025-05-26 16:52:23.730] Progress: 7.7% (108/1408)
[2025-05-26 16:52:23.730] Successful: 108, Failed: 0
[2025-05-26 16:52:23.730] Time remaining: 56.8h
[2025-05-26 16:52:23.731] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-26 16:52:28.731] SAMPLE 109/1408
[2025-05-26 16:52:28.731] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 16:52:28.731] File: 106118444e0a7405c13531f8cd70191f36356581d58789dfc5df3da7ba0f9223.exe
[2025-05-26 16:52:28.731] Path: D:\new\ransomware_high_confidence\babuk\106118444e0a7405c13531f8cd70191f36356581d58789dfc5df3da7ba0f9223.exe
[2025-05-26 16:52:28.731] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\106118444e0a7405c13531f8cd70191f36356581d58789dfc5df3da7ba0f9223.exe
[2025-05-26 16:52:28.731] Malware execution time: 60 seconds
[2025-05-26 16:52:28.731] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:52:30.422] Restoring snapshot 35 done
[2025-05-26 16:52:30.422] Starting up VM
[2025-05-26 16:52:38.251] Starting up VM done
[2025-05-26 16:52:38.251] Installing kernel driver
[2025-05-26 16:52:38.251] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:52:42.448] Kernel driver installation completed
[2025-05-26 16:52:42.448] Starting GP driver service
[2025-05-26 16:52:42.448] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:52:45.607] GP driver service started
[2025-05-26 16:52:45.607] Executing malware sample: D:\new\ransomware_high_confidence\babuk\106118444e0a7405c13531f8cd70191f36356581d58789dfc5df3da7ba0f9223.exe
[2025-05-26 16:52:45.608] Malware execution started
[2025-05-26 16:52:45.608] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:53:45.617] Taking screenshot
[2025-05-26 16:53:45.680] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:55:05.072] Powering off VM done
[2025-05-26 16:55:08.072] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:55:09.402] Restoring snapshot 35 done
[2025-05-26 16:55:09.403] Kernel telemetry analysis completed in 160.7 seconds.

[2025-05-26 16:55:09.403] ✅ Analysis completed successfully!
[2025-05-26 16:55:09.403] Progress: 7.7% (109/1408)
[2025-05-26 16:55:09.403] Successful: 109, Failed: 0
[2025-05-26 16:55:09.403] Time remaining: 56.7h
[2025-05-26 16:55:09.403] Waiting 5 seconds before next sample...
[2025-05-26 16:55:14.403] SAMPLE 110/1408
[2025-05-26 16:55:14.403] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 16:55:14.403] File: 18e299d4331ccff805275b21f33be0a3bd3d1d9ce72a79ba78d2f32dd657bfbb.exe
[2025-05-26 16:55:14.403] Path: D:\new\ransomware_high_confidence\babuk\18e299d4331ccff805275b21f33be0a3bd3d1d9ce72a79ba78d2f32dd657bfbb.exe
[2025-05-26 16:55:14.403] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\18e299d4331ccff805275b21f33be0a3bd3d1d9ce72a79ba78d2f32dd657bfbb.exe
[2025-05-26 16:55:14.403] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:55:17.471] Restoring snapshot 35 done
[2025-05-26 16:55:17.472] Starting up VM
[2025-05-26 16:55:23.904] Starting up VM done
[2025-05-26 16:55:23.904] Installing kernel driver
[2025-05-26 16:55:23.904] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:55:27.700] Kernel driver installation completed
[2025-05-26 16:55:27.700] Starting GP driver service
[2025-05-26 16:55:27.700] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:55:30.850] GP driver service started
[2025-05-26 16:55:30.850] Executing malware sample: D:\new\ransomware_high_confidence\babuk\18e299d4331ccff805275b21f33be0a3bd3d1d9ce72a79ba78d2f32dd657bfbb.exe
[2025-05-26 16:55:30.851] Malware execution started
[2025-05-26 16:55:30.851] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:56:30.859] Taking screenshot
[2025-05-26 16:56:30.920] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:57:08.694] Powering off VM done
[2025-05-26 16:57:11.694] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:57:13.450] Restoring snapshot 35 done
[2025-05-26 16:57:13.450] Kernel telemetry analysis completed in 119.0 seconds.

[2025-05-26 16:57:13.450] ✅ Analysis completed successfully!
[2025-05-26 16:57:13.450] Progress: 7.8% (110/1408)
[2025-05-26 16:57:13.450] Successful: 110, Failed: 0
[2025-05-26 16:57:13.450] Time remaining: 56.6h
[2025-05-26 16:57:13.450] Waiting 5 seconds before next sample...
[2025-05-26 16:57:18.450] SAMPLE 111/1408
[2025-05-26 16:57:18.450] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 16:57:18.450] File: 1b9412ca5e9deb29aeaa37be05ae8d0a8a636c12fdff8c17032aa017f6075c02.exe
[2025-05-26 16:57:18.450] Path: D:\new\ransomware_high_confidence\babuk\1b9412ca5e9deb29aeaa37be05ae8d0a8a636c12fdff8c17032aa017f6075c02.exe
[2025-05-26 16:57:18.451] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\1b9412ca5e9deb29aeaa37be05ae8d0a8a636c12fdff8c17032aa017f6075c02.exe
[2025-05-26 16:57:18.451] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:57:20.269] Restoring snapshot 35 done
[2025-05-26 16:57:20.269] Starting up VM
[2025-05-26 16:57:26.375] Starting up VM done
[2025-05-26 16:57:26.375] Installing kernel driver
[2025-05-26 16:57:26.375] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:57:30.650] Kernel driver installation completed
[2025-05-26 16:57:30.650] Starting GP driver service
[2025-05-26 16:57:30.650] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:57:33.799] GP driver service started
[2025-05-26 16:57:33.799] Executing malware sample: D:\new\ransomware_high_confidence\babuk\1b9412ca5e9deb29aeaa37be05ae8d0a8a636c12fdff8c17032aa017f6075c02.exe
[2025-05-26 16:57:33.799] Malware execution started
[2025-05-26 16:57:33.799] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 16:58:33.807] Taking screenshot
[2025-05-26 16:58:33.870] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:59:00.010] Powering off VM done
[2025-05-26 16:59:03.010] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:59:04.268] Restoring snapshot 35 done
[2025-05-26 16:59:04.268] Kernel telemetry analysis completed in 105.8 seconds.

[2025-05-26 16:59:04.268] ✅ Analysis completed successfully!
[2025-05-26 16:59:04.268] Progress: 7.9% (111/1408)
[2025-05-26 16:59:04.268] Successful: 111, Failed: 0
[2025-05-26 16:59:04.268] Time remaining: 56.4h
[2025-05-26 16:59:04.268] Waiting 5 seconds before next sample...
[2025-05-26 16:59:09.269] SAMPLE 112/1408
[2025-05-26 16:59:09.269] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 16:59:09.269] File: 1deb1efad2c469198aabbb618285e2229052273cf654ee5925c2540ded224402.exe
[2025-05-26 16:59:09.269] Path: D:\new\ransomware_high_confidence\babuk\1deb1efad2c469198aabbb618285e2229052273cf654ee5925c2540ded224402.exe
[2025-05-26 16:59:09.269] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\1deb1efad2c469198aabbb618285e2229052273cf654ee5925c2540ded224402.exe
[2025-05-26 16:59:09.269] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 16:59:10.703] Restoring snapshot 35 done
[2025-05-26 16:59:10.703] Starting up VM
[2025-05-26 16:59:16.683] Starting up VM done
[2025-05-26 16:59:16.683] Installing kernel driver
[2025-05-26 16:59:16.683] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 16:59:20.940] Kernel driver installation completed
[2025-05-26 16:59:20.940] Starting GP driver service
[2025-05-26 16:59:20.940] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 16:59:24.104] GP driver service started
[2025-05-26 16:59:24.104] Executing malware sample: D:\new\ransomware_high_confidence\babuk\1deb1efad2c469198aabbb618285e2229052273cf654ee5925c2540ded224402.exe
[2025-05-26 16:59:24.104] Malware execution started
[2025-05-26 16:59:24.104] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:00:24.113] Taking screenshot
[2025-05-26 17:00:24.175] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:01:38.546] Powering off VM done
[2025-05-26 17:01:41.546] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:01:42.968] Restoring snapshot 35 done
[2025-05-26 17:01:42.968] Kernel telemetry analysis completed in 153.7 seconds.

[2025-05-26 17:01:42.968] ✅ Analysis completed successfully!
[2025-05-26 17:01:42.968] Progress: 8.0% (112/1408)
[2025-05-26 17:01:42.968] Successful: 112, Failed: 0
[2025-05-26 17:01:42.968] Time remaining: 56.4h
[2025-05-26 17:01:42.968] Waiting 5 seconds before next sample...
[2025-05-26 17:01:47.968] SAMPLE 113/1408
[2025-05-26 17:01:47.968] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:01:47.968] File: 1e24560100d010c27cc19c59f9fe1531e4286ecb21fe53763165f30c5f58dc90.exe
[2025-05-26 17:01:47.968] Path: D:\new\ransomware_high_confidence\babuk\1e24560100d010c27cc19c59f9fe1531e4286ecb21fe53763165f30c5f58dc90.exe
[2025-05-26 17:01:47.968] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\1e24560100d010c27cc19c59f9fe1531e4286ecb21fe53763165f30c5f58dc90.exe
[2025-05-26 17:01:47.968] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:01:49.868] Restoring snapshot 35 done
[2025-05-26 17:01:49.868] Starting up VM
[2025-05-26 17:01:56.549] Starting up VM done
[2025-05-26 17:01:56.549] Installing kernel driver
[2025-05-26 17:01:56.549] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:02:00.876] Kernel driver installation completed
[2025-05-26 17:02:00.876] Starting GP driver service
[2025-05-26 17:02:00.876] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:02:04.034] GP driver service started
[2025-05-26 17:02:04.034] Executing malware sample: D:\new\ransomware_high_confidence\babuk\1e24560100d010c27cc19c59f9fe1531e4286ecb21fe53763165f30c5f58dc90.exe
[2025-05-26 17:02:04.034] Malware execution started
[2025-05-26 17:02:04.034] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:03:04.043] Taking screenshot
[2025-05-26 17:03:04.106] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:03:59.403] Powering off VM done
[2025-05-26 17:04:02.403] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:04:04.116] Restoring snapshot 35 done
[2025-05-26 17:04:04.116] Kernel telemetry analysis completed in 136.1 seconds.

[2025-05-26 17:04:04.116] ✅ Analysis completed successfully!
[2025-05-26 17:04:04.116] Progress: 8.0% (113/1408)
[2025-05-26 17:04:04.116] Successful: 113, Failed: 0
[2025-05-26 17:04:04.116] Time remaining: 56.3h
[2025-05-26 17:04:04.116] Waiting 5 seconds before next sample...
[2025-05-26 17:04:09.116] SAMPLE 114/1408
[2025-05-26 17:04:09.116] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:04:09.116] File: 1f2edda243404918b78aa6123aa1fc5b18dd9506e4042c7a1547b565334527e1.exe
[2025-05-26 17:04:09.116] Path: D:\new\ransomware_high_confidence\babuk\1f2edda243404918b78aa6123aa1fc5b18dd9506e4042c7a1547b565334527e1.exe
[2025-05-26 17:04:09.116] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\1f2edda243404918b78aa6123aa1fc5b18dd9506e4042c7a1547b565334527e1.exe
[2025-05-26 17:04:09.116] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:04:10.982] Restoring snapshot 35 done
[2025-05-26 17:04:10.982] Starting up VM
[2025-05-26 17:04:17.458] Starting up VM done
[2025-05-26 17:04:17.458] Installing kernel driver
[2025-05-26 17:04:17.458] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:04:21.953] Kernel driver installation completed
[2025-05-26 17:04:21.953] Starting GP driver service
[2025-05-26 17:04:21.953] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:04:25.103] GP driver service started
[2025-05-26 17:04:25.103] Executing malware sample: D:\new\ransomware_high_confidence\babuk\1f2edda243404918b78aa6123aa1fc5b18dd9506e4042c7a1547b565334527e1.exe
[2025-05-26 17:04:25.103] Malware execution started
[2025-05-26 17:04:25.103] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:05:25.112] Taking screenshot
[2025-05-26 17:05:25.175] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:06:52.963] Powering off VM done
[2025-05-26 17:06:55.963] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:06:57.485] Restoring snapshot 35 done
[2025-05-26 17:06:57.485] Kernel telemetry analysis completed in 168.4 seconds.

[2025-05-26 17:06:57.485] ✅ Analysis completed successfully!
[2025-05-26 17:06:57.485] Progress: 8.1% (114/1408)
[2025-05-26 17:06:57.485] Successful: 114, Failed: 0
[2025-05-26 17:06:57.485] Time remaining: 56.3h
[2025-05-26 17:06:57.485] Waiting 5 seconds before next sample...
[2025-05-26 17:07:02.485] SAMPLE 115/1408
[2025-05-26 17:07:02.485] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:07:02.485] File: 2138c8a34a1eff40ba3fc81b6e3b7564c6b695b140e82f3fcf23b2ec2bf291cf.exe
[2025-05-26 17:07:02.485] Path: D:\new\ransomware_high_confidence\babuk\2138c8a34a1eff40ba3fc81b6e3b7564c6b695b140e82f3fcf23b2ec2bf291cf.exe
[2025-05-26 17:07:02.485] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\2138c8a34a1eff40ba3fc81b6e3b7564c6b695b140e82f3fcf23b2ec2bf291cf.exe
[2025-05-26 17:07:02.485] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:07:04.361] Restoring snapshot 35 done
[2025-05-26 17:07:04.362] Starting up VM
[2025-05-26 17:07:10.977] Starting up VM done
[2025-05-26 17:07:10.977] Installing kernel driver
[2025-05-26 17:07:10.977] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:07:15.450] Kernel driver installation completed
[2025-05-26 17:07:15.450] Starting GP driver service
[2025-05-26 17:07:15.450] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:07:18.605] GP driver service started
[2025-05-26 17:07:18.606] Executing malware sample: D:\new\ransomware_high_confidence\babuk\2138c8a34a1eff40ba3fc81b6e3b7564c6b695b140e82f3fcf23b2ec2bf291cf.exe
[2025-05-26 17:07:18.606] Malware execution started
[2025-05-26 17:07:18.606] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:08:18.614] Taking screenshot
[2025-05-26 17:08:18.676] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:09:16.847] Powering off VM done
[2025-05-26 17:09:19.848] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:09:21.214] Restoring snapshot 35 done
[2025-05-26 17:09:21.214] Kernel telemetry analysis completed in 138.7 seconds.

[2025-05-26 17:09:21.214] ✅ Analysis completed successfully!
[2025-05-26 17:09:21.214] Progress: 8.2% (115/1408)
[2025-05-26 17:09:21.214] Successful: 115, Failed: 0
[2025-05-26 17:09:21.214] Time remaining: 56.2h
[2025-05-26 17:09:21.214] Waiting 5 seconds before next sample...
[2025-05-26 17:09:26.214] SAMPLE 116/1408
[2025-05-26 17:09:26.214] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:09:26.214] File: 245e191bfe998ad9ef2d6b169af22f3c290e9950234f8ddd0f4a03cb3eebf761.exe
[2025-05-26 17:09:26.214] Path: D:\new\ransomware_high_confidence\babuk\245e191bfe998ad9ef2d6b169af22f3c290e9950234f8ddd0f4a03cb3eebf761.exe
[2025-05-26 17:09:26.214] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\245e191bfe998ad9ef2d6b169af22f3c290e9950234f8ddd0f4a03cb3eebf761.exe
[2025-05-26 17:09:26.215] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:09:27.982] Restoring snapshot 35 done
[2025-05-26 17:09:27.982] Starting up VM
[2025-05-26 17:09:34.403] Starting up VM done
[2025-05-26 17:09:34.403] Installing kernel driver
[2025-05-26 17:09:34.403] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:09:37.907] Kernel driver installation completed
[2025-05-26 17:09:37.907] Starting GP driver service
[2025-05-26 17:09:37.907] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:09:41.059] GP driver service started
[2025-05-26 17:09:41.060] Executing malware sample: D:\new\ransomware_high_confidence\babuk\245e191bfe998ad9ef2d6b169af22f3c290e9950234f8ddd0f4a03cb3eebf761.exe
[2025-05-26 17:09:41.060] Malware execution started
[2025-05-26 17:09:41.060] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:10:41.068] Taking screenshot
[2025-05-26 17:10:41.131] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:12:10.670] Powering off VM done
[2025-05-26 17:12:13.670] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:12:14.698] Restoring snapshot 35 done
[2025-05-26 17:12:14.698] Kernel telemetry analysis completed in 168.5 seconds.

[2025-05-26 17:12:14.698] ✅ Analysis completed successfully!
[2025-05-26 17:12:14.698] Progress: 8.2% (116/1408)
[2025-05-26 17:12:14.698] Successful: 116, Failed: 0
[2025-05-26 17:12:14.698] Time remaining: 56.2h
[2025-05-26 17:12:14.698] Waiting 5 seconds before next sample...
[2025-05-26 17:12:19.698] SAMPLE 117/1408
[2025-05-26 17:12:19.698] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:12:19.698] File: 30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe
[2025-05-26 17:12:19.698] Path: D:\new\ransomware_high_confidence\babuk\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe
[2025-05-26 17:12:19.698] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe
[2025-05-26 17:12:19.698] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:12:21.312] Restoring snapshot 35 done
[2025-05-26 17:12:21.312] Starting up VM
[2025-05-26 17:12:27.326] Starting up VM done
[2025-05-26 17:12:27.326] Installing kernel driver
[2025-05-26 17:12:27.326] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:12:31.649] Kernel driver installation completed
[2025-05-26 17:12:31.649] Starting GP driver service
[2025-05-26 17:12:31.649] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:12:34.808] GP driver service started
[2025-05-26 17:12:34.808] Executing malware sample: D:\new\ransomware_high_confidence\babuk\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe
[2025-05-26 17:12:34.808] Malware execution started
[2025-05-26 17:12:34.808] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:13:34.816] Taking screenshot
[2025-05-26 17:13:34.879] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:14:00.558] Powering off VM done
[2025-05-26 17:14:03.558] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:14:04.617] Restoring snapshot 35 done
[2025-05-26 17:14:04.617] Kernel telemetry analysis completed in 104.9 seconds.

[2025-05-26 17:14:04.617] ✅ Analysis completed successfully!
[2025-05-26 17:14:04.617] Progress: 8.3% (117/1408)
[2025-05-26 17:14:04.617] Successful: 117, Failed: 0
[2025-05-26 17:14:04.617] Time remaining: 56.0h
[2025-05-26 17:14:04.617] Waiting 5 seconds before next sample...
[2025-05-26 17:14:09.617] SAMPLE 118/1408
[2025-05-26 17:14:09.617] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:14:09.617] File: 36e4a3de5c4395d295bdf1d70a215d9669b626c58083ec2d8ab29513830faaa6.exe
[2025-05-26 17:14:09.617] Path: D:\new\ransomware_high_confidence\babuk\36e4a3de5c4395d295bdf1d70a215d9669b626c58083ec2d8ab29513830faaa6.exe
[2025-05-26 17:14:09.618] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\36e4a3de5c4395d295bdf1d70a215d9669b626c58083ec2d8ab29513830faaa6.exe
[2025-05-26 17:14:09.618] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:14:11.432] Restoring snapshot 35 done
[2025-05-26 17:14:11.432] Starting up VM
[2025-05-26 17:14:17.290] Starting up VM done
[2025-05-26 17:14:17.290] Installing kernel driver
[2025-05-26 17:14:17.290] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:14:21.044] Kernel driver installation completed
[2025-05-26 17:14:21.044] Starting GP driver service
[2025-05-26 17:14:21.044] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:14:24.193] GP driver service started
[2025-05-26 17:14:24.193] Executing malware sample: D:\new\ransomware_high_confidence\babuk\36e4a3de5c4395d295bdf1d70a215d9669b626c58083ec2d8ab29513830faaa6.exe
[2025-05-26 17:14:24.193] Malware execution started
[2025-05-26 17:14:24.193] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:15:24.201] Taking screenshot
[2025-05-26 17:15:24.263] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:16:16.181] Powering off VM done
[2025-05-26 17:16:19.181] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:16:20.308] Restoring snapshot 35 done
[2025-05-26 17:16:20.308] Kernel telemetry analysis completed in 130.7 seconds.

[2025-05-26 17:16:20.308] ✅ Analysis completed successfully!
[2025-05-26 17:16:20.308] Progress: 8.4% (118/1408)
[2025-05-26 17:16:20.308] Successful: 118, Failed: 0
[2025-05-26 17:16:20.308] Time remaining: 55.9h
[2025-05-26 17:16:20.308] Waiting 5 seconds before next sample...
[2025-05-26 17:16:25.308] SAMPLE 119/1408
[2025-05-26 17:16:25.308] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:16:25.308] File: 54c82ad27174fd6ed72793b1ccf9d26613eb572960e847a63538420c69d06c5b.exe
[2025-05-26 17:16:25.308] Path: D:\new\ransomware_high_confidence\babuk\54c82ad27174fd6ed72793b1ccf9d26613eb572960e847a63538420c69d06c5b.exe
[2025-05-26 17:16:25.309] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\54c82ad27174fd6ed72793b1ccf9d26613eb572960e847a63538420c69d06c5b.exe
[2025-05-26 17:16:25.309] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:16:26.859] Restoring snapshot 35 done
[2025-05-26 17:16:26.859] Starting up VM
[2025-05-26 17:16:33.262] Starting up VM done
[2025-05-26 17:16:33.262] Installing kernel driver
[2025-05-26 17:16:33.262] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:16:37.550] Kernel driver installation completed
[2025-05-26 17:16:37.550] Starting GP driver service
[2025-05-26 17:16:37.550] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:16:40.731] GP driver service started
[2025-05-26 17:16:40.731] Executing malware sample: D:\new\ransomware_high_confidence\babuk\54c82ad27174fd6ed72793b1ccf9d26613eb572960e847a63538420c69d06c5b.exe
[2025-05-26 17:16:40.732] Malware execution started
[2025-05-26 17:16:40.732] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:17:40.740] Taking screenshot
[2025-05-26 17:17:40.802] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:19:03.705] Powering off VM done
[2025-05-26 17:19:06.705] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:19:07.045] Restoring snapshot 35 done
[2025-05-26 17:19:07.045] Kernel telemetry analysis completed in 161.7 seconds.

[2025-05-26 17:19:07.045] ✅ Analysis completed successfully!
[2025-05-26 17:19:07.045] Progress: 8.5% (119/1408)
[2025-05-26 17:19:07.045] Successful: 119, Failed: 0
[2025-05-26 17:19:07.045] Time remaining: 55.9h
[2025-05-26 17:19:07.046] Waiting 5 seconds before next sample...
[2025-05-26 17:19:12.046] SAMPLE 120/1408
[2025-05-26 17:19:12.046] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:19:12.046] File: 575c7b60f3b1dfc3cdd42e868b88df19cef81a5577254a314dc7d1da0fd64cfb.exe
[2025-05-26 17:19:12.046] Path: D:\new\ransomware_high_confidence\babuk\575c7b60f3b1dfc3cdd42e868b88df19cef81a5577254a314dc7d1da0fd64cfb.exe
[2025-05-26 17:19:12.046] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\575c7b60f3b1dfc3cdd42e868b88df19cef81a5577254a314dc7d1da0fd64cfb.exe
[2025-05-26 17:19:12.046] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:19:13.609] Restoring snapshot 35 done
[2025-05-26 17:19:13.609] Starting up VM
[2025-05-26 17:19:19.966] Starting up VM done
[2025-05-26 17:19:19.967] Installing kernel driver
[2025-05-26 17:19:19.967] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:19:24.226] Kernel driver installation completed
[2025-05-26 17:19:24.227] Starting GP driver service
[2025-05-26 17:19:24.227] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:19:27.385] GP driver service started
[2025-05-26 17:19:27.385] Executing malware sample: D:\new\ransomware_high_confidence\babuk\575c7b60f3b1dfc3cdd42e868b88df19cef81a5577254a314dc7d1da0fd64cfb.exe
[2025-05-26 17:19:27.385] Malware execution started
[2025-05-26 17:19:27.385] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:20:27.393] Taking screenshot
[2025-05-26 17:20:27.456] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:21:32.320] Powering off VM done
[2025-05-26 17:21:35.321] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:21:37.046] Restoring snapshot 35 done
[2025-05-26 17:21:37.046] Kernel telemetry analysis completed in 145.0 seconds.

[2025-05-26 17:21:37.046] ✅ Analysis completed successfully!
[2025-05-26 17:21:37.046] Progress: 8.5% (120/1408)
[2025-05-26 17:21:37.046] Successful: 120, Failed: 0
[2025-05-26 17:21:37.046] Time remaining: 55.8h
[2025-05-26 17:21:37.046] Waiting 5 seconds before next sample...
[2025-05-26 17:21:42.047] SAMPLE 121/1408
[2025-05-26 17:21:42.047] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:21:42.047] File: 59ea8dda6806b4cbb1acd0bcf74be1e94b6a72da46e53de6ef9d611988163189.exe
[2025-05-26 17:21:42.047] Path: D:\new\ransomware_high_confidence\babuk\59ea8dda6806b4cbb1acd0bcf74be1e94b6a72da46e53de6ef9d611988163189.exe
[2025-05-26 17:21:42.047] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\59ea8dda6806b4cbb1acd0bcf74be1e94b6a72da46e53de6ef9d611988163189.exe
[2025-05-26 17:21:42.047] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:21:43.703] Restoring snapshot 35 done
[2025-05-26 17:21:43.703] Starting up VM
[2025-05-26 17:21:49.626] Starting up VM done
[2025-05-26 17:21:49.626] Installing kernel driver
[2025-05-26 17:21:49.626] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:21:54.508] Kernel driver installation completed
[2025-05-26 17:21:54.508] Starting GP driver service
[2025-05-26 17:21:54.508] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:21:57.664] GP driver service started
[2025-05-26 17:21:57.665] Executing malware sample: D:\new\ransomware_high_confidence\babuk\59ea8dda6806b4cbb1acd0bcf74be1e94b6a72da46e53de6ef9d611988163189.exe
[2025-05-26 17:21:57.665] Malware execution started
[2025-05-26 17:21:57.665] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:22:57.673] Taking screenshot
[2025-05-26 17:22:57.736] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:23:53.563] Powering off VM done
[2025-05-26 17:23:56.564] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:23:58.065] Restoring snapshot 35 done
[2025-05-26 17:23:58.065] Kernel telemetry analysis completed in 136.0 seconds.

[2025-05-26 17:23:58.065] ✅ Analysis completed successfully!
[2025-05-26 17:23:58.065] Progress: 8.6% (121/1408)
[2025-05-26 17:23:58.065] Successful: 121, Failed: 0
[2025-05-26 17:23:58.065] Time remaining: 55.8h
[2025-05-26 17:23:58.065] Waiting 5 seconds before next sample...
[2025-05-26 17:24:03.065] SAMPLE 122/1408
[2025-05-26 17:24:03.065] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:24:03.065] File: 6015d5535840e9ac9058c659f9ff661deb4838f2b93e74d2c0dcb126fae21322.exe
[2025-05-26 17:24:03.065] Path: D:\new\ransomware_high_confidence\babuk\6015d5535840e9ac9058c659f9ff661deb4838f2b93e74d2c0dcb126fae21322.exe
[2025-05-26 17:24:03.066] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\6015d5535840e9ac9058c659f9ff661deb4838f2b93e74d2c0dcb126fae21322.exe
[2025-05-26 17:24:03.066] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:24:04.776] Restoring snapshot 35 done
[2025-05-26 17:24:04.776] Starting up VM
[2025-05-26 17:24:11.514] Starting up VM done
[2025-05-26 17:24:11.514] Installing kernel driver
[2025-05-26 17:24:11.514] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:24:16.333] Kernel driver installation completed
[2025-05-26 17:24:16.333] Starting GP driver service
[2025-05-26 17:24:16.333] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:24:19.489] GP driver service started
[2025-05-26 17:24:19.489] Executing malware sample: D:\new\ransomware_high_confidence\babuk\6015d5535840e9ac9058c659f9ff661deb4838f2b93e74d2c0dcb126fae21322.exe
[2025-05-26 17:24:19.490] Malware execution started
[2025-05-26 17:24:19.490] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:25:19.498] Taking screenshot
[2025-05-26 17:25:19.562] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:26:21.034] Powering off VM done
[2025-05-26 17:26:24.034] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:26:24.903] Restoring snapshot 35 done
[2025-05-26 17:26:24.903] Kernel telemetry analysis completed in 141.8 seconds.

[2025-05-26 17:26:24.903] ✅ Analysis completed successfully!
[2025-05-26 17:26:24.903] Progress: 8.7% (122/1408)
[2025-05-26 17:26:24.903] Successful: 122, Failed: 0
[2025-05-26 17:26:24.903] Time remaining: 55.7h
[2025-05-26 17:26:24.903] Waiting 5 seconds before next sample...
[2025-05-26 17:26:29.904] SAMPLE 123/1408
[2025-05-26 17:26:29.904] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:26:29.904] File: 6103e26f6f9d5fd895d9c06e1f5e141ce74d8ebda999cda6a58a4393de5ed094.exe
[2025-05-26 17:26:29.904] Path: D:\new\ransomware_high_confidence\babuk\6103e26f6f9d5fd895d9c06e1f5e141ce74d8ebda999cda6a58a4393de5ed094.exe
[2025-05-26 17:26:29.904] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\6103e26f6f9d5fd895d9c06e1f5e141ce74d8ebda999cda6a58a4393de5ed094.exe
[2025-05-26 17:26:29.904] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:26:31.242] Restoring snapshot 35 done
[2025-05-26 17:26:31.242] Starting up VM
[2025-05-26 17:26:37.891] Starting up VM done
[2025-05-26 17:26:37.891] Installing kernel driver
[2025-05-26 17:26:37.891] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:26:42.244] Kernel driver installation completed
[2025-05-26 17:26:42.244] Starting GP driver service
[2025-05-26 17:26:42.244] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:26:45.405] GP driver service started
[2025-05-26 17:26:45.405] Executing malware sample: D:\new\ransomware_high_confidence\babuk\6103e26f6f9d5fd895d9c06e1f5e141ce74d8ebda999cda6a58a4393de5ed094.exe
[2025-05-26 17:26:45.405] Malware execution started
[2025-05-26 17:26:45.405] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:27:45.413] Taking screenshot
[2025-05-26 17:27:45.477] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:28:24.031] Powering off VM done
[2025-05-26 17:28:27.031] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:28:28.715] Restoring snapshot 35 done
[2025-05-26 17:28:28.715] Kernel telemetry analysis completed in 118.8 seconds.

[2025-05-26 17:28:28.716] ✅ Analysis completed successfully!
[2025-05-26 17:28:28.716] Progress: 8.7% (123/1408)
[2025-05-26 17:28:28.716] Successful: 123, Failed: 0
[2025-05-26 17:28:28.716] Time remaining: 55.5h
[2025-05-26 17:28:28.716] Waiting 5 seconds before next sample...
[2025-05-26 17:28:33.716] SAMPLE 124/1408
[2025-05-26 17:28:33.716] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:28:33.716] File: 678bfbf5d73d6cf38532e11b11dbed17668d94711e2e2ea27311dd46490201b7.exe
[2025-05-26 17:28:33.716] Path: D:\new\ransomware_high_confidence\babuk\678bfbf5d73d6cf38532e11b11dbed17668d94711e2e2ea27311dd46490201b7.exe
[2025-05-26 17:28:33.716] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\678bfbf5d73d6cf38532e11b11dbed17668d94711e2e2ea27311dd46490201b7.exe
[2025-05-26 17:28:33.716] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:28:34.141] Restoring snapshot 35 done
[2025-05-26 17:28:34.142] Starting up VM
[2025-05-26 17:28:40.392] Starting up VM done
[2025-05-26 17:28:40.392] Installing kernel driver
[2025-05-26 17:28:40.392] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:28:44.134] Kernel driver installation completed
[2025-05-26 17:28:44.134] Starting GP driver service
[2025-05-26 17:28:44.134] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:28:53.027] GP driver service started
[2025-05-26 17:28:53.027] Executing malware sample: D:\new\ransomware_high_confidence\babuk\678bfbf5d73d6cf38532e11b11dbed17668d94711e2e2ea27311dd46490201b7.exe
[2025-05-26 17:28:53.028] Malware execution started
[2025-05-26 17:28:53.028] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:29:53.037] Taking screenshot
[2025-05-26 17:29:53.100] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:30:33.614] Powering off VM done
[2025-05-26 17:30:36.615] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:30:37.841] Restoring snapshot 35 done
[2025-05-26 17:30:37.841] Kernel telemetry analysis completed in 124.1 seconds.

[2025-05-26 17:30:37.841] ✅ Analysis completed successfully!
[2025-05-26 17:30:37.841] Progress: 8.8% (124/1408)
[2025-05-26 17:30:37.841] Successful: 124, Failed: 0
[2025-05-26 17:30:37.841] Time remaining: 55.4h
[2025-05-26 17:30:37.841] Waiting 5 seconds before next sample...
[2025-05-26 17:30:42.842] SAMPLE 125/1408
[2025-05-26 17:30:42.842] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:30:42.842] File: 6d4ced2e85587e81d6a09b147ec7cccc054bc0fbb92afc39586de1b2bf57f812.exe
[2025-05-26 17:30:42.842] Path: D:\new\ransomware_high_confidence\babuk\6d4ced2e85587e81d6a09b147ec7cccc054bc0fbb92afc39586de1b2bf57f812.exe
[2025-05-26 17:30:42.842] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\6d4ced2e85587e81d6a09b147ec7cccc054bc0fbb92afc39586de1b2bf57f812.exe
[2025-05-26 17:30:42.842] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:30:44.749] Restoring snapshot 35 done
[2025-05-26 17:30:44.749] Starting up VM
[2025-05-26 17:30:50.760] Starting up VM done
[2025-05-26 17:30:50.760] Installing kernel driver
[2025-05-26 17:30:50.760] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:30:54.568] Kernel driver installation completed
[2025-05-26 17:30:54.568] Starting GP driver service
[2025-05-26 17:30:54.568] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:30:57.725] GP driver service started
[2025-05-26 17:30:57.726] Executing malware sample: D:\new\ransomware_high_confidence\babuk\6d4ced2e85587e81d6a09b147ec7cccc054bc0fbb92afc39586de1b2bf57f812.exe
[2025-05-26 17:30:57.726] Malware execution started
[2025-05-26 17:30:57.726] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:31:57.735] Taking screenshot
[2025-05-26 17:31:57.797] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:32:58.319] Powering off VM done
[2025-05-26 17:33:01.320] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:33:02.343] Restoring snapshot 35 done
[2025-05-26 17:33:02.343] Kernel telemetry analysis completed in 139.5 seconds.

[2025-05-26 17:33:02.343] ✅ Analysis completed successfully!
[2025-05-26 17:33:02.343] Progress: 8.9% (125/1408)
[2025-05-26 17:33:02.343] Successful: 125, Failed: 0
[2025-05-26 17:33:02.343] Time remaining: 55.4h
[2025-05-26 17:33:02.343] Waiting 5 seconds before next sample...
[2025-05-26 17:33:07.343] SAMPLE 126/1408
[2025-05-26 17:33:07.343] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:33:07.344] File: 71936bc3ee40c7ea678889d2ad5fa7eb39401752cd58988ce462f9d4048578ac.exe
[2025-05-26 17:33:07.344] Path: D:\new\ransomware_high_confidence\babuk\71936bc3ee40c7ea678889d2ad5fa7eb39401752cd58988ce462f9d4048578ac.exe
[2025-05-26 17:33:07.344] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\71936bc3ee40c7ea678889d2ad5fa7eb39401752cd58988ce462f9d4048578ac.exe
[2025-05-26 17:33:07.344] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:33:08.884] Restoring snapshot 35 done
[2025-05-26 17:33:08.884] Starting up VM
[2025-05-26 17:33:16.064] Starting up VM done
[2025-05-26 17:33:16.064] Installing kernel driver
[2025-05-26 17:33:16.064] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:33:20.533] Kernel driver installation completed
[2025-05-26 17:33:20.534] Starting GP driver service
[2025-05-26 17:33:20.534] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:33:23.692] GP driver service started
[2025-05-26 17:33:23.692] Executing malware sample: D:\new\ransomware_high_confidence\babuk\71936bc3ee40c7ea678889d2ad5fa7eb39401752cd58988ce462f9d4048578ac.exe
[2025-05-26 17:33:23.693] Malware execution started
[2025-05-26 17:33:23.693] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:34:23.700] Taking screenshot
[2025-05-26 17:34:23.763] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:34:42.070] Powering off VM done
[2025-05-26 17:34:45.070] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:34:46.744] Restoring snapshot 35 done
[2025-05-26 17:34:46.744] Kernel telemetry analysis completed in 99.4 seconds.

[2025-05-26 17:34:46.744] ✅ Analysis completed successfully!
[2025-05-26 17:34:46.744] Progress: 8.9% (126/1408)
[2025-05-26 17:34:46.744] Successful: 126, Failed: 0
[2025-05-26 17:34:46.744] Time remaining: 55.2h
[2025-05-26 17:34:46.744] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-26 17:34:51.744] SAMPLE 127/1408
[2025-05-26 17:34:51.744] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:34:51.744] File: 77c7839c7e8d4aaf52e33a2f29db8459381b5cc3b2700072305a8bae5e0762a9.exe
[2025-05-26 17:34:51.744] Path: D:\new\ransomware_high_confidence\babuk\77c7839c7e8d4aaf52e33a2f29db8459381b5cc3b2700072305a8bae5e0762a9.exe
[2025-05-26 17:34:51.745] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\77c7839c7e8d4aaf52e33a2f29db8459381b5cc3b2700072305a8bae5e0762a9.exe
[2025-05-26 17:34:51.745] Malware execution time: 60 seconds
[2025-05-26 17:34:51.745] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:34:53.464] Restoring snapshot 35 done
[2025-05-26 17:34:53.464] Starting up VM
[2025-05-26 17:34:59.461] Starting up VM done
[2025-05-26 17:34:59.461] Installing kernel driver
[2025-05-26 17:34:59.461] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:35:03.113] Kernel driver installation completed
[2025-05-26 17:35:03.114] Starting GP driver service
[2025-05-26 17:35:03.114] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:35:06.269] GP driver service started
[2025-05-26 17:35:06.269] Executing malware sample: D:\new\ransomware_high_confidence\babuk\77c7839c7e8d4aaf52e33a2f29db8459381b5cc3b2700072305a8bae5e0762a9.exe
[2025-05-26 17:35:06.270] Malware execution started
[2025-05-26 17:35:06.270] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:36:06.278] Taking screenshot
[2025-05-26 17:36:06.340] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:36:57.547] Powering off VM done
[2025-05-26 17:37:00.548] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:37:02.075] Restoring snapshot 35 done
[2025-05-26 17:37:02.075] Kernel telemetry analysis completed in 130.3 seconds.

[2025-05-26 17:37:02.075] ✅ Analysis completed successfully!
[2025-05-26 17:37:02.075] Progress: 9.0% (127/1408)
[2025-05-26 17:37:02.075] Successful: 127, Failed: 0
[2025-05-26 17:37:02.075] Time remaining: 55.1h
[2025-05-26 17:37:02.075] Waiting 5 seconds before next sample...
[2025-05-26 17:37:07.076] SAMPLE 128/1408
[2025-05-26 17:37:07.076] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:37:07.076] File: 8203c2f00ecd3ae960cb3247a7d7bfb35e55c38939607c85dbdb5c92f0495fa9.exe
[2025-05-26 17:37:07.076] Path: D:\new\ransomware_high_confidence\babuk\8203c2f00ecd3ae960cb3247a7d7bfb35e55c38939607c85dbdb5c92f0495fa9.exe
[2025-05-26 17:37:07.076] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\8203c2f00ecd3ae960cb3247a7d7bfb35e55c38939607c85dbdb5c92f0495fa9.exe
[2025-05-26 17:37:07.076] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:37:08.618] Restoring snapshot 35 done
[2025-05-26 17:37:08.618] Starting up VM
[2025-05-26 17:37:14.482] Starting up VM done
[2025-05-26 17:37:14.482] Installing kernel driver
[2025-05-26 17:37:14.482] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:37:18.252] Kernel driver installation completed
[2025-05-26 17:37:18.252] Starting GP driver service
[2025-05-26 17:37:18.252] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:37:21.406] GP driver service started
[2025-05-26 17:37:21.406] Executing malware sample: D:\new\ransomware_high_confidence\babuk\8203c2f00ecd3ae960cb3247a7d7bfb35e55c38939607c85dbdb5c92f0495fa9.exe
[2025-05-26 17:37:21.406] Malware execution started
[2025-05-26 17:37:21.406] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:38:21.414] Taking screenshot
[2025-05-26 17:38:21.477] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:38:41.483] Powering off VM done
[2025-05-26 17:38:44.484] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:38:45.812] Restoring snapshot 35 done
[2025-05-26 17:38:45.812] Kernel telemetry analysis completed in 98.7 seconds.

[2025-05-26 17:38:45.812] ✅ Analysis completed successfully!
[2025-05-26 17:38:45.812] Progress: 9.1% (128/1408)
[2025-05-26 17:38:45.812] Successful: 128, Failed: 0
[2025-05-26 17:38:45.812] Time remaining: 54.9h
[2025-05-26 17:38:45.812] Waiting 5 seconds before next sample...
[2025-05-26 17:38:50.812] SAMPLE 129/1408
[2025-05-26 17:38:50.812] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:38:50.812] File: 8ddf4529b943cf80e40938922f88432c413feb9feee60e91505afd6897b72a80.exe
[2025-05-26 17:38:50.812] Path: D:\new\ransomware_high_confidence\babuk\8ddf4529b943cf80e40938922f88432c413feb9feee60e91505afd6897b72a80.exe
[2025-05-26 17:38:50.812] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\8ddf4529b943cf80e40938922f88432c413feb9feee60e91505afd6897b72a80.exe
[2025-05-26 17:38:50.812] Malware execution time: 60 se

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:38:52.687] Restoring snapshot 35 done
[2025-05-26 17:38:52.687] Starting up VM
[2025-05-26 17:38:58.668] Starting up VM done
[2025-05-26 17:38:58.668] Installing kernel driver
[2025-05-26 17:38:58.668] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:39:02.366] Kernel driver installation completed
[2025-05-26 17:39:02.366] Starting GP driver service
[2025-05-26 17:39:02.366] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:39:05.518] GP driver service started
[2025-05-26 17:39:05.519] Executing malware sample: D:\new\ransomware_high_confidence\babuk\8ddf4529b943cf80e40938922f88432c413feb9feee60e91505afd6897b72a80.exe
[2025-05-26 17:39:05.519] Malware execution started
[2025-05-26 17:39:05.519] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:40:05.527] Taking screenshot
[2025-05-26 17:40:05.592] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:40:25.008] Powering off VM done
[2025-05-26 17:40:28.009] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:40:29.547] Restoring snapshot 35 done
[2025-05-26 17:40:29.547] Kernel telemetry analysis completed in 98.7 seconds.

[2025-05-26 17:40:29.547] ✅ Analysis completed successfully!
[2025-05-26 17:40:29.547] Progress: 9.2% (129/1408)
[2025-05-26 17:40:29.547] Successful: 129, Failed: 0
[2025-05-26 17:40:29.547] Time remaining: 54.7h
[2025-05-26 17:40:29.547] Waiting 5 seconds before next sample...
[2025-05-26 17:40:34.547] SAMPLE 130/1408
[2025-05-26 17:40:34.547] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:40:34.547] File: 9a089790e04683ebf37d9746e0284322f59c46eef2a86cc231839482f323e871.exe
[2025-05-26 17:40:34.547] Path: D:\new\ransomware_high_confidence\babuk\9a089790e04683ebf37d9746e0284322f59c46eef2a86cc231839482f323e871.exe
[2025-05-26 17:40:34.548] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\9a089790e04683ebf37d9746e0284322f59c46eef2a86cc231839482f323e871.exe
[2025-05-26 17:40:34.548] Malware execution time: 60 se

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:40:36.507] Restoring snapshot 35 done
[2025-05-26 17:40:36.507] Starting up VM
[2025-05-26 17:40:42.836] Starting up VM done
[2025-05-26 17:40:42.836] Installing kernel driver
[2025-05-26 17:40:42.836] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:40:46.564] Kernel driver installation completed
[2025-05-26 17:40:46.564] Starting GP driver service
[2025-05-26 17:40:46.564] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:40:49.718] GP driver service started
[2025-05-26 17:40:49.718] Executing malware sample: D:\new\ransomware_high_confidence\babuk\9a089790e04683ebf37d9746e0284322f59c46eef2a86cc231839482f323e871.exe
[2025-05-26 17:40:49.719] Malware execution started
[2025-05-26 17:40:49.719] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:41:49.727] Taking screenshot
[2025-05-26 17:41:49.790] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:42:20.086] Powering off VM done
[2025-05-26 17:42:23.086] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:42:24.112] Restoring snapshot 35 done
[2025-05-26 17:42:24.112] Kernel telemetry analysis completed in 109.6 seconds.

[2025-05-26 17:42:24.112] ✅ Analysis completed successfully!
[2025-05-26 17:42:24.112] Progress: 9.2% (130/1408)
[2025-05-26 17:42:24.112] Successful: 130, Failed: 0
[2025-05-26 17:42:24.112] Time remaining: 54.6h
[2025-05-26 17:42:24.112] Waiting 5 seconds before next sample...
[2025-05-26 17:42:29.112] SAMPLE 131/1408
[2025-05-26 17:42:29.112] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:42:29.113] File: 9caa8e8a98ef7841c1b230c22f78b5c10aa9348a2bfd0dfe2670853b6d0ba92c.exe
[2025-05-26 17:42:29.113] Path: D:\new\ransomware_high_confidence\babuk\9caa8e8a98ef7841c1b230c22f78b5c10aa9348a2bfd0dfe2670853b6d0ba92c.exe
[2025-05-26 17:42:29.113] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\9caa8e8a98ef7841c1b230c22f78b5c10aa9348a2bfd0dfe2670853b6d0ba92c.exe
[2025-05-26 17:42:29.113] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:42:30.659] Restoring snapshot 35 done
[2025-05-26 17:42:30.659] Starting up VM
[2025-05-26 17:42:37.275] Starting up VM done
[2025-05-26 17:42:37.275] Installing kernel driver
[2025-05-26 17:42:37.275] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:42:41.590] Kernel driver installation completed
[2025-05-26 17:42:41.590] Starting GP driver service
[2025-05-26 17:42:41.590] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:42:44.749] GP driver service started
[2025-05-26 17:42:44.749] Executing malware sample: D:\new\ransomware_high_confidence\babuk\9caa8e8a98ef7841c1b230c22f78b5c10aa9348a2bfd0dfe2670853b6d0ba92c.exe
[2025-05-26 17:42:44.749] Malware execution started
[2025-05-26 17:42:44.749] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:43:44.757] Taking screenshot
[2025-05-26 17:43:44.820] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:45:03.011] Powering off VM done
[2025-05-26 17:45:06.011] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:45:07.229] Restoring snapshot 35 done
[2025-05-26 17:45:07.229] Kernel telemetry analysis completed in 158.1 seconds.

[2025-05-26 17:45:07.230] ✅ Analysis completed successfully!
[2025-05-26 17:45:07.230] Progress: 9.3% (131/1408)
[2025-05-26 17:45:07.230] Successful: 131, Failed: 0
[2025-05-26 17:45:07.230] Time remaining: 54.5h
[2025-05-26 17:45:07.230] Waiting 5 seconds before next sample...
[2025-05-26 17:45:12.230] SAMPLE 132/1408
[2025-05-26 17:45:12.230] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:45:12.230] File: a2b5ebfc52a447cde255e1ec1ac8797ad49b156ed427df8c292d6aeb4dad5523.exe
[2025-05-26 17:45:12.230] Path: D:\new\ransomware_high_confidence\babuk\a2b5ebfc52a447cde255e1ec1ac8797ad49b156ed427df8c292d6aeb4dad5523.exe
[2025-05-26 17:45:12.230] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\a2b5ebfc52a447cde255e1ec1ac8797ad49b156ed427df8c292d6aeb4dad5523.exe
[2025-05-26 17:45:12.230] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:45:13.851] Restoring snapshot 35 done
[2025-05-26 17:45:13.851] Starting up VM
[2025-05-26 17:45:20.143] Starting up VM done
[2025-05-26 17:45:20.143] Installing kernel driver
[2025-05-26 17:45:20.143] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:45:24.492] Kernel driver installation completed
[2025-05-26 17:45:24.492] Starting GP driver service
[2025-05-26 17:45:24.492] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:45:27.642] GP driver service started
[2025-05-26 17:45:27.642] Executing malware sample: D:\new\ransomware_high_confidence\babuk\a2b5ebfc52a447cde255e1ec1ac8797ad49b156ed427df8c292d6aeb4dad5523.exe
[2025-05-26 17:45:27.643] Malware execution started
[2025-05-26 17:45:27.643] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:46:27.651] Taking screenshot
[2025-05-26 17:46:27.713] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:47:19.575] Powering off VM done
[2025-05-26 17:47:22.575] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:47:24.075] Restoring snapshot 35 done
[2025-05-26 17:47:24.075] Kernel telemetry analysis completed in 131.8 seconds.

[2025-05-26 17:47:24.075] ✅ Analysis completed successfully!
[2025-05-26 17:47:24.075] Progress: 9.4% (132/1408)
[2025-05-26 17:47:24.075] Successful: 132, Failed: 0
[2025-05-26 17:47:24.075] Time remaining: 54.4h
[2025-05-26 17:47:24.075] Waiting 5 seconds before next sample...
[2025-05-26 17:47:29.076] SAMPLE 133/1408
[2025-05-26 17:47:29.076] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:47:29.076] File: a52267dc795a51404cbf2a7e8e7875929783bcc62abd6b7cfd1921c938cf2756.exe
[2025-05-26 17:47:29.076] Path: D:\new\ransomware_high_confidence\babuk\a52267dc795a51404cbf2a7e8e7875929783bcc62abd6b7cfd1921c938cf2756.exe
[2025-05-26 17:47:29.076] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\a52267dc795a51404cbf2a7e8e7875929783bcc62abd6b7cfd1921c938cf2756.exe
[2025-05-26 17:47:29.076] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:47:30.783] Restoring snapshot 35 done
[2025-05-26 17:47:30.783] Starting up VM
[2025-05-26 17:47:36.845] Starting up VM done
[2025-05-26 17:47:36.845] Installing kernel driver
[2025-05-26 17:47:36.845] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:47:40.930] Kernel driver installation completed
[2025-05-26 17:47:40.930] Starting GP driver service
[2025-05-26 17:47:40.930] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:47:44.095] GP driver service started
[2025-05-26 17:47:44.095] Executing malware sample: D:\new\ransomware_high_confidence\babuk\a52267dc795a51404cbf2a7e8e7875929783bcc62abd6b7cfd1921c938cf2756.exe
[2025-05-26 17:47:44.096] Malware execution started
[2025-05-26 17:47:44.096] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:48:44.104] Taking screenshot
[2025-05-26 17:48:44.168] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:50:06.447] Powering off VM done
[2025-05-26 17:50:09.447] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:50:10.779] Restoring snapshot 35 done
[2025-05-26 17:50:10.779] Kernel telemetry analysis completed in 161.7 seconds.

[2025-05-26 17:50:10.779] ✅ Analysis completed successfully!
[2025-05-26 17:50:10.779] Progress: 9.4% (133/1408)
[2025-05-26 17:50:10.779] Successful: 133, Failed: 0
[2025-05-26 17:50:10.779] Time remaining: 54.4h
[2025-05-26 17:50:10.779] Waiting 5 seconds before next sample...
[2025-05-26 17:50:15.779] SAMPLE 134/1408
[2025-05-26 17:50:15.779] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:50:15.779] File: ab4eae618bb05b4fb4a8d3790a0d18a3e1566ab477519991cb161398803a8847.exe
[2025-05-26 17:50:15.779] Path: D:\new\ransomware_high_confidence\babuk\ab4eae618bb05b4fb4a8d3790a0d18a3e1566ab477519991cb161398803a8847.exe
[2025-05-26 17:50:15.779] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\ab4eae618bb05b4fb4a8d3790a0d18a3e1566ab477519991cb161398803a8847.exe
[2025-05-26 17:50:15.779] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:50:17.319] Restoring snapshot 35 done
[2025-05-26 17:50:17.319] Starting up VM
[2025-05-26 17:50:24.006] Starting up VM done
[2025-05-26 17:50:24.006] Installing kernel driver
[2025-05-26 17:50:24.006] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:50:28.291] Kernel driver installation completed
[2025-05-26 17:50:28.291] Starting GP driver service
[2025-05-26 17:50:28.291] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:50:31.446] GP driver service started
[2025-05-26 17:50:31.446] Executing malware sample: D:\new\ransomware_high_confidence\babuk\ab4eae618bb05b4fb4a8d3790a0d18a3e1566ab477519991cb161398803a8847.exe
[2025-05-26 17:50:31.447] Malware execution started
[2025-05-26 17:50:31.447] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:51:31.455] Taking screenshot
[2025-05-26 17:51:31.515] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:52:37.218] Powering off VM done
[2025-05-26 17:52:40.219] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:52:41.609] Restoring snapshot 35 done
[2025-05-26 17:52:41.609] Kernel telemetry analysis completed in 145.8 seconds.

[2025-05-26 17:52:41.609] ✅ Analysis completed successfully!
[2025-05-26 17:52:41.609] Progress: 9.5% (134/1408)
[2025-05-26 17:52:41.609] Successful: 134, Failed: 0
[2025-05-26 17:52:41.609] Time remaining: 54.4h
[2025-05-26 17:52:41.609] Waiting 5 seconds before next sample...
[2025-05-26 17:52:46.609] SAMPLE 135/1408
[2025-05-26 17:52:46.609] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:52:46.609] File: ae6020a06d2a95cbe91b439f4433e87d198547dec629ab0900ccfe17e729cff1.exe
[2025-05-26 17:52:46.609] Path: D:\new\ransomware_high_confidence\babuk\ae6020a06d2a95cbe91b439f4433e87d198547dec629ab0900ccfe17e729cff1.exe
[2025-05-26 17:52:46.609] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\ae6020a06d2a95cbe91b439f4433e87d198547dec629ab0900ccfe17e729cff1.exe
[2025-05-26 17:52:46.609] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:52:48.264] Restoring snapshot 35 done
[2025-05-26 17:52:48.265] Starting up VM
[2025-05-26 17:52:54.049] Starting up VM done
[2025-05-26 17:52:54.049] Installing kernel driver
[2025-05-26 17:52:54.049] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:52:58.247] Kernel driver installation completed
[2025-05-26 17:52:58.247] Starting GP driver service
[2025-05-26 17:52:58.247] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:53:01.396] GP driver service started
[2025-05-26 17:53:01.396] Executing malware sample: D:\new\ransomware_high_confidence\babuk\ae6020a06d2a95cbe91b439f4433e87d198547dec629ab0900ccfe17e729cff1.exe
[2025-05-26 17:53:01.397] Malware execution started
[2025-05-26 17:53:01.397] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:54:01.404] Taking screenshot
[2025-05-26 17:54:01.467] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:54:27.517] Powering off VM done
[2025-05-26 17:54:30.517] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:54:31.815] Restoring snapshot 35 done
[2025-05-26 17:54:31.815] Kernel telemetry analysis completed in 105.2 seconds.

[2025-05-26 17:54:31.815] ✅ Analysis completed successfully!
[2025-05-26 17:54:31.815] Progress: 9.6% (135/1408)
[2025-05-26 17:54:31.815] Successful: 135, Failed: 0
[2025-05-26 17:54:31.815] Time remaining: 54.2h
[2025-05-26 17:54:31.815] Waiting 5 seconds before next sample...
[2025-05-26 17:54:36.815] SAMPLE 136/1408
[2025-05-26 17:54:36.815] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:54:36.815] File: b4be6b8acda97f36c448365751d5c9a9e1b91f47cedfde79e1de258413c3de71.exe
[2025-05-26 17:54:36.815] Path: D:\new\ransomware_high_confidence\babuk\b4be6b8acda97f36c448365751d5c9a9e1b91f47cedfde79e1de258413c3de71.exe
[2025-05-26 17:54:36.816] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\b4be6b8acda97f36c448365751d5c9a9e1b91f47cedfde79e1de258413c3de71.exe
[2025-05-26 17:54:36.816] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:54:39.188] Restoring snapshot 35 done
[2025-05-26 17:54:39.188] Starting up VM
[2025-05-26 17:54:45.443] Starting up VM done
[2025-05-26 17:54:45.444] Installing kernel driver
[2025-05-26 17:54:45.444] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:54:50.144] Kernel driver installation completed
[2025-05-26 17:54:50.144] Starting GP driver service
[2025-05-26 17:54:50.144] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:54:53.293] GP driver service started
[2025-05-26 17:54:53.293] Executing malware sample: D:\new\ransomware_high_confidence\babuk\b4be6b8acda97f36c448365751d5c9a9e1b91f47cedfde79e1de258413c3de71.exe
[2025-05-26 17:54:53.294] Malware execution started
[2025-05-26 17:54:53.294] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:55:53.302] Taking screenshot
[2025-05-26 17:55:53.364] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:56:43.079] Powering off VM done
[2025-05-26 17:56:46.079] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:56:47.437] Restoring snapshot 35 done
[2025-05-26 17:56:47.437] Kernel telemetry analysis completed in 130.6 seconds.

[2025-05-26 17:56:47.437] ✅ Analysis completed successfully!
[2025-05-26 17:56:47.437] Progress: 9.7% (136/1408)
[2025-05-26 17:56:47.437] Successful: 136, Failed: 0
[2025-05-26 17:56:47.437] Time remaining: 54.1h
[2025-05-26 17:56:47.437] Waiting 5 seconds before next sample...
[2025-05-26 17:56:52.437] SAMPLE 137/1408
[2025-05-26 17:56:52.437] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:56:52.437] File: bb31f235e86b0fda185e6580ef5327f80d6a6c754f78499e8647de5e229769cc.exe
[2025-05-26 17:56:52.437] Path: D:\new\ransomware_high_confidence\babuk\bb31f235e86b0fda185e6580ef5327f80d6a6c754f78499e8647de5e229769cc.exe
[2025-05-26 17:56:52.438] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\bb31f235e86b0fda185e6580ef5327f80d6a6c754f78499e8647de5e229769cc.exe
[2025-05-26 17:56:52.438] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:56:54.157] Restoring snapshot 35 done
[2025-05-26 17:56:54.157] Starting up VM
[2025-05-26 17:57:00.756] Starting up VM done
[2025-05-26 17:57:00.756] Installing kernel driver
[2025-05-26 17:57:00.756] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:57:05.182] Kernel driver installation completed
[2025-05-26 17:57:05.182] Starting GP driver service
[2025-05-26 17:57:05.182] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:57:08.321] GP driver service started
[2025-05-26 17:57:08.321] Executing malware sample: D:\new\ransomware_high_confidence\babuk\bb31f235e86b0fda185e6580ef5327f80d6a6c754f78499e8647de5e229769cc.exe
[2025-05-26 17:57:08.322] Malware execution started
[2025-05-26 17:57:08.322] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 17:58:08.330] Taking screenshot
[2025-05-26 17:58:08.394] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:58:51.466] Powering off VM done
[2025-05-26 17:58:54.466] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:58:55.838] Restoring snapshot 35 done
[2025-05-26 17:58:55.838] Kernel telemetry analysis completed in 123.4 seconds.

[2025-05-26 17:58:55.838] ✅ Analysis completed successfully!
[2025-05-26 17:58:55.838] Progress: 9.7% (137/1408)
[2025-05-26 17:58:55.838] Successful: 137, Failed: 0
[2025-05-26 17:58:55.838] Time remaining: 54.0h
[2025-05-26 17:58:55.838] Waiting 5 seconds before next sample...
[2025-05-26 17:59:00.838] SAMPLE 138/1408
[2025-05-26 17:59:00.838] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 17:59:00.838] File: c4282e9040cdc1df92b722568a8b4c42ce9f6533fed0bd34b7fdbae264947784.exe
[2025-05-26 17:59:00.838] Path: D:\new\ransomware_high_confidence\babuk\c4282e9040cdc1df92b722568a8b4c42ce9f6533fed0bd34b7fdbae264947784.exe
[2025-05-26 17:59:00.838] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\c4282e9040cdc1df92b722568a8b4c42ce9f6533fed0bd34b7fdbae264947784.exe
[2025-05-26 17:59:00.838] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 17:59:02.602] Restoring snapshot 35 done
[2025-05-26 17:59:02.602] Starting up VM
[2025-05-26 17:59:08.700] Starting up VM done
[2025-05-26 17:59:08.700] Installing kernel driver
[2025-05-26 17:59:08.700] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 17:59:13.186] Kernel driver installation completed
[2025-05-26 17:59:13.186] Starting GP driver service
[2025-05-26 17:59:13.186] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 17:59:16.338] GP driver service started
[2025-05-26 17:59:16.338] Executing malware sample: D:\new\ransomware_high_confidence\babuk\c4282e9040cdc1df92b722568a8b4c42ce9f6533fed0bd34b7fdbae264947784.exe
[2025-05-26 17:59:16.338] Malware execution started
[2025-05-26 17:59:16.338] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:00:16.346] Taking screenshot
[2025-05-26 18:00:16.409] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:01:07.926] Powering off VM done
[2025-05-26 18:01:10.926] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:01:12.581] Restoring snapshot 35 done
[2025-05-26 18:01:12.581] Kernel telemetry analysis completed in 131.7 seconds.

[2025-05-26 18:01:12.581] ✅ Analysis completed successfully!
[2025-05-26 18:01:12.581] Progress: 9.8% (138/1408)
[2025-05-26 18:01:12.581] Successful: 138, Failed: 0
[2025-05-26 18:01:12.581] Time remaining: 54.0h
[2025-05-26 18:01:12.581] Waiting 5 seconds before next sample...
[2025-05-26 18:01:17.582] SAMPLE 139/1408
[2025-05-26 18:01:17.582] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 18:01:17.582] File: ca0d9c8e8b2ed05fcf10178e1d194f5e484892dbe59ede4ae9549d27a5c8fd75.exe
[2025-05-26 18:01:17.582] Path: D:\new\ransomware_high_confidence\babuk\ca0d9c8e8b2ed05fcf10178e1d194f5e484892dbe59ede4ae9549d27a5c8fd75.exe
[2025-05-26 18:01:17.582] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\ca0d9c8e8b2ed05fcf10178e1d194f5e484892dbe59ede4ae9549d27a5c8fd75.exe
[2025-05-26 18:01:17.582] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:01:19.322] Restoring snapshot 35 done
[2025-05-26 18:01:19.322] Starting up VM
[2025-05-26 18:01:25.246] Starting up VM done
[2025-05-26 18:01:25.246] Installing kernel driver
[2025-05-26 18:01:25.246] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:01:29.590] Kernel driver installation completed
[2025-05-26 18:01:29.590] Starting GP driver service
[2025-05-26 18:01:29.590] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:01:32.745] GP driver service started
[2025-05-26 18:01:32.745] Executing malware sample: D:\new\ransomware_high_confidence\babuk\ca0d9c8e8b2ed05fcf10178e1d194f5e484892dbe59ede4ae9549d27a5c8fd75.exe
[2025-05-26 18:01:32.745] Malware execution started
[2025-05-26 18:01:32.746] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:02:32.753] Taking screenshot
[2025-05-26 18:02:32.816] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:03:48.454] Powering off VM done
[2025-05-26 18:03:51.455] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:03:52.768] Restoring snapshot 35 done
[2025-05-26 18:03:52.768] Kernel telemetry analysis completed in 155.2 seconds.

[2025-05-26 18:03:52.768] ✅ Analysis completed successfully!
[2025-05-26 18:03:52.768] Progress: 9.9% (139/1408)
[2025-05-26 18:03:52.768] Successful: 139, Failed: 0
[2025-05-26 18:03:52.768] Time remaining: 53.9h
[2025-05-26 18:03:52.768] Waiting 5 seconds before next sample...
[2025-05-26 18:03:57.768] SAMPLE 140/1408
[2025-05-26 18:03:57.768] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 18:03:57.768] File: e0caa666e605f9ee708448cb9af69188d3afc350bbedab0143ab2a44493c33f0.exe
[2025-05-26 18:03:57.768] Path: D:\new\ransomware_high_confidence\babuk\e0caa666e605f9ee708448cb9af69188d3afc350bbedab0143ab2a44493c33f0.exe
[2025-05-26 18:03:57.768] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\e0caa666e605f9ee708448cb9af69188d3afc350bbedab0143ab2a44493c33f0.exe
[2025-05-26 18:03:57.768] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:03:59.394] Restoring snapshot 35 done
[2025-05-26 18:03:59.394] Starting up VM
[2025-05-26 18:04:06.120] Starting up VM done
[2025-05-26 18:04:06.120] Installing kernel driver
[2025-05-26 18:04:06.120] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:04:10.469] Kernel driver installation completed
[2025-05-26 18:04:10.469] Starting GP driver service
[2025-05-26 18:04:10.469] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:04:13.617] GP driver service started
[2025-05-26 18:04:13.617] Executing malware sample: D:\new\ransomware_high_confidence\babuk\e0caa666e605f9ee708448cb9af69188d3afc350bbedab0143ab2a44493c33f0.exe
[2025-05-26 18:04:13.617] Malware execution started
[2025-05-26 18:04:13.617] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:05:13.625] Taking screenshot
[2025-05-26 18:05:13.688] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:05:39.976] Powering off VM done
[2025-05-26 18:05:42.976] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:05:44.414] Restoring snapshot 35 done
[2025-05-26 18:05:44.414] Kernel telemetry analysis completed in 106.6 seconds.

[2025-05-26 18:05:44.414] ✅ Analysis completed successfully!
[2025-05-26 18:05:44.414] Progress: 9.9% (140/1408)
[2025-05-26 18:05:44.414] Successful: 140, Failed: 0
[2025-05-26 18:05:44.414] Time remaining: 53.8h
[2025-05-26 18:05:44.414] Waiting 5 seconds before next sample...
[2025-05-26 18:05:49.415] SAMPLE 141/1408
[2025-05-26 18:05:49.415] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 18:05:49.415] File: ea95f131bd9b49104d9e7ae83335254549ded9d71d557c6e4746740aecca2c85.exe
[2025-05-26 18:05:49.415] Path: D:\new\ransomware_high_confidence\babuk\ea95f131bd9b49104d9e7ae83335254549ded9d71d557c6e4746740aecca2c85.exe
[2025-05-26 18:05:49.415] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\ea95f131bd9b49104d9e7ae83335254549ded9d71d557c6e4746740aecca2c85.exe
[2025-05-26 18:05:49.415] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:05:50.909] Restoring snapshot 35 done
[2025-05-26 18:05:50.909] Starting up VM
[2025-05-26 18:05:57.504] Starting up VM done
[2025-05-26 18:05:57.504] Installing kernel driver
[2025-05-26 18:05:57.504] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:06:02.038] Kernel driver installation completed
[2025-05-26 18:06:02.038] Starting GP driver service
[2025-05-26 18:06:02.038] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:06:05.194] GP driver service started
[2025-05-26 18:06:05.194] Executing malware sample: D:\new\ransomware_high_confidence\babuk\ea95f131bd9b49104d9e7ae83335254549ded9d71d557c6e4746740aecca2c85.exe
[2025-05-26 18:06:05.194] Malware execution started
[2025-05-26 18:06:05.194] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:07:05.202] Taking screenshot
[2025-05-26 18:07:05.264] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:08:16.151] Powering off VM done
[2025-05-26 18:08:19.151] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:08:20.689] Restoring snapshot 35 done
[2025-05-26 18:08:20.690] Kernel telemetry analysis completed in 151.3 seconds.

[2025-05-26 18:08:20.690] ✅ Analysis completed successfully!
[2025-05-26 18:08:20.690] Progress: 10.0% (141/1408)
[2025-05-26 18:08:20.690] Successful: 141, Failed: 0
[2025-05-26 18:08:20.690] Time remaining: 53.7h
[2025-05-26 18:08:20.690] Waiting 5 seconds before next sample...
[2025-05-26 18:08:25.690] SAMPLE 142/1408
[2025-05-26 18:08:25.690] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 18:08:25.690] File: eec8782eacf1c447a8ddbfe795842958ff68511ddbb5025255151f2b98fe8f78.exe
[2025-05-26 18:08:25.690] Path: D:\new\ransomware_high_confidence\babuk\eec8782eacf1c447a8ddbfe795842958ff68511ddbb5025255151f2b98fe8f78.exe
[2025-05-26 18:08:25.690] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\eec8782eacf1c447a8ddbfe795842958ff68511ddbb5025255151f2b98fe8f78.exe
[2025-05-26 18:08:25.690] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:08:27.241] Restoring snapshot 35 done
[2025-05-26 18:08:27.241] Starting up VM
[2025-05-26 18:08:34.124] Starting up VM done
[2025-05-26 18:08:34.124] Installing kernel driver
[2025-05-26 18:08:34.124] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:08:38.450] Kernel driver installation completed
[2025-05-26 18:08:38.450] Starting GP driver service
[2025-05-26 18:08:38.450] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:08:41.610] GP driver service started
[2025-05-26 18:08:41.610] Executing malware sample: D:\new\ransomware_high_confidence\babuk\eec8782eacf1c447a8ddbfe795842958ff68511ddbb5025255151f2b98fe8f78.exe
[2025-05-26 18:08:41.611] Malware execution started
[2025-05-26 18:08:41.611] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:09:41.619] Taking screenshot
[2025-05-26 18:09:41.681] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:10:19.158] Powering off VM done
[2025-05-26 18:10:22.158] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:10:23.695] Restoring snapshot 35 done
[2025-05-26 18:10:23.695] Kernel telemetry analysis completed in 118.0 seconds.

[2025-05-26 18:10:23.695] ✅ Analysis completed successfully!
[2025-05-26 18:10:23.695] Progress: 10.1% (142/1408)
[2025-05-26 18:10:23.695] Successful: 142, Failed: 0
[2025-05-26 18:10:23.695] Time remaining: 53.6h
[2025-05-26 18:10:23.695] Waiting 5 seconds before next sample...
[2025-05-26 18:10:28.695] SAMPLE 143/1408
[2025-05-26 18:10:28.695] Family: D:\new\ransomware_high_confidence\babuk
[2025-05-26 18:10:28.695] File: f1719415abe4dcba0daef0a1e5c8994d1d3c0c659d3e0a11b34f307370dd8683.exe
[2025-05-26 18:10:28.695] Path: D:\new\ransomware_high_confidence\babuk\f1719415abe4dcba0daef0a1e5c8994d1d3c0c659d3e0a11b34f307370dd8683.exe
[2025-05-26 18:10:28.695] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\babuk\f1719415abe4dcba0daef0a1e5c8994d1d3c0c659d3e0a11b34f307370dd8683.exe
[2025-05-26 18:10:28.695] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:10:30.434] Restoring snapshot 35 done
[2025-05-26 18:10:30.434] Starting up VM
[2025-05-26 18:10:36.834] Starting up VM done
[2025-05-26 18:10:36.834] Installing kernel driver
[2025-05-26 18:10:36.834] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:10:40.451] Kernel driver installation completed
[2025-05-26 18:10:40.451] Starting GP driver service
[2025-05-26 18:10:40.451] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:10:43.601] GP driver service started
[2025-05-26 18:10:43.601] Executing malware sample: D:\new\ransomware_high_confidence\babuk\f1719415abe4dcba0daef0a1e5c8994d1d3c0c659d3e0a11b34f307370dd8683.exe
[2025-05-26 18:10:43.601] Malware execution started
[2025-05-26 18:10:43.601] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:11:43.610] Taking screenshot
[2025-05-26 18:11:43.672] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:13:15.749] Powering off VM done
[2025-05-26 18:13:18.750] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:13:20.200] Restoring snapshot 35 done
[2025-05-26 18:13:20.200] Kernel telemetry analysis completed in 171.5 seconds.

[2025-05-26 18:13:20.200] ✅ Analysis completed successfully!
[2025-05-26 18:13:20.200] Progress: 10.2% (143/1408)
[2025-05-26 18:13:20.200] Successful: 143, Failed: 0
[2025-05-26 18:13:20.200] Time remaining: 53.7h
[2025-05-26 18:13:20.200] Waiting 5 seconds before next sample...
[2025-05-26 18:13:25.200] SAMPLE 144/1408
[2025-05-26 18:13:25.200] Family: D:\new\ransomware_high_confidence\bianlian
[2025-05-26 18:13:25.200] File: 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe
[2025-05-26 18:13:25.200] Path: D:\new\ransomware_high_confidence\bianlian\1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe
[2025-05-26 18:13:25.200] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bianlian\1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe
[2025-05-26 18:13:25.200] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:13:26.740] Restoring snapshot 35 done
[2025-05-26 18:13:26.740] Starting up VM
[2025-05-26 18:13:33.088] Starting up VM done
[2025-05-26 18:13:33.088] Installing kernel driver
[2025-05-26 18:13:33.088] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:13:37.453] Kernel driver installation completed
[2025-05-26 18:13:37.453] Starting GP driver service
[2025-05-26 18:13:37.453] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:13:40.608] GP driver service started
[2025-05-26 18:13:40.608] Executing malware sample: D:\new\ransomware_high_confidence\bianlian\1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43.exe
[2025-05-26 18:13:40.608] Malware execution started
[2025-05-26 18:13:40.608] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:14:40.617] Taking screenshot
[2025-05-26 18:14:40.678] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:15:16.199] Powering off VM done
[2025-05-26 18:15:19.200] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:15:20.997] Restoring snapshot 35 done
[2025-05-26 18:15:20.997] Kernel telemetry analysis completed in 115.8 seconds.

[2025-05-26 18:15:20.997] ✅ Analysis completed successfully!
[2025-05-26 18:15:20.997] Progress: 10.2% (144/1408)
[2025-05-26 18:15:20.997] Successful: 144, Failed: 0
[2025-05-26 18:15:20.997] Time remaining: 53.5h
[2025-05-26 18:15:20.997] Waiting 5 seconds before next sample...
[2025-05-26 18:15:25.997] SAMPLE 145/1408
[2025-05-26 18:15:25.997] Family: D:\new\ransomware_high_confidence\bianlian
[2025-05-26 18:15:25.997] File: 20bab94e6d9c8ed4832ce3b58f9150b16f9e5f40ffdcb747e10366cab5a30352.exe
[2025-05-26 18:15:25.997] Path: D:\new\ransomware_high_confidence\bianlian\20bab94e6d9c8ed4832ce3b58f9150b16f9e5f40ffdcb747e10366cab5a30352.exe
[2025-05-26 18:15:25.997] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bianlian\20bab94e6d9c8ed4832ce3b58f9150b16f9e5f40ffdcb747e10366cab5a30352.exe
[2025-05-26 18:15:25.997] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:15:27.845] Restoring snapshot 35 done
[2025-05-26 18:15:27.845] Starting up VM
[2025-05-26 18:15:34.477] Starting up VM done
[2025-05-26 18:15:34.478] Installing kernel driver
[2025-05-26 18:15:34.478] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:15:38.765] Kernel driver installation completed
[2025-05-26 18:15:38.765] Starting GP driver service
[2025-05-26 18:15:38.765] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:15:41.922] GP driver service started
[2025-05-26 18:15:41.922] Executing malware sample: D:\new\ransomware_high_confidence\bianlian\20bab94e6d9c8ed4832ce3b58f9150b16f9e5f40ffdcb747e10366cab5a30352.exe
[2025-05-26 18:15:41.922] Malware execution started
[2025-05-26 18:15:41.922] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:16:41.930] Taking screenshot
[2025-05-26 18:16:41.992] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:16:58.873] Powering off VM done
[2025-05-26 18:17:01.873] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:17:03.688] Restoring snapshot 35 done
[2025-05-26 18:17:03.688] Kernel telemetry analysis completed in 97.7 seconds.

[2025-05-26 18:17:03.688] ✅ Analysis completed successfully!
[2025-05-26 18:17:03.688] Progress: 10.3% (145/1408)
[2025-05-26 18:17:03.688] Successful: 145, Failed: 0
[2025-05-26 18:17:03.688] Time remaining: 53.4h
[2025-05-26 18:17:03.688] Waiting 5 seconds before next sample...
[2025-05-26 18:17:08.689] SAMPLE 146/1408
[2025-05-26 18:17:08.689] Family: D:\new\ransomware_high_confidence\bianlian
[2025-05-26 18:17:08.689] File: 3a2f6e614ff030804aa18cb03fcc3bc357f6226786efb4a734cbe2a3a1984b6f.exe
[2025-05-26 18:17:08.689] Path: D:\new\ransomware_high_confidence\bianlian\3a2f6e614ff030804aa18cb03fcc3bc357f6226786efb4a734cbe2a3a1984b6f.exe
[2025-05-26 18:17:08.689] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bianlian\3a2f6e614ff030804aa18cb03fcc3bc357f6226786efb4a734cbe2a3a1984b6f.exe
[2025-05-26 18:17:08.689] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:17:10.365] Restoring snapshot 35 done
[2025-05-26 18:17:10.365] Starting up VM
[2025-05-26 18:17:16.361] Starting up VM done
[2025-05-26 18:17:16.361] Installing kernel driver
[2025-05-26 18:17:16.361] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:17:20.034] Kernel driver installation completed
[2025-05-26 18:17:20.034] Starting GP driver service
[2025-05-26 18:17:20.034] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:17:23.193] GP driver service started
[2025-05-26 18:17:23.193] Executing malware sample: D:\new\ransomware_high_confidence\bianlian\3a2f6e614ff030804aa18cb03fcc3bc357f6226786efb4a734cbe2a3a1984b6f.exe
[2025-05-26 18:17:23.194] Malware execution started
[2025-05-26 18:17:23.194] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:18:23.202] Taking screenshot
[2025-05-26 18:18:23.265] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:20:08.159] Powering off VM done
[2025-05-26 18:20:11.159] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:20:12.190] Restoring snapshot 35 done
[2025-05-26 18:20:12.190] Kernel telemetry analysis completed in 183.5 seconds.

[2025-05-26 18:20:12.190] ✅ Analysis completed successfully!
[2025-05-26 18:20:12.190] Progress: 10.4% (146/1408)
[2025-05-26 18:20:12.190] Successful: 146, Failed: 0
[2025-05-26 18:20:12.190] Time remaining: 53.4h
[2025-05-26 18:20:12.190] Waiting 5 seconds before next sample...
[2025-05-26 18:20:17.190] SAMPLE 147/1408
[2025-05-26 18:20:17.190] Family: D:\new\ransomware_high_confidence\bianlian
[2025-05-26 18:20:17.190] File: 46d340eaf6b78207e24b6011422f1a5b4a566e493d72365c6a1cace11c36b28b.exe
[2025-05-26 18:20:17.190] Path: D:\new\ransomware_high_confidence\bianlian\46d340eaf6b78207e24b6011422f1a5b4a566e493d72365c6a1cace11c36b28b.exe
[2025-05-26 18:20:17.190] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bianlian\46d340eaf6b78207e24b6011422f1a5b4a566e493d72365c6a1cace11c36b28b.exe
[2025-05-26 18:20:17.190] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:20:18.810] Restoring snapshot 35 done
[2025-05-26 18:20:18.810] Starting up VM
[2025-05-26 18:20:24.706] Starting up VM done
[2025-05-26 18:20:24.706] Installing kernel driver
[2025-05-26 18:20:24.706] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:20:28.365] Kernel driver installation completed
[2025-05-26 18:20:28.365] Starting GP driver service
[2025-05-26 18:20:28.365] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:20:31.524] GP driver service started
[2025-05-26 18:20:31.524] Executing malware sample: D:\new\ransomware_high_confidence\bianlian\46d340eaf6b78207e24b6011422f1a5b4a566e493d72365c6a1cace11c36b28b.exe
[2025-05-26 18:20:31.525] Malware execution started
[2025-05-26 18:20:31.525] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:21:31.533] Taking screenshot
[2025-05-26 18:21:31.596] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:22:02.723] Powering off VM done
[2025-05-26 18:22:05.723] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:22:06.750] Restoring snapshot 35 done
[2025-05-26 18:22:06.750] Kernel telemetry analysis completed in 109.6 seconds.

[2025-05-26 18:22:06.750] ✅ Analysis completed successfully!
[2025-05-26 18:22:06.750] Progress: 10.4% (147/1408)
[2025-05-26 18:22:06.750] Successful: 147, Failed: 0
[2025-05-26 18:22:06.750] Time remaining: 53.3h
[2025-05-26 18:22:06.750] Waiting 5 seconds before next sample...
[2025-05-26 18:22:11.750] SAMPLE 148/1408
[2025-05-26 18:22:11.750] Family: D:\new\ransomware_high_confidence\bianlian
[2025-05-26 18:22:11.750] File: 50c86fb27bed1962903a5f9d155544e3fdb859ae19e967a10f0bf3a60bb8954f.exe
[2025-05-26 18:22:11.750] Path: D:\new\ransomware_high_confidence\bianlian\50c86fb27bed1962903a5f9d155544e3fdb859ae19e967a10f0bf3a60bb8954f.exe
[2025-05-26 18:22:11.750] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bianlian\50c86fb27bed1962903a5f9d155544e3fdb859ae19e967a10f0bf3a60bb8954f.exe
[2025-05-26 18:22:11.750] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:22:13.292] Restoring snapshot 35 done
[2025-05-26 18:22:13.292] Starting up VM
[2025-05-26 18:22:18.995] Starting up VM done
[2025-05-26 18:22:18.995] Installing kernel driver
[2025-05-26 18:22:18.995] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:22:22.680] Kernel driver installation completed
[2025-05-26 18:22:22.680] Starting GP driver service
[2025-05-26 18:22:22.680] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:22:25.841] GP driver service started
[2025-05-26 18:22:25.841] Executing malware sample: D:\new\ransomware_high_confidence\bianlian\50c86fb27bed1962903a5f9d155544e3fdb859ae19e967a10f0bf3a60bb8954f.exe
[2025-05-26 18:22:25.841] Malware execution started
[2025-05-26 18:22:25.841] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:23:25.849] Taking screenshot
[2025-05-26 18:23:25.911] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:23:42.370] Powering off VM done
[2025-05-26 18:23:45.371] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:23:46.946] Restoring snapshot 35 done
[2025-05-26 18:23:46.946] Kernel telemetry analysis completed in 95.2 seconds.

[2025-05-26 18:23:46.946] ✅ Analysis completed successfully!
[2025-05-26 18:23:46.946] Progress: 10.5% (148/1408)
[2025-05-26 18:23:46.946] Successful: 148, Failed: 0
[2025-05-26 18:23:46.946] Time remaining: 53.1h
[2025-05-26 18:23:46.946] Waiting 5 seconds before next sample...
[2025-05-26 18:23:51.947] SAMPLE 149/1408
[2025-05-26 18:23:51.947] Family: D:\new\ransomware_high_confidence\bianlian
[2025-05-26 18:23:51.947] File: c0fe7bfb0d1ffeb61fb9cafeeab79ffd1660ff3637798e315ff15d802a3c974e.exe
[2025-05-26 18:23:51.947] Path: D:\new\ransomware_high_confidence\bianlian\c0fe7bfb0d1ffeb61fb9cafeeab79ffd1660ff3637798e315ff15d802a3c974e.exe
[2025-05-26 18:23:51.947] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bianlian\c0fe7bfb0d1ffeb61fb9cafeeab79ffd1660ff3637798e315ff15d802a3c974e.exe
[2025-05-26 18:23:51.947] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:23:53.834] Restoring snapshot 35 done
[2025-05-26 18:23:53.834] Starting up VM
[2025-05-26 18:23:59.699] Starting up VM done
[2025-05-26 18:23:59.700] Installing kernel driver
[2025-05-26 18:23:59.700] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:24:03.850] Kernel driver installation completed
[2025-05-26 18:24:03.850] Starting GP driver service
[2025-05-26 18:24:03.850] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:24:07.011] GP driver service started
[2025-05-26 18:24:07.011] Executing malware sample: D:\new\ransomware_high_confidence\bianlian\c0fe7bfb0d1ffeb61fb9cafeeab79ffd1660ff3637798e315ff15d802a3c974e.exe
[2025-05-26 18:24:07.011] Malware execution started
[2025-05-26 18:24:07.011] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:25:07.019] Taking screenshot
[2025-05-26 18:25:07.082] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:25:23.370] Powering off VM done
[2025-05-26 18:25:26.370] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:25:27.960] Restoring snapshot 35 done
[2025-05-26 18:25:27.960] Kernel telemetry analysis completed in 96.0 seconds.

[2025-05-26 18:25:27.960] ✅ Analysis completed successfully!
[2025-05-26 18:25:27.960] Progress: 10.6% (149/1408)
[2025-05-26 18:25:27.960] Successful: 149, Failed: 0
[2025-05-26 18:25:27.960] Time remaining: 53.0h
[2025-05-26 18:25:27.960] Waiting 5 seconds before next sample...
[2025-05-26 18:25:32.960] SAMPLE 150/1408
[2025-05-26 18:25:32.960] Family: D:\new\ransomware_high_confidence\bianlian
[2025-05-26 18:25:32.960] File: cd17afd9115b2d83e948a1bcabf508f42d0fe7edb56cc62f5cc467c938e45033.exe
[2025-05-26 18:25:32.960] Path: D:\new\ransomware_high_confidence\bianlian\cd17afd9115b2d83e948a1bcabf508f42d0fe7edb56cc62f5cc467c938e45033.exe
[2025-05-26 18:25:32.960] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bianlian\cd17afd9115b2d83e948a1bcabf508f42d0fe7edb56cc62f5cc467c938e45033.exe
[2025-05-26 18:25:32.960] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:25:34.684] Restoring snapshot 35 done
[2025-05-26 18:25:34.684] Starting up VM
[2025-05-26 18:25:40.547] Starting up VM done
[2025-05-26 18:25:40.547] Installing kernel driver
[2025-05-26 18:25:40.547] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:25:45.044] Kernel driver installation completed
[2025-05-26 18:25:45.044] Starting GP driver service
[2025-05-26 18:25:45.044] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:25:48.195] GP driver service started
[2025-05-26 18:25:48.195] Executing malware sample: D:\new\ransomware_high_confidence\bianlian\cd17afd9115b2d83e948a1bcabf508f42d0fe7edb56cc62f5cc467c938e45033.exe
[2025-05-26 18:25:48.195] Malware execution started
[2025-05-26 18:25:48.195] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:26:48.203] Taking screenshot
[2025-05-26 18:26:48.267] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:27:15.688] Powering off VM done
[2025-05-26 18:27:18.689] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:27:20.368] Restoring snapshot 35 done
[2025-05-26 18:27:20.368] Kernel telemetry analysis completed in 107.4 seconds.

[2025-05-26 18:27:20.368] ✅ Analysis completed successfully!
[2025-05-26 18:27:20.368] Progress: 10.7% (150/1408)
[2025-05-26 18:27:20.368] Successful: 150, Failed: 0
[2025-05-26 18:27:20.368] Time remaining: 52.8h
[2025-05-26 18:27:20.368] Waiting 5 seconds before next sample...
[2025-05-26 18:27:25.369] SAMPLE 151/1408
[2025-05-26 18:27:25.369] Family: D:\new\ransomware_high_confidence\bianlian
[2025-05-26 18:27:25.369] File: d602562ba7273695df9248a8590b510ccd49fefb97f5c75d485895abba13418d.exe
[2025-05-26 18:27:25.369] Path: D:\new\ransomware_high_confidence\bianlian\d602562ba7273695df9248a8590b510ccd49fefb97f5c75d485895abba13418d.exe
[2025-05-26 18:27:25.369] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bianlian\d602562ba7273695df9248a8590b510ccd49fefb97f5c75d485895abba13418d.exe
[2025-05-26 18:27:25.369] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:27:27.325] Restoring snapshot 35 done
[2025-05-26 18:27:27.325] Starting up VM
[2025-05-26 18:27:34.009] Starting up VM done
[2025-05-26 18:27:34.009] Installing kernel driver
[2025-05-26 18:27:34.009] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:27:37.666] Kernel driver installation completed
[2025-05-26 18:27:37.666] Starting GP driver service
[2025-05-26 18:27:37.666] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:27:40.813] GP driver service started
[2025-05-26 18:27:40.814] Executing malware sample: D:\new\ransomware_high_confidence\bianlian\d602562ba7273695df9248a8590b510ccd49fefb97f5c75d485895abba13418d.exe
[2025-05-26 18:27:40.814] Malware execution started
[2025-05-26 18:27:40.814] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:28:40.822] Taking screenshot
[2025-05-26 18:28:40.884] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:28:57.371] Powering off VM done
[2025-05-26 18:29:00.371] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:29:01.780] Restoring snapshot 35 done
[2025-05-26 18:29:01.780] Kernel telemetry analysis completed in 96.4 seconds.

[2025-05-26 18:29:01.780] ✅ Analysis completed successfully!
[2025-05-26 18:29:01.780] Progress: 10.7% (151/1408)
[2025-05-26 18:29:01.780] Successful: 151, Failed: 0
[2025-05-26 18:29:01.780] Time remaining: 52.7h
[2025-05-26 18:29:01.780] Waiting 5 seconds before next sample...
[2025-05-26 18:29:06.780] SAMPLE 152/1408
[2025-05-26 18:29:06.780] Family: D:\new\ransomware_high_confidence\bianlian
[2025-05-26 18:29:06.780] File: da7a959ae7ea237bb6cd913119a35baa43a68e375f892857f6d77eaa62aabbaf.exe
[2025-05-26 18:29:06.780] Path: D:\new\ransomware_high_confidence\bianlian\da7a959ae7ea237bb6cd913119a35baa43a68e375f892857f6d77eaa62aabbaf.exe
[2025-05-26 18:29:06.780] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bianlian\da7a959ae7ea237bb6cd913119a35baa43a68e375f892857f6d77eaa62aabbaf.exe
[2025-05-26 18:29:06.780] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:29:08.560] Restoring snapshot 35 done
[2025-05-26 18:29:08.560] Starting up VM
[2025-05-26 18:29:15.048] Starting up VM done
[2025-05-26 18:29:15.048] Installing kernel driver
[2025-05-26 18:29:15.048] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:29:18.865] Kernel driver installation completed
[2025-05-26 18:29:18.865] Starting GP driver service
[2025-05-26 18:29:18.865] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:29:22.016] GP driver service started
[2025-05-26 18:29:22.016] Executing malware sample: D:\new\ransomware_high_confidence\bianlian\da7a959ae7ea237bb6cd913119a35baa43a68e375f892857f6d77eaa62aabbaf.exe
[2025-05-26 18:29:22.017] Malware execution started
[2025-05-26 18:29:22.017] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:30:22.024] Taking screenshot
[2025-05-26 18:30:22.087] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:30:37.534] Powering off VM done
[2025-05-26 18:30:40.534] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:30:41.722] Restoring snapshot 35 done
[2025-05-26 18:30:41.722] Kernel telemetry analysis completed in 94.9 seconds.

[2025-05-26 18:30:41.722] ✅ Analysis completed successfully!
[2025-05-26 18:30:41.722] Progress: 10.8% (152/1408)
[2025-05-26 18:30:41.722] Successful: 152, Failed: 0
[2025-05-26 18:30:41.722] Time remaining: 52.5h
[2025-05-26 18:30:41.722] Waiting 5 seconds before next sample...
[2025-05-26 18:30:46.722] SAMPLE 153/1408
[2025-05-26 18:30:46.722] Family: D:\new\ransomware_high_confidence\bianlian
[2025-05-26 18:30:46.722] File: eaf5e26c5e73f3db82cd07ea45e4d244ccb3ec3397ab5263a1a74add7bbcb6e2.exe
[2025-05-26 18:30:46.722] Path: D:\new\ransomware_high_confidence\bianlian\eaf5e26c5e73f3db82cd07ea45e4d244ccb3ec3397ab5263a1a74add7bbcb6e2.exe
[2025-05-26 18:30:46.722] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bianlian\eaf5e26c5e73f3db82cd07ea45e4d244ccb3ec3397ab5263a1a74add7bbcb6e2.exe
[2025-05-26 18:30:46.722] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:30:48.293] Restoring snapshot 35 done
[2025-05-26 18:30:48.293] Starting up VM
[2025-05-26 18:30:54.282] Starting up VM done
[2025-05-26 18:30:54.282] Installing kernel driver
[2025-05-26 18:30:54.282] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:30:57.910] Kernel driver installation completed
[2025-05-26 18:30:57.910] Starting GP driver service
[2025-05-26 18:30:57.911] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:31:01.069] GP driver service started
[2025-05-26 18:31:01.069] Executing malware sample: D:\new\ransomware_high_confidence\bianlian\eaf5e26c5e73f3db82cd07ea45e4d244ccb3ec3397ab5263a1a74add7bbcb6e2.exe
[2025-05-26 18:31:01.070] Malware execution started
[2025-05-26 18:31:01.070] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:32:01.078] Taking screenshot
[2025-05-26 18:32:01.139] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:32:37.980] Powering off VM done
[2025-05-26 18:32:40.980] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:32:42.560] Restoring snapshot 35 done
[2025-05-26 18:32:42.560] Kernel telemetry analysis completed in 115.8 seconds.

[2025-05-26 18:32:42.560] ✅ Analysis completed successfully!
[2025-05-26 18:32:42.560] Progress: 10.9% (153/1408)
[2025-05-26 18:32:42.560] Successful: 153, Failed: 0
[2025-05-26 18:32:42.560] Time remaining: 52.4h
[2025-05-26 18:32:42.560] Waiting 5 seconds before next sample...
[2025-05-26 18:32:47.561] SAMPLE 154/1408
[2025-05-26 18:32:47.561] Family: D:\new\ransomware_high_confidence\bianlian
[2025-05-26 18:32:47.561] File: f7a3a8734c004682201b8873691d684985329be3fcdba965f268103a086ebaad.exe
[2025-05-26 18:32:47.561] Path: D:\new\ransomware_high_confidence\bianlian\f7a3a8734c004682201b8873691d684985329be3fcdba965f268103a086ebaad.exe
[2025-05-26 18:32:47.561] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bianlian\f7a3a8734c004682201b8873691d684985329be3fcdba965f268103a086ebaad.exe
[2025-05-26 18:32:47.561] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:32:49.405] Restoring snapshot 35 done
[2025-05-26 18:32:49.405] Starting up VM
[2025-05-26 18:32:55.258] Starting up VM done
[2025-05-26 18:32:55.258] Installing kernel driver
[2025-05-26 18:32:55.258] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:32:59.183] Kernel driver installation completed
[2025-05-26 18:32:59.183] Starting GP driver service
[2025-05-26 18:32:59.183] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:33:02.330] GP driver service started
[2025-05-26 18:33:02.330] Executing malware sample: D:\new\ransomware_high_confidence\bianlian\f7a3a8734c004682201b8873691d684985329be3fcdba965f268103a086ebaad.exe
[2025-05-26 18:33:02.331] Malware execution started
[2025-05-26 18:33:02.331] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:34:02.339] Taking screenshot
[2025-05-26 18:34:02.399] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:34:22.698] Powering off VM done
[2025-05-26 18:34:25.698] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:34:26.981] Restoring snapshot 35 done
[2025-05-26 18:34:26.981] Kernel telemetry analysis completed in 99.4 seconds.

[2025-05-26 18:34:26.981] ✅ Analysis completed successfully!
[2025-05-26 18:34:26.981] Progress: 10.9% (154/1408)
[2025-05-26 18:34:26.981] Successful: 154, Failed: 0
[2025-05-26 18:34:26.981] Time remaining: 52.3h
[2025-05-26 18:34:26.981] Waiting 5 seconds before next sample...
[2025-05-26 18:34:31.981] SAMPLE 155/1408
[2025-05-26 18:34:31.981] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 18:34:31.981] File: 03309c90e6c60a2e3cd44374efa3003ae10cd9e05ba6a39c77aa5289b32cb969.exe
[2025-05-26 18:34:31.981] Path: D:\new\ransomware_high_confidence\blackbasta\03309c90e6c60a2e3cd44374efa3003ae10cd9e05ba6a39c77aa5289b32cb969.exe
[2025-05-26 18:34:31.981] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\03309c90e6c60a2e3cd44374efa3003ae10cd9e05ba6a39c77aa5289b32cb969.exe
[2025-05-26 18:34:31.981] Malware execu

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:34:33.785] Restoring snapshot 35 done
[2025-05-26 18:34:33.785] Starting up VM
[2025-05-26 18:34:40.526] Starting up VM done
[2025-05-26 18:34:40.526] Installing kernel driver
[2025-05-26 18:34:40.526] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:34:44.753] Kernel driver installation completed
[2025-05-26 18:34:44.753] Starting GP driver service
[2025-05-26 18:34:44.753] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:34:47.905] GP driver service started
[2025-05-26 18:34:47.906] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\03309c90e6c60a2e3cd44374efa3003ae10cd9e05ba6a39c77aa5289b32cb969.exe
[2025-05-26 18:34:47.906] Malware execution started
[2025-05-26 18:34:47.906] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:35:47.914] Taking screenshot
[2025-05-26 18:35:47.976] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:36:47.822] Powering off VM done
[2025-05-26 18:36:50.822] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:36:52.229] Restoring snapshot 35 done
[2025-05-26 18:36:52.229] Kernel telemetry analysis completed in 140.2 seconds.

[2025-05-26 18:36:52.229] ✅ Analysis completed successfully!
[2025-05-26 18:36:52.229] Progress: 11.0% (155/1408)
[2025-05-26 18:36:52.229] Successful: 155, Failed: 0
[2025-05-26 18:36:52.229] Time remaining: 52.2h
[2025-05-26 18:36:52.229] Waiting 5 seconds before next sample...
[2025-05-26 18:36:57.229] SAMPLE 156/1408
[2025-05-26 18:36:57.229] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 18:36:57.229] File: 15560b1e35a3a8612a7ba91d00dea6b8dd6e4f3f857399c22c0c75377c9b31a2.exe
[2025-05-26 18:36:57.229] Path: D:\new\ransomware_high_confidence\blackbasta\15560b1e35a3a8612a7ba91d00dea6b8dd6e4f3f857399c22c0c75377c9b31a2.exe
[2025-05-26 18:36:57.229] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\15560b1e35a3a8612a7ba91d00dea6b8dd6e4f3f857399c22c0c75377c9b31a2.exe
[2025-05-26 18:36:57.229] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:36:58.986] Restoring snapshot 35 done
[2025-05-26 18:36:58.986] Starting up VM
[2025-05-26 18:37:04.866] Starting up VM done
[2025-05-26 18:37:04.866] Installing kernel driver
[2025-05-26 18:37:04.866] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:37:09.140] Kernel driver installation completed
[2025-05-26 18:37:09.141] Starting GP driver service
[2025-05-26 18:37:09.141] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:37:12.288] GP driver service started
[2025-05-26 18:37:12.288] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\15560b1e35a3a8612a7ba91d00dea6b8dd6e4f3f857399c22c0c75377c9b31a2.exe
[2025-05-26 18:37:12.288] Malware execution started
[2025-05-26 18:37:12.288] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:38:12.296] Taking screenshot
[2025-05-26 18:38:12.360] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:39:14.280] Powering off VM done
[2025-05-26 18:39:17.281] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:39:18.510] Restoring snapshot 35 done
[2025-05-26 18:39:18.510] Kernel telemetry analysis completed in 141.3 seconds.

[2025-05-26 18:39:18.510] ✅ Analysis completed successfully!
[2025-05-26 18:39:18.510] Progress: 11.1% (156/1408)
[2025-05-26 18:39:18.510] Successful: 156, Failed: 0
[2025-05-26 18:39:18.510] Time remaining: 52.1h
[2025-05-26 18:39:18.510] Waiting 5 seconds before next sample...
[2025-05-26 18:39:23.511] SAMPLE 157/1408
[2025-05-26 18:39:23.511] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 18:39:23.511] File: 15abbff9fbce7f5782c1654775938dcd2ce0a8ebd683a008547f8a4e421888c4.exe
[2025-05-26 18:39:23.511] Path: D:\new\ransomware_high_confidence\blackbasta\15abbff9fbce7f5782c1654775938dcd2ce0a8ebd683a008547f8a4e421888c4.exe
[2025-05-26 18:39:23.511] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\15abbff9fbce7f5782c1654775938dcd2ce0a8ebd683a008547f8a4e421888c4.exe
[2025-05-26 18:39:23.511] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:39:25.053] Restoring snapshot 35 done
[2025-05-26 18:39:25.053] Starting up VM
[2025-05-26 18:39:31.622] Starting up VM done
[2025-05-26 18:39:31.622] Installing kernel driver
[2025-05-26 18:39:31.622] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:39:35.933] Kernel driver installation completed
[2025-05-26 18:39:35.933] Starting GP driver service
[2025-05-26 18:39:35.933] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:39:39.091] GP driver service started
[2025-05-26 18:39:39.091] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\15abbff9fbce7f5782c1654775938dcd2ce0a8ebd683a008547f8a4e421888c4.exe
[2025-05-26 18:39:39.091] Malware execution started
[2025-05-26 18:39:39.091] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:40:39.100] Taking screenshot
[2025-05-26 18:40:39.162] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:41:41.530] Powering off VM done
[2025-05-26 18:41:44.531] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:41:45.572] Restoring snapshot 35 done
[2025-05-26 18:41:45.572] Kernel telemetry analysis completed in 142.1 seconds.

[2025-05-26 18:41:45.572] ✅ Analysis completed successfully!
[2025-05-26 18:41:45.572] Progress: 11.2% (157/1408)
[2025-05-26 18:41:45.572] Successful: 157, Failed: 0
[2025-05-26 18:41:45.572] Time remaining: 52.1h
[2025-05-26 18:41:45.572] Waiting 5 seconds before next sample...
[2025-05-26 18:41:50.573] SAMPLE 158/1408
[2025-05-26 18:41:50.573] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 18:41:50.573] File: 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe
[2025-05-26 18:41:50.573] Path: D:\new\ransomware_high_confidence\blackbasta\17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe
[2025-05-26 18:41:50.573] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe
[2025-05-26 18:41:50.573] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:41:52.315] Restoring snapshot 35 done
[2025-05-26 18:41:52.315] Starting up VM
[2025-05-26 18:41:58.476] Starting up VM done
[2025-05-26 18:41:58.476] Installing kernel driver
[2025-05-26 18:41:58.476] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:42:02.799] Kernel driver installation completed
[2025-05-26 18:42:02.799] Starting GP driver service
[2025-05-26 18:42:02.799] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:42:05.951] GP driver service started
[2025-05-26 18:42:05.951] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90.exe
[2025-05-26 18:42:05.951] Malware execution started
[2025-05-26 18:42:05.951] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:43:05.959] Taking screenshot
[2025-05-26 18:43:06.020] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:44:13.081] Powering off VM done
[2025-05-26 18:44:16.081] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:44:17.114] Restoring snapshot 35 done
[2025-05-26 18:44:17.115] Kernel telemetry analysis completed in 146.5 seconds.

[2025-05-26 18:44:17.115] ✅ Analysis completed successfully!
[2025-05-26 18:44:17.115] Progress: 11.2% (158/1408)
[2025-05-26 18:44:17.115] Successful: 158, Failed: 0
[2025-05-26 18:44:17.115] Time remaining: 52.1h
[2025-05-26 18:44:17.115] Waiting 5 seconds before next sample...
[2025-05-26 18:44:22.115] SAMPLE 159/1408
[2025-05-26 18:44:22.115] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 18:44:22.115] File: 1bb7e645d4ff753157bbdd78829276356cb6660a767ab7158fc7dec3fe8b0e2f.exe
[2025-05-26 18:44:22.115] Path: D:\new\ransomware_high_confidence\blackbasta\1bb7e645d4ff753157bbdd78829276356cb6660a767ab7158fc7dec3fe8b0e2f.exe
[2025-05-26 18:44:22.115] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\1bb7e645d4ff753157bbdd78829276356cb6660a767ab7158fc7dec3fe8b0e2f.exe
[2025-05-26 18:44:22.115] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:44:23.850] Restoring snapshot 35 done
[2025-05-26 18:44:23.850] Starting up VM
[2025-05-26 18:44:30.438] Starting up VM done
[2025-05-26 18:44:30.438] Installing kernel driver
[2025-05-26 18:44:30.438] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:44:34.745] Kernel driver installation completed
[2025-05-26 18:44:34.745] Starting GP driver service
[2025-05-26 18:44:34.745] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:44:37.896] GP driver service started
[2025-05-26 18:44:37.896] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\1bb7e645d4ff753157bbdd78829276356cb6660a767ab7158fc7dec3fe8b0e2f.exe
[2025-05-26 18:44:37.897] Malware execution started
[2025-05-26 18:44:37.897] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:45:37.905] Taking screenshot
[2025-05-26 18:45:37.968] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:47:00.624] Powering off VM done
[2025-05-26 18:47:03.624] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:47:05.048] Restoring snapshot 35 done
[2025-05-26 18:47:05.048] Kernel telemetry analysis completed in 162.9 seconds.

[2025-05-26 18:47:05.048] ✅ Analysis completed successfully!
[2025-05-26 18:47:05.048] Progress: 11.3% (159/1408)
[2025-05-26 18:47:05.048] Successful: 159, Failed: 0
[2025-05-26 18:47:05.048] Time remaining: 52.1h
[2025-05-26 18:47:05.048] Waiting 5 seconds before next sample...
[2025-05-26 18:47:10.048] SAMPLE 160/1408
[2025-05-26 18:47:10.048] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 18:47:10.048] File: 203d2807df6ef531efbec7bfd109986de3e23df64c01ea4e337cbe5ba675248b.exe
[2025-05-26 18:47:10.048] Path: D:\new\ransomware_high_confidence\blackbasta\203d2807df6ef531efbec7bfd109986de3e23df64c01ea4e337cbe5ba675248b.exe
[2025-05-26 18:47:10.049] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\203d2807df6ef531efbec7bfd109986de3e23df64c01ea4e337cbe5ba675248b.exe
[2025-05-26 18:47:10.049] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:47:11.568] Restoring snapshot 35 done
[2025-05-26 18:47:11.568] Starting up VM
[2025-05-26 18:47:18.553] Starting up VM done
[2025-05-26 18:47:18.553] Installing kernel driver
[2025-05-26 18:47:18.553] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:47:22.240] Kernel driver installation completed
[2025-05-26 18:47:22.241] Starting GP driver service
[2025-05-26 18:47:22.241] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:47:25.401] GP driver service started
[2025-05-26 18:47:25.401] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\203d2807df6ef531efbec7bfd109986de3e23df64c01ea4e337cbe5ba675248b.exe
[2025-05-26 18:47:25.402] Malware execution started
[2025-05-26 18:47:25.402] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:48:25.410] Taking screenshot
[2025-05-26 18:48:25.472] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:48:58.085] Powering off VM done
[2025-05-26 18:49:01.085] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:49:02.497] Restoring snapshot 35 done
[2025-05-26 18:49:02.497] Kernel telemetry analysis completed in 112.4 seconds.

[2025-05-26 18:49:02.497] ✅ Analysis completed successfully!
[2025-05-26 18:49:02.497] Progress: 11.4% (160/1408)
[2025-05-26 18:49:02.497] Successful: 160, Failed: 0
[2025-05-26 18:49:02.497] Time remaining: 51.9h
[2025-05-26 18:49:02.497] Waiting 5 seconds before next sample...
[2025-05-26 18:49:07.497] SAMPLE 161/1408
[2025-05-26 18:49:07.497] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 18:49:07.497] File: 2327018dab0e3beaed2123bcb5392405ab1e502dfa72a5a32c2c164346bb9bc6.exe
[2025-05-26 18:49:07.497] Path: D:\new\ransomware_high_confidence\blackbasta\2327018dab0e3beaed2123bcb5392405ab1e502dfa72a5a32c2c164346bb9bc6.exe
[2025-05-26 18:49:07.497] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\2327018dab0e3beaed2123bcb5392405ab1e502dfa72a5a32c2c164346bb9bc6.exe
[2025-05-26 18:49:07.497] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:49:09.304] Restoring snapshot 35 done
[2025-05-26 18:49:09.304] Starting up VM
[2025-05-26 18:49:15.659] Starting up VM done
[2025-05-26 18:49:15.659] Installing kernel driver
[2025-05-26 18:49:15.659] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:49:19.390] Kernel driver installation completed
[2025-05-26 18:49:19.390] Starting GP driver service
[2025-05-26 18:49:19.390] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:49:22.543] GP driver service started
[2025-05-26 18:49:22.543] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\2327018dab0e3beaed2123bcb5392405ab1e502dfa72a5a32c2c164346bb9bc6.exe
[2025-05-26 18:49:22.543] Malware execution started
[2025-05-26 18:49:22.543] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:50:22.551] Taking screenshot
[2025-05-26 18:50:22.613] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:51:35.043] Powering off VM done
[2025-05-26 18:51:38.044] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:51:39.237] Restoring snapshot 35 done
[2025-05-26 18:51:39.237] Kernel telemetry analysis completed in 151.7 seconds.

[2025-05-26 18:51:39.237] ✅ Analysis completed successfully!
[2025-05-26 18:51:39.237] Progress: 11.4% (161/1408)
[2025-05-26 18:51:39.237] Successful: 161, Failed: 0
[2025-05-26 18:51:39.237] Time remaining: 51.9h
[2025-05-26 18:51:39.237] Waiting 5 seconds before next sample...
[2025-05-26 18:51:44.237] SAMPLE 162/1408
[2025-05-26 18:51:44.237] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 18:51:44.237] File: 350ba7fca67721c74385faff083914ecdd66ef107a765dfb7ac08b38d5c9c0bd.exe
[2025-05-26 18:51:44.237] Path: D:\new\ransomware_high_confidence\blackbasta\350ba7fca67721c74385faff083914ecdd66ef107a765dfb7ac08b38d5c9c0bd.exe
[2025-05-26 18:51:44.237] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\350ba7fca67721c74385faff083914ecdd66ef107a765dfb7ac08b38d5c9c0bd.exe
[2025-05-26 18:51:44.237] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:51:46.020] Restoring snapshot 35 done
[2025-05-26 18:51:46.021] Starting up VM
[2025-05-26 18:51:52.477] Starting up VM done
[2025-05-26 18:51:52.477] Installing kernel driver
[2025-05-26 18:51:52.477] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:51:56.762] Kernel driver installation completed
[2025-05-26 18:51:56.762] Starting GP driver service
[2025-05-26 18:51:56.762] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:51:59.923] GP driver service started
[2025-05-26 18:51:59.923] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\350ba7fca67721c74385faff083914ecdd66ef107a765dfb7ac08b38d5c9c0bd.exe
[2025-05-26 18:51:59.924] Malware execution started
[2025-05-26 18:51:59.924] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:52:59.932] Taking screenshot
[2025-05-26 18:52:59.995] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:53:20.318] Powering off VM done
[2025-05-26 18:53:23.318] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:53:24.740] Restoring snapshot 35 done
[2025-05-26 18:53:24.740] Kernel telemetry analysis completed in 100.5 seconds.

[2025-05-26 18:53:24.740] ✅ Analysis completed successfully!
[2025-05-26 18:53:24.740] Progress: 11.5% (162/1408)
[2025-05-26 18:53:24.740] Successful: 162, Failed: 0
[2025-05-26 18:53:24.740] Time remaining: 51.8h
[2025-05-26 18:53:24.740] Waiting 5 seconds before next sample...
[2025-05-26 18:53:29.740] SAMPLE 163/1408
[2025-05-26 18:53:29.740] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 18:53:29.740] File: 48976d7bf38cca4e952507e9ab27e3874ca01092eed53d0fde89c5966e9533bb.exe
[2025-05-26 18:53:29.740] Path: D:\new\ransomware_high_confidence\blackbasta\48976d7bf38cca4e952507e9ab27e3874ca01092eed53d0fde89c5966e9533bb.exe
[2025-05-26 18:53:29.741] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\48976d7bf38cca4e952507e9ab27e3874ca01092eed53d0fde89c5966e9533bb.exe
[2025-05-26 18:53:29.741] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:53:31.487] Restoring snapshot 35 done
[2025-05-26 18:53:31.487] Starting up VM
[2025-05-26 18:53:38.065] Starting up VM done
[2025-05-26 18:53:38.065] Installing kernel driver
[2025-05-26 18:53:38.065] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:53:42.550] Kernel driver installation completed
[2025-05-26 18:53:42.550] Starting GP driver service
[2025-05-26 18:53:42.550] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:53:45.705] GP driver service started
[2025-05-26 18:53:45.705] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\48976d7bf38cca4e952507e9ab27e3874ca01092eed53d0fde89c5966e9533bb.exe
[2025-05-26 18:53:45.706] Malware execution started
[2025-05-26 18:53:45.706] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:54:45.714] Taking screenshot
[2025-05-26 18:54:45.771] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:54:58.572] Powering off VM done
[2025-05-26 18:55:01.572] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:55:03.038] Restoring snapshot 35 done
[2025-05-26 18:55:03.038] Kernel telemetry analysis completed in 93.3 seconds.

[2025-05-26 18:55:03.038] ✅ Analysis completed successfully!
[2025-05-26 18:55:03.038] Progress: 11.6% (163/1408)
[2025-05-26 18:55:03.038] Successful: 163, Failed: 0
[2025-05-26 18:55:03.038] Time remaining: 51.6h
[2025-05-26 18:55:03.038] Waiting 5 seconds before next sample...
[2025-05-26 18:55:08.038] SAMPLE 164/1408
[2025-05-26 18:55:08.038] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 18:55:08.038] File: 5b6c3d277711d9f847be59b16fd08390fc07d3b27c7c6804e2170f456e9f1173.exe
[2025-05-26 18:55:08.038] Path: D:\new\ransomware_high_confidence\blackbasta\5b6c3d277711d9f847be59b16fd08390fc07d3b27c7c6804e2170f456e9f1173.exe
[2025-05-26 18:55:08.038] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\5b6c3d277711d9f847be59b16fd08390fc07d3b27c7c6804e2170f456e9f1173.exe
[2025-05-26 18:55:08.038] Malware execu

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:55:09.925] Restoring snapshot 35 done
[2025-05-26 18:55:09.925] Starting up VM
[2025-05-26 18:55:17.056] Starting up VM done
[2025-05-26 18:55:17.056] Installing kernel driver
[2025-05-26 18:55:17.056] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:55:21.015] Kernel driver installation completed
[2025-05-26 18:55:21.015] Starting GP driver service
[2025-05-26 18:55:21.015] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:55:24.172] GP driver service started
[2025-05-26 18:55:24.172] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\5b6c3d277711d9f847be59b16fd08390fc07d3b27c7c6804e2170f456e9f1173.exe
[2025-05-26 18:55:24.173] Malware execution started
[2025-05-26 18:55:24.173] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:56:24.181] Taking screenshot
[2025-05-26 18:56:24.247] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:57:35.494] Powering off VM done
[2025-05-26 18:57:38.494] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:57:39.836] Restoring snapshot 35 done
[2025-05-26 18:57:39.836] Kernel telemetry analysis completed in 151.8 seconds.

[2025-05-26 18:57:39.836] ✅ Analysis completed successfully!
[2025-05-26 18:57:39.836] Progress: 11.6% (164/1408)
[2025-05-26 18:57:39.836] Successful: 164, Failed: 0
[2025-05-26 18:57:39.836] Time remaining: 51.6h
[2025-05-26 18:57:39.837] Waiting 5 seconds before next sample...
[2025-05-26 18:57:44.837] SAMPLE 165/1408
[2025-05-26 18:57:44.837] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 18:57:44.837] File: 5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa.exe
[2025-05-26 18:57:44.837] Path: D:\new\ransomware_high_confidence\blackbasta\5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa.exe
[2025-05-26 18:57:44.837] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa.exe
[2025-05-26 18:57:44.837] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:57:46.356] Restoring snapshot 35 done
[2025-05-26 18:57:46.357] Starting up VM
[2025-05-26 18:57:52.310] Starting up VM done
[2025-05-26 18:57:52.311] Installing kernel driver
[2025-05-26 18:57:52.311] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:57:56.407] Kernel driver installation completed
[2025-05-26 18:57:56.407] Starting GP driver service
[2025-05-26 18:57:56.407] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:57:59.556] GP driver service started
[2025-05-26 18:57:59.556] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa.exe
[2025-05-26 18:57:59.556] Malware execution started
[2025-05-26 18:57:59.556] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 18:58:59.565] Taking screenshot
[2025-05-26 18:58:59.687] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:59:13.105] Powering off VM done
[2025-05-26 18:59:16.105] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:59:17.392] Restoring snapshot 35 done
[2025-05-26 18:59:17.392] Kernel telemetry analysis completed in 92.6 seconds.

[2025-05-26 18:59:17.392] ✅ Analysis completed successfully!
[2025-05-26 18:59:17.392] Progress: 11.7% (165/1408)
[2025-05-26 18:59:17.392] Successful: 165, Failed: 0
[2025-05-26 18:59:17.392] Time remaining: 51.5h
[2025-05-26 18:59:17.392] Waiting 5 seconds before next sample...
[2025-05-26 18:59:22.392] SAMPLE 166/1408
[2025-05-26 18:59:22.392] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 18:59:22.392] File: 653da5127b0ecbc5c373ce510c0d5191f61f2df912c9b6f4989aa3775933bc33.exe
[2025-05-26 18:59:22.392] Path: D:\new\ransomware_high_confidence\blackbasta\653da5127b0ecbc5c373ce510c0d5191f61f2df912c9b6f4989aa3775933bc33.exe
[2025-05-26 18:59:22.392] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\653da5127b0ecbc5c373ce510c0d5191f61f2df912c9b6f4989aa3775933bc33.exe
[2025-05-26 18:59:22.392] Malware execu

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 18:59:23.881] Restoring snapshot 35 done
[2025-05-26 18:59:23.881] Starting up VM
[2025-05-26 18:59:30.198] Starting up VM done
[2025-05-26 18:59:30.198] Installing kernel driver
[2025-05-26 18:59:30.198] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 18:59:33.944] Kernel driver installation completed
[2025-05-26 18:59:33.944] Starting GP driver service
[2025-05-26 18:59:33.944] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 18:59:37.095] GP driver service started
[2025-05-26 18:59:37.095] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\653da5127b0ecbc5c373ce510c0d5191f61f2df912c9b6f4989aa3775933bc33.exe
[2025-05-26 18:59:37.096] Malware execution started
[2025-05-26 18:59:37.096] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:00:37.104] Taking screenshot
[2025-05-26 19:00:37.167] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:01:32.944] Powering off VM done
[2025-05-26 19:01:35.945] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:01:37.917] Restoring snapshot 35 done
[2025-05-26 19:01:37.917] Kernel telemetry analysis completed in 135.5 seconds.

[2025-05-26 19:01:37.917] ✅ Analysis completed successfully!
[2025-05-26 19:01:37.917] Progress: 11.8% (166/1408)
[2025-05-26 19:01:37.917] Successful: 166, Failed: 0
[2025-05-26 19:01:37.917] Time remaining: 51.4h
[2025-05-26 19:01:37.917] Waiting 5 seconds before next sample...
[2025-05-26 19:01:42.917] SAMPLE 167/1408
[2025-05-26 19:01:42.917] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:01:42.917] File: 699aaea1598a034cde7ed88cd8a8a36fd59447e09bddef566357061774c48a76.exe
[2025-05-26 19:01:42.917] Path: D:\new\ransomware_high_confidence\blackbasta\699aaea1598a034cde7ed88cd8a8a36fd59447e09bddef566357061774c48a76.exe
[2025-05-26 19:01:42.917] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\699aaea1598a034cde7ed88cd8a8a36fd59447e09bddef566357061774c48a76.exe
[2025-05-26 19:01:42.917] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:01:44.468] Restoring snapshot 35 done
[2025-05-26 19:01:44.468] Starting up VM
[2025-05-26 19:01:51.353] Starting up VM done
[2025-05-26 19:01:51.353] Installing kernel driver
[2025-05-26 19:01:51.353] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:01:55.219] Kernel driver installation completed
[2025-05-26 19:01:55.219] Starting GP driver service
[2025-05-26 19:01:55.219] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:01:58.374] GP driver service started
[2025-05-26 19:01:58.374] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\699aaea1598a034cde7ed88cd8a8a36fd59447e09bddef566357061774c48a76.exe
[2025-05-26 19:01:58.375] Malware execution started
[2025-05-26 19:01:58.375] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:02:58.383] Taking screenshot
[2025-05-26 19:02:58.441] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:03:10.882] Powering off VM done
[2025-05-26 19:03:13.882] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:03:14.907] Restoring snapshot 35 done
[2025-05-26 19:03:14.907] Kernel telemetry analysis completed in 92.0 seconds.

[2025-05-26 19:03:14.907] ✅ Analysis completed successfully!
[2025-05-26 19:03:14.907] Progress: 11.9% (167/1408)
[2025-05-26 19:03:14.907] Successful: 167, Failed: 0
[2025-05-26 19:03:14.907] Time remaining: 51.2h
[2025-05-26 19:03:14.907] Waiting 5 seconds before next sample...
[2025-05-26 19:03:19.907] SAMPLE 168/1408
[2025-05-26 19:03:19.907] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:03:19.907] File: 7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a.exe
[2025-05-26 19:03:19.907] Path: D:\new\ransomware_high_confidence\blackbasta\7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a.exe
[2025-05-26 19:03:19.908] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a.exe
[2025-05-26 19:03:19.908] Malware execu

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:03:21.606] Restoring snapshot 35 done
[2025-05-26 19:03:21.606] Starting up VM
[2025-05-26 19:03:27.549] Starting up VM done
[2025-05-26 19:03:27.549] Installing kernel driver
[2025-05-26 19:03:27.549] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:03:32.150] Kernel driver installation completed
[2025-05-26 19:03:32.151] Starting GP driver service
[2025-05-26 19:03:32.151] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:03:35.302] GP driver service started
[2025-05-26 19:03:35.303] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a.exe
[2025-05-26 19:03:35.303] Malware execution started
[2025-05-26 19:03:35.303] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:04:35.311] Taking screenshot
[2025-05-26 19:04:35.371] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:05:41.414] Powering off VM done
[2025-05-26 19:05:44.414] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:05:45.419] Restoring snapshot 35 done
[2025-05-26 19:05:45.419] Kernel telemetry analysis completed in 145.5 seconds.

[2025-05-26 19:05:45.419] ✅ Analysis completed successfully!
[2025-05-26 19:05:45.419] Progress: 11.9% (168/1408)
[2025-05-26 19:05:45.419] Successful: 168, Failed: 0
[2025-05-26 19:05:45.419] Time remaining: 51.2h
[2025-05-26 19:05:45.419] Waiting 5 seconds before next sample...
[2025-05-26 19:05:50.420] SAMPLE 169/1408
[2025-05-26 19:05:50.420] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:05:50.420] File: 81515e1c72fadae2c4bb15883e0c1d8979b49fd52d8c65ca03e05a75ca6683c9.exe
[2025-05-26 19:05:50.420] Path: D:\new\ransomware_high_confidence\blackbasta\81515e1c72fadae2c4bb15883e0c1d8979b49fd52d8c65ca03e05a75ca6683c9.exe
[2025-05-26 19:05:50.420] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\81515e1c72fadae2c4bb15883e0c1d8979b49fd52d8c65ca03e05a75ca6683c9.exe
[2025-05-26 19:05:50.420] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:05:52.561] Restoring snapshot 35 done
[2025-05-26 19:05:52.561] Starting up VM
[2025-05-26 19:05:58.584] Starting up VM done
[2025-05-26 19:05:58.584] Installing kernel driver
[2025-05-26 19:05:58.584] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:06:02.844] Kernel driver installation completed
[2025-05-26 19:06:02.845] Starting GP driver service
[2025-05-26 19:06:02.845] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:06:06.017] GP driver service started
[2025-05-26 19:06:06.018] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\81515e1c72fadae2c4bb15883e0c1d8979b49fd52d8c65ca03e05a75ca6683c9.exe
[2025-05-26 19:06:06.018] Malware execution started
[2025-05-26 19:06:06.018] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:07:06.026] Taking screenshot
[2025-05-26 19:07:06.089] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:08:47.613] Powering off VM done
[2025-05-26 19:08:50.613] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:08:51.799] Restoring snapshot 35 done
[2025-05-26 19:08:51.799] Kernel telemetry analysis completed in 181.4 seconds.

[2025-05-26 19:08:51.799] ✅ Analysis completed successfully!
[2025-05-26 19:08:51.799] Progress: 12.0% (169/1408)
[2025-05-26 19:08:51.799] Successful: 169, Failed: 0
[2025-05-26 19:08:51.799] Time remaining: 51.2h
[2025-05-26 19:08:51.799] Waiting 5 seconds before next sample...
[2025-05-26 19:08:56.799] SAMPLE 170/1408
[2025-05-26 19:08:56.799] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:08:56.799] File: 856b5dc509c17f5be68186b6a8ab272fc0dd12000c978548d8488ee997b015e5.exe
[2025-05-26 19:08:56.799] Path: D:\new\ransomware_high_confidence\blackbasta\856b5dc509c17f5be68186b6a8ab272fc0dd12000c978548d8488ee997b015e5.exe
[2025-05-26 19:08:56.799] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\856b5dc509c17f5be68186b6a8ab272fc0dd12000c978548d8488ee997b015e5.exe
[2025-05-26 19:08:56.799] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:08:58.476] Restoring snapshot 35 done
[2025-05-26 19:08:58.476] Starting up VM
[2025-05-26 19:09:04.625] Starting up VM done
[2025-05-26 19:09:04.625] Installing kernel driver
[2025-05-26 19:09:04.625] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:09:09.025] Kernel driver installation completed
[2025-05-26 19:09:09.025] Starting GP driver service
[2025-05-26 19:09:09.025] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:09:12.175] GP driver service started
[2025-05-26 19:09:12.176] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\856b5dc509c17f5be68186b6a8ab272fc0dd12000c978548d8488ee997b015e5.exe
[2025-05-26 19:09:12.176] Malware execution started
[2025-05-26 19:09:12.176] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:10:12.184] Taking screenshot
[2025-05-26 19:10:12.245] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:11:12.697] Powering off VM done
[2025-05-26 19:11:15.697] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:11:17.160] Restoring snapshot 35 done
[2025-05-26 19:11:17.160] Kernel telemetry analysis completed in 140.4 seconds.

[2025-05-26 19:11:17.160] ✅ Analysis completed successfully!
[2025-05-26 19:11:17.160] Progress: 12.1% (170/1408)
[2025-05-26 19:11:17.160] Successful: 170, Failed: 0
[2025-05-26 19:11:17.160] Time remaining: 51.2h
[2025-05-26 19:11:17.160] Waiting 5 seconds before next sample...
[2025-05-26 19:11:22.160] SAMPLE 171/1408
[2025-05-26 19:11:22.160] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:11:22.160] File: 9a55f55886285eef7ffabdd55c0232d1458175b1d868c03d3e304ce7d98980bc.exe
[2025-05-26 19:11:22.160] Path: D:\new\ransomware_high_confidence\blackbasta\9a55f55886285eef7ffabdd55c0232d1458175b1d868c03d3e304ce7d98980bc.exe
[2025-05-26 19:11:22.160] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\9a55f55886285eef7ffabdd55c0232d1458175b1d868c03d3e304ce7d98980bc.exe
[2025-05-26 19:11:22.160] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:11:23.864] Restoring snapshot 35 done
[2025-05-26 19:11:23.864] Starting up VM
[2025-05-26 19:11:29.936] Starting up VM done
[2025-05-26 19:11:29.936] Installing kernel driver
[2025-05-26 19:11:29.936] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:11:33.691] Kernel driver installation completed
[2025-05-26 19:11:33.691] Starting GP driver service
[2025-05-26 19:11:33.691] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:11:36.851] GP driver service started
[2025-05-26 19:11:36.851] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\9a55f55886285eef7ffabdd55c0232d1458175b1d868c03d3e304ce7d98980bc.exe
[2025-05-26 19:11:36.852] Malware execution started
[2025-05-26 19:11:36.852] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:12:36.860] Taking screenshot
[2025-05-26 19:12:36.920] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:13:45.797] Powering off VM done
[2025-05-26 19:13:48.798] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:13:50.218] Restoring snapshot 35 done
[2025-05-26 19:13:50.218] Kernel telemetry analysis completed in 148.1 seconds.

[2025-05-26 19:13:50.218] ✅ Analysis completed successfully!
[2025-05-26 19:13:50.218] Progress: 12.1% (171/1408)
[2025-05-26 19:13:50.218] Successful: 171, Failed: 0
[2025-05-26 19:13:50.218] Time remaining: 51.2h
[2025-05-26 19:13:50.218] Waiting 5 seconds before next sample...
[2025-05-26 19:13:55.218] SAMPLE 172/1408
[2025-05-26 19:13:55.218] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:13:55.218] File: 9b57d94b33cd712bf409e0128f26a75d2d9746ef65012ce6cd72caf47650d2a6.exe
[2025-05-26 19:13:55.218] Path: D:\new\ransomware_high_confidence\blackbasta\9b57d94b33cd712bf409e0128f26a75d2d9746ef65012ce6cd72caf47650d2a6.exe
[2025-05-26 19:13:55.218] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\9b57d94b33cd712bf409e0128f26a75d2d9746ef65012ce6cd72caf47650d2a6.exe
[2025-05-26 19:13:55.218] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:13:56.869] Restoring snapshot 35 done
[2025-05-26 19:13:56.869] Starting up VM
[2025-05-26 19:14:02.801] Starting up VM done
[2025-05-26 19:14:02.801] Installing kernel driver
[2025-05-26 19:14:02.801] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:14:07.346] Kernel driver installation completed
[2025-05-26 19:14:07.346] Starting GP driver service
[2025-05-26 19:14:07.346] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:14:10.495] GP driver service started
[2025-05-26 19:14:10.495] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\9b57d94b33cd712bf409e0128f26a75d2d9746ef65012ce6cd72caf47650d2a6.exe
[2025-05-26 19:14:10.496] Malware execution started
[2025-05-26 19:14:10.496] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:15:10.504] Taking screenshot
[2025-05-26 19:15:10.566] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:16:42.769] Powering off VM done
[2025-05-26 19:16:45.770] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:16:47.132] Restoring snapshot 35 done
[2025-05-26 19:16:47.132] Kernel telemetry analysis completed in 171.9 seconds.

[2025-05-26 19:16:47.132] ✅ Analysis completed successfully!
[2025-05-26 19:16:47.132] Progress: 12.2% (172/1408)
[2025-05-26 19:16:47.132] Successful: 172, Failed: 0
[2025-05-26 19:16:47.132] Time remaining: 51.2h
[2025-05-26 19:16:47.132] Waiting 5 seconds before next sample...
[2025-05-26 19:16:52.133] SAMPLE 173/1408
[2025-05-26 19:16:52.133] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:16:52.133] File: 9bbe6414ce22cb5e19f294004cb5cdbc883479d99629ddcdb5b70e9806306e42.exe
[2025-05-26 19:16:52.133] Path: D:\new\ransomware_high_confidence\blackbasta\9bbe6414ce22cb5e19f294004cb5cdbc883479d99629ddcdb5b70e9806306e42.exe
[2025-05-26 19:16:52.133] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\9bbe6414ce22cb5e19f294004cb5cdbc883479d99629ddcdb5b70e9806306e42.exe
[2025-05-26 19:16:52.133] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:16:53.928] Restoring snapshot 35 done
[2025-05-26 19:16:53.928] Starting up VM
[2025-05-26 19:16:59.994] Starting up VM done
[2025-05-26 19:16:59.994] Installing kernel driver
[2025-05-26 19:16:59.994] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:17:04.100] Kernel driver installation completed
[2025-05-26 19:17:04.101] Starting GP driver service
[2025-05-26 19:17:04.101] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:17:07.259] GP driver service started
[2025-05-26 19:17:07.259] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\9bbe6414ce22cb5e19f294004cb5cdbc883479d99629ddcdb5b70e9806306e42.exe
[2025-05-26 19:17:07.259] Malware execution started
[2025-05-26 19:17:07.259] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:18:07.268] Taking screenshot
[2025-05-26 19:18:07.326] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:18:49.789] Powering off VM done
[2025-05-26 19:18:52.789] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:18:54.109] Restoring snapshot 35 done
[2025-05-26 19:18:54.109] Kernel telemetry analysis completed in 122.0 seconds.

[2025-05-26 19:18:54.109] ✅ Analysis completed successfully!
[2025-05-26 19:18:54.109] Progress: 12.3% (173/1408)
[2025-05-26 19:18:54.109] Successful: 173, Failed: 0
[2025-05-26 19:18:54.109] Time remaining: 51.1h
[2025-05-26 19:18:54.109] Waiting 5 seconds before next sample...
[2025-05-26 19:18:59.109] SAMPLE 174/1408
[2025-05-26 19:18:59.109] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:18:59.109] File: 9fce9ee85516533bae34fc1184a7cf31fa9f2c7889b13774f83d1df561708833.exe
[2025-05-26 19:18:59.109] Path: D:\new\ransomware_high_confidence\blackbasta\9fce9ee85516533bae34fc1184a7cf31fa9f2c7889b13774f83d1df561708833.exe
[2025-05-26 19:18:59.109] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\9fce9ee85516533bae34fc1184a7cf31fa9f2c7889b13774f83d1df561708833.exe
[2025-05-26 19:18:59.109] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:19:01.130] Restoring snapshot 35 done
[2025-05-26 19:19:01.130] Starting up VM
[2025-05-26 19:19:07.685] Starting up VM done
[2025-05-26 19:19:07.685] Installing kernel driver
[2025-05-26 19:19:07.685] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:19:12.065] Kernel driver installation completed
[2025-05-26 19:19:12.065] Starting GP driver service
[2025-05-26 19:19:12.065] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:19:15.226] GP driver service started
[2025-05-26 19:19:15.226] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\9fce9ee85516533bae34fc1184a7cf31fa9f2c7889b13774f83d1df561708833.exe
[2025-05-26 19:19:15.226] Malware execution started
[2025-05-26 19:19:15.226] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:20:15.235] Taking screenshot
[2025-05-26 19:20:15.296] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:20:32.063] Powering off VM done
[2025-05-26 19:20:35.064] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:20:36.618] Restoring snapshot 35 done
[2025-05-26 19:20:36.618] Kernel telemetry analysis completed in 97.5 seconds.

[2025-05-26 19:20:36.618] ✅ Analysis completed successfully!
[2025-05-26 19:20:36.618] Progress: 12.4% (174/1408)
[2025-05-26 19:20:36.618] Successful: 174, Failed: 0
[2025-05-26 19:20:36.618] Time remaining: 51.0h
[2025-05-26 19:20:36.618] Waiting 5 seconds before next sample...
[2025-05-26 19:20:41.618] SAMPLE 175/1408
[2025-05-26 19:20:41.618] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:20:41.619] File: a083060d38984e7c6f36dcd2c57ec1aa3f50f9c201c8538257c8cbf2b3217e96.exe
[2025-05-26 19:20:41.619] Path: D:\new\ransomware_high_confidence\blackbasta\a083060d38984e7c6f36dcd2c57ec1aa3f50f9c201c8538257c8cbf2b3217e96.exe
[2025-05-26 19:20:41.619] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\a083060d38984e7c6f36dcd2c57ec1aa3f50f9c201c8538257c8cbf2b3217e96.exe
[2025-05-26 19:20:41.619] Malware execu

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:20:43.469] Restoring snapshot 35 done
[2025-05-26 19:20:43.469] Starting up VM
[2025-05-26 19:20:49.386] Starting up VM done
[2025-05-26 19:20:49.386] Installing kernel driver
[2025-05-26 19:20:49.386] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:20:53.510] Kernel driver installation completed
[2025-05-26 19:20:53.510] Starting GP driver service
[2025-05-26 19:20:53.510] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:20:56.665] GP driver service started
[2025-05-26 19:20:56.666] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\a083060d38984e7c6f36dcd2c57ec1aa3f50f9c201c8538257c8cbf2b3217e96.exe
[2025-05-26 19:20:56.666] Malware execution started
[2025-05-26 19:20:56.666] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:21:56.674] Taking screenshot
[2025-05-26 19:21:56.740] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:23:18.670] Powering off VM done
[2025-05-26 19:23:21.670] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:23:23.018] Restoring snapshot 35 done
[2025-05-26 19:23:23.018] Kernel telemetry analysis completed in 161.4 seconds.

[2025-05-26 19:23:23.018] ✅ Analysis completed successfully!
[2025-05-26 19:23:23.018] Progress: 12.4% (175/1408)
[2025-05-26 19:23:23.018] Successful: 175, Failed: 0
[2025-05-26 19:23:23.018] Time remaining: 51.0h
[2025-05-26 19:23:23.018] Waiting 5 seconds before next sample...
[2025-05-26 19:23:28.018] SAMPLE 176/1408
[2025-05-26 19:23:28.018] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:23:28.018] File: a9503a3d998e705c37d3bec7fea0ff188bcf7e753833c8b4b195e590c4ed9625.exe
[2025-05-26 19:23:28.018] Path: D:\new\ransomware_high_confidence\blackbasta\a9503a3d998e705c37d3bec7fea0ff188bcf7e753833c8b4b195e590c4ed9625.exe
[2025-05-26 19:23:28.019] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\a9503a3d998e705c37d3bec7fea0ff188bcf7e753833c8b4b195e590c4ed9625.exe
[2025-05-26 19:23:28.019] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:23:30.067] Restoring snapshot 35 done
[2025-05-26 19:23:30.067] Starting up VM
[2025-05-26 19:23:36.197] Starting up VM done
[2025-05-26 19:23:36.197] Installing kernel driver
[2025-05-26 19:23:36.197] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:23:40.562] Kernel driver installation completed
[2025-05-26 19:23:40.562] Starting GP driver service
[2025-05-26 19:23:40.562] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:23:43.720] GP driver service started
[2025-05-26 19:23:43.720] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\a9503a3d998e705c37d3bec7fea0ff188bcf7e753833c8b4b195e590c4ed9625.exe
[2025-05-26 19:23:43.721] Malware execution started
[2025-05-26 19:23:43.721] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:24:43.729] Taking screenshot
[2025-05-26 19:24:43.791] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:25:46.537] Powering off VM done
[2025-05-26 19:25:49.538] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:25:50.909] Restoring snapshot 35 done
[2025-05-26 19:25:50.909] Kernel telemetry analysis completed in 142.9 seconds.

[2025-05-26 19:25:50.909] ✅ Analysis completed successfully!
[2025-05-26 19:25:50.909] Progress: 12.5% (176/1408)
[2025-05-26 19:25:50.909] Successful: 176, Failed: 0
[2025-05-26 19:25:50.909] Time remaining: 50.9h
[2025-05-26 19:25:50.909] Waiting 5 seconds before next sample...
[2025-05-26 19:25:55.909] SAMPLE 177/1408
[2025-05-26 19:25:55.909] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:25:55.909] File: aa7ef4bb8d0eab74af36162fe42056008d7e19e62ff1b50b870e72140a7b5bd2.exe
[2025-05-26 19:25:55.909] Path: D:\new\ransomware_high_confidence\blackbasta\aa7ef4bb8d0eab74af36162fe42056008d7e19e62ff1b50b870e72140a7b5bd2.exe
[2025-05-26 19:25:55.910] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\aa7ef4bb8d0eab74af36162fe42056008d7e19e62ff1b50b870e72140a7b5bd2.exe
[2025-05-26 19:25:55.910] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:25:57.451] Restoring snapshot 35 done
[2025-05-26 19:25:57.451] Starting up VM
[2025-05-26 19:26:04.637] Starting up VM done
[2025-05-26 19:26:04.637] Installing kernel driver
[2025-05-26 19:26:04.637] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:26:09.551] Kernel driver installation completed
[2025-05-26 19:26:09.551] Starting GP driver service
[2025-05-26 19:26:09.551] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:26:12.703] GP driver service started
[2025-05-26 19:26:12.703] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\aa7ef4bb8d0eab74af36162fe42056008d7e19e62ff1b50b870e72140a7b5bd2.exe
[2025-05-26 19:26:12.703] Malware execution started
[2025-05-26 19:26:12.703] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:27:12.711] Taking screenshot
[2025-05-26 19:27:12.774] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:27:30.364] Powering off VM done
[2025-05-26 19:27:33.364] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:27:35.096] Restoring snapshot 35 done
[2025-05-26 19:27:35.096] Kernel telemetry analysis completed in 99.2 seconds.

[2025-05-26 19:27:35.096] ✅ Analysis completed successfully!
[2025-05-26 19:27:35.096] Progress: 12.6% (177/1408)
[2025-05-26 19:27:35.096] Successful: 177, Failed: 0
[2025-05-26 19:27:35.096] Time remaining: 50.8h
[2025-05-26 19:27:35.096] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-26 19:27:40.096] SAMPLE 178/1408
[2025-05-26 19:27:40.096] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:27:40.096] File: ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e.exe
[2025-05-26 19:27:40.096] Path: D:\new\ransomware_high_confidence\blackbasta\ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e.exe
[2025-05-26 19:27:40.096] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e.exe
[2025-05-26 19:27:40.096] Malware execution time: 60 seconds
[2025-05-26 19:27:40.096] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:27:41.710] Restoring snapshot 35 done
[2025-05-26 19:27:41.710] Starting up VM
[2025-05-26 19:27:47.956] Starting up VM done
[2025-05-26 19:27:47.956] Installing kernel driver
[2025-05-26 19:27:47.956] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:27:52.244] Kernel driver installation completed
[2025-05-26 19:27:52.244] Starting GP driver service
[2025-05-26 19:27:52.244] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:27:55.402] GP driver service started
[2025-05-26 19:27:55.402] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e.exe
[2025-05-26 19:27:55.402] Malware execution started
[2025-05-26 19:27:55.402] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:28:55.411] Taking screenshot
[2025-05-26 19:28:55.473] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:31:06.953] Powering off VM done
[2025-05-26 19:31:09.953] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:31:11.200] Restoring snapshot 35 done
[2025-05-26 19:31:11.200] Kernel telemetry analysis completed in 211.1 seconds.

[2025-05-26 19:31:11.200] ✅ Analysis completed successfully!
[2025-05-26 19:31:11.200] Progress: 12.6% (178/1408)
[2025-05-26 19:31:11.200] Successful: 178, Failed: 0
[2025-05-26 19:31:11.200] Time remaining: 50.9h
[2025-05-26 19:31:11.200] Waiting 5 seconds before next sample...
[2025-05-26 19:31:16.200] SAMPLE 179/1408
[2025-05-26 19:31:16.200] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:31:16.200] File: affcb453760dbc48b39f8d4defbcc4fc65d00df6fae395ee27f031c1833abada.exe
[2025-05-26 19:31:16.200] Path: D:\new\ransomware_high_confidence\blackbasta\affcb453760dbc48b39f8d4defbcc4fc65d00df6fae395ee27f031c1833abada.exe
[2025-05-26 19:31:16.200] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\affcb453760dbc48b39f8d4defbcc4fc65d00df6fae395ee27f031c1833abada.exe
[2025-05-26 19:31:16.200] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:31:18.047] Restoring snapshot 35 done
[2025-05-26 19:31:18.047] Starting up VM
[2025-05-26 19:31:24.513] Starting up VM done
[2025-05-26 19:31:24.513] Installing kernel driver
[2025-05-26 19:31:24.513] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:31:28.617] Kernel driver installation completed
[2025-05-26 19:31:28.617] Starting GP driver service
[2025-05-26 19:31:28.617] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:31:31.776] GP driver service started
[2025-05-26 19:31:31.776] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\affcb453760dbc48b39f8d4defbcc4fc65d00df6fae395ee27f031c1833abada.exe
[2025-05-26 19:31:31.777] Malware execution started
[2025-05-26 19:31:31.777] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:32:31.785] Taking screenshot
[2025-05-26 19:32:31.846] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:33:31.228] Powering off VM done
[2025-05-26 19:33:34.228] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:33:35.272] Restoring snapshot 35 done
[2025-05-26 19:33:35.272] Kernel telemetry analysis completed in 139.1 seconds.

[2025-05-26 19:33:35.272] ✅ Analysis completed successfully!
[2025-05-26 19:33:35.272] Progress: 12.7% (179/1408)
[2025-05-26 19:33:35.272] Successful: 179, Failed: 0
[2025-05-26 19:33:35.272] Time remaining: 50.8h
[2025-05-26 19:33:35.273] Waiting 5 seconds before next sample...
[2025-05-26 19:33:40.273] SAMPLE 180/1408
[2025-05-26 19:33:40.273] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:33:40.273] File: c4c8be0c939e4c24e11bad90549e3951b7969e78056d819425ca53e87af8d8ed.exe
[2025-05-26 19:33:40.273] Path: D:\new\ransomware_high_confidence\blackbasta\c4c8be0c939e4c24e11bad90549e3951b7969e78056d819425ca53e87af8d8ed.exe
[2025-05-26 19:33:40.273] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\c4c8be0c939e4c24e11bad90549e3951b7969e78056d819425ca53e87af8d8ed.exe
[2025-05-26 19:33:40.273] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:33:41.929] Restoring snapshot 35 done
[2025-05-26 19:33:41.929] Starting up VM
[2025-05-26 19:33:48.107] Starting up VM done
[2025-05-26 19:33:48.107] Installing kernel driver
[2025-05-26 19:33:48.107] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:33:52.277] Kernel driver installation completed
[2025-05-26 19:33:52.277] Starting GP driver service
[2025-05-26 19:33:52.277] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:33:55.434] GP driver service started
[2025-05-26 19:33:55.434] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\c4c8be0c939e4c24e11bad90549e3951b7969e78056d819425ca53e87af8d8ed.exe
[2025-05-26 19:33:55.434] Malware execution started
[2025-05-26 19:33:55.435] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:34:55.442] Taking screenshot
[2025-05-26 19:34:55.505] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:35:13.719] Powering off VM done
[2025-05-26 19:35:16.719] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:35:18.329] Restoring snapshot 35 done
[2025-05-26 19:35:18.330] Kernel telemetry analysis completed in 98.1 seconds.

[2025-05-26 19:35:18.330] ✅ Analysis completed successfully!
[2025-05-26 19:35:18.330] Progress: 12.8% (180/1408)
[2025-05-26 19:35:18.330] Successful: 180, Failed: 0
[2025-05-26 19:35:18.330] Time remaining: 50.7h
[2025-05-26 19:35:18.330] Waiting 5 seconds before next sample...
[2025-05-26 19:35:23.330] SAMPLE 181/1408
[2025-05-26 19:35:23.330] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:35:23.330] File: c532d28f9700abba1a4803c3a9d886c8c4fb26f84cf2399c533d68cfdcec4fa7.exe
[2025-05-26 19:35:23.330] Path: D:\new\ransomware_high_confidence\blackbasta\c532d28f9700abba1a4803c3a9d886c8c4fb26f84cf2399c533d68cfdcec4fa7.exe
[2025-05-26 19:35:23.330] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\c532d28f9700abba1a4803c3a9d886c8c4fb26f84cf2399c533d68cfdcec4fa7.exe
[2025-05-26 19:35:23.330] Malware execu

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:35:25.434] Restoring snapshot 35 done
[2025-05-26 19:35:25.434] Starting up VM
[2025-05-26 19:35:31.966] Starting up VM done
[2025-05-26 19:35:31.966] Installing kernel driver
[2025-05-26 19:35:31.966] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:35:36.105] Kernel driver installation completed
[2025-05-26 19:35:36.105] Starting GP driver service
[2025-05-26 19:35:36.105] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:35:39.255] GP driver service started
[2025-05-26 19:35:39.255] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\c532d28f9700abba1a4803c3a9d886c8c4fb26f84cf2399c533d68cfdcec4fa7.exe
[2025-05-26 19:35:39.255] Malware execution started
[2025-05-26 19:35:39.255] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:36:39.264] Taking screenshot
[2025-05-26 19:36:39.325] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:38:04.192] Powering off VM done
[2025-05-26 19:38:07.193] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:38:08.218] Restoring snapshot 35 done
[2025-05-26 19:38:08.218] Kernel telemetry analysis completed in 164.9 seconds.

[2025-05-26 19:38:08.218] ✅ Analysis completed successfully!
[2025-05-26 19:38:08.218] Progress: 12.9% (181/1408)
[2025-05-26 19:38:08.218] Successful: 181, Failed: 0
[2025-05-26 19:38:08.218] Time remaining: 50.7h
[2025-05-26 19:38:08.218] Waiting 5 seconds before next sample...
[2025-05-26 19:38:13.218] SAMPLE 182/1408
[2025-05-26 19:38:13.218] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:38:13.218] File: cb6e26c2ab8dc2148d4f3f3102d1c257b2f22aba749463c04b1a420742eb92bc.exe
[2025-05-26 19:38:13.218] Path: D:\new\ransomware_high_confidence\blackbasta\cb6e26c2ab8dc2148d4f3f3102d1c257b2f22aba749463c04b1a420742eb92bc.exe
[2025-05-26 19:38:13.218] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\cb6e26c2ab8dc2148d4f3f3102d1c257b2f22aba749463c04b1a420742eb92bc.exe
[2025-05-26 19:38:13.218] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:38:14.844] Restoring snapshot 35 done
[2025-05-26 19:38:14.844] Starting up VM
[2025-05-26 19:38:20.922] Starting up VM done
[2025-05-26 19:38:20.922] Installing kernel driver
[2025-05-26 19:38:20.922] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:38:25.159] Kernel driver installation completed
[2025-05-26 19:38:25.159] Starting GP driver service
[2025-05-26 19:38:25.159] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:38:28.309] GP driver service started
[2025-05-26 19:38:28.309] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\cb6e26c2ab8dc2148d4f3f3102d1c257b2f22aba749463c04b1a420742eb92bc.exe
[2025-05-26 19:38:28.310] Malware execution started
[2025-05-26 19:38:28.310] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:39:28.318] Taking screenshot
[2025-05-26 19:39:28.383] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:39:46.507] Powering off VM done
[2025-05-26 19:39:49.508] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:39:51.266] Restoring snapshot 35 done
[2025-05-26 19:39:51.266] Kernel telemetry analysis completed in 98.0 seconds.

[2025-05-26 19:39:51.266] ✅ Analysis completed successfully!
[2025-05-26 19:39:51.266] Progress: 12.9% (182/1408)
[2025-05-26 19:39:51.266] Successful: 182, Failed: 0
[2025-05-26 19:39:51.266] Time remaining: 50.6h
[2025-05-26 19:39:51.266] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-26 19:39:56.267] SAMPLE 183/1408
[2025-05-26 19:39:56.267] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:39:56.267] File: cce74c82a718be7484abf7c51011793f2717cfb2068c92aa35416a93cbd13cfa.exe
[2025-05-26 19:39:56.267] Path: D:\new\ransomware_high_confidence\blackbasta\cce74c82a718be7484abf7c51011793f2717cfb2068c92aa35416a93cbd13cfa.exe
[2025-05-26 19:39:56.267] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\cce74c82a718be7484abf7c51011793f2717cfb2068c92aa35416a93cbd13cfa.exe
[2025-05-26 19:39:56.267] Malware execution time: 60 seconds
[2025-05-26 19:39:56.267] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:39:57.968] Restoring snapshot 35 done
[2025-05-26 19:39:57.968] Starting up VM
[2025-05-26 19:40:03.846] Starting up VM done
[2025-05-26 19:40:03.846] Installing kernel driver
[2025-05-26 19:40:03.846] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:40:07.660] Kernel driver installation completed
[2025-05-26 19:40:07.660] Starting GP driver service
[2025-05-26 19:40:07.660] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:40:10.813] GP driver service started
[2025-05-26 19:40:10.813] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\cce74c82a718be7484abf7c51011793f2717cfb2068c92aa35416a93cbd13cfa.exe
[2025-05-26 19:40:10.813] Malware execution started
[2025-05-26 19:40:10.813] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:41:10.822] Taking screenshot
[2025-05-26 19:41:10.883] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:42:46.166] Powering off VM done
[2025-05-26 19:42:49.166] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:42:50.456] Restoring snapshot 35 done
[2025-05-26 19:42:50.456] Kernel telemetry analysis completed in 174.2 seconds.

[2025-05-26 19:42:50.456] ✅ Analysis completed successfully!
[2025-05-26 19:42:50.456] Progress: 13.0% (183/1408)
[2025-05-26 19:42:50.456] Successful: 183, Failed: 0
[2025-05-26 19:42:50.456] Time remaining: 50.6h
[2025-05-26 19:42:50.456] Waiting 5 seconds before next sample...
[2025-05-26 19:42:55.457] SAMPLE 184/1408
[2025-05-26 19:42:55.457] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:42:55.457] File: d943a4aabd76582218fd1a9a0a77b2f6a6715b198f9994f0feae6f249b40fdf9.exe
[2025-05-26 19:42:55.457] Path: D:\new\ransomware_high_confidence\blackbasta\d943a4aabd76582218fd1a9a0a77b2f6a6715b198f9994f0feae6f249b40fdf9.exe
[2025-05-26 19:42:55.457] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\d943a4aabd76582218fd1a9a0a77b2f6a6715b198f9994f0feae6f249b40fdf9.exe
[2025-05-26 19:42:55.457] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:42:57.193] Restoring snapshot 35 done
[2025-05-26 19:42:57.193] Starting up VM
[2025-05-26 19:43:03.727] Starting up VM done
[2025-05-26 19:43:03.728] Installing kernel driver
[2025-05-26 19:43:03.728] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:43:09.318] Kernel driver installation completed
[2025-05-26 19:43:09.318] Starting GP driver service
[2025-05-26 19:43:09.318] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:43:12.467] GP driver service started
[2025-05-26 19:43:12.468] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\d943a4aabd76582218fd1a9a0a77b2f6a6715b198f9994f0feae6f249b40fdf9.exe
[2025-05-26 19:43:12.468] Malware execution started
[2025-05-26 19:43:12.468] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:44:12.476] Taking screenshot
[2025-05-26 19:44:12.539] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:44:31.613] Powering off VM done
[2025-05-26 19:44:34.614] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:44:36.733] Restoring snapshot 35 done
[2025-05-26 19:44:36.733] Kernel telemetry analysis completed in 101.3 seconds.

[2025-05-26 19:44:36.733] ✅ Analysis completed successfully!
[2025-05-26 19:44:36.733] Progress: 13.1% (184/1408)
[2025-05-26 19:44:36.733] Successful: 184, Failed: 0
[2025-05-26 19:44:36.733] Time remaining: 50.5h
[2025-05-26 19:44:36.733] Waiting 5 seconds before next sample...
[2025-05-26 19:44:41.734] SAMPLE 185/1408
[2025-05-26 19:44:41.734] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:44:41.734] File: e28188e516db1bda9015c30de59a2e91996b67c2e2b44989a6b0f562577fd757.exe
[2025-05-26 19:44:41.734] Path: D:\new\ransomware_high_confidence\blackbasta\e28188e516db1bda9015c30de59a2e91996b67c2e2b44989a6b0f562577fd757.exe
[2025-05-26 19:44:41.734] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\e28188e516db1bda9015c30de59a2e91996b67c2e2b44989a6b0f562577fd757.exe
[2025-05-26 19:44:41.734] Malware exec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:44:43.603] Restoring snapshot 35 done
[2025-05-26 19:44:43.603] Starting up VM
[2025-05-26 19:44:49.503] Starting up VM done
[2025-05-26 19:44:49.503] Installing kernel driver
[2025-05-26 19:44:49.503] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:44:53.308] Kernel driver installation completed
[2025-05-26 19:44:53.308] Starting GP driver service
[2025-05-26 19:44:53.308] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:44:56.445] GP driver service started
[2025-05-26 19:44:56.446] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\e28188e516db1bda9015c30de59a2e91996b67c2e2b44989a6b0f562577fd757.exe
[2025-05-26 19:44:56.446] Malware execution started
[2025-05-26 19:44:56.446] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:45:56.455] Taking screenshot
[2025-05-26 19:45:56.517] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:46:12.714] Powering off VM done
[2025-05-26 19:46:15.714] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:46:16.945] Restoring snapshot 35 done
[2025-05-26 19:46:16.945] Kernel telemetry analysis completed in 95.2 seconds.

[2025-05-26 19:46:16.945] ✅ Analysis completed successfully!
[2025-05-26 19:46:16.945] Progress: 13.1% (185/1408)
[2025-05-26 19:46:16.945] Successful: 185, Failed: 0
[2025-05-26 19:46:16.945] Time remaining: 50.3h
[2025-05-26 19:46:16.945] Waiting 5 seconds before next sample...
[2025-05-26 19:46:21.945] SAMPLE 186/1408
[2025-05-26 19:46:21.945] Family: D:\new\ransomware_high_confidence\blackbasta
[2025-05-26 19:46:21.945] File: e9fefd053b8c77c7db13d528b97d2b974dfd86775a8cc9c53b8efdb07db8842c.exe
[2025-05-26 19:46:21.945] Path: D:\new\ransomware_high_confidence\blackbasta\e9fefd053b8c77c7db13d528b97d2b974dfd86775a8cc9c53b8efdb07db8842c.exe
[2025-05-26 19:46:21.946] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbasta\e9fefd053b8c77c7db13d528b97d2b974dfd86775a8cc9c53b8efdb07db8842c.exe
[2025-05-26 19:46:21.946] Malware execu

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:46:23.757] Restoring snapshot 35 done
[2025-05-26 19:46:23.757] Starting up VM
[2025-05-26 19:46:30.210] Starting up VM done
[2025-05-26 19:46:30.210] Installing kernel driver
[2025-05-26 19:46:30.210] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:46:34.762] Kernel driver installation completed
[2025-05-26 19:46:34.762] Starting GP driver service
[2025-05-26 19:46:34.762] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:46:37.922] GP driver service started
[2025-05-26 19:46:37.922] Executing malware sample: D:\new\ransomware_high_confidence\blackbasta\e9fefd053b8c77c7db13d528b97d2b974dfd86775a8cc9c53b8efdb07db8842c.exe
[2025-05-26 19:46:37.922] Malware execution started
[2025-05-26 19:46:37.922] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:47:37.930] Taking screenshot
[2025-05-26 19:47:37.991] Tak

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:48:00.246] Powering off VM done
[2025-05-26 19:48:03.246] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:48:04.708] Restoring snapshot 35 done
[2025-05-26 19:48:04.708] Kernel telemetry analysis completed in 102.8 seconds.

[2025-05-26 19:48:04.708] ✅ Analysis completed successfully!
[2025-05-26 19:48:04.708] Progress: 13.2% (186/1408)
[2025-05-26 19:48:04.708] Successful: 186, Failed: 0
[2025-05-26 19:48:04.708] Time remaining: 50.2h
[2025-05-26 19:48:04.708] Waiting 5 seconds before next sample...
[2025-05-26 19:48:09.708] SAMPLE 187/1408
[2025-05-26 19:48:09.708] Family: D:\new\ransomware_high_confidence\blackbyte
[2025-05-26 19:48:09.708] File: 0b102d8ac22224747d38c9fbf2c91579abae050357f0a1d01fac1ec1315ad291.exe
[2025-05-26 19:48:09.708] Path: D:\new\ransomware_high_confidence\blackbyte\0b102d8ac22224747d38c9fbf2c91579abae050357f0a1d01fac1ec1315ad291.exe
[2025-05-26 19:48:09.708] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbyte\0b102d8ac22224747d38c9fbf2c91579abae050357f0a1d01fac1ec1315ad291.exe
[2025-05-26 19:48:09.708] Malware executi

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:48:11.437] Restoring snapshot 35 done
[2025-05-26 19:48:11.437] Starting up VM
[2025-05-26 19:48:17.253] Starting up VM done
[2025-05-26 19:48:17.253] Installing kernel driver
[2025-05-26 19:48:17.253] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:48:20.422] Kernel driver installation completed
[2025-05-26 19:48:20.422] Starting GP driver service
[2025-05-26 19:48:20.422] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:48:23.573] GP driver service started
[2025-05-26 19:48:23.573] Executing malware sample: D:\new\ransomware_high_confidence\blackbyte\0b102d8ac22224747d38c9fbf2c91579abae050357f0a1d01fac1ec1315ad291.exe
[2025-05-26 19:48:23.573] Malware execution started
[2025-05-26 19:48:23.573] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:49:23.582] Taking screenshot
[2025-05-26 19:49:23.646] Taki

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:49:41.202] Powering off VM done
[2025-05-26 19:49:44.202] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:49:45.584] Restoring snapshot 35 done
[2025-05-26 19:49:45.585] Kernel telemetry analysis completed in 95.9 seconds.

[2025-05-26 19:49:45.585] ✅ Analysis completed successfully!
[2025-05-26 19:49:45.585] Progress: 13.3% (187/1408)
[2025-05-26 19:49:45.585] Successful: 187, Failed: 0
[2025-05-26 19:49:45.585] Time remaining: 50.1h
[2025-05-26 19:49:45.585] Waiting 5 seconds before next sample...
[2025-05-26 19:49:50.585] SAMPLE 188/1408
[2025-05-26 19:49:50.585] Family: D:\new\ransomware_high_confidence\blackbyte
[2025-05-26 19:49:50.585] File: 1df11bc19aa52b623bdf15380e3fded56d8eb6fb7b53a2240779864b1a6474ad.exe
[2025-05-26 19:49:50.585] Path: D:\new\ransomware_high_confidence\blackbyte\1df11bc19aa52b623bdf15380e3fded56d8eb6fb7b53a2240779864b1a6474ad.exe
[2025-05-26 19:49:50.585] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbyte\1df11bc19aa52b623bdf15380e3fded56d8eb6fb7b53a2240779864b1a6474ad.exe
[2025-05-26 19:49:50.585] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:49:52.374] Restoring snapshot 35 done
[2025-05-26 19:49:52.374] Starting up VM
[2025-05-26 19:49:58.799] Starting up VM done
[2025-05-26 19:49:58.800] Installing kernel driver
[2025-05-26 19:49:58.800] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:50:02.569] Kernel driver installation completed
[2025-05-26 19:50:02.569] Starting GP driver service
[2025-05-26 19:50:02.569] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:50:05.717] GP driver service started
[2025-05-26 19:50:05.717] Executing malware sample: D:\new\ransomware_high_confidence\blackbyte\1df11bc19aa52b623bdf15380e3fded56d8eb6fb7b53a2240779864b1a6474ad.exe
[2025-05-26 19:50:05.718] Malware execution started
[2025-05-26 19:50:05.718] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:51:05.726] Taking screenshot
[2025-05-26 19:51:05.790] Taki

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:51:21.629] Powering off VM done
[2025-05-26 19:51:24.630] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:51:26.324] Restoring snapshot 35 done
[2025-05-26 19:51:26.324] Kernel telemetry analysis completed in 95.7 seconds.

[2025-05-26 19:51:26.324] ✅ Analysis completed successfully!
[2025-05-26 19:51:26.324] Progress: 13.4% (188/1408)
[2025-05-26 19:51:26.324] Successful: 188, Failed: 0
[2025-05-26 19:51:26.324] Time remaining: 50.0h
[2025-05-26 19:51:26.324] Waiting 5 seconds before next sample...
[2025-05-26 19:51:31.324] SAMPLE 189/1408
[2025-05-26 19:51:31.324] Family: D:\new\ransomware_high_confidence\blackbyte
[2025-05-26 19:51:31.324] File: 388163c9ec1458c779849db891e17efb16a941ca598c4c3ac3a50a77086beb69.exe
[2025-05-26 19:51:31.324] Path: D:\new\ransomware_high_confidence\blackbyte\388163c9ec1458c779849db891e17efb16a941ca598c4c3ac3a50a77086beb69.exe
[2025-05-26 19:51:31.324] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbyte\388163c9ec1458c779849db891e17efb16a941ca598c4c3ac3a50a77086beb69.exe
[2025-05-26 19:51:31.324] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:51:33.042] Restoring snapshot 35 done
[2025-05-26 19:51:33.042] Starting up VM
[2025-05-26 19:51:39.063] Starting up VM done
[2025-05-26 19:51:39.063] Installing kernel driver
[2025-05-26 19:51:39.063] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:51:42.725] Kernel driver installation completed
[2025-05-26 19:51:42.725] Starting GP driver service
[2025-05-26 19:51:42.725] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:51:45.878] GP driver service started
[2025-05-26 19:51:45.878] Executing malware sample: D:\new\ransomware_high_confidence\blackbyte\388163c9ec1458c779849db891e17efb16a941ca598c4c3ac3a50a77086beb69.exe
[2025-05-26 19:51:45.878] Malware execution started
[2025-05-26 19:51:45.878] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:52:45.887] Taking screenshot
[2025-05-26 19:52:45.949] Taki

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:53:02.939] Powering off VM done
[2025-05-26 19:53:05.939] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:53:07.619] Restoring snapshot 35 done
[2025-05-26 19:53:07.619] Kernel telemetry analysis completed in 96.3 seconds.

[2025-05-26 19:53:07.619] ✅ Analysis completed successfully!
[2025-05-26 19:53:07.619] Progress: 13.4% (189/1408)
[2025-05-26 19:53:07.619] Successful: 189, Failed: 0
[2025-05-26 19:53:07.619] Time remaining: 49.8h
[2025-05-26 19:53:07.619] Waiting 5 seconds before next sample...
[2025-05-26 19:53:12.619] SAMPLE 190/1408
[2025-05-26 19:53:12.619] Family: D:\new\ransomware_high_confidence\blackbyte
[2025-05-26 19:53:12.619] File: 3de8fe5cee8180e93697e4ddca87e721910b9dd922de849cab7b1b3a50e54a00.exe
[2025-05-26 19:53:12.619] Path: D:\new\ransomware_high_confidence\blackbyte\3de8fe5cee8180e93697e4ddca87e721910b9dd922de849cab7b1b3a50e54a00.exe
[2025-05-26 19:53:12.620] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbyte\3de8fe5cee8180e93697e4ddca87e721910b9dd922de849cab7b1b3a50e54a00.exe
[2025-05-26 19:53:12.620] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:53:14.416] Restoring snapshot 35 done
[2025-05-26 19:53:14.416] Starting up VM
[2025-05-26 19:53:20.475] Starting up VM done
[2025-05-26 19:53:20.475] Installing kernel driver
[2025-05-26 19:53:20.475] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:53:24.118] Kernel driver installation completed
[2025-05-26 19:53:24.118] Starting GP driver service
[2025-05-26 19:53:24.118] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:53:27.271] GP driver service started
[2025-05-26 19:53:27.271] Executing malware sample: D:\new\ransomware_high_confidence\blackbyte\3de8fe5cee8180e93697e4ddca87e721910b9dd922de849cab7b1b3a50e54a00.exe
[2025-05-26 19:53:27.272] Malware execution started
[2025-05-26 19:53:27.272] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:54:27.280] Taking screenshot
[2025-05-26 19:54:27.344] Taki

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:54:48.635] Powering off VM done
[2025-05-26 19:54:51.636] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:54:53.014] Restoring snapshot 35 done
[2025-05-26 19:54:53.014] Kernel telemetry analysis completed in 100.4 seconds.

[2025-05-26 19:54:53.014] ✅ Analysis completed successfully!
[2025-05-26 19:54:53.014] Progress: 13.5% (190/1408)
[2025-05-26 19:54:53.014] Successful: 190, Failed: 0
[2025-05-26 19:54:53.014] Time remaining: 49.7h
[2025-05-26 19:54:53.014] Waiting 5 seconds before next sample...
[2025-05-26 19:54:58.014] SAMPLE 191/1408
[2025-05-26 19:54:58.014] Family: D:\new\ransomware_high_confidence\blackbyte
[2025-05-26 19:54:58.014] File: 44a5e78fce5455579123af23665262b10165ac710a9f7538b764af76d7771550.exe
[2025-05-26 19:54:58.014] Path: D:\new\ransomware_high_confidence\blackbyte\44a5e78fce5455579123af23665262b10165ac710a9f7538b764af76d7771550.exe
[2025-05-26 19:54:58.015] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbyte\44a5e78fce5455579123af23665262b10165ac710a9f7538b764af76d7771550.exe
[2025-05-26 19:54:58.015] Malware executi

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:54:59.488] Restoring snapshot 35 done
[2025-05-26 19:54:59.488] Starting up VM
[2025-05-26 19:55:05.569] Starting up VM done
[2025-05-26 19:55:05.570] Installing kernel driver
[2025-05-26 19:55:05.570] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:55:09.969] Kernel driver installation completed
[2025-05-26 19:55:09.969] Starting GP driver service
[2025-05-26 19:55:09.969] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:55:13.129] GP driver service started
[2025-05-26 19:55:13.129] Executing malware sample: D:\new\ransomware_high_confidence\blackbyte\44a5e78fce5455579123af23665262b10165ac710a9f7538b764af76d7771550.exe
[2025-05-26 19:55:13.129] Malware execution started
[2025-05-26 19:55:13.129] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:56:13.138] Taking screenshot
[2025-05-26 19:56:13.201] Taki

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:56:33.185] Powering off VM done
[2025-05-26 19:56:36.185] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:56:37.490] Restoring snapshot 35 done
[2025-05-26 19:56:37.490] Kernel telemetry analysis completed in 99.5 seconds.

[2025-05-26 19:56:37.490] ✅ Analysis completed successfully!
[2025-05-26 19:56:37.490] Progress: 13.6% (191/1408)
[2025-05-26 19:56:37.490] Successful: 191, Failed: 0
[2025-05-26 19:56:37.490] Time remaining: 49.6h
[2025-05-26 19:56:37.491] Waiting 5 seconds before next sample...
[2025-05-26 19:56:42.491] SAMPLE 192/1408
[2025-05-26 19:56:42.491] Family: D:\new\ransomware_high_confidence\blackbyte
[2025-05-26 19:56:42.491] File: 534f5fbb7669803812781e43c30083e9197d03f97f0d860ae7d9a59c0484ace4.exe
[2025-05-26 19:56:42.491] Path: D:\new\ransomware_high_confidence\blackbyte\534f5fbb7669803812781e43c30083e9197d03f97f0d860ae7d9a59c0484ace4.exe
[2025-05-26 19:56:42.491] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbyte\534f5fbb7669803812781e43c30083e9197d03f97f0d860ae7d9a59c0484ace4.exe
[2025-05-26 19:56:42.491] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:56:43.969] Restoring snapshot 35 done
[2025-05-26 19:56:43.969] Starting up VM
[2025-05-26 19:56:50.101] Starting up VM done
[2025-05-26 19:56:50.101] Installing kernel driver
[2025-05-26 19:56:50.101] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:56:54.270] Kernel driver installation completed
[2025-05-26 19:56:54.270] Starting GP driver service
[2025-05-26 19:56:54.270] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:56:57.422] GP driver service started
[2025-05-26 19:56:57.422] Executing malware sample: D:\new\ransomware_high_confidence\blackbyte\534f5fbb7669803812781e43c30083e9197d03f97f0d860ae7d9a59c0484ace4.exe
[2025-05-26 19:56:57.422] Malware execution started
[2025-05-26 19:56:57.422] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:57:57.431] Taking screenshot
[2025-05-26 19:57:57.493] Taki

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:58:13.519] Powering off VM done
[2025-05-26 19:58:16.519] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:58:17.896] Restoring snapshot 35 done
[2025-05-26 19:58:17.896] Kernel telemetry analysis completed in 95.4 seconds.

[2025-05-26 19:58:17.896] ✅ Analysis completed successfully!
[2025-05-26 19:58:17.896] Progress: 13.6% (192/1408)
[2025-05-26 19:58:17.896] Successful: 192, Failed: 0
[2025-05-26 19:58:17.897] Time remaining: 49.5h
[2025-05-26 19:58:17.897] Waiting 5 seconds before next sample...
[2025-05-26 19:58:22.897] SAMPLE 193/1408
[2025-05-26 19:58:22.897] Family: D:\new\ransomware_high_confidence\blackbyte
[2025-05-26 19:58:22.897] File: 6f36a4a1364cfb063a0463d9e1287248700ccf1e0d8e280e034b02cf3db3c442.exe
[2025-05-26 19:58:22.897] Path: D:\new\ransomware_high_confidence\blackbyte\6f36a4a1364cfb063a0463d9e1287248700ccf1e0d8e280e034b02cf3db3c442.exe
[2025-05-26 19:58:22.897] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbyte\6f36a4a1364cfb063a0463d9e1287248700ccf1e0d8e280e034b02cf3db3c442.exe
[2025-05-26 19:58:22.897] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:58:24.724] Restoring snapshot 35 done
[2025-05-26 19:58:24.724] Starting up VM
[2025-05-26 19:58:31.197] Starting up VM done
[2025-05-26 19:58:31.197] Installing kernel driver
[2025-05-26 19:58:31.197] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 19:58:35.545] Kernel driver installation completed
[2025-05-26 19:58:35.545] Starting GP driver service
[2025-05-26 19:58:35.545] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 19:58:38.702] GP driver service started
[2025-05-26 19:58:38.702] Executing malware sample: D:\new\ransomware_high_confidence\blackbyte\6f36a4a1364cfb063a0463d9e1287248700ccf1e0d8e280e034b02cf3db3c442.exe
[2025-05-26 19:58:38.702] Malware execution started
[2025-05-26 19:58:38.702] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 19:59:38.711] Taking screenshot
[2025-05-26 19:59:38.774] Taki

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:59:54.568] Powering off VM done
[2025-05-26 19:59:57.568] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 19:59:58.884] Restoring snapshot 35 done
[2025-05-26 19:59:58.884] Kernel telemetry analysis completed in 96.0 seconds.

[2025-05-26 19:59:58.884] ✅ Analysis completed successfully!
[2025-05-26 19:59:58.884] Progress: 13.7% (193/1408)
[2025-05-26 19:59:58.884] Successful: 193, Failed: 0
[2025-05-26 19:59:58.884] Time remaining: 49.4h
[2025-05-26 19:59:58.884] Waiting 5 seconds before next sample...
[2025-05-26 20:00:03.884] SAMPLE 194/1408
[2025-05-26 20:00:03.884] Family: D:\new\ransomware_high_confidence\blackbyte
[2025-05-26 20:00:03.884] File: 70e861184ba4bf7b1f5aa549b15b0207519f9b7ecd4ecdeaf99af832f88285a5.exe
[2025-05-26 20:00:03.884] Path: D:\new\ransomware_high_confidence\blackbyte\70e861184ba4bf7b1f5aa549b15b0207519f9b7ecd4ecdeaf99af832f88285a5.exe
[2025-05-26 20:00:03.884] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbyte\70e861184ba4bf7b1f5aa549b15b0207519f9b7ecd4ecdeaf99af832f88285a5.exe
[2025-05-26 20:00:03.884] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:00:06.013] Restoring snapshot 35 done
[2025-05-26 20:00:06.013] Starting up VM
[2025-05-26 20:00:12.621] Starting up VM done
[2025-05-26 20:00:12.621] Installing kernel driver
[2025-05-26 20:00:12.621] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:00:16.966] Kernel driver installation completed
[2025-05-26 20:00:16.966] Starting GP driver service
[2025-05-26 20:00:16.966] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:00:20.119] GP driver service started
[2025-05-26 20:00:20.120] Executing malware sample: D:\new\ransomware_high_confidence\blackbyte\70e861184ba4bf7b1f5aa549b15b0207519f9b7ecd4ecdeaf99af832f88285a5.exe
[2025-05-26 20:00:20.120] Malware execution started
[2025-05-26 20:00:20.120] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:01:20.128] Taking screenshot
[2025-05-26 20:01:20.192] Taki

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:01:37.128] Powering off VM done
[2025-05-26 20:01:40.128] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:01:41.538] Restoring snapshot 35 done
[2025-05-26 20:01:41.538] Kernel telemetry analysis completed in 97.7 seconds.

[2025-05-26 20:01:41.538] ✅ Analysis completed successfully!
[2025-05-26 20:01:41.538] Progress: 13.8% (194/1408)
[2025-05-26 20:01:41.538] Successful: 194, Failed: 0
[2025-05-26 20:01:41.538] Time remaining: 49.3h
[2025-05-26 20:01:41.538] Waiting 5 seconds before next sample...
[2025-05-26 20:01:46.538] SAMPLE 195/1408
[2025-05-26 20:01:46.538] Family: D:\new\ransomware_high_confidence\blackbyte
[2025-05-26 20:01:46.539] File: 8d2581e5cc6e6fdf17558afe025ff84d9023ea636aca74dee39900d8f523e912.exe
[2025-05-26 20:01:46.539] Path: D:\new\ransomware_high_confidence\blackbyte\8d2581e5cc6e6fdf17558afe025ff84d9023ea636aca74dee39900d8f523e912.exe
[2025-05-26 20:01:46.539] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbyte\8d2581e5cc6e6fdf17558afe025ff84d9023ea636aca74dee39900d8f523e912.exe
[2025-05-26 20:01:46.539] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:01:48.403] Restoring snapshot 35 done
[2025-05-26 20:01:48.403] Starting up VM
[2025-05-26 20:01:54.323] Starting up VM done
[2025-05-26 20:01:54.323] Installing kernel driver
[2025-05-26 20:01:54.323] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:01:57.900] Kernel driver installation completed
[2025-05-26 20:01:57.900] Starting GP driver service
[2025-05-26 20:01:57.900] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:02:01.050] GP driver service started
[2025-05-26 20:02:01.050] Executing malware sample: D:\new\ransomware_high_confidence\blackbyte\8d2581e5cc6e6fdf17558afe025ff84d9023ea636aca74dee39900d8f523e912.exe
[2025-05-26 20:02:01.050] Malware execution started
[2025-05-26 20:02:01.050] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:03:01.059] Taking screenshot
[2025-05-26 20:03:01.121] Taki

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:03:19.157] Powering off VM done
[2025-05-26 20:03:22.158] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:03:23.737] Restoring snapshot 35 done
[2025-05-26 20:03:23.737] Kernel telemetry analysis completed in 97.2 seconds.

[2025-05-26 20:03:23.737] ✅ Analysis completed successfully!
[2025-05-26 20:03:23.737] Progress: 13.8% (195/1408)
[2025-05-26 20:03:23.737] Successful: 195, Failed: 0
[2025-05-26 20:03:23.737] Time remaining: 49.1h
[2025-05-26 20:03:23.737] Waiting 5 seconds before next sample...
[2025-05-26 20:03:28.738] SAMPLE 196/1408
[2025-05-26 20:03:28.738] Family: D:\new\ransomware_high_confidence\blackbyte
[2025-05-26 20:03:28.738] File: 9103194d32a15ea9e8ede1c81960a5ba5d21213de55df52a6dac409f2e58bcfe.exe
[2025-05-26 20:03:28.738] Path: D:\new\ransomware_high_confidence\blackbyte\9103194d32a15ea9e8ede1c81960a5ba5d21213de55df52a6dac409f2e58bcfe.exe
[2025-05-26 20:03:28.738] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbyte\9103194d32a15ea9e8ede1c81960a5ba5d21213de55df52a6dac409f2e58bcfe.exe
[2025-05-26 20:03:28.738] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:03:30.331] Restoring snapshot 35 done
[2025-05-26 20:03:30.331] Starting up VM
[2025-05-26 20:03:36.301] Starting up VM done
[2025-05-26 20:03:36.301] Installing kernel driver
[2025-05-26 20:03:36.301] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:03:39.950] Kernel driver installation completed
[2025-05-26 20:03:39.950] Starting GP driver service
[2025-05-26 20:03:39.950] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:03:43.099] GP driver service started
[2025-05-26 20:03:43.099] Executing malware sample: D:\new\ransomware_high_confidence\blackbyte\9103194d32a15ea9e8ede1c81960a5ba5d21213de55df52a6dac409f2e58bcfe.exe
[2025-05-26 20:03:43.100] Malware execution started
[2025-05-26 20:03:43.100] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:04:43.108] Taking screenshot
[2025-05-26 20:04:43.171] Taki

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:04:56.947] Powering off VM done
[2025-05-26 20:04:59.947] Restoring snapshot 35
[2025-05-26 20:04:59.995] Restoring snapshot 35 done
[2025-05-26 20:04:59.995] Kernel telemetry analysis completed in 91.3 seconds.

[2025-05-26 20:04:59.995] ✅ Analysis completed successfully!
[2025-05-26 20:04:59.995] Progress: 13.9% (196/1408)
[2025-05-26 20:04:59.995] Successful: 196, Failed: 0
[2025-05-26 20:04:59.995] Time remaining: 49.0h
[2025-05-26 20:04:59.995] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:05:04.995] SAMPLE 197/1408
[2025-05-26 20:05:04.995] Family: D:\new\ransomware_high_confidence\blackbyte
[2025-05-26 20:05:04.995] File: 938a0841b643da4d0e04848b04b7f735c64e05ce45b5118618c6af685d651f08.exe
[2025-05-26 20:05:04.995] Path: D:\new\ransomware_high_confidence\blackbyte\938a0841b643da4d0e04848b04b7f735c64e05ce45b5118618c6af685d651f08.exe
[2025-05-26 20:05:04.995] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbyte\938a0841b643da4d0e04848b04b7f735c64e05ce45b5118618c6af685d651f08.exe
[2025-05-26 20:05:04.995] Malware execution time: 60 seconds
[2025-05-26 20:05:04.995] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:05:05.586] Restoring snapshot 35 done
[2025-05-26 20:05:05.586] Starting up VM
[2025-05-26 20:05:10.402] Starting up VM done
[2025-05-26 20:05:10.402] Installing kernel driver
[2025-05-26 20:05:10.402] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:05:13.567] Kernel driver installation completed
[2025-05-26 20:05:13.567] Starting GP driver service
[2025-05-26 20:05:13.567] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:05:16.719] GP driver service started
[2025-05-26 20:05:16.719] Executing malware sample: D:\new\ransomware_high_confidence\blackbyte\938a0841b643da4d0e04848b04b7f735c64e05ce45b5118618c6af685d651f08.exe
[2025-05-26 20:05:16.720] Malware execution started
[2025-05-26 20:05:16.720] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:06:16.728] Taking screenshot
[2025-05-26 20:06:16.790] Taki

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:06:30.550] Powering off VM done
[2025-05-26 20:06:33.551] Restoring snapshot 35
[2025-05-26 20:06:33.599] Restoring snapshot 35 done
[2025-05-26 20:06:33.599] Kernel telemetry analysis completed in 88.6 seconds.

[2025-05-26 20:06:33.599] ✅ Analysis completed successfully!
[2025-05-26 20:06:33.599] Progress: 14.0% (197/1408)
[2025-05-26 20:06:33.599] Successful: 197, Failed: 0
[2025-05-26 20:06:33.599] Time remaining: 48.9h
[2025-05-26 20:06:33.599] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:06:38.599] SAMPLE 198/1408
[2025-05-26 20:06:38.599] Family: D:\new\ransomware_high_confidence\blackbyte
[2025-05-26 20:06:38.599] File: e434ec347a8ea1f0712561bccf0153468a943e16d2cd792fbc72720bd0a8002e.exe
[2025-05-26 20:06:38.599] Path: D:\new\ransomware_high_confidence\blackbyte\e434ec347a8ea1f0712561bccf0153468a943e16d2cd792fbc72720bd0a8002e.exe
[2025-05-26 20:06:38.599] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbyte\e434ec347a8ea1f0712561bccf0153468a943e16d2cd792fbc72720bd0a8002e.exe
[2025-05-26 20:06:38.599] Malware execution time: 60 seconds
[2025-05-26 20:06:38.599] Restoring snapshot 35
[2025-05-26 20:06:38.776] Restoring snapshot 35 done
[2025-05-26 20:06:38.776] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:06:43.620] Starting up VM done
[2025-05-26 20:06:43.620] Installing kernel driver
[2025-05-26 20:06:43.620] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:06:46.776] Kernel driver installation completed
[2025-05-26 20:06:46.777] Starting GP driver service
[2025-05-26 20:06:46.777] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:06:49.927] GP driver service started
[2025-05-26 20:06:49.927] Executing malware sample: D:\new\ransomware_high_confidence\blackbyte\e434ec347a8ea1f0712561bccf0153468a943e16d2cd792fbc72720bd0a8002e.exe
[2025-05-26 20:06:49.927] Malware execution started
[2025-05-26 20:06:49.927] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:07:49.936] Taking screenshot
[2025-05-26 20:07:49.998] Taking screenshot done
[2025-05-26 20:07:49.998] Terminating malware: e434ec347a8ea1f0712561bccf01

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:08:03.795] Powering off VM done
[2025-05-26 20:08:06.795] Restoring snapshot 35
[2025-05-26 20:08:06.846] Restoring snapshot 35 done
[2025-05-26 20:08:06.846] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:08:06.846] ✅ Analysis completed successfully!
[2025-05-26 20:08:06.846] Progress: 14.1% (198/1408)
[2025-05-26 20:08:06.846] Successful: 198, Failed: 0
[2025-05-26 20:08:06.846] Time remaining: 48.8h
[2025-05-26 20:08:06.846] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:08:11.846] SAMPLE 199/1408
[2025-05-26 20:08:11.846] Family: D:\new\ransomware_high_confidence\blackbyte
[2025-05-26 20:08:11.846] File: ffc4d94a26ea7bcf48baffd96d33d3c3d53df1bb2c59567f6d04e02e7e2e5aaa.exe
[2025-05-26 20:08:11.846] Path: D:\new\ransomware_high_confidence\blackbyte\ffc4d94a26ea7bcf48baffd96d33d3c3d53df1bb2c59567f6d04e02e7e2e5aaa.exe
[2025-05-26 20:08:11.846] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackbyte\ffc4d94a26ea7bcf48baffd96d33d3c3d53df1bb2c59567f6d04e02e7e2e5aaa.exe
[2025-05-26 20:08:11.847] Malware execution time: 60 seconds
[2025-05-26 20:08:11.847] Restoring snapshot 35
[2025-05-26 20:08:12.025] Restoring snapshot 35 done
[2025-05-26 20:08:12.025] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:08:16.861] Starting up VM done
[2025-05-26 20:08:16.861] Installing kernel driver
[2025-05-26 20:08:16.861] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:08:20.026] Kernel driver installation completed
[2025-05-26 20:08:20.027] Starting GP driver service
[2025-05-26 20:08:20.027] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:08:23.182] GP driver service started
[2025-05-26 20:08:23.183] Executing malware sample: D:\new\ransomware_high_confidence\blackbyte\ffc4d94a26ea7bcf48baffd96d33d3c3d53df1bb2c59567f6d04e02e7e2e5aaa.exe
[2025-05-26 20:08:23.183] Malware execution started
[2025-05-26 20:08:23.183] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:09:23.192] Taking screenshot
[2025-05-26 20:09:23.254] Taking screenshot done
[2025-05-26 20:09:23.254] Terminating malware: ffc4d94a26ea7bcf48baffd96d33

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:09:36.985] Powering off VM done
[2025-05-26 20:09:39.985] Restoring snapshot 35
[2025-05-26 20:09:40.032] Restoring snapshot 35 done
[2025-05-26 20:09:40.032] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:09:40.032] ✅ Analysis completed successfully!
[2025-05-26 20:09:40.032] Progress: 14.1% (199/1408)
[2025-05-26 20:09:40.032] Successful: 199, Failed: 0
[2025-05-26 20:09:40.032] Time remaining: 48.6h
[2025-05-26 20:09:40.032] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:09:45.032] SAMPLE 200/1408
[2025-05-26 20:09:45.032] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:09:45.032] File: 1048a41107f4d9a68c1f5fc0b99ac75dc198047f18bb6e50f3d462f262b8f6cd.exe
[2025-05-26 20:09:45.032] Path: D:\new\ransomware_high_confidence\blackcat\1048a41107f4d9a68c1f5fc0b99ac75dc198047f18bb6e50f3d462f262b8f6cd.exe
[2025-05-26 20:09:45.033] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\1048a41107f4d9a68c1f5fc0b99ac75dc198047f18bb6e50f3d462f262b8f6cd.exe
[2025-05-26 20:09:45.033] Malware execution time: 60 seconds
[2025-05-26 20:09:45.033] Restoring snapshot 35
[2025-05-26 20:09:45.209] Restoring snapshot 35 done
[2025-05-26 20:09:45.209] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:09:50.046] Starting up VM done
[2025-05-26 20:09:50.046] Installing kernel driver
[2025-05-26 20:09:50.046] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:09:53.200] Kernel driver installation completed
[2025-05-26 20:09:53.200] Starting GP driver service
[2025-05-26 20:09:53.200] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:09:56.355] GP driver service started
[2025-05-26 20:09:56.355] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\1048a41107f4d9a68c1f5fc0b99ac75dc198047f18bb6e50f3d462f262b8f6cd.exe
[2025-05-26 20:09:56.355] Malware execution started
[2025-05-26 20:09:56.355] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:10:56.363] Taking screenshot
[2025-05-26 20:10:56.426] Taking screenshot done
[2025-05-26 20:10:56.426] Terminating malware: 1048a41107f4d9a68c1f5fc0b99ac

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:11:10.156] Powering off VM done
[2025-05-26 20:11:13.156] Restoring snapshot 35
[2025-05-26 20:11:13.205] Restoring snapshot 35 done
[2025-05-26 20:11:13.205] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:11:13.205] ✅ Analysis completed successfully!
[2025-05-26 20:11:13.205] Progress: 14.2% (200/1408)
[2025-05-26 20:11:13.205] Successful: 200, Failed: 0
[2025-05-26 20:11:13.205] Time remaining: 48.5h
[2025-05-26 20:11:13.205] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:11:18.205] SAMPLE 201/1408
[2025-05-26 20:11:18.205] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:11:18.205] File: 12138a12e35563461860d8c39d80e7cbf80aced9a3f197bf7e6a452a70e07048.exe
[2025-05-26 20:11:18.205] Path: D:\new\ransomware_high_confidence\blackcat\12138a12e35563461860d8c39d80e7cbf80aced9a3f197bf7e6a452a70e07048.exe
[2025-05-26 20:11:18.205] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\12138a12e35563461860d8c39d80e7cbf80aced9a3f197bf7e6a452a70e07048.exe
[2025-05-26 20:11:18.205] Malware execution time: 60 seconds
[2025-05-26 20:11:18.205] Restoring snapshot 35
[2025-05-26 20:11:18.384] Restoring snapshot 35 done
[2025-05-26 20:11:18.384] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:11:23.219] Starting up VM done
[2025-05-26 20:11:23.219] Installing kernel driver
[2025-05-26 20:11:23.220] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:11:26.370] Kernel driver installation completed
[2025-05-26 20:11:26.370] Starting GP driver service
[2025-05-26 20:11:26.370] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:11:29.522] GP driver service started
[2025-05-26 20:11:29.522] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\12138a12e35563461860d8c39d80e7cbf80aced9a3f197bf7e6a452a70e07048.exe
[2025-05-26 20:11:29.523] Malware execution started
[2025-05-26 20:11:29.523] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:12:29.531] Taking screenshot
[2025-05-26 20:12:29.593] Taking screenshot done
[2025-05-26 20:12:29.593] Terminating malware: 12138a12e35563461860d8c39d80e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:12:43.354] Powering off VM done
[2025-05-26 20:12:46.355] Restoring snapshot 35
[2025-05-26 20:12:46.405] Restoring snapshot 35 done
[2025-05-26 20:12:46.405] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:12:46.405] ✅ Analysis completed successfully!
[2025-05-26 20:12:46.405] Progress: 14.3% (201/1408)
[2025-05-26 20:12:46.406] Successful: 201, Failed: 0
[2025-05-26 20:12:46.406] Time remaining: 48.4h
[2025-05-26 20:12:46.406] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:12:51.406] SAMPLE 202/1408
[2025-05-26 20:12:51.406] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:12:51.406] File: 13828b390d5f58b002e808c2c4f02fdd920e236cc8015480fa33b6c1a9300e31.exe
[2025-05-26 20:12:51.406] Path: D:\new\ransomware_high_confidence\blackcat\13828b390d5f58b002e808c2c4f02fdd920e236cc8015480fa33b6c1a9300e31.exe
[2025-05-26 20:12:51.406] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\13828b390d5f58b002e808c2c4f02fdd920e236cc8015480fa33b6c1a9300e31.exe
[2025-05-26 20:12:51.406] Malware execution time: 60 seconds
[2025-05-26 20:12:51.406] Restoring snapshot 35
[2025-05-26 20:12:51.581] Restoring snapshot 35 done
[2025-05-26 20:12:51.582] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:12:56.414] Starting up VM done
[2025-05-26 20:12:56.414] Installing kernel driver
[2025-05-26 20:12:56.414] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:12:59.572] Kernel driver installation completed
[2025-05-26 20:12:59.572] Starting GP driver service
[2025-05-26 20:12:59.572] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:13:02.719] GP driver service started
[2025-05-26 20:13:02.719] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\13828b390d5f58b002e808c2c4f02fdd920e236cc8015480fa33b6c1a9300e31.exe
[2025-05-26 20:13:02.720] Malware execution started
[2025-05-26 20:13:02.720] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:14:02.728] Taking screenshot
[2025-05-26 20:14:02.790] Taking screenshot done
[2025-05-26 20:14:02.790] Terminating malware: 13828b390d5f58b002e808c2c4f02

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:14:16.960] Powering off VM done
[2025-05-26 20:14:19.960] Restoring snapshot 35
[2025-05-26 20:14:20.007] Restoring snapshot 35 done
[2025-05-26 20:14:20.008] Kernel telemetry analysis completed in 88.6 seconds.

[2025-05-26 20:14:20.008] ✅ Analysis completed successfully!
[2025-05-26 20:14:20.008] Progress: 14.3% (202/1408)
[2025-05-26 20:14:20.008] Successful: 202, Failed: 0
[2025-05-26 20:14:20.008] Time remaining: 48.2h
[2025-05-26 20:14:20.008] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:14:25.008] SAMPLE 203/1408
[2025-05-26 20:14:25.008] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:14:25.008] File: 15b57c1b68cd6ce3c161042e0f3be9f32d78151fe95461eedc59a79fc222c7ed.exe
[2025-05-26 20:14:25.008] Path: D:\new\ransomware_high_confidence\blackcat\15b57c1b68cd6ce3c161042e0f3be9f32d78151fe95461eedc59a79fc222c7ed.exe
[2025-05-26 20:14:25.008] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\15b57c1b68cd6ce3c161042e0f3be9f32d78151fe95461eedc59a79fc222c7ed.exe
[2025-05-26 20:14:25.008] Malware execution time: 60 seconds
[2025-05-26 20:14:25.008] Restoring snapshot 35
[2025-05-26 20:14:25.184] Restoring snapshot 35 done
[2025-05-26 20:14:25.184] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:14:30.005] Starting up VM done
[2025-05-26 20:14:30.005] Installing kernel driver
[2025-05-26 20:14:30.005] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:14:33.162] Kernel driver installation completed
[2025-05-26 20:14:33.162] Starting GP driver service
[2025-05-26 20:14:33.163] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:14:36.316] GP driver service started
[2025-05-26 20:14:36.316] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\15b57c1b68cd6ce3c161042e0f3be9f32d78151fe95461eedc59a79fc222c7ed.exe
[2025-05-26 20:14:36.317] Malware execution started
[2025-05-26 20:14:36.317] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:15:36.325] Taking screenshot
[2025-05-26 20:15:36.389] Taking screenshot done
[2025-05-26 20:15:36.389] Terminating malware: 15b57c1b68cd6ce3c161042e0f3be

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:15:50.130] Powering off VM done
[2025-05-26 20:15:53.130] Restoring snapshot 35
[2025-05-26 20:15:53.178] Restoring snapshot 35 done
[2025-05-26 20:15:53.178] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:15:53.178] ✅ Analysis completed successfully!
[2025-05-26 20:15:53.178] Progress: 14.4% (203/1408)
[2025-05-26 20:15:53.178] Successful: 203, Failed: 0
[2025-05-26 20:15:53.178] Time remaining: 48.1h
[2025-05-26 20:15:53.178] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:15:58.178] SAMPLE 204/1408
[2025-05-26 20:15:58.178] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:15:58.178] File: 1e8696116c400742d13d6dfcad676badee68eac4a42a0693556f5dcfa82d0a46.exe
[2025-05-26 20:15:58.178] Path: D:\new\ransomware_high_confidence\blackcat\1e8696116c400742d13d6dfcad676badee68eac4a42a0693556f5dcfa82d0a46.exe
[2025-05-26 20:15:58.178] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\1e8696116c400742d13d6dfcad676badee68eac4a42a0693556f5dcfa82d0a46.exe
[2025-05-26 20:15:58.178] Malware execution time: 60 seconds
[2025-05-26 20:15:58.178] Restoring snapshot 35
[2025-05-26 20:15:58.354] Restoring snapshot 35 done
[2025-05-26 20:15:58.354] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:16:03.293] Starting up VM done
[2025-05-26 20:16:03.293] Installing kernel driver
[2025-05-26 20:16:03.293] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:16:06.449] Kernel driver installation completed
[2025-05-26 20:16:06.449] Starting GP driver service
[2025-05-26 20:16:06.449] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:16:09.603] GP driver service started
[2025-05-26 20:16:09.603] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\1e8696116c400742d13d6dfcad676badee68eac4a42a0693556f5dcfa82d0a46.exe
[2025-05-26 20:16:09.603] Malware execution started
[2025-05-26 20:16:09.603] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:17:09.611] Taking screenshot
[2025-05-26 20:17:09.674] Taking screenshot done
[2025-05-26 20:17:09.674] Terminating malware: 1e8696116c400742d13d6dfcad676

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:17:23.442] Powering off VM done
[2025-05-26 20:17:26.443] Restoring snapshot 35
[2025-05-26 20:17:26.494] Restoring snapshot 35 done
[2025-05-26 20:17:26.494] Kernel telemetry analysis completed in 88.3 seconds.

[2025-05-26 20:17:26.494] ✅ Analysis completed successfully!
[2025-05-26 20:17:26.494] Progress: 14.5% (204/1408)
[2025-05-26 20:17:26.494] Successful: 204, Failed: 0
[2025-05-26 20:17:26.494] Time remaining: 48.0h
[2025-05-26 20:17:26.494] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:17:31.494] SAMPLE 205/1408
[2025-05-26 20:17:31.494] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:17:31.494] File: 214ea9347df948e515af3f0ed446722e36f011e8cd34a221eb6e506269b955f3.exe
[2025-05-26 20:17:31.494] Path: D:\new\ransomware_high_confidence\blackcat\214ea9347df948e515af3f0ed446722e36f011e8cd34a221eb6e506269b955f3.exe
[2025-05-26 20:17:31.494] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\214ea9347df948e515af3f0ed446722e36f011e8cd34a221eb6e506269b955f3.exe
[2025-05-26 20:17:31.494] Malware execution time: 60 seconds
[2025-05-26 20:17:31.494] Restoring snapshot 35
[2025-05-26 20:17:31.672] Restoring snapshot 35 done
[2025-05-26 20:17:31.672] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:17:36.483] Starting up VM done
[2025-05-26 20:17:36.483] Installing kernel driver
[2025-05-26 20:17:36.483] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:17:39.642] Kernel driver installation completed
[2025-05-26 20:17:39.642] Starting GP driver service
[2025-05-26 20:17:39.642] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:17:42.799] GP driver service started
[2025-05-26 20:17:42.799] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\214ea9347df948e515af3f0ed446722e36f011e8cd34a221eb6e506269b955f3.exe
[2025-05-26 20:17:42.799] Malware execution started
[2025-05-26 20:17:42.799] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:18:42.808] Taking screenshot
[2025-05-26 20:18:42.870] Taking screenshot done
[2025-05-26 20:18:42.870] Terminating malware: 214ea9347df948e515af3f0ed4467

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:18:56.644] Powering off VM done
[2025-05-26 20:18:59.645] Restoring snapshot 35
[2025-05-26 20:18:59.695] Restoring snapshot 35 done
[2025-05-26 20:18:59.696] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:18:59.696] ✅ Analysis completed successfully!
[2025-05-26 20:18:59.696] Progress: 14.6% (205/1408)
[2025-05-26 20:18:59.696] Successful: 205, Failed: 0
[2025-05-26 20:18:59.696] Time remaining: 47.9h
[2025-05-26 20:18:59.696] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:19:04.696] SAMPLE 206/1408
[2025-05-26 20:19:04.696] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:19:04.696] File: 25364fb9f14a97437eb079e0778f724f3817faa7d23de316b2eca11bdae1e343.exe
[2025-05-26 20:19:04.696] Path: D:\new\ransomware_high_confidence\blackcat\25364fb9f14a97437eb079e0778f724f3817faa7d23de316b2eca11bdae1e343.exe
[2025-05-26 20:19:04.696] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\25364fb9f14a97437eb079e0778f724f3817faa7d23de316b2eca11bdae1e343.exe
[2025-05-26 20:19:04.696] Malware execution time: 60 seconds
[2025-05-26 20:19:04.696] Restoring snapshot 35
[2025-05-26 20:19:04.872] Restoring snapshot 35 done
[2025-05-26 20:19:04.872] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:19:10.303] Starting up VM done
[2025-05-26 20:19:10.304] Installing kernel driver
[2025-05-26 20:19:10.304] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:19:13.466] Kernel driver installation completed
[2025-05-26 20:19:13.466] Starting GP driver service
[2025-05-26 20:19:13.466] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:19:16.628] GP driver service started
[2025-05-26 20:19:16.628] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\25364fb9f14a97437eb079e0778f724f3817faa7d23de316b2eca11bdae1e343.exe
[2025-05-26 20:19:16.629] Malware execution started
[2025-05-26 20:19:16.629] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:20:16.637] Taking screenshot
[2025-05-26 20:20:16.699] Taking screenshot done
[2025-05-26 20:20:16.699] Terminating malware: 25364fb9f14a97437eb079e0778f7

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:20:30.437] Powering off VM done
[2025-05-26 20:20:33.437] Restoring snapshot 35
[2025-05-26 20:20:33.487] Restoring snapshot 35 done
[2025-05-26 20:20:33.487] Kernel telemetry analysis completed in 88.8 seconds.

[2025-05-26 20:20:33.487] ✅ Analysis completed successfully!
[2025-05-26 20:20:33.487] Progress: 14.6% (206/1408)
[2025-05-26 20:20:33.487] Successful: 206, Failed: 0
[2025-05-26 20:20:33.487] Time remaining: 47.8h
[2025-05-26 20:20:33.487] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:20:38.488] SAMPLE 207/1408
[2025-05-26 20:20:38.488] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:20:38.488] File: 32304c278117353bd112132323055e113b62182d1efcc83abec1e736cf8da9e1.exe
[2025-05-26 20:20:38.488] Path: D:\new\ransomware_high_confidence\blackcat\32304c278117353bd112132323055e113b62182d1efcc83abec1e736cf8da9e1.exe
[2025-05-26 20:20:38.488] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\32304c278117353bd112132323055e113b62182d1efcc83abec1e736cf8da9e1.exe
[2025-05-26 20:20:38.488] Malware execution time: 60 seconds
[2025-05-26 20:20:38.488] Restoring snapshot 35
[2025-05-26 20:20:38.664] Restoring snapshot 35 done
[2025-05-26 20:20:38.664] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:20:43.490] Starting up VM done
[2025-05-26 20:20:43.490] Installing kernel driver
[2025-05-26 20:20:43.490] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:20:46.653] Kernel driver installation completed
[2025-05-26 20:20:46.653] Starting GP driver service
[2025-05-26 20:20:46.653] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:20:49.806] GP driver service started
[2025-05-26 20:20:49.806] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\32304c278117353bd112132323055e113b62182d1efcc83abec1e736cf8da9e1.exe
[2025-05-26 20:20:49.806] Malware execution started
[2025-05-26 20:20:49.806] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:21:49.815] Taking screenshot
[2025-05-26 20:21:49.877] Taking screenshot done
[2025-05-26 20:21:49.877] Terminating malware: 32304c278117353bd112132323055

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:22:03.648] Powering off VM done
[2025-05-26 20:22:06.648] Restoring snapshot 35
[2025-05-26 20:22:06.696] Restoring snapshot 35 done
[2025-05-26 20:22:06.696] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:22:06.696] ✅ Analysis completed successfully!
[2025-05-26 20:22:06.696] Progress: 14.7% (207/1408)
[2025-05-26 20:22:06.696] Successful: 207, Failed: 0
[2025-05-26 20:22:06.696] Time remaining: 47.6h
[2025-05-26 20:22:06.696] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:22:11.696] SAMPLE 208/1408
[2025-05-26 20:22:11.696] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:22:11.696] File: 3850817e83a1cf4195920110bb2995a0386fdaeacbf81e13f52bdb3d124911f5.exe
[2025-05-26 20:22:11.696] Path: D:\new\ransomware_high_confidence\blackcat\3850817e83a1cf4195920110bb2995a0386fdaeacbf81e13f52bdb3d124911f5.exe
[2025-05-26 20:22:11.696] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\3850817e83a1cf4195920110bb2995a0386fdaeacbf81e13f52bdb3d124911f5.exe
[2025-05-26 20:22:11.696] Malware execution time: 60 seconds
[2025-05-26 20:22:11.696] Restoring snapshot 35
[2025-05-26 20:22:11.872] Restoring snapshot 35 done
[2025-05-26 20:22:11.872] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:22:16.688] Starting up VM done
[2025-05-26 20:22:16.688] Installing kernel driver
[2025-05-26 20:22:16.688] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:22:19.840] Kernel driver installation completed
[2025-05-26 20:22:19.840] Starting GP driver service
[2025-05-26 20:22:19.840] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:22:22.991] GP driver service started
[2025-05-26 20:22:22.992] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\3850817e83a1cf4195920110bb2995a0386fdaeacbf81e13f52bdb3d124911f5.exe
[2025-05-26 20:22:22.992] Malware execution started
[2025-05-26 20:22:22.992] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:23:23.000] Taking screenshot
[2025-05-26 20:23:23.063] Taking screenshot done
[2025-05-26 20:23:23.063] Terminating malware: 3850817e83a1cf4195920110bb299

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:23:36.811] Powering off VM done
[2025-05-26 20:23:39.811] Restoring snapshot 35
[2025-05-26 20:23:39.859] Restoring snapshot 35 done
[2025-05-26 20:23:39.859] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:23:39.859] ✅ Analysis completed successfully!
[2025-05-26 20:23:39.859] Progress: 14.8% (208/1408)
[2025-05-26 20:23:39.859] Successful: 208, Failed: 0
[2025-05-26 20:23:39.859] Time remaining: 47.5h
[2025-05-26 20:23:39.859] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:23:44.859] SAMPLE 209/1408
[2025-05-26 20:23:44.859] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:23:44.859] File: 3a96c3075b8494fe6a76c6325946ab3f200e75ce26ad886446ea1394b5ac6ba1.exe
[2025-05-26 20:23:44.859] Path: D:\new\ransomware_high_confidence\blackcat\3a96c3075b8494fe6a76c6325946ab3f200e75ce26ad886446ea1394b5ac6ba1.exe
[2025-05-26 20:23:44.859] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\3a96c3075b8494fe6a76c6325946ab3f200e75ce26ad886446ea1394b5ac6ba1.exe
[2025-05-26 20:23:44.859] Malware execution time: 60 seconds
[2025-05-26 20:23:44.859] Restoring snapshot 35
[2025-05-26 20:23:45.036] Restoring snapshot 35 done
[2025-05-26 20:23:45.036] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:23:49.867] Starting up VM done
[2025-05-26 20:23:49.867] Installing kernel driver
[2025-05-26 20:23:49.867] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:23:53.018] Kernel driver installation completed
[2025-05-26 20:23:53.018] Starting GP driver service
[2025-05-26 20:23:53.018] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:23:56.179] GP driver service started
[2025-05-26 20:23:56.179] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\3a96c3075b8494fe6a76c6325946ab3f200e75ce26ad886446ea1394b5ac6ba1.exe
[2025-05-26 20:23:56.180] Malware execution started
[2025-05-26 20:23:56.180] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:24:56.188] Taking screenshot
[2025-05-26 20:24:56.250] Taking screenshot done
[2025-05-26 20:24:56.250] Terminating malware: 3a96c3075b8494fe6a76c6325946a

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:25:09.982] Powering off VM done
[2025-05-26 20:25:12.983] Restoring snapshot 35
[2025-05-26 20:25:13.030] Restoring snapshot 35 done
[2025-05-26 20:25:13.030] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:25:13.030] ✅ Analysis completed successfully!
[2025-05-26 20:25:13.030] Progress: 14.8% (209/1408)
[2025-05-26 20:25:13.030] Successful: 209, Failed: 0
[2025-05-26 20:25:13.030] Time remaining: 47.4h
[2025-05-26 20:25:13.030] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:25:18.031] SAMPLE 210/1408
[2025-05-26 20:25:18.031] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:25:18.031] File: 3b18241ac1018db1c2fb5c9e8306490bcafb373c852f1c5ebae65c672632a620.exe
[2025-05-26 20:25:18.031] Path: D:\new\ransomware_high_confidence\blackcat\3b18241ac1018db1c2fb5c9e8306490bcafb373c852f1c5ebae65c672632a620.exe
[2025-05-26 20:25:18.031] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\3b18241ac1018db1c2fb5c9e8306490bcafb373c852f1c5ebae65c672632a620.exe
[2025-05-26 20:25:18.031] Malware execution time: 60 seconds
[2025-05-26 20:25:18.031] Restoring snapshot 35
[2025-05-26 20:25:18.207] Restoring snapshot 35 done
[2025-05-26 20:25:18.207] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:25:23.023] Starting up VM done
[2025-05-26 20:25:23.023] Installing kernel driver
[2025-05-26 20:25:23.023] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:25:26.178] Kernel driver installation completed
[2025-05-26 20:25:26.178] Starting GP driver service
[2025-05-26 20:25:26.178] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:25:29.329] GP driver service started
[2025-05-26 20:25:29.329] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\3b18241ac1018db1c2fb5c9e8306490bcafb373c852f1c5ebae65c672632a620.exe
[2025-05-26 20:25:29.329] Malware execution started
[2025-05-26 20:25:29.329] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:26:29.338] Taking screenshot
[2025-05-26 20:26:29.400] Taking screenshot done
[2025-05-26 20:26:29.400] Terminating malware: 3b18241ac1018db1c2fb5c9e83064

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:26:43.172] Powering off VM done
[2025-05-26 20:26:46.172] Restoring snapshot 35
[2025-05-26 20:26:46.220] Restoring snapshot 35 done
[2025-05-26 20:26:46.220] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:26:46.220] ✅ Analysis completed successfully!
[2025-05-26 20:26:46.220] Progress: 14.9% (210/1408)
[2025-05-26 20:26:46.220] Successful: 210, Failed: 0
[2025-05-26 20:26:46.220] Time remaining: 47.3h
[2025-05-26 20:26:46.221] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:26:51.221] SAMPLE 211/1408
[2025-05-26 20:26:51.221] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:26:51.221] File: 3c8ad2dae0b1bb536925b4e8d5a87e77c6134371eada2c7628358d6c6d3083dc.exe
[2025-05-26 20:26:51.221] Path: D:\new\ransomware_high_confidence\blackcat\3c8ad2dae0b1bb536925b4e8d5a87e77c6134371eada2c7628358d6c6d3083dc.exe
[2025-05-26 20:26:51.221] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\3c8ad2dae0b1bb536925b4e8d5a87e77c6134371eada2c7628358d6c6d3083dc.exe
[2025-05-26 20:26:51.221] Malware execution time: 60 seconds
[2025-05-26 20:26:51.221] Restoring snapshot 35
[2025-05-26 20:26:51.398] Restoring snapshot 35 done
[2025-05-26 20:26:51.398] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:26:56.246] Starting up VM done
[2025-05-26 20:26:56.246] Installing kernel driver
[2025-05-26 20:26:56.246] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:26:59.411] Kernel driver installation completed
[2025-05-26 20:26:59.411] Starting GP driver service
[2025-05-26 20:26:59.411] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:27:02.558] GP driver service started
[2025-05-26 20:27:02.558] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\3c8ad2dae0b1bb536925b4e8d5a87e77c6134371eada2c7628358d6c6d3083dc.exe
[2025-05-26 20:27:02.559] Malware execution started
[2025-05-26 20:27:02.559] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:28:02.567] Taking screenshot
[2025-05-26 20:28:02.630] Taking screenshot done
[2025-05-26 20:28:02.630] Terminating malware: 3c8ad2dae0b1bb536925b4e8d5a87

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:28:16.382] Powering off VM done
[2025-05-26 20:28:19.382] Restoring snapshot 35
[2025-05-26 20:28:19.430] Restoring snapshot 35 done
[2025-05-26 20:28:19.430] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:28:19.430] ✅ Analysis completed successfully!
[2025-05-26 20:28:19.430] Progress: 15.0% (211/1408)
[2025-05-26 20:28:19.430] Successful: 211, Failed: 0
[2025-05-26 20:28:19.430] Time remaining: 47.2h
[2025-05-26 20:28:19.430] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:28:24.430] SAMPLE 212/1408
[2025-05-26 20:28:24.430] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:28:24.430] File: 3de2a56cc13e85bc214d583dbd101857a129b796dae0c499fb5045a1508231ef.exe
[2025-05-26 20:28:24.430] Path: D:\new\ransomware_high_confidence\blackcat\3de2a56cc13e85bc214d583dbd101857a129b796dae0c499fb5045a1508231ef.exe
[2025-05-26 20:28:24.430] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\3de2a56cc13e85bc214d583dbd101857a129b796dae0c499fb5045a1508231ef.exe
[2025-05-26 20:28:24.430] Malware execution time: 60 seconds
[2025-05-26 20:28:24.430] Restoring snapshot 35
[2025-05-26 20:28:24.606] Restoring snapshot 35 done
[2025-05-26 20:28:24.606] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:28:29.404] Starting up VM done
[2025-05-26 20:28:29.404] Installing kernel driver
[2025-05-26 20:28:29.404] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:28:32.556] Kernel driver installation completed
[2025-05-26 20:28:32.556] Starting GP driver service
[2025-05-26 20:28:32.556] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:28:35.711] GP driver service started
[2025-05-26 20:28:35.711] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\3de2a56cc13e85bc214d583dbd101857a129b796dae0c499fb5045a1508231ef.exe
[2025-05-26 20:28:35.712] Malware execution started
[2025-05-26 20:28:35.712] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:29:35.719] Taking screenshot
[2025-05-26 20:29:35.782] Taking screenshot done
[2025-05-26 20:29:35.782] Terminating malware: 3de2a56cc13e85bc214d583dbd101

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:29:49.539] Powering off VM done
[2025-05-26 20:29:52.539] Restoring snapshot 35
[2025-05-26 20:29:52.587] Restoring snapshot 35 done
[2025-05-26 20:29:52.587] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:29:52.587] ✅ Analysis completed successfully!
[2025-05-26 20:29:52.587] Progress: 15.1% (212/1408)
[2025-05-26 20:29:52.587] Successful: 212, Failed: 0
[2025-05-26 20:29:52.587] Time remaining: 47.1h
[2025-05-26 20:29:52.587] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:29:57.587] SAMPLE 213/1408
[2025-05-26 20:29:57.587] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:29:57.587] File: 3ed830b0803b63aca0a82661475c863801afd2e2b03c2675b05019d55f25a1f4.exe
[2025-05-26 20:29:57.587] Path: D:\new\ransomware_high_confidence\blackcat\3ed830b0803b63aca0a82661475c863801afd2e2b03c2675b05019d55f25a1f4.exe
[2025-05-26 20:29:57.587] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\3ed830b0803b63aca0a82661475c863801afd2e2b03c2675b05019d55f25a1f4.exe
[2025-05-26 20:29:57.588] Malware execution time: 60 seconds
[2025-05-26 20:29:57.588] Restoring snapshot 35
[2025-05-26 20:29:57.764] Restoring snapshot 35 done
[2025-05-26 20:29:57.764] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:30:02.593] Starting up VM done
[2025-05-26 20:30:02.593] Installing kernel driver
[2025-05-26 20:30:02.593] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:30:05.748] Kernel driver installation completed
[2025-05-26 20:30:05.748] Starting GP driver service
[2025-05-26 20:30:05.748] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:30:08.907] GP driver service started
[2025-05-26 20:30:08.907] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\3ed830b0803b63aca0a82661475c863801afd2e2b03c2675b05019d55f25a1f4.exe
[2025-05-26 20:30:08.907] Malware execution started
[2025-05-26 20:30:08.907] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:31:08.916] Taking screenshot
[2025-05-26 20:31:08.978] Taking screenshot done
[2025-05-26 20:31:08.978] Terminating malware: 3ed830b0803b63aca0a82661475c8

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:31:22.726] Powering off VM done
[2025-05-26 20:31:25.726] Restoring snapshot 35
[2025-05-26 20:31:25.773] Restoring snapshot 35 done
[2025-05-26 20:31:25.773] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:31:25.773] ✅ Analysis completed successfully!
[2025-05-26 20:31:25.773] Progress: 15.1% (213/1408)
[2025-05-26 20:31:25.773] Successful: 213, Failed: 0
[2025-05-26 20:31:25.773] Time remaining: 46.9h
[2025-05-26 20:31:25.774] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:31:30.774] SAMPLE 214/1408
[2025-05-26 20:31:30.774] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:31:30.774] File: 4fea41b61b2bd700fc6613c18c05aeb4df37bcbe777868081b0ed1076ee7aacb.exe
[2025-05-26 20:31:30.774] Path: D:\new\ransomware_high_confidence\blackcat\4fea41b61b2bd700fc6613c18c05aeb4df37bcbe777868081b0ed1076ee7aacb.exe
[2025-05-26 20:31:30.774] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\4fea41b61b2bd700fc6613c18c05aeb4df37bcbe777868081b0ed1076ee7aacb.exe
[2025-05-26 20:31:30.774] Malware execution time: 60 seconds
[2025-05-26 20:31:30.774] Restoring snapshot 35
[2025-05-26 20:31:30.950] Restoring snapshot 35 done
[2025-05-26 20:31:30.950] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:31:36.343] Starting up VM done
[2025-05-26 20:31:36.343] Installing kernel driver
[2025-05-26 20:31:36.343] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:31:39.502] Kernel driver installation completed
[2025-05-26 20:31:39.502] Starting GP driver service
[2025-05-26 20:31:39.502] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:31:42.651] GP driver service started
[2025-05-26 20:31:42.652] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\4fea41b61b2bd700fc6613c18c05aeb4df37bcbe777868081b0ed1076ee7aacb.exe
[2025-05-26 20:31:42.652] Malware execution started
[2025-05-26 20:31:42.652] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:32:42.660] Taking screenshot
[2025-05-26 20:32:42.722] Taking screenshot done
[2025-05-26 20:32:42.722] Terminating malware: 4fea41b61b2bd700fc6613c18c05a

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:32:56.494] Powering off VM done
[2025-05-26 20:32:59.494] Restoring snapshot 35
[2025-05-26 20:32:59.542] Restoring snapshot 35 done
[2025-05-26 20:32:59.542] Kernel telemetry analysis completed in 88.8 seconds.

[2025-05-26 20:32:59.542] ✅ Analysis completed successfully!
[2025-05-26 20:32:59.542] Progress: 15.2% (214/1408)
[2025-05-26 20:32:59.542] Successful: 214, Failed: 0
[2025-05-26 20:32:59.542] Time remaining: 46.8h
[2025-05-26 20:32:59.542] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:33:04.542] SAMPLE 215/1408
[2025-05-26 20:33:04.542] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:33:04.542] File: 59868f4b346bd401e067380cac69080709c86e06fae219bfb5bc17605a71ab3f.exe
[2025-05-26 20:33:04.542] Path: D:\new\ransomware_high_confidence\blackcat\59868f4b346bd401e067380cac69080709c86e06fae219bfb5bc17605a71ab3f.exe
[2025-05-26 20:33:04.542] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\59868f4b346bd401e067380cac69080709c86e06fae219bfb5bc17605a71ab3f.exe
[2025-05-26 20:33:04.542] Malware execution time: 60 seconds
[2025-05-26 20:33:04.542] Restoring snapshot 35
[2025-05-26 20:33:04.720] Restoring snapshot 35 done
[2025-05-26 20:33:04.720] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:33:10.006] Starting up VM done
[2025-05-26 20:33:10.006] Installing kernel driver
[2025-05-26 20:33:10.006] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:33:13.160] Kernel driver installation completed
[2025-05-26 20:33:13.160] Starting GP driver service
[2025-05-26 20:33:13.160] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:33:16.321] GP driver service started
[2025-05-26 20:33:16.321] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\59868f4b346bd401e067380cac69080709c86e06fae219bfb5bc17605a71ab3f.exe
[2025-05-26 20:33:16.322] Malware execution started
[2025-05-26 20:33:16.322] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:34:16.330] Taking screenshot
[2025-05-26 20:34:16.392] Taking screenshot done
[2025-05-26 20:34:16.392] Terminating malware: 59868f4b346bd401e067380cac690

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:34:30.134] Powering off VM done
[2025-05-26 20:34:33.134] Restoring snapshot 35
[2025-05-26 20:34:33.182] Restoring snapshot 35 done
[2025-05-26 20:34:33.182] Kernel telemetry analysis completed in 88.6 seconds.

[2025-05-26 20:34:33.182] ✅ Analysis completed successfully!
[2025-05-26 20:34:33.182] Progress: 15.3% (215/1408)
[2025-05-26 20:34:33.182] Successful: 215, Failed: 0
[2025-05-26 20:34:33.182] Time remaining: 46.7h
[2025-05-26 20:34:33.182] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:34:38.182] SAMPLE 216/1408
[2025-05-26 20:34:38.182] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:34:38.182] File: 5a604a8f0e72f3bf7901b7b67f881031a402ab8072269c00233a554df548f54d.exe
[2025-05-26 20:34:38.182] Path: D:\new\ransomware_high_confidence\blackcat\5a604a8f0e72f3bf7901b7b67f881031a402ab8072269c00233a554df548f54d.exe
[2025-05-26 20:34:38.182] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\5a604a8f0e72f3bf7901b7b67f881031a402ab8072269c00233a554df548f54d.exe
[2025-05-26 20:34:38.182] Malware execution time: 60 seconds
[2025-05-26 20:34:38.182] Restoring snapshot 35
[2025-05-26 20:34:38.359] Restoring snapshot 35 done
[2025-05-26 20:34:38.359] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:34:43.185] Starting up VM done
[2025-05-26 20:34:43.185] Installing kernel driver
[2025-05-26 20:34:43.185] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:34:46.349] Kernel driver installation completed
[2025-05-26 20:34:46.349] Starting GP driver service
[2025-05-26 20:34:46.349] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:34:49.497] GP driver service started
[2025-05-26 20:34:49.497] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\5a604a8f0e72f3bf7901b7b67f881031a402ab8072269c00233a554df548f54d.exe
[2025-05-26 20:34:49.498] Malware execution started
[2025-05-26 20:34:49.498] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:35:49.506] Taking screenshot
[2025-05-26 20:35:49.569] Taking screenshot done
[2025-05-26 20:35:49.569] Terminating malware: 5a604a8f0e72f3bf7901b7b67f881

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:36:03.303] Powering off VM done
[2025-05-26 20:36:06.303] Restoring snapshot 35
[2025-05-26 20:36:06.351] Restoring snapshot 35 done
[2025-05-26 20:36:06.351] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:36:06.351] ✅ Analysis completed successfully!
[2025-05-26 20:36:06.351] Progress: 15.3% (216/1408)
[2025-05-26 20:36:06.351] Successful: 216, Failed: 0
[2025-05-26 20:36:06.351] Time remaining: 46.6h
[2025-05-26 20:36:06.351] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:36:11.351] SAMPLE 217/1408
[2025-05-26 20:36:11.351] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:36:11.352] File: 655abd0b5067ec53b25ea387c9aebe0fbafd5209e53bc7447c7d7425cb76b175.exe
[2025-05-26 20:36:11.352] Path: D:\new\ransomware_high_confidence\blackcat\655abd0b5067ec53b25ea387c9aebe0fbafd5209e53bc7447c7d7425cb76b175.exe
[2025-05-26 20:36:11.352] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\655abd0b5067ec53b25ea387c9aebe0fbafd5209e53bc7447c7d7425cb76b175.exe
[2025-05-26 20:36:11.352] Malware execution time: 60 seconds
[2025-05-26 20:36:11.352] Restoring snapshot 35
[2025-05-26 20:36:11.528] Restoring snapshot 35 done
[2025-05-26 20:36:11.528] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:36:16.359] Starting up VM done
[2025-05-26 20:36:16.359] Installing kernel driver
[2025-05-26 20:36:16.359] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:36:19.530] Kernel driver installation completed
[2025-05-26 20:36:19.530] Starting GP driver service
[2025-05-26 20:36:19.530] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:36:22.683] GP driver service started
[2025-05-26 20:36:22.683] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\655abd0b5067ec53b25ea387c9aebe0fbafd5209e53bc7447c7d7425cb76b175.exe
[2025-05-26 20:36:22.684] Malware execution started
[2025-05-26 20:36:22.684] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:37:22.692] Taking screenshot
[2025-05-26 20:37:22.754] Taking screenshot done
[2025-05-26 20:37:22.754] Terminating malware: 655abd0b5067ec53b25ea387c9aeb

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:37:36.486] Powering off VM done
[2025-05-26 20:37:39.486] Restoring snapshot 35
[2025-05-26 20:37:39.534] Restoring snapshot 35 done
[2025-05-26 20:37:39.534] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:37:39.534] ✅ Analysis completed successfully!
[2025-05-26 20:37:39.534] Progress: 15.4% (217/1408)
[2025-05-26 20:37:39.534] Successful: 217, Failed: 0
[2025-05-26 20:37:39.534] Time remaining: 46.5h
[2025-05-26 20:37:39.534] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:37:44.534] SAMPLE 218/1408
[2025-05-26 20:37:44.534] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:37:44.534] File: 6660d0e87a142ab1bde4521d9c6f5e148490b05a57c71122e28280b35452e896.exe
[2025-05-26 20:37:44.534] Path: D:\new\ransomware_high_confidence\blackcat\6660d0e87a142ab1bde4521d9c6f5e148490b05a57c71122e28280b35452e896.exe
[2025-05-26 20:37:44.534] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\6660d0e87a142ab1bde4521d9c6f5e148490b05a57c71122e28280b35452e896.exe
[2025-05-26 20:37:44.534] Malware execution time: 60 seconds
[2025-05-26 20:37:44.534] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:37:44.776] Restoring snapshot 35 done
[2025-05-26 20:37:44.777] Starting up VM
[2025-05-26 20:37:49.600] Starting up VM done
[2025-05-26 20:37:49.600] Installing kernel driver
[2025-05-26 20:37:49.600] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:37:52.752] Kernel driver installation completed
[2025-05-26 20:37:52.752] Starting GP driver service
[2025-05-26 20:37:52.752] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:37:55.904] GP driver service started
[2025-05-26 20:37:55.905] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\6660d0e87a142ab1bde4521d9c6f5e148490b05a57c71122e28280b35452e896.exe
[2025-05-26 20:37:55.905] Malware execution started
[2025-05-26 20:37:55.905] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:38:55.913] Taking screenshot
[2025-05-26 20:38:55.976] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:39:09.731] Powering off VM done
[2025-05-26 20:39:12.732] Restoring snapshot 35
[2025-05-26 20:39:12.782] Restoring snapshot 35 done
[2025-05-26 20:39:12.782] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:39:12.782] ✅ Analysis completed successfully!
[2025-05-26 20:39:12.782] Progress: 15.5% (218/1408)
[2025-05-26 20:39:12.782] Successful: 218, Failed: 0
[2025-05-26 20:39:12.782] Time remaining: 46.4h
[2025-05-26 20:39:12.782] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:39:17.782] SAMPLE 219/1408
[2025-05-26 20:39:17.782] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:39:17.782] File: 67d1f4077e929385cfd869bf279892bf10a2c8f0af4119e4bc15a2add9461fec.exe
[2025-05-26 20:39:17.782] Path: D:\new\ransomware_high_confidence\blackcat\67d1f4077e929385cfd869bf279892bf10a2c8f0af4119e4bc15a2add9461fec.exe
[2025-05-26 20:39:17.782] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\67d1f4077e929385cfd869bf279892bf10a2c8f0af4119e4bc15a2add9461fec.exe
[2025-05-26 20:39:17.782] Malware execution time: 60 seconds
[2025-05-26 20:39:17.782] Restoring snapshot 35
[2025-05-26 20:39:17.959] Restoring snapshot 35 done
[2025-05-26 20:39:17.959] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:39:22.862] Starting up VM done
[2025-05-26 20:39:22.862] Installing kernel driver
[2025-05-26 20:39:22.862] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:39:26.018] Kernel driver installation completed
[2025-05-26 20:39:26.018] Starting GP driver service
[2025-05-26 20:39:26.018] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:39:29.169] GP driver service started
[2025-05-26 20:39:29.170] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\67d1f4077e929385cfd869bf279892bf10a2c8f0af4119e4bc15a2add9461fec.exe
[2025-05-26 20:39:29.170] Malware execution started
[2025-05-26 20:39:29.170] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:40:29.178] Taking screenshot
[2025-05-26 20:40:29.240] Taking screenshot done
[2025-05-26 20:40:29.240] Terminating malware: 67d1f4077e929385cfd869bf27989

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:40:42.973] Powering off VM done
[2025-05-26 20:40:45.973] Restoring snapshot 35
[2025-05-26 20:40:46.021] Restoring snapshot 35 done
[2025-05-26 20:40:46.021] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:40:46.021] ✅ Analysis completed successfully!
[2025-05-26 20:40:46.021] Progress: 15.6% (219/1408)
[2025-05-26 20:40:46.021] Successful: 219, Failed: 0
[2025-05-26 20:40:46.021] Time remaining: 46.3h
[2025-05-26 20:40:46.021] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:40:51.021] SAMPLE 220/1408
[2025-05-26 20:40:51.021] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:40:51.021] File: 6dd995d896a9a593b2c48d09da60bd83866d8577273f36d38788d83ad8173e68.exe
[2025-05-26 20:40:51.021] Path: D:\new\ransomware_high_confidence\blackcat\6dd995d896a9a593b2c48d09da60bd83866d8577273f36d38788d83ad8173e68.exe
[2025-05-26 20:40:51.021] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\6dd995d896a9a593b2c48d09da60bd83866d8577273f36d38788d83ad8173e68.exe
[2025-05-26 20:40:51.021] Malware execution time: 60 seconds
[2025-05-26 20:40:51.021] Restoring snapshot 35
[2025-05-26 20:40:51.197] Restoring snapshot 35 done
[2025-05-26 20:40:51.197] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:40:55.000] Starting up VM done
[2025-05-26 20:40:55.000] Installing kernel driver
[2025-05-26 20:40:55.000] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:40:59.157] Kernel driver installation completed
[2025-05-26 20:40:59.157] Starting GP driver service
[2025-05-26 20:40:59.157] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:41:02.310] GP driver service started
[2025-05-26 20:41:02.310] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\6dd995d896a9a593b2c48d09da60bd83866d8577273f36d38788d83ad8173e68.exe
[2025-05-26 20:41:02.310] Malware execution started
[2025-05-26 20:41:02.310] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:42:02.318] Taking screenshot
[2025-05-26 20:42:02.381] Taking screenshot done
[2025-05-26 20:42:02.381] Terminating malware: 6dd995d896a9a593b2c48d09da60b

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:42:16.126] Powering off VM done
[2025-05-26 20:42:19.126] Restoring snapshot 35
[2025-05-26 20:42:19.174] Restoring snapshot 35 done
[2025-05-26 20:42:19.174] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:42:19.174] ✅ Analysis completed successfully!
[2025-05-26 20:42:19.174] Progress: 15.6% (220/1408)
[2025-05-26 20:42:19.174] Successful: 220, Failed: 0
[2025-05-26 20:42:19.174] Time remaining: 46.2h
[2025-05-26 20:42:19.174] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:42:24.175] SAMPLE 221/1408
[2025-05-26 20:42:24.175] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:42:24.175] File: 731adcf2d7fb61a8335e23dbee2436249e5d5753977ec465754c6b699e9bf161.exe
[2025-05-26 20:42:24.175] Path: D:\new\ransomware_high_confidence\blackcat\731adcf2d7fb61a8335e23dbee2436249e5d5753977ec465754c6b699e9bf161.exe
[2025-05-26 20:42:24.175] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\731adcf2d7fb61a8335e23dbee2436249e5d5753977ec465754c6b699e9bf161.exe
[2025-05-26 20:42:24.175] Malware execution time: 60 seconds
[2025-05-26 20:42:24.175] Restoring snapshot 35
[2025-05-26 20:42:24.351] Restoring snapshot 35 done
[2025-05-26 20:42:24.351] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:42:29.227] Starting up VM done
[2025-05-26 20:42:29.227] Installing kernel driver
[2025-05-26 20:42:29.227] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:42:32.379] Kernel driver installation completed
[2025-05-26 20:42:32.379] Starting GP driver service
[2025-05-26 20:42:32.379] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:42:35.530] GP driver service started
[2025-05-26 20:42:35.530] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\731adcf2d7fb61a8335e23dbee2436249e5d5753977ec465754c6b699e9bf161.exe
[2025-05-26 20:42:35.531] Malware execution started
[2025-05-26 20:42:35.531] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:43:35.540] Taking screenshot
[2025-05-26 20:43:35.603] Taking screenshot done
[2025-05-26 20:43:35.603] Terminating malware: 731adcf2d7fb61a8335e23dbee243

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:43:49.695] Powering off VM done
[2025-05-26 20:43:52.695] Restoring snapshot 35
[2025-05-26 20:43:52.746] Restoring snapshot 35 done
[2025-05-26 20:43:52.746] Kernel telemetry analysis completed in 88.6 seconds.

[2025-05-26 20:43:52.746] ✅ Analysis completed successfully!
[2025-05-26 20:43:52.746] Progress: 15.7% (221/1408)
[2025-05-26 20:43:52.746] Successful: 221, Failed: 0
[2025-05-26 20:43:52.746] Time remaining: 46.1h
[2025-05-26 20:43:52.746] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:43:57.746] SAMPLE 222/1408
[2025-05-26 20:43:57.746] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:43:57.746] File: 74abc075fc1d5c8985c952afc25a48ba874e76f96af4dc33414e84db9e10b9ee.exe
[2025-05-26 20:43:57.746] Path: D:\new\ransomware_high_confidence\blackcat\74abc075fc1d5c8985c952afc25a48ba874e76f96af4dc33414e84db9e10b9ee.exe
[2025-05-26 20:43:57.746] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\74abc075fc1d5c8985c952afc25a48ba874e76f96af4dc33414e84db9e10b9ee.exe
[2025-05-26 20:43:57.746] Malware execution time: 60 seconds
[2025-05-26 20:43:57.746] Restoring snapshot 35
[2025-05-26 20:43:57.924] Restoring snapshot 35 done
[2025-05-26 20:43:57.924] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:44:02.789] Starting up VM done
[2025-05-26 20:44:02.789] Installing kernel driver
[2025-05-26 20:44:02.789] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:44:05.943] Kernel driver installation completed
[2025-05-26 20:44:05.943] Starting GP driver service
[2025-05-26 20:44:05.943] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:44:09.102] GP driver service started
[2025-05-26 20:44:09.102] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\74abc075fc1d5c8985c952afc25a48ba874e76f96af4dc33414e84db9e10b9ee.exe
[2025-05-26 20:44:09.103] Malware execution started
[2025-05-26 20:44:09.103] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:45:09.110] Taking screenshot
[2025-05-26 20:45:09.172] Taking screenshot done
[2025-05-26 20:45:09.172] Terminating malware: 74abc075fc1d5c8985c952afc25a4

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:45:22.923] Powering off VM done
[2025-05-26 20:45:25.924] Restoring snapshot 35
[2025-05-26 20:45:25.971] Restoring snapshot 35 done
[2025-05-26 20:45:25.971] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:45:25.971] ✅ Analysis completed successfully!
[2025-05-26 20:45:25.971] Progress: 15.8% (222/1408)
[2025-05-26 20:45:25.971] Successful: 222, Failed: 0
[2025-05-26 20:45:25.971] Time remaining: 45.9h
[2025-05-26 20:45:25.971] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:45:30.972] SAMPLE 223/1408
[2025-05-26 20:45:30.972] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:45:30.972] File: 79802d6a6be8433720857d2b53b46f8011ec734a237aae1c3c1fea50ff683c13.exe
[2025-05-26 20:45:30.972] Path: D:\new\ransomware_high_confidence\blackcat\79802d6a6be8433720857d2b53b46f8011ec734a237aae1c3c1fea50ff683c13.exe
[2025-05-26 20:45:30.972] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\79802d6a6be8433720857d2b53b46f8011ec734a237aae1c3c1fea50ff683c13.exe
[2025-05-26 20:45:30.972] Malware execution time: 60 seconds
[2025-05-26 20:45:30.972] Restoring snapshot 35
[2025-05-26 20:45:31.148] Restoring snapshot 35 done
[2025-05-26 20:45:31.148] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:45:35.942] Starting up VM done
[2025-05-26 20:45:35.942] Installing kernel driver
[2025-05-26 20:45:35.942] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:45:39.102] Kernel driver installation completed
[2025-05-26 20:45:39.103] Starting GP driver service
[2025-05-26 20:45:39.103] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:45:42.250] GP driver service started
[2025-05-26 20:45:42.250] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\79802d6a6be8433720857d2b53b46f8011ec734a237aae1c3c1fea50ff683c13.exe
[2025-05-26 20:45:42.250] Malware execution started
[2025-05-26 20:45:42.250] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:46:42.258] Taking screenshot
[2025-05-26 20:46:42.320] Taking screenshot done
[2025-05-26 20:46:42.320] Terminating malware: 79802d6a6be8433720857d2b53b46

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:46:56.054] Powering off VM done
[2025-05-26 20:46:59.054] Restoring snapshot 35
[2025-05-26 20:46:59.104] Restoring snapshot 35 done
[2025-05-26 20:46:59.104] Kernel telemetry analysis completed in 88.1 seconds.

[2025-05-26 20:46:59.104] ✅ Analysis completed successfully!
[2025-05-26 20:46:59.104] Progress: 15.8% (223/1408)
[2025-05-26 20:46:59.104] Successful: 223, Failed: 0
[2025-05-26 20:46:59.104] Time remaining: 45.8h
[2025-05-26 20:46:59.104] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:47:04.104] SAMPLE 224/1408
[2025-05-26 20:47:04.104] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:47:04.104] File: 7b2449bb8be1b37a9d580c2592a67a759a3116fe640041d0f36dc93ca3db4487.exe
[2025-05-26 20:47:04.104] Path: D:\new\ransomware_high_confidence\blackcat\7b2449bb8be1b37a9d580c2592a67a759a3116fe640041d0f36dc93ca3db4487.exe
[2025-05-26 20:47:04.104] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\7b2449bb8be1b37a9d580c2592a67a759a3116fe640041d0f36dc93ca3db4487.exe
[2025-05-26 20:47:04.104] Malware execution time: 60 seconds
[2025-05-26 20:47:04.104] Restoring snapshot 35
[2025-05-26 20:47:04.280] Restoring snapshot 35 done
[2025-05-26 20:47:04.280] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:47:09.111] Starting up VM done
[2025-05-26 20:47:09.111] Installing kernel driver
[2025-05-26 20:47:09.111] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:47:12.276] Kernel driver installation completed
[2025-05-26 20:47:12.276] Starting GP driver service
[2025-05-26 20:47:12.276] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:47:15.426] GP driver service started
[2025-05-26 20:47:15.426] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\7b2449bb8be1b37a9d580c2592a67a759a3116fe640041d0f36dc93ca3db4487.exe
[2025-05-26 20:47:15.426] Malware execution started
[2025-05-26 20:47:15.426] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:48:15.434] Taking screenshot
[2025-05-26 20:48:15.497] Taking screenshot done
[2025-05-26 20:48:15.497] Terminating malware: 7b2449bb8be1b37a9d580c2592a67

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:48:29.420] Powering off VM done
[2025-05-26 20:48:32.421] Restoring snapshot 35
[2025-05-26 20:48:32.468] Restoring snapshot 35 done
[2025-05-26 20:48:32.468] Kernel telemetry analysis completed in 88.4 seconds.

[2025-05-26 20:48:32.468] ✅ Analysis completed successfully!
[2025-05-26 20:48:32.468] Progress: 15.9% (224/1408)
[2025-05-26 20:48:32.468] Successful: 224, Failed: 0
[2025-05-26 20:48:32.468] Time remaining: 45.7h
[2025-05-26 20:48:32.469] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:48:37.469] SAMPLE 225/1408
[2025-05-26 20:48:37.469] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:48:37.469] File: 7bb383b31d1b415bc067e612203cc6bda53e914f7ca5291299e92f59d47cabf8.exe
[2025-05-26 20:48:37.469] Path: D:\new\ransomware_high_confidence\blackcat\7bb383b31d1b415bc067e612203cc6bda53e914f7ca5291299e92f59d47cabf8.exe
[2025-05-26 20:48:37.469] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\7bb383b31d1b415bc067e612203cc6bda53e914f7ca5291299e92f59d47cabf8.exe
[2025-05-26 20:48:37.469] Malware execution time: 60 seconds
[2025-05-26 20:48:37.469] Restoring snapshot 35
[2025-05-26 20:48:37.647] Restoring snapshot 35 done
[2025-05-26 20:48:37.647] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:48:42.478] Starting up VM done
[2025-05-26 20:48:42.478] Installing kernel driver
[2025-05-26 20:48:42.478] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:48:45.632] Kernel driver installation completed
[2025-05-26 20:48:45.632] Starting GP driver service
[2025-05-26 20:48:45.632] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:48:48.785] GP driver service started
[2025-05-26 20:48:48.785] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\7bb383b31d1b415bc067e612203cc6bda53e914f7ca5291299e92f59d47cabf8.exe
[2025-05-26 20:48:48.786] Malware execution started
[2025-05-26 20:48:48.786] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:49:48.794] Taking screenshot
[2025-05-26 20:49:48.856] Taking screenshot done
[2025-05-26 20:49:48.856] Terminating malware: 7bb383b31d1b415bc067e612203cc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:50:02.595] Powering off VM done
[2025-05-26 20:50:05.596] Restoring snapshot 35
[2025-05-26 20:50:05.643] Restoring snapshot 35 done
[2025-05-26 20:50:05.643] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:50:05.643] ✅ Analysis completed successfully!
[2025-05-26 20:50:05.643] Progress: 16.0% (225/1408)
[2025-05-26 20:50:05.643] Successful: 225, Failed: 0
[2025-05-26 20:50:05.643] Time remaining: 45.6h
[2025-05-26 20:50:05.643] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:50:10.644] SAMPLE 226/1408
[2025-05-26 20:50:10.644] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:50:10.644] File: 82479ba19531a5b3f108f21f939190de2073395a708bb4446d6acc398518b802.exe
[2025-05-26 20:50:10.644] Path: D:\new\ransomware_high_confidence\blackcat\82479ba19531a5b3f108f21f939190de2073395a708bb4446d6acc398518b802.exe
[2025-05-26 20:50:10.644] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\82479ba19531a5b3f108f21f939190de2073395a708bb4446d6acc398518b802.exe
[2025-05-26 20:50:10.644] Malware execution time: 60 seconds
[2025-05-26 20:50:10.644] Restoring snapshot 35
[2025-05-26 20:50:10.820] Restoring snapshot 35 done
[2025-05-26 20:50:10.820] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:50:16.233] Starting up VM done
[2025-05-26 20:50:16.233] Installing kernel driver
[2025-05-26 20:50:16.233] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:50:19.395] Kernel driver installation completed
[2025-05-26 20:50:19.395] Starting GP driver service
[2025-05-26 20:50:19.395] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:50:22.550] GP driver service started
[2025-05-26 20:50:22.550] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\82479ba19531a5b3f108f21f939190de2073395a708bb4446d6acc398518b802.exe
[2025-05-26 20:50:22.550] Malware execution started
[2025-05-26 20:50:22.550] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:51:22.559] Taking screenshot
[2025-05-26 20:51:22.622] Taking screenshot done
[2025-05-26 20:51:22.622] Terminating malware: 82479ba19531a5b3f108f21f93919

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:51:36.364] Powering off VM done
[2025-05-26 20:51:39.365] Restoring snapshot 35
[2025-05-26 20:51:39.412] Restoring snapshot 35 done
[2025-05-26 20:51:39.412] Kernel telemetry analysis completed in 88.8 seconds.

[2025-05-26 20:51:39.412] ✅ Analysis completed successfully!
[2025-05-26 20:51:39.412] Progress: 16.1% (226/1408)
[2025-05-26 20:51:39.412] Successful: 226, Failed: 0
[2025-05-26 20:51:39.412] Time remaining: 45.5h
[2025-05-26 20:51:39.412] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:51:44.412] SAMPLE 227/1408
[2025-05-26 20:51:44.412] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:51:44.412] File: 87a14583b72250a660b74f1e475a268f95285820d72fbd5115f1b8c6ec787a9a.exe
[2025-05-26 20:51:44.412] Path: D:\new\ransomware_high_confidence\blackcat\87a14583b72250a660b74f1e475a268f95285820d72fbd5115f1b8c6ec787a9a.exe
[2025-05-26 20:51:44.412] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\87a14583b72250a660b74f1e475a268f95285820d72fbd5115f1b8c6ec787a9a.exe
[2025-05-26 20:51:44.412] Malware execution time: 60 seconds
[2025-05-26 20:51:44.412] Restoring snapshot 35
[2025-05-26 20:51:44.588] Restoring snapshot 35 done
[2025-05-26 20:51:44.588] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:51:49.413] Starting up VM done
[2025-05-26 20:51:49.413] Installing kernel driver
[2025-05-26 20:51:49.413] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:51:52.566] Kernel driver installation completed
[2025-05-26 20:51:52.566] Starting GP driver service
[2025-05-26 20:51:52.566] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:51:55.719] GP driver service started
[2025-05-26 20:51:55.719] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\87a14583b72250a660b74f1e475a268f95285820d72fbd5115f1b8c6ec787a9a.exe
[2025-05-26 20:51:55.720] Malware execution started
[2025-05-26 20:51:55.720] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:52:55.728] Taking screenshot
[2025-05-26 20:52:55.790] Taking screenshot done
[2025-05-26 20:52:55.790] Terminating malware: 87a14583b72250a660b74f1e475a2

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:53:09.545] Powering off VM done
[2025-05-26 20:53:12.545] Restoring snapshot 35
[2025-05-26 20:53:12.594] Restoring snapshot 35 done
[2025-05-26 20:53:12.594] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:53:12.594] ✅ Analysis completed successfully!
[2025-05-26 20:53:12.594] Progress: 16.1% (227/1408)
[2025-05-26 20:53:12.594] Successful: 227, Failed: 0
[2025-05-26 20:53:12.594] Time remaining: 45.4h
[2025-05-26 20:53:12.594] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:53:17.594] SAMPLE 228/1408
[2025-05-26 20:53:17.594] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:53:17.594] File: 8a22a91c931ac80ca91cf91fef678c4bee00e3eb5ad24f209bc8595e012ba5b0.exe
[2025-05-26 20:53:17.594] Path: D:\new\ransomware_high_confidence\blackcat\8a22a91c931ac80ca91cf91fef678c4bee00e3eb5ad24f209bc8595e012ba5b0.exe
[2025-05-26 20:53:17.594] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\8a22a91c931ac80ca91cf91fef678c4bee00e3eb5ad24f209bc8595e012ba5b0.exe
[2025-05-26 20:53:17.594] Malware execution time: 60 seconds
[2025-05-26 20:53:17.594] Restoring snapshot 35
[2025-05-26 20:53:17.772] Restoring snapshot 35 done
[2025-05-26 20:53:17.772] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:53:22.584] Starting up VM done
[2025-05-26 20:53:22.584] Installing kernel driver
[2025-05-26 20:53:22.584] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:53:25.748] Kernel driver installation completed
[2025-05-26 20:53:25.748] Starting GP driver service
[2025-05-26 20:53:25.748] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:53:28.905] GP driver service started
[2025-05-26 20:53:28.905] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\8a22a91c931ac80ca91cf91fef678c4bee00e3eb5ad24f209bc8595e012ba5b0.exe
[2025-05-26 20:53:28.905] Malware execution started
[2025-05-26 20:53:28.905] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:54:28.913] Taking screenshot
[2025-05-26 20:54:28.976] Taking screenshot done
[2025-05-26 20:54:28.976] Terminating malware: 8a22a91c931ac80ca91cf91fef678

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:54:42.736] Powering off VM done
[2025-05-26 20:54:45.736] Restoring snapshot 35
[2025-05-26 20:54:45.785] Restoring snapshot 35 done
[2025-05-26 20:54:45.785] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:54:45.785] ✅ Analysis completed successfully!
[2025-05-26 20:54:45.785] Progress: 16.2% (228/1408)
[2025-05-26 20:54:45.785] Successful: 228, Failed: 0
[2025-05-26 20:54:45.785] Time remaining: 45.3h
[2025-05-26 20:54:45.785] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:54:50.785] SAMPLE 229/1408
[2025-05-26 20:54:50.785] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:54:50.785] File: 942946c6ae139b1f1efc91262f91034542eb75b80c3c66c10d69dda014d706d6.exe
[2025-05-26 20:54:50.785] Path: D:\new\ransomware_high_confidence\blackcat\942946c6ae139b1f1efc91262f91034542eb75b80c3c66c10d69dda014d706d6.exe
[2025-05-26 20:54:50.785] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\942946c6ae139b1f1efc91262f91034542eb75b80c3c66c10d69dda014d706d6.exe
[2025-05-26 20:54:50.785] Malware execution time: 60 seconds
[2025-05-26 20:54:50.785] Restoring snapshot 35
[2025-05-26 20:54:50.962] Restoring snapshot 35 done
[2025-05-26 20:54:50.962] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:54:55.764] Starting up VM done
[2025-05-26 20:54:55.764] Installing kernel driver
[2025-05-26 20:54:55.764] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:54:58.915] Kernel driver installation completed
[2025-05-26 20:54:58.916] Starting GP driver service
[2025-05-26 20:54:58.916] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:55:02.063] GP driver service started
[2025-05-26 20:55:02.063] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\942946c6ae139b1f1efc91262f91034542eb75b80c3c66c10d69dda014d706d6.exe
[2025-05-26 20:55:02.063] Malware execution started
[2025-05-26 20:55:02.063] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:56:02.072] Taking screenshot
[2025-05-26 20:56:02.137] Taking screenshot done
[2025-05-26 20:56:02.137] Terminating malware: 942946c6ae139b1f1efc91262f910

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:56:16.326] Powering off VM done
[2025-05-26 20:56:19.326] Restoring snapshot 35
[2025-05-26 20:56:19.375] Restoring snapshot 35 done
[2025-05-26 20:56:19.375] Kernel telemetry analysis completed in 88.6 seconds.

[2025-05-26 20:56:19.375] ✅ Analysis completed successfully!
[2025-05-26 20:56:19.375] Progress: 16.3% (229/1408)
[2025-05-26 20:56:19.375] Successful: 229, Failed: 0
[2025-05-26 20:56:19.375] Time remaining: 45.2h
[2025-05-26 20:56:19.375] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:56:24.375] SAMPLE 230/1408
[2025-05-26 20:56:24.375] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:56:24.375] File: 94e56379b7a31b01cf826076a74fc4ddb7f86f7991a6f58300f28712d484aa33.exe
[2025-05-26 20:56:24.375] Path: D:\new\ransomware_high_confidence\blackcat\94e56379b7a31b01cf826076a74fc4ddb7f86f7991a6f58300f28712d484aa33.exe
[2025-05-26 20:56:24.375] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\94e56379b7a31b01cf826076a74fc4ddb7f86f7991a6f58300f28712d484aa33.exe
[2025-05-26 20:56:24.375] Malware execution time: 60 seconds
[2025-05-26 20:56:24.375] Restoring snapshot 35
[2025-05-26 20:56:24.551] Restoring snapshot 35 done
[2025-05-26 20:56:24.551] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:56:29.390] Starting up VM done
[2025-05-26 20:56:29.390] Installing kernel driver
[2025-05-26 20:56:29.390] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:56:32.545] Kernel driver installation completed
[2025-05-26 20:56:32.545] Starting GP driver service
[2025-05-26 20:56:32.545] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:56:35.701] GP driver service started
[2025-05-26 20:56:35.701] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\94e56379b7a31b01cf826076a74fc4ddb7f86f7991a6f58300f28712d484aa33.exe
[2025-05-26 20:56:35.701] Malware execution started
[2025-05-26 20:56:35.701] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:57:35.710] Taking screenshot
[2025-05-26 20:57:35.772] Taking screenshot done
[2025-05-26 20:57:35.772] Terminating malware: 94e56379b7a31b01cf826076a74fc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:57:49.524] Powering off VM done
[2025-05-26 20:57:52.524] Restoring snapshot 35
[2025-05-26 20:57:52.572] Restoring snapshot 35 done
[2025-05-26 20:57:52.572] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:57:52.572] ✅ Analysis completed successfully!
[2025-05-26 20:57:52.572] Progress: 16.3% (230/1408)
[2025-05-26 20:57:52.572] Successful: 230, Failed: 0
[2025-05-26 20:57:52.572] Time remaining: 45.1h
[2025-05-26 20:57:52.572] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:57:57.572] SAMPLE 231/1408
[2025-05-26 20:57:57.572] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:57:57.572] File: 99d09068ac1b9d6db4f8bcff698ffff8e112a506c0f01afff460c5a3b1393ef8.exe
[2025-05-26 20:57:57.572] Path: D:\new\ransomware_high_confidence\blackcat\99d09068ac1b9d6db4f8bcff698ffff8e112a506c0f01afff460c5a3b1393ef8.exe
[2025-05-26 20:57:57.572] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\99d09068ac1b9d6db4f8bcff698ffff8e112a506c0f01afff460c5a3b1393ef8.exe
[2025-05-26 20:57:57.572] Malware execution time: 60 seconds
[2025-05-26 20:57:57.572] Restoring snapshot 35
[2025-05-26 20:57:57.750] Restoring snapshot 35 done
[2025-05-26 20:57:57.750] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:58:02.541] Starting up VM done
[2025-05-26 20:58:02.541] Installing kernel driver
[2025-05-26 20:58:02.541] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:58:05.713] Kernel driver installation completed
[2025-05-26 20:58:05.713] Starting GP driver service
[2025-05-26 20:58:05.713] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:58:08.871] GP driver service started
[2025-05-26 20:58:08.871] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\99d09068ac1b9d6db4f8bcff698ffff8e112a506c0f01afff460c5a3b1393ef8.exe
[2025-05-26 20:58:08.872] Malware execution started
[2025-05-26 20:58:08.872] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 20:59:08.880] Taking screenshot
[2025-05-26 20:59:08.942] Taking screenshot done
[2025-05-26 20:59:08.942] Terminating malware: 99d09068ac1b9d6db4f8bcff698ff

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:59:22.696] Powering off VM done
[2025-05-26 20:59:25.697] Restoring snapshot 35
[2025-05-26 20:59:25.744] Restoring snapshot 35 done
[2025-05-26 20:59:25.745] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 20:59:25.745] ✅ Analysis completed successfully!
[2025-05-26 20:59:25.745] Progress: 16.4% (231/1408)
[2025-05-26 20:59:25.745] Successful: 231, Failed: 0
[2025-05-26 20:59:25.745] Time remaining: 45.0h
[2025-05-26 20:59:25.745] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:59:30.745] SAMPLE 232/1408
[2025-05-26 20:59:30.745] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 20:59:30.745] File: 9f6876762614e407d0ee6005f165dd4bbd12cb21986abc4a3a5c7dc6271fcdc3.exe
[2025-05-26 20:59:30.745] Path: D:\new\ransomware_high_confidence\blackcat\9f6876762614e407d0ee6005f165dd4bbd12cb21986abc4a3a5c7dc6271fcdc3.exe
[2025-05-26 20:59:30.745] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\9f6876762614e407d0ee6005f165dd4bbd12cb21986abc4a3a5c7dc6271fcdc3.exe
[2025-05-26 20:59:30.745] Malware execution time: 60 seconds
[2025-05-26 20:59:30.745] Restoring snapshot 35
[2025-05-26 20:59:30.921] Restoring snapshot 35 done
[2025-05-26 20:59:30.921] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 20:59:35.827] Starting up VM done
[2025-05-26 20:59:35.827] Installing kernel driver
[2025-05-26 20:59:35.827] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 20:59:38.981] Kernel driver installation completed
[2025-05-26 20:59:38.981] Starting GP driver service
[2025-05-26 20:59:38.981] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 20:59:42.135] GP driver service started
[2025-05-26 20:59:42.135] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\9f6876762614e407d0ee6005f165dd4bbd12cb21986abc4a3a5c7dc6271fcdc3.exe
[2025-05-26 20:59:42.136] Malware execution started
[2025-05-26 20:59:42.136] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:00:42.144] Taking screenshot
[2025-05-26 21:00:42.207] Taking screenshot done
[2025-05-26 21:00:42.207] Terminating malware: 9f6876762614e407d0ee6005f165d

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:00:56.262] Powering off VM done
[2025-05-26 21:00:59.262] Restoring snapshot 35
[2025-05-26 21:00:59.310] Restoring snapshot 35 done
[2025-05-26 21:00:59.310] Kernel telemetry analysis completed in 88.6 seconds.

[2025-05-26 21:00:59.310] ✅ Analysis completed successfully!
[2025-05-26 21:00:59.310] Progress: 16.5% (232/1408)
[2025-05-26 21:00:59.310] Successful: 232, Failed: 0
[2025-05-26 21:00:59.310] Time remaining: 44.9h
[2025-05-26 21:00:59.310] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:01:04.310] SAMPLE 233/1408
[2025-05-26 21:01:04.310] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 21:01:04.310] File: 9fb1067dd3edf3d517517e9c191f3f07067bf30aa034a36ebf6543d83cea5ec1.exe
[2025-05-26 21:01:04.310] Path: D:\new\ransomware_high_confidence\blackcat\9fb1067dd3edf3d517517e9c191f3f07067bf30aa034a36ebf6543d83cea5ec1.exe
[2025-05-26 21:01:04.310] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\9fb1067dd3edf3d517517e9c191f3f07067bf30aa034a36ebf6543d83cea5ec1.exe
[2025-05-26 21:01:04.310] Malware execution time: 60 seconds
[2025-05-26 21:01:04.310] Restoring snapshot 35
[2025-05-26 21:01:04.489] Restoring snapshot 35 done
[2025-05-26 21:01:04.489] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:01:09.337] Starting up VM done
[2025-05-26 21:01:09.337] Installing kernel driver
[2025-05-26 21:01:09.337] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:01:12.492] Kernel driver installation completed
[2025-05-26 21:01:12.492] Starting GP driver service
[2025-05-26 21:01:12.492] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:01:15.650] GP driver service started
[2025-05-26 21:01:15.650] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\9fb1067dd3edf3d517517e9c191f3f07067bf30aa034a36ebf6543d83cea5ec1.exe
[2025-05-26 21:01:15.650] Malware execution started
[2025-05-26 21:01:15.650] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:02:15.658] Taking screenshot
[2025-05-26 21:02:15.721] Taking screenshot done
[2025-05-26 21:02:15.721] Terminating malware: 9fb1067dd3edf3d517517e9c191f3

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:02:29.477] Powering off VM done
[2025-05-26 21:02:32.477] Restoring snapshot 35
[2025-05-26 21:02:32.526] Restoring snapshot 35 done
[2025-05-26 21:02:32.526] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 21:02:32.527] ✅ Analysis completed successfully!
[2025-05-26 21:02:32.527] Progress: 16.5% (233/1408)
[2025-05-26 21:02:32.527] Successful: 233, Failed: 0
[2025-05-26 21:02:32.527] Time remaining: 44.8h
[2025-05-26 21:02:32.527] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:02:37.527] SAMPLE 234/1408
[2025-05-26 21:02:37.527] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 21:02:37.527] File: a15f278540238f0308608e76a76c01c60e04f5e5bbe9ffce5455f2e965574a12.exe
[2025-05-26 21:02:37.527] Path: D:\new\ransomware_high_confidence\blackcat\a15f278540238f0308608e76a76c01c60e04f5e5bbe9ffce5455f2e965574a12.exe
[2025-05-26 21:02:37.527] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\a15f278540238f0308608e76a76c01c60e04f5e5bbe9ffce5455f2e965574a12.exe
[2025-05-26 21:02:37.527] Malware execution time: 60 seconds
[2025-05-26 21:02:37.527] Restoring snapshot 35
[2025-05-26 21:02:37.703] Restoring snapshot 35 done
[2025-05-26 21:02:37.703] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:02:42.530] Starting up VM done
[2025-05-26 21:02:42.530] Installing kernel driver
[2025-05-26 21:02:42.530] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:02:45.696] Kernel driver installation completed
[2025-05-26 21:02:45.696] Starting GP driver service
[2025-05-26 21:02:45.696] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:02:48.854] GP driver service started
[2025-05-26 21:02:48.854] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\a15f278540238f0308608e76a76c01c60e04f5e5bbe9ffce5455f2e965574a12.exe
[2025-05-26 21:02:48.854] Malware execution started
[2025-05-26 21:02:48.854] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:03:48.862] Taking screenshot
[2025-05-26 21:03:48.926] Taking screenshot done
[2025-05-26 21:03:48.926] Terminating malware: a15f278540238f0308608e76a76c0

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:04:02.694] Powering off VM done
[2025-05-26 21:04:05.694] Restoring snapshot 35
[2025-05-26 21:04:05.742] Restoring snapshot 35 done
[2025-05-26 21:04:05.742] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 21:04:05.742] ✅ Analysis completed successfully!
[2025-05-26 21:04:05.742] Progress: 16.6% (234/1408)
[2025-05-26 21:04:05.742] Successful: 234, Failed: 0
[2025-05-26 21:04:05.742] Time remaining: 44.7h
[2025-05-26 21:04:05.742] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:04:10.742] SAMPLE 235/1408
[2025-05-26 21:04:10.742] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 21:04:10.742] File: acf8884a4bfb9ebfe99ed607c4f1cf625cd705ac4317c092ef6dcca3d47027aa.exe
[2025-05-26 21:04:10.742] Path: D:\new\ransomware_high_confidence\blackcat\acf8884a4bfb9ebfe99ed607c4f1cf625cd705ac4317c092ef6dcca3d47027aa.exe
[2025-05-26 21:04:10.742] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\acf8884a4bfb9ebfe99ed607c4f1cf625cd705ac4317c092ef6dcca3d47027aa.exe
[2025-05-26 21:04:10.742] Malware execution time: 60 seconds
[2025-05-26 21:04:10.742] Restoring snapshot 35
[2025-05-26 21:04:10.920] Restoring snapshot 35 done
[2025-05-26 21:04:10.920] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:04:15.750] Starting up VM done
[2025-05-26 21:04:15.750] Installing kernel driver
[2025-05-26 21:04:15.750] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:04:18.907] Kernel driver installation completed
[2025-05-26 21:04:18.907] Starting GP driver service
[2025-05-26 21:04:18.907] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:04:22.069] GP driver service started
[2025-05-26 21:04:22.069] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\acf8884a4bfb9ebfe99ed607c4f1cf625cd705ac4317c092ef6dcca3d47027aa.exe
[2025-05-26 21:04:22.069] Malware execution started
[2025-05-26 21:04:22.069] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:05:22.078] Taking screenshot
[2025-05-26 21:05:22.140] Taking screenshot done
[2025-05-26 21:05:22.140] Terminating malware: acf8884a4bfb9ebfe99ed607c4f1c

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:05:35.887] Powering off VM done
[2025-05-26 21:05:38.888] Restoring snapshot 35
[2025-05-26 21:05:38.935] Restoring snapshot 35 done
[2025-05-26 21:05:38.936] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 21:05:38.936] ✅ Analysis completed successfully!
[2025-05-26 21:05:38.936] Progress: 16.7% (235/1408)
[2025-05-26 21:05:38.936] Successful: 235, Failed: 0
[2025-05-26 21:05:38.936] Time remaining: 44.6h
[2025-05-26 21:05:38.936] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:05:43.936] SAMPLE 236/1408
[2025-05-26 21:05:43.936] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 21:05:43.936] File: bacedbb23254934b736a9daf6de52620c9250a49686d519ceaf0a8d25da0a97f.exe
[2025-05-26 21:05:43.936] Path: D:\new\ransomware_high_confidence\blackcat\bacedbb23254934b736a9daf6de52620c9250a49686d519ceaf0a8d25da0a97f.exe
[2025-05-26 21:05:43.936] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\bacedbb23254934b736a9daf6de52620c9250a49686d519ceaf0a8d25da0a97f.exe
[2025-05-26 21:05:43.936] Malware execution time: 60 seconds
[2025-05-26 21:05:43.936] Restoring snapshot 35
[2025-05-26 21:05:44.114] Restoring snapshot 35 done
[2025-05-26 21:05:44.114] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:05:48.929] Starting up VM done
[2025-05-26 21:05:48.929] Installing kernel driver
[2025-05-26 21:05:48.929] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:05:52.080] Kernel driver installation completed
[2025-05-26 21:05:52.080] Starting GP driver service
[2025-05-26 21:05:52.081] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:05:55.235] GP driver service started
[2025-05-26 21:05:55.235] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\bacedbb23254934b736a9daf6de52620c9250a49686d519ceaf0a8d25da0a97f.exe
[2025-05-26 21:05:55.236] Malware execution started
[2025-05-26 21:05:55.236] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:06:55.243] Taking screenshot
[2025-05-26 21:06:55.305] Taking screenshot done
[2025-05-26 21:06:55.305] Terminating malware: bacedbb23254934b736a9daf6de52

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:07:09.042] Powering off VM done
[2025-05-26 21:07:12.042] Restoring snapshot 35
[2025-05-26 21:07:12.090] Restoring snapshot 35 done
[2025-05-26 21:07:12.090] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 21:07:12.090] ✅ Analysis completed successfully!
[2025-05-26 21:07:12.090] Progress: 16.8% (236/1408)
[2025-05-26 21:07:12.090] Successful: 236, Failed: 0
[2025-05-26 21:07:12.090] Time remaining: 44.5h
[2025-05-26 21:07:12.090] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:07:17.090] SAMPLE 237/1408
[2025-05-26 21:07:17.090] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 21:07:17.090] File: bb6b249336cd7001b1c55d3724b5e35a150e752ed795c36e0d5dcba00eedb62a.exe
[2025-05-26 21:07:17.090] Path: D:\new\ransomware_high_confidence\blackcat\bb6b249336cd7001b1c55d3724b5e35a150e752ed795c36e0d5dcba00eedb62a.exe
[2025-05-26 21:07:17.090] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\bb6b249336cd7001b1c55d3724b5e35a150e752ed795c36e0d5dcba00eedb62a.exe
[2025-05-26 21:07:17.090] Malware execution time: 60 seconds
[2025-05-26 21:07:17.090] Restoring snapshot 35
[2025-05-26 21:07:17.267] Restoring snapshot 35 done
[2025-05-26 21:07:17.267] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:07:22.120] Starting up VM done
[2025-05-26 21:07:22.121] Installing kernel driver
[2025-05-26 21:07:22.121] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:07:25.279] Kernel driver installation completed
[2025-05-26 21:07:25.279] Starting GP driver service
[2025-05-26 21:07:25.279] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:07:28.434] GP driver service started
[2025-05-26 21:07:28.434] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\bb6b249336cd7001b1c55d3724b5e35a150e752ed795c36e0d5dcba00eedb62a.exe
[2025-05-26 21:07:28.435] Malware execution started
[2025-05-26 21:07:28.435] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:08:28.443] Taking screenshot
[2025-05-26 21:08:28.505] Taking screenshot done
[2025-05-26 21:08:28.505] Terminating malware: bb6b249336cd7001b1c55d3724b5e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:08:42.249] Powering off VM done
[2025-05-26 21:08:45.250] Restoring snapshot 35
[2025-05-26 21:08:45.298] Restoring snapshot 35 done
[2025-05-26 21:08:45.298] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 21:08:45.299] ✅ Analysis completed successfully!
[2025-05-26 21:08:45.299] Progress: 16.8% (237/1408)
[2025-05-26 21:08:45.299] Successful: 237, Failed: 0
[2025-05-26 21:08:45.299] Time remaining: 44.4h
[2025-05-26 21:08:45.299] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:08:50.299] SAMPLE 238/1408
[2025-05-26 21:08:50.299] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 21:08:50.299] File: bd337d4e83ab1c2cacb43e4569f977d188f1bb7c7a077026304bf186d49d4117.exe
[2025-05-26 21:08:50.299] Path: D:\new\ransomware_high_confidence\blackcat\bd337d4e83ab1c2cacb43e4569f977d188f1bb7c7a077026304bf186d49d4117.exe
[2025-05-26 21:08:50.299] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\bd337d4e83ab1c2cacb43e4569f977d188f1bb7c7a077026304bf186d49d4117.exe
[2025-05-26 21:08:50.299] Malware execution time: 60 seconds
[2025-05-26 21:08:50.299] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:08:50.716] Restoring snapshot 35 done
[2025-05-26 21:08:50.716] Starting up VM
[2025-05-26 21:08:55.542] Starting up VM done
[2025-05-26 21:08:55.542] Installing kernel driver
[2025-05-26 21:08:55.542] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:08:58.704] Kernel driver installation completed
[2025-05-26 21:08:58.704] Starting GP driver service
[2025-05-26 21:08:58.704] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:09:01.856] GP driver service started
[2025-05-26 21:09:01.856] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\bd337d4e83ab1c2cacb43e4569f977d188f1bb7c7a077026304bf186d49d4117.exe
[2025-05-26 21:09:01.857] Malware execution started
[2025-05-26 21:09:01.857] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:10:01.866] Taking screenshot
[2025-05-26 21:10:01.928] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:10:15.674] Powering off VM done
[2025-05-26 21:10:18.675] Restoring snapshot 35
[2025-05-26 21:10:18.722] Restoring snapshot 35 done
[2025-05-26 21:10:18.722] Kernel telemetry analysis completed in 88.4 seconds.

[2025-05-26 21:10:18.722] ✅ Analysis completed successfully!
[2025-05-26 21:10:18.722] Progress: 16.9% (238/1408)
[2025-05-26 21:10:18.722] Successful: 238, Failed: 0
[2025-05-26 21:10:18.722] Time remaining: 44.3h
[2025-05-26 21:10:18.722] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:10:23.722] SAMPLE 239/1408
[2025-05-26 21:10:23.722] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 21:10:23.722] File: bd4e603e953d8c7803f3c7d72cd7197d996ab80ce80b9da96a4df7d10969bb55.exe
[2025-05-26 21:10:23.722] Path: D:\new\ransomware_high_confidence\blackcat\bd4e603e953d8c7803f3c7d72cd7197d996ab80ce80b9da96a4df7d10969bb55.exe
[2025-05-26 21:10:23.722] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\bd4e603e953d8c7803f3c7d72cd7197d996ab80ce80b9da96a4df7d10969bb55.exe
[2025-05-26 21:10:23.722] Malware execution time: 60 seconds
[2025-05-26 21:10:23.722] Restoring snapshot 35
[2025-05-26 21:10:23.898] Restoring snapshot 35 done
[2025-05-26 21:10:23.898] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:10:28.704] Starting up VM done
[2025-05-26 21:10:28.705] Installing kernel driver
[2025-05-26 21:10:28.705] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:10:31.857] Kernel driver installation completed
[2025-05-26 21:10:31.858] Starting GP driver service
[2025-05-26 21:10:31.858] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:10:35.014] GP driver service started
[2025-05-26 21:10:35.014] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\bd4e603e953d8c7803f3c7d72cd7197d996ab80ce80b9da96a4df7d10969bb55.exe
[2025-05-26 21:10:35.014] Malware execution started
[2025-05-26 21:10:35.014] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:11:35.023] Taking screenshot
[2025-05-26 21:11:35.086] Taking screenshot done
[2025-05-26 21:11:35.086] Terminating malware: bd4e603e953d8c7803f3c7d72cd71

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:11:48.843] Powering off VM done
[2025-05-26 21:11:51.844] Restoring snapshot 35
[2025-05-26 21:11:51.894] Restoring snapshot 35 done
[2025-05-26 21:11:51.894] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 21:11:51.894] ✅ Analysis completed successfully!
[2025-05-26 21:11:51.894] Progress: 17.0% (239/1408)
[2025-05-26 21:11:51.894] Successful: 239, Failed: 0
[2025-05-26 21:11:51.894] Time remaining: 44.2h
[2025-05-26 21:11:51.894] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:11:56.894] SAMPLE 240/1408
[2025-05-26 21:11:56.894] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 21:11:56.894] File: c124dc2c4f82b3258f1538656de8cbd2c5133137cad2d6c7b874de8232763d95.exe
[2025-05-26 21:11:56.894] Path: D:\new\ransomware_high_confidence\blackcat\c124dc2c4f82b3258f1538656de8cbd2c5133137cad2d6c7b874de8232763d95.exe
[2025-05-26 21:11:56.894] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\c124dc2c4f82b3258f1538656de8cbd2c5133137cad2d6c7b874de8232763d95.exe
[2025-05-26 21:11:56.894] Malware execution time: 60 seconds
[2025-05-26 21:11:56.894] Restoring snapshot 35
[2025-05-26 21:11:57.071] Restoring snapshot 35 done
[2025-05-26 21:11:57.071] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:12:01.874] Starting up VM done
[2025-05-26 21:12:01.874] Installing kernel driver
[2025-05-26 21:12:01.874] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:12:05.031] Kernel driver installation completed
[2025-05-26 21:12:05.031] Starting GP driver service
[2025-05-26 21:12:05.031] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:12:08.185] GP driver service started
[2025-05-26 21:12:08.185] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\c124dc2c4f82b3258f1538656de8cbd2c5133137cad2d6c7b874de8232763d95.exe
[2025-05-26 21:12:08.186] Malware execution started
[2025-05-26 21:12:08.186] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:13:08.194] Taking screenshot
[2025-05-26 21:13:08.257] Taking screenshot done
[2025-05-26 21:13:08.257] Terminating malware: c124dc2c4f82b3258f1538656de8c

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:13:21.991] Powering off VM done
[2025-05-26 21:13:24.991] Restoring snapshot 35
[2025-05-26 21:13:25.039] Restoring snapshot 35 done
[2025-05-26 21:13:25.039] Kernel telemetry analysis completed in 88.1 seconds.

[2025-05-26 21:13:25.039] ✅ Analysis completed successfully!
[2025-05-26 21:13:25.039] Progress: 17.0% (240/1408)
[2025-05-26 21:13:25.039] Successful: 240, Failed: 0
[2025-05-26 21:13:25.039] Time remaining: 44.1h
[2025-05-26 21:13:25.039] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:13:30.039] SAMPLE 241/1408
[2025-05-26 21:13:30.039] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 21:13:30.039] File: c50bca08a8e80850ec18d258ff937b7b72a500d9027c730c86b05aa73c938b5d.exe
[2025-05-26 21:13:30.039] Path: D:\new\ransomware_high_confidence\blackcat\c50bca08a8e80850ec18d258ff937b7b72a500d9027c730c86b05aa73c938b5d.exe
[2025-05-26 21:13:30.039] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\c50bca08a8e80850ec18d258ff937b7b72a500d9027c730c86b05aa73c938b5d.exe
[2025-05-26 21:13:30.039] Malware execution time: 60 seconds
[2025-05-26 21:13:30.039] Restoring snapshot 35
[2025-05-26 21:13:30.216] Restoring snapshot 35 done
[2025-05-26 21:13:30.216] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:13:35.032] Starting up VM done
[2025-05-26 21:13:35.032] Installing kernel driver
[2025-05-26 21:13:35.032] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:13:38.191] Kernel driver installation completed
[2025-05-26 21:13:38.191] Starting GP driver service
[2025-05-26 21:13:38.191] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:13:41.341] GP driver service started
[2025-05-26 21:13:41.341] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\c50bca08a8e80850ec18d258ff937b7b72a500d9027c730c86b05aa73c938b5d.exe
[2025-05-26 21:13:41.342] Malware execution started
[2025-05-26 21:13:41.342] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:14:41.350] Taking screenshot
[2025-05-26 21:14:41.413] Taking screenshot done
[2025-05-26 21:14:41.413] Terminating malware: c50bca08a8e80850ec18d258ff937

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:14:55.136] Powering off VM done
[2025-05-26 21:14:58.137] Restoring snapshot 35
[2025-05-26 21:14:58.186] Restoring snapshot 35 done
[2025-05-26 21:14:58.186] Kernel telemetry analysis completed in 88.1 seconds.

[2025-05-26 21:14:58.186] ✅ Analysis completed successfully!
[2025-05-26 21:14:58.186] Progress: 17.1% (241/1408)
[2025-05-26 21:14:58.186] Successful: 241, Failed: 0
[2025-05-26 21:14:58.186] Time remaining: 44.0h
[2025-05-26 21:14:58.186] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:15:03.186] SAMPLE 242/1408
[2025-05-26 21:15:03.186] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 21:15:03.186] File: cefea76dfdbb48cfe1a3db2c8df34e898e29bec9b2c13e79ef40655c637833ae.exe
[2025-05-26 21:15:03.186] Path: D:\new\ransomware_high_confidence\blackcat\cefea76dfdbb48cfe1a3db2c8df34e898e29bec9b2c13e79ef40655c637833ae.exe
[2025-05-26 21:15:03.186] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\cefea76dfdbb48cfe1a3db2c8df34e898e29bec9b2c13e79ef40655c637833ae.exe
[2025-05-26 21:15:03.186] Malware execution time: 60 seconds
[2025-05-26 21:15:03.186] Restoring snapshot 35
[2025-05-26 21:15:03.363] Restoring snapshot 35 done
[2025-05-26 21:15:03.363] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:15:08.180] Starting up VM done
[2025-05-26 21:15:08.180] Installing kernel driver
[2025-05-26 21:15:08.180] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:15:11.331] Kernel driver installation completed
[2025-05-26 21:15:11.332] Starting GP driver service
[2025-05-26 21:15:11.332] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:15:14.483] GP driver service started
[2025-05-26 21:15:14.484] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\cefea76dfdbb48cfe1a3db2c8df34e898e29bec9b2c13e79ef40655c637833ae.exe
[2025-05-26 21:15:14.484] Malware execution started
[2025-05-26 21:15:14.484] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:16:14.492] Taking screenshot
[2025-05-26 21:16:14.554] Taking screenshot done
[2025-05-26 21:16:14.554] Terminating malware: cefea76dfdbb48cfe1a3db2c8df34

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:16:28.273] Powering off VM done
[2025-05-26 21:16:31.274] Restoring snapshot 35
[2025-05-26 21:16:31.321] Restoring snapshot 35 done
[2025-05-26 21:16:31.321] Kernel telemetry analysis completed in 88.1 seconds.

[2025-05-26 21:16:31.321] ✅ Analysis completed successfully!
[2025-05-26 21:16:31.321] Progress: 17.2% (242/1408)
[2025-05-26 21:16:31.321] Successful: 242, Failed: 0
[2025-05-26 21:16:31.321] Time remaining: 43.9h
[2025-05-26 21:16:31.321] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:16:36.322] SAMPLE 243/1408
[2025-05-26 21:16:36.322] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 21:16:36.322] File: d0e0923cf7f97c86b6cde608bc7a0332d03881e598de7b8e41c114d1576e4534.exe
[2025-05-26 21:16:36.322] Path: D:\new\ransomware_high_confidence\blackcat\d0e0923cf7f97c86b6cde608bc7a0332d03881e598de7b8e41c114d1576e4534.exe
[2025-05-26 21:16:36.322] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\d0e0923cf7f97c86b6cde608bc7a0332d03881e598de7b8e41c114d1576e4534.exe
[2025-05-26 21:16:36.322] Malware execution time: 60 seconds
[2025-05-26 21:16:36.322] Restoring snapshot 35
[2025-05-26 21:16:36.499] Restoring snapshot 35 done
[2025-05-26 21:16:36.499] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:16:41.322] Starting up VM done
[2025-05-26 21:16:41.322] Installing kernel driver
[2025-05-26 21:16:41.322] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:16:44.476] Kernel driver installation completed
[2025-05-26 21:16:44.476] Starting GP driver service
[2025-05-26 21:16:44.476] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:16:47.624] GP driver service started
[2025-05-26 21:16:47.625] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\d0e0923cf7f97c86b6cde608bc7a0332d03881e598de7b8e41c114d1576e4534.exe
[2025-05-26 21:16:47.625] Malware execution started
[2025-05-26 21:16:47.625] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:17:47.633] Taking screenshot
[2025-05-26 21:17:47.697] Taking screenshot done
[2025-05-26 21:17:47.697] Terminating malware: d0e0923cf7f97c86b6cde608bc7a0

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:18:02.000] Powering off VM done
[2025-05-26 21:18:05.001] Restoring snapshot 35
[2025-05-26 21:18:05.049] Restoring snapshot 35 done
[2025-05-26 21:18:05.049] Kernel telemetry analysis completed in 88.7 seconds.

[2025-05-26 21:18:05.049] ✅ Analysis completed successfully!
[2025-05-26 21:18:05.049] Progress: 17.3% (243/1408)
[2025-05-26 21:18:05.049] Successful: 243, Failed: 0
[2025-05-26 21:18:05.049] Time remaining: 43.8h
[2025-05-26 21:18:05.049] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:18:10.049] SAMPLE 244/1408
[2025-05-26 21:18:10.049] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 21:18:10.049] File: d3fd49f8f42fa571209af568a65119433e114bb66da21eda12b96a16b5ebfe21.exe
[2025-05-26 21:18:10.049] Path: D:\new\ransomware_high_confidence\blackcat\d3fd49f8f42fa571209af568a65119433e114bb66da21eda12b96a16b5ebfe21.exe
[2025-05-26 21:18:10.050] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\d3fd49f8f42fa571209af568a65119433e114bb66da21eda12b96a16b5ebfe21.exe
[2025-05-26 21:18:10.050] Malware execution time: 60 seconds
[2025-05-26 21:18:10.050] Restoring snapshot 35
[2025-05-26 21:18:10.226] Restoring snapshot 35 done
[2025-05-26 21:18:10.226] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:18:15.040] Starting up VM done
[2025-05-26 21:18:15.040] Installing kernel driver
[2025-05-26 21:18:15.040] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:18:18.193] Kernel driver installation completed
[2025-05-26 21:18:18.194] Starting GP driver service
[2025-05-26 21:18:18.194] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:18:21.342] GP driver service started
[2025-05-26 21:18:21.342] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\d3fd49f8f42fa571209af568a65119433e114bb66da21eda12b96a16b5ebfe21.exe
[2025-05-26 21:18:21.343] Malware execution started
[2025-05-26 21:18:21.343] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:19:21.351] Taking screenshot
[2025-05-26 21:19:21.414] Taking screenshot done
[2025-05-26 21:19:21.414] Terminating malware: d3fd49f8f42fa571209af568a6511

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:19:35.179] Powering off VM done
[2025-05-26 21:19:38.179] Restoring snapshot 35
[2025-05-26 21:19:38.231] Restoring snapshot 35 done
[2025-05-26 21:19:38.232] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 21:19:38.232] ✅ Analysis completed successfully!
[2025-05-26 21:19:38.232] Progress: 17.3% (244/1408)
[2025-05-26 21:19:38.232] Successful: 244, Failed: 0
[2025-05-26 21:19:38.232] Time remaining: 43.7h
[2025-05-26 21:19:38.232] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:19:43.232] SAMPLE 245/1408
[2025-05-26 21:19:43.232] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 21:19:43.232] File: d767524e1bbb8d50129485ffa667eb1d379c745c30d4588672636998c20f857f.exe
[2025-05-26 21:19:43.232] Path: D:\new\ransomware_high_confidence\blackcat\d767524e1bbb8d50129485ffa667eb1d379c745c30d4588672636998c20f857f.exe
[2025-05-26 21:19:43.232] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\d767524e1bbb8d50129485ffa667eb1d379c745c30d4588672636998c20f857f.exe
[2025-05-26 21:19:43.232] Malware execution time: 60 seconds
[2025-05-26 21:19:43.232] Restoring snapshot 35
[2025-05-26 21:19:43.409] Restoring snapshot 35 done
[2025-05-26 21:19:43.409] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:19:48.233] Starting up VM done
[2025-05-26 21:19:48.233] Installing kernel driver
[2025-05-26 21:19:48.233] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:19:51.391] Kernel driver installation completed
[2025-05-26 21:19:51.391] Starting GP driver service
[2025-05-26 21:19:51.391] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:19:54.545] GP driver service started
[2025-05-26 21:19:54.545] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\d767524e1bbb8d50129485ffa667eb1d379c745c30d4588672636998c20f857f.exe
[2025-05-26 21:19:54.546] Malware execution started
[2025-05-26 21:19:54.546] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:20:54.554] Taking screenshot
[2025-05-26 21:20:54.616] Taking screenshot done
[2025-05-26 21:20:54.616] Terminating malware: d767524e1bbb8d50129485ffa667e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:21:08.365] Powering off VM done
[2025-05-26 21:21:11.366] Restoring snapshot 35
[2025-05-26 21:21:11.414] Restoring snapshot 35 done
[2025-05-26 21:21:11.414] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 21:21:11.414] ✅ Analysis completed successfully!
[2025-05-26 21:21:11.414] Progress: 17.4% (245/1408)
[2025-05-26 21:21:11.414] Successful: 245, Failed: 0
[2025-05-26 21:21:11.414] Time remaining: 43.7h
[2025-05-26 21:21:11.414] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:21:16.414] SAMPLE 246/1408
[2025-05-26 21:21:16.414] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 21:21:16.414] File: e55cc3426298f9f848849304d10b9222925eb19caebaebaa44dfb85ad2346062.exe
[2025-05-26 21:21:16.415] Path: D:\new\ransomware_high_confidence\blackcat\e55cc3426298f9f848849304d10b9222925eb19caebaebaa44dfb85ad2346062.exe
[2025-05-26 21:21:16.415] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\e55cc3426298f9f848849304d10b9222925eb19caebaebaa44dfb85ad2346062.exe
[2025-05-26 21:21:16.415] Malware execution time: 60 seconds
[2025-05-26 21:21:16.415] Restoring snapshot 35
[2025-05-26 21:21:16.593] Restoring snapshot 35 done
[2025-05-26 21:21:16.593] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:21:21.411] Starting up VM done
[2025-05-26 21:21:21.412] Installing kernel driver
[2025-05-26 21:21:21.412] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:21:24.564] Kernel driver installation completed
[2025-05-26 21:21:24.564] Starting GP driver service
[2025-05-26 21:21:24.564] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:21:27.713] GP driver service started
[2025-05-26 21:21:27.714] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\e55cc3426298f9f848849304d10b9222925eb19caebaebaa44dfb85ad2346062.exe
[2025-05-26 21:21:27.714] Malware execution started
[2025-05-26 21:21:27.714] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:22:27.722] Taking screenshot
[2025-05-26 21:22:27.784] Taking screenshot done
[2025-05-26 21:22:27.784] Terminating malware: e55cc3426298f9f848849304d10b9

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:22:41.529] Powering off VM done
[2025-05-26 21:22:44.529] Restoring snapshot 35
[2025-05-26 21:22:44.580] Restoring snapshot 35 done
[2025-05-26 21:22:44.580] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 21:22:44.580] ✅ Analysis completed successfully!
[2025-05-26 21:22:44.580] Progress: 17.5% (246/1408)
[2025-05-26 21:22:44.580] Successful: 246, Failed: 0
[2025-05-26 21:22:44.580] Time remaining: 43.6h
[2025-05-26 21:22:44.580] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:22:49.580] SAMPLE 247/1408
[2025-05-26 21:22:49.580] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 21:22:49.580] File: e88795f5be1970400521e0041c4603c62ff681f24ac75f926d524d092eecb6ee.exe
[2025-05-26 21:22:49.580] Path: D:\new\ransomware_high_confidence\blackcat\e88795f5be1970400521e0041c4603c62ff681f24ac75f926d524d092eecb6ee.exe
[2025-05-26 21:22:49.581] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\e88795f5be1970400521e0041c4603c62ff681f24ac75f926d524d092eecb6ee.exe
[2025-05-26 21:22:49.581] Malware execution time: 60 seconds
[2025-05-26 21:22:49.581] Restoring snapshot 35
[2025-05-26 21:22:49.759] Restoring snapshot 35 done
[2025-05-26 21:22:49.759] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:22:54.594] Starting up VM done
[2025-05-26 21:22:54.594] Installing kernel driver
[2025-05-26 21:22:54.594] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:22:57.753] Kernel driver installation completed
[2025-05-26 21:22:57.753] Starting GP driver service
[2025-05-26 21:22:57.753] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:23:00.906] GP driver service started
[2025-05-26 21:23:00.906] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\e88795f5be1970400521e0041c4603c62ff681f24ac75f926d524d092eecb6ee.exe
[2025-05-26 21:23:00.906] Malware execution started
[2025-05-26 21:23:00.907] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:24:00.915] Taking screenshot
[2025-05-26 21:24:00.979] Taking screenshot done
[2025-05-26 21:24:00.979] Terminating malware: e88795f5be1970400521e0041c460

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:24:17.470] Restoring snapshot 35
[2025-05-26 21:24:17.518] Restoring snapshot 35 done
[2025-05-26 21:24:17.518] Kernel telemetry analysis completed in 87.9 seconds.

[2025-05-26 21:24:17.518] ✅ Analysis completed successfully!
[2025-05-26 21:24:17.518] Progress: 17.5% (247/1408)
[2025-05-26 21:24:17.518] Successful: 247, Failed: 0
[2025-05-26 21:24:17.518] Time remaining: 43.5h
[2025-05-26 21:24:17.518] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:24:22.518] SAMPLE 248/1408
[2025-05-26 21:24:22.518] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 21:24:22.518] File: f2b3f1ed693021b20f456a058b86b08abfc4876c7a3ae18aea6e95567fd55b2e.exe
[2025-05-26 21:24:22.518] Path: D:\new\ransomware_high_confidence\blackcat\f2b3f1ed693021b20f456a058b86b08abfc4876c7a3ae18aea6e95567fd55b2e.exe
[2025-05-26 21:24:22.519] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\f2b3f1ed693021b20f456a058b86b08abfc4876c7a3ae18aea6e95567fd55b2e.exe
[2025-05-26 21:24:22.519] Malware execution time: 60 seconds
[2025-05-26 21:24:22.519] Restoring snapshot 35
[2025-05-26 21:24:22.695] Restoring snapshot 35 done
[2025-05-26 21:24:22.696] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:24:27.533] Starting up VM done
[2025-05-26 21:24:27.533] Installing kernel driver
[2025-05-26 21:24:27.533] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:24:30.695] Kernel driver installation completed
[2025-05-26 21:24:30.695] Starting GP driver service
[2025-05-26 21:24:30.695] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:24:33.848] GP driver service started
[2025-05-26 21:24:33.848] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\f2b3f1ed693021b20f456a058b86b08abfc4876c7a3ae18aea6e95567fd55b2e.exe
[2025-05-26 21:24:33.848] Malware execution started
[2025-05-26 21:24:33.848] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:25:33.857] Taking screenshot
[2025-05-26 21:25:33.920] Taking screenshot done
[2025-05-26 21:25:33.920] Terminating malware: f2b3f1ed693021b20f456a058b86b

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:25:47.671] Powering off VM done
[2025-05-26 21:25:50.671] Restoring snapshot 35
[2025-05-26 21:25:50.719] Restoring snapshot 35 done
[2025-05-26 21:25:50.719] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 21:25:50.719] ✅ Analysis completed successfully!
[2025-05-26 21:25:50.719] Progress: 17.6% (248/1408)
[2025-05-26 21:25:50.719] Successful: 248, Failed: 0
[2025-05-26 21:25:50.719] Time remaining: 43.4h
[2025-05-26 21:25:50.719] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:25:55.719] SAMPLE 249/1408
[2025-05-26 21:25:55.719] Family: D:\new\ransomware_high_confidence\blackcat
[2025-05-26 21:25:55.719] File: f837f1cd60e9941aa60f7be50a8f2aaaac380f560db8ee001408f35c1b7a97cb.exe
[2025-05-26 21:25:55.719] Path: D:\new\ransomware_high_confidence\blackcat\f837f1cd60e9941aa60f7be50a8f2aaaac380f560db8ee001408f35c1b7a97cb.exe
[2025-05-26 21:25:55.719] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackcat\f837f1cd60e9941aa60f7be50a8f2aaaac380f560db8ee001408f35c1b7a97cb.exe
[2025-05-26 21:25:55.719] Malware execution time: 60 seconds
[2025-05-26 21:25:55.719] Restoring snapshot 35
[2025-05-26 21:25:55.896] Restoring snapshot 35 done
[2025-05-26 21:25:55.896] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:26:00.696] Starting up VM done
[2025-05-26 21:26:00.696] Installing kernel driver
[2025-05-26 21:26:00.696] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:26:03.855] Kernel driver installation completed
[2025-05-26 21:26:03.855] Starting GP driver service
[2025-05-26 21:26:03.855] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:26:07.005] GP driver service started
[2025-05-26 21:26:07.005] Executing malware sample: D:\new\ransomware_high_confidence\blackcat\f837f1cd60e9941aa60f7be50a8f2aaaac380f560db8ee001408f35c1b7a97cb.exe
[2025-05-26 21:26:07.005] Malware execution started
[2025-05-26 21:26:07.005] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:27:07.014] Taking screenshot
[2025-05-26 21:27:07.076] Taking screenshot done
[2025-05-26 21:27:07.076] Terminating malware: f837f1cd60e9941aa60f7be50a8f2

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:27:20.845] Powering off VM done
[2025-05-26 21:27:23.846] Restoring snapshot 35
[2025-05-26 21:27:23.893] Restoring snapshot 35 done
[2025-05-26 21:27:23.893] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-26 21:27:23.893] ✅ Analysis completed successfully!
[2025-05-26 21:27:23.893] Progress: 17.7% (249/1408)
[2025-05-26 21:27:23.893] Successful: 249, Failed: 0
[2025-05-26 21:27:23.893] Time remaining: 43.3h
[2025-05-26 21:27:23.894] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:27:28.894] SAMPLE 250/1408
[2025-05-26 21:27:28.894] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 21:27:28.894] File: 072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486.exe
[2025-05-26 21:27:28.894] Path: D:\new\ransomware_high_confidence\blackmatter\072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486.exe
[2025-05-26 21:27:28.894] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486.exe
[2025-05-26 21:27:28.894] Malware execution time: 60 seconds
[2025-05-26 21:27:28.894] Restoring snapshot 35
[2025-05-26 21:27:29.070] Restoring snapshot 35 done
[2025-05-26 21:27:29.070] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:27:33.943] Starting up VM done
[2025-05-26 21:27:33.943] Installing kernel driver
[2025-05-26 21:27:33.943] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:27:37.108] Kernel driver installation completed
[2025-05-26 21:27:37.108] Starting GP driver service
[2025-05-26 21:27:37.108] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:27:40.264] GP driver service started
[2025-05-26 21:27:40.264] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486.exe
[2025-05-26 21:27:40.265] Malware execution started
[2025-05-26 21:27:40.265] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:28:40.273] Taking screenshot
[2025-05-26 21:28:40.337] Taking screenshot done
[2025-05-26 21:28:40.337] Terminating malware: 072158f5588440e6c94cb419ae

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:29:04.545] Powering off VM done
[2025-05-26 21:29:07.545] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:29:09.334] Restoring snapshot 35 done
[2025-05-26 21:29:09.334] Kernel telemetry analysis completed in 100.4 seconds.

[2025-05-26 21:29:09.334] ✅ Analysis completed successfully!
[2025-05-26 21:29:09.334] Progress: 17.8% (250/1408)
[2025-05-26 21:29:09.334] Successful: 250, Failed: 0
[2025-05-26 21:29:09.334] Time remaining: 43.2h
[2025-05-26 21:29:09.334] Waiting 5 seconds before next sample...
[2025-05-26 21:29:14.334] SAMPLE 251/1408
[2025-05-26 21:29:14.334] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 21:29:14.334] File: 0751c422962dcd500d7cf2cf8bf544ddf5b2fe3465df7dd9b9998f6bba5e08a4.exe
[2025-05-26 21:29:14.334] Path: D:\new\ransomware_high_confidence\blackmatter\0751c422962dcd500d7cf2cf8bf544ddf5b2fe3465df7dd9b9998f6bba5e08a4.exe
[2025-05-26 21:29:14.335] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\0751c422962dcd500d7cf2cf8bf544ddf5b2fe3465df7dd9b9998f6bba5e08a4.exe
[2025-05-26 21:29:14.335] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:29:16.127] Restoring snapshot 35 done
[2025-05-26 21:29:16.127] Starting up VM
[2025-05-26 21:29:22.395] Starting up VM done
[2025-05-26 21:29:22.395] Installing kernel driver
[2025-05-26 21:29:22.395] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:29:27.050] Kernel driver installation completed
[2025-05-26 21:29:27.050] Starting GP driver service
[2025-05-26 21:29:27.050] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:29:30.198] GP driver service started
[2025-05-26 21:29:30.198] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\0751c422962dcd500d7cf2cf8bf544ddf5b2fe3465df7dd9b9998f6bba5e08a4.exe
[2025-05-26 21:29:30.198] Malware execution started
[2025-05-26 21:29:30.199] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:30:30.206] Taking screenshot
[2025-05-26 21:30:30.269] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:31:28.442] Powering off VM done
[2025-05-26 21:31:31.443] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:31:33.535] Restoring snapshot 35 done
[2025-05-26 21:31:33.535] Kernel telemetry analysis completed in 139.2 seconds.

[2025-05-26 21:31:33.535] ✅ Analysis completed successfully!
[2025-05-26 21:31:33.535] Progress: 17.8% (251/1408)
[2025-05-26 21:31:33.535] Successful: 251, Failed: 0
[2025-05-26 21:31:33.535] Time remaining: 43.2h
[2025-05-26 21:31:33.536] Waiting 5 seconds before next sample...
[2025-05-26 21:31:38.536] SAMPLE 252/1408
[2025-05-26 21:31:38.536] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 21:31:38.536] File: 1c63a4fdee1528429886a0de5e89eaa540a058bf27cd378b8d139e045a2f7849.exe
[2025-05-26 21:31:38.536] Path: D:\new\ransomware_high_confidence\blackmatter\1c63a4fdee1528429886a0de5e89eaa540a058bf27cd378b8d139e045a2f7849.exe
[2025-05-26 21:31:38.536] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\1c63a4fdee1528429886a0de5e89eaa540a058bf27cd378b8d139e045a2f7849.exe
[2025-05-26 21:31:38.536] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:31:40.142] Restoring snapshot 35 done
[2025-05-26 21:31:40.142] Starting up VM
[2025-05-26 21:31:46.007] Starting up VM done
[2025-05-26 21:31:46.007] Installing kernel driver
[2025-05-26 21:31:46.007] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:31:50.522] Kernel driver installation completed
[2025-05-26 21:31:50.522] Starting GP driver service
[2025-05-26 21:31:50.522] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:31:53.675] GP driver service started
[2025-05-26 21:31:53.675] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\1c63a4fdee1528429886a0de5e89eaa540a058bf27cd378b8d139e045a2f7849.exe
[2025-05-26 21:31:53.676] Malware execution started
[2025-05-26 21:31:53.676] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:32:53.683] Taking screenshot
[2025-05-26 21:32:53.746] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:34:22.813] Powering off VM done
[2025-05-26 21:34:25.814] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:34:27.229] Restoring snapshot 35 done
[2025-05-26 21:34:27.229] Kernel telemetry analysis completed in 168.7 seconds.

[2025-05-26 21:34:27.229] ✅ Analysis completed successfully!
[2025-05-26 21:34:27.229] Progress: 17.9% (252/1408)
[2025-05-26 21:34:27.229] Successful: 252, Failed: 0
[2025-05-26 21:34:27.229] Time remaining: 43.2h
[2025-05-26 21:34:27.229] Waiting 5 seconds before next sample...
[2025-05-26 21:34:32.230] SAMPLE 253/1408
[2025-05-26 21:34:32.230] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 21:34:32.230] File: 1eea3cbd729d4493c0c0a84efe6840abf1760efe221dc971d32ca5017b5c19c2.exe
[2025-05-26 21:34:32.230] Path: D:\new\ransomware_high_confidence\blackmatter\1eea3cbd729d4493c0c0a84efe6840abf1760efe221dc971d32ca5017b5c19c2.exe
[2025-05-26 21:34:32.230] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\1eea3cbd729d4493c0c0a84efe6840abf1760efe221dc971d32ca5017b5c19c2.exe
[2025-05-26 21:34:32.230] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:34:33.783] Restoring snapshot 35 done
[2025-05-26 21:34:33.784] Starting up VM
[2025-05-26 21:34:39.694] Starting up VM done
[2025-05-26 21:34:39.694] Installing kernel driver
[2025-05-26 21:34:39.694] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:34:44.078] Kernel driver installation completed
[2025-05-26 21:34:44.078] Starting GP driver service
[2025-05-26 21:34:44.078] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:34:47.227] GP driver service started
[2025-05-26 21:34:47.227] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\1eea3cbd729d4493c0c0a84efe6840abf1760efe221dc971d32ca5017b5c19c2.exe
[2025-05-26 21:34:47.228] Malware execution started
[2025-05-26 21:34:47.228] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:35:47.236] Taking screenshot
[2025-05-26 21:35:47.299] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:36:56.537] Powering off VM done
[2025-05-26 21:36:59.537] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:37:00.758] Restoring snapshot 35 done
[2025-05-26 21:37:00.758] Kernel telemetry analysis completed in 148.5 seconds.

[2025-05-26 21:37:00.758] ✅ Analysis completed successfully!
[2025-05-26 21:37:00.758] Progress: 18.0% (253/1408)
[2025-05-26 21:37:00.758] Successful: 253, Failed: 0
[2025-05-26 21:37:00.758] Time remaining: 43.2h
[2025-05-26 21:37:00.758] Waiting 5 seconds before next sample...
[2025-05-26 21:37:05.758] SAMPLE 254/1408
[2025-05-26 21:37:05.758] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 21:37:05.758] File: 20742987e6f743814b25e214f8b2cd43111e2f60a8856a6cca87cafd85422f41.exe
[2025-05-26 21:37:05.758] Path: D:\new\ransomware_high_confidence\blackmatter\20742987e6f743814b25e214f8b2cd43111e2f60a8856a6cca87cafd85422f41.exe
[2025-05-26 21:37:05.758] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\20742987e6f743814b25e214f8b2cd43111e2f60a8856a6cca87cafd85422f41.exe
[2025-05-26 21:37:05.758] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:37:07.319] Restoring snapshot 35 done
[2025-05-26 21:37:07.319] Starting up VM
[2025-05-26 21:37:13.487] Starting up VM done
[2025-05-26 21:37:13.487] Installing kernel driver
[2025-05-26 21:37:13.487] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:37:17.685] Kernel driver installation completed
[2025-05-26 21:37:17.685] Starting GP driver service
[2025-05-26 21:37:17.685] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:37:20.836] GP driver service started
[2025-05-26 21:37:20.836] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\20742987e6f743814b25e214f8b2cd43111e2f60a8856a6cca87cafd85422f41.exe
[2025-05-26 21:37:20.837] Malware execution started
[2025-05-26 21:37:20.837] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:38:20.845] Taking screenshot
[2025-05-26 21:38:20.908] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:39:18.132] Powering off VM done
[2025-05-26 21:39:21.132] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:39:22.223] Restoring snapshot 35 done
[2025-05-26 21:39:22.223] Kernel telemetry analysis completed in 136.5 seconds.

[2025-05-26 21:39:22.223] ✅ Analysis completed successfully!
[2025-05-26 21:39:22.223] Progress: 18.0% (254/1408)
[2025-05-26 21:39:22.223] Successful: 254, Failed: 0
[2025-05-26 21:39:22.223] Time remaining: 43.2h
[2025-05-26 21:39:22.223] Waiting 5 seconds before next sample...
[2025-05-26 21:39:27.223] SAMPLE 255/1408
[2025-05-26 21:39:27.223] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 21:39:27.223] File: 22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6.exe
[2025-05-26 21:39:27.223] Path: D:\new\ransomware_high_confidence\blackmatter\22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6.exe
[2025-05-26 21:39:27.223] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6.exe
[2025-05-26 21:39:27.223] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:39:29.053] Restoring snapshot 35 done
[2025-05-26 21:39:29.053] Starting up VM
[2025-05-26 21:39:35.768] Starting up VM done
[2025-05-26 21:39:35.768] Installing kernel driver
[2025-05-26 21:39:35.768] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:39:39.955] Kernel driver installation completed
[2025-05-26 21:39:39.955] Starting GP driver service
[2025-05-26 21:39:39.955] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:39:43.116] GP driver service started
[2025-05-26 21:39:43.116] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6.exe
[2025-05-26 21:39:43.116] Malware execution started
[2025-05-26 21:39:43.116] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:40:43.124] Taking screenshot
[2025-05-26 21:40:43.188] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:42:06.574] Powering off VM done
[2025-05-26 21:42:09.574] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:42:10.600] Restoring snapshot 35 done
[2025-05-26 21:42:10.600] Kernel telemetry analysis completed in 163.4 seconds.

[2025-05-26 21:42:10.600] ✅ Analysis completed successfully!
[2025-05-26 21:42:10.600] Progress: 18.1% (255/1408)
[2025-05-26 21:42:10.600] Successful: 255, Failed: 0
[2025-05-26 21:42:10.600] Time remaining: 43.2h
[2025-05-26 21:42:10.600] Waiting 5 seconds before next sample...
[2025-05-26 21:42:15.600] SAMPLE 256/1408
[2025-05-26 21:42:15.600] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 21:42:15.600] File: 2466fca0e29b06c78ffa8a44193fb58c30e6bec4e54bbef8e6622349b95cce4c.exe
[2025-05-26 21:42:15.600] Path: D:\new\ransomware_high_confidence\blackmatter\2466fca0e29b06c78ffa8a44193fb58c30e6bec4e54bbef8e6622349b95cce4c.exe
[2025-05-26 21:42:15.600] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\2466fca0e29b06c78ffa8a44193fb58c30e6bec4e54bbef8e6622349b95cce4c.exe
[2025-05-26 21:42:15.600] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:42:17.184] Restoring snapshot 35 done
[2025-05-26 21:42:17.184] Starting up VM
[2025-05-26 21:42:23.118] Starting up VM done
[2025-05-26 21:42:23.118] Installing kernel driver
[2025-05-26 21:42:23.118] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:42:27.433] Kernel driver installation completed
[2025-05-26 21:42:27.433] Starting GP driver service
[2025-05-26 21:42:27.433] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:42:30.590] GP driver service started
[2025-05-26 21:42:30.590] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\2466fca0e29b06c78ffa8a44193fb58c30e6bec4e54bbef8e6622349b95cce4c.exe
[2025-05-26 21:42:30.590] Malware execution started
[2025-05-26 21:42:30.590] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:43:30.598] Taking screenshot
[2025-05-26 21:43:30.661] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:44:16.247] Powering off VM done
[2025-05-26 21:44:19.247] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:44:20.638] Restoring snapshot 35 done
[2025-05-26 21:44:20.638] Kernel telemetry analysis completed in 125.0 seconds.

[2025-05-26 21:44:20.638] ✅ Analysis completed successfully!
[2025-05-26 21:44:20.638] Progress: 18.2% (256/1408)
[2025-05-26 21:44:20.638] Successful: 256, Failed: 0
[2025-05-26 21:44:20.638] Time remaining: 43.1h
[2025-05-26 21:44:20.638] Waiting 5 seconds before next sample...
[2025-05-26 21:44:25.638] SAMPLE 257/1408
[2025-05-26 21:44:25.638] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 21:44:25.638] File: 25f95280b390eda74f9fd28f31bf57af0daf37bd48575e40d8b0ea9dccd37831.exe
[2025-05-26 21:44:25.638] Path: D:\new\ransomware_high_confidence\blackmatter\25f95280b390eda74f9fd28f31bf57af0daf37bd48575e40d8b0ea9dccd37831.exe
[2025-05-26 21:44:25.638] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\25f95280b390eda74f9fd28f31bf57af0daf37bd48575e40d8b0ea9dccd37831.exe
[2025-05-26 21:44:25.638] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:44:27.565] Restoring snapshot 35 done
[2025-05-26 21:44:27.565] Starting up VM
[2025-05-26 21:44:34.433] Starting up VM done
[2025-05-26 21:44:34.433] Installing kernel driver
[2025-05-26 21:44:34.433] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:44:37.598] Kernel driver installation completed
[2025-05-26 21:44:37.598] Starting GP driver service
[2025-05-26 21:44:37.598] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:44:40.756] GP driver service started
[2025-05-26 21:44:40.756] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\25f95280b390eda74f9fd28f31bf57af0daf37bd48575e40d8b0ea9dccd37831.exe
[2025-05-26 21:44:40.757] Malware execution started
[2025-05-26 21:44:40.757] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:45:40.765] Taking screenshot
[2025-05-26 21:45:40.826] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:45:56.930] Powering off VM done
[2025-05-26 21:45:59.930] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:46:01.381] Restoring snapshot 35 done
[2025-05-26 21:46:01.381] Kernel telemetry analysis completed in 95.7 seconds.

[2025-05-26 21:46:01.381] ✅ Analysis completed successfully!
[2025-05-26 21:46:01.381] Progress: 18.3% (257/1408)
[2025-05-26 21:46:01.381] Successful: 257, Failed: 0
[2025-05-26 21:46:01.381] Time remaining: 43.0h
[2025-05-26 21:46:01.381] Waiting 5 seconds before next sample...
[2025-05-26 21:46:06.382] SAMPLE 258/1408
[2025-05-26 21:46:06.382] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 21:46:06.382] File: 26a7146fbed74a17e9f2f18145063de07cc103ce53c75c8d79bbc5560235c345.exe
[2025-05-26 21:46:06.382] Path: D:\new\ransomware_high_confidence\blackmatter\26a7146fbed74a17e9f2f18145063de07cc103ce53c75c8d79bbc5560235c345.exe
[2025-05-26 21:46:06.382] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\26a7146fbed74a17e9f2f18145063de07cc103ce53c75c8d79bbc5560235c345.exe
[2025-05-26 21:46:06.382] Malware ex

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:46:08.214] Restoring snapshot 35 done
[2025-05-26 21:46:08.214] Starting up VM
[2025-05-26 21:46:14.707] Starting up VM done
[2025-05-26 21:46:14.707] Installing kernel driver
[2025-05-26 21:46:14.707] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:46:18.948] Kernel driver installation completed
[2025-05-26 21:46:18.948] Starting GP driver service
[2025-05-26 21:46:18.948] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:46:22.109] GP driver service started
[2025-05-26 21:46:22.109] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\26a7146fbed74a17e9f2f18145063de07cc103ce53c75c8d79bbc5560235c345.exe
[2025-05-26 21:46:22.109] Malware execution started
[2025-05-26 21:46:22.109] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:47:22.117] Taking screenshot
[2025-05-26 21:47:22.179] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:48:38.500] Powering off VM done
[2025-05-26 21:48:41.501] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:48:42.723] Restoring snapshot 35 done
[2025-05-26 21:48:42.723] Kernel telemetry analysis completed in 156.3 seconds.

[2025-05-26 21:48:42.723] ✅ Analysis completed successfully!
[2025-05-26 21:48:42.723] Progress: 18.3% (258/1408)
[2025-05-26 21:48:42.723] Successful: 258, Failed: 0
[2025-05-26 21:48:42.723] Time remaining: 43.0h
[2025-05-26 21:48:42.723] Waiting 5 seconds before next sample...
[2025-05-26 21:48:47.723] SAMPLE 259/1408
[2025-05-26 21:48:47.723] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 21:48:47.723] File: 2aad85dbd4c79bd21c6218892552d5c9fb216293a251559ba59d45d56a01437c.exe
[2025-05-26 21:48:47.723] Path: D:\new\ransomware_high_confidence\blackmatter\2aad85dbd4c79bd21c6218892552d5c9fb216293a251559ba59d45d56a01437c.exe
[2025-05-26 21:48:47.724] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\2aad85dbd4c79bd21c6218892552d5c9fb216293a251559ba59d45d56a01437c.exe
[2025-05-26 21:48:47.724] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:48:49.269] Restoring snapshot 35 done
[2025-05-26 21:48:49.269] Starting up VM
[2025-05-26 21:48:56.003] Starting up VM done
[2025-05-26 21:48:56.003] Installing kernel driver
[2025-05-26 21:48:56.003] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:49:00.272] Kernel driver installation completed
[2025-05-26 21:49:00.272] Starting GP driver service
[2025-05-26 21:49:00.273] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:49:03.433] GP driver service started
[2025-05-26 21:49:03.433] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\2aad85dbd4c79bd21c6218892552d5c9fb216293a251559ba59d45d56a01437c.exe
[2025-05-26 21:49:03.433] Malware execution started
[2025-05-26 21:49:03.433] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:50:03.441] Taking screenshot
[2025-05-26 21:50:03.502] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:50:53.711] Powering off VM done
[2025-05-26 21:50:56.712] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:50:57.722] Restoring snapshot 35 done
[2025-05-26 21:50:57.722] Kernel telemetry analysis completed in 130.0 seconds.

[2025-05-26 21:50:57.722] ✅ Analysis completed successfully!
[2025-05-26 21:50:57.722] Progress: 18.4% (259/1408)
[2025-05-26 21:50:57.722] Successful: 259, Failed: 0
[2025-05-26 21:50:57.723] Time remaining: 43.0h
[2025-05-26 21:50:57.723] Waiting 5 seconds before next sample...
[2025-05-26 21:51:02.723] SAMPLE 260/1408
[2025-05-26 21:51:02.723] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 21:51:02.723] File: 2c323453e959257c7aa86dc180bb3aaaa5c5ec06fa4e72b632d9e4b817052009.exe
[2025-05-26 21:51:02.723] Path: D:\new\ransomware_high_confidence\blackmatter\2c323453e959257c7aa86dc180bb3aaaa5c5ec06fa4e72b632d9e4b817052009.exe
[2025-05-26 21:51:02.723] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\2c323453e959257c7aa86dc180bb3aaaa5c5ec06fa4e72b632d9e4b817052009.exe
[2025-05-26 21:51:02.723] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:51:04.502] Restoring snapshot 35 done
[2025-05-26 21:51:04.502] Starting up VM
[2025-05-26 21:51:11.104] Starting up VM done
[2025-05-26 21:51:11.104] Installing kernel driver
[2025-05-26 21:51:11.104] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:51:15.440] Kernel driver installation completed
[2025-05-26 21:51:15.440] Starting GP driver service
[2025-05-26 21:51:15.440] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:51:18.588] GP driver service started
[2025-05-26 21:51:18.588] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\2c323453e959257c7aa86dc180bb3aaaa5c5ec06fa4e72b632d9e4b817052009.exe
[2025-05-26 21:51:18.589] Malware execution started
[2025-05-26 21:51:18.589] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:52:18.596] Taking screenshot
[2025-05-26 21:52:18.658] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:53:15.386] Powering off VM done
[2025-05-26 21:53:18.386] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:53:19.692] Restoring snapshot 35 done
[2025-05-26 21:53:19.692] Kernel telemetry analysis completed in 137.0 seconds.

[2025-05-26 21:53:19.692] ✅ Analysis completed successfully!
[2025-05-26 21:53:19.692] Progress: 18.5% (260/1408)
[2025-05-26 21:53:19.692] Successful: 260, Failed: 0
[2025-05-26 21:53:19.692] Time remaining: 43.0h
[2025-05-26 21:53:19.692] Waiting 5 seconds before next sample...
[2025-05-26 21:53:24.693] SAMPLE 261/1408
[2025-05-26 21:53:24.693] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 21:53:24.693] File: 2cdb5edf3039863c30818ca34d9240cb0068ad33128895500721bcdca70c78fd.exe
[2025-05-26 21:53:24.693] Path: D:\new\ransomware_high_confidence\blackmatter\2cdb5edf3039863c30818ca34d9240cb0068ad33128895500721bcdca70c78fd.exe
[2025-05-26 21:53:24.693] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\2cdb5edf3039863c30818ca34d9240cb0068ad33128895500721bcdca70c78fd.exe
[2025-05-26 21:53:24.693] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:53:26.317] Restoring snapshot 35 done
[2025-05-26 21:53:26.317] Starting up VM
[2025-05-26 21:53:33.102] Starting up VM done
[2025-05-26 21:53:33.102] Installing kernel driver
[2025-05-26 21:53:33.102] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:53:37.321] Kernel driver installation completed
[2025-05-26 21:53:37.322] Starting GP driver service
[2025-05-26 21:53:37.322] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:53:40.476] GP driver service started
[2025-05-26 21:53:40.477] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\2cdb5edf3039863c30818ca34d9240cb0068ad33128895500721bcdca70c78fd.exe
[2025-05-26 21:53:40.477] Malware execution started
[2025-05-26 21:53:40.477] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:54:40.485] Taking screenshot
[2025-05-26 21:54:40.547] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:55:38.783] Powering off VM done
[2025-05-26 21:55:41.783] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:55:43.353] Restoring snapshot 35 done
[2025-05-26 21:55:43.353] Kernel telemetry analysis completed in 138.7 seconds.

[2025-05-26 21:55:43.353] ✅ Analysis completed successfully!
[2025-05-26 21:55:43.353] Progress: 18.5% (261/1408)
[2025-05-26 21:55:43.353] Successful: 261, Failed: 0
[2025-05-26 21:55:43.353] Time remaining: 42.9h
[2025-05-26 21:55:43.354] Waiting 5 seconds before next sample...
[2025-05-26 21:55:48.354] SAMPLE 262/1408
[2025-05-26 21:55:48.354] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 21:55:48.354] File: 2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.exe
[2025-05-26 21:55:48.354] Path: D:\new\ransomware_high_confidence\blackmatter\2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.exe
[2025-05-26 21:55:48.354] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.exe
[2025-05-26 21:55:48.354] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:55:49.506] Restoring snapshot 35 done
[2025-05-26 21:55:49.506] Starting up VM
[2025-05-26 21:55:55.646] Starting up VM done
[2025-05-26 21:55:55.646] Installing kernel driver
[2025-05-26 21:55:55.646] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:55:59.920] Kernel driver installation completed
[2025-05-26 21:55:59.920] Starting GP driver service
[2025-05-26 21:55:59.920] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:56:03.071] GP driver service started
[2025-05-26 21:56:03.071] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.exe
[2025-05-26 21:56:03.071] Malware execution started
[2025-05-26 21:56:03.071] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:57:03.079] Taking screenshot
[2025-05-26 21:57:03.140] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:57:53.666] Powering off VM done
[2025-05-26 21:57:56.666] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:57:57.890] Restoring snapshot 35 done
[2025-05-26 21:57:57.890] Kernel telemetry analysis completed in 129.5 seconds.

[2025-05-26 21:57:57.890] ✅ Analysis completed successfully!
[2025-05-26 21:57:57.890] Progress: 18.6% (262/1408)
[2025-05-26 21:57:57.890] Successful: 262, Failed: 0
[2025-05-26 21:57:57.890] Time remaining: 42.9h
[2025-05-26 21:57:57.890] Waiting 5 seconds before next sample...
[2025-05-26 21:58:02.891] SAMPLE 263/1408
[2025-05-26 21:58:02.891] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 21:58:02.891] File: 3893fbe4c6db1b0a22c65ad81a3c3930f1943edb9660218c50b4c04bc36d4a15.exe
[2025-05-26 21:58:02.891] Path: D:\new\ransomware_high_confidence\blackmatter\3893fbe4c6db1b0a22c65ad81a3c3930f1943edb9660218c50b4c04bc36d4a15.exe
[2025-05-26 21:58:02.891] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\3893fbe4c6db1b0a22c65ad81a3c3930f1943edb9660218c50b4c04bc36d4a15.exe
[2025-05-26 21:58:02.891] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:58:04.743] Restoring snapshot 35 done
[2025-05-26 21:58:04.743] Starting up VM
[2025-05-26 21:58:11.186] Starting up VM done
[2025-05-26 21:58:11.186] Installing kernel driver
[2025-05-26 21:58:11.186] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:58:15.566] Kernel driver installation completed
[2025-05-26 21:58:15.566] Starting GP driver service
[2025-05-26 21:58:15.566] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 21:58:18.721] GP driver service started
[2025-05-26 21:58:18.721] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\3893fbe4c6db1b0a22c65ad81a3c3930f1943edb9660218c50b4c04bc36d4a15.exe
[2025-05-26 21:58:18.722] Malware execution started
[2025-05-26 21:58:18.722] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 21:59:18.730] Taking screenshot
[2025-05-26 21:59:18.792] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:59:36.724] Powering off VM done
[2025-05-26 21:59:39.725] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:59:41.164] Restoring snapshot 35 done
[2025-05-26 21:59:41.164] Kernel telemetry analysis completed in 98.3 seconds.

[2025-05-26 21:59:41.164] ✅ Analysis completed successfully!
[2025-05-26 21:59:41.164] Progress: 18.7% (263/1408)
[2025-05-26 21:59:41.164] Successful: 263, Failed: 0
[2025-05-26 21:59:41.164] Time remaining: 42.8h
[2025-05-26 21:59:41.165] Waiting 5 seconds before next sample...
[2025-05-26 21:59:46.165] SAMPLE 264/1408
[2025-05-26 21:59:46.165] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 21:59:46.165] File: 3a03530c732ebe53cdd7c17bee0988896d36c2b632dbd6118613697c2af82117.exe
[2025-05-26 21:59:46.165] Path: D:\new\ransomware_high_confidence\blackmatter\3a03530c732ebe53cdd7c17bee0988896d36c2b632dbd6118613697c2af82117.exe
[2025-05-26 21:59:46.165] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\3a03530c732ebe53cdd7c17bee0988896d36c2b632dbd6118613697c2af82117.exe
[2025-05-26 21:59:46.165] Malware ex

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 21:59:47.620] Restoring snapshot 35 done
[2025-05-26 21:59:47.620] Starting up VM
[2025-05-26 21:59:54.170] Starting up VM done
[2025-05-26 21:59:54.170] Installing kernel driver
[2025-05-26 21:59:54.170] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 21:59:58.440] Kernel driver installation completed
[2025-05-26 21:59:58.440] Starting GP driver service
[2025-05-26 21:59:58.440] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:00:01.599] GP driver service started
[2025-05-26 22:00:01.599] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\3a03530c732ebe53cdd7c17bee0988896d36c2b632dbd6118613697c2af82117.exe
[2025-05-26 22:00:01.600] Malware execution started
[2025-05-26 22:00:01.600] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:01:01.608] Taking screenshot
[2025-05-26 22:01:01.671] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:01:37.184] Powering off VM done
[2025-05-26 22:01:40.184] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:01:41.400] Restoring snapshot 35 done
[2025-05-26 22:01:41.400] Kernel telemetry analysis completed in 115.2 seconds.

[2025-05-26 22:01:41.400] ✅ Analysis completed successfully!
[2025-05-26 22:01:41.400] Progress: 18.8% (264/1408)
[2025-05-26 22:01:41.400] Successful: 264, Failed: 0
[2025-05-26 22:01:41.400] Time remaining: 42.8h
[2025-05-26 22:01:41.400] Waiting 5 seconds before next sample...
[2025-05-26 22:01:46.401] SAMPLE 265/1408
[2025-05-26 22:01:46.401] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:01:46.401] File: 3a4bd5288b89aa26fbe39353b93c1205efa671be4f96e50beae0965f45fdcc40.exe
[2025-05-26 22:01:46.401] Path: D:\new\ransomware_high_confidence\blackmatter\3a4bd5288b89aa26fbe39353b93c1205efa671be4f96e50beae0965f45fdcc40.exe
[2025-05-26 22:01:46.401] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\3a4bd5288b89aa26fbe39353b93c1205efa671be4f96e50beae0965f45fdcc40.exe
[2025-05-26 22:01:46.401] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:01:47.951] Restoring snapshot 35 done
[2025-05-26 22:01:47.951] Starting up VM
[2025-05-26 22:01:54.394] Starting up VM done
[2025-05-26 22:01:54.394] Installing kernel driver
[2025-05-26 22:01:54.395] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:01:59.032] Kernel driver installation completed
[2025-05-26 22:01:59.032] Starting GP driver service
[2025-05-26 22:01:59.032] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:02:02.190] GP driver service started
[2025-05-26 22:02:02.190] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\3a4bd5288b89aa26fbe39353b93c1205efa671be4f96e50beae0965f45fdcc40.exe
[2025-05-26 22:02:02.190] Malware execution started
[2025-05-26 22:02:02.190] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:03:02.199] Taking screenshot
[2025-05-26 22:03:02.263] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:04:03.478] Powering off VM done
[2025-05-26 22:04:06.478] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:04:07.801] Restoring snapshot 35 done
[2025-05-26 22:04:07.801] Kernel telemetry analysis completed in 141.4 seconds.

[2025-05-26 22:04:07.801] ✅ Analysis completed successfully!
[2025-05-26 22:04:07.801] Progress: 18.8% (265/1408)
[2025-05-26 22:04:07.801] Successful: 265, Failed: 0
[2025-05-26 22:04:07.801] Time remaining: 42.7h
[2025-05-26 22:04:07.801] Waiting 5 seconds before next sample...
[2025-05-26 22:04:12.801] SAMPLE 266/1408
[2025-05-26 22:04:12.801] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:04:12.801] File: 45ecce9dfec886e2b092a996f6affb9e7417d6121e58b0ec643be7e36a03106d.exe
[2025-05-26 22:04:12.801] Path: D:\new\ransomware_high_confidence\blackmatter\45ecce9dfec886e2b092a996f6affb9e7417d6121e58b0ec643be7e36a03106d.exe
[2025-05-26 22:04:12.801] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\45ecce9dfec886e2b092a996f6affb9e7417d6121e58b0ec643be7e36a03106d.exe
[2025-05-26 22:04:12.801] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:04:14.354] Restoring snapshot 35 done
[2025-05-26 22:04:14.354] Starting up VM
[2025-05-26 22:04:21.037] Starting up VM done
[2025-05-26 22:04:21.037] Installing kernel driver
[2025-05-26 22:04:21.037] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:04:25.415] Kernel driver installation completed
[2025-05-26 22:04:25.415] Starting GP driver service
[2025-05-26 22:04:25.415] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:04:28.564] GP driver service started
[2025-05-26 22:04:28.564] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\45ecce9dfec886e2b092a996f6affb9e7417d6121e58b0ec643be7e36a03106d.exe
[2025-05-26 22:04:28.565] Malware execution started
[2025-05-26 22:04:28.565] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:05:28.573] Taking screenshot
[2025-05-26 22:05:28.638] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:06:49.371] Powering off VM done
[2025-05-26 22:06:52.371] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:06:53.565] Restoring snapshot 35 done
[2025-05-26 22:06:53.565] Kernel telemetry analysis completed in 160.8 seconds.

[2025-05-26 22:06:53.565] ✅ Analysis completed successfully!
[2025-05-26 22:06:53.565] Progress: 18.9% (266/1408)
[2025-05-26 22:06:53.565] Successful: 266, Failed: 0
[2025-05-26 22:06:53.565] Time remaining: 42.7h
[2025-05-26 22:06:53.566] Waiting 5 seconds before next sample...
[2025-05-26 22:06:58.566] SAMPLE 267/1408
[2025-05-26 22:06:58.566] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:06:58.566] File: 4be85e2083b64838fb66b92195a250228a721cdb5ae91817ea97b37aa53f4a2b.exe
[2025-05-26 22:06:58.566] Path: D:\new\ransomware_high_confidence\blackmatter\4be85e2083b64838fb66b92195a250228a721cdb5ae91817ea97b37aa53f4a2b.exe
[2025-05-26 22:06:58.566] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\4be85e2083b64838fb66b92195a250228a721cdb5ae91817ea97b37aa53f4a2b.exe
[2025-05-26 22:06:58.566] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:07:00.346] Restoring snapshot 35 done
[2025-05-26 22:07:00.346] Starting up VM
[2025-05-26 22:07:06.484] Starting up VM done
[2025-05-26 22:07:06.484] Installing kernel driver
[2025-05-26 22:07:06.484] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:07:10.622] Kernel driver installation completed
[2025-05-26 22:07:10.622] Starting GP driver service
[2025-05-26 22:07:10.622] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:07:13.772] GP driver service started
[2025-05-26 22:07:13.772] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\4be85e2083b64838fb66b92195a250228a721cdb5ae91817ea97b37aa53f4a2b.exe
[2025-05-26 22:07:13.773] Malware execution started
[2025-05-26 22:07:13.773] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:08:13.781] Taking screenshot
[2025-05-26 22:08:13.844] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:09:09.123] Powering off VM done
[2025-05-26 22:09:12.123] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:09:13.569] Restoring snapshot 35 done
[2025-05-26 22:09:13.569] Kernel telemetry analysis completed in 135.0 seconds.

[2025-05-26 22:09:13.569] ✅ Analysis completed successfully!
[2025-05-26 22:09:13.569] Progress: 19.0% (267/1408)
[2025-05-26 22:09:13.569] Successful: 267, Failed: 0
[2025-05-26 22:09:13.569] Time remaining: 42.7h
[2025-05-26 22:09:13.569] Waiting 5 seconds before next sample...
[2025-05-26 22:09:18.570] SAMPLE 268/1408
[2025-05-26 22:09:18.570] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:09:18.570] File: 520bd9ed608c668810971dbd51184c6a29819674280b018dc4027bc38fc42e57.exe
[2025-05-26 22:09:18.570] Path: D:\new\ransomware_high_confidence\blackmatter\520bd9ed608c668810971dbd51184c6a29819674280b018dc4027bc38fc42e57.exe
[2025-05-26 22:09:18.570] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\520bd9ed608c668810971dbd51184c6a29819674280b018dc4027bc38fc42e57.exe
[2025-05-26 22:09:18.570] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:09:20.619] Restoring snapshot 35 done
[2025-05-26 22:09:20.619] Starting up VM
[2025-05-26 22:09:26.981] Starting up VM done
[2025-05-26 22:09:26.981] Installing kernel driver
[2025-05-26 22:09:26.981] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:09:31.315] Kernel driver installation completed
[2025-05-26 22:09:31.315] Starting GP driver service
[2025-05-26 22:09:31.315] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:09:34.469] GP driver service started
[2025-05-26 22:09:34.469] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\520bd9ed608c668810971dbd51184c6a29819674280b018dc4027bc38fc42e57.exe
[2025-05-26 22:09:34.470] Malware execution started
[2025-05-26 22:09:34.470] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:10:34.477] Taking screenshot
[2025-05-26 22:10:34.539] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:11:14.808] Powering off VM done
[2025-05-26 22:11:17.808] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:11:19.744] Restoring snapshot 35 done
[2025-05-26 22:11:19.744] Kernel telemetry analysis completed in 121.2 seconds.

[2025-05-26 22:11:19.744] ✅ Analysis completed successfully!
[2025-05-26 22:11:19.744] Progress: 19.0% (268/1408)
[2025-05-26 22:11:19.744] Successful: 268, Failed: 0
[2025-05-26 22:11:19.744] Time remaining: 42.7h
[2025-05-26 22:11:19.745] Waiting 5 seconds before next sample...
[2025-05-26 22:11:24.745] SAMPLE 269/1408
[2025-05-26 22:11:24.745] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:11:24.745] File: 53c704934228ec0660e50422b5ee340332f0df491aa50c6367ed343edb5ed16a.exe
[2025-05-26 22:11:24.745] Path: D:\new\ransomware_high_confidence\blackmatter\53c704934228ec0660e50422b5ee340332f0df491aa50c6367ed343edb5ed16a.exe
[2025-05-26 22:11:24.745] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\53c704934228ec0660e50422b5ee340332f0df491aa50c6367ed343edb5ed16a.exe
[2025-05-26 22:11:24.745] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:11:26.291] Restoring snapshot 35 done
[2025-05-26 22:11:26.291] Starting up VM
[2025-05-26 22:11:32.731] Starting up VM done
[2025-05-26 22:11:32.731] Installing kernel driver
[2025-05-26 22:11:32.731] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:11:36.597] Kernel driver installation completed
[2025-05-26 22:11:36.597] Starting GP driver service
[2025-05-26 22:11:36.597] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:11:39.746] GP driver service started
[2025-05-26 22:11:39.746] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\53c704934228ec0660e50422b5ee340332f0df491aa50c6367ed343edb5ed16a.exe
[2025-05-26 22:11:39.746] Malware execution started
[2025-05-26 22:11:39.747] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:12:39.755] Taking screenshot
[2025-05-26 22:12:39.816] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:12:54.037] Powering off VM done
[2025-05-26 22:12:57.038] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:12:58.256] Restoring snapshot 35 done
[2025-05-26 22:12:58.256] Kernel telemetry analysis completed in 93.5 seconds.

[2025-05-26 22:12:58.256] ✅ Analysis completed successfully!
[2025-05-26 22:12:58.256] Progress: 19.1% (269/1408)
[2025-05-26 22:12:58.256] Successful: 269, Failed: 0
[2025-05-26 22:12:58.256] Time remaining: 42.6h
[2025-05-26 22:12:58.256] Waiting 5 seconds before next sample...
[2025-05-26 22:13:03.256] SAMPLE 270/1408
[2025-05-26 22:13:03.256] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:13:03.256] File: 5da8d2e1b36be0d661d276ea6523760dbe3fa4f3fdb7e32b144812ce50c483fa.exe
[2025-05-26 22:13:03.256] Path: D:\new\ransomware_high_confidence\blackmatter\5da8d2e1b36be0d661d276ea6523760dbe3fa4f3fdb7e32b144812ce50c483fa.exe
[2025-05-26 22:13:03.256] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\5da8d2e1b36be0d661d276ea6523760dbe3fa4f3fdb7e32b144812ce50c483fa.exe
[2025-05-26 22:13:03.256] Malware ex

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:13:05.024] Restoring snapshot 35 done
[2025-05-26 22:13:05.024] Starting up VM
[2025-05-26 22:13:11.479] Starting up VM done
[2025-05-26 22:13:11.479] Installing kernel driver
[2025-05-26 22:13:11.479] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:13:15.288] Kernel driver installation completed
[2025-05-26 22:13:15.289] Starting GP driver service
[2025-05-26 22:13:15.289] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:13:18.444] GP driver service started
[2025-05-26 22:13:18.444] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\5da8d2e1b36be0d661d276ea6523760dbe3fa4f3fdb7e32b144812ce50c483fa.exe
[2025-05-26 22:13:18.445] Malware execution started
[2025-05-26 22:13:18.445] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:14:18.453] Taking screenshot
[2025-05-26 22:14:18.515] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:15:32.773] Powering off VM done
[2025-05-26 22:15:35.773] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:15:37.006] Restoring snapshot 35 done
[2025-05-26 22:15:37.006] Kernel telemetry analysis completed in 153.7 seconds.

[2025-05-26 22:15:37.006] ✅ Analysis completed successfully!
[2025-05-26 22:15:37.006] Progress: 19.2% (270/1408)
[2025-05-26 22:15:37.006] Successful: 270, Failed: 0
[2025-05-26 22:15:37.006] Time remaining: 42.6h
[2025-05-26 22:15:37.006] Waiting 5 seconds before next sample...
[2025-05-26 22:15:42.007] SAMPLE 271/1408
[2025-05-26 22:15:42.007] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:15:42.007] File: 668a4a2300f36c9df0f7307cc614be3297f036fa312a424765cdb2c169187fe6.exe
[2025-05-26 22:15:42.007] Path: D:\new\ransomware_high_confidence\blackmatter\668a4a2300f36c9df0f7307cc614be3297f036fa312a424765cdb2c169187fe6.exe
[2025-05-26 22:15:42.007] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\668a4a2300f36c9df0f7307cc614be3297f036fa312a424765cdb2c169187fe6.exe
[2025-05-26 22:15:42.007] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:15:43.642] Restoring snapshot 35 done
[2025-05-26 22:15:43.642] Starting up VM
[2025-05-26 22:15:49.970] Starting up VM done
[2025-05-26 22:15:49.970] Installing kernel driver
[2025-05-26 22:15:49.970] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:15:54.382] Kernel driver installation completed
[2025-05-26 22:15:54.382] Starting GP driver service
[2025-05-26 22:15:54.382] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:15:57.537] GP driver service started
[2025-05-26 22:15:57.537] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\668a4a2300f36c9df0f7307cc614be3297f036fa312a424765cdb2c169187fe6.exe
[2025-05-26 22:15:57.538] Malware execution started
[2025-05-26 22:15:57.538] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:16:57.546] Taking screenshot
[2025-05-26 22:16:57.609] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:17:40.377] Powering off VM done
[2025-05-26 22:17:43.378] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:17:44.495] Restoring snapshot 35 done
[2025-05-26 22:17:44.495] Kernel telemetry analysis completed in 122.5 seconds.

[2025-05-26 22:17:44.495] ✅ Analysis completed successfully!
[2025-05-26 22:17:44.495] Progress: 19.2% (271/1408)
[2025-05-26 22:17:44.495] Successful: 271, Failed: 0
[2025-05-26 22:17:44.495] Time remaining: 42.5h
[2025-05-26 22:17:44.495] Waiting 5 seconds before next sample...
[2025-05-26 22:17:49.495] SAMPLE 272/1408
[2025-05-26 22:17:49.495] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:17:49.495] File: 66e6563ecef8f33b1b283a63404a2029550af9a6574b84e0fb3f2c6a8f42e89f.exe
[2025-05-26 22:17:49.495] Path: D:\new\ransomware_high_confidence\blackmatter\66e6563ecef8f33b1b283a63404a2029550af9a6574b84e0fb3f2c6a8f42e89f.exe
[2025-05-26 22:17:49.495] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\66e6563ecef8f33b1b283a63404a2029550af9a6574b84e0fb3f2c6a8f42e89f.exe
[2025-05-26 22:17:49.495] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:17:50.820] Restoring snapshot 35 done
[2025-05-26 22:17:50.821] Starting up VM
[2025-05-26 22:17:57.264] Starting up VM done
[2025-05-26 22:17:57.264] Installing kernel driver
[2025-05-26 22:17:57.264] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:18:01.460] Kernel driver installation completed
[2025-05-26 22:18:01.460] Starting GP driver service
[2025-05-26 22:18:01.460] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:18:04.607] GP driver service started
[2025-05-26 22:18:04.607] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\66e6563ecef8f33b1b283a63404a2029550af9a6574b84e0fb3f2c6a8f42e89f.exe
[2025-05-26 22:18:04.608] Malware execution started
[2025-05-26 22:18:04.608] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:19:04.616] Taking screenshot
[2025-05-26 22:19:04.679] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:19:39.794] Powering off VM done
[2025-05-26 22:19:42.794] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:19:44.779] Restoring snapshot 35 done
[2025-05-26 22:19:44.779] Kernel telemetry analysis completed in 115.3 seconds.

[2025-05-26 22:19:44.779] ✅ Analysis completed successfully!
[2025-05-26 22:19:44.779] Progress: 19.3% (272/1408)
[2025-05-26 22:19:44.779] Successful: 272, Failed: 0
[2025-05-26 22:19:44.779] Time remaining: 42.5h
[2025-05-26 22:19:44.780] Waiting 5 seconds before next sample...
[2025-05-26 22:19:49.780] SAMPLE 273/1408
[2025-05-26 22:19:49.780] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:19:49.780] File: 67d8a3a6816aaf8e187d75a11d733c65191202487c5295eed403510c45b2b478.exe
[2025-05-26 22:19:49.780] Path: D:\new\ransomware_high_confidence\blackmatter\67d8a3a6816aaf8e187d75a11d733c65191202487c5295eed403510c45b2b478.exe
[2025-05-26 22:19:49.780] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\67d8a3a6816aaf8e187d75a11d733c65191202487c5295eed403510c45b2b478.exe
[2025-05-26 22:19:49.780] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:19:52.206] Restoring snapshot 35 done
[2025-05-26 22:19:52.206] Starting up VM
[2025-05-26 22:19:58.273] Starting up VM done
[2025-05-26 22:19:58.273] Installing kernel driver
[2025-05-26 22:19:58.273] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:20:02.607] Kernel driver installation completed
[2025-05-26 22:20:02.607] Starting GP driver service
[2025-05-26 22:20:02.607] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:20:05.771] GP driver service started
[2025-05-26 22:20:05.771] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\67d8a3a6816aaf8e187d75a11d733c65191202487c5295eed403510c45b2b478.exe
[2025-05-26 22:20:05.772] Malware execution started
[2025-05-26 22:20:05.772] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:21:05.780] Taking screenshot
[2025-05-26 22:21:05.841] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:21:43.623] Powering off VM done
[2025-05-26 22:21:46.623] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:21:48.124] Restoring snapshot 35 done
[2025-05-26 22:21:48.125] Kernel telemetry analysis completed in 118.3 seconds.

[2025-05-26 22:21:48.125] ✅ Analysis completed successfully!
[2025-05-26 22:21:48.125] Progress: 19.4% (273/1408)
[2025-05-26 22:21:48.125] Successful: 273, Failed: 0
[2025-05-26 22:21:48.125] Time remaining: 42.4h
[2025-05-26 22:21:48.125] Waiting 5 seconds before next sample...
[2025-05-26 22:21:53.125] SAMPLE 274/1408
[2025-05-26 22:21:53.125] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:21:53.125] File: 6d4712df42ad0982041ef0e2e109ab5718b43830f2966bd9207a7fac3af883db.exe
[2025-05-26 22:21:53.125] Path: D:\new\ransomware_high_confidence\blackmatter\6d4712df42ad0982041ef0e2e109ab5718b43830f2966bd9207a7fac3af883db.exe
[2025-05-26 22:21:53.125] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\6d4712df42ad0982041ef0e2e109ab5718b43830f2966bd9207a7fac3af883db.exe
[2025-05-26 22:21:53.125] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:21:54.621] Restoring snapshot 35 done
[2025-05-26 22:21:54.621] Starting up VM
[2025-05-26 22:22:01.036] Starting up VM done
[2025-05-26 22:22:01.036] Installing kernel driver
[2025-05-26 22:22:01.036] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:22:05.265] Kernel driver installation completed
[2025-05-26 22:22:05.265] Starting GP driver service
[2025-05-26 22:22:05.265] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:22:08.425] GP driver service started
[2025-05-26 22:22:08.425] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\6d4712df42ad0982041ef0e2e109ab5718b43830f2966bd9207a7fac3af883db.exe
[2025-05-26 22:22:08.425] Malware execution started
[2025-05-26 22:22:08.425] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:23:08.433] Taking screenshot
[2025-05-26 22:23:08.497] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:23:49.530] Powering off VM done
[2025-05-26 22:23:52.530] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:23:54.043] Restoring snapshot 35 done
[2025-05-26 22:23:54.043] Kernel telemetry analysis completed in 120.9 seconds.

[2025-05-26 22:23:54.043] ✅ Analysis completed successfully!
[2025-05-26 22:23:54.043] Progress: 19.5% (274/1408)
[2025-05-26 22:23:54.043] Successful: 274, Failed: 0
[2025-05-26 22:23:54.043] Time remaining: 42.4h
[2025-05-26 22:23:54.043] Waiting 5 seconds before next sample...
[2025-05-26 22:23:59.043] SAMPLE 275/1408
[2025-05-26 22:23:59.043] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:23:59.043] File: 6ee278e62994b9340a2f1584a1c156ffa378075ebf134b1e06d5e3e426a01f75.exe
[2025-05-26 22:23:59.043] Path: D:\new\ransomware_high_confidence\blackmatter\6ee278e62994b9340a2f1584a1c156ffa378075ebf134b1e06d5e3e426a01f75.exe
[2025-05-26 22:23:59.043] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\6ee278e62994b9340a2f1584a1c156ffa378075ebf134b1e06d5e3e426a01f75.exe
[2025-05-26 22:23:59.043] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:23:59.680] Restoring snapshot 35 done
[2025-05-26 22:23:59.680] Starting up VM
[2025-05-26 22:24:05.767] Starting up VM done
[2025-05-26 22:24:05.768] Installing kernel driver
[2025-05-26 22:24:05.768] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:24:09.470] Kernel driver installation completed
[2025-05-26 22:24:09.470] Starting GP driver service
[2025-05-26 22:24:09.470] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:24:12.627] GP driver service started
[2025-05-26 22:24:12.627] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\6ee278e62994b9340a2f1584a1c156ffa378075ebf134b1e06d5e3e426a01f75.exe
[2025-05-26 22:24:12.627] Malware execution started
[2025-05-26 22:24:12.627] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:25:12.635] Taking screenshot
[2025-05-26 22:25:12.698] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:25:32.644] Powering off VM done
[2025-05-26 22:25:35.644] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:25:36.925] Restoring snapshot 35 done
[2025-05-26 22:25:36.925] Kernel telemetry analysis completed in 97.9 seconds.

[2025-05-26 22:25:36.925] ✅ Analysis completed successfully!
[2025-05-26 22:25:36.925] Progress: 19.5% (275/1408)
[2025-05-26 22:25:36.925] Successful: 275, Failed: 0
[2025-05-26 22:25:36.925] Time remaining: 42.3h
[2025-05-26 22:25:36.925] Waiting 5 seconds before next sample...
[2025-05-26 22:25:41.925] SAMPLE 276/1408
[2025-05-26 22:25:41.925] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:25:41.925] File: 706f3eec328e91ff7f66c8f0a2fb9b556325c153a329a2062dc85879c540839d.exe
[2025-05-26 22:25:41.925] Path: D:\new\ransomware_high_confidence\blackmatter\706f3eec328e91ff7f66c8f0a2fb9b556325c153a329a2062dc85879c540839d.exe
[2025-05-26 22:25:41.925] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\706f3eec328e91ff7f66c8f0a2fb9b556325c153a329a2062dc85879c540839d.exe
[2025-05-26 22:25:41.925] Malware ex

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:25:43.906] Restoring snapshot 35 done
[2025-05-26 22:25:43.906] Starting up VM
[2025-05-26 22:25:50.221] Starting up VM done
[2025-05-26 22:25:50.221] Installing kernel driver
[2025-05-26 22:25:50.221] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:25:54.366] Kernel driver installation completed
[2025-05-26 22:25:54.366] Starting GP driver service
[2025-05-26 22:25:54.366] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:25:57.526] GP driver service started
[2025-05-26 22:25:57.526] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\706f3eec328e91ff7f66c8f0a2fb9b556325c153a329a2062dc85879c540839d.exe
[2025-05-26 22:25:57.527] Malware execution started
[2025-05-26 22:25:57.527] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:26:57.535] Taking screenshot
[2025-05-26 22:26:57.598] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:27:17.229] Powering off VM done
[2025-05-26 22:27:20.229] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:27:21.443] Restoring snapshot 35 done
[2025-05-26 22:27:21.443] Kernel telemetry analysis completed in 99.5 seconds.

[2025-05-26 22:27:21.443] ✅ Analysis completed successfully!
[2025-05-26 22:27:21.443] Progress: 19.6% (276/1408)
[2025-05-26 22:27:21.443] Successful: 276, Failed: 0
[2025-05-26 22:27:21.443] Time remaining: 42.2h
[2025-05-26 22:27:21.443] Waiting 5 seconds before next sample...
[2025-05-26 22:27:26.443] SAMPLE 277/1408
[2025-05-26 22:27:26.443] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:27:26.443] File: 730f2d6243055c786d737bae0665267b962c64f57132e9ab401d6e7625c3d0a4.exe
[2025-05-26 22:27:26.443] Path: D:\new\ransomware_high_confidence\blackmatter\730f2d6243055c786d737bae0665267b962c64f57132e9ab401d6e7625c3d0a4.exe
[2025-05-26 22:27:26.443] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\730f2d6243055c786d737bae0665267b962c64f57132e9ab401d6e7625c3d0a4.exe
[2025-05-26 22:27:26.443] Malware ex

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:27:28.139] Restoring snapshot 35 done
[2025-05-26 22:27:28.139] Starting up VM
[2025-05-26 22:27:33.947] Starting up VM done
[2025-05-26 22:27:33.947] Installing kernel driver
[2025-05-26 22:27:33.947] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:27:38.279] Kernel driver installation completed
[2025-05-26 22:27:38.279] Starting GP driver service
[2025-05-26 22:27:38.279] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:27:41.430] GP driver service started
[2025-05-26 22:27:41.430] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\730f2d6243055c786d737bae0665267b962c64f57132e9ab401d6e7625c3d0a4.exe
[2025-05-26 22:27:41.430] Malware execution started
[2025-05-26 22:27:41.430] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:28:41.439] Taking screenshot
[2025-05-26 22:28:41.502] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:29:23.746] Powering off VM done
[2025-05-26 22:29:26.747] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:29:28.084] Restoring snapshot 35 done
[2025-05-26 22:29:28.084] Kernel telemetry analysis completed in 121.6 seconds.

[2025-05-26 22:29:28.084] ✅ Analysis completed successfully!
[2025-05-26 22:29:28.084] Progress: 19.7% (277/1408)
[2025-05-26 22:29:28.084] Successful: 277, Failed: 0
[2025-05-26 22:29:28.084] Time remaining: 42.2h
[2025-05-26 22:29:28.084] Waiting 5 seconds before next sample...
[2025-05-26 22:29:33.084] SAMPLE 278/1408
[2025-05-26 22:29:33.084] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:29:33.084] File: 7f6dd0ca03f04b64024e86a72a6d7cfab6abccc2173b85896fc4b431990a5984.exe
[2025-05-26 22:29:33.084] Path: D:\new\ransomware_high_confidence\blackmatter\7f6dd0ca03f04b64024e86a72a6d7cfab6abccc2173b85896fc4b431990a5984.exe
[2025-05-26 22:29:33.084] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\7f6dd0ca03f04b64024e86a72a6d7cfab6abccc2173b85896fc4b431990a5984.exe
[2025-05-26 22:29:33.084] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:29:34.886] Restoring snapshot 35 done
[2025-05-26 22:29:34.886] Starting up VM
[2025-05-26 22:29:41.522] Starting up VM done
[2025-05-26 22:29:41.522] Installing kernel driver
[2025-05-26 22:29:41.522] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:29:45.345] Kernel driver installation completed
[2025-05-26 22:29:45.345] Starting GP driver service
[2025-05-26 22:29:45.345] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:29:48.497] GP driver service started
[2025-05-26 22:29:48.497] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\7f6dd0ca03f04b64024e86a72a6d7cfab6abccc2173b85896fc4b431990a5984.exe
[2025-05-26 22:29:48.497] Malware execution started
[2025-05-26 22:29:48.497] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:30:48.505] Taking screenshot
[2025-05-26 22:30:48.568] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:31:59.280] Powering off VM done
[2025-05-26 22:32:02.280] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:32:03.604] Restoring snapshot 35 done
[2025-05-26 22:32:03.604] Kernel telemetry analysis completed in 150.5 seconds.

[2025-05-26 22:32:03.604] ✅ Analysis completed successfully!
[2025-05-26 22:32:03.604] Progress: 19.7% (278/1408)
[2025-05-26 22:32:03.604] Successful: 278, Failed: 0
[2025-05-26 22:32:03.604] Time remaining: 42.2h
[2025-05-26 22:32:03.604] Waiting 5 seconds before next sample...
[2025-05-26 22:32:08.604] SAMPLE 279/1408
[2025-05-26 22:32:08.604] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:32:08.604] File: 84af3f15701d259f3729d83beb15ca738028432c261353d1f9242469d791714f.exe
[2025-05-26 22:32:08.604] Path: D:\new\ransomware_high_confidence\blackmatter\84af3f15701d259f3729d83beb15ca738028432c261353d1f9242469d791714f.exe
[2025-05-26 22:32:08.604] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\84af3f15701d259f3729d83beb15ca738028432c261353d1f9242469d791714f.exe
[2025-05-26 22:32:08.604] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:32:10.424] Restoring snapshot 35 done
[2025-05-26 22:32:10.424] Starting up VM
[2025-05-26 22:32:16.375] Starting up VM done
[2025-05-26 22:32:16.375] Installing kernel driver
[2025-05-26 22:32:16.375] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:32:20.812] Kernel driver installation completed
[2025-05-26 22:32:20.812] Starting GP driver service
[2025-05-26 22:32:20.812] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:32:23.965] GP driver service started
[2025-05-26 22:32:23.966] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\84af3f15701d259f3729d83beb15ca738028432c261353d1f9242469d791714f.exe
[2025-05-26 22:32:23.966] Malware execution started
[2025-05-26 22:32:23.966] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:33:23.974] Taking screenshot
[2025-05-26 22:33:24.036] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:34:04.044] Powering off VM done
[2025-05-26 22:34:07.044] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:34:08.522] Restoring snapshot 35 done
[2025-05-26 22:34:08.522] Kernel telemetry analysis completed in 119.9 seconds.

[2025-05-26 22:34:08.522] ✅ Analysis completed successfully!
[2025-05-26 22:34:08.522] Progress: 19.8% (279/1408)
[2025-05-26 22:34:08.522] Successful: 279, Failed: 0
[2025-05-26 22:34:08.522] Time remaining: 42.1h
[2025-05-26 22:34:08.522] Waiting 5 seconds before next sample...
[2025-05-26 22:34:13.522] SAMPLE 280/1408
[2025-05-26 22:34:13.522] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:34:13.522] File: 86c84c07e27cc8aba129e1cf51215b65c445f178b94f2e8c4c10e6bc110daa94.exe
[2025-05-26 22:34:13.522] Path: D:\new\ransomware_high_confidence\blackmatter\86c84c07e27cc8aba129e1cf51215b65c445f178b94f2e8c4c10e6bc110daa94.exe
[2025-05-26 22:34:13.523] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\86c84c07e27cc8aba129e1cf51215b65c445f178b94f2e8c4c10e6bc110daa94.exe
[2025-05-26 22:34:13.523] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:34:14.633] Restoring snapshot 35 done
[2025-05-26 22:34:14.633] Starting up VM
[2025-05-26 22:34:20.520] Starting up VM done
[2025-05-26 22:34:20.520] Installing kernel driver
[2025-05-26 22:34:20.520] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:34:24.094] Kernel driver installation completed
[2025-05-26 22:34:24.094] Starting GP driver service
[2025-05-26 22:34:24.094] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:34:27.250] GP driver service started
[2025-05-26 22:34:27.250] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\86c84c07e27cc8aba129e1cf51215b65c445f178b94f2e8c4c10e6bc110daa94.exe
[2025-05-26 22:34:27.250] Malware execution started
[2025-05-26 22:34:27.250] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:35:27.259] Taking screenshot
[2025-05-26 22:35:27.320] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:35:44.126] Powering off VM done
[2025-05-26 22:35:47.127] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:35:48.505] Restoring snapshot 35 done
[2025-05-26 22:35:48.505] Kernel telemetry analysis completed in 95.0 seconds.

[2025-05-26 22:35:48.505] ✅ Analysis completed successfully!
[2025-05-26 22:35:48.505] Progress: 19.9% (280/1408)
[2025-05-26 22:35:48.505] Successful: 280, Failed: 0
[2025-05-26 22:35:48.505] Time remaining: 42.1h
[2025-05-26 22:35:48.505] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-26 22:35:53.506] SAMPLE 281/1408
[2025-05-26 22:35:53.506] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:35:53.506] File: 8e41970c748b56f4ab656e9e51295d9bf53c40da2ae0a1b099459d732716f739.exe
[2025-05-26 22:35:53.506] Path: D:\new\ransomware_high_confidence\blackmatter\8e41970c748b56f4ab656e9e51295d9bf53c40da2ae0a1b099459d732716f739.exe
[2025-05-26 22:35:53.506] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\8e41970c748b56f4ab656e9e51295d9bf53c40da2ae0a1b099459d732716f739.exe
[2025-05-26 22:35:53.506] Malware execution time: 60 seconds
[2025-05-26 22:35:53.506] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:35:54.742] Restoring snapshot 35 done
[2025-05-26 22:35:54.742] Starting up VM
[2025-05-26 22:36:00.981] Starting up VM done
[2025-05-26 22:36:00.981] Installing kernel driver
[2025-05-26 22:36:00.981] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:36:04.693] Kernel driver installation completed
[2025-05-26 22:36:04.693] Starting GP driver service
[2025-05-26 22:36:04.693] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:36:07.844] GP driver service started
[2025-05-26 22:36:07.844] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\8e41970c748b56f4ab656e9e51295d9bf53c40da2ae0a1b099459d732716f739.exe
[2025-05-26 22:36:07.844] Malware execution started
[2025-05-26 22:36:07.844] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:37:07.852] Taking screenshot
[2025-05-26 22:37:07.913] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:38:04.597] Powering off VM done
[2025-05-26 22:38:07.597] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:38:08.821] Restoring snapshot 35 done
[2025-05-26 22:38:08.821] Kernel telemetry analysis completed in 135.3 seconds.

[2025-05-26 22:38:08.821] ✅ Analysis completed successfully!
[2025-05-26 22:38:08.821] Progress: 20.0% (281/1408)
[2025-05-26 22:38:08.821] Successful: 281, Failed: 0
[2025-05-26 22:38:08.821] Time remaining: 42.0h
[2025-05-26 22:38:08.821] Waiting 5 seconds before next sample...
[2025-05-26 22:38:13.822] SAMPLE 282/1408
[2025-05-26 22:38:13.822] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:38:13.822] File: 8eada5114fbbc73b7d648b38623fc206367c94c0e76cb3b395a33ea8859d2952.exe
[2025-05-26 22:38:13.822] Path: D:\new\ransomware_high_confidence\blackmatter\8eada5114fbbc73b7d648b38623fc206367c94c0e76cb3b395a33ea8859d2952.exe
[2025-05-26 22:38:13.822] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\8eada5114fbbc73b7d648b38623fc206367c94c0e76cb3b395a33ea8859d2952.exe
[2025-05-26 22:38:13.822] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:38:15.368] Restoring snapshot 35 done
[2025-05-26 22:38:15.368] Starting up VM
[2025-05-26 22:38:21.802] Starting up VM done
[2025-05-26 22:38:21.802] Installing kernel driver
[2025-05-26 22:38:21.802] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:38:26.505] Kernel driver installation completed
[2025-05-26 22:38:26.505] Starting GP driver service
[2025-05-26 22:38:26.505] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:38:29.657] GP driver service started
[2025-05-26 22:38:29.657] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\8eada5114fbbc73b7d648b38623fc206367c94c0e76cb3b395a33ea8859d2952.exe
[2025-05-26 22:38:29.657] Malware execution started
[2025-05-26 22:38:29.657] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:39:29.664] Taking screenshot
[2025-05-26 22:39:29.728] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:40:41.074] Powering off VM done
[2025-05-26 22:40:44.075] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:40:45.406] Restoring snapshot 35 done
[2025-05-26 22:40:45.406] Kernel telemetry analysis completed in 151.6 seconds.

[2025-05-26 22:40:45.406] ✅ Analysis completed successfully!
[2025-05-26 22:40:45.406] Progress: 20.0% (282/1408)
[2025-05-26 22:40:45.406] Successful: 282, Failed: 0
[2025-05-26 22:40:45.406] Time remaining: 42.0h
[2025-05-26 22:40:45.406] Waiting 5 seconds before next sample...
[2025-05-26 22:40:50.406] SAMPLE 283/1408
[2025-05-26 22:40:50.406] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:40:50.406] File: 8f1b0affffb2f2f58b477515d1ce54f4daa40a761d828041603d5536c2d53539.exe
[2025-05-26 22:40:50.406] Path: D:\new\ransomware_high_confidence\blackmatter\8f1b0affffb2f2f58b477515d1ce54f4daa40a761d828041603d5536c2d53539.exe
[2025-05-26 22:40:50.406] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\8f1b0affffb2f2f58b477515d1ce54f4daa40a761d828041603d5536c2d53539.exe
[2025-05-26 22:40:50.406] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:40:52.216] Restoring snapshot 35 done
[2025-05-26 22:40:52.217] Starting up VM
[2025-05-26 22:40:58.548] Starting up VM done
[2025-05-26 22:40:58.548] Installing kernel driver
[2025-05-26 22:40:58.548] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:41:02.982] Kernel driver installation completed
[2025-05-26 22:41:02.982] Starting GP driver service
[2025-05-26 22:41:02.982] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:41:06.140] GP driver service started
[2025-05-26 22:41:06.141] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\8f1b0affffb2f2f58b477515d1ce54f4daa40a761d828041603d5536c2d53539.exe
[2025-05-26 22:41:06.141] Malware execution started
[2025-05-26 22:41:06.141] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:42:06.149] Taking screenshot
[2025-05-26 22:42:06.212] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:43:20.613] Powering off VM done
[2025-05-26 22:43:23.613] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:43:24.643] Restoring snapshot 35 done
[2025-05-26 22:43:24.643] Kernel telemetry analysis completed in 154.2 seconds.

[2025-05-26 22:43:24.643] ✅ Analysis completed successfully!
[2025-05-26 22:43:24.643] Progress: 20.1% (283/1408)
[2025-05-26 22:43:24.643] Successful: 283, Failed: 0
[2025-05-26 22:43:24.643] Time remaining: 42.0h
[2025-05-26 22:43:24.643] Waiting 5 seconds before next sample...
[2025-05-26 22:43:29.643] SAMPLE 284/1408
[2025-05-26 22:43:29.643] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:43:29.643] File: 9bae897c19f237c22b6bdc024df27455e739be24bed07ef0d409f2df87eeda58.exe
[2025-05-26 22:43:29.643] Path: D:\new\ransomware_high_confidence\blackmatter\9bae897c19f237c22b6bdc024df27455e739be24bed07ef0d409f2df87eeda58.exe
[2025-05-26 22:43:29.643] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\9bae897c19f237c22b6bdc024df27455e739be24bed07ef0d409f2df87eeda58.exe
[2025-05-26 22:43:29.643] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:43:31.646] Restoring snapshot 35 done
[2025-05-26 22:43:31.646] Starting up VM
[2025-05-26 22:43:37.980] Starting up VM done
[2025-05-26 22:43:37.980] Installing kernel driver
[2025-05-26 22:43:37.980] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:43:41.722] Kernel driver installation completed
[2025-05-26 22:43:41.722] Starting GP driver service
[2025-05-26 22:43:41.722] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:43:44.883] GP driver service started
[2025-05-26 22:43:44.883] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\9bae897c19f237c22b6bdc024df27455e739be24bed07ef0d409f2df87eeda58.exe
[2025-05-26 22:43:44.883] Malware execution started
[2025-05-26 22:43:44.883] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:44:44.892] Taking screenshot
[2025-05-26 22:44:44.952] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:45:10.837] Powering off VM done
[2025-05-26 22:45:13.837] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:45:15.326] Restoring snapshot 35 done
[2025-05-26 22:45:15.326] Kernel telemetry analysis completed in 105.7 seconds.

[2025-05-26 22:45:15.326] ✅ Analysis completed successfully!
[2025-05-26 22:45:15.326] Progress: 20.2% (284/1408)
[2025-05-26 22:45:15.326] Successful: 284, Failed: 0
[2025-05-26 22:45:15.326] Time remaining: 41.9h
[2025-05-26 22:45:15.326] Waiting 5 seconds before next sample...
[2025-05-26 22:45:20.326] SAMPLE 285/1408
[2025-05-26 22:45:20.326] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:45:20.326] File: 9bd4aaf4c7a7cde7757d7083acba1936909a37709b78f702d5997f18edc2c0c6.exe
[2025-05-26 22:45:20.326] Path: D:\new\ransomware_high_confidence\blackmatter\9bd4aaf4c7a7cde7757d7083acba1936909a37709b78f702d5997f18edc2c0c6.exe
[2025-05-26 22:45:20.326] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\9bd4aaf4c7a7cde7757d7083acba1936909a37709b78f702d5997f18edc2c0c6.exe
[2025-05-26 22:45:20.326] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:45:21.818] Restoring snapshot 35 done
[2025-05-26 22:45:21.818] Starting up VM
[2025-05-26 22:45:28.613] Starting up VM done
[2025-05-26 22:45:28.613] Installing kernel driver
[2025-05-26 22:45:28.613] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:45:33.548] Kernel driver installation completed
[2025-05-26 22:45:33.548] Starting GP driver service
[2025-05-26 22:45:33.548] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:45:36.696] GP driver service started
[2025-05-26 22:45:36.696] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\9bd4aaf4c7a7cde7757d7083acba1936909a37709b78f702d5997f18edc2c0c6.exe
[2025-05-26 22:45:36.697] Malware execution started
[2025-05-26 22:45:36.697] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:46:36.705] Taking screenshot
[2025-05-26 22:46:36.767] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:46:58.689] Powering off VM done
[2025-05-26 22:47:01.690] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:47:03.290] Restoring snapshot 35 done
[2025-05-26 22:47:03.290] Kernel telemetry analysis completed in 103.0 seconds.

[2025-05-26 22:47:03.290] ✅ Analysis completed successfully!
[2025-05-26 22:47:03.290] Progress: 20.2% (285/1408)
[2025-05-26 22:47:03.290] Successful: 285, Failed: 0
[2025-05-26 22:47:03.290] Time remaining: 41.9h
[2025-05-26 22:47:03.290] Waiting 5 seconds before next sample...
[2025-05-26 22:47:08.290] SAMPLE 286/1408
[2025-05-26 22:47:08.290] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:47:08.290] File: 9cf9441554ac727f9d191ad9de1dc101867ffe5264699cafcf2734a4b89d5d6a.exe
[2025-05-26 22:47:08.290] Path: D:\new\ransomware_high_confidence\blackmatter\9cf9441554ac727f9d191ad9de1dc101867ffe5264699cafcf2734a4b89d5d6a.exe
[2025-05-26 22:47:08.290] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\9cf9441554ac727f9d191ad9de1dc101867ffe5264699cafcf2734a4b89d5d6a.exe
[2025-05-26 22:47:08.290] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:47:09.812] Restoring snapshot 35 done
[2025-05-26 22:47:09.813] Starting up VM
[2025-05-26 22:47:16.228] Starting up VM done
[2025-05-26 22:47:16.228] Installing kernel driver
[2025-05-26 22:47:16.228] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:47:20.482] Kernel driver installation completed
[2025-05-26 22:47:20.482] Starting GP driver service
[2025-05-26 22:47:20.482] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:47:23.644] GP driver service started
[2025-05-26 22:47:23.644] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\9cf9441554ac727f9d191ad9de1dc101867ffe5264699cafcf2734a4b89d5d6a.exe
[2025-05-26 22:47:23.645] Malware execution started
[2025-05-26 22:47:23.645] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:48:23.653] Taking screenshot
[2025-05-26 22:48:23.715] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:49:56.659] Powering off VM done
[2025-05-26 22:49:59.660] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:50:01.113] Restoring snapshot 35 done
[2025-05-26 22:50:01.113] Kernel telemetry analysis completed in 172.8 seconds.

[2025-05-26 22:50:01.113] ✅ Analysis completed successfully!
[2025-05-26 22:50:01.113] Progress: 20.3% (286/1408)
[2025-05-26 22:50:01.113] Successful: 286, Failed: 0
[2025-05-26 22:50:01.113] Time remaining: 41.9h
[2025-05-26 22:50:01.113] Waiting 5 seconds before next sample...
[2025-05-26 22:50:06.113] SAMPLE 287/1408
[2025-05-26 22:50:06.113] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:50:06.113] File: a6903580ab0f4f6e41778b8d20c663b56436ae1dda08a241f3ac22ad329870fb.exe
[2025-05-26 22:50:06.113] Path: D:\new\ransomware_high_confidence\blackmatter\a6903580ab0f4f6e41778b8d20c663b56436ae1dda08a241f3ac22ad329870fb.exe
[2025-05-26 22:50:06.113] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\a6903580ab0f4f6e41778b8d20c663b56436ae1dda08a241f3ac22ad329870fb.exe
[2025-05-26 22:50:06.113] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:50:07.658] Restoring snapshot 35 done
[2025-05-26 22:50:07.658] Starting up VM
[2025-05-26 22:50:13.607] Starting up VM done
[2025-05-26 22:50:13.607] Installing kernel driver
[2025-05-26 22:50:13.607] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:50:18.050] Kernel driver installation completed
[2025-05-26 22:50:18.050] Starting GP driver service
[2025-05-26 22:50:18.050] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:50:21.204] GP driver service started
[2025-05-26 22:50:21.204] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\a6903580ab0f4f6e41778b8d20c663b56436ae1dda08a241f3ac22ad329870fb.exe
[2025-05-26 22:50:21.205] Malware execution started
[2025-05-26 22:50:21.205] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:51:21.213] Taking screenshot
[2025-05-26 22:51:21.275] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:51:38.763] Powering off VM done
[2025-05-26 22:51:41.763] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:51:43.079] Restoring snapshot 35 done
[2025-05-26 22:51:43.079] Kernel telemetry analysis completed in 97.0 seconds.

[2025-05-26 22:51:43.079] ✅ Analysis completed successfully!
[2025-05-26 22:51:43.079] Progress: 20.4% (287/1408)
[2025-05-26 22:51:43.079] Successful: 287, Failed: 0
[2025-05-26 22:51:43.079] Time remaining: 41.8h
[2025-05-26 22:51:43.080] Waiting 5 seconds before next sample...
[2025-05-26 22:51:48.080] SAMPLE 288/1408
[2025-05-26 22:51:48.080] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:51:48.080] File: b824bbc645f15e213b4cb2628f7d383e9e37282059b03f6fe60f7c84ea1fed1f.exe
[2025-05-26 22:51:48.080] Path: D:\new\ransomware_high_confidence\blackmatter\b824bbc645f15e213b4cb2628f7d383e9e37282059b03f6fe60f7c84ea1fed1f.exe
[2025-05-26 22:51:48.080] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\b824bbc645f15e213b4cb2628f7d383e9e37282059b03f6fe60f7c84ea1fed1f.exe
[2025-05-26 22:51:48.080] Malware ex

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:51:49.811] Restoring snapshot 35 done
[2025-05-26 22:51:49.811] Starting up VM
[2025-05-26 22:51:56.087] Starting up VM done
[2025-05-26 22:51:56.087] Installing kernel driver
[2025-05-26 22:51:56.087] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:52:00.299] Kernel driver installation completed
[2025-05-26 22:52:00.299] Starting GP driver service
[2025-05-26 22:52:00.299] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:52:03.448] GP driver service started
[2025-05-26 22:52:03.448] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\b824bbc645f15e213b4cb2628f7d383e9e37282059b03f6fe60f7c84ea1fed1f.exe
[2025-05-26 22:52:03.448] Malware execution started
[2025-05-26 22:52:03.448] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:53:03.456] Taking screenshot
[2025-05-26 22:53:03.519] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:54:34.060] Powering off VM done
[2025-05-26 22:54:37.061] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:54:38.499] Restoring snapshot 35 done
[2025-05-26 22:54:38.499] Kernel telemetry analysis completed in 170.4 seconds.

[2025-05-26 22:54:38.499] ✅ Analysis completed successfully!
[2025-05-26 22:54:38.499] Progress: 20.5% (288/1408)
[2025-05-26 22:54:38.499] Successful: 288, Failed: 0
[2025-05-26 22:54:38.499] Time remaining: 41.8h
[2025-05-26 22:54:38.499] Waiting 5 seconds before next sample...
[2025-05-26 22:54:43.500] SAMPLE 289/1408
[2025-05-26 22:54:43.500] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:54:43.500] File: bd0a7378cd96701edafc0a8ddd7b2a9904552be29804750bff47b3e08e23319f.exe
[2025-05-26 22:54:43.500] Path: D:\new\ransomware_high_confidence\blackmatter\bd0a7378cd96701edafc0a8ddd7b2a9904552be29804750bff47b3e08e23319f.exe
[2025-05-26 22:54:43.500] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\bd0a7378cd96701edafc0a8ddd7b2a9904552be29804750bff47b3e08e23319f.exe
[2025-05-26 22:54:43.500] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:54:45.050] Restoring snapshot 35 done
[2025-05-26 22:54:45.050] Starting up VM
[2025-05-26 22:54:51.104] Starting up VM done
[2025-05-26 22:54:51.104] Installing kernel driver
[2025-05-26 22:54:51.104] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:54:55.317] Kernel driver installation completed
[2025-05-26 22:54:55.317] Starting GP driver service
[2025-05-26 22:54:55.317] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:54:58.468] GP driver service started
[2025-05-26 22:54:58.468] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\bd0a7378cd96701edafc0a8ddd7b2a9904552be29804750bff47b3e08e23319f.exe
[2025-05-26 22:54:58.469] Malware execution started
[2025-05-26 22:54:58.469] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:55:58.477] Taking screenshot
[2025-05-26 22:55:58.539] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:57:50.459] Powering off VM done
[2025-05-26 22:57:53.459] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:57:54.874] Restoring snapshot 35 done
[2025-05-26 22:57:54.874] Kernel telemetry analysis completed in 191.4 seconds.

[2025-05-26 22:57:54.874] ✅ Analysis completed successfully!
[2025-05-26 22:57:54.874] Progress: 20.5% (289/1408)
[2025-05-26 22:57:54.874] Successful: 289, Failed: 0
[2025-05-26 22:57:54.874] Time remaining: 41.8h
[2025-05-26 22:57:54.874] Waiting 5 seconds before next sample...
[2025-05-26 22:57:59.874] SAMPLE 290/1408
[2025-05-26 22:57:59.874] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 22:57:59.874] File: c6e2ef30a86baa670590bd21acf5b91822117e0cbe6060060bc5fe0182dace99.exe
[2025-05-26 22:57:59.874] Path: D:\new\ransomware_high_confidence\blackmatter\c6e2ef30a86baa670590bd21acf5b91822117e0cbe6060060bc5fe0182dace99.exe
[2025-05-26 22:57:59.874] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\c6e2ef30a86baa670590bd21acf5b91822117e0cbe6060060bc5fe0182dace99.exe
[2025-05-26 22:57:59.874] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 22:58:01.518] Restoring snapshot 35 done
[2025-05-26 22:58:01.518] Starting up VM
[2025-05-26 22:58:07.369] Starting up VM done
[2025-05-26 22:58:07.370] Installing kernel driver
[2025-05-26 22:58:07.370] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 22:58:11.778] Kernel driver installation completed
[2025-05-26 22:58:11.778] Starting GP driver service
[2025-05-26 22:58:11.778] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 22:58:14.936] GP driver service started
[2025-05-26 22:58:14.936] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\c6e2ef30a86baa670590bd21acf5b91822117e0cbe6060060bc5fe0182dace99.exe
[2025-05-26 22:58:14.937] Malware execution started
[2025-05-26 22:58:14.937] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 22:59:14.945] Taking screenshot
[2025-05-26 22:59:15.007] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:00:44.500] Powering off VM done
[2025-05-26 23:00:47.501] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:00:48.734] Restoring snapshot 35 done
[2025-05-26 23:00:48.734] Kernel telemetry analysis completed in 168.9 seconds.

[2025-05-26 23:00:48.734] ✅ Analysis completed successfully!
[2025-05-26 23:00:48.734] Progress: 20.6% (290/1408)
[2025-05-26 23:00:48.734] Successful: 290, Failed: 0
[2025-05-26 23:00:48.734] Time remaining: 41.9h
[2025-05-26 23:00:48.734] Waiting 5 seconds before next sample...
[2025-05-26 23:00:53.735] SAMPLE 291/1408
[2025-05-26 23:00:53.735] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 23:00:53.735] File: ccee26ea662c87a6c3171b091044282849cc8d46d4b9b9da6cf429b8114c4239.exe
[2025-05-26 23:00:53.735] Path: D:\new\ransomware_high_confidence\blackmatter\ccee26ea662c87a6c3171b091044282849cc8d46d4b9b9da6cf429b8114c4239.exe
[2025-05-26 23:00:53.735] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\ccee26ea662c87a6c3171b091044282849cc8d46d4b9b9da6cf429b8114c4239.exe
[2025-05-26 23:00:53.735] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:00:55.244] Restoring snapshot 35 done
[2025-05-26 23:00:55.244] Starting up VM
[2025-05-26 23:01:01.408] Starting up VM done
[2025-05-26 23:01:01.408] Installing kernel driver
[2025-05-26 23:01:01.408] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:01:05.441] Kernel driver installation completed
[2025-05-26 23:01:05.441] Starting GP driver service
[2025-05-26 23:01:05.441] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:01:08.594] GP driver service started
[2025-05-26 23:01:08.594] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\ccee26ea662c87a6c3171b091044282849cc8d46d4b9b9da6cf429b8114c4239.exe
[2025-05-26 23:01:08.594] Malware execution started
[2025-05-26 23:01:08.594] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:02:08.603] Taking screenshot
[2025-05-26 23:02:08.665] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:02:45.672] Powering off VM done
[2025-05-26 23:02:48.672] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:02:50.871] Restoring snapshot 35 done
[2025-05-26 23:02:50.871] Kernel telemetry analysis completed in 117.1 seconds.

[2025-05-26 23:02:50.871] ✅ Analysis completed successfully!
[2025-05-26 23:02:50.871] Progress: 20.7% (291/1408)
[2025-05-26 23:02:50.871] Successful: 291, Failed: 0
[2025-05-26 23:02:50.871] Time remaining: 41.8h
[2025-05-26 23:02:50.871] Waiting 5 seconds before next sample...
[2025-05-26 23:02:55.871] SAMPLE 292/1408
[2025-05-26 23:02:55.871] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 23:02:55.871] File: d4647619fa2dc8fef5560d1662cbee6eb7dc95298dd40edf12dd4c8ee902d767.exe
[2025-05-26 23:02:55.872] Path: D:\new\ransomware_high_confidence\blackmatter\d4647619fa2dc8fef5560d1662cbee6eb7dc95298dd40edf12dd4c8ee902d767.exe
[2025-05-26 23:02:55.872] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\d4647619fa2dc8fef5560d1662cbee6eb7dc95298dd40edf12dd4c8ee902d767.exe
[2025-05-26 23:02:55.872] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:02:57.426] Restoring snapshot 35 done
[2025-05-26 23:02:57.426] Starting up VM
[2025-05-26 23:03:03.466] Starting up VM done
[2025-05-26 23:03:03.466] Installing kernel driver
[2025-05-26 23:03:03.466] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:03:07.191] Kernel driver installation completed
[2025-05-26 23:03:07.191] Starting GP driver service
[2025-05-26 23:03:07.191] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:03:10.353] GP driver service started
[2025-05-26 23:03:10.353] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\d4647619fa2dc8fef5560d1662cbee6eb7dc95298dd40edf12dd4c8ee902d767.exe
[2025-05-26 23:03:10.354] Malware execution started
[2025-05-26 23:03:10.354] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:04:10.362] Taking screenshot
[2025-05-26 23:04:10.423] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:05:11.557] Powering off VM done
[2025-05-26 23:05:14.557] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:05:16.254] Restoring snapshot 35 done
[2025-05-26 23:05:16.254] Kernel telemetry analysis completed in 140.4 seconds.

[2025-05-26 23:05:16.254] ✅ Analysis completed successfully!
[2025-05-26 23:05:16.254] Progress: 20.7% (292/1408)
[2025-05-26 23:05:16.254] Successful: 292, Failed: 0
[2025-05-26 23:05:16.254] Time remaining: 41.8h
[2025-05-26 23:05:16.254] Waiting 5 seconds before next sample...
[2025-05-26 23:05:21.255] SAMPLE 293/1408
[2025-05-26 23:05:21.255] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 23:05:21.255] File: e4fd947a781611c85ea2e5afa51b186de7f351026c28eb067ad70028acd72cda.exe
[2025-05-26 23:05:21.255] Path: D:\new\ransomware_high_confidence\blackmatter\e4fd947a781611c85ea2e5afa51b186de7f351026c28eb067ad70028acd72cda.exe
[2025-05-26 23:05:21.255] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\e4fd947a781611c85ea2e5afa51b186de7f351026c28eb067ad70028acd72cda.exe
[2025-05-26 23:05:21.255] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:05:24.249] Restoring snapshot 35 done
[2025-05-26 23:05:24.249] Starting up VM
[2025-05-26 23:05:30.612] Starting up VM done
[2025-05-26 23:05:30.612] Installing kernel driver
[2025-05-26 23:05:30.612] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:05:34.992] Kernel driver installation completed
[2025-05-26 23:05:34.992] Starting GP driver service
[2025-05-26 23:05:34.992] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:05:38.142] GP driver service started
[2025-05-26 23:05:38.142] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\e4fd947a781611c85ea2e5afa51b186de7f351026c28eb067ad70028acd72cda.exe
[2025-05-26 23:05:38.142] Malware execution started
[2025-05-26 23:05:38.142] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:06:38.151] Taking screenshot
[2025-05-26 23:06:38.212] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:07:41.795] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:07:42.823] Restoring snapshot 35 done
[2025-05-26 23:07:42.823] Kernel telemetry analysis completed in 141.6 seconds.

[2025-05-26 23:07:42.823] ✅ Analysis completed successfully!
[2025-05-26 23:07:42.823] Progress: 20.8% (293/1408)
[2025-05-26 23:07:42.823] Successful: 293, Failed: 0
[2025-05-26 23:07:42.823] Time remaining: 41.7h
[2025-05-26 23:07:42.823] Waiting 5 seconds before next sample...
[2025-05-26 23:07:47.823] SAMPLE 294/1408
[2025-05-26 23:07:47.823] Family: D:\new\ransomware_high_confidence\blackmatter
[2025-05-26 23:07:47.823] File: fe2b2beeff98cae90f58a5b2f01dab31eaa98d274757a7dd9f70f4dc8432a6e2.exe
[2025-05-26 23:07:47.823] Path: D:\new\ransomware_high_confidence\blackmatter\fe2b2beeff98cae90f58a5b2f01dab31eaa98d274757a7dd9f70f4dc8432a6e2.exe
[2025-05-26 23:07:47.823] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\blackmatter\fe2b2beeff98cae90f58a5b2f01dab31eaa98d274757a7dd9f70f4dc8432a6e2.exe
[2025-05-26 23:07:47.823] Malware e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:07:49.514] Restoring snapshot 35 done
[2025-05-26 23:07:49.514] Starting up VM
[2025-05-26 23:07:55.678] Starting up VM done
[2025-05-26 23:07:55.678] Installing kernel driver
[2025-05-26 23:07:55.678] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:08:00.134] Kernel driver installation completed
[2025-05-26 23:08:00.134] Starting GP driver service
[2025-05-26 23:08:00.134] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:08:03.282] GP driver service started
[2025-05-26 23:08:03.282] Executing malware sample: D:\new\ransomware_high_confidence\blackmatter\fe2b2beeff98cae90f58a5b2f01dab31eaa98d274757a7dd9f70f4dc8432a6e2.exe
[2025-05-26 23:08:03.282] Malware execution started
[2025-05-26 23:08:03.282] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:09:03.290] Taking screenshot
[2025-05-26 23:09:03.351] Ta

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:09:58.629] Powering off VM done
[2025-05-26 23:10:01.629] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:10:02.950] Restoring snapshot 35 done
[2025-05-26 23:10:02.950] Kernel telemetry analysis completed in 135.1 seconds.

[2025-05-26 23:10:02.950] ✅ Analysis completed successfully!
[2025-05-26 23:10:02.950] Progress: 20.9% (294/1408)
[2025-05-26 23:10:02.950] Successful: 294, Failed: 0
[2025-05-26 23:10:02.950] Time remaining: 41.7h
[2025-05-26 23:10:02.950] Waiting 5 seconds before next sample...
[2025-05-26 23:10:07.950] SAMPLE 295/1408
[2025-05-26 23:10:07.950] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:10:07.950] File: 06ad123df8f3fcc6ca4785c0b52fc57e6e54f44e403fca2fdbd339580d3c53b0.exe
[2025-05-26 23:10:07.950] Path: D:\new\ransomware_high_confidence\bluesky\06ad123df8f3fcc6ca4785c0b52fc57e6e54f44e403fca2fdbd339580d3c53b0.exe
[2025-05-26 23:10:07.950] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\06ad123df8f3fcc6ca4785c0b52fc57e6e54f44e403fca2fdbd339580d3c53b0.exe
[2025-05-26 23:10:07.950] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:10:09.490] Restoring snapshot 35 done
[2025-05-26 23:10:09.490] Starting up VM
[2025-05-26 23:10:15.394] Starting up VM done
[2025-05-26 23:10:15.394] Installing kernel driver
[2025-05-26 23:10:15.394] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:10:19.605] Kernel driver installation completed
[2025-05-26 23:10:19.605] Starting GP driver service
[2025-05-26 23:10:19.605] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:10:22.763] GP driver service started
[2025-05-26 23:10:22.764] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\06ad123df8f3fcc6ca4785c0b52fc57e6e54f44e403fca2fdbd339580d3c53b0.exe
[2025-05-26 23:10:22.764] Malware execution started
[2025-05-26 23:10:22.764] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:11:22.772] Taking screenshot
[2025-05-26 23:11:22.835] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:11:47.616] Powering off VM done
[2025-05-26 23:11:50.617] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:11:52.049] Restoring snapshot 35 done
[2025-05-26 23:11:52.049] Kernel telemetry analysis completed in 104.1 seconds.

[2025-05-26 23:11:52.049] ✅ Analysis completed successfully!
[2025-05-26 23:11:52.049] Progress: 21.0% (295/1408)
[2025-05-26 23:11:52.049] Successful: 295, Failed: 0
[2025-05-26 23:11:52.049] Time remaining: 41.7h
[2025-05-26 23:11:52.049] Waiting 5 seconds before next sample...
[2025-05-26 23:11:57.049] SAMPLE 296/1408
[2025-05-26 23:11:57.049] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:11:57.049] File: 11ae63b3a7caac549374aaa3c7fea9cba7f23ae83118745fee0a4157f61156f2.exe
[2025-05-26 23:11:57.049] Path: D:\new\ransomware_high_confidence\bluesky\11ae63b3a7caac549374aaa3c7fea9cba7f23ae83118745fee0a4157f61156f2.exe
[2025-05-26 23:11:57.049] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\11ae63b3a7caac549374aaa3c7fea9cba7f23ae83118745fee0a4157f61156f2.exe
[2025-05-26 23:11:57.049] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:11:58.648] Restoring snapshot 35 done
[2025-05-26 23:11:58.648] Starting up VM
[2025-05-26 23:12:04.801] Starting up VM done
[2025-05-26 23:12:04.801] Installing kernel driver
[2025-05-26 23:12:04.801] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:12:09.213] Kernel driver installation completed
[2025-05-26 23:12:09.214] Starting GP driver service
[2025-05-26 23:12:09.214] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:12:12.372] GP driver service started
[2025-05-26 23:12:12.373] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\11ae63b3a7caac549374aaa3c7fea9cba7f23ae83118745fee0a4157f61156f2.exe
[2025-05-26 23:12:12.373] Malware execution started
[2025-05-26 23:12:12.373] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:13:12.382] Taking screenshot
[2025-05-26 23:13:12.445] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:14:33.251] Powering off VM done
[2025-05-26 23:14:36.252] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:14:37.193] Restoring snapshot 35 done
[2025-05-26 23:14:37.193] Kernel telemetry analysis completed in 160.1 seconds.

[2025-05-26 23:14:37.193] ✅ Analysis completed successfully!
[2025-05-26 23:14:37.193] Progress: 21.0% (296/1408)
[2025-05-26 23:14:37.193] Successful: 296, Failed: 0
[2025-05-26 23:14:37.193] Time remaining: 41.6h
[2025-05-26 23:14:37.194] Waiting 5 seconds before next sample...
[2025-05-26 23:14:42.194] SAMPLE 297/1408
[2025-05-26 23:14:42.194] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:14:42.194] File: 11e409f8b0799cd64c53d40ff10cbc639a1f85cd5ba6544fe42689a96302cc2e.exe
[2025-05-26 23:14:42.194] Path: D:\new\ransomware_high_confidence\bluesky\11e409f8b0799cd64c53d40ff10cbc639a1f85cd5ba6544fe42689a96302cc2e.exe
[2025-05-26 23:14:42.194] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\11e409f8b0799cd64c53d40ff10cbc639a1f85cd5ba6544fe42689a96302cc2e.exe
[2025-05-26 23:14:42.194] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:14:43.829] Restoring snapshot 35 done
[2025-05-26 23:14:43.829] Starting up VM
[2025-05-26 23:14:50.008] Starting up VM done
[2025-05-26 23:14:50.008] Installing kernel driver
[2025-05-26 23:14:50.008] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:14:54.584] Kernel driver installation completed
[2025-05-26 23:14:54.584] Starting GP driver service
[2025-05-26 23:14:54.584] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:14:57.731] GP driver service started
[2025-05-26 23:14:57.731] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\11e409f8b0799cd64c53d40ff10cbc639a1f85cd5ba6544fe42689a96302cc2e.exe
[2025-05-26 23:14:57.732] Malware execution started
[2025-05-26 23:14:57.732] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:15:57.740] Taking screenshot
[2025-05-26 23:15:57.804] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:16:20.734] Powering off VM done
[2025-05-26 23:16:23.734] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:16:24.441] Restoring snapshot 35 done
[2025-05-26 23:16:24.441] Kernel telemetry analysis completed in 102.2 seconds.

[2025-05-26 23:16:24.441] ✅ Analysis completed successfully!
[2025-05-26 23:16:24.441] Progress: 21.1% (297/1408)
[2025-05-26 23:16:24.441] Successful: 297, Failed: 0
[2025-05-26 23:16:24.441] Time remaining: 41.6h
[2025-05-26 23:16:24.441] Waiting 5 seconds before next sample...
[2025-05-26 23:16:29.441] SAMPLE 298/1408
[2025-05-26 23:16:29.441] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:16:29.441] File: 18329783ad51783d679aec6111ca171eb1176f8fa866949a5267009c14605aa6.exe
[2025-05-26 23:16:29.441] Path: D:\new\ransomware_high_confidence\bluesky\18329783ad51783d679aec6111ca171eb1176f8fa866949a5267009c14605aa6.exe
[2025-05-26 23:16:29.441] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\18329783ad51783d679aec6111ca171eb1176f8fa866949a5267009c14605aa6.exe
[2025-05-26 23:16:29.441] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:16:31.014] Restoring snapshot 35 done
[2025-05-26 23:16:31.014] Starting up VM
[2025-05-26 23:16:37.235] Starting up VM done
[2025-05-26 23:16:37.235] Installing kernel driver
[2025-05-26 23:16:37.235] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:16:41.448] Kernel driver installation completed
[2025-05-26 23:16:41.448] Starting GP driver service
[2025-05-26 23:16:41.448] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:16:44.601] GP driver service started
[2025-05-26 23:16:44.601] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\18329783ad51783d679aec6111ca171eb1176f8fa866949a5267009c14605aa6.exe
[2025-05-26 23:16:44.602] Malware execution started
[2025-05-26 23:16:44.602] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:17:44.610] Taking screenshot
[2025-05-26 23:17:44.672] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:18:45.557] Powering off VM done
[2025-05-26 23:18:48.557] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:18:49.868] Restoring snapshot 35 done
[2025-05-26 23:18:49.868] Kernel telemetry analysis completed in 140.4 seconds.

[2025-05-26 23:18:49.868] ✅ Analysis completed successfully!
[2025-05-26 23:18:49.868] Progress: 21.2% (298/1408)
[2025-05-26 23:18:49.868] Successful: 298, Failed: 0
[2025-05-26 23:18:49.868] Time remaining: 41.6h
[2025-05-26 23:18:49.868] Waiting 5 seconds before next sample...
[2025-05-26 23:18:54.868] SAMPLE 299/1408
[2025-05-26 23:18:54.868] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:18:54.868] File: 1b44b3e401f26547ee820bc0fe90904c55ec59d74e4385fe5bdd1826738fa9e6.exe
[2025-05-26 23:18:54.868] Path: D:\new\ransomware_high_confidence\bluesky\1b44b3e401f26547ee820bc0fe90904c55ec59d74e4385fe5bdd1826738fa9e6.exe
[2025-05-26 23:18:54.868] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\1b44b3e401f26547ee820bc0fe90904c55ec59d74e4385fe5bdd1826738fa9e6.exe
[2025-05-26 23:18:54.868] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:18:56.759] Restoring snapshot 35 done
[2025-05-26 23:18:56.759] Starting up VM
[2025-05-26 23:19:02.527] Starting up VM done
[2025-05-26 23:19:02.528] Installing kernel driver
[2025-05-26 23:19:02.528] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:19:06.227] Kernel driver installation completed
[2025-05-26 23:19:06.227] Starting GP driver service
[2025-05-26 23:19:06.227] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:19:09.381] GP driver service started
[2025-05-26 23:19:09.381] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\1b44b3e401f26547ee820bc0fe90904c55ec59d74e4385fe5bdd1826738fa9e6.exe
[2025-05-26 23:19:09.381] Malware execution started
[2025-05-26 23:19:09.381] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:20:09.390] Taking screenshot
[2025-05-26 23:20:09.452] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:20:49.218] Powering off VM done
[2025-05-26 23:20:52.219] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:20:53.656] Restoring snapshot 35 done
[2025-05-26 23:20:53.657] Kernel telemetry analysis completed in 118.8 seconds.

[2025-05-26 23:20:53.657] ✅ Analysis completed successfully!
[2025-05-26 23:20:53.657] Progress: 21.2% (299/1408)
[2025-05-26 23:20:53.657] Successful: 299, Failed: 0
[2025-05-26 23:20:53.657] Time remaining: 41.5h
[2025-05-26 23:20:53.657] Waiting 5 seconds before next sample...
[2025-05-26 23:20:58.657] SAMPLE 300/1408
[2025-05-26 23:20:58.657] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:20:58.657] File: 2176a3cdf5db56f5dcab475f362d459d4b2b3dafc3c146caaf3100009d0c8a5f.exe
[2025-05-26 23:20:58.657] Path: D:\new\ransomware_high_confidence\bluesky\2176a3cdf5db56f5dcab475f362d459d4b2b3dafc3c146caaf3100009d0c8a5f.exe
[2025-05-26 23:20:58.657] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\2176a3cdf5db56f5dcab475f362d459d4b2b3dafc3c146caaf3100009d0c8a5f.exe
[2025-05-26 23:20:58.657] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:21:00.036] Restoring snapshot 35 done
[2025-05-26 23:21:00.036] Starting up VM
[2025-05-26 23:21:06.574] Starting up VM done
[2025-05-26 23:21:06.574] Installing kernel driver
[2025-05-26 23:21:06.574] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:21:10.953] Kernel driver installation completed
[2025-05-26 23:21:10.953] Starting GP driver service
[2025-05-26 23:21:10.953] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:21:14.104] GP driver service started
[2025-05-26 23:21:14.104] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\2176a3cdf5db56f5dcab475f362d459d4b2b3dafc3c146caaf3100009d0c8a5f.exe
[2025-05-26 23:21:14.105] Malware execution started
[2025-05-26 23:21:14.105] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:22:14.113] Taking screenshot
[2025-05-26 23:22:14.174] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:23:02.885] Powering off VM done
[2025-05-26 23:23:05.885] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:23:07.212] Restoring snapshot 35 done
[2025-05-26 23:23:07.212] Kernel telemetry analysis completed in 128.6 seconds.

[2025-05-26 23:23:07.212] ✅ Analysis completed successfully!
[2025-05-26 23:23:07.212] Progress: 21.3% (300/1408)
[2025-05-26 23:23:07.212] Successful: 300, Failed: 0
[2025-05-26 23:23:07.212] Time remaining: 41.5h
[2025-05-26 23:23:07.212] Waiting 5 seconds before next sample...
[2025-05-26 23:23:12.212] SAMPLE 301/1408
[2025-05-26 23:23:12.212] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:23:12.212] File: 2280898cb29faf1785e782596d8029cb471537ec38352e5c17cc263f1f52b8ef.exe
[2025-05-26 23:23:12.212] Path: D:\new\ransomware_high_confidence\bluesky\2280898cb29faf1785e782596d8029cb471537ec38352e5c17cc263f1f52b8ef.exe
[2025-05-26 23:23:12.212] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\2280898cb29faf1785e782596d8029cb471537ec38352e5c17cc263f1f52b8ef.exe
[2025-05-26 23:23:12.212] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:23:14.093] Restoring snapshot 35 done
[2025-05-26 23:23:14.093] Starting up VM
[2025-05-26 23:23:20.560] Starting up VM done
[2025-05-26 23:23:20.560] Installing kernel driver
[2025-05-26 23:23:20.560] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:23:24.365] Kernel driver installation completed
[2025-05-26 23:23:24.365] Starting GP driver service
[2025-05-26 23:23:24.365] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:23:27.516] GP driver service started
[2025-05-26 23:23:27.516] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\2280898cb29faf1785e782596d8029cb471537ec38352e5c17cc263f1f52b8ef.exe
[2025-05-26 23:23:27.517] Malware execution started
[2025-05-26 23:23:27.517] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:24:27.525] Taking screenshot
[2025-05-26 23:24:27.587] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:24:54.578] Powering off VM done
[2025-05-26 23:24:57.579] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:24:58.869] Restoring snapshot 35 done
[2025-05-26 23:24:58.869] Kernel telemetry analysis completed in 106.7 seconds.

[2025-05-26 23:24:58.869] ✅ Analysis completed successfully!
[2025-05-26 23:24:58.869] Progress: 21.4% (301/1408)
[2025-05-26 23:24:58.869] Successful: 301, Failed: 0
[2025-05-26 23:24:58.869] Time remaining: 41.4h
[2025-05-26 23:24:58.869] Waiting 5 seconds before next sample...
[2025-05-26 23:25:03.869] SAMPLE 302/1408
[2025-05-26 23:25:03.869] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:25:03.869] File: 22a020af0e4be83dea45c0700d065d9ae64630748c02b58397f6c6d91c3efb0d.exe
[2025-05-26 23:25:03.869] Path: D:\new\ransomware_high_confidence\bluesky\22a020af0e4be83dea45c0700d065d9ae64630748c02b58397f6c6d91c3efb0d.exe
[2025-05-26 23:25:03.869] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\22a020af0e4be83dea45c0700d065d9ae64630748c02b58397f6c6d91c3efb0d.exe
[2025-05-26 23:25:03.869] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:25:05.728] Restoring snapshot 35 done
[2025-05-26 23:25:05.728] Starting up VM
[2025-05-26 23:25:12.239] Starting up VM done
[2025-05-26 23:25:12.239] Installing kernel driver
[2025-05-26 23:25:12.239] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:25:15.849] Kernel driver installation completed
[2025-05-26 23:25:15.850] Starting GP driver service
[2025-05-26 23:25:15.850] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:25:18.999] GP driver service started
[2025-05-26 23:25:18.999] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\22a020af0e4be83dea45c0700d065d9ae64630748c02b58397f6c6d91c3efb0d.exe
[2025-05-26 23:25:18.000] Malware execution started
[2025-05-26 23:25:18.000] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:26:19.007] Taking screenshot
[2025-05-26 23:26:19.070] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:26:56.310] Powering off VM done
[2025-05-26 23:26:59.310] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:27:00.976] Restoring snapshot 35 done
[2025-05-26 23:27:00.976] Kernel telemetry analysis completed in 117.1 seconds.

[2025-05-26 23:27:00.976] ✅ Analysis completed successfully!
[2025-05-26 23:27:00.976] Progress: 21.4% (302/1408)
[2025-05-26 23:27:00.976] Successful: 302, Failed: 0
[2025-05-26 23:27:00.976] Time remaining: 41.4h
[2025-05-26 23:27:00.976] Waiting 5 seconds before next sample...
[2025-05-26 23:27:05.976] SAMPLE 303/1408
[2025-05-26 23:27:05.976] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:27:05.976] File: 2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe
[2025-05-26 23:27:05.976] Path: D:\new\ransomware_high_confidence\bluesky\2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe
[2025-05-26 23:27:05.976] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe
[2025-05-26 23:27:05.976] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:27:07.632] Restoring snapshot 35 done
[2025-05-26 23:27:07.632] Starting up VM
[2025-05-26 23:27:13.584] Starting up VM done
[2025-05-26 23:27:13.584] Installing kernel driver
[2025-05-26 23:27:13.584] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:27:18.019] Kernel driver installation completed
[2025-05-26 23:27:18.019] Starting GP driver service
[2025-05-26 23:27:18.019] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:27:21.172] GP driver service started
[2025-05-26 23:27:21.173] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe
[2025-05-26 23:27:21.173] Malware execution started
[2025-05-26 23:27:21.173] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:28:21.181] Taking screenshot
[2025-05-26 23:28:21.243] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:29:12.684] Powering off VM done
[2025-05-26 23:29:15.684] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:29:17.292] Restoring snapshot 35 done
[2025-05-26 23:29:17.292] Kernel telemetry analysis completed in 131.3 seconds.

[2025-05-26 23:29:17.292] ✅ Analysis completed successfully!
[2025-05-26 23:29:17.292] Progress: 21.5% (303/1408)
[2025-05-26 23:29:17.292] Successful: 303, Failed: 0
[2025-05-26 23:29:17.292] Time remaining: 41.3h
[2025-05-26 23:29:17.292] Waiting 5 seconds before next sample...
[2025-05-26 23:29:22.292] SAMPLE 304/1408
[2025-05-26 23:29:22.292] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:29:22.292] File: 311dc38f619f40f06bee5157119ab4b93684924f53e4ff2da34412f9dac111a4.exe
[2025-05-26 23:29:22.292] Path: D:\new\ransomware_high_confidence\bluesky\311dc38f619f40f06bee5157119ab4b93684924f53e4ff2da34412f9dac111a4.exe
[2025-05-26 23:29:22.293] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\311dc38f619f40f06bee5157119ab4b93684924f53e4ff2da34412f9dac111a4.exe
[2025-05-26 23:29:22.293] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:29:23.845] Restoring snapshot 35 done
[2025-05-26 23:29:23.845] Starting up VM
[2025-05-26 23:29:30.219] Starting up VM done
[2025-05-26 23:29:30.219] Installing kernel driver
[2025-05-26 23:29:30.219] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:29:34.630] Kernel driver installation completed
[2025-05-26 23:29:34.630] Starting GP driver service
[2025-05-26 23:29:34.630] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:29:37.782] GP driver service started
[2025-05-26 23:29:37.782] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\311dc38f619f40f06bee5157119ab4b93684924f53e4ff2da34412f9dac111a4.exe
[2025-05-26 23:29:37.782] Malware execution started
[2025-05-26 23:29:37.782] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:30:37.791] Taking screenshot
[2025-05-26 23:30:37.854] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:30:55.163] Powering off VM done
[2025-05-26 23:30:58.163] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:30:59.901] Restoring snapshot 35 done
[2025-05-26 23:30:59.901] Kernel telemetry analysis completed in 97.6 seconds.

[2025-05-26 23:30:59.901] ✅ Analysis completed successfully!
[2025-05-26 23:30:59.901] Progress: 21.6% (304/1408)
[2025-05-26 23:30:59.901] Successful: 304, Failed: 0
[2025-05-26 23:30:59.901] Time remaining: 41.3h
[2025-05-26 23:30:59.901] Waiting 5 seconds before next sample...
[2025-05-26 23:31:04.901] SAMPLE 305/1408
[2025-05-26 23:31:04.901] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:31:04.901] File: 376fdb43699c90fd6cca2706c14827791137b3a753c7368a202de63f588fdb2f.exe
[2025-05-26 23:31:04.901] Path: D:\new\ransomware_high_confidence\bluesky\376fdb43699c90fd6cca2706c14827791137b3a753c7368a202de63f588fdb2f.exe
[2025-05-26 23:31:04.901] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\376fdb43699c90fd6cca2706c14827791137b3a753c7368a202de63f588fdb2f.exe
[2025-05-26 23:31:04.901] Malware execution time

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:31:06.441] Restoring snapshot 35 done
[2025-05-26 23:31:06.441] Starting up VM
[2025-05-26 23:31:12.805] Starting up VM done
[2025-05-26 23:31:12.805] Installing kernel driver
[2025-05-26 23:31:12.805] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:31:17.167] Kernel driver installation completed
[2025-05-26 23:31:17.167] Starting GP driver service
[2025-05-26 23:31:17.167] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:31:20.320] GP driver service started
[2025-05-26 23:31:20.320] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\376fdb43699c90fd6cca2706c14827791137b3a753c7368a202de63f588fdb2f.exe
[2025-05-26 23:31:20.321] Malware execution started
[2025-05-26 23:31:20.321] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:32:20.329] Taking screenshot
[2025-05-26 23:32:20.392] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:32:36.718] Powering off VM done
[2025-05-26 23:32:39.719] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:32:41.247] Restoring snapshot 35 done
[2025-05-26 23:32:41.247] Kernel telemetry analysis completed in 96.3 seconds.

[2025-05-26 23:32:41.247] ✅ Analysis completed successfully!
[2025-05-26 23:32:41.247] Progress: 21.7% (305/1408)
[2025-05-26 23:32:41.247] Successful: 305, Failed: 0
[2025-05-26 23:32:41.247] Time remaining: 41.2h
[2025-05-26 23:32:41.247] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-26 23:32:46.247] SAMPLE 306/1408
[2025-05-26 23:32:46.247] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:32:46.247] File: 38478119e3344e735cf60442e7528db63046a543a5f422db8f946b2c2693d19a.exe
[2025-05-26 23:32:46.247] Path: D:\new\ransomware_high_confidence\bluesky\38478119e3344e735cf60442e7528db63046a543a5f422db8f946b2c2693d19a.exe
[2025-05-26 23:32:46.248] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\38478119e3344e735cf60442e7528db63046a543a5f422db8f946b2c2693d19a.exe
[2025-05-26 23:32:46.248] Malware execution time: 60 seconds
[2025-05-26 23:32:46.248] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:32:46.708] Restoring snapshot 35 done
[2025-05-26 23:32:46.708] Starting up VM
[2025-05-26 23:32:53.043] Starting up VM done
[2025-05-26 23:32:53.043] Installing kernel driver
[2025-05-26 23:32:53.043] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:32:57.442] Kernel driver installation completed
[2025-05-26 23:32:57.442] Starting GP driver service
[2025-05-26 23:32:57.442] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:33:00.589] GP driver service started
[2025-05-26 23:33:00.589] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\38478119e3344e735cf60442e7528db63046a543a5f422db8f946b2c2693d19a.exe
[2025-05-26 23:33:00.589] Malware execution started
[2025-05-26 23:33:00.589] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:34:00.598] Taking screenshot
[2025-05-26 23:34:00.661] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:34:20.122] Powering off VM done
[2025-05-26 23:34:23.123] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:34:24.549] Restoring snapshot 35 done
[2025-05-26 23:34:24.549] Kernel telemetry analysis completed in 98.3 seconds.

[2025-05-26 23:34:24.549] ✅ Analysis completed successfully!
[2025-05-26 23:34:24.549] Progress: 21.7% (306/1408)
[2025-05-26 23:34:24.549] Successful: 306, Failed: 0
[2025-05-26 23:34:24.549] Time remaining: 41.1h
[2025-05-26 23:34:24.549] Waiting 5 seconds before next sample...
[2025-05-26 23:34:29.549] SAMPLE 307/1408
[2025-05-26 23:34:29.549] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:34:29.549] File: 3e035f2d7d30869ce53171ef5a0f761bfb9c14d94d9fe6da385e20b8d96dc2fb.exe
[2025-05-26 23:34:29.549] Path: D:\new\ransomware_high_confidence\bluesky\3e035f2d7d30869ce53171ef5a0f761bfb9c14d94d9fe6da385e20b8d96dc2fb.exe
[2025-05-26 23:34:29.549] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\3e035f2d7d30869ce53171ef5a0f761bfb9c14d94d9fe6da385e20b8d96dc2fb.exe
[2025-05-26 23:34:29.549] Malware execution time

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:34:31.076] Restoring snapshot 35 done
[2025-05-26 23:34:31.076] Starting up VM
[2025-05-26 23:34:37.404] Starting up VM done
[2025-05-26 23:34:37.404] Installing kernel driver
[2025-05-26 23:34:37.404] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:34:41.498] Kernel driver installation completed
[2025-05-26 23:34:41.498] Starting GP driver service
[2025-05-26 23:34:41.498] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:34:44.657] GP driver service started
[2025-05-26 23:34:44.657] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\3e035f2d7d30869ce53171ef5a0f761bfb9c14d94d9fe6da385e20b8d96dc2fb.exe
[2025-05-26 23:34:44.658] Malware execution started
[2025-05-26 23:34:44.658] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:35:44.666] Taking screenshot
[2025-05-26 23:35:44.730] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:36:49.594] Powering off VM done
[2025-05-26 23:36:52.595] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:36:53.628] Restoring snapshot 35 done
[2025-05-26 23:36:53.628] Kernel telemetry analysis completed in 144.1 seconds.

[2025-05-26 23:36:53.628] ✅ Analysis completed successfully!
[2025-05-26 23:36:53.628] Progress: 21.8% (307/1408)
[2025-05-26 23:36:53.628] Successful: 307, Failed: 0
[2025-05-26 23:36:53.628] Time remaining: 41.1h
[2025-05-26 23:36:53.628] Waiting 5 seconds before next sample...
[2025-05-26 23:36:58.628] SAMPLE 308/1408
[2025-05-26 23:36:58.628] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:36:58.628] File: 47971a5a44f487f341d482fdcb91271a2aea4d3eee7191c69568690d2fe9f251.exe
[2025-05-26 23:36:58.628] Path: D:\new\ransomware_high_confidence\bluesky\47971a5a44f487f341d482fdcb91271a2aea4d3eee7191c69568690d2fe9f251.exe
[2025-05-26 23:36:58.628] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\47971a5a44f487f341d482fdcb91271a2aea4d3eee7191c69568690d2fe9f251.exe
[2025-05-26 23:36:58.628] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:37:00.574] Restoring snapshot 35 done
[2025-05-26 23:37:00.574] Starting up VM
[2025-05-26 23:37:07.209] Starting up VM done
[2025-05-26 23:37:07.210] Installing kernel driver
[2025-05-26 23:37:07.210] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:37:10.985] Kernel driver installation completed
[2025-05-26 23:37:10.985] Starting GP driver service
[2025-05-26 23:37:10.985] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:37:14.133] GP driver service started
[2025-05-26 23:37:14.133] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\47971a5a44f487f341d482fdcb91271a2aea4d3eee7191c69568690d2fe9f251.exe
[2025-05-26 23:37:14.133] Malware execution started
[2025-05-26 23:37:14.133] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:38:14.141] Taking screenshot
[2025-05-26 23:38:14.203] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:39:12.195] Powering off VM done
[2025-05-26 23:39:15.195] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:39:16.327] Restoring snapshot 35 done
[2025-05-26 23:39:16.327] Kernel telemetry analysis completed in 137.7 seconds.

[2025-05-26 23:39:16.327] ✅ Analysis completed successfully!
[2025-05-26 23:39:16.327] Progress: 21.9% (308/1408)
[2025-05-26 23:39:16.327] Successful: 308, Failed: 0
[2025-05-26 23:39:16.327] Time remaining: 41.1h
[2025-05-26 23:39:16.327] Waiting 5 seconds before next sample...
[2025-05-26 23:39:21.327] SAMPLE 309/1408
[2025-05-26 23:39:21.327] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:39:21.327] File: 4c752131e47710d47dd0084a22ac03cd5924eb617e97cf895159ae03d86f561e.exe
[2025-05-26 23:39:21.327] Path: D:\new\ransomware_high_confidence\bluesky\4c752131e47710d47dd0084a22ac03cd5924eb617e97cf895159ae03d86f561e.exe
[2025-05-26 23:39:21.327] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\4c752131e47710d47dd0084a22ac03cd5924eb617e97cf895159ae03d86f561e.exe
[2025-05-26 23:39:21.327] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:39:22.902] Restoring snapshot 35 done
[2025-05-26 23:39:22.902] Starting up VM
[2025-05-26 23:39:29.320] Starting up VM done
[2025-05-26 23:39:29.320] Installing kernel driver
[2025-05-26 23:39:29.320] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:39:33.592] Kernel driver installation completed
[2025-05-26 23:39:33.592] Starting GP driver service
[2025-05-26 23:39:33.592] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:39:36.746] GP driver service started
[2025-05-26 23:39:36.747] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\4c752131e47710d47dd0084a22ac03cd5924eb617e97cf895159ae03d86f561e.exe
[2025-05-26 23:39:36.747] Malware execution started
[2025-05-26 23:39:36.747] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:40:36.755] Taking screenshot
[2025-05-26 23:40:36.818] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:41:41.868] Powering off VM done
[2025-05-26 23:41:44.868] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:41:46.422] Restoring snapshot 35 done
[2025-05-26 23:41:46.422] Kernel telemetry analysis completed in 145.1 seconds.

[2025-05-26 23:41:46.422] ✅ Analysis completed successfully!
[2025-05-26 23:41:46.422] Progress: 21.9% (309/1408)
[2025-05-26 23:41:46.422] Successful: 309, Failed: 0
[2025-05-26 23:41:46.422] Time remaining: 41.0h
[2025-05-26 23:41:46.422] Waiting 5 seconds before next sample...
[2025-05-26 23:41:51.422] SAMPLE 310/1408
[2025-05-26 23:41:51.422] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:41:51.422] File: 4fd0c22d92f8bf7a062497867a802bdbab4c802ac10c8b529fe7f896e7517492.exe
[2025-05-26 23:41:51.422] Path: D:\new\ransomware_high_confidence\bluesky\4fd0c22d92f8bf7a062497867a802bdbab4c802ac10c8b529fe7f896e7517492.exe
[2025-05-26 23:41:51.423] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\4fd0c22d92f8bf7a062497867a802bdbab4c802ac10c8b529fe7f896e7517492.exe
[2025-05-26 23:41:51.423] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:41:52.875] Restoring snapshot 35 done
[2025-05-26 23:41:52.876] Starting up VM
[2025-05-26 23:41:59.707] Starting up VM done
[2025-05-26 23:41:59.707] Installing kernel driver
[2025-05-26 23:41:59.707] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:42:04.027] Kernel driver installation completed
[2025-05-26 23:42:04.028] Starting GP driver service
[2025-05-26 23:42:04.028] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:42:07.189] GP driver service started
[2025-05-26 23:42:07.190] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\4fd0c22d92f8bf7a062497867a802bdbab4c802ac10c8b529fe7f896e7517492.exe
[2025-05-26 23:42:07.190] Malware execution started
[2025-05-26 23:42:07.190] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:43:07.198] Taking screenshot
[2025-05-26 23:43:07.260] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:43:36.578] Powering off VM done
[2025-05-26 23:43:39.578] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:43:41.073] Restoring snapshot 35 done
[2025-05-26 23:43:41.073] Kernel telemetry analysis completed in 109.7 seconds.

[2025-05-26 23:43:41.073] ✅ Analysis completed successfully!
[2025-05-26 23:43:41.073] Progress: 22.0% (310/1408)
[2025-05-26 23:43:41.073] Successful: 310, Failed: 0
[2025-05-26 23:43:41.073] Time remaining: 41.0h
[2025-05-26 23:43:41.073] Waiting 5 seconds before next sample...
[2025-05-26 23:43:46.074] SAMPLE 311/1408
[2025-05-26 23:43:46.074] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:43:46.074] File: 6e1057e52d296655f932b8a9da7302b31379ce5b9ba4cc32ed3af4c15c7adcf0.exe
[2025-05-26 23:43:46.074] Path: D:\new\ransomware_high_confidence\bluesky\6e1057e52d296655f932b8a9da7302b31379ce5b9ba4cc32ed3af4c15c7adcf0.exe
[2025-05-26 23:43:46.074] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\6e1057e52d296655f932b8a9da7302b31379ce5b9ba4cc32ed3af4c15c7adcf0.exe
[2025-05-26 23:43:46.074] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:43:47.621] Restoring snapshot 35 done
[2025-05-26 23:43:47.621] Starting up VM
[2025-05-26 23:43:53.750] Starting up VM done
[2025-05-26 23:43:53.750] Installing kernel driver
[2025-05-26 23:43:53.750] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:43:58.160] Kernel driver installation completed
[2025-05-26 23:43:58.160] Starting GP driver service
[2025-05-26 23:43:58.160] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:44:01.307] GP driver service started
[2025-05-26 23:44:01.307] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\6e1057e52d296655f932b8a9da7302b31379ce5b9ba4cc32ed3af4c15c7adcf0.exe
[2025-05-26 23:44:01.307] Malware execution started
[2025-05-26 23:44:01.307] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:45:01.316] Taking screenshot
[2025-05-26 23:45:01.378] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:46:38.390] Powering off VM done
[2025-05-26 23:46:41.390] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:46:42.786] Restoring snapshot 35 done
[2025-05-26 23:46:42.786] Kernel telemetry analysis completed in 176.7 seconds.

[2025-05-26 23:46:42.786] ✅ Analysis completed successfully!
[2025-05-26 23:46:42.786] Progress: 22.1% (311/1408)
[2025-05-26 23:46:42.786] Successful: 311, Failed: 0
[2025-05-26 23:46:42.786] Time remaining: 41.0h
[2025-05-26 23:46:42.786] Waiting 5 seconds before next sample...
[2025-05-26 23:46:47.786] SAMPLE 312/1408
[2025-05-26 23:46:47.786] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:46:47.786] File: 840af927adbfdeb7070e1cf73ed195cf48c8d5f35b6de12f58b73898d7056d3d.exe
[2025-05-26 23:46:47.786] Path: D:\new\ransomware_high_confidence\bluesky\840af927adbfdeb7070e1cf73ed195cf48c8d5f35b6de12f58b73898d7056d3d.exe
[2025-05-26 23:46:47.786] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\840af927adbfdeb7070e1cf73ed195cf48c8d5f35b6de12f58b73898d7056d3d.exe
[2025-05-26 23:46:47.786] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:46:49.335] Restoring snapshot 35 done
[2025-05-26 23:46:49.335] Starting up VM
[2025-05-26 23:46:55.266] Starting up VM done
[2025-05-26 23:46:55.266] Installing kernel driver
[2025-05-26 23:46:55.266] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:46:59.723] Kernel driver installation completed
[2025-05-26 23:46:59.723] Starting GP driver service
[2025-05-26 23:46:59.723] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:47:02.872] GP driver service started
[2025-05-26 23:47:02.873] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\840af927adbfdeb7070e1cf73ed195cf48c8d5f35b6de12f58b73898d7056d3d.exe
[2025-05-26 23:47:02.873] Malware execution started
[2025-05-26 23:47:02.873] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:48:02.881] Taking screenshot
[2025-05-26 23:48:02.944] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:49:18.154] Powering off VM done
[2025-05-26 23:49:21.154] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:49:22.385] Restoring snapshot 35 done
[2025-05-26 23:49:22.385] Kernel telemetry analysis completed in 154.6 seconds.

[2025-05-26 23:49:22.385] ✅ Analysis completed successfully!
[2025-05-26 23:49:22.385] Progress: 22.2% (312/1408)
[2025-05-26 23:49:22.385] Successful: 312, Failed: 0
[2025-05-26 23:49:22.385] Time remaining: 41.0h
[2025-05-26 23:49:22.385] Waiting 5 seconds before next sample...
[2025-05-26 23:49:27.385] SAMPLE 313/1408
[2025-05-26 23:49:27.385] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:49:27.385] File: 8dfd7ee796dd98daefbc1458a34f0460ebd8508df319d44ab48f4cbc579a7f09.exe
[2025-05-26 23:49:27.385] Path: D:\new\ransomware_high_confidence\bluesky\8dfd7ee796dd98daefbc1458a34f0460ebd8508df319d44ab48f4cbc579a7f09.exe
[2025-05-26 23:49:27.385] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\8dfd7ee796dd98daefbc1458a34f0460ebd8508df319d44ab48f4cbc579a7f09.exe
[2025-05-26 23:49:27.385] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:49:28.939] Restoring snapshot 35 done
[2025-05-26 23:49:28.939] Starting up VM
[2025-05-26 23:49:34.875] Starting up VM done
[2025-05-26 23:49:34.875] Installing kernel driver
[2025-05-26 23:49:34.875] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:49:39.466] Kernel driver installation completed
[2025-05-26 23:49:39.466] Starting GP driver service
[2025-05-26 23:49:39.466] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:49:42.614] GP driver service started
[2025-05-26 23:49:42.615] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\8dfd7ee796dd98daefbc1458a34f0460ebd8508df319d44ab48f4cbc579a7f09.exe
[2025-05-26 23:49:42.615] Malware execution started
[2025-05-26 23:49:42.615] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:50:42.623] Taking screenshot
[2025-05-26 23:50:42.689] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:51:56.128] Powering off VM done
[2025-05-26 23:51:59.129] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:52:00.352] Restoring snapshot 35 done
[2025-05-26 23:52:00.352] Kernel telemetry analysis completed in 153.0 seconds.

[2025-05-26 23:52:00.352] ✅ Analysis completed successfully!
[2025-05-26 23:52:00.352] Progress: 22.2% (313/1408)
[2025-05-26 23:52:00.352] Successful: 313, Failed: 0
[2025-05-26 23:52:00.352] Time remaining: 41.0h
[2025-05-26 23:52:00.352] Waiting 5 seconds before next sample...
[2025-05-26 23:52:05.352] SAMPLE 314/1408
[2025-05-26 23:52:05.352] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:52:05.352] File: 905de085d2a9ebf553e3325eb9c878b9855f85c10f77e80c46519056658d6bab.exe
[2025-05-26 23:52:05.352] Path: D:\new\ransomware_high_confidence\bluesky\905de085d2a9ebf553e3325eb9c878b9855f85c10f77e80c46519056658d6bab.exe
[2025-05-26 23:52:05.352] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\905de085d2a9ebf553e3325eb9c878b9855f85c10f77e80c46519056658d6bab.exe
[2025-05-26 23:52:05.352] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:52:06.893] Restoring snapshot 35 done
[2025-05-26 23:52:06.893] Starting up VM
[2025-05-26 23:52:13.564] Starting up VM done
[2025-05-26 23:52:13.564] Installing kernel driver
[2025-05-26 23:52:13.564] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:52:17.821] Kernel driver installation completed
[2025-05-26 23:52:17.822] Starting GP driver service
[2025-05-26 23:52:17.822] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:52:20.976] GP driver service started
[2025-05-26 23:52:20.976] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\905de085d2a9ebf553e3325eb9c878b9855f85c10f77e80c46519056658d6bab.exe
[2025-05-26 23:52:20.977] Malware execution started
[2025-05-26 23:52:20.977] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:53:20.984] Taking screenshot
[2025-05-26 23:53:21.050] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:54:26.732] Powering off VM done
[2025-05-26 23:54:29.732] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:54:31.307] Restoring snapshot 35 done
[2025-05-26 23:54:31.307] Kernel telemetry analysis completed in 146.0 seconds.

[2025-05-26 23:54:31.307] ✅ Analysis completed successfully!
[2025-05-26 23:54:31.307] Progress: 22.3% (314/1408)
[2025-05-26 23:54:31.307] Successful: 314, Failed: 0
[2025-05-26 23:54:31.307] Time remaining: 40.9h
[2025-05-26 23:54:31.307] Waiting 5 seconds before next sample...
[2025-05-26 23:54:36.307] SAMPLE 315/1408
[2025-05-26 23:54:36.307] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:54:36.307] File: 91795d3e8925e647444eb383e52cdc5046db10fa320afc817fab29b085e7d76f.exe
[2025-05-26 23:54:36.307] Path: D:\new\ransomware_high_confidence\bluesky\91795d3e8925e647444eb383e52cdc5046db10fa320afc817fab29b085e7d76f.exe
[2025-05-26 23:54:36.307] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\91795d3e8925e647444eb383e52cdc5046db10fa320afc817fab29b085e7d76f.exe
[2025-05-26 23:54:36.307] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:54:37.810] Restoring snapshot 35 done
[2025-05-26 23:54:37.810] Starting up VM
[2025-05-26 23:54:43.902] Starting up VM done
[2025-05-26 23:54:43.902] Installing kernel driver
[2025-05-26 23:54:43.902] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:54:47.646] Kernel driver installation completed
[2025-05-26 23:54:47.646] Starting GP driver service
[2025-05-26 23:54:47.647] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:54:50.796] GP driver service started
[2025-05-26 23:54:50.796] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\91795d3e8925e647444eb383e52cdc5046db10fa320afc817fab29b085e7d76f.exe
[2025-05-26 23:54:50.796] Malware execution started
[2025-05-26 23:54:50.796] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:55:50.804] Taking screenshot
[2025-05-26 23:55:50.866] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:57:04.132] Powering off VM done
[2025-05-26 23:57:07.133] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:57:08.166] Restoring snapshot 35 done
[2025-05-26 23:57:08.166] Kernel telemetry analysis completed in 151.9 seconds.

[2025-05-26 23:57:08.166] ✅ Analysis completed successfully!
[2025-05-26 23:57:08.166] Progress: 22.4% (315/1408)
[2025-05-26 23:57:08.166] Successful: 315, Failed: 0
[2025-05-26 23:57:08.166] Time remaining: 40.9h
[2025-05-26 23:57:08.166] Waiting 5 seconds before next sample...
[2025-05-26 23:57:13.167] SAMPLE 316/1408
[2025-05-26 23:57:13.167] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:57:13.167] File: 94733075d7ccdc9d770f71200e11f84c00b8a529182b504fb997e9b331470f9a.exe
[2025-05-26 23:57:13.167] Path: D:\new\ransomware_high_confidence\bluesky\94733075d7ccdc9d770f71200e11f84c00b8a529182b504fb997e9b331470f9a.exe
[2025-05-26 23:57:13.167] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\94733075d7ccdc9d770f71200e11f84c00b8a529182b504fb997e9b331470f9a.exe
[2025-05-26 23:57:13.167] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:57:14.987] Restoring snapshot 35 done
[2025-05-26 23:57:14.987] Starting up VM
[2025-05-26 23:57:21.352] Starting up VM done
[2025-05-26 23:57:21.352] Installing kernel driver
[2025-05-26 23:57:21.352] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:57:25.445] Kernel driver installation completed
[2025-05-26 23:57:25.445] Starting GP driver service
[2025-05-26 23:57:25.445] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:57:28.595] GP driver service started
[2025-05-26 23:57:28.596] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\94733075d7ccdc9d770f71200e11f84c00b8a529182b504fb997e9b331470f9a.exe
[2025-05-26 23:57:28.596] Malware execution started
[2025-05-26 23:57:28.596] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-26 23:58:28.604] Taking screenshot
[2025-05-26 23:58:28.666] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:58:58.741] Powering off VM done
[2025-05-26 23:59:01.742] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:59:03.915] Restoring snapshot 35 done
[2025-05-26 23:59:03.915] Kernel telemetry analysis completed in 110.7 seconds.

[2025-05-26 23:59:03.915] ✅ Analysis completed successfully!
[2025-05-26 23:59:03.915] Progress: 22.4% (316/1408)
[2025-05-26 23:59:03.915] Successful: 316, Failed: 0
[2025-05-26 23:59:03.915] Time remaining: 40.9h
[2025-05-26 23:59:03.915] Waiting 5 seconds before next sample...
[2025-05-26 23:59:08.915] SAMPLE 317/1408
[2025-05-26 23:59:08.915] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-26 23:59:08.915] File: 99828018b3af892707985f6a3f8c3d34ae1d1575fdefd7a05f1e6861181ec1b2.exe
[2025-05-26 23:59:08.915] Path: D:\new\ransomware_high_confidence\bluesky\99828018b3af892707985f6a3f8c3d34ae1d1575fdefd7a05f1e6861181ec1b2.exe
[2025-05-26 23:59:08.916] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\99828018b3af892707985f6a3f8c3d34ae1d1575fdefd7a05f1e6861181ec1b2.exe
[2025-05-26 23:59:08.916] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-26 23:59:10.755] Restoring snapshot 35 done
[2025-05-26 23:59:10.755] Starting up VM
[2025-05-26 23:59:17.280] Starting up VM done
[2025-05-26 23:59:17.281] Installing kernel driver
[2025-05-26 23:59:17.281] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-26 23:59:21.630] Kernel driver installation completed
[2025-05-26 23:59:21.630] Starting GP driver service
[2025-05-26 23:59:21.630] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-26 23:59:24.782] GP driver service started
[2025-05-26 23:59:24.782] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\99828018b3af892707985f6a3f8c3d34ae1d1575fdefd7a05f1e6861181ec1b2.exe
[2025-05-26 23:59:24.783] Malware execution started
[2025-05-26 23:59:24.783] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:00:24.791] Taking screenshot
[2025-05-27 00:00:24.852] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:01:23.150] Powering off VM done
[2025-05-27 00:01:26.150] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:01:27.639] Restoring snapshot 35 done
[2025-05-27 00:01:27.639] Kernel telemetry analysis completed in 138.7 seconds.

[2025-05-27 00:01:27.639] ✅ Analysis completed successfully!
[2025-05-27 00:01:27.639] Progress: 22.5% (317/1408)
[2025-05-27 00:01:27.639] Successful: 317, Failed: 0
[2025-05-27 00:01:27.639] Time remaining: 40.8h
[2025-05-27 00:01:27.639] Waiting 5 seconds before next sample...
[2025-05-27 00:01:32.639] SAMPLE 318/1408
[2025-05-27 00:01:32.639] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-27 00:01:32.639] File: 9e302bb7d1031c0b2a4ad6ec955e7d2c0ab9c0d18d56132029c4c6198b91384f.exe
[2025-05-27 00:01:32.639] Path: D:\new\ransomware_high_confidence\bluesky\9e302bb7d1031c0b2a4ad6ec955e7d2c0ab9c0d18d56132029c4c6198b91384f.exe
[2025-05-27 00:01:32.639] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\9e302bb7d1031c0b2a4ad6ec955e7d2c0ab9c0d18d56132029c4c6198b91384f.exe
[2025-05-27 00:01:32.639] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:01:34.504] Restoring snapshot 35 done
[2025-05-27 00:01:34.504] Starting up VM
[2025-05-27 00:01:40.759] Starting up VM done
[2025-05-27 00:01:40.760] Installing kernel driver
[2025-05-27 00:01:40.760] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:01:45.017] Kernel driver installation completed
[2025-05-27 00:01:45.017] Starting GP driver service
[2025-05-27 00:01:45.017] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:01:48.174] GP driver service started
[2025-05-27 00:01:48.175] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\9e302bb7d1031c0b2a4ad6ec955e7d2c0ab9c0d18d56132029c4c6198b91384f.exe
[2025-05-27 00:01:48.175] Malware execution started
[2025-05-27 00:01:48.175] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:02:48.183] Taking screenshot
[2025-05-27 00:02:48.244] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:03:56.961] Powering off VM done
[2025-05-27 00:03:59.961] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:04:01.195] Restoring snapshot 35 done
[2025-05-27 00:04:01.195] Kernel telemetry analysis completed in 148.6 seconds.

[2025-05-27 00:04:01.195] ✅ Analysis completed successfully!
[2025-05-27 00:04:01.195] Progress: 22.6% (318/1408)
[2025-05-27 00:04:01.195] Successful: 318, Failed: 0
[2025-05-27 00:04:01.195] Time remaining: 40.8h
[2025-05-27 00:04:01.195] Waiting 5 seconds before next sample...
[2025-05-27 00:04:06.195] SAMPLE 319/1408
[2025-05-27 00:04:06.195] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-27 00:04:06.195] File: afccc93c4122d7e63543fc342a4ba9319c4969797c0c3ed32b944b07c83aea16.exe
[2025-05-27 00:04:06.195] Path: D:\new\ransomware_high_confidence\bluesky\afccc93c4122d7e63543fc342a4ba9319c4969797c0c3ed32b944b07c83aea16.exe
[2025-05-27 00:04:06.196] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\afccc93c4122d7e63543fc342a4ba9319c4969797c0c3ed32b944b07c83aea16.exe
[2025-05-27 00:04:06.196] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:04:07.870] Restoring snapshot 35 done
[2025-05-27 00:04:07.870] Starting up VM
[2025-05-27 00:04:13.916] Starting up VM done
[2025-05-27 00:04:13.916] Installing kernel driver
[2025-05-27 00:04:13.916] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:04:18.538] Kernel driver installation completed
[2025-05-27 00:04:18.538] Starting GP driver service
[2025-05-27 00:04:18.538] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:04:21.693] GP driver service started
[2025-05-27 00:04:21.693] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\afccc93c4122d7e63543fc342a4ba9319c4969797c0c3ed32b944b07c83aea16.exe
[2025-05-27 00:04:21.694] Malware execution started
[2025-05-27 00:04:21.694] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:05:21.701] Taking screenshot
[2025-05-27 00:05:21.762] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:06:12.481] Powering off VM done
[2025-05-27 00:06:15.481] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:06:16.627] Restoring snapshot 35 done
[2025-05-27 00:06:16.627] Kernel telemetry analysis completed in 130.4 seconds.

[2025-05-27 00:06:16.627] ✅ Analysis completed successfully!
[2025-05-27 00:06:16.627] Progress: 22.7% (319/1408)
[2025-05-27 00:06:16.627] Successful: 319, Failed: 0
[2025-05-27 00:06:16.627] Time remaining: 40.8h
[2025-05-27 00:06:16.627] Waiting 5 seconds before next sample...
[2025-05-27 00:06:21.627] SAMPLE 320/1408
[2025-05-27 00:06:21.627] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-27 00:06:21.627] File: b39fcf37d9019cc92127ee82c03df5e37aa8238cd76cc6eca2e3d1e7e977fc26.exe
[2025-05-27 00:06:21.627] Path: D:\new\ransomware_high_confidence\bluesky\b39fcf37d9019cc92127ee82c03df5e37aa8238cd76cc6eca2e3d1e7e977fc26.exe
[2025-05-27 00:06:21.627] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\b39fcf37d9019cc92127ee82c03df5e37aa8238cd76cc6eca2e3d1e7e977fc26.exe
[2025-05-27 00:06:21.627] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:06:23.028] Restoring snapshot 35 done
[2025-05-27 00:06:23.028] Starting up VM
[2025-05-27 00:06:30.089] Starting up VM done
[2025-05-27 00:06:30.089] Installing kernel driver
[2025-05-27 00:06:30.089] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:06:34.482] Kernel driver installation completed
[2025-05-27 00:06:34.482] Starting GP driver service
[2025-05-27 00:06:34.482] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:06:37.667] GP driver service started
[2025-05-27 00:06:37.667] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\b39fcf37d9019cc92127ee82c03df5e37aa8238cd76cc6eca2e3d1e7e977fc26.exe
[2025-05-27 00:06:37.668] Malware execution started
[2025-05-27 00:06:37.668] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:07:37.676] Taking screenshot
[2025-05-27 00:07:37.740] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:07:56.483] Powering off VM done
[2025-05-27 00:07:59.483] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:08:00.757] Restoring snapshot 35 done
[2025-05-27 00:08:00.757] Kernel telemetry analysis completed in 99.1 seconds.

[2025-05-27 00:08:00.757] ✅ Analysis completed successfully!
[2025-05-27 00:08:00.757] Progress: 22.7% (320/1408)
[2025-05-27 00:08:00.757] Successful: 320, Failed: 0
[2025-05-27 00:08:00.757] Time remaining: 40.7h
[2025-05-27 00:08:00.757] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-27 00:08:05.757] SAMPLE 321/1408
[2025-05-27 00:08:05.757] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-27 00:08:05.757] File: b5b105751a2bf965a6b78eeff100fe4c75282ad6f37f98b9adcd15d8c64283ec.exe
[2025-05-27 00:08:05.757] Path: D:\new\ransomware_high_confidence\bluesky\b5b105751a2bf965a6b78eeff100fe4c75282ad6f37f98b9adcd15d8c64283ec.exe
[2025-05-27 00:08:05.757] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\b5b105751a2bf965a6b78eeff100fe4c75282ad6f37f98b9adcd15d8c64283ec.exe
[2025-05-27 00:08:05.757] Malware execution time: 60 seconds
[2025-05-27 00:08:05.757] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:08:07.459] Restoring snapshot 35 done
[2025-05-27 00:08:07.459] Starting up VM
[2025-05-27 00:08:13.892] Starting up VM done
[2025-05-27 00:08:13.893] Installing kernel driver
[2025-05-27 00:08:13.893] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:08:18.211] Kernel driver installation completed
[2025-05-27 00:08:18.212] Starting GP driver service
[2025-05-27 00:08:18.212] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:08:21.373] GP driver service started
[2025-05-27 00:08:21.373] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\b5b105751a2bf965a6b78eeff100fe4c75282ad6f37f98b9adcd15d8c64283ec.exe
[2025-05-27 00:08:21.374] Malware execution started
[2025-05-27 00:08:21.374] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:09:21.382] Taking screenshot
[2025-05-27 00:09:21.443] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:10:20.174] Powering off VM done
[2025-05-27 00:10:23.174] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:10:24.528] Restoring snapshot 35 done
[2025-05-27 00:10:24.528] Kernel telemetry analysis completed in 138.8 seconds.

[2025-05-27 00:10:24.528] ✅ Analysis completed successfully!
[2025-05-27 00:10:24.528] Progress: 22.8% (321/1408)
[2025-05-27 00:10:24.528] Successful: 321, Failed: 0
[2025-05-27 00:10:24.528] Time remaining: 40.7h
[2025-05-27 00:10:24.528] Waiting 5 seconds before next sample...
[2025-05-27 00:10:29.528] SAMPLE 322/1408
[2025-05-27 00:10:29.528] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-27 00:10:29.528] File: baaa0e49398ef681ef71e84a7a86dd2b78f36ac83785e0d9a061067ebaf8b006.exe
[2025-05-27 00:10:29.528] Path: D:\new\ransomware_high_confidence\bluesky\baaa0e49398ef681ef71e84a7a86dd2b78f36ac83785e0d9a061067ebaf8b006.exe
[2025-05-27 00:10:29.528] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\baaa0e49398ef681ef71e84a7a86dd2b78f36ac83785e0d9a061067ebaf8b006.exe
[2025-05-27 00:10:29.528] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:10:31.297] Restoring snapshot 35 done
[2025-05-27 00:10:31.297] Starting up VM
[2025-05-27 00:10:37.360] Starting up VM done
[2025-05-27 00:10:37.360] Installing kernel driver
[2025-05-27 00:10:37.360] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:10:41.743] Kernel driver installation completed
[2025-05-27 00:10:41.743] Starting GP driver service
[2025-05-27 00:10:41.743] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:10:44.896] GP driver service started
[2025-05-27 00:10:44.896] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\baaa0e49398ef681ef71e84a7a86dd2b78f36ac83785e0d9a061067ebaf8b006.exe
[2025-05-27 00:10:44.896] Malware execution started
[2025-05-27 00:10:44.896] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:11:44.904] Taking screenshot
[2025-05-27 00:11:44.965] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:12:18.990] Powering off VM done
[2025-05-27 00:12:21.990] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:12:23.219] Restoring snapshot 35 done
[2025-05-27 00:12:23.219] Kernel telemetry analysis completed in 113.7 seconds.

[2025-05-27 00:12:23.219] ✅ Analysis completed successfully!
[2025-05-27 00:12:23.219] Progress: 22.9% (322/1408)
[2025-05-27 00:12:23.219] Successful: 322, Failed: 0
[2025-05-27 00:12:23.219] Time remaining: 40.6h
[2025-05-27 00:12:23.219] Waiting 5 seconds before next sample...
[2025-05-27 00:12:28.219] SAMPLE 323/1408
[2025-05-27 00:12:28.219] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-27 00:12:28.219] File: c0514cd580275b54f5b1d69086c9f415e7afb805479bfea50251e82dc2e60e12.exe
[2025-05-27 00:12:28.219] Path: D:\new\ransomware_high_confidence\bluesky\c0514cd580275b54f5b1d69086c9f415e7afb805479bfea50251e82dc2e60e12.exe
[2025-05-27 00:12:28.219] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\c0514cd580275b54f5b1d69086c9f415e7afb805479bfea50251e82dc2e60e12.exe
[2025-05-27 00:12:28.219] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:12:29.970] Restoring snapshot 35 done
[2025-05-27 00:12:29.970] Starting up VM
[2025-05-27 00:12:35.712] Starting up VM done
[2025-05-27 00:12:35.712] Installing kernel driver
[2025-05-27 00:12:35.712] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:12:39.306] Kernel driver installation completed
[2025-05-27 00:12:39.307] Starting GP driver service
[2025-05-27 00:12:39.307] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:12:42.461] GP driver service started
[2025-05-27 00:12:42.461] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\c0514cd580275b54f5b1d69086c9f415e7afb805479bfea50251e82dc2e60e12.exe
[2025-05-27 00:12:42.461] Malware execution started
[2025-05-27 00:12:42.461] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:13:42.469] Taking screenshot
[2025-05-27 00:13:42.531] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:15:02.996] Powering off VM done
[2025-05-27 00:15:05.996] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:15:07.331] Restoring snapshot 35 done
[2025-05-27 00:15:07.331] Kernel telemetry analysis completed in 159.1 seconds.

[2025-05-27 00:15:07.331] ✅ Analysis completed successfully!
[2025-05-27 00:15:07.331] Progress: 22.9% (323/1408)
[2025-05-27 00:15:07.331] Successful: 323, Failed: 0
[2025-05-27 00:15:07.331] Time remaining: 40.6h
[2025-05-27 00:15:07.331] Waiting 5 seconds before next sample...
[2025-05-27 00:15:12.331] SAMPLE 324/1408
[2025-05-27 00:15:12.331] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-27 00:15:12.331] File: c75748dc544629a8a5d08c0d8ba7fda3508a3efdaed905ad800ffddbc8d3b8df.exe
[2025-05-27 00:15:12.331] Path: D:\new\ransomware_high_confidence\bluesky\c75748dc544629a8a5d08c0d8ba7fda3508a3efdaed905ad800ffddbc8d3b8df.exe
[2025-05-27 00:15:12.331] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\c75748dc544629a8a5d08c0d8ba7fda3508a3efdaed905ad800ffddbc8d3b8df.exe
[2025-05-27 00:15:12.331] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:15:13.868] Restoring snapshot 35 done
[2025-05-27 00:15:13.868] Starting up VM
[2025-05-27 00:15:19.831] Starting up VM done
[2025-05-27 00:15:19.831] Installing kernel driver
[2025-05-27 00:15:19.831] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:15:24.437] Kernel driver installation completed
[2025-05-27 00:15:24.437] Starting GP driver service
[2025-05-27 00:15:24.437] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:15:27.597] GP driver service started
[2025-05-27 00:15:27.597] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\c75748dc544629a8a5d08c0d8ba7fda3508a3efdaed905ad800ffddbc8d3b8df.exe
[2025-05-27 00:15:27.598] Malware execution started
[2025-05-27 00:15:27.598] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:16:27.606] Taking screenshot
[2025-05-27 00:16:27.669] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:17:08.268] Powering off VM done
[2025-05-27 00:17:11.268] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:17:12.299] Restoring snapshot 35 done
[2025-05-27 00:17:12.299] Kernel telemetry analysis completed in 120.0 seconds.

[2025-05-27 00:17:12.299] ✅ Analysis completed successfully!
[2025-05-27 00:17:12.299] Progress: 23.0% (324/1408)
[2025-05-27 00:17:12.299] Successful: 324, Failed: 0
[2025-05-27 00:17:12.299] Time remaining: 40.6h
[2025-05-27 00:17:12.299] Waiting 5 seconds before next sample...
[2025-05-27 00:17:17.299] SAMPLE 325/1408
[2025-05-27 00:17:17.299] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-27 00:17:17.299] File: d401be3ec0699cfdc1a16a9243ebc25181385e428122b0b1a283b7a8d47dd0bc.exe
[2025-05-27 00:17:17.299] Path: D:\new\ransomware_high_confidence\bluesky\d401be3ec0699cfdc1a16a9243ebc25181385e428122b0b1a283b7a8d47dd0bc.exe
[2025-05-27 00:17:17.299] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\d401be3ec0699cfdc1a16a9243ebc25181385e428122b0b1a283b7a8d47dd0bc.exe
[2025-05-27 00:17:17.299] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:17:18.472] Restoring snapshot 35 done
[2025-05-27 00:17:18.472] Starting up VM
[2025-05-27 00:17:25.004] Starting up VM done
[2025-05-27 00:17:25.004] Installing kernel driver
[2025-05-27 00:17:25.004] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:17:29.267] Kernel driver installation completed
[2025-05-27 00:17:29.267] Starting GP driver service
[2025-05-27 00:17:29.267] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:17:32.416] GP driver service started
[2025-05-27 00:17:32.416] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\d401be3ec0699cfdc1a16a9243ebc25181385e428122b0b1a283b7a8d47dd0bc.exe
[2025-05-27 00:17:32.417] Malware execution started
[2025-05-27 00:17:32.417] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:18:32.425] Taking screenshot
[2025-05-27 00:18:32.487] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:19:19.413] Powering off VM done
[2025-05-27 00:19:22.413] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:19:23.938] Restoring snapshot 35 done
[2025-05-27 00:19:23.938] Kernel telemetry analysis completed in 126.6 seconds.

[2025-05-27 00:19:23.938] ✅ Analysis completed successfully!
[2025-05-27 00:19:23.938] Progress: 23.1% (325/1408)
[2025-05-27 00:19:23.938] Successful: 325, Failed: 0
[2025-05-27 00:19:23.938] Time remaining: 40.5h
[2025-05-27 00:19:23.938] Waiting 5 seconds before next sample...
[2025-05-27 00:19:28.939] SAMPLE 326/1408
[2025-05-27 00:19:28.939] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-27 00:19:28.939] File: d4f4069b1c40a5b27ba0bc15c09dceb7035d054a022bb5d558850edfba0b9534.exe
[2025-05-27 00:19:28.939] Path: D:\new\ransomware_high_confidence\bluesky\d4f4069b1c40a5b27ba0bc15c09dceb7035d054a022bb5d558850edfba0b9534.exe
[2025-05-27 00:19:28.939] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\d4f4069b1c40a5b27ba0bc15c09dceb7035d054a022bb5d558850edfba0b9534.exe
[2025-05-27 00:19:28.939] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:19:30.862] Restoring snapshot 35 done
[2025-05-27 00:19:30.862] Starting up VM
[2025-05-27 00:19:36.853] Starting up VM done
[2025-05-27 00:19:36.853] Installing kernel driver
[2025-05-27 00:19:36.853] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:19:40.565] Kernel driver installation completed
[2025-05-27 00:19:40.565] Starting GP driver service
[2025-05-27 00:19:40.565] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:19:43.720] GP driver service started
[2025-05-27 00:19:43.720] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\d4f4069b1c40a5b27ba0bc15c09dceb7035d054a022bb5d558850edfba0b9534.exe
[2025-05-27 00:19:43.720] Malware execution started
[2025-05-27 00:19:43.720] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:20:43.728] Taking screenshot
[2025-05-27 00:20:43.791] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:21:11.059] Powering off VM done
[2025-05-27 00:21:14.059] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:21:14.583] Restoring snapshot 35 done
[2025-05-27 00:21:14.583] Kernel telemetry analysis completed in 105.6 seconds.

[2025-05-27 00:21:14.583] ✅ Analysis completed successfully!
[2025-05-27 00:21:14.583] Progress: 23.2% (326/1408)
[2025-05-27 00:21:14.583] Successful: 326, Failed: 0
[2025-05-27 00:21:14.583] Time remaining: 40.5h
[2025-05-27 00:21:14.583] Waiting 5 seconds before next sample...
[2025-05-27 00:21:19.583] SAMPLE 327/1408
[2025-05-27 00:21:19.583] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-27 00:21:19.583] File: d6386b2747335f7b0d13b1f69d995944ad8e9b71e09b036dbc0b907e583d857a.exe
[2025-05-27 00:21:19.583] Path: D:\new\ransomware_high_confidence\bluesky\d6386b2747335f7b0d13b1f69d995944ad8e9b71e09b036dbc0b907e583d857a.exe
[2025-05-27 00:21:19.583] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\d6386b2747335f7b0d13b1f69d995944ad8e9b71e09b036dbc0b907e583d857a.exe
[2025-05-27 00:21:19.583] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:21:21.540] Restoring snapshot 35 done
[2025-05-27 00:21:21.540] Starting up VM
[2025-05-27 00:21:27.709] Starting up VM done
[2025-05-27 00:21:27.709] Installing kernel driver
[2025-05-27 00:21:27.709] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:21:30.897] Kernel driver installation completed
[2025-05-27 00:21:30.897] Starting GP driver service
[2025-05-27 00:21:30.897] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:21:34.052] GP driver service started
[2025-05-27 00:21:34.053] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\d6386b2747335f7b0d13b1f69d995944ad8e9b71e09b036dbc0b907e583d857a.exe
[2025-05-27 00:21:34.053] Malware execution started
[2025-05-27 00:21:34.053] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:22:34.061] Taking screenshot
[2025-05-27 00:22:34.126] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:23:08.470] Powering off VM done
[2025-05-27 00:23:11.471] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:23:12.897] Restoring snapshot 35 done
[2025-05-27 00:23:12.897] Kernel telemetry analysis completed in 113.3 seconds.

[2025-05-27 00:23:12.897] ✅ Analysis completed successfully!
[2025-05-27 00:23:12.897] Progress: 23.2% (327/1408)
[2025-05-27 00:23:12.897] Successful: 327, Failed: 0
[2025-05-27 00:23:12.897] Time remaining: 40.4h
[2025-05-27 00:23:12.897] Waiting 5 seconds before next sample...
[2025-05-27 00:23:17.897] SAMPLE 328/1408
[2025-05-27 00:23:17.897] Family: D:\new\ransomware_high_confidence\bluesky
[2025-05-27 00:23:17.897] File: e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de364f.exe
[2025-05-27 00:23:17.897] Path: D:\new\ransomware_high_confidence\bluesky\e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de364f.exe
[2025-05-27 00:23:17.897] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\bluesky\e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de364f.exe
[2025-05-27 00:23:17.897] Malware execution tim

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:23:19.648] Restoring snapshot 35 done
[2025-05-27 00:23:19.648] Starting up VM
[2025-05-27 00:23:26.254] Starting up VM done
[2025-05-27 00:23:26.254] Installing kernel driver
[2025-05-27 00:23:26.254] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:23:30.556] Kernel driver installation completed
[2025-05-27 00:23:30.556] Starting GP driver service
[2025-05-27 00:23:30.556] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:23:33.711] GP driver service started
[2025-05-27 00:23:33.711] Executing malware sample: D:\new\ransomware_high_confidence\bluesky\e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de364f.exe
[2025-05-27 00:23:33.712] Malware execution started
[2025-05-27 00:23:33.712] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:24:33.720] Taking screenshot
[2025-05-27 00:24:33.782] Taking

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:25:44.186] Powering off VM done
[2025-05-27 00:25:47.186] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:25:48.388] Restoring snapshot 35 done
[2025-05-27 00:25:48.388] Kernel telemetry analysis completed in 150.5 seconds.

[2025-05-27 00:25:48.388] ✅ Analysis completed successfully!
[2025-05-27 00:25:48.388] Progress: 23.3% (328/1408)
[2025-05-27 00:25:48.388] Successful: 328, Failed: 0
[2025-05-27 00:25:48.388] Time remaining: 40.4h
[2025-05-27 00:25:48.388] Waiting 5 seconds before next sample...
[2025-05-27 00:25:53.389] SAMPLE 329/1408
[2025-05-27 00:25:53.389] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:25:53.389] File: 00e815ade8f3ad89a7726da8edd168df13f96ccb6c3daaf995aa9428bfb9ecf1.exe
[2025-05-27 00:25:53.389] Path: D:\new\ransomware_high_confidence\clop\00e815ade8f3ad89a7726da8edd168df13f96ccb6c3daaf995aa9428bfb9ecf1.exe
[2025-05-27 00:25:53.389] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\00e815ade8f3ad89a7726da8edd168df13f96ccb6c3daaf995aa9428bfb9ecf1.exe
[2025-05-27 00:25:53.389] Malware execution time: 60 sec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:25:54.935] Restoring snapshot 35 done
[2025-05-27 00:25:54.935] Starting up VM
[2025-05-27 00:26:01.168] Starting up VM done
[2025-05-27 00:26:01.168] Installing kernel driver
[2025-05-27 00:26:01.168] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:26:05.065] Kernel driver installation completed
[2025-05-27 00:26:05.065] Starting GP driver service
[2025-05-27 00:26:05.065] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:26:08.219] GP driver service started
[2025-05-27 00:26:08.219] Executing malware sample: D:\new\ransomware_high_confidence\clop\00e815ade8f3ad89a7726da8edd168df13f96ccb6c3daaf995aa9428bfb9ecf1.exe
[2025-05-27 00:26:08.219] Malware execution started
[2025-05-27 00:26:08.219] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:27:08.227] Taking screenshot
[2025-05-27 00:27:08.290] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:27:26.284] Powering off VM done
[2025-05-27 00:27:29.284] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:27:30.875] Restoring snapshot 35 done
[2025-05-27 00:27:30.875] Kernel telemetry analysis completed in 97.5 seconds.

[2025-05-27 00:27:30.875] ✅ Analysis completed successfully!
[2025-05-27 00:27:30.876] Progress: 23.4% (329/1408)
[2025-05-27 00:27:30.876] Successful: 329, Failed: 0
[2025-05-27 00:27:30.876] Time remaining: 40.3h
[2025-05-27 00:27:30.876] Waiting 5 seconds before next sample...
[2025-05-27 00:27:35.876] SAMPLE 330/1408
[2025-05-27 00:27:35.876] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:27:35.876] File: 04e97922edd766b69fecf42370b52f81fe9efd7927e16eb8374042f565430365.exe
[2025-05-27 00:27:35.876] Path: D:\new\ransomware_high_confidence\clop\04e97922edd766b69fecf42370b52f81fe9efd7927e16eb8374042f565430365.exe
[2025-05-27 00:27:35.876] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\04e97922edd766b69fecf42370b52f81fe9efd7927e16eb8374042f565430365.exe
[2025-05-27 00:27:35.876] Malware execution time: 60 seco

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:27:37.624] Restoring snapshot 35 done
[2025-05-27 00:27:37.624] Starting up VM
[2025-05-27 00:27:43.488] Starting up VM done
[2025-05-27 00:27:43.488] Installing kernel driver
[2025-05-27 00:27:43.488] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:27:47.699] Kernel driver installation completed
[2025-05-27 00:27:47.699] Starting GP driver service
[2025-05-27 00:27:47.699] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:27:50.861] GP driver service started
[2025-05-27 00:27:50.861] Executing malware sample: D:\new\ransomware_high_confidence\clop\04e97922edd766b69fecf42370b52f81fe9efd7927e16eb8374042f565430365.exe
[2025-05-27 00:27:50.861] Malware execution started
[2025-05-27 00:27:50.861] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:28:50.870] Taking screenshot
[2025-05-27 00:28:50.933] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:29:07.879] Powering off VM done
[2025-05-27 00:29:10.879] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:29:12.431] Restoring snapshot 35 done
[2025-05-27 00:29:12.431] Kernel telemetry analysis completed in 96.6 seconds.

[2025-05-27 00:29:12.431] ✅ Analysis completed successfully!
[2025-05-27 00:29:12.431] Progress: 23.4% (330/1408)
[2025-05-27 00:29:12.431] Successful: 330, Failed: 0
[2025-05-27 00:29:12.431] Time remaining: 40.3h
[2025-05-27 00:29:12.431] Waiting 5 seconds before next sample...
[2025-05-27 00:29:17.432] SAMPLE 331/1408
[2025-05-27 00:29:17.432] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:29:17.432] File: 0778c67835cce4819fecc56c1059c791c0cf023a3a2c4db0ac696d1c3966f9e2.exe
[2025-05-27 00:29:17.432] Path: D:\new\ransomware_high_confidence\clop\0778c67835cce4819fecc56c1059c791c0cf023a3a2c4db0ac696d1c3966f9e2.exe
[2025-05-27 00:29:17.432] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\0778c67835cce4819fecc56c1059c791c0cf023a3a2c4db0ac696d1c3966f9e2.exe
[2025-05-27 00:29:17.432] Malware execution time: 60 seco

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:29:18.998] Restoring snapshot 35 done
[2025-05-27 00:29:18.998] Starting up VM
[2025-05-27 00:29:25.434] Starting up VM done
[2025-05-27 00:29:25.434] Installing kernel driver
[2025-05-27 00:29:25.434] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:29:29.876] Kernel driver installation completed
[2025-05-27 00:29:29.876] Starting GP driver service
[2025-05-27 00:29:29.876] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:29:33.025] GP driver service started
[2025-05-27 00:29:33.025] Executing malware sample: D:\new\ransomware_high_confidence\clop\0778c67835cce4819fecc56c1059c791c0cf023a3a2c4db0ac696d1c3966f9e2.exe
[2025-05-27 00:29:33.025] Malware execution started
[2025-05-27 00:29:33.025] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:30:33.034] Taking screenshot
[2025-05-27 00:30:33.098] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:30:52.169] Powering off VM done
[2025-05-27 00:30:55.169] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:30:56.672] Restoring snapshot 35 done
[2025-05-27 00:30:56.672] Kernel telemetry analysis completed in 99.2 seconds.

[2025-05-27 00:30:56.672] ✅ Analysis completed successfully!
[2025-05-27 00:30:56.672] Progress: 23.5% (331/1408)
[2025-05-27 00:30:56.672] Successful: 331, Failed: 0
[2025-05-27 00:30:56.672] Time remaining: 40.2h
[2025-05-27 00:30:56.672] Waiting 5 seconds before next sample...
[2025-05-27 00:31:01.672] SAMPLE 332/1408
[2025-05-27 00:31:01.672] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:31:01.672] File: 07d7a103b08ef363d8b8c3c8ce320c8256d45db08c26d440a9a4ca74d7b46e62.exe
[2025-05-27 00:31:01.672] Path: D:\new\ransomware_high_confidence\clop\07d7a103b08ef363d8b8c3c8ce320c8256d45db08c26d440a9a4ca74d7b46e62.exe
[2025-05-27 00:31:01.672] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\07d7a103b08ef363d8b8c3c8ce320c8256d45db08c26d440a9a4ca74d7b46e62.exe
[2025-05-27 00:31:01.672] Malware execution time: 60 seco

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:31:03.216] Restoring snapshot 35 done
[2025-05-27 00:31:03.216] Starting up VM
[2025-05-27 00:31:09.131] Starting up VM done
[2025-05-27 00:31:09.131] Installing kernel driver
[2025-05-27 00:31:09.131] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:31:13.573] Kernel driver installation completed
[2025-05-27 00:31:13.573] Starting GP driver service
[2025-05-27 00:31:13.573] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:31:16.733] GP driver service started
[2025-05-27 00:31:16.733] Executing malware sample: D:\new\ransomware_high_confidence\clop\07d7a103b08ef363d8b8c3c8ce320c8256d45db08c26d440a9a4ca74d7b46e62.exe
[2025-05-27 00:31:16.733] Malware execution started
[2025-05-27 00:31:16.733] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:32:16.742] Taking screenshot
[2025-05-27 00:32:16.804] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:32:34.924] Powering off VM done
[2025-05-27 00:32:37.924] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:32:39.248] Restoring snapshot 35 done
[2025-05-27 00:32:39.248] Kernel telemetry analysis completed in 97.6 seconds.

[2025-05-27 00:32:39.248] ✅ Analysis completed successfully!
[2025-05-27 00:32:39.248] Progress: 23.6% (332/1408)
[2025-05-27 00:32:39.248] Successful: 332, Failed: 0
[2025-05-27 00:32:39.248] Time remaining: 40.1h
[2025-05-27 00:32:39.248] Waiting 5 seconds before next sample...
[2025-05-27 00:32:44.248] SAMPLE 333/1408
[2025-05-27 00:32:44.248] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:32:44.248] File: 09ab880f3021ac2d05e09bebd567ddf5f6f7cfb396573efd819a056931f3b391.exe
[2025-05-27 00:32:44.248] Path: D:\new\ransomware_high_confidence\clop\09ab880f3021ac2d05e09bebd567ddf5f6f7cfb396573efd819a056931f3b391.exe
[2025-05-27 00:32:44.248] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\09ab880f3021ac2d05e09bebd567ddf5f6f7cfb396573efd819a056931f3b391.exe
[2025-05-27 00:32:44.248] Malware execution time: 60 seco

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:32:46.105] Restoring snapshot 35 done
[2025-05-27 00:32:46.105] Starting up VM
[2025-05-27 00:32:52.207] Starting up VM done
[2025-05-27 00:32:52.207] Installing kernel driver
[2025-05-27 00:32:52.207] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:32:56.058] Kernel driver installation completed
[2025-05-27 00:32:56.058] Starting GP driver service
[2025-05-27 00:32:56.058] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:32:59.208] GP driver service started
[2025-05-27 00:32:59.208] Executing malware sample: D:\new\ransomware_high_confidence\clop\09ab880f3021ac2d05e09bebd567ddf5f6f7cfb396573efd819a056931f3b391.exe
[2025-05-27 00:32:59.209] Malware execution started
[2025-05-27 00:32:59.209] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:33:59.217] Taking screenshot
[2025-05-27 00:33:59.280] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:34:14.913] Powering off VM done
[2025-05-27 00:34:17.913] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:34:19.520] Restoring snapshot 35 done
[2025-05-27 00:34:19.520] Kernel telemetry analysis completed in 95.3 seconds.

[2025-05-27 00:34:19.520] ✅ Analysis completed successfully!
[2025-05-27 00:34:19.520] Progress: 23.7% (333/1408)
[2025-05-27 00:34:19.520] Successful: 333, Failed: 0
[2025-05-27 00:34:19.520] Time remaining: 40.1h
[2025-05-27 00:34:19.520] Waiting 5 seconds before next sample...
[2025-05-27 00:34:24.521] SAMPLE 334/1408
[2025-05-27 00:34:24.521] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:34:24.521] File: 0d19f60423cb2128555e831dc340152f9588c99f3e47d64f0bb4206a6213d579.exe
[2025-05-27 00:34:24.521] Path: D:\new\ransomware_high_confidence\clop\0d19f60423cb2128555e831dc340152f9588c99f3e47d64f0bb4206a6213d579.exe
[2025-05-27 00:34:24.521] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\0d19f60423cb2128555e831dc340152f9588c99f3e47d64f0bb4206a6213d579.exe
[2025-05-27 00:34:24.521] Malware execution time: 60 seco

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:34:26.056] Restoring snapshot 35 done
[2025-05-27 00:34:26.056] Starting up VM
[2025-05-27 00:34:32.198] Starting up VM done
[2025-05-27 00:34:32.199] Installing kernel driver
[2025-05-27 00:34:32.199] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:34:36.669] Kernel driver installation completed
[2025-05-27 00:34:36.669] Starting GP driver service
[2025-05-27 00:34:36.669] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:34:39.830] GP driver service started
[2025-05-27 00:34:39.830] Executing malware sample: D:\new\ransomware_high_confidence\clop\0d19f60423cb2128555e831dc340152f9588c99f3e47d64f0bb4206a6213d579.exe
[2025-05-27 00:34:39.831] Malware execution started
[2025-05-27 00:34:39.831] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:35:39.839] Taking screenshot
[2025-05-27 00:35:39.901] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:36:00.501] Powering off VM done
[2025-05-27 00:36:03.502] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:36:05.284] Restoring snapshot 35 done
[2025-05-27 00:36:05.284] Kernel telemetry analysis completed in 100.8 seconds.

[2025-05-27 00:36:05.284] ✅ Analysis completed successfully!
[2025-05-27 00:36:05.284] Progress: 23.7% (334/1408)
[2025-05-27 00:36:05.284] Successful: 334, Failed: 0
[2025-05-27 00:36:05.284] Time remaining: 40.0h
[2025-05-27 00:36:05.284] Waiting 5 seconds before next sample...
[2025-05-27 00:36:10.284] SAMPLE 335/1408
[2025-05-27 00:36:10.284] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:36:10.284] File: 0e3fd4f37b395b9177ccec786f339dd2dc3a539f69b49ac41e55ca21ead7fe73.exe
[2025-05-27 00:36:10.284] Path: D:\new\ransomware_high_confidence\clop\0e3fd4f37b395b9177ccec786f339dd2dc3a539f69b49ac41e55ca21ead7fe73.exe
[2025-05-27 00:36:10.284] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\0e3fd4f37b395b9177ccec786f339dd2dc3a539f69b49ac41e55ca21ead7fe73.exe
[2025-05-27 00:36:10.284] Malware execution time: 60 sec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:36:11.649] Restoring snapshot 35 done
[2025-05-27 00:36:11.649] Starting up VM
[2025-05-27 00:36:17.938] Starting up VM done
[2025-05-27 00:36:17.939] Installing kernel driver
[2025-05-27 00:36:17.939] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:36:22.259] Kernel driver installation completed
[2025-05-27 00:36:22.260] Starting GP driver service
[2025-05-27 00:36:22.260] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:36:25.416] GP driver service started
[2025-05-27 00:36:25.416] Executing malware sample: D:\new\ransomware_high_confidence\clop\0e3fd4f37b395b9177ccec786f339dd2dc3a539f69b49ac41e55ca21ead7fe73.exe
[2025-05-27 00:36:25.417] Malware execution started
[2025-05-27 00:36:25.417] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:37:25.424] Taking screenshot
[2025-05-27 00:37:25.486] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:37:46.124] Powering off VM done
[2025-05-27 00:37:49.125] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:37:50.942] Restoring snapshot 35 done
[2025-05-27 00:37:50.942] Kernel telemetry analysis completed in 100.7 seconds.

[2025-05-27 00:37:50.942] ✅ Analysis completed successfully!
[2025-05-27 00:37:50.942] Progress: 23.8% (335/1408)
[2025-05-27 00:37:50.942] Successful: 335, Failed: 0
[2025-05-27 00:37:50.942] Time remaining: 40.0h
[2025-05-27 00:37:50.942] Waiting 5 seconds before next sample...
[2025-05-27 00:37:55.943] SAMPLE 336/1408
[2025-05-27 00:37:55.943] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:37:55.943] File: 111773fea3e49a77d35abfbeffc2b33fd4b0527d36a643f34be123850ae51fb9.exe
[2025-05-27 00:37:55.943] Path: D:\new\ransomware_high_confidence\clop\111773fea3e49a77d35abfbeffc2b33fd4b0527d36a643f34be123850ae51fb9.exe
[2025-05-27 00:37:55.943] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\111773fea3e49a77d35abfbeffc2b33fd4b0527d36a643f34be123850ae51fb9.exe
[2025-05-27 00:37:55.943] Malware execution time: 60 sec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:37:56.960] Restoring snapshot 35 done
[2025-05-27 00:37:56.960] Starting up VM
[2025-05-27 00:38:02.964] Starting up VM done
[2025-05-27 00:38:02.964] Installing kernel driver
[2025-05-27 00:38:02.964] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:38:07.382] Kernel driver installation completed
[2025-05-27 00:38:07.382] Starting GP driver service
[2025-05-27 00:38:07.382] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:38:10.529] GP driver service started
[2025-05-27 00:38:10.529] Executing malware sample: D:\new\ransomware_high_confidence\clop\111773fea3e49a77d35abfbeffc2b33fd4b0527d36a643f34be123850ae51fb9.exe
[2025-05-27 00:38:10.529] Malware execution started
[2025-05-27 00:38:10.529] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:39:10.538] Taking screenshot
[2025-05-27 00:39:10.600] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:39:28.623] Powering off VM done
[2025-05-27 00:39:31.623] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:39:33.541] Restoring snapshot 35 done
[2025-05-27 00:39:33.541] Kernel telemetry analysis completed in 97.6 seconds.

[2025-05-27 00:39:33.541] ✅ Analysis completed successfully!
[2025-05-27 00:39:33.541] Progress: 23.9% (336/1408)
[2025-05-27 00:39:33.541] Successful: 336, Failed: 0
[2025-05-27 00:39:33.541] Time remaining: 39.9h
[2025-05-27 00:39:33.541] Waiting 5 seconds before next sample...
[2025-05-27 00:39:38.541] SAMPLE 337/1408
[2025-05-27 00:39:38.541] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:39:38.541] File: 128f74421cf96f74d721c1ba4c65b5ca262b3bdd9f96a90090ae4b2f092bc60f.exe
[2025-05-27 00:39:38.541] Path: D:\new\ransomware_high_confidence\clop\128f74421cf96f74d721c1ba4c65b5ca262b3bdd9f96a90090ae4b2f092bc60f.exe
[2025-05-27 00:39:38.541] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\128f74421cf96f74d721c1ba4c65b5ca262b3bdd9f96a90090ae4b2f092bc60f.exe
[2025-05-27 00:39:38.541] Malware execution time: 60 seco

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:39:40.400] Restoring snapshot 35 done
[2025-05-27 00:39:40.400] Starting up VM
[2025-05-27 00:39:46.652] Starting up VM done
[2025-05-27 00:39:46.652] Installing kernel driver
[2025-05-27 00:39:46.652] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:39:50.897] Kernel driver installation completed
[2025-05-27 00:39:50.897] Starting GP driver service
[2025-05-27 00:39:50.897] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:39:54.054] GP driver service started
[2025-05-27 00:39:54.054] Executing malware sample: D:\new\ransomware_high_confidence\clop\128f74421cf96f74d721c1ba4c65b5ca262b3bdd9f96a90090ae4b2f092bc60f.exe
[2025-05-27 00:39:54.054] Malware execution started
[2025-05-27 00:39:54.054] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:40:54.062] Taking screenshot
[2025-05-27 00:40:54.125] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:41:09.223] Powering off VM done
[2025-05-27 00:41:12.223] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:41:13.243] Restoring snapshot 35 done
[2025-05-27 00:41:13.243] Kernel telemetry analysis completed in 94.7 seconds.

[2025-05-27 00:41:13.243] ✅ Analysis completed successfully!
[2025-05-27 00:41:13.243] Progress: 23.9% (337/1408)
[2025-05-27 00:41:13.243] Successful: 337, Failed: 0
[2025-05-27 00:41:13.243] Time remaining: 39.8h
[2025-05-27 00:41:13.243] Waiting 5 seconds before next sample...
[2025-05-27 00:41:18.243] SAMPLE 338/1408
[2025-05-27 00:41:18.243] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:41:18.243] File: 15f9ed36d9efc6e570b4f506791ce2c6a849853e2f6d587f30fb12d39dba2649.exe
[2025-05-27 00:41:18.243] Path: D:\new\ransomware_high_confidence\clop\15f9ed36d9efc6e570b4f506791ce2c6a849853e2f6d587f30fb12d39dba2649.exe
[2025-05-27 00:41:18.243] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\15f9ed36d9efc6e570b4f506791ce2c6a849853e2f6d587f30fb12d39dba2649.exe
[2025-05-27 00:41:18.243] Malware execution time: 60 seco

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:41:20.572] Restoring snapshot 35 done
[2025-05-27 00:41:20.572] Starting up VM
[2025-05-27 00:41:26.670] Starting up VM done
[2025-05-27 00:41:26.670] Installing kernel driver
[2025-05-27 00:41:26.670] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:41:30.916] Kernel driver installation completed
[2025-05-27 00:41:30.916] Starting GP driver service
[2025-05-27 00:41:30.916] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:41:34.067] GP driver service started
[2025-05-27 00:41:34.068] Executing malware sample: D:\new\ransomware_high_confidence\clop\15f9ed36d9efc6e570b4f506791ce2c6a849853e2f6d587f30fb12d39dba2649.exe
[2025-05-27 00:41:34.068] Malware execution started
[2025-05-27 00:41:34.068] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:42:34.077] Taking screenshot
[2025-05-27 00:42:34.140] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:42:50.289] Powering off VM done
[2025-05-27 00:42:53.290] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:42:53.761] Restoring snapshot 35 done
[2025-05-27 00:42:53.762] Kernel telemetry analysis completed in 95.5 seconds.

[2025-05-27 00:42:53.762] ✅ Analysis completed successfully!
[2025-05-27 00:42:53.762] Progress: 24.0% (338/1408)
[2025-05-27 00:42:53.762] Successful: 338, Failed: 0
[2025-05-27 00:42:53.762] Time remaining: 39.8h
[2025-05-27 00:42:53.762] Waiting 5 seconds before next sample...
[2025-05-27 00:42:58.762] SAMPLE 339/1408
[2025-05-27 00:42:58.762] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:42:58.762] File: 1e5a161314bc521356f821200004f9af454ac027e34e25d2961320956be0791b.exe
[2025-05-27 00:42:58.762] Path: D:\new\ransomware_high_confidence\clop\1e5a161314bc521356f821200004f9af454ac027e34e25d2961320956be0791b.exe
[2025-05-27 00:42:58.762] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\1e5a161314bc521356f821200004f9af454ac027e34e25d2961320956be0791b.exe
[2025-05-27 00:42:58.762] Malware execution time: 60 seco

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:43:00.377] Restoring snapshot 35 done
[2025-05-27 00:43:00.377] Starting up VM
[2025-05-27 00:43:06.724] Starting up VM done
[2025-05-27 00:43:06.724] Installing kernel driver
[2025-05-27 00:43:06.724] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:43:10.487] Kernel driver installation completed
[2025-05-27 00:43:10.487] Starting GP driver service
[2025-05-27 00:43:10.487] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:43:13.639] GP driver service started
[2025-05-27 00:43:13.639] Executing malware sample: D:\new\ransomware_high_confidence\clop\1e5a161314bc521356f821200004f9af454ac027e34e25d2961320956be0791b.exe
[2025-05-27 00:43:13.640] Malware execution started
[2025-05-27 00:43:13.640] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:44:13.647] Taking screenshot
[2025-05-27 00:44:13.709] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:44:30.746] Powering off VM done
[2025-05-27 00:44:33.746] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:44:35.190] Restoring snapshot 35 done
[2025-05-27 00:44:35.190] Kernel telemetry analysis completed in 96.4 seconds.

[2025-05-27 00:44:35.190] ✅ Analysis completed successfully!
[2025-05-27 00:44:35.190] Progress: 24.1% (339/1408)
[2025-05-27 00:44:35.190] Successful: 339, Failed: 0
[2025-05-27 00:44:35.190] Time remaining: 39.7h
[2025-05-27 00:44:35.190] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-27 00:44:40.190] SAMPLE 340/1408
[2025-05-27 00:44:40.190] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:44:40.190] File: 220c50ccf6a9d9727e9f442df42469f027d9f7a2ea833319971746280023bb0c.exe
[2025-05-27 00:44:40.190] Path: D:\new\ransomware_high_confidence\clop\220c50ccf6a9d9727e9f442df42469f027d9f7a2ea833319971746280023bb0c.exe
[2025-05-27 00:44:40.191] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\220c50ccf6a9d9727e9f442df42469f027d9f7a2ea833319971746280023bb0c.exe
[2025-05-27 00:44:40.191] Malware execution time: 60 seconds
[2025-05-27 00:44:40.191] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:44:41.805] Restoring snapshot 35 done
[2025-05-27 00:44:41.805] Starting up VM
[2025-05-27 00:44:48.340] Starting up VM done
[2025-05-27 00:44:48.340] Installing kernel driver
[2025-05-27 00:44:48.340] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:44:52.788] Kernel driver installation completed
[2025-05-27 00:44:52.788] Starting GP driver service
[2025-05-27 00:44:52.788] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:44:55.935] GP driver service started
[2025-05-27 00:44:55.936] Executing malware sample: D:\new\ransomware_high_confidence\clop\220c50ccf6a9d9727e9f442df42469f027d9f7a2ea833319971746280023bb0c.exe
[2025-05-27 00:44:55.936] Malware execution started
[2025-05-27 00:44:55.936] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:45:55.944] Taking screenshot
[2025-05-27 00:45:56.008] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:46:13.940] Powering off VM done
[2025-05-27 00:46:16.940] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:46:18.330] Restoring snapshot 35 done
[2025-05-27 00:46:18.330] Kernel telemetry analysis completed in 98.1 seconds.

[2025-05-27 00:46:18.330] ✅ Analysis completed successfully!
[2025-05-27 00:46:18.330] Progress: 24.1% (340/1408)
[2025-05-27 00:46:18.330] Successful: 340, Failed: 0
[2025-05-27 00:46:18.330] Time remaining: 39.6h
[2025-05-27 00:46:18.330] Waiting 5 seconds before next sample...
[2025-05-27 00:46:23.330] SAMPLE 341/1408
[2025-05-27 00:46:23.330] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:46:23.330] File: 2f29950640d024779134334cad79e2013871afa08c7be94356694db12ee437e2.exe
[2025-05-27 00:46:23.330] Path: D:\new\ransomware_high_confidence\clop\2f29950640d024779134334cad79e2013871afa08c7be94356694db12ee437e2.exe
[2025-05-27 00:46:23.331] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\2f29950640d024779134334cad79e2013871afa08c7be94356694db12ee437e2.exe
[2025-05-27 00:46:23.331] Malware execution time: 60 seco

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:46:24.960] Restoring snapshot 35 done
[2025-05-27 00:46:24.960] Starting up VM
[2025-05-27 00:46:31.566] Starting up VM done
[2025-05-27 00:46:31.566] Installing kernel driver
[2025-05-27 00:46:31.566] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:46:35.946] Kernel driver installation completed
[2025-05-27 00:46:35.946] Starting GP driver service
[2025-05-27 00:46:35.946] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:46:39.104] GP driver service started
[2025-05-27 00:46:39.104] Executing malware sample: D:\new\ransomware_high_confidence\clop\2f29950640d024779134334cad79e2013871afa08c7be94356694db12ee437e2.exe
[2025-05-27 00:46:39.104] Malware execution started
[2025-05-27 00:46:39.104] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:47:39.113] Taking screenshot
[2025-05-27 00:47:39.175] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:47:56.088] Powering off VM done
[2025-05-27 00:47:59.088] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:47:59.949] Restoring snapshot 35 done
[2025-05-27 00:47:59.949] Kernel telemetry analysis completed in 96.6 seconds.

[2025-05-27 00:47:59.949] ✅ Analysis completed successfully!
[2025-05-27 00:47:59.949] Progress: 24.2% (341/1408)
[2025-05-27 00:47:59.949] Successful: 341, Failed: 0
[2025-05-27 00:47:59.949] Time remaining: 39.6h
[2025-05-27 00:47:59.949] Waiting 5 seconds before next sample...
[2025-05-27 00:48:04.949] SAMPLE 342/1408
[2025-05-27 00:48:04.949] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:48:04.949] File: 3320f11728458d01eef62e10e48897ec1c2277c1fe1aa2d471a16b4dccfc1207.exe
[2025-05-27 00:48:04.949] Path: D:\new\ransomware_high_confidence\clop\3320f11728458d01eef62e10e48897ec1c2277c1fe1aa2d471a16b4dccfc1207.exe
[2025-05-27 00:48:04.950] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\3320f11728458d01eef62e10e48897ec1c2277c1fe1aa2d471a16b4dccfc1207.exe
[2025-05-27 00:48:04.950] Malware execution time: 60 seco

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:48:06.415] Restoring snapshot 35 done
[2025-05-27 00:48:06.415] Starting up VM
[2025-05-27 00:48:12.735] Starting up VM done
[2025-05-27 00:48:12.735] Installing kernel driver
[2025-05-27 00:48:12.735] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:48:17.266] Kernel driver installation completed
[2025-05-27 00:48:17.266] Starting GP driver service
[2025-05-27 00:48:17.266] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:48:20.418] GP driver service started
[2025-05-27 00:48:20.418] Executing malware sample: D:\new\ransomware_high_confidence\clop\3320f11728458d01eef62e10e48897ec1c2277c1fe1aa2d471a16b4dccfc1207.exe
[2025-05-27 00:48:20.418] Malware execution started
[2025-05-27 00:48:20.418] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:49:20.426] Taking screenshot
[2025-05-27 00:49:20.491] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:49:36.756] Powering off VM done
[2025-05-27 00:49:39.757] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:49:40.786] Restoring snapshot 35 done
[2025-05-27 00:49:40.786] Kernel telemetry analysis completed in 95.8 seconds.

[2025-05-27 00:49:40.786] ✅ Analysis completed successfully!
[2025-05-27 00:49:40.786] Progress: 24.3% (342/1408)
[2025-05-27 00:49:40.786] Successful: 342, Failed: 0
[2025-05-27 00:49:40.786] Time remaining: 39.5h
[2025-05-27 00:49:40.786] Waiting 5 seconds before next sample...
[2025-05-27 00:49:45.786] SAMPLE 343/1408
[2025-05-27 00:49:45.786] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:49:45.787] File: 389e03b1a1fd1c527d48df74d3c26a0483a5b105f36841193172f1ee80e62c1b.exe
[2025-05-27 00:49:45.787] Path: D:\new\ransomware_high_confidence\clop\389e03b1a1fd1c527d48df74d3c26a0483a5b105f36841193172f1ee80e62c1b.exe
[2025-05-27 00:49:45.787] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\389e03b1a1fd1c527d48df74d3c26a0483a5b105f36841193172f1ee80e62c1b.exe
[2025-05-27 00:49:45.787] Malware execution time: 60 seco

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:49:47.677] Restoring snapshot 35 done
[2025-05-27 00:49:47.677] Starting up VM
[2025-05-27 00:49:54.212] Starting up VM done
[2025-05-27 00:49:54.212] Installing kernel driver
[2025-05-27 00:49:54.212] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:49:58.710] Kernel driver installation completed
[2025-05-27 00:49:58.710] Starting GP driver service
[2025-05-27 00:49:58.710] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:50:01.869] GP driver service started
[2025-05-27 00:50:01.869] Executing malware sample: D:\new\ransomware_high_confidence\clop\389e03b1a1fd1c527d48df74d3c26a0483a5b105f36841193172f1ee80e62c1b.exe
[2025-05-27 00:50:01.869] Malware execution started
[2025-05-27 00:50:01.869] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:51:01.878] Taking screenshot
[2025-05-27 00:51:01.941] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:51:18.098] Powering off VM done
[2025-05-27 00:51:21.099] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:51:22.672] Restoring snapshot 35 done
[2025-05-27 00:51:22.672] Kernel telemetry analysis completed in 96.9 seconds.

[2025-05-27 00:51:22.672] ✅ Analysis completed successfully!
[2025-05-27 00:51:22.672] Progress: 24.4% (343/1408)
[2025-05-27 00:51:22.672] Successful: 343, Failed: 0
[2025-05-27 00:51:22.672] Time remaining: 39.4h
[2025-05-27 00:51:22.672] Waiting 5 seconds before next sample...
[2025-05-27 00:51:27.672] SAMPLE 344/1408
[2025-05-27 00:51:27.672] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:51:27.672] File: 3d94c4a92382c5c45062d8ea0517be4011be8ba42e9c9a614a99327d0ebdf05b.exe
[2025-05-27 00:51:27.672] Path: D:\new\ransomware_high_confidence\clop\3d94c4a92382c5c45062d8ea0517be4011be8ba42e9c9a614a99327d0ebdf05b.exe
[2025-05-27 00:51:27.672] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\3d94c4a92382c5c45062d8ea0517be4011be8ba42e9c9a614a99327d0ebdf05b.exe
[2025-05-27 00:51:27.672] Malware execution time: 60 seco

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:51:29.494] Restoring snapshot 35 done
[2025-05-27 00:51:29.494] Starting up VM
[2025-05-27 00:51:36.116] Starting up VM done
[2025-05-27 00:51:36.116] Installing kernel driver
[2025-05-27 00:51:36.116] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:51:40.281] Kernel driver installation completed
[2025-05-27 00:51:40.281] Starting GP driver service
[2025-05-27 00:51:40.281] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:51:43.428] GP driver service started
[2025-05-27 00:51:43.429] Executing malware sample: D:\new\ransomware_high_confidence\clop\3d94c4a92382c5c45062d8ea0517be4011be8ba42e9c9a614a99327d0ebdf05b.exe
[2025-05-27 00:51:43.429] Malware execution started
[2025-05-27 00:51:43.429] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:52:43.437] Taking screenshot
[2025-05-27 00:52:43.500] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:53:00.371] Powering off VM done
[2025-05-27 00:53:03.372] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:53:05.086] Restoring snapshot 35 done
[2025-05-27 00:53:05.086] Kernel telemetry analysis completed in 97.4 seconds.

[2025-05-27 00:53:05.086] ✅ Analysis completed successfully!
[2025-05-27 00:53:05.086] Progress: 24.4% (344/1408)
[2025-05-27 00:53:05.086] Successful: 344, Failed: 0
[2025-05-27 00:53:05.086] Time remaining: 39.4h
[2025-05-27 00:53:05.086] Waiting 5 seconds before next sample...
[2025-05-27 00:53:10.086] SAMPLE 345/1408
[2025-05-27 00:53:10.086] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:53:10.086] File: 428988730867a648960bc25c6b0f73431e9beb028331dfa7b5f5760a5042c12d.exe
[2025-05-27 00:53:10.086] Path: D:\new\ransomware_high_confidence\clop\428988730867a648960bc25c6b0f73431e9beb028331dfa7b5f5760a5042c12d.exe
[2025-05-27 00:53:10.086] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\428988730867a648960bc25c6b0f73431e9beb028331dfa7b5f5760a5042c12d.exe
[2025-05-27 00:53:10.086] Malware execution time: 60 seco

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:53:11.905] Restoring snapshot 35 done
[2025-05-27 00:53:11.906] Starting up VM
[2025-05-27 00:53:17.790] Starting up VM done
[2025-05-27 00:53:17.790] Installing kernel driver
[2025-05-27 00:53:17.790] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:53:22.336] Kernel driver installation completed
[2025-05-27 00:53:22.336] Starting GP driver service
[2025-05-27 00:53:22.336] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:53:25.488] GP driver service started
[2025-05-27 00:53:25.488] Executing malware sample: D:\new\ransomware_high_confidence\clop\428988730867a648960bc25c6b0f73431e9beb028331dfa7b5f5760a5042c12d.exe
[2025-05-27 00:53:25.488] Malware execution started
[2025-05-27 00:53:25.488] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:54:25.496] Taking screenshot
[2025-05-27 00:54:25.559] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:54:39.300] Powering off VM done
[2025-05-27 00:54:42.300] Restoring snapshot 35
[2025-05-27 00:54:42.348] Restoring snapshot 35 done
[2025-05-27 00:54:42.348] Kernel telemetry analysis completed in 92.3 seconds.

[2025-05-27 00:54:42.348] ✅ Analysis completed successfully!
[2025-05-27 00:54:42.348] Progress: 24.5% (345/1408)
[2025-05-27 00:54:42.348] Successful: 345, Failed: 0
[2025-05-27 00:54:42.348] Time remaining: 39.3h
[2025-05-27 00:54:42.348] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-27 00:54:47.349] SAMPLE 346/1408
[2025-05-27 00:54:47.349] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:54:47.349] File: 43e633a9a26287e9be7a4788d750258d64612e7b625ab5a3f0a9128469e99c2d.exe
[2025-05-27 00:54:47.349] Path: D:\new\ransomware_high_confidence\clop\43e633a9a26287e9be7a4788d750258d64612e7b625ab5a3f0a9128469e99c2d.exe
[2025-05-27 00:54:47.349] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\43e633a9a26287e9be7a4788d750258d64612e7b625ab5a3f0a9128469e99c2d.exe
[2025-05-27 00:54:47.349] Malware execution time: 60 seconds
[2025-05-27 00:54:47.349] Restoring snapshot 35
[2025-05-27 00:54:47.398] Restoring snapshot 35 done
[2025-05-27 00:54:47.398] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:54:52.316] Starting up VM done
[2025-05-27 00:54:52.316] Installing kernel driver
[2025-05-27 00:54:52.316] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:54:55.475] Kernel driver installation completed
[2025-05-27 00:54:55.475] Starting GP driver service
[2025-05-27 00:54:55.475] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:54:58.630] GP driver service started
[2025-05-27 00:54:58.630] Executing malware sample: D:\new\ransomware_high_confidence\clop\43e633a9a26287e9be7a4788d750258d64612e7b625ab5a3f0a9128469e99c2d.exe
[2025-05-27 00:54:58.631] Malware execution started
[2025-05-27 00:54:58.631] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:55:58.639] Taking screenshot
[2025-05-27 00:55:58.702] Taking screenshot done
[2025-05-27 00:55:58.702] Terminating malware: 43e633a9a26287e9be7a4788d750258d6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:56:12.488] Powering off VM done
[2025-05-27 00:56:15.488] Restoring snapshot 35
[2025-05-27 00:56:15.536] Restoring snapshot 35 done
[2025-05-27 00:56:15.536] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 00:56:15.536] ✅ Analysis completed successfully!
[2025-05-27 00:56:15.536] Progress: 24.6% (346/1408)
[2025-05-27 00:56:15.536] Successful: 346, Failed: 0
[2025-05-27 00:56:15.536] Time remaining: 39.2h
[2025-05-27 00:56:15.536] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:56:20.536] SAMPLE 347/1408
[2025-05-27 00:56:20.536] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:56:20.536] File: 46cd508b7e77bb2c1d47f7fef0042a13c516f8163f9373ef9dfac180131c65ed.exe
[2025-05-27 00:56:20.536] Path: D:\new\ransomware_high_confidence\clop\46cd508b7e77bb2c1d47f7fef0042a13c516f8163f9373ef9dfac180131c65ed.exe
[2025-05-27 00:56:20.536] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\46cd508b7e77bb2c1d47f7fef0042a13c516f8163f9373ef9dfac180131c65ed.exe
[2025-05-27 00:56:20.536] Malware execution time: 60 seconds
[2025-05-27 00:56:20.536] Restoring snapshot 35
[2025-05-27 00:56:20.714] Restoring snapshot 35 done
[2025-05-27 00:56:20.714] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:56:25.536] Starting up VM done
[2025-05-27 00:56:25.536] Installing kernel driver
[2025-05-27 00:56:25.536] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:56:28.692] Kernel driver installation completed
[2025-05-27 00:56:28.692] Starting GP driver service
[2025-05-27 00:56:28.692] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:56:31.842] GP driver service started
[2025-05-27 00:56:31.842] Executing malware sample: D:\new\ransomware_high_confidence\clop\46cd508b7e77bb2c1d47f7fef0042a13c516f8163f9373ef9dfac180131c65ed.exe
[2025-05-27 00:56:31.842] Malware execution started
[2025-05-27 00:56:31.842] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:57:31.850] Taking screenshot
[2025-05-27 00:57:31.913] Taking screenshot done
[2025-05-27 00:57:31.913] Terminating malware: 46cd508b7e77bb2c1d47f7fef0042a13c

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:57:45.648] Powering off VM done
[2025-05-27 00:57:48.648] Restoring snapshot 35
[2025-05-27 00:57:48.696] Restoring snapshot 35 done
[2025-05-27 00:57:48.696] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 00:57:48.696] ✅ Analysis completed successfully!
[2025-05-27 00:57:48.696] Progress: 24.6% (347/1408)
[2025-05-27 00:57:48.696] Successful: 347, Failed: 0
[2025-05-27 00:57:48.696] Time remaining: 39.2h
[2025-05-27 00:57:48.696] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:57:53.696] SAMPLE 348/1408
[2025-05-27 00:57:53.696] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:57:53.696] File: 4b13034d10c60ae0b507b1c21c52fbc3ec75e827225a86e629ecea5fdfffe609.exe
[2025-05-27 00:57:53.696] Path: D:\new\ransomware_high_confidence\clop\4b13034d10c60ae0b507b1c21c52fbc3ec75e827225a86e629ecea5fdfffe609.exe
[2025-05-27 00:57:53.697] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\4b13034d10c60ae0b507b1c21c52fbc3ec75e827225a86e629ecea5fdfffe609.exe
[2025-05-27 00:57:53.697] Malware execution time: 60 seconds
[2025-05-27 00:57:53.697] Restoring snapshot 35
[2025-05-27 00:57:53.874] Restoring snapshot 35 done
[2025-05-27 00:57:53.874] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:57:58.726] Starting up VM done
[2025-05-27 00:57:58.726] Installing kernel driver
[2025-05-27 00:57:58.726] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:58:01.881] Kernel driver installation completed
[2025-05-27 00:58:01.881] Starting GP driver service
[2025-05-27 00:58:01.881] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:58:05.034] GP driver service started
[2025-05-27 00:58:05.034] Executing malware sample: D:\new\ransomware_high_confidence\clop\4b13034d10c60ae0b507b1c21c52fbc3ec75e827225a86e629ecea5fdfffe609.exe
[2025-05-27 00:58:05.034] Malware execution started
[2025-05-27 00:58:05.034] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 00:59:05.043] Taking screenshot
[2025-05-27 00:59:05.117] Taking screenshot done
[2025-05-27 00:59:05.117] Terminating malware: 4b13034d10c60ae0b507b1c21c52fbc3e

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:59:18.867] Powering off VM done
[2025-05-27 00:59:21.868] Restoring snapshot 35
[2025-05-27 00:59:21.915] Restoring snapshot 35 done
[2025-05-27 00:59:21.915] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 00:59:21.915] ✅ Analysis completed successfully!
[2025-05-27 00:59:21.915] Progress: 24.7% (348/1408)
[2025-05-27 00:59:21.915] Successful: 348, Failed: 0
[2025-05-27 00:59:21.915] Time remaining: 39.1h
[2025-05-27 00:59:21.916] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:59:26.916] SAMPLE 349/1408
[2025-05-27 00:59:26.916] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 00:59:26.916] File: 4d8374ad8f1dd3885358fa779f04e5890906de40d084a1aeb4afc1decb116289.exe
[2025-05-27 00:59:26.916] Path: D:\new\ransomware_high_confidence\clop\4d8374ad8f1dd3885358fa779f04e5890906de40d084a1aeb4afc1decb116289.exe
[2025-05-27 00:59:26.916] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\4d8374ad8f1dd3885358fa779f04e5890906de40d084a1aeb4afc1decb116289.exe
[2025-05-27 00:59:26.916] Malware execution time: 60 seconds
[2025-05-27 00:59:26.916] Restoring snapshot 35
[2025-05-27 00:59:27.093] Restoring snapshot 35 done
[2025-05-27 00:59:27.093] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 00:59:31.921] Starting up VM done
[2025-05-27 00:59:31.921] Installing kernel driver
[2025-05-27 00:59:31.921] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 00:59:35.073] Kernel driver installation completed
[2025-05-27 00:59:35.074] Starting GP driver service
[2025-05-27 00:59:35.074] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 00:59:38.229] GP driver service started
[2025-05-27 00:59:38.230] Executing malware sample: D:\new\ransomware_high_confidence\clop\4d8374ad8f1dd3885358fa779f04e5890906de40d084a1aeb4afc1decb116289.exe
[2025-05-27 00:59:38.230] Malware execution started
[2025-05-27 00:59:38.230] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:00:38.238] Taking screenshot
[2025-05-27 01:00:38.301] Taking screenshot done
[2025-05-27 01:00:38.301] Terminating malware: 4d8374ad8f1dd3885358fa779f04e5890

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:00:50.948] Powering off VM done
[2025-05-27 01:00:53.948] Restoring snapshot 35
[2025-05-27 01:00:53.998] Restoring snapshot 35 done
[2025-05-27 01:00:53.998] Kernel telemetry analysis completed in 87.1 seconds.

[2025-05-27 01:00:53.998] ✅ Analysis completed successfully!
[2025-05-27 01:00:53.998] Progress: 24.8% (349/1408)
[2025-05-27 01:00:53.998] Successful: 349, Failed: 0
[2025-05-27 01:00:53.998] Time remaining: 39.0h
[2025-05-27 01:00:53.998] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-27 01:00:58.999] SAMPLE 350/1408
[2025-05-27 01:00:58.999] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:00:58.999] File: 589152e247730d8bbcb546bb43cc79ad72c0098fd76a1c95224e9b8f5f6b9d15.exe
[2025-05-27 01:00:58.999] Path: D:\new\ransomware_high_confidence\clop\589152e247730d8bbcb546bb43cc79ad72c0098fd76a1c95224e9b8f5f6b9d15.exe
[2025-05-27 01:00:58.999] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\589152e247730d8bbcb546bb43cc79ad72c0098fd76a1c95224e9b8f5f6b9d15.exe
[2025-05-27 01:00:58.999] Malware execution time: 60 seconds
[2025-05-27 01:00:58.999] Restoring snapshot 35
[2025-05-27 01:00:59.049] Restoring snapshot 35 done
[2025-05-27 01:00:59.049] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:01:03.898] Starting up VM done
[2025-05-27 01:01:03.898] Installing kernel driver
[2025-05-27 01:01:03.898] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:01:07.085] Kernel driver installation completed
[2025-05-27 01:01:07.086] Starting GP driver service
[2025-05-27 01:01:07.086] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:01:10.237] GP driver service started
[2025-05-27 01:01:10.237] Executing malware sample: D:\new\ransomware_high_confidence\clop\589152e247730d8bbcb546bb43cc79ad72c0098fd76a1c95224e9b8f5f6b9d15.exe
[2025-05-27 01:01:10.238] Malware execution started
[2025-05-27 01:01:10.238] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:02:10.246] Taking screenshot
[2025-05-27 01:02:10.309] Taking screenshot done
[2025-05-27 01:02:10.309] Terminating malware: 589152e247730d8bbcb546bb43cc79ad7

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:02:24.051] Powering off VM done
[2025-05-27 01:02:27.051] Restoring snapshot 35
[2025-05-27 01:02:27.098] Restoring snapshot 35 done
[2025-05-27 01:02:27.098] Kernel telemetry analysis completed in 88.1 seconds.

[2025-05-27 01:02:27.098] ✅ Analysis completed successfully!
[2025-05-27 01:02:27.098] Progress: 24.9% (350/1408)
[2025-05-27 01:02:27.098] Successful: 350, Failed: 0
[2025-05-27 01:02:27.098] Time remaining: 38.9h
[2025-05-27 01:02:27.098] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:02:32.099] SAMPLE 351/1408
[2025-05-27 01:02:32.099] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:02:32.099] File: 64de5359969b2dc8d3aa4d5fd43409defda2c5794a4e89ca7da9396cf4edf279.exe
[2025-05-27 01:02:32.099] Path: D:\new\ransomware_high_confidence\clop\64de5359969b2dc8d3aa4d5fd43409defda2c5794a4e89ca7da9396cf4edf279.exe
[2025-05-27 01:02:32.099] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\64de5359969b2dc8d3aa4d5fd43409defda2c5794a4e89ca7da9396cf4edf279.exe
[2025-05-27 01:02:32.099] Malware execution time: 60 seconds
[2025-05-27 01:02:32.099] Restoring snapshot 35
[2025-05-27 01:02:32.277] Restoring snapshot 35 done
[2025-05-27 01:02:32.277] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:02:37.156] Starting up VM done
[2025-05-27 01:02:37.156] Installing kernel driver
[2025-05-27 01:02:37.156] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:02:40.315] Kernel driver installation completed
[2025-05-27 01:02:40.315] Starting GP driver service
[2025-05-27 01:02:40.315] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:02:43.473] GP driver service started
[2025-05-27 01:02:43.473] Executing malware sample: D:\new\ransomware_high_confidence\clop\64de5359969b2dc8d3aa4d5fd43409defda2c5794a4e89ca7da9396cf4edf279.exe
[2025-05-27 01:02:43.474] Malware execution started
[2025-05-27 01:02:43.474] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:03:43.481] Taking screenshot
[2025-05-27 01:03:43.543] Taking screenshot done
[2025-05-27 01:03:43.543] Terminating malware: 64de5359969b2dc8d3aa4d5fd43409def

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:04:00.049] Restoring snapshot 35
[2025-05-27 01:04:00.098] Restoring snapshot 35 done
[2025-05-27 01:04:00.098] Kernel telemetry analysis completed in 88.0 seconds.

[2025-05-27 01:04:00.098] ✅ Analysis completed successfully!
[2025-05-27 01:04:00.098] Progress: 24.9% (351/1408)
[2025-05-27 01:04:00.098] Successful: 351, Failed: 0
[2025-05-27 01:04:00.098] Time remaining: 38.9h
[2025-05-27 01:04:00.098] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:04:05.098] SAMPLE 352/1408
[2025-05-27 01:04:05.098] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:04:05.098] File: 6b3a6afb6edc1c9d36e0793f00be3c0cf6626db26b3cfd31d6a18793453303a7.exe
[2025-05-27 01:04:05.098] Path: D:\new\ransomware_high_confidence\clop\6b3a6afb6edc1c9d36e0793f00be3c0cf6626db26b3cfd31d6a18793453303a7.exe
[2025-05-27 01:04:05.098] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\6b3a6afb6edc1c9d36e0793f00be3c0cf6626db26b3cfd31d6a18793453303a7.exe
[2025-05-27 01:04:05.098] Malware execution time: 60 seconds
[2025-05-27 01:04:05.098] Restoring snapshot 35
[2025-05-27 01:04:05.273] Restoring snapshot 35 done
[2025-05-27 01:04:05.273] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:04:10.298] Starting up VM done
[2025-05-27 01:04:10.298] Installing kernel driver
[2025-05-27 01:04:10.298] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:04:13.454] Kernel driver installation completed
[2025-05-27 01:04:13.454] Starting GP driver service
[2025-05-27 01:04:13.454] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:04:16.611] GP driver service started
[2025-05-27 01:04:16.611] Executing malware sample: D:\new\ransomware_high_confidence\clop\6b3a6afb6edc1c9d36e0793f00be3c0cf6626db26b3cfd31d6a18793453303a7.exe
[2025-05-27 01:04:16.611] Malware execution started
[2025-05-27 01:04:16.611] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:05:16.619] Taking screenshot
[2025-05-27 01:05:16.682] Taking screenshot done
[2025-05-27 01:05:16.682] Terminating malware: 6b3a6afb6edc1c9d36e0793f00be3c0cf

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:05:30.427] Powering off VM done
[2025-05-27 01:05:33.427] Restoring snapshot 35
[2025-05-27 01:05:33.475] Restoring snapshot 35 done
[2025-05-27 01:05:33.475] Kernel telemetry analysis completed in 88.4 seconds.

[2025-05-27 01:05:33.475] ✅ Analysis completed successfully!
[2025-05-27 01:05:33.475] Progress: 25.0% (352/1408)
[2025-05-27 01:05:33.475] Successful: 352, Failed: 0
[2025-05-27 01:05:33.475] Time remaining: 38.8h
[2025-05-27 01:05:33.475] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:05:38.475] SAMPLE 353/1408
[2025-05-27 01:05:38.475] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:05:38.475] File: 8209162e0985c360c59c568f2f33de74364f0c5f1e984e5785c64825e8ad9fd0.exe
[2025-05-27 01:05:38.475] Path: D:\new\ransomware_high_confidence\clop\8209162e0985c360c59c568f2f33de74364f0c5f1e984e5785c64825e8ad9fd0.exe
[2025-05-27 01:05:38.475] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\8209162e0985c360c59c568f2f33de74364f0c5f1e984e5785c64825e8ad9fd0.exe
[2025-05-27 01:05:38.475] Malware execution time: 60 seconds
[2025-05-27 01:05:38.475] Restoring snapshot 35
[2025-05-27 01:05:38.652] Restoring snapshot 35 done
[2025-05-27 01:05:38.652] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:05:43.492] Starting up VM done
[2025-05-27 01:05:43.492] Installing kernel driver
[2025-05-27 01:05:43.492] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:05:46.644] Kernel driver installation completed
[2025-05-27 01:05:46.644] Starting GP driver service
[2025-05-27 01:05:46.644] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:05:49.798] GP driver service started
[2025-05-27 01:05:49.798] Executing malware sample: D:\new\ransomware_high_confidence\clop\8209162e0985c360c59c568f2f33de74364f0c5f1e984e5785c64825e8ad9fd0.exe
[2025-05-27 01:05:49.798] Malware execution started
[2025-05-27 01:05:49.798] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:06:49.806] Taking screenshot
[2025-05-27 01:06:49.866] Taking screenshot done
[2025-05-27 01:06:49.866] Terminating malware: 8209162e0985c360c59c568f2f33de743

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:07:03.613] Powering off VM done
[2025-05-27 01:07:06.613] Restoring snapshot 35
[2025-05-27 01:07:06.660] Restoring snapshot 35 done
[2025-05-27 01:07:06.660] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 01:07:06.660] ✅ Analysis completed successfully!
[2025-05-27 01:07:06.660] Progress: 25.1% (353/1408)
[2025-05-27 01:07:06.660] Successful: 353, Failed: 0
[2025-05-27 01:07:06.660] Time remaining: 38.7h
[2025-05-27 01:07:06.660] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-27 01:07:11.661] SAMPLE 354/1408
[2025-05-27 01:07:11.661] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:07:11.661] File: 85b71784734705f6119cdb59b1122ce721895662a6d98bb01e82de7a4f37a188.exe
[2025-05-27 01:07:11.661] Path: D:\new\ransomware_high_confidence\clop\85b71784734705f6119cdb59b1122ce721895662a6d98bb01e82de7a4f37a188.exe
[2025-05-27 01:07:11.661] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\85b71784734705f6119cdb59b1122ce721895662a6d98bb01e82de7a4f37a188.exe
[2025-05-27 01:07:11.661] Malware execution time: 60 seconds
[2025-05-27 01:07:11.661] Restoring snapshot 35
[2025-05-27 01:07:11.709] Restoring snapshot 35 done
[2025-05-27 01:07:11.709] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:07:16.591] Starting up VM done
[2025-05-27 01:07:16.591] Installing kernel driver
[2025-05-27 01:07:16.591] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:07:19.755] Kernel driver installation completed
[2025-05-27 01:07:19.755] Starting GP driver service
[2025-05-27 01:07:19.755] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:07:22.908] GP driver service started
[2025-05-27 01:07:22.908] Executing malware sample: D:\new\ransomware_high_confidence\clop\85b71784734705f6119cdb59b1122ce721895662a6d98bb01e82de7a4f37a188.exe
[2025-05-27 01:07:22.909] Malware execution started
[2025-05-27 01:07:22.909] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:08:22.917] Taking screenshot
[2025-05-27 01:08:22.983] Taking screenshot done
[2025-05-27 01:08:22.983] Terminating malware: 85b71784734705f6119cdb59b1122ce72

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:08:39.479] Restoring snapshot 35
[2025-05-27 01:08:39.526] Restoring snapshot 35 done
[2025-05-27 01:08:39.526] Kernel telemetry analysis completed in 87.9 seconds.

[2025-05-27 01:08:39.526] ✅ Analysis completed successfully!
[2025-05-27 01:08:39.526] Progress: 25.1% (354/1408)
[2025-05-27 01:08:39.526] Successful: 354, Failed: 0
[2025-05-27 01:08:39.526] Time remaining: 38.7h
[2025-05-27 01:08:39.526] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:08:44.527] SAMPLE 355/1408
[2025-05-27 01:08:44.527] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:08:44.527] File: 8681d4d20676c19ad62400f47f66146f82b30941937ebf85c1f207257c05cea5.exe
[2025-05-27 01:08:44.527] Path: D:\new\ransomware_high_confidence\clop\8681d4d20676c19ad62400f47f66146f82b30941937ebf85c1f207257c05cea5.exe
[2025-05-27 01:08:44.527] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\8681d4d20676c19ad62400f47f66146f82b30941937ebf85c1f207257c05cea5.exe
[2025-05-27 01:08:44.527] Malware execution time: 60 seconds
[2025-05-27 01:08:44.527] Restoring snapshot 35
[2025-05-27 01:08:44.703] Restoring snapshot 35 done
[2025-05-27 01:08:44.703] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:08:50.121] Starting up VM done
[2025-05-27 01:08:50.121] Installing kernel driver
[2025-05-27 01:08:50.121] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:08:53.286] Kernel driver installation completed
[2025-05-27 01:08:53.286] Starting GP driver service
[2025-05-27 01:08:53.286] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:08:56.435] GP driver service started
[2025-05-27 01:08:56.435] Executing malware sample: D:\new\ransomware_high_confidence\clop\8681d4d20676c19ad62400f47f66146f82b30941937ebf85c1f207257c05cea5.exe
[2025-05-27 01:08:56.435] Malware execution started
[2025-05-27 01:08:56.435] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:09:56.443] Taking screenshot
[2025-05-27 01:09:56.506] Taking screenshot done
[2025-05-27 01:09:56.506] Terminating malware: 8681d4d20676c19ad62400f47f66146f8

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:10:10.244] Powering off VM done
[2025-05-27 01:10:13.245] Restoring snapshot 35
[2025-05-27 01:10:13.295] Restoring snapshot 35 done
[2025-05-27 01:10:13.295] Kernel telemetry analysis completed in 88.8 seconds.

[2025-05-27 01:10:13.295] ✅ Analysis completed successfully!
[2025-05-27 01:10:13.295] Progress: 25.2% (355/1408)
[2025-05-27 01:10:13.295] Successful: 355, Failed: 0
[2025-05-27 01:10:13.295] Time remaining: 38.6h
[2025-05-27 01:10:13.295] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:10:18.295] SAMPLE 356/1408
[2025-05-27 01:10:18.295] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:10:18.295] File: 876202dfc6af9577162ab4ad567e93681d0b1ebde5eacf45c4254a2385f23060.exe
[2025-05-27 01:10:18.295] Path: D:\new\ransomware_high_confidence\clop\876202dfc6af9577162ab4ad567e93681d0b1ebde5eacf45c4254a2385f23060.exe
[2025-05-27 01:10:18.295] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\876202dfc6af9577162ab4ad567e93681d0b1ebde5eacf45c4254a2385f23060.exe
[2025-05-27 01:10:18.295] Malware execution time: 60 seconds
[2025-05-27 01:10:18.295] Restoring snapshot 35
[2025-05-27 01:10:18.472] Restoring snapshot 35 done
[2025-05-27 01:10:18.472] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:10:23.290] Starting up VM done
[2025-05-27 01:10:23.290] Installing kernel driver
[2025-05-27 01:10:23.290] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:10:26.448] Kernel driver installation completed
[2025-05-27 01:10:26.448] Starting GP driver service
[2025-05-27 01:10:26.448] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:10:29.608] GP driver service started
[2025-05-27 01:10:29.608] Executing malware sample: D:\new\ransomware_high_confidence\clop\876202dfc6af9577162ab4ad567e93681d0b1ebde5eacf45c4254a2385f23060.exe
[2025-05-27 01:10:29.608] Malware execution started
[2025-05-27 01:10:29.608] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:11:29.616] Taking screenshot
[2025-05-27 01:11:29.677] Taking screenshot done
[2025-05-27 01:11:29.678] Terminating malware: 876202dfc6af9577162ab4ad567e93681

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:11:43.757] Powering off VM done
[2025-05-27 01:11:46.758] Restoring snapshot 35
[2025-05-27 01:11:46.805] Restoring snapshot 35 done
[2025-05-27 01:11:46.805] Kernel telemetry analysis completed in 88.5 seconds.

[2025-05-27 01:11:46.805] ✅ Analysis completed successfully!
[2025-05-27 01:11:46.805] Progress: 25.3% (356/1408)
[2025-05-27 01:11:46.805] Successful: 356, Failed: 0
[2025-05-27 01:11:46.805] Time remaining: 38.5h
[2025-05-27 01:11:46.805] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-27 01:11:51.806] SAMPLE 357/1408
[2025-05-27 01:11:51.806] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:11:51.806] File: 8a2dfaffc9420e209f132cdd3aedda4bbc4c18e02c47687006f67c13a36f1dc6.exe
[2025-05-27 01:11:51.806] Path: D:\new\ransomware_high_confidence\clop\8a2dfaffc9420e209f132cdd3aedda4bbc4c18e02c47687006f67c13a36f1dc6.exe
[2025-05-27 01:11:51.806] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\8a2dfaffc9420e209f132cdd3aedda4bbc4c18e02c47687006f67c13a36f1dc6.exe
[2025-05-27 01:11:51.806] Malware execution time: 60 seconds
[2025-05-27 01:11:51.806] Restoring snapshot 35
[2025-05-27 01:11:51.855] Restoring snapshot 35 done
[2025-05-27 01:11:51.855] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:11:56.728] Starting up VM done
[2025-05-27 01:11:56.729] Installing kernel driver
[2025-05-27 01:11:56.729] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:11:59.883] Kernel driver installation completed
[2025-05-27 01:11:59.883] Starting GP driver service
[2025-05-27 01:11:59.883] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:12:03.036] GP driver service started
[2025-05-27 01:12:03.036] Executing malware sample: D:\new\ransomware_high_confidence\clop\8a2dfaffc9420e209f132cdd3aedda4bbc4c18e02c47687006f67c13a36f1dc6.exe
[2025-05-27 01:12:03.037] Malware execution started
[2025-05-27 01:12:03.037] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:13:03.045] Taking screenshot
[2025-05-27 01:13:03.108] Taking screenshot done
[2025-05-27 01:13:03.108] Terminating malware: 8a2dfaffc9420e209f132cdd3aedda4bb

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:13:19.619] Restoring snapshot 35
[2025-05-27 01:13:19.667] Restoring snapshot 35 done
[2025-05-27 01:13:19.667] Kernel telemetry analysis completed in 87.9 seconds.

[2025-05-27 01:13:19.667] ✅ Analysis completed successfully!
[2025-05-27 01:13:19.667] Progress: 25.4% (357/1408)
[2025-05-27 01:13:19.667] Successful: 357, Failed: 0
[2025-05-27 01:13:19.667] Time remaining: 38.5h
[2025-05-27 01:13:19.667] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:13:24.667] SAMPLE 358/1408
[2025-05-27 01:13:24.667] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:13:24.667] File: 8fb307c24f655cc773d692f1354c4c6e265e5e275f66372e460ca61952e38618.exe
[2025-05-27 01:13:24.667] Path: D:\new\ransomware_high_confidence\clop\8fb307c24f655cc773d692f1354c4c6e265e5e275f66372e460ca61952e38618.exe
[2025-05-27 01:13:24.667] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\8fb307c24f655cc773d692f1354c4c6e265e5e275f66372e460ca61952e38618.exe
[2025-05-27 01:13:24.667] Malware execution time: 60 seconds
[2025-05-27 01:13:24.667] Restoring snapshot 35
[2025-05-27 01:13:24.846] Restoring snapshot 35 done
[2025-05-27 01:13:24.846] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:13:29.676] Starting up VM done
[2025-05-27 01:13:29.676] Installing kernel driver
[2025-05-27 01:13:29.676] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:13:32.837] Kernel driver installation completed
[2025-05-27 01:13:32.837] Starting GP driver service
[2025-05-27 01:13:32.837] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:13:35.998] GP driver service started
[2025-05-27 01:13:35.998] Executing malware sample: D:\new\ransomware_high_confidence\clop\8fb307c24f655cc773d692f1354c4c6e265e5e275f66372e460ca61952e38618.exe
[2025-05-27 01:13:35.999] Malware execution started
[2025-05-27 01:13:35.999] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:14:36.006] Taking screenshot
[2025-05-27 01:14:36.071] Taking screenshot done
[2025-05-27 01:14:36.071] Terminating malware: 8fb307c24f655cc773d692f1354c4c6e2

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:14:49.574] Powering off VM done
[2025-05-27 01:14:52.574] Restoring snapshot 35
[2025-05-27 01:14:52.622] Restoring snapshot 35 done
[2025-05-27 01:14:52.622] Kernel telemetry analysis completed in 88.0 seconds.

[2025-05-27 01:14:52.622] ✅ Analysis completed successfully!
[2025-05-27 01:14:52.622] Progress: 25.4% (358/1408)
[2025-05-27 01:14:52.622] Successful: 358, Failed: 0
[2025-05-27 01:14:52.622] Time remaining: 38.4h
[2025-05-27 01:14:52.622] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:14:57.623] SAMPLE 359/1408
[2025-05-27 01:14:57.623] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:14:57.623] File: 9322ac5c62ad267bedcbfb7e6736377495a00923531fa244c3a2cc98a990c125.exe
[2025-05-27 01:14:57.623] Path: D:\new\ransomware_high_confidence\clop\9322ac5c62ad267bedcbfb7e6736377495a00923531fa244c3a2cc98a990c125.exe
[2025-05-27 01:14:57.623] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\9322ac5c62ad267bedcbfb7e6736377495a00923531fa244c3a2cc98a990c125.exe
[2025-05-27 01:14:57.623] Malware execution time: 60 seconds
[2025-05-27 01:14:57.623] Restoring snapshot 35
[2025-05-27 01:14:57.800] Restoring snapshot 35 done
[2025-05-27 01:14:57.800] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:15:02.675] Starting up VM done
[2025-05-27 01:15:02.675] Installing kernel driver
[2025-05-27 01:15:02.675] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:15:05.842] Kernel driver installation completed
[2025-05-27 01:15:05.842] Starting GP driver service
[2025-05-27 01:15:05.842] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:15:08.000] GP driver service started
[2025-05-27 01:15:08.000] Executing malware sample: D:\new\ransomware_high_confidence\clop\9322ac5c62ad267bedcbfb7e6736377495a00923531fa244c3a2cc98a990c125.exe
[2025-05-27 01:15:09.000] Malware execution started
[2025-05-27 01:15:09.000] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:16:09.009] Taking screenshot
[2025-05-27 01:16:09.071] Taking screenshot done
[2025-05-27 01:16:09.071] Terminating malware: 9322ac5c62ad267bedcbfb7e673637749

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:16:23.015] Powering off VM done
[2025-05-27 01:16:26.016] Restoring snapshot 35
[2025-05-27 01:16:26.064] Restoring snapshot 35 done
[2025-05-27 01:16:26.064] Kernel telemetry analysis completed in 88.4 seconds.

[2025-05-27 01:16:26.064] ✅ Analysis completed successfully!
[2025-05-27 01:16:26.064] Progress: 25.5% (359/1408)
[2025-05-27 01:16:26.064] Successful: 359, Failed: 0
[2025-05-27 01:16:26.064] Time remaining: 38.3h
[2025-05-27 01:16:26.064] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:16:31.064] SAMPLE 360/1408
[2025-05-27 01:16:31.064] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:16:31.064] File: 968307a367471e25bef58b0d4687ab4fdf34539bbfb603b5b19ae99d4d0c0340.exe
[2025-05-27 01:16:31.064] Path: D:\new\ransomware_high_confidence\clop\968307a367471e25bef58b0d4687ab4fdf34539bbfb603b5b19ae99d4d0c0340.exe
[2025-05-27 01:16:31.064] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\968307a367471e25bef58b0d4687ab4fdf34539bbfb603b5b19ae99d4d0c0340.exe
[2025-05-27 01:16:31.064] Malware execution time: 60 seconds
[2025-05-27 01:16:31.064] Restoring snapshot 35
[2025-05-27 01:16:31.241] Restoring snapshot 35 done
[2025-05-27 01:16:31.241] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:16:36.096] Starting up VM done
[2025-05-27 01:16:36.096] Installing kernel driver
[2025-05-27 01:16:36.096] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:16:39.260] Kernel driver installation completed
[2025-05-27 01:16:39.260] Starting GP driver service
[2025-05-27 01:16:39.260] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:16:42.410] GP driver service started
[2025-05-27 01:16:42.410] Executing malware sample: D:\new\ransomware_high_confidence\clop\968307a367471e25bef58b0d4687ab4fdf34539bbfb603b5b19ae99d4d0c0340.exe
[2025-05-27 01:16:42.411] Malware execution started
[2025-05-27 01:16:42.411] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:17:42.419] Taking screenshot
[2025-05-27 01:17:42.481] Taking screenshot done
[2025-05-27 01:17:42.481] Terminating malware: 968307a367471e25bef58b0d4687ab4fd

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:17:56.259] Powering off VM done
[2025-05-27 01:17:59.259] Restoring snapshot 35
[2025-05-27 01:17:59.311] Restoring snapshot 35 done
[2025-05-27 01:17:59.311] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 01:17:59.311] ✅ Analysis completed successfully!
[2025-05-27 01:17:59.311] Progress: 25.6% (360/1408)
[2025-05-27 01:17:59.311] Successful: 360, Failed: 0
[2025-05-27 01:17:59.311] Time remaining: 38.3h
[2025-05-27 01:17:59.311] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:18:04.311] SAMPLE 361/1408
[2025-05-27 01:18:04.311] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:18:04.311] File: 9ff6a067f5f97ce0dd05fc338699875a4e736477bc933b97d24a1416f9fd7644.exe
[2025-05-27 01:18:04.311] Path: D:\new\ransomware_high_confidence\clop\9ff6a067f5f97ce0dd05fc338699875a4e736477bc933b97d24a1416f9fd7644.exe
[2025-05-27 01:18:04.311] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\9ff6a067f5f97ce0dd05fc338699875a4e736477bc933b97d24a1416f9fd7644.exe
[2025-05-27 01:18:04.311] Malware execution time: 60 seconds
[2025-05-27 01:18:04.311] Restoring snapshot 35
[2025-05-27 01:18:04.488] Restoring snapshot 35 done
[2025-05-27 01:18:04.488] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:18:09.365] Starting up VM done
[2025-05-27 01:18:09.365] Installing kernel driver
[2025-05-27 01:18:09.365] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:18:12.530] Kernel driver installation completed
[2025-05-27 01:18:12.530] Starting GP driver service
[2025-05-27 01:18:12.530] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:18:15.691] GP driver service started
[2025-05-27 01:18:15.691] Executing malware sample: D:\new\ransomware_high_confidence\clop\9ff6a067f5f97ce0dd05fc338699875a4e736477bc933b97d24a1416f9fd7644.exe
[2025-05-27 01:18:15.691] Malware execution started
[2025-05-27 01:18:15.691] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:19:15.699] Taking screenshot
[2025-05-27 01:19:15.763] Taking screenshot done
[2025-05-27 01:19:15.763] Terminating malware: 9ff6a067f5f97ce0dd05fc338699875a4

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:19:29.512] Powering off VM done
[2025-05-27 01:19:32.513] Restoring snapshot 35
[2025-05-27 01:19:32.560] Restoring snapshot 35 done
[2025-05-27 01:19:32.561] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 01:19:32.561] ✅ Analysis completed successfully!
[2025-05-27 01:19:32.561] Progress: 25.6% (361/1408)
[2025-05-27 01:19:32.561] Successful: 361, Failed: 0
[2025-05-27 01:19:32.561] Time remaining: 38.2h
[2025-05-27 01:19:32.561] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:19:37.561] SAMPLE 362/1408
[2025-05-27 01:19:37.561] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:19:37.561] File: aaa4f5bb1bd81db677b21938b03b0cd282c200a9cd0d82ef85c83805c9e8e66f.exe
[2025-05-27 01:19:37.561] Path: D:\new\ransomware_high_confidence\clop\aaa4f5bb1bd81db677b21938b03b0cd282c200a9cd0d82ef85c83805c9e8e66f.exe
[2025-05-27 01:19:37.561] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\aaa4f5bb1bd81db677b21938b03b0cd282c200a9cd0d82ef85c83805c9e8e66f.exe
[2025-05-27 01:19:37.561] Malware execution time: 60 seconds
[2025-05-27 01:19:37.561] Restoring snapshot 35
[2025-05-27 01:19:37.738] Restoring snapshot 35 done
[2025-05-27 01:19:37.738] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:19:42.575] Starting up VM done
[2025-05-27 01:19:42.575] Installing kernel driver
[2025-05-27 01:19:42.575] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:19:45.739] Kernel driver installation completed
[2025-05-27 01:19:45.739] Starting GP driver service
[2025-05-27 01:19:45.739] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:19:48.892] GP driver service started
[2025-05-27 01:19:48.892] Executing malware sample: D:\new\ransomware_high_confidence\clop\aaa4f5bb1bd81db677b21938b03b0cd282c200a9cd0d82ef85c83805c9e8e66f.exe
[2025-05-27 01:19:48.892] Malware execution started
[2025-05-27 01:19:48.892] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:20:48.901] Taking screenshot
[2025-05-27 01:20:48.964] Taking screenshot done
[2025-05-27 01:20:48.964] Terminating malware: aaa4f5bb1bd81db677b21938b03b0cd28

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:21:02.723] Powering off VM done
[2025-05-27 01:21:05.724] Restoring snapshot 35
[2025-05-27 01:21:05.772] Restoring snapshot 35 done
[2025-05-27 01:21:05.772] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 01:21:05.772] ✅ Analysis completed successfully!
[2025-05-27 01:21:05.772] Progress: 25.7% (362/1408)
[2025-05-27 01:21:05.772] Successful: 362, Failed: 0
[2025-05-27 01:21:05.772] Time remaining: 38.1h
[2025-05-27 01:21:05.772] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:21:10.773] SAMPLE 363/1408
[2025-05-27 01:21:10.773] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:21:10.773] File: c150954e5fdfc100fbb74258cad6ef2595c239c105ff216b1d9a759c0104be04.exe
[2025-05-27 01:21:10.773] Path: D:\new\ransomware_high_confidence\clop\c150954e5fdfc100fbb74258cad6ef2595c239c105ff216b1d9a759c0104be04.exe
[2025-05-27 01:21:10.773] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\c150954e5fdfc100fbb74258cad6ef2595c239c105ff216b1d9a759c0104be04.exe
[2025-05-27 01:21:10.773] Malware execution time: 60 seconds
[2025-05-27 01:21:10.773] Restoring snapshot 35
[2025-05-27 01:21:10.950] Restoring snapshot 35 done
[2025-05-27 01:21:10.950] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:21:15.828] Starting up VM done
[2025-05-27 01:21:15.828] Installing kernel driver
[2025-05-27 01:21:15.828] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:21:18.982] Kernel driver installation completed
[2025-05-27 01:21:18.982] Starting GP driver service
[2025-05-27 01:21:18.982] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:21:22.144] GP driver service started
[2025-05-27 01:21:22.144] Executing malware sample: D:\new\ransomware_high_confidence\clop\c150954e5fdfc100fbb74258cad6ef2595c239c105ff216b1d9a759c0104be04.exe
[2025-05-27 01:21:22.144] Malware execution started
[2025-05-27 01:21:22.144] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:22:22.153] Taking screenshot
[2025-05-27 01:22:22.215] Taking screenshot done
[2025-05-27 01:22:22.216] Terminating malware: c150954e5fdfc100fbb74258cad6ef259

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:22:35.982] Powering off VM done
[2025-05-27 01:22:38.982] Restoring snapshot 35
[2025-05-27 01:22:39.030] Restoring snapshot 35 done
[2025-05-27 01:22:39.030] Kernel telemetry analysis completed in 88.3 seconds.

[2025-05-27 01:22:39.030] ✅ Analysis completed successfully!
[2025-05-27 01:22:39.030] Progress: 25.8% (363/1408)
[2025-05-27 01:22:39.030] Successful: 363, Failed: 0
[2025-05-27 01:22:39.030] Time remaining: 38.1h
[2025-05-27 01:22:39.030] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:22:44.030] SAMPLE 364/1408
[2025-05-27 01:22:44.030] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:22:44.030] File: c7e52cc6f1f659ec5d30473e89b7136216de5fbe53ec77a62f1a486d8ffe78ed.exe
[2025-05-27 01:22:44.030] Path: D:\new\ransomware_high_confidence\clop\c7e52cc6f1f659ec5d30473e89b7136216de5fbe53ec77a62f1a486d8ffe78ed.exe
[2025-05-27 01:22:44.031] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\c7e52cc6f1f659ec5d30473e89b7136216de5fbe53ec77a62f1a486d8ffe78ed.exe
[2025-05-27 01:22:44.031] Malware execution time: 60 seconds
[2025-05-27 01:22:44.031] Restoring snapshot 35
[2025-05-27 01:22:44.207] Restoring snapshot 35 done
[2025-05-27 01:22:44.207] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:22:49.038] Starting up VM done
[2025-05-27 01:22:49.038] Installing kernel driver
[2025-05-27 01:22:49.038] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:22:52.198] Kernel driver installation completed
[2025-05-27 01:22:52.198] Starting GP driver service
[2025-05-27 01:22:52.198] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:22:55.348] GP driver service started
[2025-05-27 01:22:55.348] Executing malware sample: D:\new\ransomware_high_confidence\clop\c7e52cc6f1f659ec5d30473e89b7136216de5fbe53ec77a62f1a486d8ffe78ed.exe
[2025-05-27 01:22:55.348] Malware execution started
[2025-05-27 01:22:55.348] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:23:55.356] Taking screenshot
[2025-05-27 01:23:55.421] Taking screenshot done
[2025-05-27 01:23:55.421] Terminating malware: c7e52cc6f1f659ec5d30473e89b713621

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:24:09.227] Powering off VM done
[2025-05-27 01:24:12.227] Restoring snapshot 35
[2025-05-27 01:24:12.275] Restoring snapshot 35 done
[2025-05-27 01:24:12.276] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 01:24:12.276] ✅ Analysis completed successfully!
[2025-05-27 01:24:12.276] Progress: 25.9% (364/1408)
[2025-05-27 01:24:12.276] Successful: 364, Failed: 0
[2025-05-27 01:24:12.276] Time remaining: 38.0h
[2025-05-27 01:24:12.276] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:24:17.276] SAMPLE 365/1408
[2025-05-27 01:24:17.276] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:24:17.276] File: d0cde86d47219e9c56b717f55dcdb01b0566344c13aa671613598cab427345b9.exe
[2025-05-27 01:24:17.276] Path: D:\new\ransomware_high_confidence\clop\d0cde86d47219e9c56b717f55dcdb01b0566344c13aa671613598cab427345b9.exe
[2025-05-27 01:24:17.276] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\d0cde86d47219e9c56b717f55dcdb01b0566344c13aa671613598cab427345b9.exe
[2025-05-27 01:24:17.276] Malware execution time: 60 seconds
[2025-05-27 01:24:17.276] Restoring snapshot 35
[2025-05-27 01:24:17.452] Restoring snapshot 35 done
[2025-05-27 01:24:17.452] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:24:22.317] Starting up VM done
[2025-05-27 01:24:22.317] Installing kernel driver
[2025-05-27 01:24:22.317] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:24:25.481] Kernel driver installation completed
[2025-05-27 01:24:25.481] Starting GP driver service
[2025-05-27 01:24:25.481] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:24:28.633] GP driver service started
[2025-05-27 01:24:28.633] Executing malware sample: D:\new\ransomware_high_confidence\clop\d0cde86d47219e9c56b717f55dcdb01b0566344c13aa671613598cab427345b9.exe
[2025-05-27 01:24:28.633] Malware execution started
[2025-05-27 01:24:28.633] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:25:28.642] Taking screenshot
[2025-05-27 01:25:28.706] Taking screenshot done
[2025-05-27 01:25:28.706] Terminating malware: d0cde86d47219e9c56b717f55dcdb01b0

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:25:45.189] Restoring snapshot 35
[2025-05-27 01:25:45.238] Restoring snapshot 35 done
[2025-05-27 01:25:45.238] Kernel telemetry analysis completed in 88.0 seconds.

[2025-05-27 01:25:45.238] ✅ Analysis completed successfully!
[2025-05-27 01:25:45.238] Progress: 25.9% (365/1408)
[2025-05-27 01:25:45.238] Successful: 365, Failed: 0
[2025-05-27 01:25:45.238] Time remaining: 37.9h
[2025-05-27 01:25:45.238] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:25:50.239] SAMPLE 366/1408
[2025-05-27 01:25:50.239] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:25:50.239] File: deafee1205dd5fef3c33f2c30cf03cd66b41a7c1b6f10343c04665e4b857e2b6.exe
[2025-05-27 01:25:50.239] Path: D:\new\ransomware_high_confidence\clop\deafee1205dd5fef3c33f2c30cf03cd66b41a7c1b6f10343c04665e4b857e2b6.exe
[2025-05-27 01:25:50.239] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\deafee1205dd5fef3c33f2c30cf03cd66b41a7c1b6f10343c04665e4b857e2b6.exe
[2025-05-27 01:25:50.239] Malware execution time: 60 seconds
[2025-05-27 01:25:50.239] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:25:50.581] Restoring snapshot 35 done
[2025-05-27 01:25:50.581] Starting up VM
[2025-05-27 01:25:55.499] Starting up VM done
[2025-05-27 01:25:55.499] Installing kernel driver
[2025-05-27 01:25:55.499] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:25:58.650] Kernel driver installation completed
[2025-05-27 01:25:58.650] Starting GP driver service
[2025-05-27 01:25:58.650] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:26:01.810] GP driver service started
[2025-05-27 01:26:01.810] Executing malware sample: D:\new\ransomware_high_confidence\clop\deafee1205dd5fef3c33f2c30cf03cd66b41a7c1b6f10343c04665e4b857e2b6.exe
[2025-05-27 01:26:01.811] Malware execution started
[2025-05-27 01:26:01.811] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:27:01.818] Taking screenshot
[2025-05-27 01:27:01.883] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:27:15.619] Powering off VM done
[2025-05-27 01:27:18.619] Restoring snapshot 35
[2025-05-27 01:27:18.669] Restoring snapshot 35 done
[2025-05-27 01:27:18.669] Kernel telemetry analysis completed in 88.4 seconds.

[2025-05-27 01:27:18.669] ✅ Analysis completed successfully!
[2025-05-27 01:27:18.669] Progress: 26.0% (366/1408)
[2025-05-27 01:27:18.669] Successful: 366, Failed: 0
[2025-05-27 01:27:18.669] Time remaining: 37.9h
[2025-05-27 01:27:18.669] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-27 01:27:23.669] SAMPLE 367/1408
[2025-05-27 01:27:23.669] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:27:23.669] File: e48900dc697582db4655569bb844602ced3ad2b10b507223912048f1f3039ac6.exe
[2025-05-27 01:27:23.669] Path: D:\new\ransomware_high_confidence\clop\e48900dc697582db4655569bb844602ced3ad2b10b507223912048f1f3039ac6.exe
[2025-05-27 01:27:23.669] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\e48900dc697582db4655569bb844602ced3ad2b10b507223912048f1f3039ac6.exe
[2025-05-27 01:27:23.669] Malware execution time: 60 seconds
[2025-05-27 01:27:23.669] Restoring snapshot 35
[2025-05-27 01:27:23.717] Restoring snapshot 35 done
[2025-05-27 01:27:23.717] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:27:28.909] Starting up VM done
[2025-05-27 01:27:28.909] Installing kernel driver
[2025-05-27 01:27:28.909] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:27:32.071] Kernel driver installation completed
[2025-05-27 01:27:32.071] Starting GP driver service
[2025-05-27 01:27:32.071] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:27:35.226] GP driver service started
[2025-05-27 01:27:35.226] Executing malware sample: D:\new\ransomware_high_confidence\clop\e48900dc697582db4655569bb844602ced3ad2b10b507223912048f1f3039ac6.exe
[2025-05-27 01:27:35.227] Malware execution started
[2025-05-27 01:27:35.227] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:28:35.235] Taking screenshot
[2025-05-27 01:28:35.299] Taking screenshot done
[2025-05-27 01:28:35.299] Terminating malware: e48900dc697582db4655569bb844602ce

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:28:49.047] Powering off VM done
[2025-05-27 01:28:52.047] Restoring snapshot 35
[2025-05-27 01:28:52.095] Restoring snapshot 35 done
[2025-05-27 01:28:52.095] Kernel telemetry analysis completed in 88.4 seconds.

[2025-05-27 01:28:52.095] ✅ Analysis completed successfully!
[2025-05-27 01:28:52.095] Progress: 26.1% (367/1408)
[2025-05-27 01:28:52.095] Successful: 367, Failed: 0
[2025-05-27 01:28:52.095] Time remaining: 37.8h
[2025-05-27 01:28:52.095] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:28:57.095] SAMPLE 368/1408
[2025-05-27 01:28:57.095] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:28:57.095] File: e77c8c7514b36d30d0bf51545fe148ebce3f92adba6748c4de71cc105eb56a9c.exe
[2025-05-27 01:28:57.095] Path: D:\new\ransomware_high_confidence\clop\e77c8c7514b36d30d0bf51545fe148ebce3f92adba6748c4de71cc105eb56a9c.exe
[2025-05-27 01:28:57.096] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\e77c8c7514b36d30d0bf51545fe148ebce3f92adba6748c4de71cc105eb56a9c.exe
[2025-05-27 01:28:57.096] Malware execution time: 60 seconds
[2025-05-27 01:28:57.096] Restoring snapshot 35
[2025-05-27 01:28:57.272] Restoring snapshot 35 done
[2025-05-27 01:28:57.272] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:29:02.140] Starting up VM done
[2025-05-27 01:29:02.140] Installing kernel driver
[2025-05-27 01:29:02.140] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:29:05.298] Kernel driver installation completed
[2025-05-27 01:29:05.298] Starting GP driver service
[2025-05-27 01:29:05.298] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:29:08.455] GP driver service started
[2025-05-27 01:29:08.455] Executing malware sample: D:\new\ransomware_high_confidence\clop\e77c8c7514b36d30d0bf51545fe148ebce3f92adba6748c4de71cc105eb56a9c.exe
[2025-05-27 01:29:08.456] Malware execution started
[2025-05-27 01:29:08.456] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:30:08.464] Taking screenshot
[2025-05-27 01:30:08.525] Taking screenshot done
[2025-05-27 01:30:08.525] Terminating malware: e77c8c7514b36d30d0bf51545fe148ebc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:30:22.246] Powering off VM done
[2025-05-27 01:30:25.246] Restoring snapshot 35
[2025-05-27 01:30:25.295] Restoring snapshot 35 done
[2025-05-27 01:30:25.295] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 01:30:25.295] ✅ Analysis completed successfully!
[2025-05-27 01:30:25.295] Progress: 26.1% (368/1408)
[2025-05-27 01:30:25.295] Successful: 368, Failed: 0
[2025-05-27 01:30:25.295] Time remaining: 37.7h
[2025-05-27 01:30:25.295] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-27 01:30:30.295] SAMPLE 369/1408
[2025-05-27 01:30:30.295] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:30:30.295] File: e7f17df3e41c7ac23d3b979a4dd8e92bdf12e08e8dd064bd8614a415322dc639.exe
[2025-05-27 01:30:30.295] Path: D:\new\ransomware_high_confidence\clop\e7f17df3e41c7ac23d3b979a4dd8e92bdf12e08e8dd064bd8614a415322dc639.exe
[2025-05-27 01:30:30.296] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\e7f17df3e41c7ac23d3b979a4dd8e92bdf12e08e8dd064bd8614a415322dc639.exe
[2025-05-27 01:30:30.296] Malware execution time: 60 seconds
[2025-05-27 01:30:30.296] Restoring snapshot 35
[2025-05-27 01:30:30.344] Restoring snapshot 35 done
[2025-05-27 01:30:30.344] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:30:35.250] Starting up VM done
[2025-05-27 01:30:35.250] Installing kernel driver
[2025-05-27 01:30:35.250] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:30:38.410] Kernel driver installation completed
[2025-05-27 01:30:38.410] Starting GP driver service
[2025-05-27 01:30:38.410] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:30:41.565] GP driver service started
[2025-05-27 01:30:41.565] Executing malware sample: D:\new\ransomware_high_confidence\clop\e7f17df3e41c7ac23d3b979a4dd8e92bdf12e08e8dd064bd8614a415322dc639.exe
[2025-05-27 01:30:41.566] Malware execution started
[2025-05-27 01:30:41.566] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:31:41.574] Taking screenshot
[2025-05-27 01:31:41.639] Taking screenshot done
[2025-05-27 01:31:41.639] Terminating malware: e7f17df3e41c7ac23d3b979a4dd8e92bd

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:31:55.389] Powering off VM done
[2025-05-27 01:31:58.389] Restoring snapshot 35
[2025-05-27 01:31:58.439] Restoring snapshot 35 done
[2025-05-27 01:31:58.439] Kernel telemetry analysis completed in 88.1 seconds.

[2025-05-27 01:31:58.439] ✅ Analysis completed successfully!
[2025-05-27 01:31:58.439] Progress: 26.2% (369/1408)
[2025-05-27 01:31:58.439] Successful: 369, Failed: 0
[2025-05-27 01:31:58.439] Time remaining: 37.7h
[2025-05-27 01:31:58.439] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:32:03.439] SAMPLE 370/1408
[2025-05-27 01:32:03.439] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:32:03.439] File: e805dd0124b9f062f6b5bc9de627eabc601b9d6e8ffe1d90ee552a1ece598a89.exe
[2025-05-27 01:32:03.439] Path: D:\new\ransomware_high_confidence\clop\e805dd0124b9f062f6b5bc9de627eabc601b9d6e8ffe1d90ee552a1ece598a89.exe
[2025-05-27 01:32:03.440] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\e805dd0124b9f062f6b5bc9de627eabc601b9d6e8ffe1d90ee552a1ece598a89.exe
[2025-05-27 01:32:03.440] Malware execution time: 60 seconds
[2025-05-27 01:32:03.440] Restoring snapshot 35
[2025-05-27 01:32:03.616] Restoring snapshot 35 done
[2025-05-27 01:32:03.616] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:32:08.592] Starting up VM done
[2025-05-27 01:32:08.592] Installing kernel driver
[2025-05-27 01:32:08.592] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:32:11.741] Kernel driver installation completed
[2025-05-27 01:32:11.741] Starting GP driver service
[2025-05-27 01:32:11.741] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:32:14.900] GP driver service started
[2025-05-27 01:32:14.900] Executing malware sample: D:\new\ransomware_high_confidence\clop\e805dd0124b9f062f6b5bc9de627eabc601b9d6e8ffe1d90ee552a1ece598a89.exe
[2025-05-27 01:32:14.900] Malware execution started
[2025-05-27 01:32:14.900] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:33:14.908] Taking screenshot
[2025-05-27 01:33:14.972] Taking screenshot done
[2025-05-27 01:33:14.972] Terminating malware: e805dd0124b9f062f6b5bc9de627eabc6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:33:28.732] Powering off VM done
[2025-05-27 01:33:31.732] Restoring snapshot 35
[2025-05-27 01:33:31.783] Restoring snapshot 35 done
[2025-05-27 01:33:31.783] Kernel telemetry analysis completed in 88.3 seconds.

[2025-05-27 01:33:31.783] ✅ Analysis completed successfully!
[2025-05-27 01:33:31.783] Progress: 26.3% (370/1408)
[2025-05-27 01:33:31.783] Successful: 370, Failed: 0
[2025-05-27 01:33:31.783] Time remaining: 37.6h
[2025-05-27 01:33:31.783] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:33:36.783] SAMPLE 371/1408
[2025-05-27 01:33:36.783] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:33:36.783] File: ed3dfa9f2452537d378ead320e1506d392d3f91557d8c52714dfd6024176cf73.exe
[2025-05-27 01:33:36.783] Path: D:\new\ransomware_high_confidence\clop\ed3dfa9f2452537d378ead320e1506d392d3f91557d8c52714dfd6024176cf73.exe
[2025-05-27 01:33:36.783] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\ed3dfa9f2452537d378ead320e1506d392d3f91557d8c52714dfd6024176cf73.exe
[2025-05-27 01:33:36.783] Malware execution time: 60 seconds
[2025-05-27 01:33:36.783] Restoring snapshot 35
[2025-05-27 01:33:36.960] Restoring snapshot 35 done
[2025-05-27 01:33:36.960] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:33:41.880] Starting up VM done
[2025-05-27 01:33:41.880] Installing kernel driver
[2025-05-27 01:33:41.880] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:33:45.046] Kernel driver installation completed
[2025-05-27 01:33:45.046] Starting GP driver service
[2025-05-27 01:33:45.046] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:33:48.205] GP driver service started
[2025-05-27 01:33:48.205] Executing malware sample: D:\new\ransomware_high_confidence\clop\ed3dfa9f2452537d378ead320e1506d392d3f91557d8c52714dfd6024176cf73.exe
[2025-05-27 01:33:48.205] Malware execution started
[2025-05-27 01:33:48.205] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:34:48.213] Taking screenshot
[2025-05-27 01:34:48.275] Taking screenshot done
[2025-05-27 01:34:48.275] Terminating malware: ed3dfa9f2452537d378ead320e1506d39

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:35:02.026] Powering off VM done
[2025-05-27 01:35:05.027] Restoring snapshot 35
[2025-05-27 01:35:05.075] Restoring snapshot 35 done
[2025-05-27 01:35:05.075] Kernel telemetry analysis completed in 88.3 seconds.

[2025-05-27 01:35:05.075] ✅ Analysis completed successfully!
[2025-05-27 01:35:05.075] Progress: 26.3% (371/1408)
[2025-05-27 01:35:05.075] Successful: 371, Failed: 0
[2025-05-27 01:35:05.075] Time remaining: 37.5h
[2025-05-27 01:35:05.075] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:35:10.075] SAMPLE 372/1408
[2025-05-27 01:35:10.075] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:35:10.075] File: ee83fd9b8368bd4d2cdbebdccfdb41373c3c490d9c5b8d17530990e084131f29.exe
[2025-05-27 01:35:10.075] Path: D:\new\ransomware_high_confidence\clop\ee83fd9b8368bd4d2cdbebdccfdb41373c3c490d9c5b8d17530990e084131f29.exe
[2025-05-27 01:35:10.076] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\ee83fd9b8368bd4d2cdbebdccfdb41373c3c490d9c5b8d17530990e084131f29.exe
[2025-05-27 01:35:10.076] Malware execution time: 60 seconds
[2025-05-27 01:35:10.076] Restoring snapshot 35
[2025-05-27 01:35:10.252] Restoring snapshot 35 done
[2025-05-27 01:35:10.252] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:35:15.094] Starting up VM done
[2025-05-27 01:35:15.095] Installing kernel driver
[2025-05-27 01:35:15.095] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:35:18.258] Kernel driver installation completed
[2025-05-27 01:35:18.258] Starting GP driver service
[2025-05-27 01:35:18.258] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:35:21.416] GP driver service started
[2025-05-27 01:35:21.416] Executing malware sample: D:\new\ransomware_high_confidence\clop\ee83fd9b8368bd4d2cdbebdccfdb41373c3c490d9c5b8d17530990e084131f29.exe
[2025-05-27 01:35:21.417] Malware execution started
[2025-05-27 01:35:21.417] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:36:21.425] Taking screenshot
[2025-05-27 01:36:21.489] Taking screenshot done
[2025-05-27 01:36:21.489] Terminating malware: ee83fd9b8368bd4d2cdbebdccfdb41373

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:36:40.029] Powering off VM done
[2025-05-27 01:36:43.029] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:36:44.259] Restoring snapshot 35 done
[2025-05-27 01:36:44.259] Kernel telemetry analysis completed in 94.2 seconds.

[2025-05-27 01:36:44.259] ✅ Analysis completed successfully!
[2025-05-27 01:36:44.259] Progress: 26.4% (372/1408)
[2025-05-27 01:36:44.259] Successful: 372, Failed: 0
[2025-05-27 01:36:44.259] Time remaining: 37.5h
[2025-05-27 01:36:44.259] Waiting 5 seconds before next sample...
[2025-05-27 01:36:49.259] SAMPLE 373/1408
[2025-05-27 01:36:49.259] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:36:49.259] File: f55e4553ed04f085bc5b93cf7e5386c3d938abcb13a95ef1d2c3f8b21c454db8.exe
[2025-05-27 01:36:49.259] Path: D:\new\ransomware_high_confidence\clop\f55e4553ed04f085bc5b93cf7e5386c3d938abcb13a95ef1d2c3f8b21c454db8.exe
[2025-05-27 01:36:49.259] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\f55e4553ed04f085bc5b93cf7e5386c3d938abcb13a95ef1d2c3f8b21c454db8.exe
[2025-05-27 01:36:49.259] Malware execution time: 60 seco

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:36:56.091] Starting up VM done
[2025-05-27 01:36:56.091] Installing kernel driver
[2025-05-27 01:36:56.091] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:37:00.504] Kernel driver installation completed
[2025-05-27 01:37:00.504] Starting GP driver service
[2025-05-27 01:37:00.504] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:37:03.658] GP driver service started
[2025-05-27 01:37:03.658] Executing malware sample: D:\new\ransomware_high_confidence\clop\f55e4553ed04f085bc5b93cf7e5386c3d938abcb13a95ef1d2c3f8b21c454db8.exe
[2025-05-27 01:37:03.658] Malware execution started
[2025-05-27 01:37:03.658] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:38:03.666] Taking screenshot
[2025-05-27 01:38:03.729] Taking screenshot done
[2025-05-27 01:38:03.729] Terminating malware: f55e4553ed04f085bc5b93cf7e5386c3d

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:38:19.874] Powering off VM done
[2025-05-27 01:38:22.874] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:38:24.287] Restoring snapshot 35 done
[2025-05-27 01:38:24.287] Kernel telemetry analysis completed in 95.0 seconds.

[2025-05-27 01:38:24.287] ✅ Analysis completed successfully!
[2025-05-27 01:38:24.287] Progress: 26.5% (373/1408)
[2025-05-27 01:38:24.287] Successful: 373, Failed: 0
[2025-05-27 01:38:24.287] Time remaining: 37.4h
[2025-05-27 01:38:24.287] Waiting 5 seconds before next sample...
[2025-05-27 01:38:29.287] SAMPLE 374/1408
[2025-05-27 01:38:29.288] Family: D:\new\ransomware_high_confidence\clop
[2025-05-27 01:38:29.288] File: ff2811f8085bde8751d340bb731c83486b62f80850ceffdb594526da8945ce57.exe
[2025-05-27 01:38:29.288] Path: D:\new\ransomware_high_confidence\clop\ff2811f8085bde8751d340bb731c83486b62f80850ceffdb594526da8945ce57.exe
[2025-05-27 01:38:29.288] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\clop\ff2811f8085bde8751d340bb731c83486b62f80850ceffdb594526da8945ce57.exe
[2025-05-27 01:38:29.288] Malware execution time: 60 seco

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:38:30.794] Restoring snapshot 35 done
[2025-05-27 01:38:30.794] Starting up VM
[2025-05-27 01:38:36.941] Starting up VM done
[2025-05-27 01:38:36.941] Installing kernel driver
[2025-05-27 01:38:36.941] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:38:40.728] Kernel driver installation completed
[2025-05-27 01:38:40.728] Starting GP driver service
[2025-05-27 01:38:40.728] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:38:43.880] GP driver service started
[2025-05-27 01:38:43.880] Executing malware sample: D:\new\ransomware_high_confidence\clop\ff2811f8085bde8751d340bb731c83486b62f80850ceffdb594526da8945ce57.exe
[2025-05-27 01:38:43.881] Malware execution started
[2025-05-27 01:38:43.881] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:39:43.890] Taking screenshot
[2025-05-27 01:39:43.952] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:39:59.309] Powering off VM done
[2025-05-27 01:40:02.310] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:40:03.767] Restoring snapshot 35 done
[2025-05-27 01:40:03.767] Kernel telemetry analysis completed in 94.5 seconds.

[2025-05-27 01:40:03.767] ✅ Analysis completed successfully!
[2025-05-27 01:40:03.767] Progress: 26.6% (374/1408)
[2025-05-27 01:40:03.767] Successful: 374, Failed: 0
[2025-05-27 01:40:03.767] Time remaining: 37.4h
[2025-05-27 01:40:03.767] Waiting 5 seconds before next sample...
[2025-05-27 01:40:08.767] SAMPLE 375/1408
[2025-05-27 01:40:08.767] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 01:40:08.767] File: 002dd9b7cbf8ca2a09434f8c4abd85631efe922ab8daa1219d86d83a0228aeda.exe
[2025-05-27 01:40:08.767] Path: D:\new\ransomware_high_confidence\conti\002dd9b7cbf8ca2a09434f8c4abd85631efe922ab8daa1219d86d83a0228aeda.exe
[2025-05-27 01:40:08.767] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\002dd9b7cbf8ca2a09434f8c4abd85631efe922ab8daa1219d86d83a0228aeda.exe
[2025-05-27 01:40:08.767] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:40:10.309] Restoring snapshot 35 done
[2025-05-27 01:40:10.309] Starting up VM
[2025-05-27 01:40:16.393] Starting up VM done
[2025-05-27 01:40:16.393] Installing kernel driver
[2025-05-27 01:40:16.393] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:40:20.546] Kernel driver installation completed
[2025-05-27 01:40:20.546] Starting GP driver service
[2025-05-27 01:40:20.546] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:40:23.699] GP driver service started
[2025-05-27 01:40:23.699] Executing malware sample: D:\new\ransomware_high_confidence\conti\002dd9b7cbf8ca2a09434f8c4abd85631efe922ab8daa1219d86d83a0228aeda.exe
[2025-05-27 01:40:23.699] Malware execution started
[2025-05-27 01:40:23.699] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:41:23.707] Taking screenshot
[2025-05-27 01:41:23.772] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:41:39.172] Powering off VM done
[2025-05-27 01:41:42.172] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:41:43.398] Restoring snapshot 35 done
[2025-05-27 01:41:43.398] Kernel telemetry analysis completed in 94.6 seconds.

[2025-05-27 01:41:43.398] ✅ Analysis completed successfully!
[2025-05-27 01:41:43.398] Progress: 26.6% (375/1408)
[2025-05-27 01:41:43.398] Successful: 375, Failed: 0
[2025-05-27 01:41:43.398] Time remaining: 37.3h
[2025-05-27 01:41:43.398] Waiting 5 seconds before next sample...
[2025-05-27 01:41:48.398] SAMPLE 376/1408
[2025-05-27 01:41:48.398] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 01:41:48.398] File: 004ede55a972e10d9a21bcf338b4907d6eed65bf5ad6abbbd5aec7d8484bdedf.exe
[2025-05-27 01:41:48.398] Path: D:\new\ransomware_high_confidence\conti\004ede55a972e10d9a21bcf338b4907d6eed65bf5ad6abbbd5aec7d8484bdedf.exe
[2025-05-27 01:41:48.398] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\004ede55a972e10d9a21bcf338b4907d6eed65bf5ad6abbbd5aec7d8484bdedf.exe
[2025-05-27 01:41:48.398] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:41:49.993] Restoring snapshot 35 done
[2025-05-27 01:41:49.993] Starting up VM
[2025-05-27 01:41:55.708] Starting up VM done
[2025-05-27 01:41:55.708] Installing kernel driver
[2025-05-27 01:41:55.708] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:41:59.510] Kernel driver installation completed
[2025-05-27 01:41:59.510] Starting GP driver service
[2025-05-27 01:41:59.510] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:42:02.660] GP driver service started
[2025-05-27 01:42:02.660] Executing malware sample: D:\new\ransomware_high_confidence\conti\004ede55a972e10d9a21bcf338b4907d6eed65bf5ad6abbbd5aec7d8484bdedf.exe
[2025-05-27 01:42:02.660] Malware execution started
[2025-05-27 01:42:02.660] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:43:02.668] Taking screenshot
[2025-05-27 01:43:02.730] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:45:46.059] Powering off VM done
[2025-05-27 01:45:49.060] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:45:50.746] Restoring snapshot 35 done
[2025-05-27 01:45:50.746] Kernel telemetry analysis completed in 242.3 seconds.

[2025-05-27 01:45:50.746] ✅ Analysis completed successfully!
[2025-05-27 01:45:50.746] Progress: 26.7% (376/1408)
[2025-05-27 01:45:50.746] Successful: 376, Failed: 0
[2025-05-27 01:45:50.746] Time remaining: 37.3h
[2025-05-27 01:45:50.746] Waiting 5 seconds before next sample...
[2025-05-27 01:45:55.747] SAMPLE 377/1408
[2025-05-27 01:45:55.747] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 01:45:55.747] File: 040fcbd360c7498756519cb0e687120bd623da80784034ea89178409491b1c44.exe
[2025-05-27 01:45:55.747] Path: D:\new\ransomware_high_confidence\conti\040fcbd360c7498756519cb0e687120bd623da80784034ea89178409491b1c44.exe
[2025-05-27 01:45:55.747] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\040fcbd360c7498756519cb0e687120bd623da80784034ea89178409491b1c44.exe
[2025-05-27 01:45:55.747] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:45:57.283] Restoring snapshot 35 done
[2025-05-27 01:45:57.283] Starting up VM
[2025-05-27 01:46:03.814] Starting up VM done
[2025-05-27 01:46:03.814] Installing kernel driver
[2025-05-27 01:46:03.814] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:46:08.010] Kernel driver installation completed
[2025-05-27 01:46:08.011] Starting GP driver service
[2025-05-27 01:46:08.011] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:46:11.163] GP driver service started
[2025-05-27 01:46:11.163] Executing malware sample: D:\new\ransomware_high_confidence\conti\040fcbd360c7498756519cb0e687120bd623da80784034ea89178409491b1c44.exe
[2025-05-27 01:46:11.163] Malware execution started
[2025-05-27 01:46:11.163] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:47:11.171] Taking screenshot
[2025-05-27 01:47:11.234] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:47:27.008] Powering off VM done
[2025-05-27 01:47:30.008] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:47:30.348] Restoring snapshot 35 done
[2025-05-27 01:47:30.348] Kernel telemetry analysis completed in 94.6 seconds.

[2025-05-27 01:47:30.348] ✅ Analysis completed successfully!
[2025-05-27 01:47:30.348] Progress: 26.8% (377/1408)
[2025-05-27 01:47:30.348] Successful: 377, Failed: 0
[2025-05-27 01:47:30.348] Time remaining: 37.3h
[2025-05-27 01:47:30.348] Waiting 5 seconds before next sample...
[2025-05-27 01:47:35.349] SAMPLE 378/1408
[2025-05-27 01:47:35.349] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 01:47:35.349] File: 0460cfa76fb0a02be92b0bc99a09168ebe38dbc8eeb1aa966dca66f0e849b53d.exe
[2025-05-27 01:47:35.349] Path: D:\new\ransomware_high_confidence\conti\0460cfa76fb0a02be92b0bc99a09168ebe38dbc8eeb1aa966dca66f0e849b53d.exe
[2025-05-27 01:47:35.349] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\0460cfa76fb0a02be92b0bc99a09168ebe38dbc8eeb1aa966dca66f0e849b53d.exe
[2025-05-27 01:47:35.349] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:47:36.895] Restoring snapshot 35 done
[2025-05-27 01:47:36.895] Starting up VM
[2025-05-27 01:47:42.719] Starting up VM done
[2025-05-27 01:47:42.720] Installing kernel driver
[2025-05-27 01:47:42.720] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:47:46.100] Kernel driver installation completed
[2025-05-27 01:47:46.100] Starting GP driver service
[2025-05-27 01:47:46.100] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:47:49.253] GP driver service started
[2025-05-27 01:47:49.253] Executing malware sample: D:\new\ransomware_high_confidence\conti\0460cfa76fb0a02be92b0bc99a09168ebe38dbc8eeb1aa966dca66f0e849b53d.exe
[2025-05-27 01:47:49.254] Malware execution started
[2025-05-27 01:47:49.254] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:48:49.262] Taking screenshot
[2025-05-27 01:48:49.323] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:49:59.876] Powering off VM done
[2025-05-27 01:50:02.877] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:50:04.082] Restoring snapshot 35 done
[2025-05-27 01:50:04.082] Kernel telemetry analysis completed in 148.7 seconds.

[2025-05-27 01:50:04.082] ✅ Analysis completed successfully!
[2025-05-27 01:50:04.082] Progress: 26.8% (378/1408)
[2025-05-27 01:50:04.082] Successful: 378, Failed: 0
[2025-05-27 01:50:04.082] Time remaining: 37.3h
[2025-05-27 01:50:04.082] Waiting 5 seconds before next sample...
[2025-05-27 01:50:09.083] SAMPLE 379/1408
[2025-05-27 01:50:09.083] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 01:50:09.083] File: 0951fde8a8ea9cd45d2be14d63e6e55c8e87af0da45cf3776b495871652aa862.exe
[2025-05-27 01:50:09.083] Path: D:\new\ransomware_high_confidence\conti\0951fde8a8ea9cd45d2be14d63e6e55c8e87af0da45cf3776b495871652aa862.exe
[2025-05-27 01:50:09.083] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\0951fde8a8ea9cd45d2be14d63e6e55c8e87af0da45cf3776b495871652aa862.exe
[2025-05-27 01:50:09.083] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:50:10.641] Restoring snapshot 35 done
[2025-05-27 01:50:10.641] Starting up VM
[2025-05-27 01:50:16.779] Starting up VM done
[2025-05-27 01:50:16.779] Installing kernel driver
[2025-05-27 01:50:16.779] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:50:21.110] Kernel driver installation completed
[2025-05-27 01:50:21.110] Starting GP driver service
[2025-05-27 01:50:21.110] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:50:24.258] GP driver service started
[2025-05-27 01:50:24.258] Executing malware sample: D:\new\ransomware_high_confidence\conti\0951fde8a8ea9cd45d2be14d63e6e55c8e87af0da45cf3776b495871652aa862.exe
[2025-05-27 01:50:24.258] Malware execution started
[2025-05-27 01:50:24.258] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:51:24.266] Taking screenshot
[2025-05-27 01:51:24.331] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:52:57.736] Powering off VM done
[2025-05-27 01:53:00.736] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:53:02.065] Restoring snapshot 35 done
[2025-05-27 01:53:02.065] Kernel telemetry analysis completed in 173.0 seconds.

[2025-05-27 01:53:02.065] ✅ Analysis completed successfully!
[2025-05-27 01:53:02.066] Progress: 26.9% (379/1408)
[2025-05-27 01:53:02.066] Successful: 379, Failed: 0
[2025-05-27 01:53:02.066] Time remaining: 37.3h
[2025-05-27 01:53:02.066] Waiting 5 seconds before next sample...
[2025-05-27 01:53:07.066] SAMPLE 380/1408
[2025-05-27 01:53:07.066] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 01:53:07.066] File: 198667b1eda010a431dfb051a101cc73ead1d45ba8d0f6641ec1c14bca4106f3.exe
[2025-05-27 01:53:07.066] Path: D:\new\ransomware_high_confidence\conti\198667b1eda010a431dfb051a101cc73ead1d45ba8d0f6641ec1c14bca4106f3.exe
[2025-05-27 01:53:07.066] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\198667b1eda010a431dfb051a101cc73ead1d45ba8d0f6641ec1c14bca4106f3.exe
[2025-05-27 01:53:07.066] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:53:08.697] Restoring snapshot 35 done
[2025-05-27 01:53:08.697] Starting up VM
[2025-05-27 01:53:14.978] Starting up VM done
[2025-05-27 01:53:14.978] Installing kernel driver
[2025-05-27 01:53:14.978] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:53:19.566] Kernel driver installation completed
[2025-05-27 01:53:19.566] Starting GP driver service
[2025-05-27 01:53:19.566] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:53:22.715] GP driver service started
[2025-05-27 01:53:22.715] Executing malware sample: D:\new\ransomware_high_confidence\conti\198667b1eda010a431dfb051a101cc73ead1d45ba8d0f6641ec1c14bca4106f3.exe
[2025-05-27 01:53:22.715] Malware execution started
[2025-05-27 01:53:22.715] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:54:22.724] Taking screenshot
[2025-05-27 01:54:22.786] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:55:36.258] Powering off VM done
[2025-05-27 01:55:39.258] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:55:40.668] Restoring snapshot 35 done
[2025-05-27 01:55:40.668] Kernel telemetry analysis completed in 153.6 seconds.

[2025-05-27 01:55:40.668] ✅ Analysis completed successfully!
[2025-05-27 01:55:40.668] Progress: 27.0% (380/1408)
[2025-05-27 01:55:40.668] Successful: 380, Failed: 0
[2025-05-27 01:55:40.668] Time remaining: 37.3h
[2025-05-27 01:55:40.668] Waiting 5 seconds before next sample...
[2025-05-27 01:55:45.669] SAMPLE 381/1408
[2025-05-27 01:55:45.669] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 01:55:45.669] File: 1b8081bae0e493d098b8756b1e7c4b19715a78946cf227f2c27f9311e6718420.exe
[2025-05-27 01:55:45.669] Path: D:\new\ransomware_high_confidence\conti\1b8081bae0e493d098b8756b1e7c4b19715a78946cf227f2c27f9311e6718420.exe
[2025-05-27 01:55:45.669] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\1b8081bae0e493d098b8756b1e7c4b19715a78946cf227f2c27f9311e6718420.exe
[2025-05-27 01:55:45.669] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:55:47.300] Restoring snapshot 35 done
[2025-05-27 01:55:47.300] Starting up VM
[2025-05-27 01:55:53.573] Starting up VM done
[2025-05-27 01:55:53.574] Installing kernel driver
[2025-05-27 01:55:53.574] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:55:57.895] Kernel driver installation completed
[2025-05-27 01:55:57.895] Starting GP driver service
[2025-05-27 01:55:57.895] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:56:01.057] GP driver service started
[2025-05-27 01:56:01.057] Executing malware sample: D:\new\ransomware_high_confidence\conti\1b8081bae0e493d098b8756b1e7c4b19715a78946cf227f2c27f9311e6718420.exe
[2025-05-27 01:56:01.058] Malware execution started
[2025-05-27 01:56:01.058] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:57:01.066] Taking screenshot
[2025-05-27 01:57:01.130] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:58:27.730] Powering off VM done
[2025-05-27 01:58:30.731] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:58:32.471] Restoring snapshot 35 done
[2025-05-27 01:58:32.471] Kernel telemetry analysis completed in 166.8 seconds.

[2025-05-27 01:58:32.471] ✅ Analysis completed successfully!
[2025-05-27 01:58:32.471] Progress: 27.1% (381/1408)
[2025-05-27 01:58:32.471] Successful: 381, Failed: 0
[2025-05-27 01:58:32.471] Time remaining: 37.2h
[2025-05-27 01:58:32.472] Waiting 5 seconds before next sample...
[2025-05-27 01:58:37.472] SAMPLE 382/1408
[2025-05-27 01:58:37.472] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 01:58:37.472] File: 1ce8a939b3e7d84c59c12dc9e1091532f4336dac533847b6533b01d9dcf494e9.exe
[2025-05-27 01:58:37.472] Path: D:\new\ransomware_high_confidence\conti\1ce8a939b3e7d84c59c12dc9e1091532f4336dac533847b6533b01d9dcf494e9.exe
[2025-05-27 01:58:37.472] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\1ce8a939b3e7d84c59c12dc9e1091532f4336dac533847b6533b01d9dcf494e9.exe
[2025-05-27 01:58:37.472] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 01:58:39.014] Restoring snapshot 35 done
[2025-05-27 01:58:39.014] Starting up VM
[2025-05-27 01:58:45.410] Starting up VM done
[2025-05-27 01:58:45.410] Installing kernel driver
[2025-05-27 01:58:45.410] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 01:58:49.699] Kernel driver installation completed
[2025-05-27 01:58:49.699] Starting GP driver service
[2025-05-27 01:58:49.699] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 01:58:52.853] GP driver service started
[2025-05-27 01:58:52.853] Executing malware sample: D:\new\ransomware_high_confidence\conti\1ce8a939b3e7d84c59c12dc9e1091532f4336dac533847b6533b01d9dcf494e9.exe
[2025-05-27 01:58:52.853] Malware execution started
[2025-05-27 01:58:52.853] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 01:59:52.861] Taking screenshot
[2025-05-27 01:59:52.925] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:00:41.862] Powering off VM done
[2025-05-27 02:00:44.862] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:00:46.008] Restoring snapshot 35 done
[2025-05-27 02:00:46.008] Kernel telemetry analysis completed in 128.5 seconds.

[2025-05-27 02:00:46.008] ✅ Analysis completed successfully!
[2025-05-27 02:00:46.008] Progress: 27.1% (382/1408)
[2025-05-27 02:00:46.008] Successful: 382, Failed: 0
[2025-05-27 02:00:46.008] Time remaining: 37.2h
[2025-05-27 02:00:46.008] Waiting 5 seconds before next sample...
[2025-05-27 02:00:51.008] SAMPLE 383/1408
[2025-05-27 02:00:51.008] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:00:51.008] File: 1ef1ff8b1e81815d13bdd293554ddf8b3e57490dd3ef4add7c2837ddc67f9c24.exe
[2025-05-27 02:00:51.008] Path: D:\new\ransomware_high_confidence\conti\1ef1ff8b1e81815d13bdd293554ddf8b3e57490dd3ef4add7c2837ddc67f9c24.exe
[2025-05-27 02:00:51.009] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\1ef1ff8b1e81815d13bdd293554ddf8b3e57490dd3ef4add7c2837ddc67f9c24.exe
[2025-05-27 02:00:51.009] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:00:52.670] Restoring snapshot 35 done
[2025-05-27 02:00:52.670] Starting up VM
[2025-05-27 02:00:58.627] Starting up VM done
[2025-05-27 02:00:58.627] Installing kernel driver
[2025-05-27 02:00:58.627] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:01:02.745] Kernel driver installation completed
[2025-05-27 02:01:02.745] Starting GP driver service
[2025-05-27 02:01:02.745] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:01:05.903] GP driver service started
[2025-05-27 02:01:05.903] Executing malware sample: D:\new\ransomware_high_confidence\conti\1ef1ff8b1e81815d13bdd293554ddf8b3e57490dd3ef4add7c2837ddc67f9c24.exe
[2025-05-27 02:01:05.903] Malware execution started
[2025-05-27 02:01:05.903] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:02:05.911] Taking screenshot
[2025-05-27 02:02:05.973] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:04:46.695] Powering off VM done
[2025-05-27 02:04:49.696] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:04:51.274] Restoring snapshot 35 done
[2025-05-27 02:04:51.274] Kernel telemetry analysis completed in 240.3 seconds.

[2025-05-27 02:04:51.274] ✅ Analysis completed successfully!
[2025-05-27 02:04:51.274] Progress: 27.2% (383/1408)
[2025-05-27 02:04:51.274] Successful: 383, Failed: 0
[2025-05-27 02:04:51.274] Time remaining: 37.3h
[2025-05-27 02:04:51.274] Waiting 5 seconds before next sample...
[2025-05-27 02:04:56.274] SAMPLE 384/1408
[2025-05-27 02:04:56.274] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:04:56.274] File: 26b2401211769d2fa1415228b4b1305eeeed249a996d149ad83b6fc9c4f703ce.exe
[2025-05-27 02:04:56.274] Path: D:\new\ransomware_high_confidence\conti\26b2401211769d2fa1415228b4b1305eeeed249a996d149ad83b6fc9c4f703ce.exe
[2025-05-27 02:04:56.274] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\26b2401211769d2fa1415228b4b1305eeeed249a996d149ad83b6fc9c4f703ce.exe
[2025-05-27 02:04:56.274] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:04:57.970] Restoring snapshot 35 done
[2025-05-27 02:04:57.970] Starting up VM
[2025-05-27 02:05:04.112] Starting up VM done
[2025-05-27 02:05:04.112] Installing kernel driver
[2025-05-27 02:05:04.112] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:05:08.400] Kernel driver installation completed
[2025-05-27 02:05:08.401] Starting GP driver service
[2025-05-27 02:05:08.401] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:05:11.555] GP driver service started
[2025-05-27 02:05:11.555] Executing malware sample: D:\new\ransomware_high_confidence\conti\26b2401211769d2fa1415228b4b1305eeeed249a996d149ad83b6fc9c4f703ce.exe
[2025-05-27 02:05:11.556] Malware execution started
[2025-05-27 02:05:11.556] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:06:11.563] Taking screenshot
[2025-05-27 02:06:11.626] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:07:40.309] Powering off VM done
[2025-05-27 02:07:43.310] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:07:44.523] Restoring snapshot 35 done
[2025-05-27 02:07:44.523] Kernel telemetry analysis completed in 168.2 seconds.

[2025-05-27 02:07:44.523] ✅ Analysis completed successfully!
[2025-05-27 02:07:44.523] Progress: 27.3% (384/1408)
[2025-05-27 02:07:44.523] Successful: 384, Failed: 0
[2025-05-27 02:07:44.523] Time remaining: 37.3h
[2025-05-27 02:07:44.523] Waiting 5 seconds before next sample...
[2025-05-27 02:07:49.523] SAMPLE 385/1408
[2025-05-27 02:07:49.523] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:07:49.523] File: 2fc6d7df9252b1e2c4eb3ad7d0d29c188d87548127c44cebc40db9abe8e5aa35.exe
[2025-05-27 02:07:49.523] Path: D:\new\ransomware_high_confidence\conti\2fc6d7df9252b1e2c4eb3ad7d0d29c188d87548127c44cebc40db9abe8e5aa35.exe
[2025-05-27 02:07:49.523] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\2fc6d7df9252b1e2c4eb3ad7d0d29c188d87548127c44cebc40db9abe8e5aa35.exe
[2025-05-27 02:07:49.523] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:07:51.039] Restoring snapshot 35 done
[2025-05-27 02:07:51.039] Starting up VM
[2025-05-27 02:07:57.222] Starting up VM done
[2025-05-27 02:07:57.222] Installing kernel driver
[2025-05-27 02:07:57.222] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:08:01.453] Kernel driver installation completed
[2025-05-27 02:08:01.453] Starting GP driver service
[2025-05-27 02:08:01.453] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:08:04.613] GP driver service started
[2025-05-27 02:08:04.613] Executing malware sample: D:\new\ransomware_high_confidence\conti\2fc6d7df9252b1e2c4eb3ad7d0d29c188d87548127c44cebc40db9abe8e5aa35.exe
[2025-05-27 02:08:04.614] Malware execution started
[2025-05-27 02:08:04.614] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:09:04.622] Taking screenshot
[2025-05-27 02:09:04.683] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:10:19.425] Powering off VM done
[2025-05-27 02:10:22.426] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:10:23.454] Restoring snapshot 35 done
[2025-05-27 02:10:23.455] Kernel telemetry analysis completed in 153.9 seconds.

[2025-05-27 02:10:23.455] ✅ Analysis completed successfully!
[2025-05-27 02:10:23.455] Progress: 27.3% (385/1408)
[2025-05-27 02:10:23.455] Successful: 385, Failed: 0
[2025-05-27 02:10:23.455] Time remaining: 37.2h
[2025-05-27 02:10:23.455] Waiting 5 seconds before next sample...
[2025-05-27 02:10:28.455] SAMPLE 386/1408
[2025-05-27 02:10:28.455] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:10:28.455] File: 4bfd58d4e4a6fe5e91b408bc190a24d352124902085f9c2da948ad7d79b72618.exe
[2025-05-27 02:10:28.455] Path: D:\new\ransomware_high_confidence\conti\4bfd58d4e4a6fe5e91b408bc190a24d352124902085f9c2da948ad7d79b72618.exe
[2025-05-27 02:10:28.455] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\4bfd58d4e4a6fe5e91b408bc190a24d352124902085f9c2da948ad7d79b72618.exe
[2025-05-27 02:10:28.455] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:10:30.012] Restoring snapshot 35 done
[2025-05-27 02:10:30.012] Starting up VM
[2025-05-27 02:10:35.872] Starting up VM done
[2025-05-27 02:10:35.872] Installing kernel driver
[2025-05-27 02:10:35.872] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:10:40.309] Kernel driver installation completed
[2025-05-27 02:10:40.309] Starting GP driver service
[2025-05-27 02:10:40.309] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:10:43.459] GP driver service started
[2025-05-27 02:10:43.459] Executing malware sample: D:\new\ransomware_high_confidence\conti\4bfd58d4e4a6fe5e91b408bc190a24d352124902085f9c2da948ad7d79b72618.exe
[2025-05-27 02:10:43.460] Malware execution started
[2025-05-27 02:10:43.460] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:11:43.468] Taking screenshot
[2025-05-27 02:11:43.530] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:13:10.505] Powering off VM done
[2025-05-27 02:13:13.505] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:13:15.051] Restoring snapshot 35 done
[2025-05-27 02:13:15.051] Kernel telemetry analysis completed in 166.6 seconds.

[2025-05-27 02:13:15.051] ✅ Analysis completed successfully!
[2025-05-27 02:13:15.051] Progress: 27.4% (386/1408)
[2025-05-27 02:13:15.051] Successful: 386, Failed: 0
[2025-05-27 02:13:15.051] Time remaining: 37.2h
[2025-05-27 02:13:15.051] Waiting 5 seconds before next sample...
[2025-05-27 02:13:20.051] SAMPLE 387/1408
[2025-05-27 02:13:20.051] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:13:20.051] File: 4d8fcd9492a256c0cb9567e63b53b75c2a591f5eebe7293298239736034b742a.exe
[2025-05-27 02:13:20.051] Path: D:\new\ransomware_high_confidence\conti\4d8fcd9492a256c0cb9567e63b53b75c2a591f5eebe7293298239736034b742a.exe
[2025-05-27 02:13:20.051] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\4d8fcd9492a256c0cb9567e63b53b75c2a591f5eebe7293298239736034b742a.exe
[2025-05-27 02:13:20.051] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:13:21.517] Restoring snapshot 35 done
[2025-05-27 02:13:21.517] Starting up VM
[2025-05-27 02:13:27.548] Starting up VM done
[2025-05-27 02:13:27.548] Installing kernel driver
[2025-05-27 02:13:27.548] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:13:31.127] Kernel driver installation completed
[2025-05-27 02:13:31.127] Starting GP driver service
[2025-05-27 02:13:31.127] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:13:34.279] GP driver service started
[2025-05-27 02:13:34.279] Executing malware sample: D:\new\ransomware_high_confidence\conti\4d8fcd9492a256c0cb9567e63b53b75c2a591f5eebe7293298239736034b742a.exe
[2025-05-27 02:13:34.280] Malware execution started
[2025-05-27 02:13:34.280] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:14:34.288] Taking screenshot
[2025-05-27 02:14:34.350] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:15:42.998] Powering off VM done
[2025-05-27 02:15:45.998] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:15:47.587] Restoring snapshot 35 done
[2025-05-27 02:15:47.587] Kernel telemetry analysis completed in 147.5 seconds.

[2025-05-27 02:15:47.587] ✅ Analysis completed successfully!
[2025-05-27 02:15:47.587] Progress: 27.5% (387/1408)
[2025-05-27 02:15:47.587] Successful: 387, Failed: 0
[2025-05-27 02:15:47.587] Time remaining: 37.2h
[2025-05-27 02:15:47.587] Waiting 5 seconds before next sample...
[2025-05-27 02:15:52.587] SAMPLE 388/1408
[2025-05-27 02:15:52.587] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:15:52.587] File: 4f17d7fa344b970890ed1bc52a0da95146cab9fe56ecabafafacb0ad212558c9.exe
[2025-05-27 02:15:52.587] Path: D:\new\ransomware_high_confidence\conti\4f17d7fa344b970890ed1bc52a0da95146cab9fe56ecabafafacb0ad212558c9.exe
[2025-05-27 02:15:52.588] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\4f17d7fa344b970890ed1bc52a0da95146cab9fe56ecabafafacb0ad212558c9.exe
[2025-05-27 02:15:52.588] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:15:53.897] Restoring snapshot 35 done
[2025-05-27 02:15:53.897] Starting up VM
[2025-05-27 02:15:59.748] Starting up VM done
[2025-05-27 02:15:59.748] Installing kernel driver
[2025-05-27 02:15:59.748] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:16:03.913] Kernel driver installation completed
[2025-05-27 02:16:03.914] Starting GP driver service
[2025-05-27 02:16:03.914] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:16:07.069] GP driver service started
[2025-05-27 02:16:07.069] Executing malware sample: D:\new\ransomware_high_confidence\conti\4f17d7fa344b970890ed1bc52a0da95146cab9fe56ecabafafacb0ad212558c9.exe
[2025-05-27 02:16:07.069] Malware execution started
[2025-05-27 02:16:07.069] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:17:07.077] Taking screenshot
[2025-05-27 02:17:07.139] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:17:57.699] Powering off VM done
[2025-05-27 02:18:00.700] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:18:02.023] Restoring snapshot 35 done
[2025-05-27 02:18:02.023] Kernel telemetry analysis completed in 129.4 seconds.

[2025-05-27 02:18:02.023] ✅ Analysis completed successfully!
[2025-05-27 02:18:02.023] Progress: 27.6% (388/1408)
[2025-05-27 02:18:02.023] Successful: 388, Failed: 0
[2025-05-27 02:18:02.023] Time remaining: 37.2h
[2025-05-27 02:18:02.024] Waiting 5 seconds before next sample...
[2025-05-27 02:18:07.024] SAMPLE 389/1408
[2025-05-27 02:18:07.024] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:18:07.024] File: 53b1c1b2f41a7fc300e97d036e57539453ff82001dd3f6abf07f4896b1f9ca22.exe
[2025-05-27 02:18:07.024] Path: D:\new\ransomware_high_confidence\conti\53b1c1b2f41a7fc300e97d036e57539453ff82001dd3f6abf07f4896b1f9ca22.exe
[2025-05-27 02:18:07.024] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\53b1c1b2f41a7fc300e97d036e57539453ff82001dd3f6abf07f4896b1f9ca22.exe
[2025-05-27 02:18:07.024] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:18:08.519] Restoring snapshot 35 done
[2025-05-27 02:18:08.519] Starting up VM
[2025-05-27 02:18:14.854] Starting up VM done
[2025-05-27 02:18:14.854] Installing kernel driver
[2025-05-27 02:18:14.854] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:18:19.068] Kernel driver installation completed
[2025-05-27 02:18:19.068] Starting GP driver service
[2025-05-27 02:18:19.068] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:18:22.225] GP driver service started
[2025-05-27 02:18:22.225] Executing malware sample: D:\new\ransomware_high_confidence\conti\53b1c1b2f41a7fc300e97d036e57539453ff82001dd3f6abf07f4896b1f9ca22.exe
[2025-05-27 02:18:22.226] Malware execution started
[2025-05-27 02:18:22.226] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:19:22.234] Taking screenshot
[2025-05-27 02:19:22.296] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:20:25.782] Powering off VM done
[2025-05-27 02:20:28.783] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:20:29.809] Restoring snapshot 35 done
[2025-05-27 02:20:29.809] Kernel telemetry analysis completed in 142.8 seconds.

[2025-05-27 02:20:29.809] ✅ Analysis completed successfully!
[2025-05-27 02:20:29.809] Progress: 27.6% (389/1408)
[2025-05-27 02:20:29.809] Successful: 389, Failed: 0
[2025-05-27 02:20:29.809] Time remaining: 37.2h
[2025-05-27 02:20:29.809] Waiting 5 seconds before next sample...
[2025-05-27 02:20:34.809] SAMPLE 390/1408
[2025-05-27 02:20:34.809] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:20:34.809] File: 58ca4e482db7cf5c924256e53d8516d422e76cf4b85b43dc2b9ba0c7cb471ff7.exe
[2025-05-27 02:20:34.809] Path: D:\new\ransomware_high_confidence\conti\58ca4e482db7cf5c924256e53d8516d422e76cf4b85b43dc2b9ba0c7cb471ff7.exe
[2025-05-27 02:20:34.810] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\58ca4e482db7cf5c924256e53d8516d422e76cf4b85b43dc2b9ba0c7cb471ff7.exe
[2025-05-27 02:20:34.810] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:20:36.699] Restoring snapshot 35 done
[2025-05-27 02:20:36.699] Starting up VM
[2025-05-27 02:20:43.299] Starting up VM done
[2025-05-27 02:20:43.300] Installing kernel driver
[2025-05-27 02:20:43.300] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:20:47.840] Kernel driver installation completed
[2025-05-27 02:20:47.840] Starting GP driver service
[2025-05-27 02:20:47.840] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:20:50.988] GP driver service started
[2025-05-27 02:20:50.989] Executing malware sample: D:\new\ransomware_high_confidence\conti\58ca4e482db7cf5c924256e53d8516d422e76cf4b85b43dc2b9ba0c7cb471ff7.exe
[2025-05-27 02:20:50.989] Malware execution started
[2025-05-27 02:20:50.989] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:21:50.997] Taking screenshot
[2025-05-27 02:21:51.059] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:23:27.248] Powering off VM done
[2025-05-27 02:23:30.248] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:23:31.564] Restoring snapshot 35 done
[2025-05-27 02:23:31.564] Kernel telemetry analysis completed in 176.8 seconds.

[2025-05-27 02:23:31.564] ✅ Analysis completed successfully!
[2025-05-27 02:23:31.564] Progress: 27.7% (390/1408)
[2025-05-27 02:23:31.564] Successful: 390, Failed: 0
[2025-05-27 02:23:31.564] Time remaining: 37.2h
[2025-05-27 02:23:31.564] Waiting 5 seconds before next sample...
[2025-05-27 02:23:36.564] SAMPLE 391/1408
[2025-05-27 02:23:36.564] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:23:36.564] File: 59a9f0de96eff57768e995b296ae75778a232f30d95a7b7ab5048c621b50c66d.exe
[2025-05-27 02:23:36.564] Path: D:\new\ransomware_high_confidence\conti\59a9f0de96eff57768e995b296ae75778a232f30d95a7b7ab5048c621b50c66d.exe
[2025-05-27 02:23:36.564] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\59a9f0de96eff57768e995b296ae75778a232f30d95a7b7ab5048c621b50c66d.exe
[2025-05-27 02:23:36.564] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:23:38.160] Restoring snapshot 35 done
[2025-05-27 02:23:38.160] Starting up VM
[2025-05-27 02:23:44.757] Starting up VM done
[2025-05-27 02:23:44.757] Installing kernel driver
[2025-05-27 02:23:44.757] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:23:49.302] Kernel driver installation completed
[2025-05-27 02:23:49.302] Starting GP driver service
[2025-05-27 02:23:49.302] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:23:52.459] GP driver service started
[2025-05-27 02:23:52.459] Executing malware sample: D:\new\ransomware_high_confidence\conti\59a9f0de96eff57768e995b296ae75778a232f30d95a7b7ab5048c621b50c66d.exe
[2025-05-27 02:23:52.459] Malware execution started
[2025-05-27 02:23:52.459] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:24:52.467] Taking screenshot
[2025-05-27 02:24:52.530] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:25:11.172] Powering off VM done
[2025-05-27 02:25:14.173] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:25:15.174] Restoring snapshot 35 done
[2025-05-27 02:25:15.174] Kernel telemetry analysis completed in 98.6 seconds.

[2025-05-27 02:25:15.174] ✅ Analysis completed successfully!
[2025-05-27 02:25:15.174] Progress: 27.8% (391/1408)
[2025-05-27 02:25:15.174] Successful: 391, Failed: 0
[2025-05-27 02:25:15.174] Time remaining: 37.1h
[2025-05-27 02:25:15.175] Waiting 5 seconds before next sample...
[2025-05-27 02:25:20.175] SAMPLE 392/1408
[2025-05-27 02:25:20.175] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:25:20.175] File: 61dd6a0b2870d62f56c7fe0039d42bf5351588f927267fe7b4ee0761872a3b20.exe
[2025-05-27 02:25:20.175] Path: D:\new\ransomware_high_confidence\conti\61dd6a0b2870d62f56c7fe0039d42bf5351588f927267fe7b4ee0761872a3b20.exe
[2025-05-27 02:25:20.175] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\61dd6a0b2870d62f56c7fe0039d42bf5351588f927267fe7b4ee0761872a3b20.exe
[2025-05-27 02:25:20.175] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:25:22.335] Restoring snapshot 35 done
[2025-05-27 02:25:22.335] Starting up VM
[2025-05-27 02:25:28.269] Starting up VM done
[2025-05-27 02:25:28.269] Installing kernel driver
[2025-05-27 02:25:28.269] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:25:32.403] Kernel driver installation completed
[2025-05-27 02:25:32.403] Starting GP driver service
[2025-05-27 02:25:32.403] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:25:35.565] GP driver service started
[2025-05-27 02:25:35.565] Executing malware sample: D:\new\ransomware_high_confidence\conti\61dd6a0b2870d62f56c7fe0039d42bf5351588f927267fe7b4ee0761872a3b20.exe
[2025-05-27 02:25:35.565] Malware execution started
[2025-05-27 02:25:35.565] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:26:35.573] Taking screenshot
[2025-05-27 02:26:35.636] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:27:16.031] Powering off VM done
[2025-05-27 02:27:19.031] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:27:20.303] Restoring snapshot 35 done
[2025-05-27 02:27:20.303] Kernel telemetry analysis completed in 120.1 seconds.

[2025-05-27 02:27:20.303] ✅ Analysis completed successfully!
[2025-05-27 02:27:20.303] Progress: 27.8% (392/1408)
[2025-05-27 02:27:20.303] Successful: 392, Failed: 0
[2025-05-27 02:27:20.303] Time remaining: 37.1h
[2025-05-27 02:27:20.303] Waiting 5 seconds before next sample...
[2025-05-27 02:27:25.303] SAMPLE 393/1408
[2025-05-27 02:27:25.303] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:27:25.303] File: 633b9d373da7d2916f4d3b2902d4817c0f3ad5de5466ac85f34bdd37a8d3dd37.exe
[2025-05-27 02:27:25.303] Path: D:\new\ransomware_high_confidence\conti\633b9d373da7d2916f4d3b2902d4817c0f3ad5de5466ac85f34bdd37a8d3dd37.exe
[2025-05-27 02:27:25.304] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\633b9d373da7d2916f4d3b2902d4817c0f3ad5de5466ac85f34bdd37a8d3dd37.exe
[2025-05-27 02:27:25.304] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:27:26.815] Restoring snapshot 35 done
[2025-05-27 02:27:26.815] Starting up VM
[2025-05-27 02:27:32.886] Starting up VM done
[2025-05-27 02:27:32.886] Installing kernel driver
[2025-05-27 02:27:32.886] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:27:37.114] Kernel driver installation completed
[2025-05-27 02:27:37.114] Starting GP driver service
[2025-05-27 02:27:37.114] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:27:40.276] GP driver service started
[2025-05-27 02:27:40.276] Executing malware sample: D:\new\ransomware_high_confidence\conti\633b9d373da7d2916f4d3b2902d4817c0f3ad5de5466ac85f34bdd37a8d3dd37.exe
[2025-05-27 02:27:40.276] Malware execution started
[2025-05-27 02:27:40.276] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:28:40.285] Taking screenshot
[2025-05-27 02:28:40.351] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:29:19.881] Powering off VM done
[2025-05-27 02:29:22.881] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:29:24.419] Restoring snapshot 35 done
[2025-05-27 02:29:24.419] Kernel telemetry analysis completed in 119.1 seconds.

[2025-05-27 02:29:24.419] ✅ Analysis completed successfully!
[2025-05-27 02:29:24.420] Progress: 27.9% (393/1408)
[2025-05-27 02:29:24.420] Successful: 393, Failed: 0
[2025-05-27 02:29:24.420] Time remaining: 37.0h
[2025-05-27 02:29:24.420] Waiting 5 seconds before next sample...
[2025-05-27 02:29:29.420] SAMPLE 394/1408
[2025-05-27 02:29:29.420] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:29:29.420] File: 64a3a3ec70d20636299b8fe4f50c2b4d077f9934ee2d6ccf7d440b05b9770f56.exe
[2025-05-27 02:29:29.420] Path: D:\new\ransomware_high_confidence\conti\64a3a3ec70d20636299b8fe4f50c2b4d077f9934ee2d6ccf7d440b05b9770f56.exe
[2025-05-27 02:29:29.420] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\64a3a3ec70d20636299b8fe4f50c2b4d077f9934ee2d6ccf7d440b05b9770f56.exe
[2025-05-27 02:29:29.420] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:29:31.054] Restoring snapshot 35 done
[2025-05-27 02:29:31.054] Starting up VM
[2025-05-27 02:29:37.521] Starting up VM done
[2025-05-27 02:29:37.521] Installing kernel driver
[2025-05-27 02:29:37.521] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:29:41.737] Kernel driver installation completed
[2025-05-27 02:29:41.737] Starting GP driver service
[2025-05-27 02:29:41.737] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:29:44.891] GP driver service started
[2025-05-27 02:29:44.891] Executing malware sample: D:\new\ransomware_high_confidence\conti\64a3a3ec70d20636299b8fe4f50c2b4d077f9934ee2d6ccf7d440b05b9770f56.exe
[2025-05-27 02:29:44.892] Malware execution started
[2025-05-27 02:29:44.892] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:30:44.900] Taking screenshot
[2025-05-27 02:30:44.963] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:32:25.781] Powering off VM done
[2025-05-27 02:32:28.782] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:32:29.974] Restoring snapshot 35 done
[2025-05-27 02:32:29.974] Kernel telemetry analysis completed in 180.6 seconds.

[2025-05-27 02:32:29.974] ✅ Analysis completed successfully!
[2025-05-27 02:32:29.974] Progress: 28.0% (394/1408)
[2025-05-27 02:32:29.974] Successful: 394, Failed: 0
[2025-05-27 02:32:29.974] Time remaining: 37.0h
[2025-05-27 02:32:29.974] Waiting 5 seconds before next sample...
[2025-05-27 02:32:34.974] SAMPLE 395/1408
[2025-05-27 02:32:34.974] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:32:34.974] File: 6815e1e06e29863290319eb3e814ae2a394271aa2f95cc7c31a649c4c2f4fd04.exe
[2025-05-27 02:32:34.974] Path: D:\new\ransomware_high_confidence\conti\6815e1e06e29863290319eb3e814ae2a394271aa2f95cc7c31a649c4c2f4fd04.exe
[2025-05-27 02:32:34.975] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\6815e1e06e29863290319eb3e814ae2a394271aa2f95cc7c31a649c4c2f4fd04.exe
[2025-05-27 02:32:34.975] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:32:36.782] Restoring snapshot 35 done
[2025-05-27 02:32:36.782] Starting up VM
[2025-05-27 02:32:42.858] Starting up VM done
[2025-05-27 02:32:42.858] Installing kernel driver
[2025-05-27 02:32:42.858] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:32:47.196] Kernel driver installation completed
[2025-05-27 02:32:47.196] Starting GP driver service
[2025-05-27 02:32:47.196] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:32:50.356] GP driver service started
[2025-05-27 02:32:50.356] Executing malware sample: D:\new\ransomware_high_confidence\conti\6815e1e06e29863290319eb3e814ae2a394271aa2f95cc7c31a649c4c2f4fd04.exe
[2025-05-27 02:32:50.356] Malware execution started
[2025-05-27 02:32:50.356] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:33:50.365] Taking screenshot
[2025-05-27 02:33:50.426] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:35:15.460] Powering off VM done
[2025-05-27 02:35:18.460] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:35:19.466] Restoring snapshot 35 done
[2025-05-27 02:35:19.467] Kernel telemetry analysis completed in 164.5 seconds.

[2025-05-27 02:35:19.467] ✅ Analysis completed successfully!
[2025-05-27 02:35:19.467] Progress: 28.1% (395/1408)
[2025-05-27 02:35:19.467] Successful: 395, Failed: 0
[2025-05-27 02:35:19.467] Time remaining: 37.0h
[2025-05-27 02:35:19.467] Waiting 5 seconds before next sample...
[2025-05-27 02:35:24.467] SAMPLE 396/1408
[2025-05-27 02:35:24.467] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:35:24.467] File: 707b752f6bd89d4f97d08602d0546a56d27acfe00e6d5df2a2cb67c5e2eeee30.exe
[2025-05-27 02:35:24.467] Path: D:\new\ransomware_high_confidence\conti\707b752f6bd89d4f97d08602d0546a56d27acfe00e6d5df2a2cb67c5e2eeee30.exe
[2025-05-27 02:35:24.467] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\707b752f6bd89d4f97d08602d0546a56d27acfe00e6d5df2a2cb67c5e2eeee30.exe
[2025-05-27 02:35:24.467] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:35:25.994] Restoring snapshot 35 done
[2025-05-27 02:35:25.994] Starting up VM
[2025-05-27 02:35:32.537] Starting up VM done
[2025-05-27 02:35:32.537] Installing kernel driver
[2025-05-27 02:35:32.537] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:35:36.190] Kernel driver installation completed
[2025-05-27 02:35:36.191] Starting GP driver service
[2025-05-27 02:35:36.191] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:35:39.339] GP driver service started
[2025-05-27 02:35:39.339] Executing malware sample: D:\new\ransomware_high_confidence\conti\707b752f6bd89d4f97d08602d0546a56d27acfe00e6d5df2a2cb67c5e2eeee30.exe
[2025-05-27 02:35:39.340] Malware execution started
[2025-05-27 02:35:39.340] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:36:39.348] Taking screenshot
[2025-05-27 02:36:39.409] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:37:55.985] Powering off VM done
[2025-05-27 02:37:58.985] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:38:00.691] Restoring snapshot 35 done
[2025-05-27 02:38:00.691] Kernel telemetry analysis completed in 156.2 seconds.

[2025-05-27 02:38:00.691] ✅ Analysis completed successfully!
[2025-05-27 02:38:00.691] Progress: 28.1% (396/1408)
[2025-05-27 02:38:00.691] Successful: 396, Failed: 0
[2025-05-27 02:38:00.691] Time remaining: 37.0h
[2025-05-27 02:38:00.691] Waiting 5 seconds before next sample...
[2025-05-27 02:38:05.692] SAMPLE 397/1408
[2025-05-27 02:38:05.692] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:38:05.692] File: 7ca57576c6a2d7dbf49faeafd4804c6b86d9af7fff1390c58a30eb9d9bf2fbfd.exe
[2025-05-27 02:38:05.692] Path: D:\new\ransomware_high_confidence\conti\7ca57576c6a2d7dbf49faeafd4804c6b86d9af7fff1390c58a30eb9d9bf2fbfd.exe
[2025-05-27 02:38:05.692] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\7ca57576c6a2d7dbf49faeafd4804c6b86d9af7fff1390c58a30eb9d9bf2fbfd.exe
[2025-05-27 02:38:05.692] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:38:07.606] Restoring snapshot 35 done
[2025-05-27 02:38:07.606] Starting up VM
[2025-05-27 02:38:12.895] Starting up VM done
[2025-05-27 02:38:12.895] Installing kernel driver
[2025-05-27 02:38:12.895] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:38:17.394] Kernel driver installation completed
[2025-05-27 02:38:17.394] Starting GP driver service
[2025-05-27 02:38:17.394] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:38:20.547] GP driver service started
[2025-05-27 02:38:20.547] Executing malware sample: D:\new\ransomware_high_confidence\conti\7ca57576c6a2d7dbf49faeafd4804c6b86d9af7fff1390c58a30eb9d9bf2fbfd.exe
[2025-05-27 02:38:20.548] Malware execution started
[2025-05-27 02:38:20.548] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:39:20.556] Taking screenshot
[2025-05-27 02:39:20.615] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:40:36.484] Powering off VM done
[2025-05-27 02:40:39.485] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:40:40.466] Restoring snapshot 35 done
[2025-05-27 02:40:40.466] Kernel telemetry analysis completed in 154.8 seconds.

[2025-05-27 02:40:40.466] ✅ Analysis completed successfully!
[2025-05-27 02:40:40.466] Progress: 28.2% (397/1408)
[2025-05-27 02:40:40.466] Successful: 397, Failed: 0
[2025-05-27 02:40:40.466] Time remaining: 37.0h
[2025-05-27 02:40:40.466] Waiting 5 seconds before next sample...
[2025-05-27 02:40:45.467] SAMPLE 398/1408
[2025-05-27 02:40:45.467] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:40:45.467] File: 98a09f7896a7c20229e696d6e8344fe9593fd70afada5d986e04c0d6933cc4db.exe
[2025-05-27 02:40:45.467] Path: D:\new\ransomware_high_confidence\conti\98a09f7896a7c20229e696d6e8344fe9593fd70afada5d986e04c0d6933cc4db.exe
[2025-05-27 02:40:45.467] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\98a09f7896a7c20229e696d6e8344fe9593fd70afada5d986e04c0d6933cc4db.exe
[2025-05-27 02:40:45.467] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:40:47.288] Restoring snapshot 35 done
[2025-05-27 02:40:47.289] Starting up VM
[2025-05-27 02:40:53.549] Starting up VM done
[2025-05-27 02:40:53.549] Installing kernel driver
[2025-05-27 02:40:53.549] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:40:57.218] Kernel driver installation completed
[2025-05-27 02:40:57.218] Starting GP driver service
[2025-05-27 02:40:57.218] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:41:00.370] GP driver service started
[2025-05-27 02:41:00.370] Executing malware sample: D:\new\ransomware_high_confidence\conti\98a09f7896a7c20229e696d6e8344fe9593fd70afada5d986e04c0d6933cc4db.exe
[2025-05-27 02:41:00.371] Malware execution started
[2025-05-27 02:41:00.371] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:42:00.379] Taking screenshot
[2025-05-27 02:42:00.442] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:43:22.383] Powering off VM done
[2025-05-27 02:43:25.383] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:43:26.714] Restoring snapshot 35 done
[2025-05-27 02:43:26.714] Kernel telemetry analysis completed in 161.2 seconds.

[2025-05-27 02:43:26.714] ✅ Analysis completed successfully!
[2025-05-27 02:43:26.714] Progress: 28.3% (398/1408)
[2025-05-27 02:43:26.714] Successful: 398, Failed: 0
[2025-05-27 02:43:26.714] Time remaining: 37.0h
[2025-05-27 02:43:26.714] Waiting 5 seconds before next sample...
[2025-05-27 02:43:31.714] SAMPLE 399/1408
[2025-05-27 02:43:31.714] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:43:31.714] File: 9aed278f54f65e546fb9f7f34dff26d0835a0a21a5a4fc4c026bf84596ed277e.exe
[2025-05-27 02:43:31.714] Path: D:\new\ransomware_high_confidence\conti\9aed278f54f65e546fb9f7f34dff26d0835a0a21a5a4fc4c026bf84596ed277e.exe
[2025-05-27 02:43:31.715] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\9aed278f54f65e546fb9f7f34dff26d0835a0a21a5a4fc4c026bf84596ed277e.exe
[2025-05-27 02:43:31.715] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:43:33.302] Restoring snapshot 35 done
[2025-05-27 02:43:33.302] Starting up VM
[2025-05-27 02:43:39.285] Starting up VM done
[2025-05-27 02:43:39.285] Installing kernel driver
[2025-05-27 02:43:39.285] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:43:43.620] Kernel driver installation completed
[2025-05-27 02:43:43.620] Starting GP driver service
[2025-05-27 02:43:43.620] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:43:46.767] GP driver service started
[2025-05-27 02:43:46.767] Executing malware sample: D:\new\ransomware_high_confidence\conti\9aed278f54f65e546fb9f7f34dff26d0835a0a21a5a4fc4c026bf84596ed277e.exe
[2025-05-27 02:43:46.767] Malware execution started
[2025-05-27 02:43:46.767] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:44:46.775] Taking screenshot
[2025-05-27 02:44:46.834] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:45:07.892] Powering off VM done
[2025-05-27 02:45:10.892] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:45:11.919] Restoring snapshot 35 done
[2025-05-27 02:45:11.919] Kernel telemetry analysis completed in 100.2 seconds.

[2025-05-27 02:45:11.919] ✅ Analysis completed successfully!
[2025-05-27 02:45:11.919] Progress: 28.3% (399/1408)
[2025-05-27 02:45:11.919] Successful: 399, Failed: 0
[2025-05-27 02:45:11.919] Time remaining: 36.9h
[2025-05-27 02:45:11.919] Waiting 5 seconds before next sample...
[2025-05-27 02:45:16.919] SAMPLE 400/1408
[2025-05-27 02:45:16.919] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:45:16.919] File: b524ed1cc22253f09d56f54d8ded4566b63352ff739f58de961f8a5bebb0fad9.exe
[2025-05-27 02:45:16.919] Path: D:\new\ransomware_high_confidence\conti\b524ed1cc22253f09d56f54d8ded4566b63352ff739f58de961f8a5bebb0fad9.exe
[2025-05-27 02:45:16.920] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\b524ed1cc22253f09d56f54d8ded4566b63352ff739f58de961f8a5bebb0fad9.exe
[2025-05-27 02:45:16.920] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:45:18.751] Restoring snapshot 35 done
[2025-05-27 02:45:18.751] Starting up VM
[2025-05-27 02:45:25.739] Starting up VM done
[2025-05-27 02:45:25.739] Installing kernel driver
[2025-05-27 02:45:25.739] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:45:30.043] Kernel driver installation completed
[2025-05-27 02:45:30.043] Starting GP driver service
[2025-05-27 02:45:30.043] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:45:33.196] GP driver service started
[2025-05-27 02:45:33.196] Executing malware sample: D:\new\ransomware_high_confidence\conti\b524ed1cc22253f09d56f54d8ded4566b63352ff739f58de961f8a5bebb0fad9.exe
[2025-05-27 02:45:33.197] Malware execution started
[2025-05-27 02:45:33.197] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:46:33.205] Taking screenshot
[2025-05-27 02:46:33.269] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:47:43.018] Powering off VM done
[2025-05-27 02:47:46.018] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:47:47.429] Restoring snapshot 35 done
[2025-05-27 02:47:47.429] Kernel telemetry analysis completed in 150.5 seconds.

[2025-05-27 02:47:47.429] ✅ Analysis completed successfully!
[2025-05-27 02:47:47.429] Progress: 28.4% (400/1408)
[2025-05-27 02:47:47.429] Successful: 400, Failed: 0
[2025-05-27 02:47:47.429] Time remaining: 36.9h
[2025-05-27 02:47:47.429] Waiting 5 seconds before next sample...
[2025-05-27 02:47:52.429] SAMPLE 401/1408
[2025-05-27 02:47:52.429] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:47:52.429] File: c14f8bc656284715516f26935afe487a1d584f56ffabbcb98f2974f6ca6cd3a4.exe
[2025-05-27 02:47:52.429] Path: D:\new\ransomware_high_confidence\conti\c14f8bc656284715516f26935afe487a1d584f56ffabbcb98f2974f6ca6cd3a4.exe
[2025-05-27 02:47:52.430] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\c14f8bc656284715516f26935afe487a1d584f56ffabbcb98f2974f6ca6cd3a4.exe
[2025-05-27 02:47:52.430] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:47:54.267] Restoring snapshot 35 done
[2025-05-27 02:47:54.267] Starting up VM
[2025-05-27 02:48:01.027] Starting up VM done
[2025-05-27 02:48:01.027] Installing kernel driver
[2025-05-27 02:48:01.027] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:48:05.970] Kernel driver installation completed
[2025-05-27 02:48:05.970] Starting GP driver service
[2025-05-27 02:48:05.970] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:48:09.130] GP driver service started
[2025-05-27 02:48:09.130] Executing malware sample: D:\new\ransomware_high_confidence\conti\c14f8bc656284715516f26935afe487a1d584f56ffabbcb98f2974f6ca6cd3a4.exe
[2025-05-27 02:48:09.130] Malware execution started
[2025-05-27 02:48:09.130] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:49:09.139] Taking screenshot
[2025-05-27 02:49:09.201] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:51:49.601] Powering off VM done
[2025-05-27 02:51:52.602] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:51:54.165] Restoring snapshot 35 done
[2025-05-27 02:51:54.165] Kernel telemetry analysis completed in 241.7 seconds.

[2025-05-27 02:51:54.165] ✅ Analysis completed successfully!
[2025-05-27 02:51:54.165] Progress: 28.5% (401/1408)
[2025-05-27 02:51:54.165] Successful: 401, Failed: 0
[2025-05-27 02:51:54.165] Time remaining: 36.9h
[2025-05-27 02:51:54.165] Waiting 5 seconds before next sample...
[2025-05-27 02:51:59.166] SAMPLE 402/1408
[2025-05-27 02:51:59.166] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:51:59.166] File: d16645bce49ea342c4b4f5afa3f711bf0a3986a4a7354f96f24a21f161fff7cb.exe
[2025-05-27 02:51:59.166] Path: D:\new\ransomware_high_confidence\conti\d16645bce49ea342c4b4f5afa3f711bf0a3986a4a7354f96f24a21f161fff7cb.exe
[2025-05-27 02:51:59.166] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\d16645bce49ea342c4b4f5afa3f711bf0a3986a4a7354f96f24a21f161fff7cb.exe
[2025-05-27 02:51:59.166] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:52:00.999] Restoring snapshot 35 done
[2025-05-27 02:52:00.999] Starting up VM
[2025-05-27 02:52:06.975] Starting up VM done
[2025-05-27 02:52:06.975] Installing kernel driver
[2025-05-27 02:52:06.975] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:52:11.456] Kernel driver installation completed
[2025-05-27 02:52:11.456] Starting GP driver service
[2025-05-27 02:52:11.456] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:52:14.610] GP driver service started
[2025-05-27 02:52:14.610] Executing malware sample: D:\new\ransomware_high_confidence\conti\d16645bce49ea342c4b4f5afa3f711bf0a3986a4a7354f96f24a21f161fff7cb.exe
[2025-05-27 02:52:14.611] Malware execution started
[2025-05-27 02:52:14.611] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:53:14.619] Taking screenshot
[2025-05-27 02:53:14.679] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:54:02.784] Powering off VM done
[2025-05-27 02:54:05.784] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:54:07.197] Restoring snapshot 35 done
[2025-05-27 02:54:07.197] Kernel telemetry analysis completed in 128.0 seconds.

[2025-05-27 02:54:07.197] ✅ Analysis completed successfully!
[2025-05-27 02:54:07.197] Progress: 28.6% (402/1408)
[2025-05-27 02:54:07.197] Successful: 402, Failed: 0
[2025-05-27 02:54:07.197] Time remaining: 36.9h
[2025-05-27 02:54:07.197] Waiting 5 seconds before next sample...
[2025-05-27 02:54:12.198] SAMPLE 403/1408
[2025-05-27 02:54:12.198] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:54:12.198] File: d21c71a090cd6759efc1f258b4d087e82c281ce65a9d76f20a24857901e694fc.exe
[2025-05-27 02:54:12.198] Path: D:\new\ransomware_high_confidence\conti\d21c71a090cd6759efc1f258b4d087e82c281ce65a9d76f20a24857901e694fc.exe
[2025-05-27 02:54:12.198] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\d21c71a090cd6759efc1f258b4d087e82c281ce65a9d76f20a24857901e694fc.exe
[2025-05-27 02:54:12.198] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:54:13.734] Restoring snapshot 35 done
[2025-05-27 02:54:13.734] Starting up VM
[2025-05-27 02:54:20.429] Starting up VM done
[2025-05-27 02:54:20.429] Installing kernel driver
[2025-05-27 02:54:20.429] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:54:24.608] Kernel driver installation completed
[2025-05-27 02:54:24.608] Starting GP driver service
[2025-05-27 02:54:24.608] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:54:27.757] GP driver service started
[2025-05-27 02:54:27.757] Executing malware sample: D:\new\ransomware_high_confidence\conti\d21c71a090cd6759efc1f258b4d087e82c281ce65a9d76f20a24857901e694fc.exe
[2025-05-27 02:54:27.758] Malware execution started
[2025-05-27 02:54:27.758] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:55:27.765] Taking screenshot
[2025-05-27 02:55:27.828] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:55:44.059] Powering off VM done
[2025-05-27 02:55:47.060] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:55:48.694] Restoring snapshot 35 done
[2025-05-27 02:55:48.694] Kernel telemetry analysis completed in 96.5 seconds.

[2025-05-27 02:55:48.694] ✅ Analysis completed successfully!
[2025-05-27 02:55:48.694] Progress: 28.6% (403/1408)
[2025-05-27 02:55:48.694] Successful: 403, Failed: 0
[2025-05-27 02:55:48.694] Time remaining: 36.8h
[2025-05-27 02:55:48.694] Waiting 5 seconds before next sample...
[2025-05-27 02:55:53.694] SAMPLE 404/1408
[2025-05-27 02:55:53.694] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:55:53.694] File: d236d64b7bf9510ea1746d10a4c164a2ef2c724cc62b2bca91d72bdf24821e40.exe
[2025-05-27 02:55:53.694] Path: D:\new\ransomware_high_confidence\conti\d236d64b7bf9510ea1746d10a4c164a2ef2c724cc62b2bca91d72bdf24821e40.exe
[2025-05-27 02:55:53.694] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\d236d64b7bf9510ea1746d10a4c164a2ef2c724cc62b2bca91d72bdf24821e40.exe
[2025-05-27 02:55:53.694] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:55:55.527] Restoring snapshot 35 done
[2025-05-27 02:55:55.527] Starting up VM
[2025-05-27 02:56:01.918] Starting up VM done
[2025-05-27 02:56:01.918] Installing kernel driver
[2025-05-27 02:56:01.918] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:56:05.567] Kernel driver installation completed
[2025-05-27 02:56:05.567] Starting GP driver service
[2025-05-27 02:56:05.567] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:56:08.721] GP driver service started
[2025-05-27 02:56:08.721] Executing malware sample: D:\new\ransomware_high_confidence\conti\d236d64b7bf9510ea1746d10a4c164a2ef2c724cc62b2bca91d72bdf24821e40.exe
[2025-05-27 02:56:08.721] Malware execution started
[2025-05-27 02:56:08.721] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:57:08.729] Taking screenshot
[2025-05-27 02:57:08.792] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:58:02.679] Powering off VM done
[2025-05-27 02:58:05.679] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:58:06.896] Restoring snapshot 35 done
[2025-05-27 02:58:06.896] Kernel telemetry analysis completed in 133.2 seconds.

[2025-05-27 02:58:06.896] ✅ Analysis completed successfully!
[2025-05-27 02:58:06.896] Progress: 28.7% (404/1408)
[2025-05-27 02:58:06.896] Successful: 404, Failed: 0
[2025-05-27 02:58:06.896] Time remaining: 36.8h
[2025-05-27 02:58:06.896] Waiting 5 seconds before next sample...
[2025-05-27 02:58:11.896] SAMPLE 405/1408
[2025-05-27 02:58:11.896] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:58:11.896] File: d338295d50d5b39d8377c593f6d46feb512823e2724704448cc885b40c5056e0.exe
[2025-05-27 02:58:11.896] Path: D:\new\ransomware_high_confidence\conti\d338295d50d5b39d8377c593f6d46feb512823e2724704448cc885b40c5056e0.exe
[2025-05-27 02:58:11.896] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\d338295d50d5b39d8377c593f6d46feb512823e2724704448cc885b40c5056e0.exe
[2025-05-27 02:58:11.896] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:58:13.522] Restoring snapshot 35 done
[2025-05-27 02:58:13.522] Starting up VM
[2025-05-27 02:58:19.939] Starting up VM done
[2025-05-27 02:58:19.939] Installing kernel driver
[2025-05-27 02:58:19.940] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 02:58:24.109] Kernel driver installation completed
[2025-05-27 02:58:24.109] Starting GP driver service
[2025-05-27 02:58:24.109] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 02:58:27.264] GP driver service started
[2025-05-27 02:58:27.264] Executing malware sample: D:\new\ransomware_high_confidence\conti\d338295d50d5b39d8377c593f6d46feb512823e2724704448cc885b40c5056e0.exe
[2025-05-27 02:58:27.265] Malware execution started
[2025-05-27 02:58:27.265] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 02:59:27.273] Taking screenshot
[2025-05-27 02:59:27.336] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:59:43.387] Powering off VM done
[2025-05-27 02:59:46.387] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:59:47.704] Restoring snapshot 35 done
[2025-05-27 02:59:47.704] Kernel telemetry analysis completed in 95.8 seconds.

[2025-05-27 02:59:47.704] ✅ Analysis completed successfully!
[2025-05-27 02:59:47.704] Progress: 28.8% (405/1408)
[2025-05-27 02:59:47.705] Successful: 405, Failed: 0
[2025-05-27 02:59:47.705] Time remaining: 36.7h
[2025-05-27 02:59:47.705] Waiting 5 seconds before next sample...
[2025-05-27 02:59:52.705] SAMPLE 406/1408
[2025-05-27 02:59:52.705] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 02:59:52.705] File: d3c75c5bc4ae087d547bd722bd84478ee6baf8c3355b930f26cc19777cd39d4c.exe
[2025-05-27 02:59:52.705] Path: D:\new\ransomware_high_confidence\conti\d3c75c5bc4ae087d547bd722bd84478ee6baf8c3355b930f26cc19777cd39d4c.exe
[2025-05-27 02:59:52.705] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\d3c75c5bc4ae087d547bd722bd84478ee6baf8c3355b930f26cc19777cd39d4c.exe
[2025-05-27 02:59:52.705] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 02:59:54.197] Restoring snapshot 35 done
[2025-05-27 02:59:54.197] Starting up VM
[2025-05-27 03:00:00.244] Starting up VM done
[2025-05-27 03:00:00.244] Installing kernel driver
[2025-05-27 03:00:00.244] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:00:03.956] Kernel driver installation completed
[2025-05-27 03:00:03.956] Starting GP driver service
[2025-05-27 03:00:03.956] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:00:07.109] GP driver service started
[2025-05-27 03:00:07.109] Executing malware sample: D:\new\ransomware_high_confidence\conti\d3c75c5bc4ae087d547bd722bd84478ee6baf8c3355b930f26cc19777cd39d4c.exe
[2025-05-27 03:00:07.109] Malware execution started
[2025-05-27 03:00:07.109] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:01:07.117] Taking screenshot
[2025-05-27 03:01:07.179] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:02:41.108] Powering off VM done
[2025-05-27 03:02:44.108] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:02:45.341] Restoring snapshot 35 done
[2025-05-27 03:02:45.341] Kernel telemetry analysis completed in 172.6 seconds.

[2025-05-27 03:02:45.341] ✅ Analysis completed successfully!
[2025-05-27 03:02:45.341] Progress: 28.8% (406/1408)
[2025-05-27 03:02:45.341] Successful: 406, Failed: 0
[2025-05-27 03:02:45.341] Time remaining: 36.7h
[2025-05-27 03:02:45.341] Waiting 5 seconds before next sample...
[2025-05-27 03:02:50.341] SAMPLE 407/1408
[2025-05-27 03:02:50.342] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 03:02:50.342] File: d417f3785a33da8b26ce68b62e66bdf7d46869b692fe325541a7be2b98119bd1.exe
[2025-05-27 03:02:50.342] Path: D:\new\ransomware_high_confidence\conti\d417f3785a33da8b26ce68b62e66bdf7d46869b692fe325541a7be2b98119bd1.exe
[2025-05-27 03:02:50.342] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\d417f3785a33da8b26ce68b62e66bdf7d46869b692fe325541a7be2b98119bd1.exe
[2025-05-27 03:02:50.342] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:02:52.301] Restoring snapshot 35 done
[2025-05-27 03:02:52.301] Starting up VM
[2025-05-27 03:02:59.023] Starting up VM done
[2025-05-27 03:02:59.023] Installing kernel driver
[2025-05-27 03:02:59.023] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:03:03.194] Kernel driver installation completed
[2025-05-27 03:03:03.194] Starting GP driver service
[2025-05-27 03:03:03.194] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:03:06.356] GP driver service started
[2025-05-27 03:03:06.356] Executing malware sample: D:\new\ransomware_high_confidence\conti\d417f3785a33da8b26ce68b62e66bdf7d46869b692fe325541a7be2b98119bd1.exe
[2025-05-27 03:03:06.356] Malware execution started
[2025-05-27 03:03:06.356] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:04:06.364] Taking screenshot
[2025-05-27 03:04:06.427] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:05:05.937] Powering off VM done
[2025-05-27 03:05:08.937] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:05:10.264] Restoring snapshot 35 done
[2025-05-27 03:05:10.264] Kernel telemetry analysis completed in 139.9 seconds.

[2025-05-27 03:05:10.264] ✅ Analysis completed successfully!
[2025-05-27 03:05:10.264] Progress: 28.9% (407/1408)
[2025-05-27 03:05:10.264] Successful: 407, Failed: 0
[2025-05-27 03:05:10.265] Time remaining: 36.7h
[2025-05-27 03:05:10.265] Waiting 5 seconds before next sample...
[2025-05-27 03:05:15.265] SAMPLE 408/1408
[2025-05-27 03:05:15.265] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 03:05:15.265] File: d7868354f2dfe79e91adef4f7b24bcb60772a76c577bcc5c71709c8a3e26eb5d.exe
[2025-05-27 03:05:15.265] Path: D:\new\ransomware_high_confidence\conti\d7868354f2dfe79e91adef4f7b24bcb60772a76c577bcc5c71709c8a3e26eb5d.exe
[2025-05-27 03:05:15.265] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\d7868354f2dfe79e91adef4f7b24bcb60772a76c577bcc5c71709c8a3e26eb5d.exe
[2025-05-27 03:05:15.265] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:05:16.802] Restoring snapshot 35 done
[2025-05-27 03:05:16.802] Starting up VM
[2025-05-27 03:05:22.934] Starting up VM done
[2025-05-27 03:05:22.934] Installing kernel driver
[2025-05-27 03:05:22.934] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:05:27.173] Kernel driver installation completed
[2025-05-27 03:05:27.173] Starting GP driver service
[2025-05-27 03:05:27.173] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:05:30.329] GP driver service started
[2025-05-27 03:05:30.330] Executing malware sample: D:\new\ransomware_high_confidence\conti\d7868354f2dfe79e91adef4f7b24bcb60772a76c577bcc5c71709c8a3e26eb5d.exe
[2025-05-27 03:05:30.330] Malware execution started
[2025-05-27 03:05:30.330] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:06:30.338] Taking screenshot
[2025-05-27 03:06:30.401] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:06:57.943] Powering off VM done
[2025-05-27 03:07:00.944] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:07:02.313] Restoring snapshot 35 done
[2025-05-27 03:07:02.313] Kernel telemetry analysis completed in 107.0 seconds.

[2025-05-27 03:07:02.313] ✅ Analysis completed successfully!
[2025-05-27 03:07:02.313] Progress: 29.0% (408/1408)
[2025-05-27 03:07:02.313] Successful: 408, Failed: 0
[2025-05-27 03:07:02.313] Time remaining: 36.7h
[2025-05-27 03:07:02.313] Waiting 5 seconds before next sample...
[2025-05-27 03:07:07.313] SAMPLE 409/1408
[2025-05-27 03:07:07.313] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 03:07:07.313] File: dbc76355c56a885a1475174fb5325d61b875fd6207ef465cae05617b49463a38.exe
[2025-05-27 03:07:07.313] Path: D:\new\ransomware_high_confidence\conti\dbc76355c56a885a1475174fb5325d61b875fd6207ef465cae05617b49463a38.exe
[2025-05-27 03:07:07.313] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\dbc76355c56a885a1475174fb5325d61b875fd6207ef465cae05617b49463a38.exe
[2025-05-27 03:07:07.313] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:07:09.117] Restoring snapshot 35 done
[2025-05-27 03:07:09.117] Starting up VM
[2025-05-27 03:07:15.180] Starting up VM done
[2025-05-27 03:07:15.180] Installing kernel driver
[2025-05-27 03:07:15.180] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:07:18.839] Kernel driver installation completed
[2025-05-27 03:07:18.839] Starting GP driver service
[2025-05-27 03:07:18.839] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:07:21.994] GP driver service started
[2025-05-27 03:07:21.994] Executing malware sample: D:\new\ransomware_high_confidence\conti\dbc76355c56a885a1475174fb5325d61b875fd6207ef465cae05617b49463a38.exe
[2025-05-27 03:07:21.995] Malware execution started
[2025-05-27 03:07:21.995] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:08:22.003] Taking screenshot
[2025-05-27 03:08:22.066] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:09:02.843] Powering off VM done
[2025-05-27 03:09:05.843] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:09:07.158] Restoring snapshot 35 done
[2025-05-27 03:09:07.158] Kernel telemetry analysis completed in 119.8 seconds.

[2025-05-27 03:09:07.158] ✅ Analysis completed successfully!
[2025-05-27 03:09:07.158] Progress: 29.0% (409/1408)
[2025-05-27 03:09:07.158] Successful: 409, Failed: 0
[2025-05-27 03:09:07.158] Time remaining: 36.6h
[2025-05-27 03:09:07.158] Waiting 5 seconds before next sample...
[2025-05-27 03:09:12.159] SAMPLE 410/1408
[2025-05-27 03:09:12.159] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 03:09:12.159] File: e16fea1b8874cc6b26e7e2df9697f03f86efa82247bb3b2922f1d05052dbcbb4.exe
[2025-05-27 03:09:12.159] Path: D:\new\ransomware_high_confidence\conti\e16fea1b8874cc6b26e7e2df9697f03f86efa82247bb3b2922f1d05052dbcbb4.exe
[2025-05-27 03:09:12.159] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\e16fea1b8874cc6b26e7e2df9697f03f86efa82247bb3b2922f1d05052dbcbb4.exe
[2025-05-27 03:09:12.159] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:09:13.742] Restoring snapshot 35 done
[2025-05-27 03:09:13.742] Starting up VM
[2025-05-27 03:09:20.610] Starting up VM done
[2025-05-27 03:09:20.611] Installing kernel driver
[2025-05-27 03:09:20.611] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:09:24.706] Kernel driver installation completed
[2025-05-27 03:09:24.706] Starting GP driver service
[2025-05-27 03:09:24.706] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:09:27.858] GP driver service started
[2025-05-27 03:09:27.858] Executing malware sample: D:\new\ransomware_high_confidence\conti\e16fea1b8874cc6b26e7e2df9697f03f86efa82247bb3b2922f1d05052dbcbb4.exe
[2025-05-27 03:09:27.859] Malware execution started
[2025-05-27 03:09:27.859] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:10:27.867] Taking screenshot
[2025-05-27 03:10:27.929] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:10:59.223] Powering off VM done
[2025-05-27 03:11:02.223] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:11:03.550] Restoring snapshot 35 done
[2025-05-27 03:11:03.550] Kernel telemetry analysis completed in 111.4 seconds.

[2025-05-27 03:11:03.550] ✅ Analysis completed successfully!
[2025-05-27 03:11:03.550] Progress: 29.1% (410/1408)
[2025-05-27 03:11:03.550] Successful: 410, Failed: 0
[2025-05-27 03:11:03.550] Time remaining: 36.6h
[2025-05-27 03:11:03.550] Waiting 5 seconds before next sample...
[2025-05-27 03:11:08.551] SAMPLE 411/1408
[2025-05-27 03:11:08.551] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 03:11:08.551] File: e64e350861b86d4e05668bc25e6c952880f6b39ca921496ccce1487dbf6acab6.exe
[2025-05-27 03:11:08.551] Path: D:\new\ransomware_high_confidence\conti\e64e350861b86d4e05668bc25e6c952880f6b39ca921496ccce1487dbf6acab6.exe
[2025-05-27 03:11:08.551] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\e64e350861b86d4e05668bc25e6c952880f6b39ca921496ccce1487dbf6acab6.exe
[2025-05-27 03:11:08.551] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:11:10.137] Restoring snapshot 35 done
[2025-05-27 03:11:10.137] Starting up VM
[2025-05-27 03:11:16.071] Starting up VM done
[2025-05-27 03:11:16.071] Installing kernel driver
[2025-05-27 03:11:16.071] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:11:20.298] Kernel driver installation completed
[2025-05-27 03:11:20.299] Starting GP driver service
[2025-05-27 03:11:20.299] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:11:23.452] GP driver service started
[2025-05-27 03:11:23.452] Executing malware sample: D:\new\ransomware_high_confidence\conti\e64e350861b86d4e05668bc25e6c952880f6b39ca921496ccce1487dbf6acab6.exe
[2025-05-27 03:11:23.452] Malware execution started
[2025-05-27 03:11:23.452] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:12:23.460] Taking screenshot
[2025-05-27 03:12:23.522] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:13:39.851] Powering off VM done
[2025-05-27 03:13:42.851] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:13:44.337] Restoring snapshot 35 done
[2025-05-27 03:13:44.337] Kernel telemetry analysis completed in 155.8 seconds.

[2025-05-27 03:13:44.337] ✅ Analysis completed successfully!
[2025-05-27 03:13:44.337] Progress: 29.2% (411/1408)
[2025-05-27 03:13:44.337] Successful: 411, Failed: 0
[2025-05-27 03:13:44.337] Time remaining: 36.6h
[2025-05-27 03:13:44.337] Waiting 5 seconds before next sample...
[2025-05-27 03:13:49.337] SAMPLE 412/1408
[2025-05-27 03:13:49.337] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 03:13:49.337] File: eacaab8d6520c9bf9dec6cbdffa7c4ad8c15fd57dd4165cf895a0aaae3ffe371.exe
[2025-05-27 03:13:49.337] Path: D:\new\ransomware_high_confidence\conti\eacaab8d6520c9bf9dec6cbdffa7c4ad8c15fd57dd4165cf895a0aaae3ffe371.exe
[2025-05-27 03:13:49.337] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\eacaab8d6520c9bf9dec6cbdffa7c4ad8c15fd57dd4165cf895a0aaae3ffe371.exe
[2025-05-27 03:13:49.337] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:13:50.954] Restoring snapshot 35 done
[2025-05-27 03:13:50.954] Starting up VM
[2025-05-27 03:13:56.926] Starting up VM done
[2025-05-27 03:13:56.926] Installing kernel driver
[2025-05-27 03:13:56.926] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:14:01.224] Kernel driver installation completed
[2025-05-27 03:14:01.224] Starting GP driver service
[2025-05-27 03:14:01.224] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:14:04.384] GP driver service started
[2025-05-27 03:14:04.385] Executing malware sample: D:\new\ransomware_high_confidence\conti\eacaab8d6520c9bf9dec6cbdffa7c4ad8c15fd57dd4165cf895a0aaae3ffe371.exe
[2025-05-27 03:14:04.385] Malware execution started
[2025-05-27 03:14:04.385] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:15:04.394] Taking screenshot
[2025-05-27 03:15:04.456] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:16:02.156] Powering off VM done
[2025-05-27 03:16:05.156] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:16:06.189] Restoring snapshot 35 done
[2025-05-27 03:16:06.189] Kernel telemetry analysis completed in 136.9 seconds.

[2025-05-27 03:16:06.189] ✅ Analysis completed successfully!
[2025-05-27 03:16:06.189] Progress: 29.3% (412/1408)
[2025-05-27 03:16:06.189] Successful: 412, Failed: 0
[2025-05-27 03:16:06.189] Time remaining: 36.5h
[2025-05-27 03:16:06.189] Waiting 5 seconds before next sample...
[2025-05-27 03:16:11.189] SAMPLE 413/1408
[2025-05-27 03:16:11.189] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 03:16:11.189] File: eae876886f19ba384f55778634a35a1d975414e83f22f6111e3e792f706301fe.exe
[2025-05-27 03:16:11.189] Path: D:\new\ransomware_high_confidence\conti\eae876886f19ba384f55778634a35a1d975414e83f22f6111e3e792f706301fe.exe
[2025-05-27 03:16:11.189] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\eae876886f19ba384f55778634a35a1d975414e83f22f6111e3e792f706301fe.exe
[2025-05-27 03:16:11.189] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:16:12.742] Restoring snapshot 35 done
[2025-05-27 03:16:12.742] Starting up VM
[2025-05-27 03:16:19.373] Starting up VM done
[2025-05-27 03:16:19.373] Installing kernel driver
[2025-05-27 03:16:19.373] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:16:23.749] Kernel driver installation completed
[2025-05-27 03:16:23.749] Starting GP driver service
[2025-05-27 03:16:23.749] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:16:26.906] GP driver service started
[2025-05-27 03:16:26.906] Executing malware sample: D:\new\ransomware_high_confidence\conti\eae876886f19ba384f55778634a35a1d975414e83f22f6111e3e792f706301fe.exe
[2025-05-27 03:16:26.906] Malware execution started
[2025-05-27 03:16:26.906] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:17:26.914] Taking screenshot
[2025-05-27 03:17:26.977] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:20:07.373] Powering off VM done
[2025-05-27 03:20:10.374] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:20:11.597] Restoring snapshot 35 done
[2025-05-27 03:20:11.597] Kernel telemetry analysis completed in 240.4 seconds.

[2025-05-27 03:20:11.597] ✅ Analysis completed successfully!
[2025-05-27 03:20:11.597] Progress: 29.3% (413/1408)
[2025-05-27 03:20:11.597] Successful: 413, Failed: 0
[2025-05-27 03:20:11.597] Time remaining: 36.6h
[2025-05-27 03:20:11.597] Waiting 5 seconds before next sample...
[2025-05-27 03:20:16.597] SAMPLE 414/1408
[2025-05-27 03:20:16.597] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 03:20:16.597] File: ef2cd9ded5532af231e0990feaf2df8fd79dc63f7a677192e17b89ef4adb7dd2.exe
[2025-05-27 03:20:16.597] Path: D:\new\ransomware_high_confidence\conti\ef2cd9ded5532af231e0990feaf2df8fd79dc63f7a677192e17b89ef4adb7dd2.exe
[2025-05-27 03:20:16.597] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\ef2cd9ded5532af231e0990feaf2df8fd79dc63f7a677192e17b89ef4adb7dd2.exe
[2025-05-27 03:20:16.597] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:20:18.349] Restoring snapshot 35 done
[2025-05-27 03:20:18.349] Starting up VM
[2025-05-27 03:20:25.489] Starting up VM done
[2025-05-27 03:20:25.490] Installing kernel driver
[2025-05-27 03:20:25.490] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:20:29.208] Kernel driver installation completed
[2025-05-27 03:20:29.208] Starting GP driver service
[2025-05-27 03:20:29.208] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:20:32.360] GP driver service started
[2025-05-27 03:20:32.360] Executing malware sample: D:\new\ransomware_high_confidence\conti\ef2cd9ded5532af231e0990feaf2df8fd79dc63f7a677192e17b89ef4adb7dd2.exe
[2025-05-27 03:20:32.361] Malware execution started
[2025-05-27 03:20:32.361] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:21:32.369] Taking screenshot
[2025-05-27 03:21:32.432] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:22:28.120] Powering off VM done
[2025-05-27 03:22:31.121] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:22:32.348] Restoring snapshot 35 done
[2025-05-27 03:22:32.349] Kernel telemetry analysis completed in 135.8 seconds.

[2025-05-27 03:22:32.349] ✅ Analysis completed successfully!
[2025-05-27 03:22:32.349] Progress: 29.4% (414/1408)
[2025-05-27 03:22:32.349] Successful: 414, Failed: 0
[2025-05-27 03:22:32.349] Time remaining: 36.5h
[2025-05-27 03:22:32.349] Waiting 5 seconds before next sample...
[2025-05-27 03:22:37.349] SAMPLE 415/1408
[2025-05-27 03:22:37.349] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 03:22:37.349] File: ef870eae64e28ebd71c8ad909af39ea9a072256bfd634210f4de24ded5a3304a.exe
[2025-05-27 03:22:37.349] Path: D:\new\ransomware_high_confidence\conti\ef870eae64e28ebd71c8ad909af39ea9a072256bfd634210f4de24ded5a3304a.exe
[2025-05-27 03:22:37.349] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\ef870eae64e28ebd71c8ad909af39ea9a072256bfd634210f4de24ded5a3304a.exe
[2025-05-27 03:22:37.349] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:22:38.896] Restoring snapshot 35 done
[2025-05-27 03:22:38.896] Starting up VM
[2025-05-27 03:22:45.236] Starting up VM done
[2025-05-27 03:22:45.236] Installing kernel driver
[2025-05-27 03:22:45.236] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:22:48.963] Kernel driver installation completed
[2025-05-27 03:22:48.963] Starting GP driver service
[2025-05-27 03:22:48.963] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:22:52.125] GP driver service started
[2025-05-27 03:22:52.125] Executing malware sample: D:\new\ransomware_high_confidence\conti\ef870eae64e28ebd71c8ad909af39ea9a072256bfd634210f4de24ded5a3304a.exe
[2025-05-27 03:22:52.126] Malware execution started
[2025-05-27 03:22:52.126] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:23:52.134] Taking screenshot
[2025-05-27 03:23:52.197] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:24:33.936] Powering off VM done
[2025-05-27 03:24:36.936] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:24:38.495] Restoring snapshot 35 done
[2025-05-27 03:24:38.495] Kernel telemetry analysis completed in 121.1 seconds.

[2025-05-27 03:24:38.495] ✅ Analysis completed successfully!
[2025-05-27 03:24:38.495] Progress: 29.5% (415/1408)
[2025-05-27 03:24:38.495] Successful: 415, Failed: 0
[2025-05-27 03:24:38.495] Time remaining: 36.5h
[2025-05-27 03:24:38.495] Waiting 5 seconds before next sample...
[2025-05-27 03:24:43.495] SAMPLE 416/1408
[2025-05-27 03:24:43.495] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 03:24:43.495] File: f20ed03ba228b36064517c1e5fff9ae40d957451a5c6d9a48f9bbe2c3dd881b7.exe
[2025-05-27 03:24:43.495] Path: D:\new\ransomware_high_confidence\conti\f20ed03ba228b36064517c1e5fff9ae40d957451a5c6d9a48f9bbe2c3dd881b7.exe
[2025-05-27 03:24:43.495] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\f20ed03ba228b36064517c1e5fff9ae40d957451a5c6d9a48f9bbe2c3dd881b7.exe
[2025-05-27 03:24:43.495] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:24:45.367] Restoring snapshot 35 done
[2025-05-27 03:24:45.367] Starting up VM
[2025-05-27 03:24:51.624] Starting up VM done
[2025-05-27 03:24:51.624] Installing kernel driver
[2025-05-27 03:24:51.624] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:24:55.780] Kernel driver installation completed
[2025-05-27 03:24:55.780] Starting GP driver service
[2025-05-27 03:24:55.780] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:24:58.937] GP driver service started
[2025-05-27 03:24:58.937] Executing malware sample: D:\new\ransomware_high_confidence\conti\f20ed03ba228b36064517c1e5fff9ae40d957451a5c6d9a48f9bbe2c3dd881b7.exe
[2025-05-27 03:24:58.938] Malware execution started
[2025-05-27 03:24:58.938] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:25:58.946] Taking screenshot
[2025-05-27 03:25:59.011] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:27:32.731] Powering off VM done
[2025-05-27 03:27:35.731] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:27:36.751] Restoring snapshot 35 done
[2025-05-27 03:27:36.751] Kernel telemetry analysis completed in 173.3 seconds.

[2025-05-27 03:27:36.751] ✅ Analysis completed successfully!
[2025-05-27 03:27:36.751] Progress: 29.5% (416/1408)
[2025-05-27 03:27:36.751] Successful: 416, Failed: 0
[2025-05-27 03:27:36.751] Time remaining: 36.5h
[2025-05-27 03:27:36.751] Waiting 5 seconds before next sample...
[2025-05-27 03:27:41.751] SAMPLE 417/1408
[2025-05-27 03:27:41.751] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 03:27:41.751] File: f7b83f07f6fec1df0fa73c935c96dc2ec8fbe0de3b17bb56f9963c92c22715c3.exe
[2025-05-27 03:27:41.751] Path: D:\new\ransomware_high_confidence\conti\f7b83f07f6fec1df0fa73c935c96dc2ec8fbe0de3b17bb56f9963c92c22715c3.exe
[2025-05-27 03:27:41.752] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\f7b83f07f6fec1df0fa73c935c96dc2ec8fbe0de3b17bb56f9963c92c22715c3.exe
[2025-05-27 03:27:41.752] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:27:43.389] Restoring snapshot 35 done
[2025-05-27 03:27:43.389] Starting up VM
[2025-05-27 03:27:49.365] Starting up VM done
[2025-05-27 03:27:49.365] Installing kernel driver
[2025-05-27 03:27:49.365] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:27:53.868] Kernel driver installation completed
[2025-05-27 03:27:53.868] Starting GP driver service
[2025-05-27 03:27:53.868] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:27:57.019] GP driver service started
[2025-05-27 03:27:57.019] Executing malware sample: D:\new\ransomware_high_confidence\conti\f7b83f07f6fec1df0fa73c935c96dc2ec8fbe0de3b17bb56f9963c92c22715c3.exe
[2025-05-27 03:27:57.020] Malware execution started
[2025-05-27 03:27:57.020] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:28:57.028] Taking screenshot
[2025-05-27 03:28:57.091] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:30:27.659] Powering off VM done
[2025-05-27 03:30:30.659] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:30:31.703] Restoring snapshot 35 done
[2025-05-27 03:30:31.703] Kernel telemetry analysis completed in 170.0 seconds.

[2025-05-27 03:30:31.703] ✅ Analysis completed successfully!
[2025-05-27 03:30:31.703] Progress: 29.6% (417/1408)
[2025-05-27 03:30:31.703] Successful: 417, Failed: 0
[2025-05-27 03:30:31.703] Time remaining: 36.5h
[2025-05-27 03:30:31.703] Waiting 5 seconds before next sample...
[2025-05-27 03:30:36.703] SAMPLE 418/1408
[2025-05-27 03:30:36.703] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 03:30:36.703] File: f848c62dbc910ee32990161cc598f550707d26c524394be35c7bdb7a62626047.exe
[2025-05-27 03:30:36.703] Path: D:\new\ransomware_high_confidence\conti\f848c62dbc910ee32990161cc598f550707d26c524394be35c7bdb7a62626047.exe
[2025-05-27 03:30:36.704] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\f848c62dbc910ee32990161cc598f550707d26c524394be35c7bdb7a62626047.exe
[2025-05-27 03:30:36.704] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:30:38.537] Restoring snapshot 35 done
[2025-05-27 03:30:38.537] Starting up VM
[2025-05-27 03:30:45.034] Starting up VM done
[2025-05-27 03:30:45.034] Installing kernel driver
[2025-05-27 03:30:45.034] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:30:48.721] Kernel driver installation completed
[2025-05-27 03:30:48.721] Starting GP driver service
[2025-05-27 03:30:48.721] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:30:51.899] GP driver service started
[2025-05-27 03:30:51.899] Executing malware sample: D:\new\ransomware_high_confidence\conti\f848c62dbc910ee32990161cc598f550707d26c524394be35c7bdb7a62626047.exe
[2025-05-27 03:30:51.899] Malware execution started
[2025-05-27 03:30:51.899] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:31:51.907] Taking screenshot
[2025-05-27 03:31:51.970] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:32:47.970] Powering off VM done
[2025-05-27 03:32:50.971] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:32:52.197] Restoring snapshot 35 done
[2025-05-27 03:32:52.197] Kernel telemetry analysis completed in 135.5 seconds.

[2025-05-27 03:32:52.197] ✅ Analysis completed successfully!
[2025-05-27 03:32:52.197] Progress: 29.7% (418/1408)
[2025-05-27 03:32:52.197] Successful: 418, Failed: 0
[2025-05-27 03:32:52.197] Time remaining: 36.5h
[2025-05-27 03:32:52.197] Waiting 5 seconds before next sample...
[2025-05-27 03:32:57.197] SAMPLE 419/1408
[2025-05-27 03:32:57.197] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 03:32:57.197] File: f99c69327a746f4fde02b7a550cf6c9f48e5e22fcb49bea0e3e4bc5a3efa605c.exe
[2025-05-27 03:32:57.197] Path: D:\new\ransomware_high_confidence\conti\f99c69327a746f4fde02b7a550cf6c9f48e5e22fcb49bea0e3e4bc5a3efa605c.exe
[2025-05-27 03:32:57.197] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\f99c69327a746f4fde02b7a550cf6c9f48e5e22fcb49bea0e3e4bc5a3efa605c.exe
[2025-05-27 03:32:57.197] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:32:59.038] Restoring snapshot 35 done
[2025-05-27 03:32:59.038] Starting up VM
[2025-05-27 03:33:05.820] Starting up VM done
[2025-05-27 03:33:05.820] Installing kernel driver
[2025-05-27 03:33:05.820] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:33:09.942] Kernel driver installation completed
[2025-05-27 03:33:09.942] Starting GP driver service
[2025-05-27 03:33:09.942] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:33:13.098] GP driver service started
[2025-05-27 03:33:13.098] Executing malware sample: D:\new\ransomware_high_confidence\conti\f99c69327a746f4fde02b7a550cf6c9f48e5e22fcb49bea0e3e4bc5a3efa605c.exe
[2025-05-27 03:33:13.098] Malware execution started
[2025-05-27 03:33:13.099] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:34:13.106] Taking screenshot
[2025-05-27 03:34:13.168] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:34:39.928] Powering off VM done
[2025-05-27 03:34:42.928] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:34:45.033] Restoring snapshot 35 done
[2025-05-27 03:34:45.033] Kernel telemetry analysis completed in 107.8 seconds.

[2025-05-27 03:34:45.034] ✅ Analysis completed successfully!
[2025-05-27 03:34:45.034] Progress: 29.8% (419/1408)
[2025-05-27 03:34:45.034] Successful: 419, Failed: 0
[2025-05-27 03:34:45.034] Time remaining: 36.4h
[2025-05-27 03:34:45.034] Waiting 5 seconds before next sample...
[2025-05-27 03:34:50.034] SAMPLE 420/1408
[2025-05-27 03:34:50.034] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 03:34:50.034] File: fc783af396a1bd9c81613cd051db69e778c102953aec0d6f67743846f3b862e6.exe
[2025-05-27 03:34:50.034] Path: D:\new\ransomware_high_confidence\conti\fc783af396a1bd9c81613cd051db69e778c102953aec0d6f67743846f3b862e6.exe
[2025-05-27 03:34:50.034] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\fc783af396a1bd9c81613cd051db69e778c102953aec0d6f67743846f3b862e6.exe
[2025-05-27 03:34:50.034] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:34:52.359] Restoring snapshot 35 done
[2025-05-27 03:34:52.359] Starting up VM
[2025-05-27 03:34:58.362] Starting up VM done
[2025-05-27 03:34:58.362] Installing kernel driver
[2025-05-27 03:34:58.362] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:35:02.543] Kernel driver installation completed
[2025-05-27 03:35:02.543] Starting GP driver service
[2025-05-27 03:35:02.543] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:35:05.699] GP driver service started
[2025-05-27 03:35:05.699] Executing malware sample: D:\new\ransomware_high_confidence\conti\fc783af396a1bd9c81613cd051db69e778c102953aec0d6f67743846f3b862e6.exe
[2025-05-27 03:35:05.699] Malware execution started
[2025-05-27 03:35:05.699] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:36:05.707] Taking screenshot
[2025-05-27 03:36:05.771] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:36:21.822] Powering off VM done
[2025-05-27 03:36:24.822] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:36:26.475] Restoring snapshot 35 done
[2025-05-27 03:36:26.475] Kernel telemetry analysis completed in 96.4 seconds.

[2025-05-27 03:36:26.476] ✅ Analysis completed successfully!
[2025-05-27 03:36:26.476] Progress: 29.8% (420/1408)
[2025-05-27 03:36:26.476] Successful: 420, Failed: 0
[2025-05-27 03:36:26.476] Time remaining: 36.3h
[2025-05-27 03:36:26.476] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-27 03:36:31.476] SAMPLE 421/1408
[2025-05-27 03:36:31.476] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 03:36:31.476] File: fe1652f4b828c9f98ff4a37829f4a988ad3c1601fc0dff7f99fe941ae4e81864.exe
[2025-05-27 03:36:31.476] Path: D:\new\ransomware_high_confidence\conti\fe1652f4b828c9f98ff4a37829f4a988ad3c1601fc0dff7f99fe941ae4e81864.exe
[2025-05-27 03:36:31.476] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\fe1652f4b828c9f98ff4a37829f4a988ad3c1601fc0dff7f99fe941ae4e81864.exe
[2025-05-27 03:36:31.476] Malware execution time: 60 seconds
[2025-05-27 03:36:31.476] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:36:33.184] Restoring snapshot 35 done
[2025-05-27 03:36:33.184] Starting up VM
[2025-05-27 03:36:39.288] Starting up VM done
[2025-05-27 03:36:39.288] Installing kernel driver
[2025-05-27 03:36:39.288] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:36:43.683] Kernel driver installation completed
[2025-05-27 03:36:43.683] Starting GP driver service
[2025-05-27 03:36:43.683] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:36:46.839] GP driver service started
[2025-05-27 03:36:46.839] Executing malware sample: D:\new\ransomware_high_confidence\conti\fe1652f4b828c9f98ff4a37829f4a988ad3c1601fc0dff7f99fe941ae4e81864.exe
[2025-05-27 03:36:46.840] Malware execution started
[2025-05-27 03:36:46.840] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:37:46.848] Taking screenshot
[2025-05-27 03:37:46.908] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:38:03.705] Powering off VM done
[2025-05-27 03:38:06.705] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:38:08.185] Restoring snapshot 35 done
[2025-05-27 03:38:08.185] Kernel telemetry analysis completed in 96.7 seconds.

[2025-05-27 03:38:08.185] ✅ Analysis completed successfully!
[2025-05-27 03:38:08.185] Progress: 29.9% (421/1408)
[2025-05-27 03:38:08.185] Successful: 421, Failed: 0
[2025-05-27 03:38:08.185] Time remaining: 36.3h
[2025-05-27 03:38:08.185] Waiting 5 seconds before next sample...
[2025-05-27 03:38:13.185] SAMPLE 422/1408
[2025-05-27 03:38:13.185] Family: D:\new\ransomware_high_confidence\conti
[2025-05-27 03:38:13.186] File: fe6e84192da5c0210d4bd51e809792b28e60edb337917f903a7e9a31bc40cf86.exe
[2025-05-27 03:38:13.186] Path: D:\new\ransomware_high_confidence\conti\fe6e84192da5c0210d4bd51e809792b28e60edb337917f903a7e9a31bc40cf86.exe
[2025-05-27 03:38:13.186] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\conti\fe6e84192da5c0210d4bd51e809792b28e60edb337917f903a7e9a31bc40cf86.exe
[2025-05-27 03:38:13.186] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:38:14.729] Restoring snapshot 35 done
[2025-05-27 03:38:14.729] Starting up VM
[2025-05-27 03:38:20.633] Starting up VM done
[2025-05-27 03:38:20.633] Installing kernel driver
[2025-05-27 03:38:20.633] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:38:24.841] Kernel driver installation completed
[2025-05-27 03:38:24.841] Starting GP driver service
[2025-05-27 03:38:24.841] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:38:27.994] GP driver service started
[2025-05-27 03:38:27.994] Executing malware sample: D:\new\ransomware_high_confidence\conti\fe6e84192da5c0210d4bd51e809792b28e60edb337917f903a7e9a31bc40cf86.exe
[2025-05-27 03:38:27.995] Malware execution started
[2025-05-27 03:38:27.995] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:39:28.002] Taking screenshot
[2025-05-27 03:39:28.065] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:39:44.628] Powering off VM done
[2025-05-27 03:39:47.628] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:39:48.653] Restoring snapshot 35 done
[2025-05-27 03:39:48.653] Kernel telemetry analysis completed in 95.5 seconds.

[2025-05-27 03:39:48.653] ✅ Analysis completed successfully!
[2025-05-27 03:39:48.653] Progress: 30.0% (422/1408)
[2025-05-27 03:39:48.653] Successful: 422, Failed: 0
[2025-05-27 03:39:48.653] Time remaining: 36.2h
[2025-05-27 03:39:48.653] Waiting 5 seconds before next sample...
[2025-05-27 03:39:53.653] SAMPLE 423/1408
[2025-05-27 03:39:53.653] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 03:39:53.653] File: 029c5d48e425206e2ae84a63d62bdbc80362702913b38618a423c541c8a0ed40.exe
[2025-05-27 03:39:53.653] Path: D:\new\ransomware_high_confidence\darkside\029c5d48e425206e2ae84a63d62bdbc80362702913b38618a423c541c8a0ed40.exe
[2025-05-27 03:39:53.653] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\029c5d48e425206e2ae84a63d62bdbc80362702913b38618a423c541c8a0ed40.exe
[2025-05-27 03:39:53.653] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:39:55.673] Restoring snapshot 35 done
[2025-05-27 03:39:55.673] Starting up VM
[2025-05-27 03:40:01.973] Starting up VM done
[2025-05-27 03:40:01.973] Installing kernel driver
[2025-05-27 03:40:01.973] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:40:06.259] Kernel driver installation completed
[2025-05-27 03:40:06.259] Starting GP driver service
[2025-05-27 03:40:06.259] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:40:09.415] GP driver service started
[2025-05-27 03:40:09.416] Executing malware sample: D:\new\ransomware_high_confidence\darkside\029c5d48e425206e2ae84a63d62bdbc80362702913b38618a423c541c8a0ed40.exe
[2025-05-27 03:40:09.416] Malware execution started
[2025-05-27 03:40:09.416] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:41:09.425] Taking screenshot
[2025-05-27 03:41:09.488] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:41:25.989] Powering off VM done
[2025-05-27 03:41:28.989] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:41:30.889] Restoring snapshot 35 done
[2025-05-27 03:41:30.889] Kernel telemetry analysis completed in 97.2 seconds.

[2025-05-27 03:41:30.889] ✅ Analysis completed successfully!
[2025-05-27 03:41:30.889] Progress: 30.0% (423/1408)
[2025-05-27 03:41:30.889] Successful: 423, Failed: 0
[2025-05-27 03:41:30.889] Time remaining: 36.2h
[2025-05-27 03:41:30.889] Waiting 5 seconds before next sample...
[2025-05-27 03:41:35.889] SAMPLE 424/1408
[2025-05-27 03:41:35.890] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 03:41:35.890] File: 0a0c225f0e5ee941a79f2b7701f1285e4975a2859eb4d025d96d9e366e81abb9.exe
[2025-05-27 03:41:35.890] Path: D:\new\ransomware_high_confidence\darkside\0a0c225f0e5ee941a79f2b7701f1285e4975a2859eb4d025d96d9e366e81abb9.exe
[2025-05-27 03:41:35.890] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\0a0c225f0e5ee941a79f2b7701f1285e4975a2859eb4d025d96d9e366e81abb9.exe
[2025-05-27 03:41:35.890] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:41:37.424] Restoring snapshot 35 done
[2025-05-27 03:41:37.424] Starting up VM
[2025-05-27 03:41:43.297] Starting up VM done
[2025-05-27 03:41:43.297] Installing kernel driver
[2025-05-27 03:41:43.297] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:41:47.019] Kernel driver installation completed
[2025-05-27 03:41:47.019] Starting GP driver service
[2025-05-27 03:41:47.019] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:41:50.169] GP driver service started
[2025-05-27 03:41:50.169] Executing malware sample: D:\new\ransomware_high_confidence\darkside\0a0c225f0e5ee941a79f2b7701f1285e4975a2859eb4d025d96d9e366e81abb9.exe
[2025-05-27 03:41:50.169] Malware execution started
[2025-05-27 03:41:50.169] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:42:50.178] Taking screenshot
[2025-05-27 03:42:50.242] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:43:07.091] Powering off VM done
[2025-05-27 03:43:10.091] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:43:11.588] Restoring snapshot 35 done
[2025-05-27 03:43:11.588] Kernel telemetry analysis completed in 95.7 seconds.

[2025-05-27 03:43:11.588] ✅ Analysis completed successfully!
[2025-05-27 03:43:11.588] Progress: 30.1% (424/1408)
[2025-05-27 03:43:11.588] Successful: 424, Failed: 0
[2025-05-27 03:43:11.588] Time remaining: 36.1h
[2025-05-27 03:43:11.588] Waiting 5 seconds before next sample...
[2025-05-27 03:43:16.588] SAMPLE 425/1408
[2025-05-27 03:43:16.588] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 03:43:16.588] File: 12ee27f56ec8a2a3eb2fe69179be3f7a7193ce2b92963ad33356ed299f7ed975.exe
[2025-05-27 03:43:16.588] Path: D:\new\ransomware_high_confidence\darkside\12ee27f56ec8a2a3eb2fe69179be3f7a7193ce2b92963ad33356ed299f7ed975.exe
[2025-05-27 03:43:16.588] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\12ee27f56ec8a2a3eb2fe69179be3f7a7193ce2b92963ad33356ed299f7ed975.exe
[2025-05-27 03:43:16.588] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:43:18.276] Restoring snapshot 35 done
[2025-05-27 03:43:18.276] Starting up VM
[2025-05-27 03:43:24.111] Starting up VM done
[2025-05-27 03:43:24.111] Installing kernel driver
[2025-05-27 03:43:24.111] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:43:27.812] Kernel driver installation completed
[2025-05-27 03:43:27.812] Starting GP driver service
[2025-05-27 03:43:27.812] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:43:30.960] GP driver service started
[2025-05-27 03:43:30.961] Executing malware sample: D:\new\ransomware_high_confidence\darkside\12ee27f56ec8a2a3eb2fe69179be3f7a7193ce2b92963ad33356ed299f7ed975.exe
[2025-05-27 03:43:30.961] Malware execution started
[2025-05-27 03:43:30.961] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:44:30.968] Taking screenshot
[2025-05-27 03:44:31.032] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:44:57.426] Powering off VM done
[2025-05-27 03:45:00.426] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:45:01.946] Restoring snapshot 35 done
[2025-05-27 03:45:01.946] Kernel telemetry analysis completed in 105.4 seconds.

[2025-05-27 03:45:01.946] ✅ Analysis completed successfully!
[2025-05-27 03:45:01.946] Progress: 30.2% (425/1408)
[2025-05-27 03:45:01.946] Successful: 425, Failed: 0
[2025-05-27 03:45:01.946] Time remaining: 36.1h
[2025-05-27 03:45:01.946] Waiting 5 seconds before next sample...
[2025-05-27 03:45:06.947] SAMPLE 426/1408
[2025-05-27 03:45:06.947] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 03:45:06.947] File: 151fbd6c299e734f7853497bd083abfa29f8c186a9db31dbe330ace2d35660d5.exe
[2025-05-27 03:45:06.947] Path: D:\new\ransomware_high_confidence\darkside\151fbd6c299e734f7853497bd083abfa29f8c186a9db31dbe330ace2d35660d5.exe
[2025-05-27 03:45:06.947] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\151fbd6c299e734f7853497bd083abfa29f8c186a9db31dbe330ace2d35660d5.exe
[2025-05-27 03:45:06.947] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:45:08.961] Restoring snapshot 35 done
[2025-05-27 03:45:08.961] Starting up VM
[2025-05-27 03:45:15.853] Starting up VM done
[2025-05-27 03:45:15.853] Installing kernel driver
[2025-05-27 03:45:15.853] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:45:20.184] Kernel driver installation completed
[2025-05-27 03:45:20.184] Starting GP driver service
[2025-05-27 03:45:20.184] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:45:23.334] GP driver service started
[2025-05-27 03:45:23.334] Executing malware sample: D:\new\ransomware_high_confidence\darkside\151fbd6c299e734f7853497bd083abfa29f8c186a9db31dbe330ace2d35660d5.exe
[2025-05-27 03:45:23.335] Malware execution started
[2025-05-27 03:45:23.335] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:46:23.342] Taking screenshot
[2025-05-27 03:46:23.407] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:46:44.221] Powering off VM done
[2025-05-27 03:46:47.221] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:46:48.249] Restoring snapshot 35 done
[2025-05-27 03:46:48.249] Kernel telemetry analysis completed in 101.3 seconds.

[2025-05-27 03:46:48.249] ✅ Analysis completed successfully!
[2025-05-27 03:46:48.249] Progress: 30.3% (426/1408)
[2025-05-27 03:46:48.249] Successful: 426, Failed: 0
[2025-05-27 03:46:48.249] Time remaining: 36.0h
[2025-05-27 03:46:48.249] Waiting 5 seconds before next sample...
[2025-05-27 03:46:53.249] SAMPLE 427/1408
[2025-05-27 03:46:53.249] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 03:46:53.249] File: 1667e1635736f2b2ba9727457f995a67201ddcd818496c9296713ffa18e17a43.exe
[2025-05-27 03:46:53.249] Path: D:\new\ransomware_high_confidence\darkside\1667e1635736f2b2ba9727457f995a67201ddcd818496c9296713ffa18e17a43.exe
[2025-05-27 03:46:53.250] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\1667e1635736f2b2ba9727457f995a67201ddcd818496c9296713ffa18e17a43.exe
[2025-05-27 03:46:53.250] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:46:53.839] Restoring snapshot 35 done
[2025-05-27 03:46:53.839] Starting up VM
[2025-05-27 03:47:00.258] Starting up VM done
[2025-05-27 03:47:00.258] Installing kernel driver
[2025-05-27 03:47:00.258] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:47:04.543] Kernel driver installation completed
[2025-05-27 03:47:04.543] Starting GP driver service
[2025-05-27 03:47:04.543] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:47:07.694] GP driver service started
[2025-05-27 03:47:07.694] Executing malware sample: D:\new\ransomware_high_confidence\darkside\1667e1635736f2b2ba9727457f995a67201ddcd818496c9296713ffa18e17a43.exe
[2025-05-27 03:47:07.694] Malware execution started
[2025-05-27 03:47:07.694] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:48:07.703] Taking screenshot
[2025-05-27 03:48:07.766] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:48:27.284] Powering off VM done
[2025-05-27 03:48:30.284] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:48:31.409] Restoring snapshot 35 done
[2025-05-27 03:48:31.409] Kernel telemetry analysis completed in 98.2 seconds.

[2025-05-27 03:48:31.409] ✅ Analysis completed successfully!
[2025-05-27 03:48:31.409] Progress: 30.3% (427/1408)
[2025-05-27 03:48:31.409] Successful: 427, Failed: 0
[2025-05-27 03:48:31.409] Time remaining: 36.0h
[2025-05-27 03:48:31.409] Waiting 5 seconds before next sample...
[2025-05-27 03:48:36.409] SAMPLE 428/1408
[2025-05-27 03:48:36.409] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 03:48:36.409] File: 17139a10fd226d01738fe9323918614aa913b2a50e1a516e95cced93fa151c61.exe
[2025-05-27 03:48:36.409] Path: D:\new\ransomware_high_confidence\darkside\17139a10fd226d01738fe9323918614aa913b2a50e1a516e95cced93fa151c61.exe
[2025-05-27 03:48:36.409] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\17139a10fd226d01738fe9323918614aa913b2a50e1a516e95cced93fa151c61.exe
[2025-05-27 03:48:36.409] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:48:37.457] Restoring snapshot 35 done
[2025-05-27 03:48:37.458] Starting up VM
[2025-05-27 03:48:43.305] Starting up VM done
[2025-05-27 03:48:43.305] Installing kernel driver
[2025-05-27 03:48:43.305] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:48:47.696] Kernel driver installation completed
[2025-05-27 03:48:47.696] Starting GP driver service
[2025-05-27 03:48:47.696] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:48:50.874] GP driver service started
[2025-05-27 03:48:50.874] Executing malware sample: D:\new\ransomware_high_confidence\darkside\17139a10fd226d01738fe9323918614aa913b2a50e1a516e95cced93fa151c61.exe
[2025-05-27 03:48:50.875] Malware execution started
[2025-05-27 03:48:50.875] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:49:50.883] Taking screenshot
[2025-05-27 03:49:50.944] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:50:21.030] Powering off VM done
[2025-05-27 03:50:24.030] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:50:25.354] Restoring snapshot 35 done
[2025-05-27 03:50:25.354] Kernel telemetry analysis completed in 108.9 seconds.

[2025-05-27 03:50:25.354] ✅ Analysis completed successfully!
[2025-05-27 03:50:25.354] Progress: 30.4% (428/1408)
[2025-05-27 03:50:25.354] Successful: 428, Failed: 0
[2025-05-27 03:50:25.354] Time remaining: 35.9h
[2025-05-27 03:50:25.354] Waiting 5 seconds before next sample...
[2025-05-27 03:50:30.355] SAMPLE 429/1408
[2025-05-27 03:50:30.355] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 03:50:30.355] File: 1cc7c198a8a2c935fd6f07970479e544f5b35a8eb3173de0305ebdf76a0988cb.exe
[2025-05-27 03:50:30.355] Path: D:\new\ransomware_high_confidence\darkside\1cc7c198a8a2c935fd6f07970479e544f5b35a8eb3173de0305ebdf76a0988cb.exe
[2025-05-27 03:50:30.355] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\1cc7c198a8a2c935fd6f07970479e544f5b35a8eb3173de0305ebdf76a0988cb.exe
[2025-05-27 03:50:30.355] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:50:30.973] Restoring snapshot 35 done
[2025-05-27 03:50:30.974] Starting up VM
[2025-05-27 03:50:37.547] Starting up VM done
[2025-05-27 03:50:37.547] Installing kernel driver
[2025-05-27 03:50:37.547] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:50:41.910] Kernel driver installation completed
[2025-05-27 03:50:41.910] Starting GP driver service
[2025-05-27 03:50:41.910] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:50:45.063] GP driver service started
[2025-05-27 03:50:45.063] Executing malware sample: D:\new\ransomware_high_confidence\darkside\1cc7c198a8a2c935fd6f07970479e544f5b35a8eb3173de0305ebdf76a0988cb.exe
[2025-05-27 03:50:45.064] Malware execution started
[2025-05-27 03:50:45.064] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:51:45.072] Taking screenshot
[2025-05-27 03:51:45.134] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:52:14.354] Powering off VM done
[2025-05-27 03:52:17.355] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:52:18.445] Restoring snapshot 35 done
[2025-05-27 03:52:18.445] Kernel telemetry analysis completed in 108.1 seconds.

[2025-05-27 03:52:18.445] ✅ Analysis completed successfully!
[2025-05-27 03:52:18.445] Progress: 30.5% (429/1408)
[2025-05-27 03:52:18.445] Successful: 429, Failed: 0
[2025-05-27 03:52:18.445] Time remaining: 35.9h
[2025-05-27 03:52:18.445] Waiting 5 seconds before next sample...
[2025-05-27 03:52:23.445] SAMPLE 430/1408
[2025-05-27 03:52:23.445] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 03:52:23.445] File: 1d4c0b32aea68056755daf70689699200ffa09688495ccd65a0907cade18bd2a.exe
[2025-05-27 03:52:23.445] Path: D:\new\ransomware_high_confidence\darkside\1d4c0b32aea68056755daf70689699200ffa09688495ccd65a0907cade18bd2a.exe
[2025-05-27 03:52:23.445] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\1d4c0b32aea68056755daf70689699200ffa09688495ccd65a0907cade18bd2a.exe
[2025-05-27 03:52:23.445] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:52:24.000] Restoring snapshot 35 done
[2025-05-27 03:52:24.000] Starting up VM
[2025-05-27 03:52:31.109] Starting up VM done
[2025-05-27 03:52:31.109] Installing kernel driver
[2025-05-27 03:52:31.109] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:52:35.444] Kernel driver installation completed
[2025-05-27 03:52:35.444] Starting GP driver service
[2025-05-27 03:52:35.444] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:52:38.593] GP driver service started
[2025-05-27 03:52:38.593] Executing malware sample: D:\new\ransomware_high_confidence\darkside\1d4c0b32aea68056755daf70689699200ffa09688495ccd65a0907cade18bd2a.exe
[2025-05-27 03:52:38.593] Malware execution started
[2025-05-27 03:52:38.593] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:53:38.602] Taking screenshot
[2025-05-27 03:53:38.664] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:54:15.919] Powering off VM done
[2025-05-27 03:54:18.919] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:54:20.241] Restoring snapshot 35 done
[2025-05-27 03:54:20.241] Kernel telemetry analysis completed in 116.8 seconds.

[2025-05-27 03:54:20.241] ✅ Analysis completed successfully!
[2025-05-27 03:54:20.241] Progress: 30.5% (430/1408)
[2025-05-27 03:54:20.241] Successful: 430, Failed: 0
[2025-05-27 03:54:20.241] Time remaining: 35.8h
[2025-05-27 03:54:20.241] Waiting 5 seconds before next sample...
[2025-05-27 03:54:25.242] SAMPLE 431/1408
[2025-05-27 03:54:25.242] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 03:54:25.242] File: 1ef8db7e8bd3aaba8b1cef96cd52fde587871571b1719c5d40f9a9c98dd26f84.exe
[2025-05-27 03:54:25.242] Path: D:\new\ransomware_high_confidence\darkside\1ef8db7e8bd3aaba8b1cef96cd52fde587871571b1719c5d40f9a9c98dd26f84.exe
[2025-05-27 03:54:25.242] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\1ef8db7e8bd3aaba8b1cef96cd52fde587871571b1719c5d40f9a9c98dd26f84.exe
[2025-05-27 03:54:25.242] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:54:26.782] Restoring snapshot 35 done
[2025-05-27 03:54:26.782] Starting up VM
[2025-05-27 03:54:32.989] Starting up VM done
[2025-05-27 03:54:32.990] Installing kernel driver
[2025-05-27 03:54:32.990] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:54:36.741] Kernel driver installation completed
[2025-05-27 03:54:36.741] Starting GP driver service
[2025-05-27 03:54:36.741] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:54:39.903] GP driver service started
[2025-05-27 03:54:39.903] Executing malware sample: D:\new\ransomware_high_confidence\darkside\1ef8db7e8bd3aaba8b1cef96cd52fde587871571b1719c5d40f9a9c98dd26f84.exe
[2025-05-27 03:54:39.903] Malware execution started
[2025-05-27 03:54:39.903] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:55:39.912] Taking screenshot
[2025-05-27 03:55:39.972] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:56:19.288] Powering off VM done
[2025-05-27 03:56:22.289] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:56:23.575] Restoring snapshot 35 done
[2025-05-27 03:56:23.575] Kernel telemetry analysis completed in 118.3 seconds.

[2025-05-27 03:56:23.575] ✅ Analysis completed successfully!
[2025-05-27 03:56:23.575] Progress: 30.6% (431/1408)
[2025-05-27 03:56:23.575] Successful: 431, Failed: 0
[2025-05-27 03:56:23.575] Time remaining: 35.8h
[2025-05-27 03:56:23.575] Waiting 5 seconds before next sample...
[2025-05-27 03:56:28.575] SAMPLE 432/1408
[2025-05-27 03:56:28.575] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 03:56:28.575] File: 243dff06fc80a049f4fb37292f8b8def0fce29768f345c88ee10699e22b0ae60.exe
[2025-05-27 03:56:28.575] Path: D:\new\ransomware_high_confidence\darkside\243dff06fc80a049f4fb37292f8b8def0fce29768f345c88ee10699e22b0ae60.exe
[2025-05-27 03:56:28.575] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\243dff06fc80a049f4fb37292f8b8def0fce29768f345c88ee10699e22b0ae60.exe
[2025-05-27 03:56:28.575] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:56:30.543] Restoring snapshot 35 done
[2025-05-27 03:56:30.543] Starting up VM
[2025-05-27 03:56:37.105] Starting up VM done
[2025-05-27 03:56:37.105] Installing kernel driver
[2025-05-27 03:56:37.105] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:56:40.821] Kernel driver installation completed
[2025-05-27 03:56:40.821] Starting GP driver service
[2025-05-27 03:56:40.821] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:56:43.969] GP driver service started
[2025-05-27 03:56:43.969] Executing malware sample: D:\new\ransomware_high_confidence\darkside\243dff06fc80a049f4fb37292f8b8def0fce29768f345c88ee10699e22b0ae60.exe
[2025-05-27 03:56:43.970] Malware execution started
[2025-05-27 03:56:43.970] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:57:43.978] Taking screenshot
[2025-05-27 03:57:44.041] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:58:12.993] Powering off VM done
[2025-05-27 03:58:15.993] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:58:17.246] Restoring snapshot 35 done
[2025-05-27 03:58:17.246] Kernel telemetry analysis completed in 108.7 seconds.

[2025-05-27 03:58:17.246] ✅ Analysis completed successfully!
[2025-05-27 03:58:17.246] Progress: 30.7% (432/1408)
[2025-05-27 03:58:17.246] Successful: 432, Failed: 0
[2025-05-27 03:58:17.246] Time remaining: 35.7h
[2025-05-27 03:58:17.247] Waiting 5 seconds before next sample...
[2025-05-27 03:58:22.247] SAMPLE 433/1408
[2025-05-27 03:58:22.247] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 03:58:22.247] File: 2d82be244e23001148ed5a6d83856b6f7cd20c3f7786481303d5d584c51ff5f0.exe
[2025-05-27 03:58:22.247] Path: D:\new\ransomware_high_confidence\darkside\2d82be244e23001148ed5a6d83856b6f7cd20c3f7786481303d5d584c51ff5f0.exe
[2025-05-27 03:58:22.247] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\2d82be244e23001148ed5a6d83856b6f7cd20c3f7786481303d5d584c51ff5f0.exe
[2025-05-27 03:58:22.247] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 03:58:23.786] Restoring snapshot 35 done
[2025-05-27 03:58:23.786] Starting up VM
[2025-05-27 03:58:29.117] Starting up VM done
[2025-05-27 03:58:29.117] Installing kernel driver
[2025-05-27 03:58:29.117] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 03:58:33.582] Kernel driver installation completed
[2025-05-27 03:58:33.582] Starting GP driver service
[2025-05-27 03:58:33.582] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 03:58:36.732] GP driver service started
[2025-05-27 03:58:36.732] Executing malware sample: D:\new\ransomware_high_confidence\darkside\2d82be244e23001148ed5a6d83856b6f7cd20c3f7786481303d5d584c51ff5f0.exe
[2025-05-27 03:58:36.732] Malware execution started
[2025-05-27 03:58:36.732] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 03:59:36.741] Taking screenshot
[2025-05-27 03:59:36.799] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:00:20.977] Powering off VM done
[2025-05-27 04:00:23.977] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:00:25.463] Restoring snapshot 35 done
[2025-05-27 04:00:25.463] Kernel telemetry analysis completed in 123.2 seconds.

[2025-05-27 04:00:25.463] ✅ Analysis completed successfully!
[2025-05-27 04:00:25.463] Progress: 30.8% (433/1408)
[2025-05-27 04:00:25.463] Successful: 433, Failed: 0
[2025-05-27 04:00:25.463] Time remaining: 35.7h
[2025-05-27 04:00:25.463] Waiting 5 seconds before next sample...
[2025-05-27 04:00:30.463] SAMPLE 434/1408
[2025-05-27 04:00:30.463] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:00:30.463] File: 2de09a815efcc64810046de69b8e0aa1c9e9beee77b66560a0b15d737485e3c5.exe
[2025-05-27 04:00:30.463] Path: D:\new\ransomware_high_confidence\darkside\2de09a815efcc64810046de69b8e0aa1c9e9beee77b66560a0b15d737485e3c5.exe
[2025-05-27 04:00:30.464] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\2de09a815efcc64810046de69b8e0aa1c9e9beee77b66560a0b15d737485e3c5.exe
[2025-05-27 04:00:30.464] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:00:32.302] Restoring snapshot 35 done
[2025-05-27 04:00:32.302] Starting up VM
[2025-05-27 04:00:38.421] Starting up VM done
[2025-05-27 04:00:38.421] Installing kernel driver
[2025-05-27 04:00:38.421] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:00:43.258] Kernel driver installation completed
[2025-05-27 04:00:43.258] Starting GP driver service
[2025-05-27 04:00:43.258] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:00:46.419] GP driver service started
[2025-05-27 04:00:46.419] Executing malware sample: D:\new\ransomware_high_confidence\darkside\2de09a815efcc64810046de69b8e0aa1c9e9beee77b66560a0b15d737485e3c5.exe
[2025-05-27 04:00:46.419] Malware execution started
[2025-05-27 04:00:46.419] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:01:46.427] Taking screenshot
[2025-05-27 04:01:46.491] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:02:02.994] Powering off VM done
[2025-05-27 04:02:05.994] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:02:07.962] Restoring snapshot 35 done
[2025-05-27 04:02:07.962] Kernel telemetry analysis completed in 97.5 seconds.

[2025-05-27 04:02:07.962] ✅ Analysis completed successfully!
[2025-05-27 04:02:07.962] Progress: 30.8% (434/1408)
[2025-05-27 04:02:07.962] Successful: 434, Failed: 0
[2025-05-27 04:02:07.962] Time remaining: 35.6h
[2025-05-27 04:02:07.962] Waiting 5 seconds before next sample...
[2025-05-27 04:02:12.962] SAMPLE 435/1408
[2025-05-27 04:02:12.962] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:02:12.962] File: 43e61519be440115eeaa3738a0e4aa4bb3c8ac5f9bdfce1a896db17a374eb8aa.exe
[2025-05-27 04:02:12.962] Path: D:\new\ransomware_high_confidence\darkside\43e61519be440115eeaa3738a0e4aa4bb3c8ac5f9bdfce1a896db17a374eb8aa.exe
[2025-05-27 04:02:12.963] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\43e61519be440115eeaa3738a0e4aa4bb3c8ac5f9bdfce1a896db17a374eb8aa.exe
[2025-05-27 04:02:12.963] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:02:14.561] Restoring snapshot 35 done
[2025-05-27 04:02:14.561] Starting up VM
[2025-05-27 04:02:20.950] Starting up VM done
[2025-05-27 04:02:20.950] Installing kernel driver
[2025-05-27 04:02:20.950] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:02:25.303] Kernel driver installation completed
[2025-05-27 04:02:25.304] Starting GP driver service
[2025-05-27 04:02:25.304] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:02:28.458] GP driver service started
[2025-05-27 04:02:28.458] Executing malware sample: D:\new\ransomware_high_confidence\darkside\43e61519be440115eeaa3738a0e4aa4bb3c8ac5f9bdfce1a896db17a374eb8aa.exe
[2025-05-27 04:02:28.459] Malware execution started
[2025-05-27 04:02:28.459] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:03:28.467] Taking screenshot
[2025-05-27 04:03:28.527] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:03:56.764] Powering off VM done
[2025-05-27 04:03:59.764] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:04:01.183] Restoring snapshot 35 done
[2025-05-27 04:04:01.183] Kernel telemetry analysis completed in 108.2 seconds.

[2025-05-27 04:04:01.183] ✅ Analysis completed successfully!
[2025-05-27 04:04:01.183] Progress: 30.9% (435/1408)
[2025-05-27 04:04:01.183] Successful: 435, Failed: 0
[2025-05-27 04:04:01.183] Time remaining: 35.6h
[2025-05-27 04:04:01.183] Waiting 5 seconds before next sample...
[2025-05-27 04:04:06.184] SAMPLE 436/1408
[2025-05-27 04:04:06.184] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:04:06.184] File: 47eccaaa672667a9cea23e24fd702f7b3a45cbf8585403586be474585fd80243.exe
[2025-05-27 04:04:06.184] Path: D:\new\ransomware_high_confidence\darkside\47eccaaa672667a9cea23e24fd702f7b3a45cbf8585403586be474585fd80243.exe
[2025-05-27 04:04:06.184] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\47eccaaa672667a9cea23e24fd702f7b3a45cbf8585403586be474585fd80243.exe
[2025-05-27 04:04:06.184] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:04:07.816] Restoring snapshot 35 done
[2025-05-27 04:04:07.816] Starting up VM
[2025-05-27 04:04:13.934] Starting up VM done
[2025-05-27 04:04:13.935] Installing kernel driver
[2025-05-27 04:04:13.935] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:04:18.285] Kernel driver installation completed
[2025-05-27 04:04:18.285] Starting GP driver service
[2025-05-27 04:04:18.285] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:04:21.435] GP driver service started
[2025-05-27 04:04:21.436] Executing malware sample: D:\new\ransomware_high_confidence\darkside\47eccaaa672667a9cea23e24fd702f7b3a45cbf8585403586be474585fd80243.exe
[2025-05-27 04:04:21.436] Malware execution started
[2025-05-27 04:04:21.436] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:05:21.444] Taking screenshot
[2025-05-27 04:05:21.508] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:05:37.876] Powering off VM done
[2025-05-27 04:05:40.876] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:05:42.818] Restoring snapshot 35 done
[2025-05-27 04:05:42.818] Kernel telemetry analysis completed in 96.6 seconds.

[2025-05-27 04:05:42.818] ✅ Analysis completed successfully!
[2025-05-27 04:05:42.818] Progress: 31.0% (436/1408)
[2025-05-27 04:05:42.818] Successful: 436, Failed: 0
[2025-05-27 04:05:42.818] Time remaining: 35.5h
[2025-05-27 04:05:42.818] Waiting 5 seconds before next sample...
[2025-05-27 04:05:47.818] SAMPLE 437/1408
[2025-05-27 04:05:47.818] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:05:47.818] File: 4d9432e8a0ceb64c34b13d550251b8d9478ca784e50105dc0d729490fb861d1a.exe
[2025-05-27 04:05:47.818] Path: D:\new\ransomware_high_confidence\darkside\4d9432e8a0ceb64c34b13d550251b8d9478ca784e50105dc0d729490fb861d1a.exe
[2025-05-27 04:05:47.818] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\4d9432e8a0ceb64c34b13d550251b8d9478ca784e50105dc0d729490fb861d1a.exe
[2025-05-27 04:05:47.818] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:05:49.670] Restoring snapshot 35 done
[2025-05-27 04:05:49.670] Starting up VM
[2025-05-27 04:05:56.039] Starting up VM done
[2025-05-27 04:05:56.039] Installing kernel driver
[2025-05-27 04:05:56.039] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:06:00.236] Kernel driver installation completed
[2025-05-27 04:06:00.237] Starting GP driver service
[2025-05-27 04:06:00.237] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:06:03.396] GP driver service started
[2025-05-27 04:06:03.396] Executing malware sample: D:\new\ransomware_high_confidence\darkside\4d9432e8a0ceb64c34b13d550251b8d9478ca784e50105dc0d729490fb861d1a.exe
[2025-05-27 04:06:03.396] Malware execution started
[2025-05-27 04:06:03.396] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:07:03.404] Taking screenshot
[2025-05-27 04:07:03.466] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:07:40.021] Powering off VM done
[2025-05-27 04:07:43.021] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:07:43.225] Restoring snapshot 35 done
[2025-05-27 04:07:43.225] Kernel telemetry analysis completed in 115.4 seconds.

[2025-05-27 04:07:43.225] ✅ Analysis completed successfully!
[2025-05-27 04:07:43.225] Progress: 31.0% (437/1408)
[2025-05-27 04:07:43.225] Successful: 437, Failed: 0
[2025-05-27 04:07:43.225] Time remaining: 35.5h
[2025-05-27 04:07:43.225] Waiting 5 seconds before next sample...
[2025-05-27 04:07:48.225] SAMPLE 438/1408
[2025-05-27 04:07:48.225] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:07:48.225] File: 508dd6f7ed6c143cf5e1ed6a4051dd8ee7b5bf4b7f55e0704d21ba785f2d5add.exe
[2025-05-27 04:07:48.225] Path: D:\new\ransomware_high_confidence\darkside\508dd6f7ed6c143cf5e1ed6a4051dd8ee7b5bf4b7f55e0704d21ba785f2d5add.exe
[2025-05-27 04:07:48.225] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\508dd6f7ed6c143cf5e1ed6a4051dd8ee7b5bf4b7f55e0704d21ba785f2d5add.exe
[2025-05-27 04:07:48.225] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:07:49.835] Restoring snapshot 35 done
[2025-05-27 04:07:49.835] Starting up VM
[2025-05-27 04:07:57.010] Starting up VM done
[2025-05-27 04:07:57.010] Installing kernel driver
[2025-05-27 04:07:57.010] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:08:01.395] Kernel driver installation completed
[2025-05-27 04:08:01.395] Starting GP driver service
[2025-05-27 04:08:01.395] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:08:04.552] GP driver service started
[2025-05-27 04:08:04.552] Executing malware sample: D:\new\ransomware_high_confidence\darkside\508dd6f7ed6c143cf5e1ed6a4051dd8ee7b5bf4b7f55e0704d21ba785f2d5add.exe
[2025-05-27 04:08:04.552] Malware execution started
[2025-05-27 04:08:04.552] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:09:04.561] Taking screenshot
[2025-05-27 04:09:04.623] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:09:40.451] Powering off VM done
[2025-05-27 04:09:43.451] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:09:45.042] Restoring snapshot 35 done
[2025-05-27 04:09:45.042] Kernel telemetry analysis completed in 116.8 seconds.

[2025-05-27 04:09:45.042] ✅ Analysis completed successfully!
[2025-05-27 04:09:45.042] Progress: 31.1% (438/1408)
[2025-05-27 04:09:45.042] Successful: 438, Failed: 0
[2025-05-27 04:09:45.042] Time remaining: 35.4h
[2025-05-27 04:09:45.042] Waiting 5 seconds before next sample...
[2025-05-27 04:09:50.042] SAMPLE 439/1408
[2025-05-27 04:09:50.042] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:09:50.042] File: 516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe
[2025-05-27 04:09:50.042] Path: D:\new\ransomware_high_confidence\darkside\516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe
[2025-05-27 04:09:50.042] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe
[2025-05-27 04:09:50.042] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:09:52.383] Restoring snapshot 35 done
[2025-05-27 04:09:52.383] Starting up VM
[2025-05-27 04:09:58.566] Starting up VM done
[2025-05-27 04:09:58.566] Installing kernel driver
[2025-05-27 04:09:58.566] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:10:02.991] Kernel driver installation completed
[2025-05-27 04:10:02.991] Starting GP driver service
[2025-05-27 04:10:02.991] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:10:06.145] GP driver service started
[2025-05-27 04:10:06.145] Executing malware sample: D:\new\ransomware_high_confidence\darkside\516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe
[2025-05-27 04:10:06.145] Malware execution started
[2025-05-27 04:10:06.145] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:11:06.153] Taking screenshot
[2025-05-27 04:11:06.216] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:11:25.413] Powering off VM done
[2025-05-27 04:11:28.413] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:11:29.661] Restoring snapshot 35 done
[2025-05-27 04:11:29.661] Kernel telemetry analysis completed in 99.6 seconds.

[2025-05-27 04:11:29.661] ✅ Analysis completed successfully!
[2025-05-27 04:11:29.661] Progress: 31.2% (439/1408)
[2025-05-27 04:11:29.661] Successful: 439, Failed: 0
[2025-05-27 04:11:29.661] Time remaining: 35.4h
[2025-05-27 04:11:29.661] Waiting 5 seconds before next sample...
[2025-05-27 04:11:34.662] SAMPLE 440/1408
[2025-05-27 04:11:34.662] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:11:34.662] File: 521c503bc3f5d8b2aa8819e8e30e2019e74ea9649a57529fb32c3dfc66a1e7ef.exe
[2025-05-27 04:11:34.662] Path: D:\new\ransomware_high_confidence\darkside\521c503bc3f5d8b2aa8819e8e30e2019e74ea9649a57529fb32c3dfc66a1e7ef.exe
[2025-05-27 04:11:34.662] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\521c503bc3f5d8b2aa8819e8e30e2019e74ea9649a57529fb32c3dfc66a1e7ef.exe
[2025-05-27 04:11:34.662] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:11:36.509] Restoring snapshot 35 done
[2025-05-27 04:11:36.509] Starting up VM
[2025-05-27 04:11:42.901] Starting up VM done
[2025-05-27 04:11:42.902] Installing kernel driver
[2025-05-27 04:11:42.902] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:11:46.644] Kernel driver installation completed
[2025-05-27 04:11:46.644] Starting GP driver service
[2025-05-27 04:11:46.644] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:11:49.800] GP driver service started
[2025-05-27 04:11:49.800] Executing malware sample: D:\new\ransomware_high_confidence\darkside\521c503bc3f5d8b2aa8819e8e30e2019e74ea9649a57529fb32c3dfc66a1e7ef.exe
[2025-05-27 04:11:49.800] Malware execution started
[2025-05-27 04:11:49.800] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:12:49.809] Taking screenshot
[2025-05-27 04:12:49.872] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:13:07.245] Powering off VM done
[2025-05-27 04:13:10.246] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:13:11.587] Restoring snapshot 35 done
[2025-05-27 04:13:11.588] Kernel telemetry analysis completed in 96.9 seconds.

[2025-05-27 04:13:11.588] ✅ Analysis completed successfully!
[2025-05-27 04:13:11.588] Progress: 31.2% (440/1408)
[2025-05-27 04:13:11.588] Successful: 440, Failed: 0
[2025-05-27 04:13:11.588] Time remaining: 35.3h
[2025-05-27 04:13:11.588] Waiting 5 seconds before next sample...
[2025-05-27 04:13:16.588] SAMPLE 441/1408
[2025-05-27 04:13:16.588] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:13:16.588] File: 533672da9d276012ebab3ce9f4cd09a7f537f65c6e4b63d43f0c1697e2f5e48d.exe
[2025-05-27 04:13:16.588] Path: D:\new\ransomware_high_confidence\darkside\533672da9d276012ebab3ce9f4cd09a7f537f65c6e4b63d43f0c1697e2f5e48d.exe
[2025-05-27 04:13:16.588] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\533672da9d276012ebab3ce9f4cd09a7f537f65c6e4b63d43f0c1697e2f5e48d.exe
[2025-05-27 04:13:16.588] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:13:23.070] Starting up VM done
[2025-05-27 04:13:23.070] Installing kernel driver
[2025-05-27 04:13:23.070] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:13:26.826] Kernel driver installation completed
[2025-05-27 04:13:26.827] Starting GP driver service
[2025-05-27 04:13:26.827] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:13:29.988] GP driver service started
[2025-05-27 04:13:29.988] Executing malware sample: D:\new\ransomware_high_confidence\darkside\533672da9d276012ebab3ce9f4cd09a7f537f65c6e4b63d43f0c1697e2f5e48d.exe
[2025-05-27 04:13:29.989] Malware execution started
[2025-05-27 04:13:29.989] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:14:29.997] Taking screenshot
[2025-05-27 04:14:30.058] Taking screenshot done
[2025-05-27 04:14:30.058] Terminating malware: 533672da9d276012ebab3ce9f4cd0

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:14:51.620] Powering off VM done
[2025-05-27 04:14:54.620] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:14:56.356] Restoring snapshot 35 done
[2025-05-27 04:14:56.356] Kernel telemetry analysis completed in 99.8 seconds.

[2025-05-27 04:14:56.356] ✅ Analysis completed successfully!
[2025-05-27 04:14:56.356] Progress: 31.3% (441/1408)
[2025-05-27 04:14:56.356] Successful: 441, Failed: 0
[2025-05-27 04:14:56.356] Time remaining: 35.3h
[2025-05-27 04:14:56.356] Waiting 5 seconds before next sample...
[2025-05-27 04:15:01.356] SAMPLE 442/1408
[2025-05-27 04:15:01.356] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:15:01.356] File: 533d26fdacdcaf1b908458c39bb503e5aa94025811c6b6d1f3c8a9142ade8404.exe
[2025-05-27 04:15:01.356] Path: D:\new\ransomware_high_confidence\darkside\533d26fdacdcaf1b908458c39bb503e5aa94025811c6b6d1f3c8a9142ade8404.exe
[2025-05-27 04:15:01.356] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\533d26fdacdcaf1b908458c39bb503e5aa94025811c6b6d1f3c8a9142ade8404.exe
[2025-05-27 04:15:01.356] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:15:02.896] Restoring snapshot 35 done
[2025-05-27 04:15:02.896] Starting up VM
[2025-05-27 04:15:09.298] Starting up VM done
[2025-05-27 04:15:09.298] Installing kernel driver
[2025-05-27 04:15:09.298] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:15:13.665] Kernel driver installation completed
[2025-05-27 04:15:13.665] Starting GP driver service
[2025-05-27 04:15:13.665] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:15:16.813] GP driver service started
[2025-05-27 04:15:16.813] Executing malware sample: D:\new\ransomware_high_confidence\darkside\533d26fdacdcaf1b908458c39bb503e5aa94025811c6b6d1f3c8a9142ade8404.exe
[2025-05-27 04:15:16.814] Malware execution started
[2025-05-27 04:15:16.814] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:16:16.822] Taking screenshot
[2025-05-27 04:16:16.885] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:16:43.190] Powering off VM done
[2025-05-27 04:16:46.190] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:16:47.612] Restoring snapshot 35 done
[2025-05-27 04:16:47.612] Kernel telemetry analysis completed in 106.3 seconds.

[2025-05-27 04:16:47.612] ✅ Analysis completed successfully!
[2025-05-27 04:16:47.612] Progress: 31.4% (442/1408)
[2025-05-27 04:16:47.612] Successful: 442, Failed: 0
[2025-05-27 04:16:47.612] Time remaining: 35.2h
[2025-05-27 04:16:47.612] Waiting 5 seconds before next sample...
[2025-05-27 04:16:52.612] SAMPLE 443/1408
[2025-05-27 04:16:52.612] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:16:52.612] File: 56e7b9c4b8962b6ff0d1e0162ca8515a07b576cd47ba90221354838733f8689a.exe
[2025-05-27 04:16:52.612] Path: D:\new\ransomware_high_confidence\darkside\56e7b9c4b8962b6ff0d1e0162ca8515a07b576cd47ba90221354838733f8689a.exe
[2025-05-27 04:16:52.612] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\56e7b9c4b8962b6ff0d1e0162ca8515a07b576cd47ba90221354838733f8689a.exe
[2025-05-27 04:16:52.612] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:16:54.456] Restoring snapshot 35 done
[2025-05-27 04:16:54.456] Starting up VM
[2025-05-27 04:17:00.988] Starting up VM done
[2025-05-27 04:17:00.989] Installing kernel driver
[2025-05-27 04:17:00.989] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:17:05.050] Kernel driver installation completed
[2025-05-27 04:17:05.050] Starting GP driver service
[2025-05-27 04:17:05.051] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:17:08.225] GP driver service started
[2025-05-27 04:17:08.225] Executing malware sample: D:\new\ransomware_high_confidence\darkside\56e7b9c4b8962b6ff0d1e0162ca8515a07b576cd47ba90221354838733f8689a.exe
[2025-05-27 04:17:08.225] Malware execution started
[2025-05-27 04:17:08.225] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:18:08.233] Taking screenshot
[2025-05-27 04:18:08.296] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:18:25.959] Powering off VM done
[2025-05-27 04:18:28.959] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:18:30.427] Restoring snapshot 35 done
[2025-05-27 04:18:30.427] Kernel telemetry analysis completed in 97.8 seconds.

[2025-05-27 04:18:30.427] ✅ Analysis completed successfully!
[2025-05-27 04:18:30.427] Progress: 31.5% (443/1408)
[2025-05-27 04:18:30.427] Successful: 443, Failed: 0
[2025-05-27 04:18:30.427] Time remaining: 35.2h
[2025-05-27 04:18:30.427] Waiting 5 seconds before next sample...
[2025-05-27 04:18:35.427] SAMPLE 444/1408
[2025-05-27 04:18:35.427] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:18:35.427] File: 61ca175c2f04cb5279f8507e69385577cf04e4e896a01d0b5357746a241c7846.exe
[2025-05-27 04:18:35.427] Path: D:\new\ransomware_high_confidence\darkside\61ca175c2f04cb5279f8507e69385577cf04e4e896a01d0b5357746a241c7846.exe
[2025-05-27 04:18:35.428] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\61ca175c2f04cb5279f8507e69385577cf04e4e896a01d0b5357746a241c7846.exe
[2025-05-27 04:18:35.428] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:18:37.289] Restoring snapshot 35 done
[2025-05-27 04:18:37.289] Starting up VM
[2025-05-27 04:18:43.975] Starting up VM done
[2025-05-27 04:18:43.975] Installing kernel driver
[2025-05-27 04:18:43.975] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:18:48.248] Kernel driver installation completed
[2025-05-27 04:18:48.248] Starting GP driver service
[2025-05-27 04:18:48.248] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:18:51.403] GP driver service started
[2025-05-27 04:18:51.403] Executing malware sample: D:\new\ransomware_high_confidence\darkside\61ca175c2f04cb5279f8507e69385577cf04e4e896a01d0b5357746a241c7846.exe
[2025-05-27 04:18:51.403] Malware execution started
[2025-05-27 04:18:51.403] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:19:51.411] Taking screenshot
[2025-05-27 04:19:51.473] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:20:06.553] Powering off VM done
[2025-05-27 04:20:09.553] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:20:11.056] Restoring snapshot 35 done
[2025-05-27 04:20:11.056] Kernel telemetry analysis completed in 95.6 seconds.

[2025-05-27 04:20:11.056] ✅ Analysis completed successfully!
[2025-05-27 04:20:11.056] Progress: 31.5% (444/1408)
[2025-05-27 04:20:11.056] Successful: 444, Failed: 0
[2025-05-27 04:20:11.056] Time remaining: 35.1h
[2025-05-27 04:20:11.056] Waiting 5 seconds before next sample...
[2025-05-27 04:20:16.056] SAMPLE 445/1408
[2025-05-27 04:20:16.056] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:20:16.056] File: 665afa26d6110bb35ec8a60878068a0e69e1c805d9073bef71a48a3404c164e9.exe
[2025-05-27 04:20:16.056] Path: D:\new\ransomware_high_confidence\darkside\665afa26d6110bb35ec8a60878068a0e69e1c805d9073bef71a48a3404c164e9.exe
[2025-05-27 04:20:16.056] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\665afa26d6110bb35ec8a60878068a0e69e1c805d9073bef71a48a3404c164e9.exe
[2025-05-27 04:20:16.056] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:20:17.900] Restoring snapshot 35 done
[2025-05-27 04:20:17.900] Starting up VM
[2025-05-27 04:20:23.953] Starting up VM done
[2025-05-27 04:20:23.953] Installing kernel driver
[2025-05-27 04:20:23.953] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:20:28.366] Kernel driver installation completed
[2025-05-27 04:20:28.366] Starting GP driver service
[2025-05-27 04:20:28.366] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:20:31.523] GP driver service started
[2025-05-27 04:20:31.523] Executing malware sample: D:\new\ransomware_high_confidence\darkside\665afa26d6110bb35ec8a60878068a0e69e1c805d9073bef71a48a3404c164e9.exe
[2025-05-27 04:20:31.523] Malware execution started
[2025-05-27 04:20:31.523] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:21:31.531] Taking screenshot
[2025-05-27 04:21:31.593] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:21:48.138] Powering off VM done
[2025-05-27 04:21:51.138] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:21:52.910] Restoring snapshot 35 done
[2025-05-27 04:21:52.910] Kernel telemetry analysis completed in 96.9 seconds.

[2025-05-27 04:21:52.910] ✅ Analysis completed successfully!
[2025-05-27 04:21:52.910] Progress: 31.6% (445/1408)
[2025-05-27 04:21:52.911] Successful: 445, Failed: 0
[2025-05-27 04:21:52.911] Time remaining: 35.1h
[2025-05-27 04:21:52.911] Waiting 5 seconds before next sample...
[2025-05-27 04:21:57.911] SAMPLE 446/1408
[2025-05-27 04:21:57.911] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:21:57.911] File: 68872cc22fbdf0c2f69c32ac878ba9a7b7cf61fe5dd0e3da200131b8b23438e7.exe
[2025-05-27 04:21:57.911] Path: D:\new\ransomware_high_confidence\darkside\68872cc22fbdf0c2f69c32ac878ba9a7b7cf61fe5dd0e3da200131b8b23438e7.exe
[2025-05-27 04:21:57.911] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\68872cc22fbdf0c2f69c32ac878ba9a7b7cf61fe5dd0e3da200131b8b23438e7.exe
[2025-05-27 04:21:57.911] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:22:03.924] Starting up VM done
[2025-05-27 04:22:03.924] Installing kernel driver
[2025-05-27 04:22:03.925] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:22:08.292] Kernel driver installation completed
[2025-05-27 04:22:08.292] Starting GP driver service
[2025-05-27 04:22:08.292] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:22:11.453] GP driver service started
[2025-05-27 04:22:11.453] Executing malware sample: D:\new\ransomware_high_confidence\darkside\68872cc22fbdf0c2f69c32ac878ba9a7b7cf61fe5dd0e3da200131b8b23438e7.exe
[2025-05-27 04:22:11.453] Malware execution started
[2025-05-27 04:22:11.453] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:23:11.461] Taking screenshot
[2025-05-27 04:23:11.524] Taking screenshot done
[2025-05-27 04:23:11.524] Terminating malware: 68872cc22fbdf0c2f69c32ac878ba

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:23:30.071] Powering off VM done
[2025-05-27 04:23:33.072] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:23:34.462] Restoring snapshot 35 done
[2025-05-27 04:23:34.462] Kernel telemetry analysis completed in 96.6 seconds.

[2025-05-27 04:23:34.462] ✅ Analysis completed successfully!
[2025-05-27 04:23:34.462] Progress: 31.7% (446/1408)
[2025-05-27 04:23:34.462] Successful: 446, Failed: 0
[2025-05-27 04:23:34.462] Time remaining: 35.0h
[2025-05-27 04:23:34.462] Waiting 5 seconds before next sample...
[2025-05-27 04:23:39.463] SAMPLE 447/1408
[2025-05-27 04:23:39.463] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:23:39.463] File: 6931b124d38d52bd7cdef48121fda457d407b63b59bb4e6ead4ce548f4bbb971.exe
[2025-05-27 04:23:39.463] Path: D:\new\ransomware_high_confidence\darkside\6931b124d38d52bd7cdef48121fda457d407b63b59bb4e6ead4ce548f4bbb971.exe
[2025-05-27 04:23:39.463] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\6931b124d38d52bd7cdef48121fda457d407b63b59bb4e6ead4ce548f4bbb971.exe
[2025-05-27 04:23:39.463] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:23:41.005] Restoring snapshot 35 done
[2025-05-27 04:23:41.005] Starting up VM
[2025-05-27 04:23:47.037] Starting up VM done
[2025-05-27 04:23:47.037] Installing kernel driver
[2025-05-27 04:23:47.037] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:23:50.831] Kernel driver installation completed
[2025-05-27 04:23:50.831] Starting GP driver service
[2025-05-27 04:23:50.831] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:23:53.984] GP driver service started
[2025-05-27 04:23:53.984] Executing malware sample: D:\new\ransomware_high_confidence\darkside\6931b124d38d52bd7cdef48121fda457d407b63b59bb4e6ead4ce548f4bbb971.exe
[2025-05-27 04:23:53.984] Malware execution started
[2025-05-27 04:23:53.984] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:24:53.993] Taking screenshot
[2025-05-27 04:24:54.055] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:25:25.465] Powering off VM done
[2025-05-27 04:25:28.465] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:25:30.202] Restoring snapshot 35 done
[2025-05-27 04:25:30.202] Kernel telemetry analysis completed in 110.7 seconds.

[2025-05-27 04:25:30.202] ✅ Analysis completed successfully!
[2025-05-27 04:25:30.202] Progress: 31.7% (447/1408)
[2025-05-27 04:25:30.202] Successful: 447, Failed: 0
[2025-05-27 04:25:30.202] Time remaining: 35.0h
[2025-05-27 04:25:30.202] Waiting 5 seconds before next sample...
[2025-05-27 04:25:35.202] SAMPLE 448/1408
[2025-05-27 04:25:35.202] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:25:35.202] File: 6d656f110246990d10fe0b0132704b1323859d4003f2b1d5d03f665c710b8fd3.exe
[2025-05-27 04:25:35.202] Path: D:\new\ransomware_high_confidence\darkside\6d656f110246990d10fe0b0132704b1323859d4003f2b1d5d03f665c710b8fd3.exe
[2025-05-27 04:25:35.202] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\6d656f110246990d10fe0b0132704b1323859d4003f2b1d5d03f665c710b8fd3.exe
[2025-05-27 04:25:35.203] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:25:36.843] Restoring snapshot 35 done
[2025-05-27 04:25:36.843] Starting up VM
[2025-05-27 04:25:42.682] Starting up VM done
[2025-05-27 04:25:42.683] Installing kernel driver
[2025-05-27 04:25:42.683] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:25:46.909] Kernel driver installation completed
[2025-05-27 04:25:46.909] Starting GP driver service
[2025-05-27 04:25:46.909] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:25:50.068] GP driver service started
[2025-05-27 04:25:50.068] Executing malware sample: D:\new\ransomware_high_confidence\darkside\6d656f110246990d10fe0b0132704b1323859d4003f2b1d5d03f665c710b8fd3.exe
[2025-05-27 04:25:50.069] Malware execution started
[2025-05-27 04:25:50.069] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:26:50.077] Taking screenshot
[2025-05-27 04:26:50.138] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:27:14.624] Powering off VM done
[2025-05-27 04:27:17.624] Restoring snapshot 35
[2025-05-27 04:27:17.693] Restoring snapshot 35 done
[2025-05-27 04:27:17.693] Kernel telemetry analysis completed in 102.5 seconds.

[2025-05-27 04:27:17.693] ✅ Analysis completed successfully!
[2025-05-27 04:27:17.693] Progress: 31.8% (448/1408)
[2025-05-27 04:27:17.693] Successful: 448, Failed: 0
[2025-05-27 04:27:17.693] Time remaining: 34.9h
[2025-05-27 04:27:17.693] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:27:22.693] SAMPLE 449/1408
[2025-05-27 04:27:22.693] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:27:22.693] File: 78782fd324bc98a57274bd3fff8f756217c011484ebf6b614060115a699ee134.exe
[2025-05-27 04:27:22.693] Path: D:\new\ransomware_high_confidence\darkside\78782fd324bc98a57274bd3fff8f756217c011484ebf6b614060115a699ee134.exe
[2025-05-27 04:27:22.693] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\78782fd324bc98a57274bd3fff8f756217c011484ebf6b614060115a699ee134.exe
[2025-05-27 04:27:22.693] Malware execution time: 60 seconds
[2025-05-27 04:27:22.693] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:27:24.224] Restoring snapshot 35 done
[2025-05-27 04:27:24.224] Starting up VM
[2025-05-27 04:27:30.390] Starting up VM done
[2025-05-27 04:27:30.390] Installing kernel driver
[2025-05-27 04:27:30.390] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:27:34.448] Kernel driver installation completed
[2025-05-27 04:27:34.448] Starting GP driver service
[2025-05-27 04:27:34.448] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:27:37.596] GP driver service started
[2025-05-27 04:27:37.596] Executing malware sample: D:\new\ransomware_high_confidence\darkside\78782fd324bc98a57274bd3fff8f756217c011484ebf6b614060115a699ee134.exe
[2025-05-27 04:27:37.597] Malware execution started
[2025-05-27 04:27:37.597] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:28:37.605] Taking screenshot
[2025-05-27 04:28:37.666] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:29:28.840] Powering off VM done
[2025-05-27 04:29:31.840] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:29:33.065] Restoring snapshot 35 done
[2025-05-27 04:29:33.065] Kernel telemetry analysis completed in 130.4 seconds.

[2025-05-27 04:29:33.065] ✅ Analysis completed successfully!
[2025-05-27 04:29:33.065] Progress: 31.9% (449/1408)
[2025-05-27 04:29:33.065] Successful: 449, Failed: 0
[2025-05-27 04:29:33.065] Time remaining: 34.9h
[2025-05-27 04:29:33.065] Waiting 5 seconds before next sample...
[2025-05-27 04:29:38.065] SAMPLE 450/1408
[2025-05-27 04:29:38.065] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:29:38.065] File: 8cfd28911878af048fb96b6cc0b9da770542576d5c2b20b193c3cfc4bde4d3bc.exe
[2025-05-27 04:29:38.065] Path: D:\new\ransomware_high_confidence\darkside\8cfd28911878af048fb96b6cc0b9da770542576d5c2b20b193c3cfc4bde4d3bc.exe
[2025-05-27 04:29:38.065] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\8cfd28911878af048fb96b6cc0b9da770542576d5c2b20b193c3cfc4bde4d3bc.exe
[2025-05-27 04:29:38.065] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:29:39.804] Restoring snapshot 35 done
[2025-05-27 04:29:39.804] Starting up VM
[2025-05-27 04:29:45.900] Starting up VM done
[2025-05-27 04:29:45.900] Installing kernel driver
[2025-05-27 04:29:45.900] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:29:50.083] Kernel driver installation completed
[2025-05-27 04:29:50.083] Starting GP driver service
[2025-05-27 04:29:50.083] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:29:53.239] GP driver service started
[2025-05-27 04:29:53.239] Executing malware sample: D:\new\ransomware_high_confidence\darkside\8cfd28911878af048fb96b6cc0b9da770542576d5c2b20b193c3cfc4bde4d3bc.exe
[2025-05-27 04:29:53.239] Malware execution started
[2025-05-27 04:29:53.239] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:30:53.247] Taking screenshot
[2025-05-27 04:30:53.311] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:31:16.105] Powering off VM done
[2025-05-27 04:31:19.106] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:31:20.437] Restoring snapshot 35 done
[2025-05-27 04:31:20.437] Kernel telemetry analysis completed in 102.4 seconds.

[2025-05-27 04:31:20.437] ✅ Analysis completed successfully!
[2025-05-27 04:31:20.437] Progress: 32.0% (450/1408)
[2025-05-27 04:31:20.437] Successful: 450, Failed: 0
[2025-05-27 04:31:20.437] Time remaining: 34.8h
[2025-05-27 04:31:20.437] Waiting 5 seconds before next sample...
[2025-05-27 04:31:25.437] SAMPLE 451/1408
[2025-05-27 04:31:25.437] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:31:25.437] File: 973dfafc3051d8c2849f62c556ab8057da706f15d1ffd8871de894ae3a24d86b.exe
[2025-05-27 04:31:25.437] Path: D:\new\ransomware_high_confidence\darkside\973dfafc3051d8c2849f62c556ab8057da706f15d1ffd8871de894ae3a24d86b.exe
[2025-05-27 04:31:25.437] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\973dfafc3051d8c2849f62c556ab8057da706f15d1ffd8871de894ae3a24d86b.exe
[2025-05-27 04:31:25.437] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:31:26.944] Restoring snapshot 35 done
[2025-05-27 04:31:26.944] Starting up VM
[2025-05-27 04:31:33.304] Starting up VM done
[2025-05-27 04:31:33.304] Installing kernel driver
[2025-05-27 04:31:33.304] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:31:37.536] Kernel driver installation completed
[2025-05-27 04:31:37.536] Starting GP driver service
[2025-05-27 04:31:37.536] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:31:40.694] GP driver service started
[2025-05-27 04:31:40.694] Executing malware sample: D:\new\ransomware_high_confidence\darkside\973dfafc3051d8c2849f62c556ab8057da706f15d1ffd8871de894ae3a24d86b.exe
[2025-05-27 04:31:40.695] Malware execution started
[2025-05-27 04:31:40.695] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:32:40.703] Taking screenshot
[2025-05-27 04:32:40.766] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:32:58.155] Powering off VM done
[2025-05-27 04:33:01.156] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:33:02.373] Restoring snapshot 35 done
[2025-05-27 04:33:02.373] Kernel telemetry analysis completed in 96.9 seconds.

[2025-05-27 04:33:02.373] ✅ Analysis completed successfully!
[2025-05-27 04:33:02.373] Progress: 32.0% (451/1408)
[2025-05-27 04:33:02.373] Successful: 451, Failed: 0
[2025-05-27 04:33:02.373] Time remaining: 34.8h
[2025-05-27 04:33:02.373] Waiting 5 seconds before next sample...
[2025-05-27 04:33:07.373] SAMPLE 452/1408
[2025-05-27 04:33:07.373] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:33:07.373] File: 9cee5522a7ca2bfca7cd3d9daba23e9a30deb6205f56c12045839075f7627297.exe
[2025-05-27 04:33:07.373] Path: D:\new\ransomware_high_confidence\darkside\9cee5522a7ca2bfca7cd3d9daba23e9a30deb6205f56c12045839075f7627297.exe
[2025-05-27 04:33:07.373] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\9cee5522a7ca2bfca7cd3d9daba23e9a30deb6205f56c12045839075f7627297.exe
[2025-05-27 04:33:07.373] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:33:09.278] Restoring snapshot 35 done
[2025-05-27 04:33:09.278] Starting up VM
[2025-05-27 04:33:15.342] Starting up VM done
[2025-05-27 04:33:15.342] Installing kernel driver
[2025-05-27 04:33:15.342] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:33:19.375] Kernel driver installation completed
[2025-05-27 04:33:19.375] Starting GP driver service
[2025-05-27 04:33:19.375] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:33:22.526] GP driver service started
[2025-05-27 04:33:22.526] Executing malware sample: D:\new\ransomware_high_confidence\darkside\9cee5522a7ca2bfca7cd3d9daba23e9a30deb6205f56c12045839075f7627297.exe
[2025-05-27 04:33:22.526] Malware execution started
[2025-05-27 04:33:22.526] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:34:22.535] Taking screenshot
[2025-05-27 04:34:22.596] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:34:49.221] Powering off VM done
[2025-05-27 04:34:52.221] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:34:53.404] Restoring snapshot 35 done
[2025-05-27 04:34:53.404] Kernel telemetry analysis completed in 106.0 seconds.

[2025-05-27 04:34:53.404] ✅ Analysis completed successfully!
[2025-05-27 04:34:53.404] Progress: 32.1% (452/1408)
[2025-05-27 04:34:53.404] Successful: 452, Failed: 0
[2025-05-27 04:34:53.404] Time remaining: 34.7h
[2025-05-27 04:34:53.404] Waiting 5 seconds before next sample...
[2025-05-27 04:34:58.405] SAMPLE 453/1408
[2025-05-27 04:34:58.405] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:34:58.405] File: a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210.exe
[2025-05-27 04:34:58.405] Path: D:\new\ransomware_high_confidence\darkside\a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210.exe
[2025-05-27 04:34:58.405] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210.exe
[2025-05-27 04:34:58.405] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:34:59.976] Restoring snapshot 35 done
[2025-05-27 04:34:59.976] Starting up VM
[2025-05-27 04:35:05.966] Starting up VM done
[2025-05-27 04:35:05.966] Installing kernel driver
[2025-05-27 04:35:05.966] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:35:15.871] Kernel driver installation completed
[2025-05-27 04:35:15.872] Starting GP driver service
[2025-05-27 04:35:15.872] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:35:19.028] GP driver service started
[2025-05-27 04:35:19.028] Executing malware sample: D:\new\ransomware_high_confidence\darkside\a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210.exe
[2025-05-27 04:35:19.029] Malware execution started
[2025-05-27 04:35:19.029] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:36:19.038] Taking screenshot
[2025-05-27 04:36:19.101] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:36:39.309] Powering off VM done
[2025-05-27 04:36:42.309] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:36:43.927] Restoring snapshot 35 done
[2025-05-27 04:36:43.927] Kernel telemetry analysis completed in 105.5 seconds.

[2025-05-27 04:36:43.927] ✅ Analysis completed successfully!
[2025-05-27 04:36:43.927] Progress: 32.2% (453/1408)
[2025-05-27 04:36:43.927] Successful: 453, Failed: 0
[2025-05-27 04:36:43.927] Time remaining: 34.7h
[2025-05-27 04:36:43.927] Waiting 5 seconds before next sample...
[2025-05-27 04:36:48.927] SAMPLE 454/1408
[2025-05-27 04:36:48.927] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:36:48.927] File: ac092962654b46a670b030026d07f5b8161cecd2abd6eece52b7892965aa521b.exe
[2025-05-27 04:36:48.927] Path: D:\new\ransomware_high_confidence\darkside\ac092962654b46a670b030026d07f5b8161cecd2abd6eece52b7892965aa521b.exe
[2025-05-27 04:36:48.928] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\ac092962654b46a670b030026d07f5b8161cecd2abd6eece52b7892965aa521b.exe
[2025-05-27 04:36:48.928] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:36:50.763] Restoring snapshot 35 done
[2025-05-27 04:36:50.763] Starting up VM
[2025-05-27 04:36:56.628] Starting up VM done
[2025-05-27 04:36:56.628] Installing kernel driver
[2025-05-27 04:36:56.628] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:37:00.269] Kernel driver installation completed
[2025-05-27 04:37:00.269] Starting GP driver service
[2025-05-27 04:37:00.269] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:37:03.421] GP driver service started
[2025-05-27 04:37:03.421] Executing malware sample: D:\new\ransomware_high_confidence\darkside\ac092962654b46a670b030026d07f5b8161cecd2abd6eece52b7892965aa521b.exe
[2025-05-27 04:37:03.421] Malware execution started
[2025-05-27 04:37:03.421] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:38:03.429] Taking screenshot
[2025-05-27 04:38:03.492] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:38:28.885] Powering off VM done
[2025-05-27 04:38:31.885] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:38:33.323] Restoring snapshot 35 done
[2025-05-27 04:38:33.323] Kernel telemetry analysis completed in 104.4 seconds.

[2025-05-27 04:38:33.323] ✅ Analysis completed successfully!
[2025-05-27 04:38:33.323] Progress: 32.2% (454/1408)
[2025-05-27 04:38:33.323] Successful: 454, Failed: 0
[2025-05-27 04:38:33.323] Time remaining: 34.6h
[2025-05-27 04:38:33.324] Waiting 5 seconds before next sample...
[2025-05-27 04:38:38.324] SAMPLE 455/1408
[2025-05-27 04:38:38.324] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:38:38.324] File: afb22b1ff281c085b60052831ead0a0ed300fac0160f87851dacc67d4e158178.exe
[2025-05-27 04:38:38.324] Path: D:\new\ransomware_high_confidence\darkside\afb22b1ff281c085b60052831ead0a0ed300fac0160f87851dacc67d4e158178.exe
[2025-05-27 04:38:38.324] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\afb22b1ff281c085b60052831ead0a0ed300fac0160f87851dacc67d4e158178.exe
[2025-05-27 04:38:38.324] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:38:39.888] Restoring snapshot 35 done
[2025-05-27 04:38:39.888] Starting up VM
[2025-05-27 04:38:45.579] Starting up VM done
[2025-05-27 04:38:45.579] Installing kernel driver
[2025-05-27 04:38:45.579] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:38:49.551] Kernel driver installation completed
[2025-05-27 04:38:49.551] Starting GP driver service
[2025-05-27 04:38:49.551] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:38:52.712] GP driver service started
[2025-05-27 04:38:52.713] Executing malware sample: D:\new\ransomware_high_confidence\darkside\afb22b1ff281c085b60052831ead0a0ed300fac0160f87851dacc67d4e158178.exe
[2025-05-27 04:38:52.713] Malware execution started
[2025-05-27 04:38:52.713] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:39:52.721] Taking screenshot
[2025-05-27 04:39:52.783] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:40:23.158] Powering off VM done
[2025-05-27 04:40:26.158] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:40:27.187] Restoring snapshot 35 done
[2025-05-27 04:40:27.187] Kernel telemetry analysis completed in 108.9 seconds.

[2025-05-27 04:40:27.187] ✅ Analysis completed successfully!
[2025-05-27 04:40:27.187] Progress: 32.3% (455/1408)
[2025-05-27 04:40:27.187] Successful: 455, Failed: 0
[2025-05-27 04:40:27.187] Time remaining: 34.6h
[2025-05-27 04:40:27.187] Waiting 5 seconds before next sample...
[2025-05-27 04:40:32.187] SAMPLE 456/1408
[2025-05-27 04:40:32.187] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:40:32.187] File: b565e9266717161163e884793dc1004f9f2ca94ab0533df9c167d5d188cebf2f.exe
[2025-05-27 04:40:32.187] Path: D:\new\ransomware_high_confidence\darkside\b565e9266717161163e884793dc1004f9f2ca94ab0533df9c167d5d188cebf2f.exe
[2025-05-27 04:40:32.188] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\b565e9266717161163e884793dc1004f9f2ca94ab0533df9c167d5d188cebf2f.exe
[2025-05-27 04:40:32.188] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:40:34.068] Restoring snapshot 35 done
[2025-05-27 04:40:34.068] Starting up VM
[2025-05-27 04:40:40.472] Starting up VM done
[2025-05-27 04:40:40.472] Installing kernel driver
[2025-05-27 04:40:40.472] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:40:44.567] Kernel driver installation completed
[2025-05-27 04:40:44.567] Starting GP driver service
[2025-05-27 04:40:44.567] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:40:47.722] GP driver service started
[2025-05-27 04:40:47.722] Executing malware sample: D:\new\ransomware_high_confidence\darkside\b565e9266717161163e884793dc1004f9f2ca94ab0533df9c167d5d188cebf2f.exe
[2025-05-27 04:40:47.722] Malware execution started
[2025-05-27 04:40:47.722] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:41:47.730] Taking screenshot
[2025-05-27 04:41:47.793] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:42:06.838] Powering off VM done
[2025-05-27 04:42:09.839] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:42:10.860] Restoring snapshot 35 done
[2025-05-27 04:42:10.860] Kernel telemetry analysis completed in 98.7 seconds.

[2025-05-27 04:42:10.860] ✅ Analysis completed successfully!
[2025-05-27 04:42:10.860] Progress: 32.4% (456/1408)
[2025-05-27 04:42:10.860] Successful: 456, Failed: 0
[2025-05-27 04:42:10.860] Time remaining: 34.5h
[2025-05-27 04:42:10.860] Waiting 5 seconds before next sample...
[2025-05-27 04:42:15.860] SAMPLE 457/1408
[2025-05-27 04:42:15.860] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:42:15.860] File: b6855793aebdd821a7f368585335cb132a043d30cb1f8dccceb5d2127ed4b9a4.exe
[2025-05-27 04:42:15.860] Path: D:\new\ransomware_high_confidence\darkside\b6855793aebdd821a7f368585335cb132a043d30cb1f8dccceb5d2127ed4b9a4.exe
[2025-05-27 04:42:15.860] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\b6855793aebdd821a7f368585335cb132a043d30cb1f8dccceb5d2127ed4b9a4.exe
[2025-05-27 04:42:15.860] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:42:17.490] Restoring snapshot 35 done
[2025-05-27 04:42:17.490] Starting up VM
[2025-05-27 04:42:23.649] Starting up VM done
[2025-05-27 04:42:23.649] Installing kernel driver
[2025-05-27 04:42:23.649] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:42:28.044] Kernel driver installation completed
[2025-05-27 04:42:28.044] Starting GP driver service
[2025-05-27 04:42:28.044] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:42:31.202] GP driver service started
[2025-05-27 04:42:31.202] Executing malware sample: D:\new\ransomware_high_confidence\darkside\b6855793aebdd821a7f368585335cb132a043d30cb1f8dccceb5d2127ed4b9a4.exe
[2025-05-27 04:42:31.202] Malware execution started
[2025-05-27 04:42:31.202] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:43:31.211] Taking screenshot
[2025-05-27 04:43:31.274] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:43:48.765] Powering off VM done
[2025-05-27 04:43:51.766] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:43:53.416] Restoring snapshot 35 done
[2025-05-27 04:43:53.416] Kernel telemetry analysis completed in 97.6 seconds.

[2025-05-27 04:43:53.416] ✅ Analysis completed successfully!
[2025-05-27 04:43:53.416] Progress: 32.5% (457/1408)
[2025-05-27 04:43:53.417] Successful: 457, Failed: 0
[2025-05-27 04:43:53.417] Time remaining: 34.5h
[2025-05-27 04:43:53.417] Waiting 5 seconds before next sample...
[2025-05-27 04:43:58.417] SAMPLE 458/1408
[2025-05-27 04:43:58.417] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:43:58.417] File: bac7f1cb70a0fe909590f7b270248705d216b4abaf4e5dd4969fa4f1949badec.exe
[2025-05-27 04:43:58.417] Path: D:\new\ransomware_high_confidence\darkside\bac7f1cb70a0fe909590f7b270248705d216b4abaf4e5dd4969fa4f1949badec.exe
[2025-05-27 04:43:58.417] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\bac7f1cb70a0fe909590f7b270248705d216b4abaf4e5dd4969fa4f1949badec.exe
[2025-05-27 04:43:58.417] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:44:00.525] Restoring snapshot 35 done
[2025-05-27 04:44:00.525] Starting up VM
[2025-05-27 04:44:06.550] Starting up VM done
[2025-05-27 04:44:06.550] Installing kernel driver
[2025-05-27 04:44:06.550] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:44:10.347] Kernel driver installation completed
[2025-05-27 04:44:10.347] Starting GP driver service
[2025-05-27 04:44:10.347] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:44:13.498] GP driver service started
[2025-05-27 04:44:13.498] Executing malware sample: D:\new\ransomware_high_confidence\darkside\bac7f1cb70a0fe909590f7b270248705d216b4abaf4e5dd4969fa4f1949badec.exe
[2025-05-27 04:44:13.498] Malware execution started
[2025-05-27 04:44:13.498] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:45:13.507] Taking screenshot
[2025-05-27 04:45:13.571] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:45:29.435] Powering off VM done
[2025-05-27 04:45:32.436] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:45:34.137] Restoring snapshot 35 done
[2025-05-27 04:45:34.137] Kernel telemetry analysis completed in 95.7 seconds.

[2025-05-27 04:45:34.137] ✅ Analysis completed successfully!
[2025-05-27 04:45:34.137] Progress: 32.5% (458/1408)
[2025-05-27 04:45:34.137] Successful: 458, Failed: 0
[2025-05-27 04:45:34.137] Time remaining: 34.4h
[2025-05-27 04:45:34.137] Waiting 5 seconds before next sample...
[2025-05-27 04:45:39.137] SAMPLE 459/1408
[2025-05-27 04:45:39.137] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:45:39.137] File: bafa2efff234303166d663f967037dae43701e7d63d914efc8c894b3e5be9408.exe
[2025-05-27 04:45:39.137] Path: D:\new\ransomware_high_confidence\darkside\bafa2efff234303166d663f967037dae43701e7d63d914efc8c894b3e5be9408.exe
[2025-05-27 04:45:39.137] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\bafa2efff234303166d663f967037dae43701e7d63d914efc8c894b3e5be9408.exe
[2025-05-27 04:45:39.137] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:45:40.664] Restoring snapshot 35 done
[2025-05-27 04:45:40.664] Starting up VM
[2025-05-27 04:45:46.948] Starting up VM done
[2025-05-27 04:45:46.948] Installing kernel driver
[2025-05-27 04:45:46.948] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:45:50.793] Kernel driver installation completed
[2025-05-27 04:45:50.793] Starting GP driver service
[2025-05-27 04:45:50.793] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:45:53.947] GP driver service started
[2025-05-27 04:45:53.947] Executing malware sample: D:\new\ransomware_high_confidence\darkside\bafa2efff234303166d663f967037dae43701e7d63d914efc8c894b3e5be9408.exe
[2025-05-27 04:45:53.947] Malware execution started
[2025-05-27 04:45:53.947] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:46:53.956] Taking screenshot
[2025-05-27 04:46:54.019] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:47:28.341] Powering off VM done
[2025-05-27 04:47:31.341] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:47:32.436] Restoring snapshot 35 done
[2025-05-27 04:47:32.436] Kernel telemetry analysis completed in 113.3 seconds.

[2025-05-27 04:47:32.436] ✅ Analysis completed successfully!
[2025-05-27 04:47:32.436] Progress: 32.6% (459/1408)
[2025-05-27 04:47:32.436] Successful: 459, Failed: 0
[2025-05-27 04:47:32.436] Time remaining: 34.4h
[2025-05-27 04:47:32.436] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-27 04:47:37.436] SAMPLE 460/1408
[2025-05-27 04:47:37.436] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:47:37.436] File: bc32a2ccf158ebe2b76646be865a4c6dd91da6b8e5bb0dd9520102a9bfea5439.exe
[2025-05-27 04:47:37.436] Path: D:\new\ransomware_high_confidence\darkside\bc32a2ccf158ebe2b76646be865a4c6dd91da6b8e5bb0dd9520102a9bfea5439.exe
[2025-05-27 04:47:37.437] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\bc32a2ccf158ebe2b76646be865a4c6dd91da6b8e5bb0dd9520102a9bfea5439.exe
[2025-05-27 04:47:37.437] Malware execution time: 60 seconds
[2025-05-27 04:47:37.437] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:47:38.870] Restoring snapshot 35 done
[2025-05-27 04:47:38.870] Starting up VM
[2025-05-27 04:47:45.179] Starting up VM done
[2025-05-27 04:47:45.179] Installing kernel driver
[2025-05-27 04:47:45.179] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:47:49.671] Kernel driver installation completed
[2025-05-27 04:47:49.671] Starting GP driver service
[2025-05-27 04:47:49.671] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:47:52.820] GP driver service started
[2025-05-27 04:47:52.820] Executing malware sample: D:\new\ransomware_high_confidence\darkside\bc32a2ccf158ebe2b76646be865a4c6dd91da6b8e5bb0dd9520102a9bfea5439.exe
[2025-05-27 04:47:52.821] Malware execution started
[2025-05-27 04:47:52.821] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:48:52.829] Taking screenshot
[2025-05-27 04:48:52.891] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:49:38.247] Powering off VM done
[2025-05-27 04:49:41.248] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:49:43.025] Restoring snapshot 35 done
[2025-05-27 04:49:43.025] Kernel telemetry analysis completed in 125.6 seconds.

[2025-05-27 04:49:43.025] ✅ Analysis completed successfully!
[2025-05-27 04:49:43.025] Progress: 32.7% (460/1408)
[2025-05-27 04:49:43.025] Successful: 460, Failed: 0
[2025-05-27 04:49:43.025] Time remaining: 34.4h
[2025-05-27 04:49:43.025] Waiting 5 seconds before next sample...
[2025-05-27 04:49:48.025] SAMPLE 461/1408
[2025-05-27 04:49:48.025] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:49:48.025] File: bfb31c96f9e6285f5bb60433f2e45898b8a7183a2591157dc1d766be16c29893.exe
[2025-05-27 04:49:48.025] Path: D:\new\ransomware_high_confidence\darkside\bfb31c96f9e6285f5bb60433f2e45898b8a7183a2591157dc1d766be16c29893.exe
[2025-05-27 04:49:48.025] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\bfb31c96f9e6285f5bb60433f2e45898b8a7183a2591157dc1d766be16c29893.exe
[2025-05-27 04:49:48.025] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:49:48.620] Restoring snapshot 35 done
[2025-05-27 04:49:48.621] Starting up VM
[2025-05-27 04:49:54.508] Starting up VM done
[2025-05-27 04:49:54.508] Installing kernel driver
[2025-05-27 04:49:54.508] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:49:58.857] Kernel driver installation completed
[2025-05-27 04:49:58.857] Starting GP driver service
[2025-05-27 04:49:58.857] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:50:02.015] GP driver service started
[2025-05-27 04:50:02.015] Executing malware sample: D:\new\ransomware_high_confidence\darkside\bfb31c96f9e6285f5bb60433f2e45898b8a7183a2591157dc1d766be16c29893.exe
[2025-05-27 04:50:02.015] Malware execution started
[2025-05-27 04:50:02.015] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:51:02.023] Taking screenshot
[2025-05-27 04:51:02.086] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:51:18.753] Powering off VM done
[2025-05-27 04:51:21.753] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:51:23.179] Restoring snapshot 35 done
[2025-05-27 04:51:23.179] Kernel telemetry analysis completed in 95.2 seconds.

[2025-05-27 04:51:23.179] ✅ Analysis completed successfully!
[2025-05-27 04:51:23.179] Progress: 32.7% (461/1408)
[2025-05-27 04:51:23.179] Successful: 461, Failed: 0
[2025-05-27 04:51:23.179] Time remaining: 34.3h
[2025-05-27 04:51:23.179] Waiting 5 seconds before next sample...
[2025-05-27 04:51:28.179] SAMPLE 462/1408
[2025-05-27 04:51:28.179] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:51:28.179] File: cbbc7052fed8d0002d07736a68219f01a5a4e1c19ee50310e2381e96fa8836ed.exe
[2025-05-27 04:51:28.179] Path: D:\new\ransomware_high_confidence\darkside\cbbc7052fed8d0002d07736a68219f01a5a4e1c19ee50310e2381e96fa8836ed.exe
[2025-05-27 04:51:28.179] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\cbbc7052fed8d0002d07736a68219f01a5a4e1c19ee50310e2381e96fa8836ed.exe
[2025-05-27 04:51:28.179] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:51:30.127] Restoring snapshot 35 done
[2025-05-27 04:51:30.127] Starting up VM
[2025-05-27 04:51:36.182] Starting up VM done
[2025-05-27 04:51:36.182] Installing kernel driver
[2025-05-27 04:51:36.182] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:51:39.865] Kernel driver installation completed
[2025-05-27 04:51:39.865] Starting GP driver service
[2025-05-27 04:51:39.865] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:51:43.026] GP driver service started
[2025-05-27 04:51:43.026] Executing malware sample: D:\new\ransomware_high_confidence\darkside\cbbc7052fed8d0002d07736a68219f01a5a4e1c19ee50310e2381e96fa8836ed.exe
[2025-05-27 04:51:43.027] Malware execution started
[2025-05-27 04:51:43.027] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:52:43.035] Taking screenshot
[2025-05-27 04:52:43.097] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:53:27.344] Powering off VM done
[2025-05-27 04:53:30.344] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:53:31.857] Restoring snapshot 35 done
[2025-05-27 04:53:31.857] Kernel telemetry analysis completed in 123.7 seconds.

[2025-05-27 04:53:31.857] ✅ Analysis completed successfully!
[2025-05-27 04:53:31.857] Progress: 32.8% (462/1408)
[2025-05-27 04:53:31.857] Successful: 462, Failed: 0
[2025-05-27 04:53:31.857] Time remaining: 34.3h
[2025-05-27 04:53:31.857] Waiting 5 seconds before next sample...
[2025-05-27 04:53:36.858] SAMPLE 463/1408
[2025-05-27 04:53:36.858] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:53:36.858] File: cc54647e8c3fe7b701d78a6fa072c52641ac11d395a6d2ffaf05f38f53112556.exe
[2025-05-27 04:53:36.858] Path: D:\new\ransomware_high_confidence\darkside\cc54647e8c3fe7b701d78a6fa072c52641ac11d395a6d2ffaf05f38f53112556.exe
[2025-05-27 04:53:36.858] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\cc54647e8c3fe7b701d78a6fa072c52641ac11d395a6d2ffaf05f38f53112556.exe
[2025-05-27 04:53:36.858] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:53:38.407] Restoring snapshot 35 done
[2025-05-27 04:53:38.407] Starting up VM
[2025-05-27 04:53:44.276] Starting up VM done
[2025-05-27 04:53:44.276] Installing kernel driver
[2025-05-27 04:53:44.276] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:53:47.924] Kernel driver installation completed
[2025-05-27 04:53:47.924] Starting GP driver service
[2025-05-27 04:53:47.924] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:53:51.078] GP driver service started
[2025-05-27 04:53:51.078] Executing malware sample: D:\new\ransomware_high_confidence\darkside\cc54647e8c3fe7b701d78a6fa072c52641ac11d395a6d2ffaf05f38f53112556.exe
[2025-05-27 04:53:51.079] Malware execution started
[2025-05-27 04:53:51.079] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:54:51.087] Taking screenshot
[2025-05-27 04:54:51.148] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:56:08.317] Powering off VM done
[2025-05-27 04:56:11.317] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:56:12.734] Restoring snapshot 35 done
[2025-05-27 04:56:12.734] Kernel telemetry analysis completed in 155.9 seconds.

[2025-05-27 04:56:12.734] ✅ Analysis completed successfully!
[2025-05-27 04:56:12.734] Progress: 32.9% (463/1408)
[2025-05-27 04:56:12.734] Successful: 463, Failed: 0
[2025-05-27 04:56:12.734] Time remaining: 34.2h
[2025-05-27 04:56:12.734] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-27 04:56:17.735] SAMPLE 464/1408
[2025-05-27 04:56:17.735] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:56:17.735] File: d43b271fb4931263f8fa54b297e3cf60762a0fe5c50ed76999f276dcc3c283be.exe
[2025-05-27 04:56:17.735] Path: D:\new\ransomware_high_confidence\darkside\d43b271fb4931263f8fa54b297e3cf60762a0fe5c50ed76999f276dcc3c283be.exe
[2025-05-27 04:56:17.735] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\d43b271fb4931263f8fa54b297e3cf60762a0fe5c50ed76999f276dcc3c283be.exe
[2025-05-27 04:56:17.735] Malware execution time: 60 seconds
[2025-05-27 04:56:17.735] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:56:19.146] Restoring snapshot 35 done
[2025-05-27 04:56:19.146] Starting up VM
[2025-05-27 04:56:25.402] Starting up VM done
[2025-05-27 04:56:25.402] Installing kernel driver
[2025-05-27 04:56:25.402] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:56:29.855] Kernel driver installation completed
[2025-05-27 04:56:29.855] Starting GP driver service
[2025-05-27 04:56:29.855] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:56:33.010] GP driver service started
[2025-05-27 04:56:33.011] Executing malware sample: D:\new\ransomware_high_confidence\darkside\d43b271fb4931263f8fa54b297e3cf60762a0fe5c50ed76999f276dcc3c283be.exe
[2025-05-27 04:56:33.011] Malware execution started
[2025-05-27 04:56:33.011] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:57:33.019] Taking screenshot
[2025-05-27 04:57:33.079] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:58:03.753] Powering off VM done
[2025-05-27 04:58:06.753] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:58:08.204] Restoring snapshot 35 done
[2025-05-27 04:58:08.204] Kernel telemetry analysis completed in 110.5 seconds.

[2025-05-27 04:58:08.204] ✅ Analysis completed successfully!
[2025-05-27 04:58:08.204] Progress: 33.0% (464/1408)
[2025-05-27 04:58:08.204] Successful: 464, Failed: 0
[2025-05-27 04:58:08.204] Time remaining: 34.2h
[2025-05-27 04:58:08.205] Waiting 5 seconds before next sample...
[2025-05-27 04:58:13.205] SAMPLE 465/1408
[2025-05-27 04:58:13.205] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:58:13.205] File: d97c0b6ee613e03aa3256fcdd3757e54ba4c7bb5910887247dc857f2701f9a46.exe
[2025-05-27 04:58:13.205] Path: D:\new\ransomware_high_confidence\darkside\d97c0b6ee613e03aa3256fcdd3757e54ba4c7bb5910887247dc857f2701f9a46.exe
[2025-05-27 04:58:13.205] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\d97c0b6ee613e03aa3256fcdd3757e54ba4c7bb5910887247dc857f2701f9a46.exe
[2025-05-27 04:58:13.205] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:58:14.205] Restoring snapshot 35 done
[2025-05-27 04:58:14.205] Starting up VM
[2025-05-27 04:58:20.534] Starting up VM done
[2025-05-27 04:58:20.534] Installing kernel driver
[2025-05-27 04:58:20.534] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 04:58:24.114] Kernel driver installation completed
[2025-05-27 04:58:24.114] Starting GP driver service
[2025-05-27 04:58:24.114] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 04:58:27.284] GP driver service started
[2025-05-27 04:58:27.284] Executing malware sample: D:\new\ransomware_high_confidence\darkside\d97c0b6ee613e03aa3256fcdd3757e54ba4c7bb5910887247dc857f2701f9a46.exe
[2025-05-27 04:58:27.284] Malware execution started
[2025-05-27 04:58:27.284] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 04:59:27.292] Taking screenshot
[2025-05-27 04:59:27.355] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:59:45.753] Powering off VM done
[2025-05-27 04:59:48.753] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:59:50.172] Restoring snapshot 35 done
[2025-05-27 04:59:50.172] Kernel telemetry analysis completed in 97.0 seconds.

[2025-05-27 04:59:50.172] ✅ Analysis completed successfully!
[2025-05-27 04:59:50.172] Progress: 33.0% (465/1408)
[2025-05-27 04:59:50.172] Successful: 465, Failed: 0
[2025-05-27 04:59:50.172] Time remaining: 34.2h
[2025-05-27 04:59:50.172] Waiting 5 seconds before next sample...
[2025-05-27 04:59:55.172] SAMPLE 466/1408
[2025-05-27 04:59:55.172] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 04:59:55.172] File: e0493b082077648eb33ca1294f2b26bc4c96d3820913c46330923e8bb3d73230.exe
[2025-05-27 04:59:55.173] Path: D:\new\ransomware_high_confidence\darkside\e0493b082077648eb33ca1294f2b26bc4c96d3820913c46330923e8bb3d73230.exe
[2025-05-27 04:59:55.173] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\e0493b082077648eb33ca1294f2b26bc4c96d3820913c46330923e8bb3d73230.exe
[2025-05-27 04:59:55.173] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 04:59:56.955] Restoring snapshot 35 done
[2025-05-27 04:59:56.955] Starting up VM
[2025-05-27 05:00:03.220] Starting up VM done
[2025-05-27 05:00:03.220] Installing kernel driver
[2025-05-27 05:00:03.220] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:00:07.584] Kernel driver installation completed
[2025-05-27 05:00:07.584] Starting GP driver service
[2025-05-27 05:00:07.584] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:00:10.738] GP driver service started
[2025-05-27 05:00:10.738] Executing malware sample: D:\new\ransomware_high_confidence\darkside\e0493b082077648eb33ca1294f2b26bc4c96d3820913c46330923e8bb3d73230.exe
[2025-05-27 05:00:10.739] Malware execution started
[2025-05-27 05:00:10.739] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:01:10.747] Taking screenshot
[2025-05-27 05:01:10.810] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:01:30.409] Powering off VM done
[2025-05-27 05:01:33.409] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:01:34.772] Restoring snapshot 35 done
[2025-05-27 05:01:34.772] Kernel telemetry analysis completed in 99.6 seconds.

[2025-05-27 05:01:34.772] ✅ Analysis completed successfully!
[2025-05-27 05:01:34.772] Progress: 33.1% (466/1408)
[2025-05-27 05:01:34.772] Successful: 466, Failed: 0
[2025-05-27 05:01:34.772] Time remaining: 34.1h
[2025-05-27 05:01:34.772] Waiting 5 seconds before next sample...
[2025-05-27 05:01:39.772] SAMPLE 467/1408
[2025-05-27 05:01:39.772] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 05:01:39.772] File: e0c0cbc50a9ed4d01a176497c8dba913cbbba515ea701a67ef00dcb7c8a84368.exe
[2025-05-27 05:01:39.772] Path: D:\new\ransomware_high_confidence\darkside\e0c0cbc50a9ed4d01a176497c8dba913cbbba515ea701a67ef00dcb7c8a84368.exe
[2025-05-27 05:01:39.772] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\e0c0cbc50a9ed4d01a176497c8dba913cbbba515ea701a67ef00dcb7c8a84368.exe
[2025-05-27 05:01:39.772] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:01:41.588] Restoring snapshot 35 done
[2025-05-27 05:01:41.588] Starting up VM
[2025-05-27 05:01:47.792] Starting up VM done
[2025-05-27 05:01:47.792] Installing kernel driver
[2025-05-27 05:01:47.792] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:01:52.114] Kernel driver installation completed
[2025-05-27 05:01:52.114] Starting GP driver service
[2025-05-27 05:01:52.114] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:01:55.264] GP driver service started
[2025-05-27 05:01:55.264] Executing malware sample: D:\new\ransomware_high_confidence\darkside\e0c0cbc50a9ed4d01a176497c8dba913cbbba515ea701a67ef00dcb7c8a84368.exe
[2025-05-27 05:01:55.265] Malware execution started
[2025-05-27 05:01:55.265] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:02:55.273] Taking screenshot
[2025-05-27 05:02:55.335] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:03:09.796] Powering off VM done
[2025-05-27 05:03:12.796] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:03:13.712] Restoring snapshot 35 done
[2025-05-27 05:03:13.712] Kernel telemetry analysis completed in 93.9 seconds.

[2025-05-27 05:03:13.712] ✅ Analysis completed successfully!
[2025-05-27 05:03:13.712] Progress: 33.2% (467/1408)
[2025-05-27 05:03:13.712] Successful: 467, Failed: 0
[2025-05-27 05:03:13.712] Time remaining: 34.0h
[2025-05-27 05:03:13.712] Waiting 5 seconds before next sample...
[2025-05-27 05:03:18.712] SAMPLE 468/1408
[2025-05-27 05:03:18.712] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 05:03:18.712] File: e51e4c372edf2bbe476a4b7630225c1875c5ccea2ed55b418bd793c54ce9a84d.exe
[2025-05-27 05:03:18.712] Path: D:\new\ransomware_high_confidence\darkside\e51e4c372edf2bbe476a4b7630225c1875c5ccea2ed55b418bd793c54ce9a84d.exe
[2025-05-27 05:03:18.713] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\e51e4c372edf2bbe476a4b7630225c1875c5ccea2ed55b418bd793c54ce9a84d.exe
[2025-05-27 05:03:18.713] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:03:20.183] Restoring snapshot 35 done
[2025-05-27 05:03:20.183] Starting up VM
[2025-05-27 05:03:26.372] Starting up VM done
[2025-05-27 05:03:26.372] Installing kernel driver
[2025-05-27 05:03:26.372] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:03:30.058] Kernel driver installation completed
[2025-05-27 05:03:30.058] Starting GP driver service
[2025-05-27 05:03:30.058] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:03:33.211] GP driver service started
[2025-05-27 05:03:33.211] Executing malware sample: D:\new\ransomware_high_confidence\darkside\e51e4c372edf2bbe476a4b7630225c1875c5ccea2ed55b418bd793c54ce9a84d.exe
[2025-05-27 05:03:33.211] Malware execution started
[2025-05-27 05:03:33.211] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:04:33.220] Taking screenshot
[2025-05-27 05:04:33.282] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:04:50.626] Powering off VM done
[2025-05-27 05:04:53.627] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:04:54.955] Restoring snapshot 35 done
[2025-05-27 05:04:54.955] Kernel telemetry analysis completed in 96.2 seconds.

[2025-05-27 05:04:54.955] ✅ Analysis completed successfully!
[2025-05-27 05:04:54.955] Progress: 33.2% (468/1408)
[2025-05-27 05:04:54.955] Successful: 468, Failed: 0
[2025-05-27 05:04:54.955] Time remaining: 34.0h
[2025-05-27 05:04:54.955] Waiting 5 seconds before next sample...
[2025-05-27 05:04:59.955] SAMPLE 469/1408
[2025-05-27 05:04:59.955] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 05:04:59.955] File: ec368752c2cf3b23efbfa5705f9e582fc9d6766435a7b8eea8ef045082c6fbce.exe
[2025-05-27 05:04:59.955] Path: D:\new\ransomware_high_confidence\darkside\ec368752c2cf3b23efbfa5705f9e582fc9d6766435a7b8eea8ef045082c6fbce.exe
[2025-05-27 05:04:59.955] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\ec368752c2cf3b23efbfa5705f9e582fc9d6766435a7b8eea8ef045082c6fbce.exe
[2025-05-27 05:04:59.955] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:05:01.705] Restoring snapshot 35 done
[2025-05-27 05:05:01.705] Starting up VM
[2025-05-27 05:05:08.382] Starting up VM done
[2025-05-27 05:05:08.382] Installing kernel driver
[2025-05-27 05:05:08.382] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:05:12.688] Kernel driver installation completed
[2025-05-27 05:05:12.688] Starting GP driver service
[2025-05-27 05:05:12.688] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:05:15.846] GP driver service started
[2025-05-27 05:05:15.846] Executing malware sample: D:\new\ransomware_high_confidence\darkside\ec368752c2cf3b23efbfa5705f9e582fc9d6766435a7b8eea8ef045082c6fbce.exe
[2025-05-27 05:05:15.846] Malware execution started
[2025-05-27 05:05:15.846] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:06:15.855] Taking screenshot
[2025-05-27 05:06:15.918] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:06:41.788] Powering off VM done
[2025-05-27 05:06:44.788] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:06:46.318] Restoring snapshot 35 done
[2025-05-27 05:06:46.318] Kernel telemetry analysis completed in 106.4 seconds.

[2025-05-27 05:06:46.318] ✅ Analysis completed successfully!
[2025-05-27 05:06:46.318] Progress: 33.3% (469/1408)
[2025-05-27 05:06:46.318] Successful: 469, Failed: 0
[2025-05-27 05:06:46.318] Time remaining: 33.9h
[2025-05-27 05:06:46.318] Waiting 5 seconds before next sample...
[2025-05-27 05:06:51.318] SAMPLE 470/1408
[2025-05-27 05:06:51.318] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 05:06:51.318] File: f3f25af554bedfa4ee2824bb858280282bd87828d446048619dc49fe061741b4.exe
[2025-05-27 05:06:51.318] Path: D:\new\ransomware_high_confidence\darkside\f3f25af554bedfa4ee2824bb858280282bd87828d446048619dc49fe061741b4.exe
[2025-05-27 05:06:51.318] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\f3f25af554bedfa4ee2824bb858280282bd87828d446048619dc49fe061741b4.exe
[2025-05-27 05:06:51.318] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:06:53.198] Restoring snapshot 35 done
[2025-05-27 05:06:53.198] Starting up VM
[2025-05-27 05:06:59.091] Starting up VM done
[2025-05-27 05:06:59.091] Installing kernel driver
[2025-05-27 05:06:59.091] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:07:03.201] Kernel driver installation completed
[2025-05-27 05:07:03.201] Starting GP driver service
[2025-05-27 05:07:03.201] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:07:06.394] GP driver service started
[2025-05-27 05:07:06.395] Executing malware sample: D:\new\ransomware_high_confidence\darkside\f3f25af554bedfa4ee2824bb858280282bd87828d446048619dc49fe061741b4.exe
[2025-05-27 05:07:06.395] Malware execution started
[2025-05-27 05:07:06.395] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:08:06.403] Taking screenshot
[2025-05-27 05:08:06.466] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:08:32.639] Powering off VM done
[2025-05-27 05:08:35.639] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:08:36.663] Restoring snapshot 35 done
[2025-05-27 05:08:36.663] Kernel telemetry analysis completed in 105.3 seconds.

[2025-05-27 05:08:36.663] ✅ Analysis completed successfully!
[2025-05-27 05:08:36.663] Progress: 33.4% (470/1408)
[2025-05-27 05:08:36.663] Successful: 470, Failed: 0
[2025-05-27 05:08:36.663] Time remaining: 33.9h
[2025-05-27 05:08:36.663] Waiting 5 seconds before next sample...
[2025-05-27 05:08:41.664] SAMPLE 471/1408
[2025-05-27 05:08:41.664] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 05:08:41.664] File: f42bcc81c05e8944649958f8b9296c5523d1eb8ab00842d66530702e476561ef.exe
[2025-05-27 05:08:41.664] Path: D:\new\ransomware_high_confidence\darkside\f42bcc81c05e8944649958f8b9296c5523d1eb8ab00842d66530702e476561ef.exe
[2025-05-27 05:08:41.664] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\f42bcc81c05e8944649958f8b9296c5523d1eb8ab00842d66530702e476561ef.exe
[2025-05-27 05:08:41.664] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:08:43.547] Restoring snapshot 35 done
[2025-05-27 05:08:43.547] Starting up VM
[2025-05-27 05:08:49.449] Starting up VM done
[2025-05-27 05:08:49.449] Installing kernel driver
[2025-05-27 05:08:49.449] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:08:53.168] Kernel driver installation completed
[2025-05-27 05:08:53.168] Starting GP driver service
[2025-05-27 05:08:53.168] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:08:56.318] GP driver service started
[2025-05-27 05:08:56.318] Executing malware sample: D:\new\ransomware_high_confidence\darkside\f42bcc81c05e8944649958f8b9296c5523d1eb8ab00842d66530702e476561ef.exe
[2025-05-27 05:08:56.319] Malware execution started
[2025-05-27 05:08:56.319] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:09:56.327] Taking screenshot
[2025-05-27 05:09:56.388] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:10:13.329] Powering off VM done
[2025-05-27 05:10:16.329] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:10:16.641] Restoring snapshot 35 done
[2025-05-27 05:10:16.641] Kernel telemetry analysis completed in 95.0 seconds.

[2025-05-27 05:10:16.641] ✅ Analysis completed successfully!
[2025-05-27 05:10:16.641] Progress: 33.5% (471/1408)
[2025-05-27 05:10:16.641] Successful: 471, Failed: 0
[2025-05-27 05:10:16.641] Time remaining: 33.8h
[2025-05-27 05:10:16.641] Waiting 5 seconds before next sample...
[2025-05-27 05:10:21.641] SAMPLE 472/1408
[2025-05-27 05:10:21.641] Family: D:\new\ransomware_high_confidence\darkside
[2025-05-27 05:10:21.641] File: fb76b4a667c6d790c39fcc93a3aac8cd2a224f0eb9ece4ecfd7825f606c2a8b6.exe
[2025-05-27 05:10:21.641] Path: D:\new\ransomware_high_confidence\darkside\fb76b4a667c6d790c39fcc93a3aac8cd2a224f0eb9ece4ecfd7825f606c2a8b6.exe
[2025-05-27 05:10:21.642] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\darkside\fb76b4a667c6d790c39fcc93a3aac8cd2a224f0eb9ece4ecfd7825f606c2a8b6.exe
[2025-05-27 05:10:21.642] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:10:23.106] Restoring snapshot 35 done
[2025-05-27 05:10:23.106] Starting up VM
[2025-05-27 05:10:28.980] Starting up VM done
[2025-05-27 05:10:28.980] Installing kernel driver
[2025-05-27 05:10:28.981] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:10:33.295] Kernel driver installation completed
[2025-05-27 05:10:33.295] Starting GP driver service
[2025-05-27 05:10:33.295] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:10:36.453] GP driver service started
[2025-05-27 05:10:36.453] Executing malware sample: D:\new\ransomware_high_confidence\darkside\fb76b4a667c6d790c39fcc93a3aac8cd2a224f0eb9ece4ecfd7825f606c2a8b6.exe
[2025-05-27 05:10:36.454] Malware execution started
[2025-05-27 05:10:36.454] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:11:36.462] Taking screenshot
[2025-05-27 05:11:36.525] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:11:55.045] Powering off VM done
[2025-05-27 05:11:58.046] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:11:59.414] Restoring snapshot 35 done
[2025-05-27 05:11:59.414] Kernel telemetry analysis completed in 97.8 seconds.

[2025-05-27 05:11:59.414] ✅ Analysis completed successfully!
[2025-05-27 05:11:59.414] Progress: 33.5% (472/1408)
[2025-05-27 05:11:59.414] Successful: 472, Failed: 0
[2025-05-27 05:11:59.414] Time remaining: 33.8h
[2025-05-27 05:11:59.414] Waiting 5 seconds before next sample...
[2025-05-27 05:12:04.414] SAMPLE 473/1408
[2025-05-27 05:12:04.414] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:12:04.414] File: 00ce72bb6fb1d2c1d32aa4c4a147e1b9b390cf9d3ae8b5c0cab2718118db4430.exe
[2025-05-27 05:12:04.414] Path: D:\new\ransomware_high_confidence\dharma\00ce72bb6fb1d2c1d32aa4c4a147e1b9b390cf9d3ae8b5c0cab2718118db4430.exe
[2025-05-27 05:12:04.414] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\00ce72bb6fb1d2c1d32aa4c4a147e1b9b390cf9d3ae8b5c0cab2718118db4430.exe
[2025-05-27 05:12:04.414] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:12:05.954] Restoring snapshot 35 done
[2025-05-27 05:12:05.954] Starting up VM
[2025-05-27 05:12:12.710] Starting up VM done
[2025-05-27 05:12:12.710] Installing kernel driver
[2025-05-27 05:12:12.710] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:12:17.029] Kernel driver installation completed
[2025-05-27 05:12:17.029] Starting GP driver service
[2025-05-27 05:12:17.029] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:12:20.189] GP driver service started
[2025-05-27 05:12:20.189] Executing malware sample: D:\new\ransomware_high_confidence\dharma\00ce72bb6fb1d2c1d32aa4c4a147e1b9b390cf9d3ae8b5c0cab2718118db4430.exe
[2025-05-27 05:12:20.190] Malware execution started
[2025-05-27 05:12:20.190] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:13:20.198] Taking screenshot
[2025-05-27 05:13:20.260] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:13:37.493] Powering off VM done
[2025-05-27 05:13:40.493] Restoring snapshot 35
[2025-05-27 05:13:40.690] Restoring snapshot 35 done
[2025-05-27 05:13:40.690] Kernel telemetry analysis completed in 96.3 seconds.

[2025-05-27 05:13:40.691] ✅ Analysis completed successfully!
[2025-05-27 05:13:40.691] Progress: 33.6% (473/1408)
[2025-05-27 05:13:40.691] Successful: 473, Failed: 0
[2025-05-27 05:13:40.691] Time remaining: 33.7h
[2025-05-27 05:13:40.691] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:13:45.691] SAMPLE 474/1408
[2025-05-27 05:13:45.691] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:13:45.691] File: 038e577d25d5b9237fbbef6080f53f462b01e75f83449bf0020ef0b14f371ac6.exe
[2025-05-27 05:13:45.691] Path: D:\new\ransomware_high_confidence\dharma\038e577d25d5b9237fbbef6080f53f462b01e75f83449bf0020ef0b14f371ac6.exe
[2025-05-27 05:13:45.691] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\038e577d25d5b9237fbbef6080f53f462b01e75f83449bf0020ef0b14f371ac6.exe
[2025-05-27 05:13:45.691] Malware execution time: 60 seconds
[2025-05-27 05:13:45.691] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:13:47.057] Restoring snapshot 35 done
[2025-05-27 05:13:47.057] Starting up VM
[2025-05-27 05:13:52.907] Starting up VM done
[2025-05-27 05:13:52.907] Installing kernel driver
[2025-05-27 05:13:52.907] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:13:56.533] Kernel driver installation completed
[2025-05-27 05:13:56.533] Starting GP driver service
[2025-05-27 05:13:56.533] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:13:59.701] GP driver service started
[2025-05-27 05:13:59.701] Executing malware sample: D:\new\ransomware_high_confidence\dharma\038e577d25d5b9237fbbef6080f53f462b01e75f83449bf0020ef0b14f371ac6.exe
[2025-05-27 05:13:59.701] Malware execution started
[2025-05-27 05:13:59.701] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:14:59.710] Taking screenshot
[2025-05-27 05:14:59.774] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:16:03.652] Powering off VM done
[2025-05-27 05:16:06.653] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:16:08.007] Restoring snapshot 35 done
[2025-05-27 05:16:08.007] Kernel telemetry analysis completed in 142.3 seconds.

[2025-05-27 05:16:08.007] ✅ Analysis completed successfully!
[2025-05-27 05:16:08.007] Progress: 33.7% (474/1408)
[2025-05-27 05:16:08.007] Successful: 474, Failed: 0
[2025-05-27 05:16:08.007] Time remaining: 33.7h
[2025-05-27 05:16:08.007] Waiting 5 seconds before next sample...
[2025-05-27 05:16:13.007] SAMPLE 475/1408
[2025-05-27 05:16:13.007] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:16:13.007] File: 085105e613ad37808a8db9a3c2ba5561d5d38d5c5c43b469c93d15f0d64af0c1.exe
[2025-05-27 05:16:13.007] Path: D:\new\ransomware_high_confidence\dharma\085105e613ad37808a8db9a3c2ba5561d5d38d5c5c43b469c93d15f0d64af0c1.exe
[2025-05-27 05:16:13.007] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\085105e613ad37808a8db9a3c2ba5561d5d38d5c5c43b469c93d15f0d64af0c1.exe
[2025-05-27 05:16:13.007] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:16:14.932] Restoring snapshot 35 done
[2025-05-27 05:16:14.932] Starting up VM
[2025-05-27 05:16:21.031] Starting up VM done
[2025-05-27 05:16:21.031] Installing kernel driver
[2025-05-27 05:16:21.031] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:16:24.187] Kernel driver installation completed
[2025-05-27 05:16:24.187] Starting GP driver service
[2025-05-27 05:16:24.187] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:16:27.337] GP driver service started
[2025-05-27 05:16:27.337] Executing malware sample: D:\new\ransomware_high_confidence\dharma\085105e613ad37808a8db9a3c2ba5561d5d38d5c5c43b469c93d15f0d64af0c1.exe
[2025-05-27 05:16:27.337] Malware execution started
[2025-05-27 05:16:27.337] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:17:27.345] Taking screenshot
[2025-05-27 05:17:27.408] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:18:15.563] Powering off VM done
[2025-05-27 05:18:18.564] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:18:19.820] Restoring snapshot 35 done
[2025-05-27 05:18:19.821] Kernel telemetry analysis completed in 126.8 seconds.

[2025-05-27 05:18:19.821] ✅ Analysis completed successfully!
[2025-05-27 05:18:19.821] Progress: 33.7% (475/1408)
[2025-05-27 05:18:19.821] Successful: 475, Failed: 0
[2025-05-27 05:18:19.821] Time remaining: 33.7h
[2025-05-27 05:18:19.821] Waiting 5 seconds before next sample...
[2025-05-27 05:18:24.821] SAMPLE 476/1408
[2025-05-27 05:18:24.821] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:18:24.821] File: 0a40acb8ddbc2ed8f8b703681fadf9fcb2672fdb75d93c150b45c6465cc9b1b4.exe
[2025-05-27 05:18:24.821] Path: D:\new\ransomware_high_confidence\dharma\0a40acb8ddbc2ed8f8b703681fadf9fcb2672fdb75d93c150b45c6465cc9b1b4.exe
[2025-05-27 05:18:24.821] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\0a40acb8ddbc2ed8f8b703681fadf9fcb2672fdb75d93c150b45c6465cc9b1b4.exe
[2025-05-27 05:18:24.821] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:18:26.335] Restoring snapshot 35 done
[2025-05-27 05:18:26.335] Starting up VM
[2025-05-27 05:18:32.213] Starting up VM done
[2025-05-27 05:18:32.213] Installing kernel driver
[2025-05-27 05:18:32.213] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:18:36.502] Kernel driver installation completed
[2025-05-27 05:18:36.502] Starting GP driver service
[2025-05-27 05:18:36.502] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:18:39.661] GP driver service started
[2025-05-27 05:18:39.661] Executing malware sample: D:\new\ransomware_high_confidence\dharma\0a40acb8ddbc2ed8f8b703681fadf9fcb2672fdb75d93c150b45c6465cc9b1b4.exe
[2025-05-27 05:18:39.662] Malware execution started
[2025-05-27 05:18:39.662] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:19:39.670] Taking screenshot
[2025-05-27 05:19:39.732] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:20:08.294] Powering off VM done
[2025-05-27 05:20:11.294] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:20:12.513] Restoring snapshot 35 done
[2025-05-27 05:20:12.513] Kernel telemetry analysis completed in 107.7 seconds.

[2025-05-27 05:20:12.513] ✅ Analysis completed successfully!
[2025-05-27 05:20:12.513] Progress: 33.8% (476/1408)
[2025-05-27 05:20:12.513] Successful: 476, Failed: 0
[2025-05-27 05:20:12.513] Time remaining: 33.6h
[2025-05-27 05:20:12.513] Waiting 5 seconds before next sample...
[2025-05-27 05:20:17.513] SAMPLE 477/1408
[2025-05-27 05:20:17.513] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:20:17.513] File: 118d216a9a9a4fd19ac8e56cef76fe9529269a152857ad8e98386361a5fb8e0d.exe
[2025-05-27 05:20:17.513] Path: D:\new\ransomware_high_confidence\dharma\118d216a9a9a4fd19ac8e56cef76fe9529269a152857ad8e98386361a5fb8e0d.exe
[2025-05-27 05:20:17.513] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\118d216a9a9a4fd19ac8e56cef76fe9529269a152857ad8e98386361a5fb8e0d.exe
[2025-05-27 05:20:17.513] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:20:19.069] Restoring snapshot 35 done
[2025-05-27 05:20:19.069] Starting up VM
[2025-05-27 05:20:24.946] Starting up VM done
[2025-05-27 05:20:24.946] Installing kernel driver
[2025-05-27 05:20:24.946] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:20:29.298] Kernel driver installation completed
[2025-05-27 05:20:29.298] Starting GP driver service
[2025-05-27 05:20:29.298] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:20:32.448] GP driver service started
[2025-05-27 05:20:32.448] Executing malware sample: D:\new\ransomware_high_confidence\dharma\118d216a9a9a4fd19ac8e56cef76fe9529269a152857ad8e98386361a5fb8e0d.exe
[2025-05-27 05:20:32.449] Malware execution started
[2025-05-27 05:20:32.449] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:21:32.457] Taking screenshot
[2025-05-27 05:21:32.518] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:23:19.351] Powering off VM done
[2025-05-27 05:23:22.351] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:23:23.382] Restoring snapshot 35 done
[2025-05-27 05:23:23.382] Kernel telemetry analysis completed in 185.9 seconds.

[2025-05-27 05:23:23.382] ✅ Analysis completed successfully!
[2025-05-27 05:23:23.382] Progress: 33.9% (477/1408)
[2025-05-27 05:23:23.382] Successful: 477, Failed: 0
[2025-05-27 05:23:23.383] Time remaining: 33.6h
[2025-05-27 05:23:23.383] Waiting 5 seconds before next sample...
[2025-05-27 05:23:28.383] SAMPLE 478/1408
[2025-05-27 05:23:28.383] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:23:28.383] File: 17227020b2f5ca57f2d632d0d37de8d0ffcdef142e98a6af591e8180963cd3cc.exe
[2025-05-27 05:23:28.383] Path: D:\new\ransomware_high_confidence\dharma\17227020b2f5ca57f2d632d0d37de8d0ffcdef142e98a6af591e8180963cd3cc.exe
[2025-05-27 05:23:28.383] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\17227020b2f5ca57f2d632d0d37de8d0ffcdef142e98a6af591e8180963cd3cc.exe
[2025-05-27 05:23:28.383] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:23:29.940] Restoring snapshot 35 done
[2025-05-27 05:23:29.940] Starting up VM
[2025-05-27 05:23:36.795] Starting up VM done
[2025-05-27 05:23:36.795] Installing kernel driver
[2025-05-27 05:23:36.795] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:23:41.131] Kernel driver installation completed
[2025-05-27 05:23:41.131] Starting GP driver service
[2025-05-27 05:23:41.131] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:23:44.288] GP driver service started
[2025-05-27 05:23:44.288] Executing malware sample: D:\new\ransomware_high_confidence\dharma\17227020b2f5ca57f2d632d0d37de8d0ffcdef142e98a6af591e8180963cd3cc.exe
[2025-05-27 05:23:44.289] Malware execution started
[2025-05-27 05:23:44.289] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:24:44.297] Taking screenshot
[2025-05-27 05:24:44.359] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:25:23.382] Powering off VM done
[2025-05-27 05:25:26.383] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:25:27.719] Restoring snapshot 35 done
[2025-05-27 05:25:27.720] Kernel telemetry analysis completed in 119.3 seconds.

[2025-05-27 05:25:27.720] ✅ Analysis completed successfully!
[2025-05-27 05:25:27.720] Progress: 33.9% (478/1408)
[2025-05-27 05:25:27.720] Successful: 478, Failed: 0
[2025-05-27 05:25:27.720] Time remaining: 33.6h
[2025-05-27 05:25:27.720] Waiting 5 seconds before next sample...
[2025-05-27 05:25:32.720] SAMPLE 479/1408
[2025-05-27 05:25:32.720] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:25:32.720] File: 18c2ad1d4db2011971f1a67a82762cc48d3e6c4f2e5d27fbc719bff465f98933.exe
[2025-05-27 05:25:32.720] Path: D:\new\ransomware_high_confidence\dharma\18c2ad1d4db2011971f1a67a82762cc48d3e6c4f2e5d27fbc719bff465f98933.exe
[2025-05-27 05:25:32.720] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\18c2ad1d4db2011971f1a67a82762cc48d3e6c4f2e5d27fbc719bff465f98933.exe
[2025-05-27 05:25:32.720] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:25:34.263] Restoring snapshot 35 done
[2025-05-27 05:25:34.263] Starting up VM
[2025-05-27 05:25:40.607] Starting up VM done
[2025-05-27 05:25:40.608] Installing kernel driver
[2025-05-27 05:25:40.608] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:25:44.896] Kernel driver installation completed
[2025-05-27 05:25:44.896] Starting GP driver service
[2025-05-27 05:25:44.896] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:25:48.045] GP driver service started
[2025-05-27 05:25:48.045] Executing malware sample: D:\new\ransomware_high_confidence\dharma\18c2ad1d4db2011971f1a67a82762cc48d3e6c4f2e5d27fbc719bff465f98933.exe
[2025-05-27 05:25:48.046] Malware execution started
[2025-05-27 05:25:48.046] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:26:48.054] Taking screenshot
[2025-05-27 05:26:48.117] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:27:27.056] Powering off VM done
[2025-05-27 05:27:30.056] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:27:31.136] Restoring snapshot 35 done
[2025-05-27 05:27:31.136] Kernel telemetry analysis completed in 118.4 seconds.

[2025-05-27 05:27:31.136] ✅ Analysis completed successfully!
[2025-05-27 05:27:31.136] Progress: 34.0% (479/1408)
[2025-05-27 05:27:31.136] Successful: 479, Failed: 0
[2025-05-27 05:27:31.136] Time remaining: 33.6h
[2025-05-27 05:27:31.136] Waiting 5 seconds before next sample...
[2025-05-27 05:27:36.136] SAMPLE 480/1408
[2025-05-27 05:27:36.136] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:27:36.136] File: 246fbca7a62d38c5c15e47bddbb92c303e2470adaf514817b43c9f274cb47e7f.exe
[2025-05-27 05:27:36.136] Path: D:\new\ransomware_high_confidence\dharma\246fbca7a62d38c5c15e47bddbb92c303e2470adaf514817b43c9f274cb47e7f.exe
[2025-05-27 05:27:36.136] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\246fbca7a62d38c5c15e47bddbb92c303e2470adaf514817b43c9f274cb47e7f.exe
[2025-05-27 05:27:36.136] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:27:37.521] Restoring snapshot 35 done
[2025-05-27 05:27:37.521] Starting up VM
[2025-05-27 05:27:43.886] Starting up VM done
[2025-05-27 05:27:43.886] Installing kernel driver
[2025-05-27 05:27:43.886] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:27:49.418] Kernel driver installation completed
[2025-05-27 05:27:49.418] Starting GP driver service
[2025-05-27 05:27:49.418] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:27:52.574] GP driver service started
[2025-05-27 05:27:52.574] Executing malware sample: D:\new\ransomware_high_confidence\dharma\246fbca7a62d38c5c15e47bddbb92c303e2470adaf514817b43c9f274cb47e7f.exe
[2025-05-27 05:27:52.575] Malware execution started
[2025-05-27 05:27:52.575] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:28:52.582] Taking screenshot
[2025-05-27 05:28:52.644] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:29:44.755] Powering off VM done
[2025-05-27 05:29:47.755] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:29:49.080] Restoring snapshot 35 done
[2025-05-27 05:29:49.080] Kernel telemetry analysis completed in 132.9 seconds.

[2025-05-27 05:29:49.080] ✅ Analysis completed successfully!
[2025-05-27 05:29:49.080] Progress: 34.1% (480/1408)
[2025-05-27 05:29:49.080] Successful: 480, Failed: 0
[2025-05-27 05:29:49.080] Time remaining: 33.5h
[2025-05-27 05:29:49.080] Waiting 5 seconds before next sample...
[2025-05-27 05:29:54.081] SAMPLE 481/1408
[2025-05-27 05:29:54.081] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:29:54.081] File: 2c487a43ae6091d64f09bcfb1baa8b43fb502e9c9fc34f828cebfe251d9ad1f5.exe
[2025-05-27 05:29:54.081] Path: D:\new\ransomware_high_confidence\dharma\2c487a43ae6091d64f09bcfb1baa8b43fb502e9c9fc34f828cebfe251d9ad1f5.exe
[2025-05-27 05:29:54.081] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\2c487a43ae6091d64f09bcfb1baa8b43fb502e9c9fc34f828cebfe251d9ad1f5.exe
[2025-05-27 05:29:54.081] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:29:55.636] Restoring snapshot 35 done
[2025-05-27 05:29:55.636] Starting up VM
[2025-05-27 05:30:01.561] Starting up VM done
[2025-05-27 05:30:01.561] Installing kernel driver
[2025-05-27 05:30:01.561] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:30:05.893] Kernel driver installation completed
[2025-05-27 05:30:05.893] Starting GP driver service
[2025-05-27 05:30:05.893] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:30:09.048] GP driver service started
[2025-05-27 05:30:09.049] Executing malware sample: D:\new\ransomware_high_confidence\dharma\2c487a43ae6091d64f09bcfb1baa8b43fb502e9c9fc34f828cebfe251d9ad1f5.exe
[2025-05-27 05:30:09.049] Malware execution started
[2025-05-27 05:30:09.049] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:31:09.057] Taking screenshot
[2025-05-27 05:31:09.120] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:31:28.962] Powering off VM done
[2025-05-27 05:31:31.962] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:31:33.186] Restoring snapshot 35 done
[2025-05-27 05:31:33.186] Kernel telemetry analysis completed in 99.1 seconds.

[2025-05-27 05:31:33.186] ✅ Analysis completed successfully!
[2025-05-27 05:31:33.186] Progress: 34.2% (481/1408)
[2025-05-27 05:31:33.186] Successful: 481, Failed: 0
[2025-05-27 05:31:33.186] Time remaining: 33.5h
[2025-05-27 05:31:33.187] Waiting 5 seconds before next sample...
[2025-05-27 05:31:38.187] SAMPLE 482/1408
[2025-05-27 05:31:38.187] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:31:38.187] File: 2d0eb35f04745646d8c6eb3d1ab1c3e8bc8c30f1a9dc0ad89ea260e898ed9d4e.exe
[2025-05-27 05:31:38.187] Path: D:\new\ransomware_high_confidence\dharma\2d0eb35f04745646d8c6eb3d1ab1c3e8bc8c30f1a9dc0ad89ea260e898ed9d4e.exe
[2025-05-27 05:31:38.187] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\2d0eb35f04745646d8c6eb3d1ab1c3e8bc8c30f1a9dc0ad89ea260e898ed9d4e.exe
[2025-05-27 05:31:38.187] Malware execution time: 6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:31:39.738] Restoring snapshot 35 done
[2025-05-27 05:31:39.738] Starting up VM
[2025-05-27 05:31:45.674] Starting up VM done
[2025-05-27 05:31:45.674] Installing kernel driver
[2025-05-27 05:31:45.674] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:31:49.945] Kernel driver installation completed
[2025-05-27 05:31:49.945] Starting GP driver service
[2025-05-27 05:31:49.945] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:31:53.098] GP driver service started
[2025-05-27 05:31:53.098] Executing malware sample: D:\new\ransomware_high_confidence\dharma\2d0eb35f04745646d8c6eb3d1ab1c3e8bc8c30f1a9dc0ad89ea260e898ed9d4e.exe
[2025-05-27 05:31:53.098] Malware execution started
[2025-05-27 05:31:53.098] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:32:53.106] Taking screenshot
[2025-05-27 05:32:53.167] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:33:41.850] Powering off VM done
[2025-05-27 05:33:44.850] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:33:46.054] Restoring snapshot 35 done
[2025-05-27 05:33:46.054] Kernel telemetry analysis completed in 127.9 seconds.

[2025-05-27 05:33:46.054] ✅ Analysis completed successfully!
[2025-05-27 05:33:46.054] Progress: 34.2% (482/1408)
[2025-05-27 05:33:46.054] Successful: 482, Failed: 0
[2025-05-27 05:33:46.054] Time remaining: 33.4h
[2025-05-27 05:33:46.054] Waiting 5 seconds before next sample...
[2025-05-27 05:33:51.055] SAMPLE 483/1408
[2025-05-27 05:33:51.055] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:33:51.055] File: 2dd2c201103ac3a5bf77ae7b30d0032ed215f59f883543c816e516ab454383fb.exe
[2025-05-27 05:33:51.055] Path: D:\new\ransomware_high_confidence\dharma\2dd2c201103ac3a5bf77ae7b30d0032ed215f59f883543c816e516ab454383fb.exe
[2025-05-27 05:33:51.055] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\2dd2c201103ac3a5bf77ae7b30d0032ed215f59f883543c816e516ab454383fb.exe
[2025-05-27 05:33:51.055] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:33:52.660] Restoring snapshot 35 done
[2025-05-27 05:33:52.661] Starting up VM
[2025-05-27 05:33:58.723] Starting up VM done
[2025-05-27 05:33:58.723] Installing kernel driver
[2025-05-27 05:33:58.723] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:34:02.521] Kernel driver installation completed
[2025-05-27 05:34:02.522] Starting GP driver service
[2025-05-27 05:34:02.522] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:34:05.674] GP driver service started
[2025-05-27 05:34:05.674] Executing malware sample: D:\new\ransomware_high_confidence\dharma\2dd2c201103ac3a5bf77ae7b30d0032ed215f59f883543c816e516ab454383fb.exe
[2025-05-27 05:34:05.675] Malware execution started
[2025-05-27 05:34:05.675] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:35:05.683] Taking screenshot
[2025-05-27 05:35:05.748] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:36:04.736] Powering off VM done
[2025-05-27 05:36:07.737] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:36:09.078] Restoring snapshot 35 done
[2025-05-27 05:36:09.078] Kernel telemetry analysis completed in 138.0 seconds.

[2025-05-27 05:36:09.078] ✅ Analysis completed successfully!
[2025-05-27 05:36:09.078] Progress: 34.3% (483/1408)
[2025-05-27 05:36:09.078] Successful: 483, Failed: 0
[2025-05-27 05:36:09.078] Time remaining: 33.4h
[2025-05-27 05:36:09.078] Waiting 5 seconds before next sample...
[2025-05-27 05:36:14.078] SAMPLE 484/1408
[2025-05-27 05:36:14.078] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:36:14.078] File: 307077d1a3fd2b53b94d88268e31b0b89b8c0c2ee9dbb46041d3e2395243f1b3.exe
[2025-05-27 05:36:14.078] Path: D:\new\ransomware_high_confidence\dharma\307077d1a3fd2b53b94d88268e31b0b89b8c0c2ee9dbb46041d3e2395243f1b3.exe
[2025-05-27 05:36:14.078] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\307077d1a3fd2b53b94d88268e31b0b89b8c0c2ee9dbb46041d3e2395243f1b3.exe
[2025-05-27 05:36:14.078] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:36:15.620] Restoring snapshot 35 done
[2025-05-27 05:36:15.620] Starting up VM
[2025-05-27 05:36:22.041] Starting up VM done
[2025-05-27 05:36:22.041] Installing kernel driver
[2025-05-27 05:36:22.041] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:36:26.271] Kernel driver installation completed
[2025-05-27 05:36:26.271] Starting GP driver service
[2025-05-27 05:36:26.271] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:36:29.427] GP driver service started
[2025-05-27 05:36:29.427] Executing malware sample: D:\new\ransomware_high_confidence\dharma\307077d1a3fd2b53b94d88268e31b0b89b8c0c2ee9dbb46041d3e2395243f1b3.exe
[2025-05-27 05:36:29.428] Malware execution started
[2025-05-27 05:36:29.428] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:37:29.436] Taking screenshot
[2025-05-27 05:37:29.496] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:38:52.782] Powering off VM done
[2025-05-27 05:38:55.783] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:38:56.995] Restoring snapshot 35 done
[2025-05-27 05:38:56.995] Kernel telemetry analysis completed in 162.9 seconds.

[2025-05-27 05:38:56.995] ✅ Analysis completed successfully!
[2025-05-27 05:38:56.995] Progress: 34.4% (484/1408)
[2025-05-27 05:38:56.995] Successful: 484, Failed: 0
[2025-05-27 05:38:56.995] Time remaining: 33.4h
[2025-05-27 05:38:56.995] Waiting 5 seconds before next sample...
[2025-05-27 05:39:01.995] SAMPLE 485/1408
[2025-05-27 05:39:01.995] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:39:01.995] File: 324cb383fd7f47c079b162b725215bb4badfd4c0b2e41d330fa38344e59e77ce.exe
[2025-05-27 05:39:01.995] Path: D:\new\ransomware_high_confidence\dharma\324cb383fd7f47c079b162b725215bb4badfd4c0b2e41d330fa38344e59e77ce.exe
[2025-05-27 05:39:01.996] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\324cb383fd7f47c079b162b725215bb4badfd4c0b2e41d330fa38344e59e77ce.exe
[2025-05-27 05:39:01.996] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:39:03.514] Restoring snapshot 35 done
[2025-05-27 05:39:03.514] Starting up VM
[2025-05-27 05:39:09.493] Starting up VM done
[2025-05-27 05:39:09.493] Installing kernel driver
[2025-05-27 05:39:09.493] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:39:13.258] Kernel driver installation completed
[2025-05-27 05:39:13.258] Starting GP driver service
[2025-05-27 05:39:13.258] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:39:16.409] GP driver service started
[2025-05-27 05:39:16.409] Executing malware sample: D:\new\ransomware_high_confidence\dharma\324cb383fd7f47c079b162b725215bb4badfd4c0b2e41d330fa38344e59e77ce.exe
[2025-05-27 05:39:16.409] Malware execution started
[2025-05-27 05:39:16.409] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:40:16.417] Taking screenshot
[2025-05-27 05:40:16.481] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:40:59.910] Powering off VM done
[2025-05-27 05:41:02.910] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:41:04.545] Restoring snapshot 35 done
[2025-05-27 05:41:04.545] Kernel telemetry analysis completed in 122.5 seconds.

[2025-05-27 05:41:04.545] ✅ Analysis completed successfully!
[2025-05-27 05:41:04.545] Progress: 34.4% (485/1408)
[2025-05-27 05:41:04.545] Successful: 485, Failed: 0
[2025-05-27 05:41:04.545] Time remaining: 33.4h
[2025-05-27 05:41:04.545] Waiting 5 seconds before next sample...
[2025-05-27 05:41:09.545] SAMPLE 486/1408
[2025-05-27 05:41:09.545] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:41:09.545] File: 32eadf068d9d090fcf57145a09df4ce515c196387e409a01fbf052ff790879bf.exe
[2025-05-27 05:41:09.545] Path: D:\new\ransomware_high_confidence\dharma\32eadf068d9d090fcf57145a09df4ce515c196387e409a01fbf052ff790879bf.exe
[2025-05-27 05:41:09.545] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\32eadf068d9d090fcf57145a09df4ce515c196387e409a01fbf052ff790879bf.exe
[2025-05-27 05:41:09.545] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:41:09.778] Restoring snapshot 35 done
[2025-05-27 05:41:09.778] Starting up VM
[2025-05-27 05:41:15.891] Starting up VM done
[2025-05-27 05:41:15.891] Installing kernel driver
[2025-05-27 05:41:15.891] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:41:20.105] Kernel driver installation completed
[2025-05-27 05:41:20.105] Starting GP driver service
[2025-05-27 05:41:20.105] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:41:23.266] GP driver service started
[2025-05-27 05:41:23.266] Executing malware sample: D:\new\ransomware_high_confidence\dharma\32eadf068d9d090fcf57145a09df4ce515c196387e409a01fbf052ff790879bf.exe
[2025-05-27 05:41:23.267] Malware execution started
[2025-05-27 05:41:23.267] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:42:23.275] Taking screenshot
[2025-05-27 05:42:23.336] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:43:23.379] Powering off VM done
[2025-05-27 05:43:26.380] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:43:27.699] Restoring snapshot 35 done
[2025-05-27 05:43:27.699] Kernel telemetry analysis completed in 138.2 seconds.

[2025-05-27 05:43:27.699] ✅ Analysis completed successfully!
[2025-05-27 05:43:27.699] Progress: 34.5% (486/1408)
[2025-05-27 05:43:27.699] Successful: 486, Failed: 0
[2025-05-27 05:43:27.699] Time remaining: 33.3h
[2025-05-27 05:43:27.699] Waiting 5 seconds before next sample...
[2025-05-27 05:43:32.699] SAMPLE 487/1408
[2025-05-27 05:43:32.700] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:43:32.700] File: 34c485ad11076ede709ff409c0e1867dc50fd40311ae6e7318ddf50679fa4049.exe
[2025-05-27 05:43:32.700] Path: D:\new\ransomware_high_confidence\dharma\34c485ad11076ede709ff409c0e1867dc50fd40311ae6e7318ddf50679fa4049.exe
[2025-05-27 05:43:32.700] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\34c485ad11076ede709ff409c0e1867dc50fd40311ae6e7318ddf50679fa4049.exe
[2025-05-27 05:43:32.700] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:43:34.231] Restoring snapshot 35 done
[2025-05-27 05:43:34.231] Starting up VM
[2025-05-27 05:43:40.361] Starting up VM done
[2025-05-27 05:43:40.361] Installing kernel driver
[2025-05-27 05:43:40.361] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:43:44.659] Kernel driver installation completed
[2025-05-27 05:43:44.659] Starting GP driver service
[2025-05-27 05:43:44.659] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:43:47.812] GP driver service started
[2025-05-27 05:43:47.813] Executing malware sample: D:\new\ransomware_high_confidence\dharma\34c485ad11076ede709ff409c0e1867dc50fd40311ae6e7318ddf50679fa4049.exe
[2025-05-27 05:43:47.813] Malware execution started
[2025-05-27 05:43:47.813] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:44:47.821] Taking screenshot
[2025-05-27 05:44:47.884] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:45:15.887] Powering off VM done
[2025-05-27 05:45:18.887] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:45:19.979] Restoring snapshot 35 done
[2025-05-27 05:45:19.979] Kernel telemetry analysis completed in 107.3 seconds.

[2025-05-27 05:45:19.979] ✅ Analysis completed successfully!
[2025-05-27 05:45:19.979] Progress: 34.6% (487/1408)
[2025-05-27 05:45:19.979] Successful: 487, Failed: 0
[2025-05-27 05:45:19.979] Time remaining: 33.3h
[2025-05-27 05:45:19.979] Waiting 5 seconds before next sample...
[2025-05-27 05:45:24.979] SAMPLE 488/1408
[2025-05-27 05:45:24.979] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:45:24.979] File: 3e7f30a802c595379ad3158ffe4ba5bc9e4a4d304430a2d846330adee70dc9a5.exe
[2025-05-27 05:45:24.979] Path: D:\new\ransomware_high_confidence\dharma\3e7f30a802c595379ad3158ffe4ba5bc9e4a4d304430a2d846330adee70dc9a5.exe
[2025-05-27 05:45:24.979] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\3e7f30a802c595379ad3158ffe4ba5bc9e4a4d304430a2d846330adee70dc9a5.exe
[2025-05-27 05:45:24.979] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:45:26.479] Restoring snapshot 35 done
[2025-05-27 05:45:26.479] Starting up VM
[2025-05-27 05:45:32.943] Starting up VM done
[2025-05-27 05:45:32.943] Installing kernel driver
[2025-05-27 05:45:32.943] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:45:37.219] Kernel driver installation completed
[2025-05-27 05:45:37.219] Starting GP driver service
[2025-05-27 05:45:37.219] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:45:40.391] GP driver service started
[2025-05-27 05:45:40.391] Executing malware sample: D:\new\ransomware_high_confidence\dharma\3e7f30a802c595379ad3158ffe4ba5bc9e4a4d304430a2d846330adee70dc9a5.exe
[2025-05-27 05:45:40.391] Malware execution started
[2025-05-27 05:45:40.391] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:46:40.399] Taking screenshot
[2025-05-27 05:46:40.462] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:48:01.582] Powering off VM done
[2025-05-27 05:48:04.582] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:48:05.933] Restoring snapshot 35 done
[2025-05-27 05:48:05.933] Kernel telemetry analysis completed in 161.0 seconds.

[2025-05-27 05:48:05.933] ✅ Analysis completed successfully!
[2025-05-27 05:48:05.933] Progress: 34.7% (488/1408)
[2025-05-27 05:48:05.933] Successful: 488, Failed: 0
[2025-05-27 05:48:05.933] Time remaining: 33.3h
[2025-05-27 05:48:05.933] Waiting 5 seconds before next sample...
[2025-05-27 05:48:10.934] SAMPLE 489/1408
[2025-05-27 05:48:10.934] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:48:10.934] File: 40a837f93edb2531fe35733d725efb490c7b5199d031a6e087b5041aed6eea05.exe
[2025-05-27 05:48:10.934] Path: D:\new\ransomware_high_confidence\dharma\40a837f93edb2531fe35733d725efb490c7b5199d031a6e087b5041aed6eea05.exe
[2025-05-27 05:48:10.934] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\40a837f93edb2531fe35733d725efb490c7b5199d031a6e087b5041aed6eea05.exe
[2025-05-27 05:48:10.934] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:48:12.475] Restoring snapshot 35 done
[2025-05-27 05:48:12.475] Starting up VM
[2025-05-27 05:48:18.756] Starting up VM done
[2025-05-27 05:48:18.756] Installing kernel driver
[2025-05-27 05:48:18.756] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:48:22.485] Kernel driver installation completed
[2025-05-27 05:48:22.485] Starting GP driver service
[2025-05-27 05:48:22.485] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:48:25.641] GP driver service started
[2025-05-27 05:48:25.641] Executing malware sample: D:\new\ransomware_high_confidence\dharma\40a837f93edb2531fe35733d725efb490c7b5199d031a6e087b5041aed6eea05.exe
[2025-05-27 05:48:25.642] Malware execution started
[2025-05-27 05:48:25.642] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:49:25.650] Taking screenshot
[2025-05-27 05:49:25.713] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:50:12.091] Powering off VM done
[2025-05-27 05:50:15.092] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:50:16.759] Restoring snapshot 35 done
[2025-05-27 05:50:16.759] Kernel telemetry analysis completed in 125.8 seconds.

[2025-05-27 05:50:16.759] ✅ Analysis completed successfully!
[2025-05-27 05:50:16.759] Progress: 34.7% (489/1408)
[2025-05-27 05:50:16.759] Successful: 489, Failed: 0
[2025-05-27 05:50:16.759] Time remaining: 33.2h
[2025-05-27 05:50:16.759] Waiting 5 seconds before next sample...
[2025-05-27 05:50:21.759] SAMPLE 490/1408
[2025-05-27 05:50:21.759] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:50:21.759] File: 438af5e212ca33f9e04431dfac555945a3f0926865930f96230adb07dec0a2be.exe
[2025-05-27 05:50:21.759] Path: D:\new\ransomware_high_confidence\dharma\438af5e212ca33f9e04431dfac555945a3f0926865930f96230adb07dec0a2be.exe
[2025-05-27 05:50:21.759] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\438af5e212ca33f9e04431dfac555945a3f0926865930f96230adb07dec0a2be.exe
[2025-05-27 05:50:21.759] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:50:25.042] Restoring snapshot 35 done
[2025-05-27 05:50:25.042] Starting up VM
[2025-05-27 05:50:31.488] Starting up VM done
[2025-05-27 05:50:31.488] Installing kernel driver
[2025-05-27 05:50:31.488] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:50:35.249] Kernel driver installation completed
[2025-05-27 05:50:35.249] Starting GP driver service
[2025-05-27 05:50:35.249] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:50:38.411] GP driver service started
[2025-05-27 05:50:38.411] Executing malware sample: D:\new\ransomware_high_confidence\dharma\438af5e212ca33f9e04431dfac555945a3f0926865930f96230adb07dec0a2be.exe
[2025-05-27 05:50:38.411] Malware execution started
[2025-05-27 05:50:38.411] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:51:38.419] Taking screenshot
[2025-05-27 05:51:38.481] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:52:27.599] Powering off VM done
[2025-05-27 05:52:30.600] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:52:32.298] Restoring snapshot 35 done
[2025-05-27 05:52:32.298] Kernel telemetry analysis completed in 130.5 seconds.

[2025-05-27 05:52:32.298] ✅ Analysis completed successfully!
[2025-05-27 05:52:32.298] Progress: 34.8% (490/1408)
[2025-05-27 05:52:32.298] Successful: 490, Failed: 0
[2025-05-27 05:52:32.298] Time remaining: 33.2h
[2025-05-27 05:52:32.299] Waiting 5 seconds before next sample...
[2025-05-27 05:52:37.299] SAMPLE 491/1408
[2025-05-27 05:52:37.299] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:52:37.299] File: 4708750c9a6fdeaec5f499a3cd26bb5f61db4f82e66484dc7b44118effbb246f.exe
[2025-05-27 05:52:37.299] Path: D:\new\ransomware_high_confidence\dharma\4708750c9a6fdeaec5f499a3cd26bb5f61db4f82e66484dc7b44118effbb246f.exe
[2025-05-27 05:52:37.299] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\4708750c9a6fdeaec5f499a3cd26bb5f61db4f82e66484dc7b44118effbb246f.exe
[2025-05-27 05:52:37.299] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:52:38.846] Restoring snapshot 35 done
[2025-05-27 05:52:38.846] Starting up VM
[2025-05-27 05:52:44.882] Starting up VM done
[2025-05-27 05:52:44.883] Installing kernel driver
[2025-05-27 05:52:44.883] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:52:49.107] Kernel driver installation completed
[2025-05-27 05:52:49.107] Starting GP driver service
[2025-05-27 05:52:49.107] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:52:52.268] GP driver service started
[2025-05-27 05:52:52.268] Executing malware sample: D:\new\ransomware_high_confidence\dharma\4708750c9a6fdeaec5f499a3cd26bb5f61db4f82e66484dc7b44118effbb246f.exe
[2025-05-27 05:52:52.269] Malware execution started
[2025-05-27 05:52:52.269] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:53:52.277] Taking screenshot
[2025-05-27 05:53:52.339] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:55:41.752] Powering off VM done
[2025-05-27 05:55:44.753] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:55:45.978] Restoring snapshot 35 done
[2025-05-27 05:55:45.978] Kernel telemetry analysis completed in 188.7 seconds.

[2025-05-27 05:55:45.978] ✅ Analysis completed successfully!
[2025-05-27 05:55:45.978] Progress: 34.9% (491/1408)
[2025-05-27 05:55:45.978] Successful: 491, Failed: 0
[2025-05-27 05:55:45.978] Time remaining: 33.2h
[2025-05-27 05:55:45.978] Waiting 5 seconds before next sample...
[2025-05-27 05:55:50.978] SAMPLE 492/1408
[2025-05-27 05:55:50.978] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:55:50.978] File: 4992506df46c0b80f4619f3cb7478346561260366422c085f18356194b6cc3e3.exe
[2025-05-27 05:55:50.978] Path: D:\new\ransomware_high_confidence\dharma\4992506df46c0b80f4619f3cb7478346561260366422c085f18356194b6cc3e3.exe
[2025-05-27 05:55:50.978] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\4992506df46c0b80f4619f3cb7478346561260366422c085f18356194b6cc3e3.exe
[2025-05-27 05:55:50.978] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:55:52.530] Restoring snapshot 35 done
[2025-05-27 05:55:52.530] Starting up VM
[2025-05-27 05:55:58.868] Starting up VM done
[2025-05-27 05:55:58.868] Installing kernel driver
[2025-05-27 05:55:58.868] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:56:02.587] Kernel driver installation completed
[2025-05-27 05:56:02.587] Starting GP driver service
[2025-05-27 05:56:02.587] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:56:05.735] GP driver service started
[2025-05-27 05:56:05.735] Executing malware sample: D:\new\ransomware_high_confidence\dharma\4992506df46c0b80f4619f3cb7478346561260366422c085f18356194b6cc3e3.exe
[2025-05-27 05:56:05.736] Malware execution started
[2025-05-27 05:56:05.736] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:57:05.744] Taking screenshot
[2025-05-27 05:57:05.807] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:58:26.620] Powering off VM done
[2025-05-27 05:58:29.620] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:58:30.647] Restoring snapshot 35 done
[2025-05-27 05:58:30.647] Kernel telemetry analysis completed in 159.7 seconds.

[2025-05-27 05:58:30.647] ✅ Analysis completed successfully!
[2025-05-27 05:58:30.647] Progress: 34.9% (492/1408)
[2025-05-27 05:58:30.647] Successful: 492, Failed: 0
[2025-05-27 05:58:30.647] Time remaining: 33.2h
[2025-05-27 05:58:30.647] Waiting 5 seconds before next sample...
[2025-05-27 05:58:35.648] SAMPLE 493/1408
[2025-05-27 05:58:35.648] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 05:58:35.648] File: 4b6de6cf9a91af3abf522643cb138747725ec1ae47d1defd66488e246a1fec8d.exe
[2025-05-27 05:58:35.648] Path: D:\new\ransomware_high_confidence\dharma\4b6de6cf9a91af3abf522643cb138747725ec1ae47d1defd66488e246a1fec8d.exe
[2025-05-27 05:58:35.648] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\4b6de6cf9a91af3abf522643cb138747725ec1ae47d1defd66488e246a1fec8d.exe
[2025-05-27 05:58:35.648] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 05:58:39.266] Restoring snapshot 35 done
[2025-05-27 05:58:39.266] Starting up VM
[2025-05-27 05:58:45.085] Starting up VM done
[2025-05-27 05:58:45.085] Installing kernel driver
[2025-05-27 05:58:45.085] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 05:58:48.831] Kernel driver installation completed
[2025-05-27 05:58:48.831] Starting GP driver service
[2025-05-27 05:58:48.831] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 05:58:51.985] GP driver service started
[2025-05-27 05:58:51.985] Executing malware sample: D:\new\ransomware_high_confidence\dharma\4b6de6cf9a91af3abf522643cb138747725ec1ae47d1defd66488e246a1fec8d.exe
[2025-05-27 05:58:51.985] Malware execution started
[2025-05-27 05:58:51.985] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 05:59:51.993] Taking screenshot
[2025-05-27 05:59:52.058] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:00:54.933] Powering off VM done
[2025-05-27 06:00:57.933] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:00:59.170] Restoring snapshot 35 done
[2025-05-27 06:00:59.170] Kernel telemetry analysis completed in 143.5 seconds.

[2025-05-27 06:00:59.170] ✅ Analysis completed successfully!
[2025-05-27 06:00:59.170] Progress: 35.0% (493/1408)
[2025-05-27 06:00:59.170] Successful: 493, Failed: 0
[2025-05-27 06:00:59.170] Time remaining: 33.1h
[2025-05-27 06:00:59.170] Waiting 5 seconds before next sample...
[2025-05-27 06:01:04.171] SAMPLE 494/1408
[2025-05-27 06:01:04.171] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:01:04.171] File: 4d8ffa30554984f32eabbcb7a99699dd833ea85a8483db8753cc40bde7cee923.exe
[2025-05-27 06:01:04.171] Path: D:\new\ransomware_high_confidence\dharma\4d8ffa30554984f32eabbcb7a99699dd833ea85a8483db8753cc40bde7cee923.exe
[2025-05-27 06:01:04.171] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\4d8ffa30554984f32eabbcb7a99699dd833ea85a8483db8753cc40bde7cee923.exe
[2025-05-27 06:01:04.171] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:01:06.003] Restoring snapshot 35 done
[2025-05-27 06:01:06.004] Starting up VM
[2025-05-27 06:01:12.113] Starting up VM done
[2025-05-27 06:01:12.113] Installing kernel driver
[2025-05-27 06:01:12.113] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:01:16.510] Kernel driver installation completed
[2025-05-27 06:01:16.510] Starting GP driver service
[2025-05-27 06:01:16.510] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:01:19.660] GP driver service started
[2025-05-27 06:01:19.660] Executing malware sample: D:\new\ransomware_high_confidence\dharma\4d8ffa30554984f32eabbcb7a99699dd833ea85a8483db8753cc40bde7cee923.exe
[2025-05-27 06:01:19.661] Malware execution started
[2025-05-27 06:01:19.661] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:02:19.669] Taking screenshot
[2025-05-27 06:02:19.732] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:03:00.275] Powering off VM done
[2025-05-27 06:03:03.275] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:03:04.595] Restoring snapshot 35 done
[2025-05-27 06:03:04.595] Kernel telemetry analysis completed in 120.4 seconds.

[2025-05-27 06:03:04.595] ✅ Analysis completed successfully!
[2025-05-27 06:03:04.595] Progress: 35.1% (494/1408)
[2025-05-27 06:03:04.595] Successful: 494, Failed: 0
[2025-05-27 06:03:04.595] Time remaining: 33.1h
[2025-05-27 06:03:04.595] Waiting 5 seconds before next sample...
[2025-05-27 06:03:09.596] SAMPLE 495/1408
[2025-05-27 06:03:09.596] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:03:09.596] File: 53cee5760768d57218ccc210948592f29d41b98cba17a81a87d0392e1eeffaf6.exe
[2025-05-27 06:03:09.596] Path: D:\new\ransomware_high_confidence\dharma\53cee5760768d57218ccc210948592f29d41b98cba17a81a87d0392e1eeffaf6.exe
[2025-05-27 06:03:09.596] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\53cee5760768d57218ccc210948592f29d41b98cba17a81a87d0392e1eeffaf6.exe
[2025-05-27 06:03:09.596] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:03:11.135] Restoring snapshot 35 done
[2025-05-27 06:03:11.135] Starting up VM
[2025-05-27 06:03:17.092] Starting up VM done
[2025-05-27 06:03:17.092] Installing kernel driver
[2025-05-27 06:03:17.092] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:03:20.888] Kernel driver installation completed
[2025-05-27 06:03:20.888] Starting GP driver service
[2025-05-27 06:03:20.888] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:03:24.044] GP driver service started
[2025-05-27 06:03:24.044] Executing malware sample: D:\new\ransomware_high_confidence\dharma\53cee5760768d57218ccc210948592f29d41b98cba17a81a87d0392e1eeffaf6.exe
[2025-05-27 06:03:24.045] Malware execution started
[2025-05-27 06:03:24.045] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:04:24.053] Taking screenshot
[2025-05-27 06:04:24.117] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:05:23.069] Powering off VM done
[2025-05-27 06:05:26.069] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:05:27.301] Restoring snapshot 35 done
[2025-05-27 06:05:27.301] Kernel telemetry analysis completed in 137.7 seconds.

[2025-05-27 06:05:27.301] ✅ Analysis completed successfully!
[2025-05-27 06:05:27.301] Progress: 35.2% (495/1408)
[2025-05-27 06:05:27.301] Successful: 495, Failed: 0
[2025-05-27 06:05:27.301] Time remaining: 33.1h
[2025-05-27 06:05:27.301] Waiting 5 seconds before next sample...
[2025-05-27 06:05:32.301] SAMPLE 496/1408
[2025-05-27 06:05:32.301] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:05:32.301] File: 553532c3bc00e3b85bcbac054bc4f05cb4fffba6f44a17c663dd37732ce1772d.exe
[2025-05-27 06:05:32.301] Path: D:\new\ransomware_high_confidence\dharma\553532c3bc00e3b85bcbac054bc4f05cb4fffba6f44a17c663dd37732ce1772d.exe
[2025-05-27 06:05:32.301] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\553532c3bc00e3b85bcbac054bc4f05cb4fffba6f44a17c663dd37732ce1772d.exe
[2025-05-27 06:05:32.301] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:05:33.845] Restoring snapshot 35 done
[2025-05-27 06:05:33.845] Starting up VM
[2025-05-27 06:05:40.315] Starting up VM done
[2025-05-27 06:05:40.315] Installing kernel driver
[2025-05-27 06:05:40.315] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:05:44.620] Kernel driver installation completed
[2025-05-27 06:05:44.621] Starting GP driver service
[2025-05-27 06:05:44.621] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:05:47.772] GP driver service started
[2025-05-27 06:05:47.772] Executing malware sample: D:\new\ransomware_high_confidence\dharma\553532c3bc00e3b85bcbac054bc4f05cb4fffba6f44a17c663dd37732ce1772d.exe
[2025-05-27 06:05:47.773] Malware execution started
[2025-05-27 06:05:47.773] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:06:47.781] Taking screenshot
[2025-05-27 06:06:47.844] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:07:58.297] Powering off VM done
[2025-05-27 06:08:01.297] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:08:02.713] Restoring snapshot 35 done
[2025-05-27 06:08:02.713] Kernel telemetry analysis completed in 150.4 seconds.

[2025-05-27 06:08:02.713] ✅ Analysis completed successfully!
[2025-05-27 06:08:02.713] Progress: 35.2% (496/1408)
[2025-05-27 06:08:02.713] Successful: 496, Failed: 0
[2025-05-27 06:08:02.713] Time remaining: 33.1h
[2025-05-27 06:08:02.713] Waiting 5 seconds before next sample...
[2025-05-27 06:08:07.713] SAMPLE 497/1408
[2025-05-27 06:08:07.713] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:08:07.713] File: 553f674770840d592fd718f1cb8eed6d4210c7ce73944fb2d200e8588584fccb.exe
[2025-05-27 06:08:07.713] Path: D:\new\ransomware_high_confidence\dharma\553f674770840d592fd718f1cb8eed6d4210c7ce73944fb2d200e8588584fccb.exe
[2025-05-27 06:08:07.713] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\553f674770840d592fd718f1cb8eed6d4210c7ce73944fb2d200e8588584fccb.exe
[2025-05-27 06:08:07.713] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:08:09.306] Restoring snapshot 35 done
[2025-05-27 06:08:09.306] Starting up VM
[2025-05-27 06:08:15.243] Starting up VM done
[2025-05-27 06:08:15.244] Installing kernel driver
[2025-05-27 06:08:15.244] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:08:19.019] Kernel driver installation completed
[2025-05-27 06:08:19.019] Starting GP driver service
[2025-05-27 06:08:19.019] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:08:22.172] GP driver service started
[2025-05-27 06:08:22.172] Executing malware sample: D:\new\ransomware_high_confidence\dharma\553f674770840d592fd718f1cb8eed6d4210c7ce73944fb2d200e8588584fccb.exe
[2025-05-27 06:08:22.173] Malware execution started
[2025-05-27 06:08:22.173] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:09:22.181] Taking screenshot
[2025-05-27 06:09:22.244] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:10:24.084] Powering off VM done
[2025-05-27 06:10:27.085] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:10:28.315] Restoring snapshot 35 done
[2025-05-27 06:10:28.315] Kernel telemetry analysis completed in 140.6 seconds.

[2025-05-27 06:10:28.315] ✅ Analysis completed successfully!
[2025-05-27 06:10:28.315] Progress: 35.3% (497/1408)
[2025-05-27 06:10:28.315] Successful: 497, Failed: 0
[2025-05-27 06:10:28.315] Time remaining: 33.0h
[2025-05-27 06:10:28.315] Waiting 5 seconds before next sample...
[2025-05-27 06:10:33.315] SAMPLE 498/1408
[2025-05-27 06:10:33.315] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:10:33.315] File: 55f111fa13c58f4e6eb6f9828621a463944b7de26fa09cff5a38c31f457def7d.exe
[2025-05-27 06:10:33.315] Path: D:\new\ransomware_high_confidence\dharma\55f111fa13c58f4e6eb6f9828621a463944b7de26fa09cff5a38c31f457def7d.exe
[2025-05-27 06:10:33.316] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\55f111fa13c58f4e6eb6f9828621a463944b7de26fa09cff5a38c31f457def7d.exe
[2025-05-27 06:10:33.316] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:10:35.246] Restoring snapshot 35 done
[2025-05-27 06:10:35.247] Starting up VM
[2025-05-27 06:10:41.867] Starting up VM done
[2025-05-27 06:10:41.867] Installing kernel driver
[2025-05-27 06:10:41.867] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:10:46.003] Kernel driver installation completed
[2025-05-27 06:10:46.003] Starting GP driver service
[2025-05-27 06:10:46.003] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:10:49.151] GP driver service started
[2025-05-27 06:10:49.151] Executing malware sample: D:\new\ransomware_high_confidence\dharma\55f111fa13c58f4e6eb6f9828621a463944b7de26fa09cff5a38c31f457def7d.exe
[2025-05-27 06:10:49.152] Malware execution started
[2025-05-27 06:10:49.152] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:11:49.160] Taking screenshot
[2025-05-27 06:11:49.222] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:13:52.953] Powering off VM done
[2025-05-27 06:13:55.953] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:13:57.182] Restoring snapshot 35 done
[2025-05-27 06:13:57.182] Kernel telemetry analysis completed in 203.9 seconds.

[2025-05-27 06:13:57.182] ✅ Analysis completed successfully!
[2025-05-27 06:13:57.182] Progress: 35.4% (498/1408)
[2025-05-27 06:13:57.182] Successful: 498, Failed: 0
[2025-05-27 06:13:57.182] Time remaining: 33.0h
[2025-05-27 06:13:57.182] Waiting 5 seconds before next sample...
[2025-05-27 06:14:02.182] SAMPLE 499/1408
[2025-05-27 06:14:02.182] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:14:02.182] File: 56f1a65ab205548d7cc50c044c510210f084d7c7a381be7e3dd6530da1ce6aff.exe
[2025-05-27 06:14:02.182] Path: D:\new\ransomware_high_confidence\dharma\56f1a65ab205548d7cc50c044c510210f084d7c7a381be7e3dd6530da1ce6aff.exe
[2025-05-27 06:14:02.183] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\56f1a65ab205548d7cc50c044c510210f084d7c7a381be7e3dd6530da1ce6aff.exe
[2025-05-27 06:14:02.183] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:14:03.826] Restoring snapshot 35 done
[2025-05-27 06:14:03.826] Starting up VM
[2025-05-27 06:14:10.800] Starting up VM done
[2025-05-27 06:14:10.800] Installing kernel driver
[2025-05-27 06:14:10.800] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:14:15.195] Kernel driver installation completed
[2025-05-27 06:14:15.196] Starting GP driver service
[2025-05-27 06:14:15.196] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:14:18.345] GP driver service started
[2025-05-27 06:14:18.345] Executing malware sample: D:\new\ransomware_high_confidence\dharma\56f1a65ab205548d7cc50c044c510210f084d7c7a381be7e3dd6530da1ce6aff.exe
[2025-05-27 06:14:18.346] Malware execution started
[2025-05-27 06:14:18.346] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:15:18.354] Taking screenshot
[2025-05-27 06:15:18.416] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:16:15.848] Powering off VM done
[2025-05-27 06:16:18.848] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:16:20.083] Restoring snapshot 35 done
[2025-05-27 06:16:20.083] Kernel telemetry analysis completed in 137.9 seconds.

[2025-05-27 06:16:20.083] ✅ Analysis completed successfully!
[2025-05-27 06:16:20.083] Progress: 35.4% (499/1408)
[2025-05-27 06:16:20.083] Successful: 499, Failed: 0
[2025-05-27 06:16:20.083] Time remaining: 33.0h
[2025-05-27 06:16:20.083] Waiting 5 seconds before next sample...
[2025-05-27 06:16:25.083] SAMPLE 500/1408
[2025-05-27 06:16:25.083] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:16:25.083] File: 584e757b4fb9b56105c3a57053976323f82535c8264082f81dd43f233c04cab9.exe
[2025-05-27 06:16:25.083] Path: D:\new\ransomware_high_confidence\dharma\584e757b4fb9b56105c3a57053976323f82535c8264082f81dd43f233c04cab9.exe
[2025-05-27 06:16:25.083] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\584e757b4fb9b56105c3a57053976323f82535c8264082f81dd43f233c04cab9.exe
[2025-05-27 06:16:25.083] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:16:26.709] Restoring snapshot 35 done
[2025-05-27 06:16:26.709] Starting up VM
[2025-05-27 06:16:32.699] Starting up VM done
[2025-05-27 06:16:32.699] Installing kernel driver
[2025-05-27 06:16:32.699] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:16:37.754] Kernel driver installation completed
[2025-05-27 06:16:37.754] Starting GP driver service
[2025-05-27 06:16:37.754] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:16:40.905] GP driver service started
[2025-05-27 06:16:40.905] Executing malware sample: D:\new\ransomware_high_confidence\dharma\584e757b4fb9b56105c3a57053976323f82535c8264082f81dd43f233c04cab9.exe
[2025-05-27 06:16:40.905] Malware execution started
[2025-05-27 06:16:40.905] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:17:40.913] Taking screenshot
[2025-05-27 06:17:40.975] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:18:25.263] Powering off VM done
[2025-05-27 06:18:28.264] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:18:29.290] Restoring snapshot 35 done
[2025-05-27 06:18:29.290] Kernel telemetry analysis completed in 124.2 seconds.

[2025-05-27 06:18:29.290] ✅ Analysis completed successfully!
[2025-05-27 06:18:29.290] Progress: 35.5% (500/1408)
[2025-05-27 06:18:29.290] Successful: 500, Failed: 0
[2025-05-27 06:18:29.290] Time remaining: 33.0h
[2025-05-27 06:18:29.290] Waiting 5 seconds before next sample...
[2025-05-27 06:18:34.290] SAMPLE 501/1408
[2025-05-27 06:18:34.290] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:18:34.290] File: 5997f7c46d8860cb07a00edf9e093e21a2416cc508c51dbd3838628d9b46b0d5.exe
[2025-05-27 06:18:34.290] Path: D:\new\ransomware_high_confidence\dharma\5997f7c46d8860cb07a00edf9e093e21a2416cc508c51dbd3838628d9b46b0d5.exe
[2025-05-27 06:18:34.290] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\5997f7c46d8860cb07a00edf9e093e21a2416cc508c51dbd3838628d9b46b0d5.exe
[2025-05-27 06:18:34.290] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:18:35.809] Restoring snapshot 35 done
[2025-05-27 06:18:35.809] Starting up VM
[2025-05-27 06:18:41.889] Starting up VM done
[2025-05-27 06:18:41.889] Installing kernel driver
[2025-05-27 06:18:41.889] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:18:46.119] Kernel driver installation completed
[2025-05-27 06:18:46.119] Starting GP driver service
[2025-05-27 06:18:46.119] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:18:49.277] GP driver service started
[2025-05-27 06:18:49.277] Executing malware sample: D:\new\ransomware_high_confidence\dharma\5997f7c46d8860cb07a00edf9e093e21a2416cc508c51dbd3838628d9b46b0d5.exe
[2025-05-27 06:18:49.278] Malware execution started
[2025-05-27 06:18:49.278] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:19:49.286] Taking screenshot
[2025-05-27 06:19:49.352] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:20:19.368] Powering off VM done
[2025-05-27 06:20:22.368] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:20:23.597] Restoring snapshot 35 done
[2025-05-27 06:20:23.597] Kernel telemetry analysis completed in 109.3 seconds.

[2025-05-27 06:20:23.597] ✅ Analysis completed successfully!
[2025-05-27 06:20:23.597] Progress: 35.6% (501/1408)
[2025-05-27 06:20:23.597] Successful: 501, Failed: 0
[2025-05-27 06:20:23.597] Time remaining: 32.9h
[2025-05-27 06:20:23.597] Waiting 5 seconds before next sample...
[2025-05-27 06:20:28.597] SAMPLE 502/1408
[2025-05-27 06:20:28.597] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:20:28.597] File: 5a0d1265d52d2f76dae31aab48b706a72f03078a6111694f59c4ebf06e6e9f43.exe
[2025-05-27 06:20:28.597] Path: D:\new\ransomware_high_confidence\dharma\5a0d1265d52d2f76dae31aab48b706a72f03078a6111694f59c4ebf06e6e9f43.exe
[2025-05-27 06:20:28.597] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\5a0d1265d52d2f76dae31aab48b706a72f03078a6111694f59c4ebf06e6e9f43.exe
[2025-05-27 06:20:28.597] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:20:30.136] Restoring snapshot 35 done
[2025-05-27 06:20:30.136] Starting up VM
[2025-05-27 06:20:36.115] Starting up VM done
[2025-05-27 06:20:36.116] Installing kernel driver
[2025-05-27 06:20:36.116] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:20:40.632] Kernel driver installation completed
[2025-05-27 06:20:40.632] Starting GP driver service
[2025-05-27 06:20:40.632] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:20:43.782] GP driver service started
[2025-05-27 06:20:43.783] Executing malware sample: D:\new\ransomware_high_confidence\dharma\5a0d1265d52d2f76dae31aab48b706a72f03078a6111694f59c4ebf06e6e9f43.exe
[2025-05-27 06:20:43.783] Malware execution started
[2025-05-27 06:20:43.783] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:21:43.791] Taking screenshot
[2025-05-27 06:21:43.852] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:23:20.417] Powering off VM done
[2025-05-27 06:23:23.418] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:23:24.830] Restoring snapshot 35 done
[2025-05-27 06:23:24.830] Kernel telemetry analysis completed in 176.2 seconds.

[2025-05-27 06:23:24.830] ✅ Analysis completed successfully!
[2025-05-27 06:23:24.830] Progress: 35.7% (502/1408)
[2025-05-27 06:23:24.830] Successful: 502, Failed: 0
[2025-05-27 06:23:24.830] Time remaining: 32.9h
[2025-05-27 06:23:24.830] Waiting 5 seconds before next sample...
[2025-05-27 06:23:29.831] SAMPLE 503/1408
[2025-05-27 06:23:29.831] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:23:29.831] File: 629302ede09446efc6c44bea6fb9d4c62354816e227f61868528b6af43eeee94.exe
[2025-05-27 06:23:29.831] Path: D:\new\ransomware_high_confidence\dharma\629302ede09446efc6c44bea6fb9d4c62354816e227f61868528b6af43eeee94.exe
[2025-05-27 06:23:29.831] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\629302ede09446efc6c44bea6fb9d4c62354816e227f61868528b6af43eeee94.exe
[2025-05-27 06:23:29.831] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:23:31.611] Restoring snapshot 35 done
[2025-05-27 06:23:31.611] Starting up VM
[2025-05-27 06:23:37.963] Starting up VM done
[2025-05-27 06:23:37.963] Installing kernel driver
[2025-05-27 06:23:37.963] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:23:42.117] Kernel driver installation completed
[2025-05-27 06:23:42.117] Starting GP driver service
[2025-05-27 06:23:42.118] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:23:45.272] GP driver service started
[2025-05-27 06:23:45.272] Executing malware sample: D:\new\ransomware_high_confidence\dharma\629302ede09446efc6c44bea6fb9d4c62354816e227f61868528b6af43eeee94.exe
[2025-05-27 06:23:45.273] Malware execution started
[2025-05-27 06:23:45.273] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:24:45.281] Taking screenshot
[2025-05-27 06:24:45.343] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:25:40.022] Powering off VM done
[2025-05-27 06:25:43.022] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:25:44.202] Restoring snapshot 35 done
[2025-05-27 06:25:44.202] Kernel telemetry analysis completed in 134.4 seconds.

[2025-05-27 06:25:44.202] ✅ Analysis completed successfully!
[2025-05-27 06:25:44.202] Progress: 35.7% (503/1408)
[2025-05-27 06:25:44.202] Successful: 503, Failed: 0
[2025-05-27 06:25:44.202] Time remaining: 32.9h
[2025-05-27 06:25:44.202] Waiting 5 seconds before next sample...
[2025-05-27 06:25:49.202] SAMPLE 504/1408
[2025-05-27 06:25:49.202] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:25:49.202] File: 6985917d29596b66d9bbc745a13d5577110d9b0408719c5559d23dd59a9e4f0b.exe
[2025-05-27 06:25:49.202] Path: D:\new\ransomware_high_confidence\dharma\6985917d29596b66d9bbc745a13d5577110d9b0408719c5559d23dd59a9e4f0b.exe
[2025-05-27 06:25:49.202] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\6985917d29596b66d9bbc745a13d5577110d9b0408719c5559d23dd59a9e4f0b.exe
[2025-05-27 06:25:49.202] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:25:50.714] Restoring snapshot 35 done
[2025-05-27 06:25:50.714] Starting up VM
[2025-05-27 06:25:56.667] Starting up VM done
[2025-05-27 06:25:56.667] Installing kernel driver
[2025-05-27 06:25:56.667] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:26:01.049] Kernel driver installation completed
[2025-05-27 06:26:01.049] Starting GP driver service
[2025-05-27 06:26:01.049] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:26:04.224] GP driver service started
[2025-05-27 06:26:04.224] Executing malware sample: D:\new\ransomware_high_confidence\dharma\6985917d29596b66d9bbc745a13d5577110d9b0408719c5559d23dd59a9e4f0b.exe
[2025-05-27 06:26:04.224] Malware execution started
[2025-05-27 06:26:04.224] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:27:04.233] Taking screenshot
[2025-05-27 06:27:04.295] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:28:04.334] Powering off VM done
[2025-05-27 06:28:07.335] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:28:09.096] Restoring snapshot 35 done
[2025-05-27 06:28:09.096] Kernel telemetry analysis completed in 139.9 seconds.

[2025-05-27 06:28:09.096] ✅ Analysis completed successfully!
[2025-05-27 06:28:09.096] Progress: 35.8% (504/1408)
[2025-05-27 06:28:09.096] Successful: 504, Failed: 0
[2025-05-27 06:28:09.096] Time remaining: 32.8h
[2025-05-27 06:28:09.096] Waiting 5 seconds before next sample...
[2025-05-27 06:28:14.096] SAMPLE 505/1408
[2025-05-27 06:28:14.096] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:28:14.096] File: 8e8b6818423930eea073315743b788aef2f41198961946046b7b89042cb3f95a.exe
[2025-05-27 06:28:14.096] Path: D:\new\ransomware_high_confidence\dharma\8e8b6818423930eea073315743b788aef2f41198961946046b7b89042cb3f95a.exe
[2025-05-27 06:28:14.096] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\8e8b6818423930eea073315743b788aef2f41198961946046b7b89042cb3f95a.exe
[2025-05-27 06:28:14.097] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:28:15.564] Restoring snapshot 35 done
[2025-05-27 06:28:15.564] Starting up VM
[2025-05-27 06:28:22.295] Starting up VM done
[2025-05-27 06:28:22.295] Installing kernel driver
[2025-05-27 06:28:22.295] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:28:25.948] Kernel driver installation completed
[2025-05-27 06:28:25.948] Starting GP driver service
[2025-05-27 06:28:25.948] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:28:29.106] GP driver service started
[2025-05-27 06:28:29.106] Executing malware sample: D:\new\ransomware_high_confidence\dharma\8e8b6818423930eea073315743b788aef2f41198961946046b7b89042cb3f95a.exe
[2025-05-27 06:28:29.107] Malware execution started
[2025-05-27 06:28:29.107] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:29:29.115] Taking screenshot
[2025-05-27 06:29:29.176] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:30:53.938] Powering off VM done
[2025-05-27 06:30:56.938] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:30:58.340] Restoring snapshot 35 done
[2025-05-27 06:30:58.340] Kernel telemetry analysis completed in 164.2 seconds.

[2025-05-27 06:30:58.340] ✅ Analysis completed successfully!
[2025-05-27 06:30:58.340] Progress: 35.9% (505/1408)
[2025-05-27 06:30:58.340] Successful: 505, Failed: 0
[2025-05-27 06:30:58.340] Time remaining: 32.8h
[2025-05-27 06:30:58.340] Waiting 5 seconds before next sample...
[2025-05-27 06:31:03.340] SAMPLE 506/1408
[2025-05-27 06:31:03.340] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:31:03.340] File: 90c54543aaf085e00879d4fe98a6dfb8148548f374828d50b6e3ac44668138b2.exe
[2025-05-27 06:31:03.340] Path: D:\new\ransomware_high_confidence\dharma\90c54543aaf085e00879d4fe98a6dfb8148548f374828d50b6e3ac44668138b2.exe
[2025-05-27 06:31:03.340] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\90c54543aaf085e00879d4fe98a6dfb8148548f374828d50b6e3ac44668138b2.exe
[2025-05-27 06:31:03.340] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:31:04.873] Restoring snapshot 35 done
[2025-05-27 06:31:04.873] Starting up VM
[2025-05-27 06:31:11.836] Starting up VM done
[2025-05-27 06:31:11.836] Installing kernel driver
[2025-05-27 06:31:11.836] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:31:16.386] Kernel driver installation completed
[2025-05-27 06:31:16.386] Starting GP driver service
[2025-05-27 06:31:16.386] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:31:19.539] GP driver service started
[2025-05-27 06:31:19.540] Executing malware sample: D:\new\ransomware_high_confidence\dharma\90c54543aaf085e00879d4fe98a6dfb8148548f374828d50b6e3ac44668138b2.exe
[2025-05-27 06:31:19.540] Malware execution started
[2025-05-27 06:31:19.540] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:32:19.548] Taking screenshot
[2025-05-27 06:32:19.609] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:33:14.935] Powering off VM done
[2025-05-27 06:33:17.935] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:33:19.251] Restoring snapshot 35 done
[2025-05-27 06:33:19.251] Kernel telemetry analysis completed in 135.9 seconds.

[2025-05-27 06:33:19.251] ✅ Analysis completed successfully!
[2025-05-27 06:33:19.251] Progress: 35.9% (506/1408)
[2025-05-27 06:33:19.251] Successful: 506, Failed: 0
[2025-05-27 06:33:19.251] Time remaining: 32.8h
[2025-05-27 06:33:19.251] Waiting 5 seconds before next sample...
[2025-05-27 06:33:24.252] SAMPLE 507/1408
[2025-05-27 06:33:24.252] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:33:24.252] File: 97689f3967844dd326e7a2b68e7da5b6b3967eea7748d1e3313910a16cacdf16.exe
[2025-05-27 06:33:24.252] Path: D:\new\ransomware_high_confidence\dharma\97689f3967844dd326e7a2b68e7da5b6b3967eea7748d1e3313910a16cacdf16.exe
[2025-05-27 06:33:24.252] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\97689f3967844dd326e7a2b68e7da5b6b3967eea7748d1e3313910a16cacdf16.exe
[2025-05-27 06:33:24.252] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:33:25.795] Restoring snapshot 35 done
[2025-05-27 06:33:25.795] Starting up VM
[2025-05-27 06:33:31.850] Starting up VM done
[2025-05-27 06:33:31.850] Installing kernel driver
[2025-05-27 06:33:31.850] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:33:36.257] Kernel driver installation completed
[2025-05-27 06:33:36.257] Starting GP driver service
[2025-05-27 06:33:36.257] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:33:39.411] GP driver service started
[2025-05-27 06:33:39.411] Executing malware sample: D:\new\ransomware_high_confidence\dharma\97689f3967844dd326e7a2b68e7da5b6b3967eea7748d1e3313910a16cacdf16.exe
[2025-05-27 06:33:39.412] Malware execution started
[2025-05-27 06:33:39.412] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:34:39.420] Taking screenshot
[2025-05-27 06:34:39.482] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:35:15.662] Powering off VM done
[2025-05-27 06:35:18.662] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:35:20.333] Restoring snapshot 35 done
[2025-05-27 06:35:20.333] Kernel telemetry analysis completed in 116.1 seconds.

[2025-05-27 06:35:20.333] ✅ Analysis completed successfully!
[2025-05-27 06:35:20.333] Progress: 36.0% (507/1408)
[2025-05-27 06:35:20.333] Successful: 507, Failed: 0
[2025-05-27 06:35:20.333] Time remaining: 32.8h
[2025-05-27 06:35:20.333] Waiting 5 seconds before next sample...
[2025-05-27 06:35:25.333] SAMPLE 508/1408
[2025-05-27 06:35:25.333] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:35:25.333] File: 9a4e6b6a25332f21e4e15bd5c67ea1613db78bf02fa3cef2eba47f27723f8d58.exe
[2025-05-27 06:35:25.333] Path: D:\new\ransomware_high_confidence\dharma\9a4e6b6a25332f21e4e15bd5c67ea1613db78bf02fa3cef2eba47f27723f8d58.exe
[2025-05-27 06:35:25.333] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\9a4e6b6a25332f21e4e15bd5c67ea1613db78bf02fa3cef2eba47f27723f8d58.exe
[2025-05-27 06:35:25.333] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:35:27.196] Restoring snapshot 35 done
[2025-05-27 06:35:27.196] Starting up VM
[2025-05-27 06:35:33.857] Starting up VM done
[2025-05-27 06:35:33.857] Installing kernel driver
[2025-05-27 06:35:33.857] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:35:38.326] Kernel driver installation completed
[2025-05-27 06:35:38.326] Starting GP driver service
[2025-05-27 06:35:38.326] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:35:41.474] GP driver service started
[2025-05-27 06:35:41.474] Executing malware sample: D:\new\ransomware_high_confidence\dharma\9a4e6b6a25332f21e4e15bd5c67ea1613db78bf02fa3cef2eba47f27723f8d58.exe
[2025-05-27 06:35:41.474] Malware execution started
[2025-05-27 06:35:41.474] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:36:41.482] Taking screenshot
[2025-05-27 06:36:41.545] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:37:56.510] Powering off VM done
[2025-05-27 06:37:59.511] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:38:01.015] Restoring snapshot 35 done
[2025-05-27 06:38:01.015] Kernel telemetry analysis completed in 155.7 seconds.

[2025-05-27 06:38:01.015] ✅ Analysis completed successfully!
[2025-05-27 06:38:01.015] Progress: 36.1% (508/1408)
[2025-05-27 06:38:01.015] Successful: 508, Failed: 0
[2025-05-27 06:38:01.015] Time remaining: 32.7h
[2025-05-27 06:38:01.015] Waiting 5 seconds before next sample...
[2025-05-27 06:38:06.015] SAMPLE 509/1408
[2025-05-27 06:38:06.015] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:38:06.015] File: a08c192df62e58faf203a10d830a6f0c34f1d843373ce5ca6f4826ed45a36764.exe
[2025-05-27 06:38:06.015] Path: D:\new\ransomware_high_confidence\dharma\a08c192df62e58faf203a10d830a6f0c34f1d843373ce5ca6f4826ed45a36764.exe
[2025-05-27 06:38:06.016] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\a08c192df62e58faf203a10d830a6f0c34f1d843373ce5ca6f4826ed45a36764.exe
[2025-05-27 06:38:06.016] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:38:07.580] Restoring snapshot 35 done
[2025-05-27 06:38:07.580] Starting up VM
[2025-05-27 06:38:13.885] Starting up VM done
[2025-05-27 06:38:13.885] Installing kernel driver
[2025-05-27 06:38:13.885] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:38:18.054] Kernel driver installation completed
[2025-05-27 06:38:18.054] Starting GP driver service
[2025-05-27 06:38:18.054] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:38:21.203] GP driver service started
[2025-05-27 06:38:21.203] Executing malware sample: D:\new\ransomware_high_confidence\dharma\a08c192df62e58faf203a10d830a6f0c34f1d843373ce5ca6f4826ed45a36764.exe
[2025-05-27 06:38:21.204] Malware execution started
[2025-05-27 06:38:21.204] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:39:21.212] Taking screenshot
[2025-05-27 06:39:21.277] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:39:41.968] Powering off VM done
[2025-05-27 06:39:44.969] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:39:46.298] Restoring snapshot 35 done
[2025-05-27 06:39:46.298] Kernel telemetry analysis completed in 100.3 seconds.

[2025-05-27 06:39:46.298] ✅ Analysis completed successfully!
[2025-05-27 06:39:46.298] Progress: 36.2% (509/1408)
[2025-05-27 06:39:46.298] Successful: 509, Failed: 0
[2025-05-27 06:39:46.298] Time remaining: 32.7h
[2025-05-27 06:39:46.298] Waiting 5 seconds before next sample...
[2025-05-27 06:39:51.298] SAMPLE 510/1408
[2025-05-27 06:39:51.298] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:39:51.298] File: ad14312e134f8b9483b2d701b1470758e8944764ec803252efede6b1c49e9485.exe
[2025-05-27 06:39:51.298] Path: D:\new\ransomware_high_confidence\dharma\ad14312e134f8b9483b2d701b1470758e8944764ec803252efede6b1c49e9485.exe
[2025-05-27 06:39:51.299] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\ad14312e134f8b9483b2d701b1470758e8944764ec803252efede6b1c49e9485.exe
[2025-05-27 06:39:51.299] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:39:52.904] Restoring snapshot 35 done
[2025-05-27 06:39:52.904] Starting up VM
[2025-05-27 06:39:59.370] Starting up VM done
[2025-05-27 06:39:59.370] Installing kernel driver
[2025-05-27 06:39:59.370] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:40:03.021] Kernel driver installation completed
[2025-05-27 06:40:03.021] Starting GP driver service
[2025-05-27 06:40:03.021] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:40:06.173] GP driver service started
[2025-05-27 06:40:06.173] Executing malware sample: D:\new\ransomware_high_confidence\dharma\ad14312e134f8b9483b2d701b1470758e8944764ec803252efede6b1c49e9485.exe
[2025-05-27 06:40:06.173] Malware execution started
[2025-05-27 06:40:06.173] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:41:06.181] Taking screenshot
[2025-05-27 06:41:06.244] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:41:59.198] Powering off VM done
[2025-05-27 06:42:02.198] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:42:03.523] Restoring snapshot 35 done
[2025-05-27 06:42:03.523] Kernel telemetry analysis completed in 132.2 seconds.

[2025-05-27 06:42:03.523] ✅ Analysis completed successfully!
[2025-05-27 06:42:03.523] Progress: 36.2% (510/1408)
[2025-05-27 06:42:03.523] Successful: 510, Failed: 0
[2025-05-27 06:42:03.523] Time remaining: 32.7h
[2025-05-27 06:42:03.523] Waiting 5 seconds before next sample...
[2025-05-27 06:42:08.524] SAMPLE 511/1408
[2025-05-27 06:42:08.524] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:42:08.524] File: b565c8e1e81796db13409f37e4bd28877272b5e54ab5c0a3d9b6a024e7f5a039.exe
[2025-05-27 06:42:08.524] Path: D:\new\ransomware_high_confidence\dharma\b565c8e1e81796db13409f37e4bd28877272b5e54ab5c0a3d9b6a024e7f5a039.exe
[2025-05-27 06:42:08.524] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\b565c8e1e81796db13409f37e4bd28877272b5e54ab5c0a3d9b6a024e7f5a039.exe
[2025-05-27 06:42:08.524] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:42:09.958] Restoring snapshot 35 done
[2025-05-27 06:42:09.958] Starting up VM
[2025-05-27 06:42:15.755] Starting up VM done
[2025-05-27 06:42:15.756] Installing kernel driver
[2025-05-27 06:42:15.756] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:42:19.495] Kernel driver installation completed
[2025-05-27 06:42:19.496] Starting GP driver service
[2025-05-27 06:42:19.496] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:42:22.649] GP driver service started
[2025-05-27 06:42:22.649] Executing malware sample: D:\new\ransomware_high_confidence\dharma\b565c8e1e81796db13409f37e4bd28877272b5e54ab5c0a3d9b6a024e7f5a039.exe
[2025-05-27 06:42:22.650] Malware execution started
[2025-05-27 06:42:22.650] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:43:22.658] Taking screenshot
[2025-05-27 06:43:22.720] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:44:58.377] Powering off VM done
[2025-05-27 06:45:01.377] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:45:02.997] Restoring snapshot 35 done
[2025-05-27 06:45:02.997] Kernel telemetry analysis completed in 174.5 seconds.

[2025-05-27 06:45:02.997] ✅ Analysis completed successfully!
[2025-05-27 06:45:02.997] Progress: 36.3% (511/1408)
[2025-05-27 06:45:02.997] Successful: 511, Failed: 0
[2025-05-27 06:45:02.997] Time remaining: 32.6h
[2025-05-27 06:45:02.997] Waiting 5 seconds before next sample...
[2025-05-27 06:45:07.997] SAMPLE 512/1408
[2025-05-27 06:45:07.997] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:45:07.997] File: b6c644a1644dd9b81a604fb6ad6a8cebf4a9b14d5c41da633a93ba2f459f31ae.exe
[2025-05-27 06:45:07.997] Path: D:\new\ransomware_high_confidence\dharma\b6c644a1644dd9b81a604fb6ad6a8cebf4a9b14d5c41da633a93ba2f459f31ae.exe
[2025-05-27 06:45:07.997] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\b6c644a1644dd9b81a604fb6ad6a8cebf4a9b14d5c41da633a93ba2f459f31ae.exe
[2025-05-27 06:45:07.997] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:45:09.745] Restoring snapshot 35 done
[2025-05-27 06:45:09.745] Starting up VM
[2025-05-27 06:45:16.355] Starting up VM done
[2025-05-27 06:45:16.355] Installing kernel driver
[2025-05-27 06:45:16.355] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:45:20.588] Kernel driver installation completed
[2025-05-27 06:45:20.588] Starting GP driver service
[2025-05-27 06:45:20.588] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:45:23.748] GP driver service started
[2025-05-27 06:45:23.748] Executing malware sample: D:\new\ransomware_high_confidence\dharma\b6c644a1644dd9b81a604fb6ad6a8cebf4a9b14d5c41da633a93ba2f459f31ae.exe
[2025-05-27 06:45:23.748] Malware execution started
[2025-05-27 06:45:23.748] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:46:23.756] Taking screenshot
[2025-05-27 06:46:23.819] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:47:14.931] Powering off VM done
[2025-05-27 06:47:17.931] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:47:18.939] Restoring snapshot 35 done
[2025-05-27 06:47:18.939] Kernel telemetry analysis completed in 130.9 seconds.

[2025-05-27 06:47:18.939] ✅ Analysis completed successfully!
[2025-05-27 06:47:18.939] Progress: 36.4% (512/1408)
[2025-05-27 06:47:18.939] Successful: 512, Failed: 0
[2025-05-27 06:47:18.939] Time remaining: 32.6h
[2025-05-27 06:47:18.939] Waiting 5 seconds before next sample...
[2025-05-27 06:47:23.939] SAMPLE 513/1408
[2025-05-27 06:47:23.939] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:47:23.939] File: c855a83b6b0b51c9e9bc1b2676d5644f1c578b87734517ce63820ca33d155707.exe
[2025-05-27 06:47:23.939] Path: D:\new\ransomware_high_confidence\dharma\c855a83b6b0b51c9e9bc1b2676d5644f1c578b87734517ce63820ca33d155707.exe
[2025-05-27 06:47:23.940] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\c855a83b6b0b51c9e9bc1b2676d5644f1c578b87734517ce63820ca33d155707.exe
[2025-05-27 06:47:23.940] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:47:25.668] Restoring snapshot 35 done
[2025-05-27 06:47:25.668] Starting up VM
[2025-05-27 06:47:31.599] Starting up VM done
[2025-05-27 06:47:31.599] Installing kernel driver
[2025-05-27 06:47:31.599] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:47:36.046] Kernel driver installation completed
[2025-05-27 06:47:36.046] Starting GP driver service
[2025-05-27 06:47:36.046] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:47:39.201] GP driver service started
[2025-05-27 06:47:39.201] Executing malware sample: D:\new\ransomware_high_confidence\dharma\c855a83b6b0b51c9e9bc1b2676d5644f1c578b87734517ce63820ca33d155707.exe
[2025-05-27 06:47:39.201] Malware execution started
[2025-05-27 06:47:39.201] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:48:39.210] Taking screenshot
[2025-05-27 06:48:39.274] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:49:42.440] Powering off VM done
[2025-05-27 06:49:45.440] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:49:46.766] Restoring snapshot 35 done
[2025-05-27 06:49:46.766] Kernel telemetry analysis completed in 142.8 seconds.

[2025-05-27 06:49:46.766] ✅ Analysis completed successfully!
[2025-05-27 06:49:46.766] Progress: 36.4% (513/1408)
[2025-05-27 06:49:46.766] Successful: 513, Failed: 0
[2025-05-27 06:49:46.766] Time remaining: 32.6h
[2025-05-27 06:49:46.766] Waiting 5 seconds before next sample...
[2025-05-27 06:49:51.767] SAMPLE 514/1408
[2025-05-27 06:49:51.767] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:49:51.767] File: d13c712deac973ddd3666c02b76e8c0f2f5a4291078b579e231cdb8f5554efb2.exe
[2025-05-27 06:49:51.767] Path: D:\new\ransomware_high_confidence\dharma\d13c712deac973ddd3666c02b76e8c0f2f5a4291078b579e231cdb8f5554efb2.exe
[2025-05-27 06:49:51.767] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\d13c712deac973ddd3666c02b76e8c0f2f5a4291078b579e231cdb8f5554efb2.exe
[2025-05-27 06:49:51.767] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:49:53.309] Restoring snapshot 35 done
[2025-05-27 06:49:53.309] Starting up VM
[2025-05-27 06:49:59.536] Starting up VM done
[2025-05-27 06:49:59.536] Installing kernel driver
[2025-05-27 06:49:59.537] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:50:03.264] Kernel driver installation completed
[2025-05-27 06:50:03.264] Starting GP driver service
[2025-05-27 06:50:03.264] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:50:06.415] GP driver service started
[2025-05-27 06:50:06.415] Executing malware sample: D:\new\ransomware_high_confidence\dharma\d13c712deac973ddd3666c02b76e8c0f2f5a4291078b579e231cdb8f5554efb2.exe
[2025-05-27 06:50:06.416] Malware execution started
[2025-05-27 06:50:06.416] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:51:06.424] Taking screenshot
[2025-05-27 06:51:06.486] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:52:24.955] Powering off VM done
[2025-05-27 06:52:27.955] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:52:28.985] Restoring snapshot 35 done
[2025-05-27 06:52:28.985] Kernel telemetry analysis completed in 157.2 seconds.

[2025-05-27 06:52:28.986] ✅ Analysis completed successfully!
[2025-05-27 06:52:28.986] Progress: 36.5% (514/1408)
[2025-05-27 06:52:28.986] Successful: 514, Failed: 0
[2025-05-27 06:52:28.986] Time remaining: 32.6h
[2025-05-27 06:52:28.986] Waiting 5 seconds before next sample...
[2025-05-27 06:52:33.986] SAMPLE 515/1408
[2025-05-27 06:52:33.986] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:52:33.986] File: d424fd77dc8e421ac66621a2ea3a36533e6cdb19335b909cbaaac970993e62a4.exe
[2025-05-27 06:52:33.986] Path: D:\new\ransomware_high_confidence\dharma\d424fd77dc8e421ac66621a2ea3a36533e6cdb19335b909cbaaac970993e62a4.exe
[2025-05-27 06:52:33.986] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\d424fd77dc8e421ac66621a2ea3a36533e6cdb19335b909cbaaac970993e62a4.exe
[2025-05-27 06:52:33.986] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:52:35.536] Restoring snapshot 35 done
[2025-05-27 06:52:35.536] Starting up VM
[2025-05-27 06:52:41.513] Starting up VM done
[2025-05-27 06:52:41.513] Installing kernel driver
[2025-05-27 06:52:41.513] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:52:45.153] Kernel driver installation completed
[2025-05-27 06:52:45.153] Starting GP driver service
[2025-05-27 06:52:45.153] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:52:48.306] GP driver service started
[2025-05-27 06:52:48.306] Executing malware sample: D:\new\ransomware_high_confidence\dharma\d424fd77dc8e421ac66621a2ea3a36533e6cdb19335b909cbaaac970993e62a4.exe
[2025-05-27 06:52:48.307] Malware execution started
[2025-05-27 06:52:48.307] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:53:48.315] Taking screenshot
[2025-05-27 06:53:48.377] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:54:31.994] Powering off VM done
[2025-05-27 06:54:34.994] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:54:36.448] Restoring snapshot 35 done
[2025-05-27 06:54:36.448] Kernel telemetry analysis completed in 122.5 seconds.

[2025-05-27 06:54:36.448] ✅ Analysis completed successfully!
[2025-05-27 06:54:36.448] Progress: 36.6% (515/1408)
[2025-05-27 06:54:36.448] Successful: 515, Failed: 0
[2025-05-27 06:54:36.448] Time remaining: 32.5h
[2025-05-27 06:54:36.448] Waiting 5 seconds before next sample...
[2025-05-27 06:54:41.449] SAMPLE 516/1408
[2025-05-27 06:54:41.449] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:54:41.449] File: d4b6920e28ddba697f8e2e33f6479d16c9b92fefdc36894e3c594e3f71095e4d.exe
[2025-05-27 06:54:41.449] Path: D:\new\ransomware_high_confidence\dharma\d4b6920e28ddba697f8e2e33f6479d16c9b92fefdc36894e3c594e3f71095e4d.exe
[2025-05-27 06:54:41.449] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\d4b6920e28ddba697f8e2e33f6479d16c9b92fefdc36894e3c594e3f71095e4d.exe
[2025-05-27 06:54:41.449] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:54:43.158] Restoring snapshot 35 done
[2025-05-27 06:54:43.158] Starting up VM
[2025-05-27 06:54:49.400] Starting up VM done
[2025-05-27 06:54:49.400] Installing kernel driver
[2025-05-27 06:54:49.400] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:54:53.763] Kernel driver installation completed
[2025-05-27 06:54:53.763] Starting GP driver service
[2025-05-27 06:54:53.764] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:54:56.922] GP driver service started
[2025-05-27 06:54:56.923] Executing malware sample: D:\new\ransomware_high_confidence\dharma\d4b6920e28ddba697f8e2e33f6479d16c9b92fefdc36894e3c594e3f71095e4d.exe
[2025-05-27 06:54:56.923] Malware execution started
[2025-05-27 06:54:56.923] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:55:56.931] Taking screenshot
[2025-05-27 06:55:56.992] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:56:55.981] Powering off VM done
[2025-05-27 06:56:58.982] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:57:00.192] Restoring snapshot 35 done
[2025-05-27 06:57:00.192] Kernel telemetry analysis completed in 138.7 seconds.

[2025-05-27 06:57:00.192] ✅ Analysis completed successfully!
[2025-05-27 06:57:00.192] Progress: 36.6% (516/1408)
[2025-05-27 06:57:00.192] Successful: 516, Failed: 0
[2025-05-27 06:57:00.192] Time remaining: 32.5h
[2025-05-27 06:57:00.192] Waiting 5 seconds before next sample...
[2025-05-27 06:57:05.193] SAMPLE 517/1408
[2025-05-27 06:57:05.193] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:57:05.193] File: e4a43f0bb8216496b95826c2c1aeb2f3ece6a7d87a8dbc7a0cc6a3935ace3d90.exe
[2025-05-27 06:57:05.193] Path: D:\new\ransomware_high_confidence\dharma\e4a43f0bb8216496b95826c2c1aeb2f3ece6a7d87a8dbc7a0cc6a3935ace3d90.exe
[2025-05-27 06:57:05.193] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\e4a43f0bb8216496b95826c2c1aeb2f3ece6a7d87a8dbc7a0cc6a3935ace3d90.exe
[2025-05-27 06:57:05.193] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:57:06.830] Restoring snapshot 35 done
[2025-05-27 06:57:06.830] Starting up VM
[2025-05-27 06:57:14.648] Starting up VM done
[2025-05-27 06:57:14.648] Installing kernel driver
[2025-05-27 06:57:14.648] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:57:19.286] Kernel driver installation completed
[2025-05-27 06:57:19.286] Starting GP driver service
[2025-05-27 06:57:19.286] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:57:22.434] GP driver service started
[2025-05-27 06:57:22.434] Executing malware sample: D:\new\ransomware_high_confidence\dharma\e4a43f0bb8216496b95826c2c1aeb2f3ece6a7d87a8dbc7a0cc6a3935ace3d90.exe
[2025-05-27 06:57:22.434] Malware execution started
[2025-05-27 06:57:22.434] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 06:58:22.442] Taking screenshot
[2025-05-27 06:58:22.504] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:59:20.797] Powering off VM done
[2025-05-27 06:59:23.797] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:59:25.020] Restoring snapshot 35 done
[2025-05-27 06:59:25.020] Kernel telemetry analysis completed in 139.8 seconds.

[2025-05-27 06:59:25.020] ✅ Analysis completed successfully!
[2025-05-27 06:59:25.020] Progress: 36.7% (517/1408)
[2025-05-27 06:59:25.020] Successful: 517, Failed: 0
[2025-05-27 06:59:25.020] Time remaining: 32.5h
[2025-05-27 06:59:25.020] Waiting 5 seconds before next sample...
[2025-05-27 06:59:30.020] SAMPLE 518/1408
[2025-05-27 06:59:30.020] Family: D:\new\ransomware_high_confidence\dharma
[2025-05-27 06:59:30.020] File: e589257b8ad21635e0b1cf15b0936f939b19153806c3dcb9d502853525977817.exe
[2025-05-27 06:59:30.020] Path: D:\new\ransomware_high_confidence\dharma\e589257b8ad21635e0b1cf15b0936f939b19153806c3dcb9d502853525977817.exe
[2025-05-27 06:59:30.021] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\dharma\e589257b8ad21635e0b1cf15b0936f939b19153806c3dcb9d502853525977817.exe
[2025-05-27 06:59:30.021] Malware execution time: 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 06:59:31.570] Restoring snapshot 35 done
[2025-05-27 06:59:31.570] Starting up VM
[2025-05-27 06:59:37.927] Starting up VM done
[2025-05-27 06:59:37.927] Installing kernel driver
[2025-05-27 06:59:37.927] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 06:59:42.171] Kernel driver installation completed
[2025-05-27 06:59:42.171] Starting GP driver service
[2025-05-27 06:59:42.171] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 06:59:45.317] GP driver service started
[2025-05-27 06:59:45.317] Executing malware sample: D:\new\ransomware_high_confidence\dharma\e589257b8ad21635e0b1cf15b0936f939b19153806c3dcb9d502853525977817.exe
[2025-05-27 06:59:45.318] Malware execution started
[2025-05-27 06:59:45.318] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:00:45.326] Taking screenshot
[2025-05-27 07:00:45.388] Taking 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:02:21.230] Powering off VM done
[2025-05-27 07:02:24.231] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:02:25.460] Restoring snapshot 35 done
[2025-05-27 07:02:25.460] Kernel telemetry analysis completed in 175.4 seconds.

[2025-05-27 07:02:25.460] ✅ Analysis completed successfully!
[2025-05-27 07:02:25.460] Progress: 36.8% (518/1408)
[2025-05-27 07:02:25.460] Successful: 518, Failed: 0
[2025-05-27 07:02:25.460] Time remaining: 32.4h
[2025-05-27 07:02:25.460] Waiting 5 seconds before next sample...
[2025-05-27 07:02:30.460] SAMPLE 519/1408
[2025-05-27 07:02:30.461] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:02:30.461] File: 0b5f142418adffa1ba2c6fed16dee81a505481b411759aa7355c1d3fb0d719b4.exe
[2025-05-27 07:02:30.461] Path: D:\new\ransomware_high_confidence\doppelpaymer\0b5f142418adffa1ba2c6fed16dee81a505481b411759aa7355c1d3fb0d719b4.exe
[2025-05-27 07:02:30.461] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\0b5f142418adffa1ba2c6fed16dee81a505481b411759aa7355c1d3fb0d719b4.exe
[2025-05-27 07:02:30.461] Malwar

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:02:32.004] Restoring snapshot 35 done
[2025-05-27 07:02:32.004] Starting up VM
[2025-05-27 07:02:37.836] Starting up VM done
[2025-05-27 07:02:37.836] Installing kernel driver
[2025-05-27 07:02:37.836] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:02:41.563] Kernel driver installation completed
[2025-05-27 07:02:41.563] Starting GP driver service
[2025-05-27 07:02:41.563] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:02:44.714] GP driver service started
[2025-05-27 07:02:44.714] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\0b5f142418adffa1ba2c6fed16dee81a505481b411759aa7355c1d3fb0d719b4.exe
[2025-05-27 07:02:44.714] Malware execution started
[2025-05-27 07:02:44.714] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:03:44.723] Taking screenshot
[2025-05-27 07:03:44.784] T

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:04:02.120] Powering off VM done
[2025-05-27 07:04:05.120] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:04:06.435] Restoring snapshot 35 done
[2025-05-27 07:04:06.435] Kernel telemetry analysis completed in 96.0 seconds.

[2025-05-27 07:04:06.435] ✅ Analysis completed successfully!
[2025-05-27 07:04:06.435] Progress: 36.9% (519/1408)
[2025-05-27 07:04:06.435] Successful: 519, Failed: 0
[2025-05-27 07:04:06.435] Time remaining: 32.4h
[2025-05-27 07:04:06.435] Waiting 5 seconds before next sample...
[2025-05-27 07:04:11.435] SAMPLE 520/1408
[2025-05-27 07:04:11.435] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:04:11.435] File: 0fe622ba1a8d90793d2646b8afa7c75834d1a4bf9dd0696e5b894037c13ed299.exe
[2025-05-27 07:04:11.435] Path: D:\new\ransomware_high_confidence\doppelpaymer\0fe622ba1a8d90793d2646b8afa7c75834d1a4bf9dd0696e5b894037c13ed299.exe
[2025-05-27 07:04:11.435] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\0fe622ba1a8d90793d2646b8afa7c75834d1a4bf9dd0696e5b894037c13ed299.exe
[2025-05-27 07:04:11.436] Malware

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:04:13.262] Restoring snapshot 35 done
[2025-05-27 07:04:13.262] Starting up VM
[2025-05-27 07:04:19.189] Starting up VM done
[2025-05-27 07:04:19.189] Installing kernel driver
[2025-05-27 07:04:19.189] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:04:23.854] Kernel driver installation completed
[2025-05-27 07:04:23.854] Starting GP driver service
[2025-05-27 07:04:23.854] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:04:27.010] GP driver service started
[2025-05-27 07:04:27.010] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\0fe622ba1a8d90793d2646b8afa7c75834d1a4bf9dd0696e5b894037c13ed299.exe
[2025-05-27 07:04:27.011] Malware execution started
[2025-05-27 07:04:27.011] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:05:27.019] Taking screenshot
[2025-05-27 07:05:27.081] T

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:05:46.670] Powering off VM done
[2025-05-27 07:05:49.670] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:05:51.098] Restoring snapshot 35 done
[2025-05-27 07:05:51.098] Kernel telemetry analysis completed in 99.7 seconds.

[2025-05-27 07:05:51.098] ✅ Analysis completed successfully!
[2025-05-27 07:05:51.098] Progress: 36.9% (520/1408)
[2025-05-27 07:05:51.098] Successful: 520, Failed: 0
[2025-05-27 07:05:51.098] Time remaining: 32.3h
[2025-05-27 07:05:51.098] Waiting 5 seconds before next sample...
[2025-05-27 07:05:56.098] SAMPLE 521/1408
[2025-05-27 07:05:56.098] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:05:56.098] File: 17528798f8b5ec83731a383b16b692bb3a5aa6d9c09fe0e9bb6fb92687350963.exe
[2025-05-27 07:05:56.098] Path: D:\new\ransomware_high_confidence\doppelpaymer\17528798f8b5ec83731a383b16b692bb3a5aa6d9c09fe0e9bb6fb92687350963.exe
[2025-05-27 07:05:56.098] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\17528798f8b5ec83731a383b16b692bb3a5aa6d9c09fe0e9bb6fb92687350963.exe
[2025-05-27 07:05:56.098] Malware

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:05:57.848] Restoring snapshot 35 done
[2025-05-27 07:05:57.848] Starting up VM
[2025-05-27 07:06:04.337] Starting up VM done
[2025-05-27 07:06:04.337] Installing kernel driver
[2025-05-27 07:06:04.337] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:06:08.492] Kernel driver installation completed
[2025-05-27 07:06:08.492] Starting GP driver service
[2025-05-27 07:06:08.492] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:06:11.654] GP driver service started
[2025-05-27 07:06:11.655] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\17528798f8b5ec83731a383b16b692bb3a5aa6d9c09fe0e9bb6fb92687350963.exe
[2025-05-27 07:06:11.655] Malware execution started
[2025-05-27 07:06:11.655] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:07:11.663] Taking screenshot
[2025-05-27 07:07:11.726] T

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:07:27.487] Powering off VM done
[2025-05-27 07:07:30.487] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:07:31.812] Restoring snapshot 35 done
[2025-05-27 07:07:31.812] Kernel telemetry analysis completed in 95.7 seconds.

[2025-05-27 07:07:31.812] ✅ Analysis completed successfully!
[2025-05-27 07:07:31.812] Progress: 37.0% (521/1408)
[2025-05-27 07:07:31.812] Successful: 521, Failed: 0
[2025-05-27 07:07:31.812] Time remaining: 32.3h
[2025-05-27 07:07:31.812] Waiting 5 seconds before next sample...
[2025-05-27 07:07:36.812] SAMPLE 522/1408
[2025-05-27 07:07:36.812] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:07:36.812] File: 1ccbe79a55bb1b855fcd6e66611ab754b608b16a9500fc87334c3e2c25a2a91b.exe
[2025-05-27 07:07:36.812] Path: D:\new\ransomware_high_confidence\doppelpaymer\1ccbe79a55bb1b855fcd6e66611ab754b608b16a9500fc87334c3e2c25a2a91b.exe
[2025-05-27 07:07:36.813] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\1ccbe79a55bb1b855fcd6e66611ab754b608b16a9500fc87334c3e2c25a2a91b.exe
[2025-05-27 07:07:36.813] Malware

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:07:38.663] Restoring snapshot 35 done
[2025-05-27 07:07:38.663] Starting up VM
[2025-05-27 07:07:44.781] Starting up VM done
[2025-05-27 07:07:44.781] Installing kernel driver
[2025-05-27 07:07:44.781] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:07:49.475] Kernel driver installation completed
[2025-05-27 07:07:49.476] Starting GP driver service
[2025-05-27 07:07:49.476] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:07:52.624] GP driver service started
[2025-05-27 07:07:52.624] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\1ccbe79a55bb1b855fcd6e66611ab754b608b16a9500fc87334c3e2c25a2a91b.exe
[2025-05-27 07:07:52.625] Malware execution started
[2025-05-27 07:07:52.625] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:08:52.633] Taking screenshot
[2025-05-27 07:08:52.696] T

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:09:15.048] Powering off VM done
[2025-05-27 07:09:18.049] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:09:19.242] Restoring snapshot 35 done
[2025-05-27 07:09:19.242] Kernel telemetry analysis completed in 102.4 seconds.

[2025-05-27 07:09:19.242] ✅ Analysis completed successfully!
[2025-05-27 07:09:19.242] Progress: 37.1% (522/1408)
[2025-05-27 07:09:19.242] Successful: 522, Failed: 0
[2025-05-27 07:09:19.242] Time remaining: 32.2h
[2025-05-27 07:09:19.242] Waiting 5 seconds before next sample...
[2025-05-27 07:09:24.242] SAMPLE 523/1408
[2025-05-27 07:09:24.242] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:09:24.242] File: 3da52a407801a5e41d792a65d145f056059d470a242849b92032f51fcec8ecfc.exe
[2025-05-27 07:09:24.242] Path: D:\new\ransomware_high_confidence\doppelpaymer\3da52a407801a5e41d792a65d145f056059d470a242849b92032f51fcec8ecfc.exe
[2025-05-27 07:09:24.243] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\3da52a407801a5e41d792a65d145f056059d470a242849b92032f51fcec8ecfc.exe
[2025-05-27 07:09:24.243] Malwar

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:09:26.099] Restoring snapshot 35 done
[2025-05-27 07:09:26.099] Starting up VM
[2025-05-27 07:09:32.026] Starting up VM done
[2025-05-27 07:09:32.026] Installing kernel driver
[2025-05-27 07:09:32.026] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:09:35.829] Kernel driver installation completed
[2025-05-27 07:09:35.829] Starting GP driver service
[2025-05-27 07:09:35.829] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:09:38.986] GP driver service started
[2025-05-27 07:09:38.986] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\3da52a407801a5e41d792a65d145f056059d470a242849b92032f51fcec8ecfc.exe
[2025-05-27 07:09:38.986] Malware execution started
[2025-05-27 07:09:38.986] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:10:38.995] Taking screenshot
[2025-05-27 07:10:39.057] T

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:11:01.707] Powering off VM done
[2025-05-27 07:11:04.707] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:11:05.916] Restoring snapshot 35 done
[2025-05-27 07:11:05.916] Kernel telemetry analysis completed in 101.7 seconds.

[2025-05-27 07:11:05.916] ✅ Analysis completed successfully!
[2025-05-27 07:11:05.916] Progress: 37.1% (523/1408)
[2025-05-27 07:11:05.916] Successful: 523, Failed: 0
[2025-05-27 07:11:05.916] Time remaining: 32.2h
[2025-05-27 07:11:05.916] Waiting 5 seconds before next sample...
[2025-05-27 07:11:10.916] SAMPLE 524/1408
[2025-05-27 07:11:10.916] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:11:10.916] File: 46254a390027a1708f6951f8af3da13d033dee9a71a4ee75f257087218676dd5.exe
[2025-05-27 07:11:10.916] Path: D:\new\ransomware_high_confidence\doppelpaymer\46254a390027a1708f6951f8af3da13d033dee9a71a4ee75f257087218676dd5.exe
[2025-05-27 07:11:10.916] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\46254a390027a1708f6951f8af3da13d033dee9a71a4ee75f257087218676dd5.exe
[2025-05-27 07:11:10.916] Malwar

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:11:12.923] Restoring snapshot 35 done
[2025-05-27 07:11:12.923] Starting up VM
[2025-05-27 07:11:19.453] Starting up VM done
[2025-05-27 07:11:19.453] Installing kernel driver
[2025-05-27 07:11:19.453] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:11:23.574] Kernel driver installation completed
[2025-05-27 07:11:23.574] Starting GP driver service
[2025-05-27 07:11:23.574] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:11:26.720] GP driver service started
[2025-05-27 07:11:26.720] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\46254a390027a1708f6951f8af3da13d033dee9a71a4ee75f257087218676dd5.exe
[2025-05-27 07:11:26.721] Malware execution started
[2025-05-27 07:11:26.721] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:12:26.729] Taking screenshot
[2025-05-27 07:12:26.792] T

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:12:52.356] Powering off VM done
[2025-05-27 07:12:55.357] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:12:56.947] Restoring snapshot 35 done
[2025-05-27 07:12:56.947] Kernel telemetry analysis completed in 106.0 seconds.

[2025-05-27 07:12:56.947] ✅ Analysis completed successfully!
[2025-05-27 07:12:56.947] Progress: 37.2% (524/1408)
[2025-05-27 07:12:56.947] Successful: 524, Failed: 0
[2025-05-27 07:12:56.947] Time remaining: 32.2h
[2025-05-27 07:12:56.947] Waiting 5 seconds before next sample...
[2025-05-27 07:13:01.947] SAMPLE 525/1408
[2025-05-27 07:13:01.947] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:13:01.947] File: 516fb7b0f610494d2702c31402dcb1116a489760f70ea102c900482d0514f465.exe
[2025-05-27 07:13:01.947] Path: D:\new\ransomware_high_confidence\doppelpaymer\516fb7b0f610494d2702c31402dcb1116a489760f70ea102c900482d0514f465.exe
[2025-05-27 07:13:01.947] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\516fb7b0f610494d2702c31402dcb1116a489760f70ea102c900482d0514f465.exe
[2025-05-27 07:13:01.947] Malwar

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:13:03.749] Restoring snapshot 35 done
[2025-05-27 07:13:03.749] Starting up VM
[2025-05-27 07:13:09.279] Starting up VM done
[2025-05-27 07:13:09.279] Installing kernel driver
[2025-05-27 07:13:09.279] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:13:13.827] Kernel driver installation completed
[2025-05-27 07:13:13.827] Starting GP driver service
[2025-05-27 07:13:13.827] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:13:16.983] GP driver service started
[2025-05-27 07:13:16.983] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\516fb7b0f610494d2702c31402dcb1116a489760f70ea102c900482d0514f465.exe
[2025-05-27 07:13:16.983] Malware execution started
[2025-05-27 07:13:16.983] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:14:16.991] Taking screenshot
[2025-05-27 07:14:17.049] T

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:14:33.971] Powering off VM done
[2025-05-27 07:14:36.971] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:14:38.936] Restoring snapshot 35 done
[2025-05-27 07:14:38.936] Kernel telemetry analysis completed in 97.0 seconds.

[2025-05-27 07:14:38.936] ✅ Analysis completed successfully!
[2025-05-27 07:14:38.936] Progress: 37.3% (525/1408)
[2025-05-27 07:14:38.936] Successful: 525, Failed: 0
[2025-05-27 07:14:38.936] Time remaining: 32.1h
[2025-05-27 07:14:38.936] Waiting 5 seconds before next sample...
[2025-05-27 07:14:43.936] SAMPLE 526/1408
[2025-05-27 07:14:43.936] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:14:43.936] File: 53709a38525d1f76995a3f70fdab6521eb0f2a568cb31693db15231198ed55a5.exe
[2025-05-27 07:14:43.936] Path: D:\new\ransomware_high_confidence\doppelpaymer\53709a38525d1f76995a3f70fdab6521eb0f2a568cb31693db15231198ed55a5.exe
[2025-05-27 07:14:43.936] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\53709a38525d1f76995a3f70fdab6521eb0f2a568cb31693db15231198ed55a5.exe
[2025-05-27 07:14:43.936] Malware

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:14:44.143] Restoring snapshot 35 done
[2025-05-27 07:14:44.143] Starting up VM
[2025-05-27 07:14:50.579] Starting up VM done
[2025-05-27 07:14:50.579] Installing kernel driver
[2025-05-27 07:14:50.579] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:14:54.286] Kernel driver installation completed
[2025-05-27 07:14:54.286] Starting GP driver service
[2025-05-27 07:14:54.286] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:14:57.434] GP driver service started
[2025-05-27 07:14:57.434] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\53709a38525d1f76995a3f70fdab6521eb0f2a568cb31693db15231198ed55a5.exe
[2025-05-27 07:14:57.435] Malware execution started
[2025-05-27 07:14:57.435] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:15:57.443] Taking screenshot
[2025-05-27 07:15:57.505] T

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:16:14.485] Powering off VM done
[2025-05-27 07:16:17.485] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:16:19.123] Restoring snapshot 35 done
[2025-05-27 07:16:19.123] Kernel telemetry analysis completed in 95.2 seconds.

[2025-05-27 07:16:19.123] ✅ Analysis completed successfully!
[2025-05-27 07:16:19.123] Progress: 37.4% (526/1408)
[2025-05-27 07:16:19.123] Successful: 526, Failed: 0
[2025-05-27 07:16:19.123] Time remaining: 32.1h
[2025-05-27 07:16:19.123] Waiting 5 seconds before next sample...
[2025-05-27 07:16:24.123] SAMPLE 527/1408
[2025-05-27 07:16:24.123] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:16:24.123] File: 60ab87df9a77924e9f12484fa94f63fa4bb4c646072cf4b002492f59b1ee0103.exe
[2025-05-27 07:16:24.124] Path: D:\new\ransomware_high_confidence\doppelpaymer\60ab87df9a77924e9f12484fa94f63fa4bb4c646072cf4b002492f59b1ee0103.exe
[2025-05-27 07:16:24.124] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\60ab87df9a77924e9f12484fa94f63fa4bb4c646072cf4b002492f59b1ee0103.exe
[2025-05-27 07:16:24.124] Malware

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:16:25.922] Restoring snapshot 35 done
[2025-05-27 07:16:25.922] Starting up VM
[2025-05-27 07:16:31.527] Starting up VM done
[2025-05-27 07:16:31.527] Installing kernel driver
[2025-05-27 07:16:31.527] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:16:35.180] Kernel driver installation completed
[2025-05-27 07:16:35.180] Starting GP driver service
[2025-05-27 07:16:35.180] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:16:38.329] GP driver service started
[2025-05-27 07:16:38.330] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\60ab87df9a77924e9f12484fa94f63fa4bb4c646072cf4b002492f59b1ee0103.exe
[2025-05-27 07:16:38.330] Malware execution started
[2025-05-27 07:16:38.330] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:17:38.338] Taking screenshot
[2025-05-27 07:17:38.401] T

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:17:53.921] Powering off VM done
[2025-05-27 07:17:56.921] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:17:58.432] Restoring snapshot 35 done
[2025-05-27 07:17:58.432] Kernel telemetry analysis completed in 94.3 seconds.

[2025-05-27 07:17:58.432] ✅ Analysis completed successfully!
[2025-05-27 07:17:58.432] Progress: 37.4% (527/1408)
[2025-05-27 07:17:58.432] Successful: 527, Failed: 0
[2025-05-27 07:17:58.432] Time remaining: 32.0h
[2025-05-27 07:17:58.432] Waiting 5 seconds before next sample...
[2025-05-27 07:18:03.432] SAMPLE 528/1408
[2025-05-27 07:18:03.432] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:18:03.432] File: 624255fef7e958cc3de9e454d2de4ae1a914a41fedc98b2042756042f68c2b69.exe
[2025-05-27 07:18:03.432] Path: D:\new\ransomware_high_confidence\doppelpaymer\624255fef7e958cc3de9e454d2de4ae1a914a41fedc98b2042756042f68c2b69.exe
[2025-05-27 07:18:03.433] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\624255fef7e958cc3de9e454d2de4ae1a914a41fedc98b2042756042f68c2b69.exe
[2025-05-27 07:18:03.433] Malware

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:18:05.370] Restoring snapshot 35 done
[2025-05-27 07:18:05.370] Starting up VM
[2025-05-27 07:18:12.466] Starting up VM done
[2025-05-27 07:18:12.466] Installing kernel driver
[2025-05-27 07:18:12.466] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:18:16.511] Kernel driver installation completed
[2025-05-27 07:18:16.511] Starting GP driver service
[2025-05-27 07:18:16.511] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:18:19.661] GP driver service started
[2025-05-27 07:18:19.661] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\624255fef7e958cc3de9e454d2de4ae1a914a41fedc98b2042756042f68c2b69.exe
[2025-05-27 07:18:19.661] Malware execution started
[2025-05-27 07:18:19.661] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:19:19.670] Taking screenshot
[2025-05-27 07:19:19.732] T

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:19:35.963] Powering off VM done
[2025-05-27 07:19:38.964] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:19:40.454] Restoring snapshot 35 done
[2025-05-27 07:19:40.454] Kernel telemetry analysis completed in 97.0 seconds.

[2025-05-27 07:19:40.454] ✅ Analysis completed successfully!
[2025-05-27 07:19:40.454] Progress: 37.5% (528/1408)
[2025-05-27 07:19:40.454] Successful: 528, Failed: 0
[2025-05-27 07:19:40.454] Time remaining: 32.0h
[2025-05-27 07:19:40.454] Waiting 5 seconds before next sample...
[2025-05-27 07:19:45.454] SAMPLE 529/1408
[2025-05-27 07:19:45.454] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:19:45.454] File: 64aae03c2a7f3646e6e85102074f691fc64c605d3cd7e5f2c019e0be25e03962.exe
[2025-05-27 07:19:45.454] Path: D:\new\ransomware_high_confidence\doppelpaymer\64aae03c2a7f3646e6e85102074f691fc64c605d3cd7e5f2c019e0be25e03962.exe
[2025-05-27 07:19:45.454] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\64aae03c2a7f3646e6e85102074f691fc64c605d3cd7e5f2c019e0be25e03962.exe
[2025-05-27 07:19:45.454] Malware

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:19:47.462] Restoring snapshot 35 done
[2025-05-27 07:19:47.462] Starting up VM
[2025-05-27 07:19:53.871] Starting up VM done
[2025-05-27 07:19:53.872] Installing kernel driver
[2025-05-27 07:19:53.872] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:19:58.236] Kernel driver installation completed
[2025-05-27 07:19:58.236] Starting GP driver service
[2025-05-27 07:19:58.236] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:20:01.392] GP driver service started
[2025-05-27 07:20:01.392] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\64aae03c2a7f3646e6e85102074f691fc64c605d3cd7e5f2c019e0be25e03962.exe
[2025-05-27 07:20:01.392] Malware execution started
[2025-05-27 07:20:01.392] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:21:01.401] Taking screenshot
[2025-05-27 07:21:01.463] T

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:21:19.092] Powering off VM done
[2025-05-27 07:21:22.092] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:21:23.530] Restoring snapshot 35 done
[2025-05-27 07:21:23.531] Kernel telemetry analysis completed in 98.1 seconds.

[2025-05-27 07:21:23.531] ✅ Analysis completed successfully!
[2025-05-27 07:21:23.531] Progress: 37.6% (529/1408)
[2025-05-27 07:21:23.531] Successful: 529, Failed: 0
[2025-05-27 07:21:23.531] Time remaining: 31.9h
[2025-05-27 07:21:23.531] Waiting 5 seconds before next sample...
[2025-05-27 07:21:28.531] SAMPLE 530/1408
[2025-05-27 07:21:28.531] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:21:28.531] File: 750150ec6d50212936151b881c6e3bae30bf76fb233602b064984bc46fc4f4c0.exe
[2025-05-27 07:21:28.531] Path: D:\new\ransomware_high_confidence\doppelpaymer\750150ec6d50212936151b881c6e3bae30bf76fb233602b064984bc46fc4f4c0.exe
[2025-05-27 07:21:28.531] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\750150ec6d50212936151b881c6e3bae30bf76fb233602b064984bc46fc4f4c0.exe
[2025-05-27 07:21:28.531] Malware

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:21:30.823] Restoring snapshot 35 done
[2025-05-27 07:21:30.823] Starting up VM
[2025-05-27 07:21:37.510] Starting up VM done
[2025-05-27 07:21:37.510] Installing kernel driver
[2025-05-27 07:21:37.510] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:21:41.209] Kernel driver installation completed
[2025-05-27 07:21:41.209] Starting GP driver service
[2025-05-27 07:21:41.209] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:21:44.360] GP driver service started
[2025-05-27 07:21:44.360] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\750150ec6d50212936151b881c6e3bae30bf76fb233602b064984bc46fc4f4c0.exe
[2025-05-27 07:21:44.360] Malware execution started
[2025-05-27 07:21:44.360] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:22:44.369] Taking screenshot
[2025-05-27 07:22:44.431] T

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:23:03.071] Powering off VM done
[2025-05-27 07:23:06.072] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:23:07.463] Restoring snapshot 35 done
[2025-05-27 07:23:07.463] Kernel telemetry analysis completed in 98.9 seconds.

[2025-05-27 07:23:07.463] ✅ Analysis completed successfully!
[2025-05-27 07:23:07.463] Progress: 37.6% (530/1408)
[2025-05-27 07:23:07.463] Successful: 530, Failed: 0
[2025-05-27 07:23:07.463] Time remaining: 31.9h
[2025-05-27 07:23:07.463] Waiting 5 seconds before next sample...
[2025-05-27 07:23:12.463] SAMPLE 531/1408
[2025-05-27 07:23:12.463] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:23:12.463] File: 7f0dcd67e61f9f1388d3ba92cca0c6da0c49751f96d77b3100e0c6173092524c.exe
[2025-05-27 07:23:12.463] Path: D:\new\ransomware_high_confidence\doppelpaymer\7f0dcd67e61f9f1388d3ba92cca0c6da0c49751f96d77b3100e0c6173092524c.exe
[2025-05-27 07:23:12.463] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\7f0dcd67e61f9f1388d3ba92cca0c6da0c49751f96d77b3100e0c6173092524c.exe
[2025-05-27 07:23:12.463] Malware

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:23:13.984] Restoring snapshot 35 done
[2025-05-27 07:23:13.984] Starting up VM
[2025-05-27 07:23:20.696] Starting up VM done
[2025-05-27 07:23:20.696] Installing kernel driver
[2025-05-27 07:23:20.696] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:23:24.943] Kernel driver installation completed
[2025-05-27 07:23:24.943] Starting GP driver service
[2025-05-27 07:23:24.943] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:23:28.098] GP driver service started
[2025-05-27 07:23:28.098] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\7f0dcd67e61f9f1388d3ba92cca0c6da0c49751f96d77b3100e0c6173092524c.exe
[2025-05-27 07:23:28.099] Malware execution started
[2025-05-27 07:23:28.099] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:24:28.107] Taking screenshot
[2025-05-27 07:24:28.170] T

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:24:44.322] Powering off VM done
[2025-05-27 07:24:47.323] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:24:48.542] Restoring snapshot 35 done
[2025-05-27 07:24:48.542] Kernel telemetry analysis completed in 96.1 seconds.

[2025-05-27 07:24:48.542] ✅ Analysis completed successfully!
[2025-05-27 07:24:48.542] Progress: 37.7% (531/1408)
[2025-05-27 07:24:48.542] Successful: 531, Failed: 0
[2025-05-27 07:24:48.542] Time remaining: 31.8h
[2025-05-27 07:24:48.542] Waiting 5 seconds before next sample...
[2025-05-27 07:24:53.542] SAMPLE 532/1408
[2025-05-27 07:24:53.542] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:24:53.542] File: 84dfebb04d3f98ea63f803c46d83243c4bbdbcb6a6be238600e2ff9118fb05ed.exe
[2025-05-27 07:24:53.542] Path: D:\new\ransomware_high_confidence\doppelpaymer\84dfebb04d3f98ea63f803c46d83243c4bbdbcb6a6be238600e2ff9118fb05ed.exe
[2025-05-27 07:24:53.543] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\84dfebb04d3f98ea63f803c46d83243c4bbdbcb6a6be238600e2ff9118fb05ed.exe
[2025-05-27 07:24:53.543] Malware

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:24:55.383] Restoring snapshot 35 done
[2025-05-27 07:24:55.383] Starting up VM
[2025-05-27 07:25:01.408] Starting up VM done
[2025-05-27 07:25:01.408] Installing kernel driver
[2025-05-27 07:25:01.408] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:25:05.737] Kernel driver installation completed
[2025-05-27 07:25:05.737] Starting GP driver service
[2025-05-27 07:25:05.737] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:25:08.889] GP driver service started
[2025-05-27 07:25:08.889] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\84dfebb04d3f98ea63f803c46d83243c4bbdbcb6a6be238600e2ff9118fb05ed.exe
[2025-05-27 07:25:08.889] Malware execution started
[2025-05-27 07:25:08.889] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:26:08.897] Taking screenshot
[2025-05-27 07:26:08.959] T

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:26:22.712] Powering off VM done
[2025-05-27 07:26:25.712] Restoring snapshot 35
[2025-05-27 07:26:25.772] Restoring snapshot 35 done
[2025-05-27 07:26:25.772] Kernel telemetry analysis completed in 92.2 seconds.

[2025-05-27 07:26:25.772] ✅ Analysis completed successfully!
[2025-05-27 07:26:25.772] Progress: 37.8% (532/1408)
[2025-05-27 07:26:25.772] Successful: 532, Failed: 0
[2025-05-27 07:26:25.772] Time remaining: 31.8h
[2025-05-27 07:26:25.772] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:26:30.773] SAMPLE 533/1408
[2025-05-27 07:26:30.773] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:26:30.773] File: a0c3976f5d93927b0ee4e5c17057d3bb028ff26e4200ba63fbc9fa0d311eda57.exe
[2025-05-27 07:26:30.773] Path: D:\new\ransomware_high_confidence\doppelpaymer\a0c3976f5d93927b0ee4e5c17057d3bb028ff26e4200ba63fbc9fa0d311eda57.exe
[2025-05-27 07:26:30.773] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\a0c3976f5d93927b0ee4e5c17057d3bb028ff26e4200ba63fbc9fa0d311eda57.exe
[2025-05-27 07:26:30.773] Malware execution time: 60 seconds
[2025-05-27 07:26:30.773] Restoring snapshot 35
[2025-05-27 07:26:30.949] Restoring snapshot 35 done
[2025-05-27 07:26:30.950] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:26:35.792] Starting up VM done
[2025-05-27 07:26:35.792] Installing kernel driver
[2025-05-27 07:26:35.792] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:26:38.954] Kernel driver installation completed
[2025-05-27 07:26:38.954] Starting GP driver service
[2025-05-27 07:26:38.954] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:26:42.104] GP driver service started
[2025-05-27 07:26:42.104] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\a0c3976f5d93927b0ee4e5c17057d3bb028ff26e4200ba63fbc9fa0d311eda57.exe
[2025-05-27 07:26:42.105] Malware execution started
[2025-05-27 07:26:42.105] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:27:42.113] Taking screenshot
[2025-05-27 07:27:42.176] Taking screenshot done
[2025-05-27 07:27:42.176] Terminating malware: a0c3976f5d93927b0ee4e5c17

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:27:58.702] Restoring snapshot 35
[2025-05-27 07:27:58.749] Restoring snapshot 35 done
[2025-05-27 07:27:58.749] Kernel telemetry analysis completed in 88.0 seconds.

[2025-05-27 07:27:58.749] ✅ Analysis completed successfully!
[2025-05-27 07:27:58.749] Progress: 37.9% (533/1408)
[2025-05-27 07:27:58.749] Successful: 533, Failed: 0
[2025-05-27 07:27:58.749] Time remaining: 31.7h
[2025-05-27 07:27:58.749] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:28:03.750] SAMPLE 534/1408
[2025-05-27 07:28:03.750] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:28:03.750] File: b3e2ebc49bed60465f27a1ad5364014053bb0182ae3eb06211a12f2008893ee0.exe
[2025-05-27 07:28:03.750] Path: D:\new\ransomware_high_confidence\doppelpaymer\b3e2ebc49bed60465f27a1ad5364014053bb0182ae3eb06211a12f2008893ee0.exe
[2025-05-27 07:28:03.750] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\b3e2ebc49bed60465f27a1ad5364014053bb0182ae3eb06211a12f2008893ee0.exe
[2025-05-27 07:28:03.750] Malware execution time: 60 seconds
[2025-05-27 07:28:03.750] Restoring snapshot 35
[2025-05-27 07:28:03.932] Restoring snapshot 35 done
[2025-05-27 07:28:03.932] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:28:08.765] Starting up VM done
[2025-05-27 07:28:08.765] Installing kernel driver
[2025-05-27 07:28:08.765] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:28:11.929] Kernel driver installation completed
[2025-05-27 07:28:11.929] Starting GP driver service
[2025-05-27 07:28:11.929] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:28:15.080] GP driver service started
[2025-05-27 07:28:15.080] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\b3e2ebc49bed60465f27a1ad5364014053bb0182ae3eb06211a12f2008893ee0.exe
[2025-05-27 07:28:15.080] Malware execution started
[2025-05-27 07:28:15.080] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:29:15.089] Taking screenshot
[2025-05-27 07:29:15.151] Taking screenshot done
[2025-05-27 07:29:15.151] Terminating malware: b3e2ebc49bed60465f27a1ad5

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:29:31.648] Restoring snapshot 35
[2025-05-27 07:29:31.695] Restoring snapshot 35 done
[2025-05-27 07:29:31.695] Kernel telemetry analysis completed in 87.9 seconds.

[2025-05-27 07:29:31.695] ✅ Analysis completed successfully!
[2025-05-27 07:29:31.695] Progress: 37.9% (534/1408)
[2025-05-27 07:29:31.695] Successful: 534, Failed: 0
[2025-05-27 07:29:31.695] Time remaining: 31.6h
[2025-05-27 07:29:31.696] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:29:36.696] SAMPLE 535/1408
[2025-05-27 07:29:36.696] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:29:36.696] File: c66157a916c7f874bd381a775b8eede422eb59819872fdffafc5649eefa76373.exe
[2025-05-27 07:29:36.696] Path: D:\new\ransomware_high_confidence\doppelpaymer\c66157a916c7f874bd381a775b8eede422eb59819872fdffafc5649eefa76373.exe
[2025-05-27 07:29:36.696] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\c66157a916c7f874bd381a775b8eede422eb59819872fdffafc5649eefa76373.exe
[2025-05-27 07:29:36.696] Malware execution time: 60 seconds
[2025-05-27 07:29:36.696] Restoring snapshot 35
[2025-05-27 07:29:36.874] Restoring snapshot 35 done
[2025-05-27 07:29:36.874] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:29:41.715] Starting up VM done
[2025-05-27 07:29:41.715] Installing kernel driver
[2025-05-27 07:29:41.716] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:29:44.874] Kernel driver installation completed
[2025-05-27 07:29:44.874] Starting GP driver service
[2025-05-27 07:29:44.874] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:29:48.021] GP driver service started
[2025-05-27 07:29:48.021] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\c66157a916c7f874bd381a775b8eede422eb59819872fdffafc5649eefa76373.exe
[2025-05-27 07:29:48.022] Malware execution started
[2025-05-27 07:29:48.022] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:30:48.030] Taking screenshot
[2025-05-27 07:30:48.096] Taking screenshot done
[2025-05-27 07:30:48.096] Terminating malware: c66157a916c7f874bd381a775

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:31:04.602] Restoring snapshot 35
[2025-05-27 07:31:04.652] Restoring snapshot 35 done
[2025-05-27 07:31:04.652] Kernel telemetry analysis completed in 88.0 seconds.

[2025-05-27 07:31:04.652] ✅ Analysis completed successfully!
[2025-05-27 07:31:04.652] Progress: 38.0% (535/1408)
[2025-05-27 07:31:04.652] Successful: 535, Failed: 0
[2025-05-27 07:31:04.652] Time remaining: 31.6h
[2025-05-27 07:31:04.652] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:31:09.653] SAMPLE 536/1408
[2025-05-27 07:31:09.653] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:31:09.653] File: cf961a8a5da4d9453ac1eea45b6f33a896616c4872a50ca603b9899aac403691.exe
[2025-05-27 07:31:09.653] Path: D:\new\ransomware_high_confidence\doppelpaymer\cf961a8a5da4d9453ac1eea45b6f33a896616c4872a50ca603b9899aac403691.exe
[2025-05-27 07:31:09.653] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\cf961a8a5da4d9453ac1eea45b6f33a896616c4872a50ca603b9899aac403691.exe
[2025-05-27 07:31:09.653] Malware execution time: 60 seconds
[2025-05-27 07:31:09.653] Restoring snapshot 35
[2025-05-27 07:31:09.829] Restoring snapshot 35 done
[2025-05-27 07:31:09.829] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:31:14.673] Starting up VM done
[2025-05-27 07:31:14.673] Installing kernel driver
[2025-05-27 07:31:14.673] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:31:17.827] Kernel driver installation completed
[2025-05-27 07:31:17.827] Starting GP driver service
[2025-05-27 07:31:17.827] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:31:20.980] GP driver service started
[2025-05-27 07:31:20.980] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\cf961a8a5da4d9453ac1eea45b6f33a896616c4872a50ca603b9899aac403691.exe
[2025-05-27 07:31:20.981] Malware execution started
[2025-05-27 07:31:20.981] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:32:20.989] Taking screenshot
[2025-05-27 07:32:21.052] Taking screenshot done
[2025-05-27 07:32:21.052] Terminating malware: cf961a8a5da4d9453ac1eea45

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:32:34.814] Powering off VM done
[2025-05-27 07:32:37.814] Restoring snapshot 35
[2025-05-27 07:32:37.862] Restoring snapshot 35 done
[2025-05-27 07:32:37.862] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 07:32:37.862] ✅ Analysis completed successfully!
[2025-05-27 07:32:37.862] Progress: 38.1% (536/1408)
[2025-05-27 07:32:37.862] Successful: 536, Failed: 0
[2025-05-27 07:32:37.862] Time remaining: 31.5h
[2025-05-27 07:32:37.862] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:32:42.862] SAMPLE 537/1408
[2025-05-27 07:32:42.862] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:32:42.862] File: d4d2701df5c47ccb3ccb95693fcb0cfa493695be32c6daba2218ca73f76cf9e9.exe
[2025-05-27 07:32:42.862] Path: D:\new\ransomware_high_confidence\doppelpaymer\d4d2701df5c47ccb3ccb95693fcb0cfa493695be32c6daba2218ca73f76cf9e9.exe
[2025-05-27 07:32:42.862] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\d4d2701df5c47ccb3ccb95693fcb0cfa493695be32c6daba2218ca73f76cf9e9.exe
[2025-05-27 07:32:42.862] Malware execution time: 60 seconds
[2025-05-27 07:32:42.862] Restoring snapshot 35
[2025-05-27 07:32:43.038] Restoring snapshot 35 done
[2025-05-27 07:32:43.038] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:32:47.873] Starting up VM done
[2025-05-27 07:32:47.873] Installing kernel driver
[2025-05-27 07:32:47.873] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:32:51.032] Kernel driver installation completed
[2025-05-27 07:32:51.032] Starting GP driver service
[2025-05-27 07:32:51.032] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:32:54.186] GP driver service started
[2025-05-27 07:32:54.186] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\d4d2701df5c47ccb3ccb95693fcb0cfa493695be32c6daba2218ca73f76cf9e9.exe
[2025-05-27 07:32:54.187] Malware execution started
[2025-05-27 07:32:54.187] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:33:54.195] Taking screenshot
[2025-05-27 07:33:54.257] Taking screenshot done
[2025-05-27 07:33:54.257] Terminating malware: d4d2701df5c47ccb3ccb95693

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:34:10.799] Restoring snapshot 35
[2025-05-27 07:34:10.849] Restoring snapshot 35 done
[2025-05-27 07:34:10.849] Kernel telemetry analysis completed in 88.0 seconds.

[2025-05-27 07:34:10.849] ✅ Analysis completed successfully!
[2025-05-27 07:34:10.849] Progress: 38.1% (537/1408)
[2025-05-27 07:34:10.849] Successful: 537, Failed: 0
[2025-05-27 07:34:10.849] Time remaining: 31.5h
[2025-05-27 07:34:10.849] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:34:15.849] SAMPLE 538/1408
[2025-05-27 07:34:15.849] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:34:15.849] File: f27e8691520ca218bccc6bfc6880d52bcce3e2218fd1cb0d40c85260df2d822c.exe
[2025-05-27 07:34:15.849] Path: D:\new\ransomware_high_confidence\doppelpaymer\f27e8691520ca218bccc6bfc6880d52bcce3e2218fd1cb0d40c85260df2d822c.exe
[2025-05-27 07:34:15.849] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\f27e8691520ca218bccc6bfc6880d52bcce3e2218fd1cb0d40c85260df2d822c.exe
[2025-05-27 07:34:15.849] Malware execution time: 60 seconds
[2025-05-27 07:34:15.849] Restoring snapshot 35
[2025-05-27 07:34:16.025] Restoring snapshot 35 done
[2025-05-27 07:34:16.025] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:34:20.866] Starting up VM done
[2025-05-27 07:34:20.866] Installing kernel driver
[2025-05-27 07:34:20.866] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:34:24.021] Kernel driver installation completed
[2025-05-27 07:34:24.021] Starting GP driver service
[2025-05-27 07:34:24.021] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:34:27.172] GP driver service started
[2025-05-27 07:34:27.172] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\f27e8691520ca218bccc6bfc6880d52bcce3e2218fd1cb0d40c85260df2d822c.exe
[2025-05-27 07:34:27.172] Malware execution started
[2025-05-27 07:34:27.172] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:35:27.180] Taking screenshot
[2025-05-27 07:35:27.243] Taking screenshot done
[2025-05-27 07:35:27.243] Terminating malware: f27e8691520ca218bccc6bfc6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:35:43.747] Restoring snapshot 35
[2025-05-27 07:35:43.798] Restoring snapshot 35 done
[2025-05-27 07:35:43.798] Kernel telemetry analysis completed in 87.9 seconds.

[2025-05-27 07:35:43.798] ✅ Analysis completed successfully!
[2025-05-27 07:35:43.798] Progress: 38.2% (538/1408)
[2025-05-27 07:35:43.798] Successful: 538, Failed: 0
[2025-05-27 07:35:43.798] Time remaining: 31.4h
[2025-05-27 07:35:43.798] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:35:48.798] SAMPLE 539/1408
[2025-05-27 07:35:48.798] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:35:48.798] File: f658ddcf8e87de957a81bb92d44ce02913b427e8bccbe663669ee2613d355555.exe
[2025-05-27 07:35:48.798] Path: D:\new\ransomware_high_confidence\doppelpaymer\f658ddcf8e87de957a81bb92d44ce02913b427e8bccbe663669ee2613d355555.exe
[2025-05-27 07:35:48.798] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\f658ddcf8e87de957a81bb92d44ce02913b427e8bccbe663669ee2613d355555.exe
[2025-05-27 07:35:48.798] Malware execution time: 60 seconds
[2025-05-27 07:35:48.798] Restoring snapshot 35
[2025-05-27 07:35:48.979] Restoring snapshot 35 done
[2025-05-27 07:35:48.979] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:35:53.804] Starting up VM done
[2025-05-27 07:35:53.804] Installing kernel driver
[2025-05-27 07:35:53.804] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:35:56.955] Kernel driver installation completed
[2025-05-27 07:35:56.955] Starting GP driver service
[2025-05-27 07:35:56.955] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:36:00.112] GP driver service started
[2025-05-27 07:36:00.112] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\f658ddcf8e87de957a81bb92d44ce02913b427e8bccbe663669ee2613d355555.exe
[2025-05-27 07:36:00.112] Malware execution started
[2025-05-27 07:36:00.112] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:37:00.120] Taking screenshot
[2025-05-27 07:37:00.184] Taking screenshot done
[2025-05-27 07:37:00.184] Terminating malware: f658ddcf8e87de957a81bb92d

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:37:13.947] Powering off VM done
[2025-05-27 07:37:16.947] Restoring snapshot 35
[2025-05-27 07:37:17.002] Restoring snapshot 35 done
[2025-05-27 07:37:17.002] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 07:37:17.002] ✅ Analysis completed successfully!
[2025-05-27 07:37:17.002] Progress: 38.3% (539/1408)
[2025-05-27 07:37:17.002] Successful: 539, Failed: 0
[2025-05-27 07:37:17.002] Time remaining: 31.4h
[2025-05-27 07:37:17.002] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:37:22.002] SAMPLE 540/1408
[2025-05-27 07:37:22.002] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:37:22.002] File: f6c5fe6cf03045fa15b36adaaefba0b3a2bee19551c34b61f886904c5060f457.exe
[2025-05-27 07:37:22.002] Path: D:\new\ransomware_high_confidence\doppelpaymer\f6c5fe6cf03045fa15b36adaaefba0b3a2bee19551c34b61f886904c5060f457.exe
[2025-05-27 07:37:22.002] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\f6c5fe6cf03045fa15b36adaaefba0b3a2bee19551c34b61f886904c5060f457.exe
[2025-05-27 07:37:22.002] Malware execution time: 60 seconds
[2025-05-27 07:37:22.002] Restoring snapshot 35
[2025-05-27 07:37:22.180] Restoring snapshot 35 done
[2025-05-27 07:37:22.180] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:37:27.034] Starting up VM done
[2025-05-27 07:37:27.034] Installing kernel driver
[2025-05-27 07:37:27.034] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:37:30.198] Kernel driver installation completed
[2025-05-27 07:37:30.198] Starting GP driver service
[2025-05-27 07:37:30.198] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:37:33.348] GP driver service started
[2025-05-27 07:37:33.348] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\f6c5fe6cf03045fa15b36adaaefba0b3a2bee19551c34b61f886904c5060f457.exe
[2025-05-27 07:37:33.349] Malware execution started
[2025-05-27 07:37:33.349] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:38:33.357] Taking screenshot
[2025-05-27 07:38:33.421] Taking screenshot done
[2025-05-27 07:38:33.421] Terminating malware: f6c5fe6cf03045fa15b36adaa

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:38:49.901] Restoring snapshot 35
[2025-05-27 07:38:49.950] Restoring snapshot 35 done
[2025-05-27 07:38:49.950] Kernel telemetry analysis completed in 87.9 seconds.

[2025-05-27 07:38:49.950] ✅ Analysis completed successfully!
[2025-05-27 07:38:49.950] Progress: 38.4% (540/1408)
[2025-05-27 07:38:49.950] Successful: 540, Failed: 0
[2025-05-27 07:38:49.950] Time remaining: 31.3h
[2025-05-27 07:38:49.950] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:38:54.950] SAMPLE 541/1408
[2025-05-27 07:38:54.950] Family: D:\new\ransomware_high_confidence\doppelpaymer
[2025-05-27 07:38:54.950] File: fb04d01431c33b1ec19cc2986e48174e97a0c62fdab1ec08cacf3969f3d51bda.exe
[2025-05-27 07:38:54.950] Path: D:\new\ransomware_high_confidence\doppelpaymer\fb04d01431c33b1ec19cc2986e48174e97a0c62fdab1ec08cacf3969f3d51bda.exe
[2025-05-27 07:38:54.950] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\doppelpaymer\fb04d01431c33b1ec19cc2986e48174e97a0c62fdab1ec08cacf3969f3d51bda.exe
[2025-05-27 07:38:54.950] Malware execution time: 60 seconds
[2025-05-27 07:38:54.950] Restoring snapshot 35
[2025-05-27 07:38:55.126] Restoring snapshot 35 done
[2025-05-27 07:38:55.126] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:38:59.938] Starting up VM done
[2025-05-27 07:38:59.938] Installing kernel driver
[2025-05-27 07:38:59.938] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:39:03.092] Kernel driver installation completed
[2025-05-27 07:39:03.092] Starting GP driver service
[2025-05-27 07:39:03.092] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:39:06.249] GP driver service started
[2025-05-27 07:39:06.249] Executing malware sample: D:\new\ransomware_high_confidence\doppelpaymer\fb04d01431c33b1ec19cc2986e48174e97a0c62fdab1ec08cacf3969f3d51bda.exe
[2025-05-27 07:39:06.249] Malware execution started
[2025-05-27 07:39:06.249] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:40:06.257] Taking screenshot
[2025-05-27 07:40:06.319] Taking screenshot done
[2025-05-27 07:40:06.319] Terminating malware: fb04d01431c33b1ec19cc2986

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:40:20.060] Powering off VM done
[2025-05-27 07:40:23.061] Restoring snapshot 35
[2025-05-27 07:40:23.110] Restoring snapshot 35 done
[2025-05-27 07:40:23.110] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 07:40:23.110] ✅ Analysis completed successfully!
[2025-05-27 07:40:23.110] Progress: 38.4% (541/1408)
[2025-05-27 07:40:23.110] Successful: 541, Failed: 0
[2025-05-27 07:40:23.110] Time remaining: 31.3h
[2025-05-27 07:40:23.110] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:40:28.111] SAMPLE 542/1408
[2025-05-27 07:40:28.111] Family: D:\new\ransomware_high_confidence\exorcist
[2025-05-27 07:40:28.111] File: 027d99aaaa6803a07d07ce0ba1fa66964388129d3b26dcf8621a3310692b0a61.exe
[2025-05-27 07:40:28.111] Path: D:\new\ransomware_high_confidence\exorcist\027d99aaaa6803a07d07ce0ba1fa66964388129d3b26dcf8621a3310692b0a61.exe
[2025-05-27 07:40:28.111] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\exorcist\027d99aaaa6803a07d07ce0ba1fa66964388129d3b26dcf8621a3310692b0a61.exe
[2025-05-27 07:40:28.111] Malware execution time: 60 seconds
[2025-05-27 07:40:28.111] Restoring snapshot 35
[2025-05-27 07:40:28.287] Restoring snapshot 35 done
[2025-05-27 07:40:28.287] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:40:33.177] Starting up VM done
[2025-05-27 07:40:33.177] Installing kernel driver
[2025-05-27 07:40:33.177] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:40:36.329] Kernel driver installation completed
[2025-05-27 07:40:36.329] Starting GP driver service
[2025-05-27 07:40:36.329] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:40:39.487] GP driver service started
[2025-05-27 07:40:39.487] Executing malware sample: D:\new\ransomware_high_confidence\exorcist\027d99aaaa6803a07d07ce0ba1fa66964388129d3b26dcf8621a3310692b0a61.exe
[2025-05-27 07:40:39.488] Malware execution started
[2025-05-27 07:40:39.488] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:41:39.496] Taking screenshot
[2025-05-27 07:41:39.559] Taking screenshot done
[2025-05-27 07:41:39.559] Terminating malware: 027d99aaaa6803a07d07ce0ba1fa6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:44:17.893] Powering off VM done
[2025-05-27 07:44:20.893] Restoring snapshot 35
[2025-05-27 07:44:20.946] Restoring snapshot 35 done
[2025-05-27 07:44:20.946] Kernel telemetry analysis completed in 232.8 seconds.

[2025-05-27 07:44:20.946] ✅ Analysis completed successfully!
[2025-05-27 07:44:20.946] Progress: 38.5% (542/1408)
[2025-05-27 07:44:20.946] Successful: 542, Failed: 0
[2025-05-27 07:44:20.946] Time remaining: 31.3h
[2025-05-27 07:44:20.946] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:44:25.947] SAMPLE 543/1408
[2025-05-27 07:44:25.947] Family: D:\new\ransomware_high_confidence\exorcist
[2025-05-27 07:44:25.947] File: 2b37a372626063afce9e08199342a41bbe4183b0d5ba7864ff61eb6e6f7c4fdf.exe
[2025-05-27 07:44:25.947] Path: D:\new\ransomware_high_confidence\exorcist\2b37a372626063afce9e08199342a41bbe4183b0d5ba7864ff61eb6e6f7c4fdf.exe
[2025-05-27 07:44:25.947] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\exorcist\2b37a372626063afce9e08199342a41bbe4183b0d5ba7864ff61eb6e6f7c4fdf.exe
[2025-05-27 07:44:25.947] Malware execution time: 60 seconds
[2025-05-27 07:44:25.947] Restoring snapshot 35
[2025-05-27 07:44:26.123] Restoring snapshot 35 done
[2025-05-27 07:44:26.123] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:44:30.991] Starting up VM done
[2025-05-27 07:44:30.991] Installing kernel driver
[2025-05-27 07:44:30.991] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:44:34.146] Kernel driver installation completed
[2025-05-27 07:44:34.146] Starting GP driver service
[2025-05-27 07:44:34.146] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:44:37.300] GP driver service started
[2025-05-27 07:44:37.300] Executing malware sample: D:\new\ransomware_high_confidence\exorcist\2b37a372626063afce9e08199342a41bbe4183b0d5ba7864ff61eb6e6f7c4fdf.exe
[2025-05-27 07:44:37.301] Malware execution started
[2025-05-27 07:44:37.301] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:45:37.309] Taking screenshot
[2025-05-27 07:45:37.369] Taking screenshot done
[2025-05-27 07:45:37.369] Terminating malware: 2b37a372626063afce9e08199342a

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:48:15.737] Powering off VM done
[2025-05-27 07:48:18.737] Restoring snapshot 35
[2025-05-27 07:48:18.786] Restoring snapshot 35 done
[2025-05-27 07:48:18.786] Kernel telemetry analysis completed in 232.8 seconds.

[2025-05-27 07:48:18.786] ✅ Analysis completed successfully!
[2025-05-27 07:48:18.786] Progress: 38.6% (543/1408)
[2025-05-27 07:48:18.786] Successful: 543, Failed: 0
[2025-05-27 07:48:18.786] Time remaining: 31.3h
[2025-05-27 07:48:18.786] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:48:23.786] SAMPLE 544/1408
[2025-05-27 07:48:23.787] Family: D:\new\ransomware_high_confidence\exorcist
[2025-05-27 07:48:23.787] File: 3582343032c1b72e970ac45cabc28610eb47aa4e3d5d0eea3e231e6958db0f3b.exe
[2025-05-27 07:48:23.787] Path: D:\new\ransomware_high_confidence\exorcist\3582343032c1b72e970ac45cabc28610eb47aa4e3d5d0eea3e231e6958db0f3b.exe
[2025-05-27 07:48:23.787] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\exorcist\3582343032c1b72e970ac45cabc28610eb47aa4e3d5d0eea3e231e6958db0f3b.exe
[2025-05-27 07:48:23.787] Malware execution time: 60 seconds
[2025-05-27 07:48:23.787] Restoring snapshot 35
[2025-05-27 07:48:23.964] Restoring snapshot 35 done
[2025-05-27 07:48:23.964] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:48:28.791] Starting up VM done
[2025-05-27 07:48:28.791] Installing kernel driver
[2025-05-27 07:48:28.791] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:48:31.948] Kernel driver installation completed
[2025-05-27 07:48:31.948] Starting GP driver service
[2025-05-27 07:48:31.948] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:48:35.096] GP driver service started
[2025-05-27 07:48:35.096] Executing malware sample: D:\new\ransomware_high_confidence\exorcist\3582343032c1b72e970ac45cabc28610eb47aa4e3d5d0eea3e231e6958db0f3b.exe
[2025-05-27 07:48:35.096] Malware execution started
[2025-05-27 07:48:35.096] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:49:35.104] Taking screenshot
[2025-05-27 07:49:35.166] Taking screenshot done
[2025-05-27 07:49:35.166] Terminating malware: 3582343032c1b72e970ac45cabc28

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:49:48.668] Powering off VM done
[2025-05-27 07:49:51.668] Restoring snapshot 35
[2025-05-27 07:49:51.842] Restoring snapshot 35 done
[2025-05-27 07:49:51.842] Kernel telemetry analysis completed in 88.1 seconds.

[2025-05-27 07:49:51.842] ✅ Analysis completed successfully!
[2025-05-27 07:49:51.842] Progress: 38.6% (544/1408)
[2025-05-27 07:49:51.842] Successful: 544, Failed: 0
[2025-05-27 07:49:51.842] Time remaining: 31.2h
[2025-05-27 07:49:51.842] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:49:56.842] SAMPLE 545/1408
[2025-05-27 07:49:56.842] Family: D:\new\ransomware_high_confidence\exorcist
[2025-05-27 07:49:56.842] File: 428ce154645d5d70743dcd489ce18e3618f7a9b8fe6856584c1501d5e5841a8b.exe
[2025-05-27 07:49:56.842] Path: D:\new\ransomware_high_confidence\exorcist\428ce154645d5d70743dcd489ce18e3618f7a9b8fe6856584c1501d5e5841a8b.exe
[2025-05-27 07:49:56.842] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\exorcist\428ce154645d5d70743dcd489ce18e3618f7a9b8fe6856584c1501d5e5841a8b.exe
[2025-05-27 07:49:56.842] Malware execution time: 60 seconds
[2025-05-27 07:49:56.842] Restoring snapshot 35
[2025-05-27 07:49:57.019] Restoring snapshot 35 done
[2025-05-27 07:49:57.019] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:50:01.878] Starting up VM done
[2025-05-27 07:50:01.878] Installing kernel driver
[2025-05-27 07:50:01.878] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:50:05.028] Kernel driver installation completed
[2025-05-27 07:50:05.028] Starting GP driver service
[2025-05-27 07:50:05.028] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:50:08.191] GP driver service started
[2025-05-27 07:50:08.191] Executing malware sample: D:\new\ransomware_high_confidence\exorcist\428ce154645d5d70743dcd489ce18e3618f7a9b8fe6856584c1501d5e5841a8b.exe
[2025-05-27 07:50:08.191] Malware execution started
[2025-05-27 07:50:08.191] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:51:08.199] Taking screenshot
[2025-05-27 07:51:08.262] Taking screenshot done
[2025-05-27 07:51:08.262] Terminating malware: 428ce154645d5d70743dcd489ce18

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:51:24.797] Restoring snapshot 35
[2025-05-27 07:51:24.846] Restoring snapshot 35 done
[2025-05-27 07:51:24.846] Kernel telemetry analysis completed in 88.0 seconds.

[2025-05-27 07:51:24.846] ✅ Analysis completed successfully!
[2025-05-27 07:51:24.846] Progress: 38.7% (545/1408)
[2025-05-27 07:51:24.846] Successful: 545, Failed: 0
[2025-05-27 07:51:24.846] Time remaining: 31.2h
[2025-05-27 07:51:24.846] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:51:29.846] SAMPLE 546/1408
[2025-05-27 07:51:29.846] Family: D:\new\ransomware_high_confidence\exorcist
[2025-05-27 07:51:29.846] File: 4d1b3c3907d6ad35f69899e5e8244e541e86e643c2628b61f254341ff95ecb52.exe
[2025-05-27 07:51:29.846] Path: D:\new\ransomware_high_confidence\exorcist\4d1b3c3907d6ad35f69899e5e8244e541e86e643c2628b61f254341ff95ecb52.exe
[2025-05-27 07:51:29.846] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\exorcist\4d1b3c3907d6ad35f69899e5e8244e541e86e643c2628b61f254341ff95ecb52.exe
[2025-05-27 07:51:29.846] Malware execution time: 60 seconds
[2025-05-27 07:51:29.846] Restoring snapshot 35
[2025-05-27 07:51:30.025] Restoring snapshot 35 done
[2025-05-27 07:51:30.026] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:51:34.878] Starting up VM done
[2025-05-27 07:51:34.878] Installing kernel driver
[2025-05-27 07:51:34.878] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:51:38.035] Kernel driver installation completed
[2025-05-27 07:51:38.035] Starting GP driver service
[2025-05-27 07:51:38.035] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:51:41.187] GP driver service started
[2025-05-27 07:51:41.187] Executing malware sample: D:\new\ransomware_high_confidence\exorcist\4d1b3c3907d6ad35f69899e5e8244e541e86e643c2628b61f254341ff95ecb52.exe
[2025-05-27 07:51:41.188] Malware execution started
[2025-05-27 07:51:41.188] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:52:41.196] Taking screenshot
[2025-05-27 07:52:41.258] Taking screenshot done
[2025-05-27 07:52:41.258] Terminating malware: 4d1b3c3907d6ad35f69899e5e8244

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:55:19.573] Powering off VM done
[2025-05-27 07:55:22.573] Restoring snapshot 35
[2025-05-27 07:55:22.623] Restoring snapshot 35 done
[2025-05-27 07:55:22.623] Kernel telemetry analysis completed in 232.8 seconds.

[2025-05-27 07:55:22.623] ✅ Analysis completed successfully!
[2025-05-27 07:55:22.623] Progress: 38.8% (546/1408)
[2025-05-27 07:55:22.623] Successful: 546, Failed: 0
[2025-05-27 07:55:22.623] Time remaining: 31.2h
[2025-05-27 07:55:22.623] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:55:27.623] SAMPLE 547/1408
[2025-05-27 07:55:27.623] Family: D:\new\ransomware_high_confidence\exorcist
[2025-05-27 07:55:27.623] File: 6db3aae21a6d80857c85f58c4c8b2cf9c6b7f8b8a9ab1d5496d18eaf9bd0bd01.exe
[2025-05-27 07:55:27.623] Path: D:\new\ransomware_high_confidence\exorcist\6db3aae21a6d80857c85f58c4c8b2cf9c6b7f8b8a9ab1d5496d18eaf9bd0bd01.exe
[2025-05-27 07:55:27.623] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\exorcist\6db3aae21a6d80857c85f58c4c8b2cf9c6b7f8b8a9ab1d5496d18eaf9bd0bd01.exe
[2025-05-27 07:55:27.623] Malware execution time: 60 seconds
[2025-05-27 07:55:27.623] Restoring snapshot 35
[2025-05-27 07:55:27.801] Restoring snapshot 35 done
[2025-05-27 07:55:27.801] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:55:32.672] Starting up VM done
[2025-05-27 07:55:32.672] Installing kernel driver
[2025-05-27 07:55:32.672] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:55:35.825] Kernel driver installation completed
[2025-05-27 07:55:35.825] Starting GP driver service
[2025-05-27 07:55:35.825] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:55:38.976] GP driver service started
[2025-05-27 07:55:38.976] Executing malware sample: D:\new\ransomware_high_confidence\exorcist\6db3aae21a6d80857c85f58c4c8b2cf9c6b7f8b8a9ab1d5496d18eaf9bd0bd01.exe
[2025-05-27 07:55:38.977] Malware execution started
[2025-05-27 07:55:38.977] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 07:56:38.985] Taking screenshot
[2025-05-27 07:56:39.044] Taking screenshot done
[2025-05-27 07:56:39.044] Terminating malware: 6db3aae21a6d80857c85f58c4c8b2

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:59:17.479] Powering off VM done
[2025-05-27 07:59:20.479] Restoring snapshot 35
[2025-05-27 07:59:20.533] Restoring snapshot 35 done
[2025-05-27 07:59:20.533] Kernel telemetry analysis completed in 232.9 seconds.

[2025-05-27 07:59:20.533] ✅ Analysis completed successfully!
[2025-05-27 07:59:20.533] Progress: 38.8% (547/1408)
[2025-05-27 07:59:20.533] Successful: 547, Failed: 0
[2025-05-27 07:59:20.533] Time remaining: 31.2h
[2025-05-27 07:59:20.533] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:59:25.533] SAMPLE 548/1408
[2025-05-27 07:59:25.533] Family: D:\new\ransomware_high_confidence\exorcist
[2025-05-27 07:59:25.533] File: 793dcc731fa2c6f7406fd52c7ac43926ac23e39badce09677128cce0192e19b0.exe
[2025-05-27 07:59:25.533] Path: D:\new\ransomware_high_confidence\exorcist\793dcc731fa2c6f7406fd52c7ac43926ac23e39badce09677128cce0192e19b0.exe
[2025-05-27 07:59:25.533] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\exorcist\793dcc731fa2c6f7406fd52c7ac43926ac23e39badce09677128cce0192e19b0.exe
[2025-05-27 07:59:25.533] Malware execution time: 60 seconds
[2025-05-27 07:59:25.533] Restoring snapshot 35
[2025-05-27 07:59:25.711] Restoring snapshot 35 done
[2025-05-27 07:59:25.711] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 07:59:30.595] Starting up VM done
[2025-05-27 07:59:30.595] Installing kernel driver
[2025-05-27 07:59:30.595] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 07:59:33.755] Kernel driver installation completed
[2025-05-27 07:59:33.755] Starting GP driver service
[2025-05-27 07:59:33.755] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 07:59:36.913] GP driver service started
[2025-05-27 07:59:36.913] Executing malware sample: D:\new\ransomware_high_confidence\exorcist\793dcc731fa2c6f7406fd52c7ac43926ac23e39badce09677128cce0192e19b0.exe
[2025-05-27 07:59:36.913] Malware execution started
[2025-05-27 07:59:36.913] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:00:36.921] Taking screenshot
[2025-05-27 08:00:36.983] Taking screenshot done
[2025-05-27 08:00:36.983] Terminating malware: 793dcc731fa2c6f7406fd52c7ac43

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:03:15.313] Powering off VM done
[2025-05-27 08:03:18.314] Restoring snapshot 35
[2025-05-27 08:03:18.362] Restoring snapshot 35 done
[2025-05-27 08:03:18.362] Kernel telemetry analysis completed in 232.8 seconds.

[2025-05-27 08:03:18.362] ✅ Analysis completed successfully!
[2025-05-27 08:03:18.362] Progress: 38.9% (548/1408)
[2025-05-27 08:03:18.362] Successful: 548, Failed: 0
[2025-05-27 08:03:18.362] Time remaining: 31.2h
[2025-05-27 08:03:18.362] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:03:23.363] SAMPLE 549/1408
[2025-05-27 08:03:23.363] Family: D:\new\ransomware_high_confidence\exorcist
[2025-05-27 08:03:23.363] File: 8ce8636d2b4807cf66f78156ad7af4035202f6b770eed78b5fe875d3e321b155.exe
[2025-05-27 08:03:23.363] Path: D:\new\ransomware_high_confidence\exorcist\8ce8636d2b4807cf66f78156ad7af4035202f6b770eed78b5fe875d3e321b155.exe
[2025-05-27 08:03:23.363] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\exorcist\8ce8636d2b4807cf66f78156ad7af4035202f6b770eed78b5fe875d3e321b155.exe
[2025-05-27 08:03:23.363] Malware execution time: 60 seconds
[2025-05-27 08:03:23.363] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:03:23.650] Restoring snapshot 35 done
[2025-05-27 08:03:23.650] Starting up VM
[2025-05-27 08:03:28.478] Starting up VM done
[2025-05-27 08:03:28.478] Installing kernel driver
[2025-05-27 08:03:28.478] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:03:31.630] Kernel driver installation completed
[2025-05-27 08:03:31.630] Starting GP driver service
[2025-05-27 08:03:31.630] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:03:34.781] GP driver service started
[2025-05-27 08:03:34.781] Executing malware sample: D:\new\ransomware_high_confidence\exorcist\8ce8636d2b4807cf66f78156ad7af4035202f6b770eed78b5fe875d3e321b155.exe
[2025-05-27 08:03:34.781] Malware execution started
[2025-05-27 08:03:34.781] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:04:34.789] Taking screenshot
[2025-05-27 08:04:34.852] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:04:51.340] Restoring snapshot 35
[2025-05-27 08:04:51.390] Restoring snapshot 35 done
[2025-05-27 08:04:51.390] Kernel telemetry analysis completed in 88.0 seconds.

[2025-05-27 08:04:51.390] ✅ Analysis completed successfully!
[2025-05-27 08:04:51.390] Progress: 39.0% (549/1408)
[2025-05-27 08:04:51.390] Successful: 549, Failed: 0
[2025-05-27 08:04:51.390] Time remaining: 31.2h
[2025-05-27 08:04:51.390] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:04:56.391] SAMPLE 550/1408
[2025-05-27 08:04:56.391] Family: D:\new\ransomware_high_confidence\exorcist
[2025-05-27 08:04:56.391] File: 8d684a790a5683b8decde9fb5a819c4a164d3032723a151a30ff26d3c2b1aabf.exe
[2025-05-27 08:04:56.391] Path: D:\new\ransomware_high_confidence\exorcist\8d684a790a5683b8decde9fb5a819c4a164d3032723a151a30ff26d3c2b1aabf.exe
[2025-05-27 08:04:56.391] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\exorcist\8d684a790a5683b8decde9fb5a819c4a164d3032723a151a30ff26d3c2b1aabf.exe
[2025-05-27 08:04:56.391] Malware execution time: 60 seconds
[2025-05-27 08:04:56.391] Restoring snapshot 35
[2025-05-27 08:04:56.568] Restoring snapshot 35 done
[2025-05-27 08:04:56.568] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:05:01.423] Starting up VM done
[2025-05-27 08:05:01.423] Installing kernel driver
[2025-05-27 08:05:01.423] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:05:04.577] Kernel driver installation completed
[2025-05-27 08:05:04.577] Starting GP driver service
[2025-05-27 08:05:04.578] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:05:07.733] GP driver service started
[2025-05-27 08:05:07.733] Executing malware sample: D:\new\ransomware_high_confidence\exorcist\8d684a790a5683b8decde9fb5a819c4a164d3032723a151a30ff26d3c2b1aabf.exe
[2025-05-27 08:05:07.733] Malware execution started
[2025-05-27 08:05:07.733] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:06:07.741] Taking screenshot
[2025-05-27 08:06:07.805] Taking screenshot done
[2025-05-27 08:06:07.805] Terminating malware: 8d684a790a5683b8decde9fb5a819

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:08:46.204] Powering off VM done
[2025-05-27 08:08:49.204] Restoring snapshot 35
[2025-05-27 08:08:49.253] Restoring snapshot 35 done
[2025-05-27 08:08:49.253] Kernel telemetry analysis completed in 232.9 seconds.

[2025-05-27 08:08:49.253] ✅ Analysis completed successfully!
[2025-05-27 08:08:49.253] Progress: 39.1% (550/1408)
[2025-05-27 08:08:49.253] Successful: 550, Failed: 0
[2025-05-27 08:08:49.253] Time remaining: 31.2h
[2025-05-27 08:08:49.253] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:08:54.253] SAMPLE 551/1408
[2025-05-27 08:08:54.253] Family: D:\new\ransomware_high_confidence\exorcist
[2025-05-27 08:08:54.253] File: 8da469200a4b3899b23a34232eec537f12c621aa3c8766a9745d8ff721ef5296.exe
[2025-05-27 08:08:54.253] Path: D:\new\ransomware_high_confidence\exorcist\8da469200a4b3899b23a34232eec537f12c621aa3c8766a9745d8ff721ef5296.exe
[2025-05-27 08:08:54.253] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\exorcist\8da469200a4b3899b23a34232eec537f12c621aa3c8766a9745d8ff721ef5296.exe
[2025-05-27 08:08:54.253] Malware execution time: 60 seconds
[2025-05-27 08:08:54.253] Restoring snapshot 35
[2025-05-27 08:08:54.429] Restoring snapshot 35 done
[2025-05-27 08:08:54.429] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:08:59.339] Starting up VM done
[2025-05-27 08:08:59.339] Installing kernel driver
[2025-05-27 08:08:59.339] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:09:02.494] Kernel driver installation completed
[2025-05-27 08:09:02.494] Starting GP driver service
[2025-05-27 08:09:02.494] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:09:05.648] GP driver service started
[2025-05-27 08:09:05.648] Executing malware sample: D:\new\ransomware_high_confidence\exorcist\8da469200a4b3899b23a34232eec537f12c621aa3c8766a9745d8ff721ef5296.exe
[2025-05-27 08:09:05.648] Malware execution started
[2025-05-27 08:09:05.648] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:10:05.656] Taking screenshot
[2025-05-27 08:10:05.719] Taking screenshot done
[2025-05-27 08:10:05.719] Terminating malware: 8da469200a4b3899b23a34232eec5

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:12:44.032] Powering off VM done
[2025-05-27 08:12:47.032] Restoring snapshot 35
[2025-05-27 08:12:47.080] Restoring snapshot 35 done
[2025-05-27 08:12:47.080] Kernel telemetry analysis completed in 232.8 seconds.

[2025-05-27 08:12:47.080] ✅ Analysis completed successfully!
[2025-05-27 08:12:47.080] Progress: 39.1% (551/1408)
[2025-05-27 08:12:47.080] Successful: 551, Failed: 0
[2025-05-27 08:12:47.080] Time remaining: 31.2h
[2025-05-27 08:12:47.080] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:12:52.081] SAMPLE 552/1408
[2025-05-27 08:12:52.081] Family: D:\new\ransomware_high_confidence\exorcist
[2025-05-27 08:12:52.081] File: a7e27cc38a39ff242da39d05e04b95ea9b656829dfe2e90e8226351da8813d7d.exe
[2025-05-27 08:12:52.081] Path: D:\new\ransomware_high_confidence\exorcist\a7e27cc38a39ff242da39d05e04b95ea9b656829dfe2e90e8226351da8813d7d.exe
[2025-05-27 08:12:52.081] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\exorcist\a7e27cc38a39ff242da39d05e04b95ea9b656829dfe2e90e8226351da8813d7d.exe
[2025-05-27 08:12:52.081] Malware execution time: 60 seconds
[2025-05-27 08:12:52.081] Restoring snapshot 35
[2025-05-27 08:12:52.257] Restoring snapshot 35 done
[2025-05-27 08:12:52.257] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:12:57.144] Starting up VM done
[2025-05-27 08:12:57.144] Installing kernel driver
[2025-05-27 08:12:57.144] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:13:00.296] Kernel driver installation completed
[2025-05-27 08:13:00.296] Starting GP driver service
[2025-05-27 08:13:00.296] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:13:03.451] GP driver service started
[2025-05-27 08:13:03.451] Executing malware sample: D:\new\ransomware_high_confidence\exorcist\a7e27cc38a39ff242da39d05e04b95ea9b656829dfe2e90e8226351da8813d7d.exe
[2025-05-27 08:13:03.452] Malware execution started
[2025-05-27 08:13:03.452] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:14:03.460] Taking screenshot
[2025-05-27 08:14:03.521] Taking screenshot done
[2025-05-27 08:14:03.521] Terminating malware: a7e27cc38a39ff242da39d05e04b9

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:16:41.787] Powering off VM done
[2025-05-27 08:16:44.787] Restoring snapshot 35
[2025-05-27 08:16:44.835] Restoring snapshot 35 done
[2025-05-27 08:16:44.835] Kernel telemetry analysis completed in 232.8 seconds.

[2025-05-27 08:16:44.835] ✅ Analysis completed successfully!
[2025-05-27 08:16:44.835] Progress: 39.2% (552/1408)
[2025-05-27 08:16:44.835] Successful: 552, Failed: 0
[2025-05-27 08:16:44.835] Time remaining: 31.2h
[2025-05-27 08:16:44.835] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:16:49.836] SAMPLE 553/1408
[2025-05-27 08:16:49.836] Family: D:\new\ransomware_high_confidence\exorcist
[2025-05-27 08:16:49.836] File: b1280c85c41ba01ae9d6bf83b8d1483033dce2d15133b273e303cf935e0be9f8.exe
[2025-05-27 08:16:49.836] Path: D:\new\ransomware_high_confidence\exorcist\b1280c85c41ba01ae9d6bf83b8d1483033dce2d15133b273e303cf935e0be9f8.exe
[2025-05-27 08:16:49.836] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\exorcist\b1280c85c41ba01ae9d6bf83b8d1483033dce2d15133b273e303cf935e0be9f8.exe
[2025-05-27 08:16:49.836] Malware execution time: 60 seconds
[2025-05-27 08:16:49.836] Restoring snapshot 35
[2025-05-27 08:16:50.015] Restoring snapshot 35 done
[2025-05-27 08:16:50.015] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:16:55.308] Starting up VM done
[2025-05-27 08:16:55.308] Installing kernel driver
[2025-05-27 08:16:55.308] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:16:58.465] Kernel driver installation completed
[2025-05-27 08:16:58.465] Starting GP driver service
[2025-05-27 08:16:58.465] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:17:01.623] GP driver service started
[2025-05-27 08:17:01.623] Executing malware sample: D:\new\ransomware_high_confidence\exorcist\b1280c85c41ba01ae9d6bf83b8d1483033dce2d15133b273e303cf935e0be9f8.exe
[2025-05-27 08:17:01.623] Malware execution started
[2025-05-27 08:17:01.623] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:18:01.631] Taking screenshot
[2025-05-27 08:18:01.694] Taking screenshot done
[2025-05-27 08:18:01.694] Terminating malware: b1280c85c41ba01ae9d6bf83b8d14

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:20:40.139] Powering off VM done
[2025-05-27 08:20:43.140] Restoring snapshot 35
[2025-05-27 08:20:43.189] Restoring snapshot 35 done
[2025-05-27 08:20:43.190] Kernel telemetry analysis completed in 233.4 seconds.

[2025-05-27 08:20:43.190] ✅ Analysis completed successfully!
[2025-05-27 08:20:43.190] Progress: 39.3% (553/1408)
[2025-05-27 08:20:43.190] Successful: 553, Failed: 0
[2025-05-27 08:20:43.190] Time remaining: 31.2h
[2025-05-27 08:20:43.190] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:20:48.190] SAMPLE 554/1408
[2025-05-27 08:20:48.190] Family: D:\new\ransomware_high_confidence\exorcist
[2025-05-27 08:20:48.190] File: b1bcc54ef15f91d9291357eca02862174bd6158e95813eff1ab0c16ba48ff10e.exe
[2025-05-27 08:20:48.190] Path: D:\new\ransomware_high_confidence\exorcist\b1bcc54ef15f91d9291357eca02862174bd6158e95813eff1ab0c16ba48ff10e.exe
[2025-05-27 08:20:48.190] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\exorcist\b1bcc54ef15f91d9291357eca02862174bd6158e95813eff1ab0c16ba48ff10e.exe
[2025-05-27 08:20:48.190] Malware execution time: 60 seconds
[2025-05-27 08:20:48.190] Restoring snapshot 35
[2025-05-27 08:20:48.367] Restoring snapshot 35 done
[2025-05-27 08:20:48.367] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:20:53.261] Starting up VM done
[2025-05-27 08:20:53.261] Installing kernel driver
[2025-05-27 08:20:53.261] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:20:56.425] Kernel driver installation completed
[2025-05-27 08:20:56.425] Starting GP driver service
[2025-05-27 08:20:56.425] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:20:59.574] GP driver service started
[2025-05-27 08:20:59.574] Executing malware sample: D:\new\ransomware_high_confidence\exorcist\b1bcc54ef15f91d9291357eca02862174bd6158e95813eff1ab0c16ba48ff10e.exe
[2025-05-27 08:20:59.574] Malware execution started
[2025-05-27 08:20:59.574] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:21:59.582] Taking screenshot
[2025-05-27 08:21:59.646] Taking screenshot done
[2025-05-27 08:21:59.646] Terminating malware: b1bcc54ef15f91d9291357eca0286

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:24:38.114] Powering off VM done
[2025-05-27 08:24:41.114] Restoring snapshot 35
[2025-05-27 08:24:41.163] Restoring snapshot 35 done
[2025-05-27 08:24:41.163] Kernel telemetry analysis completed in 233.0 seconds.

[2025-05-27 08:24:41.163] ✅ Analysis completed successfully!
[2025-05-27 08:24:41.163] Progress: 39.3% (554/1408)
[2025-05-27 08:24:41.163] Successful: 554, Failed: 0
[2025-05-27 08:24:41.163] Time remaining: 31.2h
[2025-05-27 08:24:41.163] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:24:46.163] SAMPLE 555/1408
[2025-05-27 08:24:46.163] Family: D:\new\ransomware_high_confidence\exorcist
[2025-05-27 08:24:46.163] File: bf6e5f9d060ebc5bb70144ca6e795bfc249c6590ab9f45e258ec9b5f3d49eeb6.exe
[2025-05-27 08:24:46.163] Path: D:\new\ransomware_high_confidence\exorcist\bf6e5f9d060ebc5bb70144ca6e795bfc249c6590ab9f45e258ec9b5f3d49eeb6.exe
[2025-05-27 08:24:46.164] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\exorcist\bf6e5f9d060ebc5bb70144ca6e795bfc249c6590ab9f45e258ec9b5f3d49eeb6.exe
[2025-05-27 08:24:46.164] Malware execution time: 60 seconds
[2025-05-27 08:24:46.164] Restoring snapshot 35
[2025-05-27 08:24:46.342] Restoring snapshot 35 done
[2025-05-27 08:24:46.342] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:24:51.175] Starting up VM done
[2025-05-27 08:24:51.175] Installing kernel driver
[2025-05-27 08:24:51.175] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:24:54.329] Kernel driver installation completed
[2025-05-27 08:24:54.329] Starting GP driver service
[2025-05-27 08:24:54.329] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:24:57.482] GP driver service started
[2025-05-27 08:24:57.482] Executing malware sample: D:\new\ransomware_high_confidence\exorcist\bf6e5f9d060ebc5bb70144ca6e795bfc249c6590ab9f45e258ec9b5f3d49eeb6.exe
[2025-05-27 08:24:57.483] Malware execution started
[2025-05-27 08:24:57.483] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:25:57.491] Taking screenshot
[2025-05-27 08:25:57.554] Taking screenshot done
[2025-05-27 08:25:57.554] Terminating malware: bf6e5f9d060ebc5bb70144ca6e795

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:28:35.944] Powering off VM done
[2025-05-27 08:28:38.944] Restoring snapshot 35
[2025-05-27 08:28:38.993] Restoring snapshot 35 done
[2025-05-27 08:28:38.993] Kernel telemetry analysis completed in 232.8 seconds.

[2025-05-27 08:28:38.993] ✅ Analysis completed successfully!
[2025-05-27 08:28:38.993] Progress: 39.4% (555/1408)
[2025-05-27 08:28:38.993] Successful: 555, Failed: 0
[2025-05-27 08:28:38.993] Time remaining: 31.2h
[2025-05-27 08:28:38.993] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:28:43.993] SAMPLE 556/1408
[2025-05-27 08:28:43.993] Family: D:\new\ransomware_high_confidence\exorcist
[2025-05-27 08:28:43.993] File: cea934f291a4be8edb7b29e5c960093da9ee47195e53720dd6df5c977e741f4f.exe
[2025-05-27 08:28:43.993] Path: D:\new\ransomware_high_confidence\exorcist\cea934f291a4be8edb7b29e5c960093da9ee47195e53720dd6df5c977e741f4f.exe
[2025-05-27 08:28:43.993] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\exorcist\cea934f291a4be8edb7b29e5c960093da9ee47195e53720dd6df5c977e741f4f.exe
[2025-05-27 08:28:43.993] Malware execution time: 60 seconds
[2025-05-27 08:28:43.993] Restoring snapshot 35
[2025-05-27 08:28:44.171] Restoring snapshot 35 done
[2025-05-27 08:28:44.171] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:28:49.007] Starting up VM done
[2025-05-27 08:28:49.007] Installing kernel driver
[2025-05-27 08:28:49.008] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:28:52.170] Kernel driver installation completed
[2025-05-27 08:28:52.170] Starting GP driver service
[2025-05-27 08:28:52.171] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:28:55.330] GP driver service started
[2025-05-27 08:28:55.330] Executing malware sample: D:\new\ransomware_high_confidence\exorcist\cea934f291a4be8edb7b29e5c960093da9ee47195e53720dd6df5c977e741f4f.exe
[2025-05-27 08:28:55.330] Malware execution started
[2025-05-27 08:28:55.330] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:29:55.338] Taking screenshot
[2025-05-27 08:29:55.400] Taking screenshot done
[2025-05-27 08:29:55.400] Terminating malware: cea934f291a4be8edb7b29e5c9600

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:32:33.765] Powering off VM done
[2025-05-27 08:32:36.765] Restoring snapshot 35
[2025-05-27 08:32:36.815] Restoring snapshot 35 done
[2025-05-27 08:32:36.815] Kernel telemetry analysis completed in 232.8 seconds.

[2025-05-27 08:32:36.815] ✅ Analysis completed successfully!
[2025-05-27 08:32:36.815] Progress: 39.5% (556/1408)
[2025-05-27 08:32:36.815] Successful: 556, Failed: 0
[2025-05-27 08:32:36.815] Time remaining: 31.2h
[2025-05-27 08:32:36.815] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:32:41.815] SAMPLE 557/1408
[2025-05-27 08:32:41.815] Family: D:\new\ransomware_high_confidence\exorcist
[2025-05-27 08:32:41.815] File: dfecb46078038bcfa9d0b8db18bdc0646f33bad55ee7dd5ee46e61c6cf399620.exe
[2025-05-27 08:32:41.815] Path: D:\new\ransomware_high_confidence\exorcist\dfecb46078038bcfa9d0b8db18bdc0646f33bad55ee7dd5ee46e61c6cf399620.exe
[2025-05-27 08:32:41.815] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\exorcist\dfecb46078038bcfa9d0b8db18bdc0646f33bad55ee7dd5ee46e61c6cf399620.exe
[2025-05-27 08:32:41.815] Malware execution time: 60 seconds
[2025-05-27 08:32:41.815] Restoring snapshot 35
[2025-05-27 08:32:41.993] Restoring snapshot 35 done
[2025-05-27 08:32:41.993] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:32:46.876] Starting up VM done
[2025-05-27 08:32:46.876] Installing kernel driver
[2025-05-27 08:32:46.876] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:32:50.033] Kernel driver installation completed
[2025-05-27 08:32:50.033] Starting GP driver service
[2025-05-27 08:32:50.033] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:32:53.190] GP driver service started
[2025-05-27 08:32:53.190] Executing malware sample: D:\new\ransomware_high_confidence\exorcist\dfecb46078038bcfa9d0b8db18bdc0646f33bad55ee7dd5ee46e61c6cf399620.exe
[2025-05-27 08:32:53.190] Malware execution started
[2025-05-27 08:32:53.190] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:33:53.199] Taking screenshot
[2025-05-27 08:33:53.263] Taking screenshot done
[2025-05-27 08:33:53.263] Terminating malware: dfecb46078038bcfa9d0b8db18bdc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:34:07.028] Powering off VM done
[2025-05-27 08:34:10.028] Restoring snapshot 35
[2025-05-27 08:34:10.077] Restoring snapshot 35 done
[2025-05-27 08:34:10.077] Kernel telemetry analysis completed in 88.3 seconds.

[2025-05-27 08:34:10.077] ✅ Analysis completed successfully!
[2025-05-27 08:34:10.077] Progress: 39.6% (557/1408)
[2025-05-27 08:34:10.077] Successful: 557, Failed: 0
[2025-05-27 08:34:10.077] Time remaining: 31.2h
[2025-05-27 08:34:10.077] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:34:15.077] SAMPLE 558/1408
[2025-05-27 08:34:15.077] Family: D:\new\ransomware_high_confidence\exorcist
[2025-05-27 08:34:15.077] File: eeb8a83d7532797d39d060ffb2a65562e8d803c4dbd8379289f99367cac2f850.exe
[2025-05-27 08:34:15.077] Path: D:\new\ransomware_high_confidence\exorcist\eeb8a83d7532797d39d060ffb2a65562e8d803c4dbd8379289f99367cac2f850.exe
[2025-05-27 08:34:15.077] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\exorcist\eeb8a83d7532797d39d060ffb2a65562e8d803c4dbd8379289f99367cac2f850.exe
[2025-05-27 08:34:15.077] Malware execution time: 60 seconds
[2025-05-27 08:34:15.077] Restoring snapshot 35
[2025-05-27 08:34:15.256] Restoring snapshot 35 done
[2025-05-27 08:34:15.256] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:34:20.271] Starting up VM done
[2025-05-27 08:34:20.271] Installing kernel driver
[2025-05-27 08:34:20.271] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:34:23.429] Kernel driver installation completed
[2025-05-27 08:34:23.429] Starting GP driver service
[2025-05-27 08:34:23.429] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:34:26.586] GP driver service started
[2025-05-27 08:34:26.586] Executing malware sample: D:\new\ransomware_high_confidence\exorcist\eeb8a83d7532797d39d060ffb2a65562e8d803c4dbd8379289f99367cac2f850.exe
[2025-05-27 08:34:26.587] Malware execution started
[2025-05-27 08:34:26.587] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:35:26.594] Taking screenshot
[2025-05-27 08:35:26.658] Taking screenshot done
[2025-05-27 08:35:26.658] Terminating malware: eeb8a83d7532797d39d060ffb2a65

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:38:04.943] Powering off VM done
[2025-05-27 08:38:07.943] Restoring snapshot 35
[2025-05-27 08:38:08.001] Restoring snapshot 35 done
[2025-05-27 08:38:08.001] Kernel telemetry analysis completed in 232.9 seconds.

[2025-05-27 08:38:08.001] ✅ Analysis completed successfully!
[2025-05-27 08:38:08.001] Progress: 39.6% (558/1408)
[2025-05-27 08:38:08.001] Successful: 558, Failed: 0
[2025-05-27 08:38:08.001] Time remaining: 31.2h
[2025-05-27 08:38:08.001] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:38:13.001] SAMPLE 559/1408
[2025-05-27 08:38:13.001] Family: D:\new\ransomware_high_confidence\exorcist
[2025-05-27 08:38:13.001] File: f86e27e58356c554269b93713ea53b797d92359f0abb25bf70fe2de278278f7f.exe
[2025-05-27 08:38:13.001] Path: D:\new\ransomware_high_confidence\exorcist\f86e27e58356c554269b93713ea53b797d92359f0abb25bf70fe2de278278f7f.exe
[2025-05-27 08:38:13.001] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\exorcist\f86e27e58356c554269b93713ea53b797d92359f0abb25bf70fe2de278278f7f.exe
[2025-05-27 08:38:13.001] Malware execution time: 60 seconds
[2025-05-27 08:38:13.001] Restoring snapshot 35
[2025-05-27 08:38:13.183] Restoring snapshot 35 done
[2025-05-27 08:38:13.183] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:38:18.059] Starting up VM done
[2025-05-27 08:38:18.059] Installing kernel driver
[2025-05-27 08:38:18.059] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:38:21.211] Kernel driver installation completed
[2025-05-27 08:38:21.212] Starting GP driver service
[2025-05-27 08:38:21.212] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:38:24.371] GP driver service started
[2025-05-27 08:38:24.371] Executing malware sample: D:\new\ransomware_high_confidence\exorcist\f86e27e58356c554269b93713ea53b797d92359f0abb25bf70fe2de278278f7f.exe
[2025-05-27 08:38:24.372] Malware execution started
[2025-05-27 08:38:24.372] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:39:24.380] Taking screenshot
[2025-05-27 08:39:24.441] Taking screenshot done
[2025-05-27 08:39:24.441] Terminating malware: f86e27e58356c554269b93713ea53

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:42:02.755] Powering off VM done
[2025-05-27 08:42:05.756] Restoring snapshot 35
[2025-05-27 08:42:05.805] Restoring snapshot 35 done
[2025-05-27 08:42:05.805] Kernel telemetry analysis completed in 232.8 seconds.

[2025-05-27 08:42:05.805] ✅ Analysis completed successfully!
[2025-05-27 08:42:05.805] Progress: 39.7% (559/1408)
[2025-05-27 08:42:05.805] Successful: 559, Failed: 0
[2025-05-27 08:42:05.805] Time remaining: 31.2h
[2025-05-27 08:42:05.805] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:42:10.805] SAMPLE 560/1408
[2025-05-27 08:42:10.805] Family: D:\new\ransomware_high_confidence\exorcist
[2025-05-27 08:42:10.805] File: fdb89d5de25bbf478ab5c14e2586128f4fb309c5ef2fa5bf917fc7e37afcd1ff.exe
[2025-05-27 08:42:10.805] Path: D:\new\ransomware_high_confidence\exorcist\fdb89d5de25bbf478ab5c14e2586128f4fb309c5ef2fa5bf917fc7e37afcd1ff.exe
[2025-05-27 08:42:10.805] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\exorcist\fdb89d5de25bbf478ab5c14e2586128f4fb309c5ef2fa5bf917fc7e37afcd1ff.exe
[2025-05-27 08:42:10.805] Malware execution time: 60 seconds
[2025-05-27 08:42:10.805] Restoring snapshot 35
[2025-05-27 08:42:10.982] Restoring snapshot 35 done
[2025-05-27 08:42:10.982] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:42:15.840] Starting up VM done
[2025-05-27 08:42:15.840] Installing kernel driver
[2025-05-27 08:42:15.840] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:42:18.999] Kernel driver installation completed
[2025-05-27 08:42:18.999] Starting GP driver service
[2025-05-27 08:42:18.999] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:42:22.150] GP driver service started
[2025-05-27 08:42:22.150] Executing malware sample: D:\new\ransomware_high_confidence\exorcist\fdb89d5de25bbf478ab5c14e2586128f4fb309c5ef2fa5bf917fc7e37afcd1ff.exe
[2025-05-27 08:42:22.150] Malware execution started
[2025-05-27 08:42:22.150] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:43:22.159] Taking screenshot
[2025-05-27 08:43:22.219] Taking screenshot done
[2025-05-27 08:43:22.219] Terminating malware: fdb89d5de25bbf478ab5c14e25861

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:46:00.616] Powering off VM done
[2025-05-27 08:46:03.616] Restoring snapshot 35
[2025-05-27 08:46:03.664] Restoring snapshot 35 done
[2025-05-27 08:46:03.664] Kernel telemetry analysis completed in 232.9 seconds.

[2025-05-27 08:46:03.664] ✅ Analysis completed successfully!
[2025-05-27 08:46:03.664] Progress: 39.8% (560/1408)
[2025-05-27 08:46:03.664] Successful: 560, Failed: 0
[2025-05-27 08:46:03.664] Time remaining: 31.2h
[2025-05-27 08:46:03.664] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:46:08.664] SAMPLE 561/1408
[2025-05-27 08:46:08.664] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 08:46:08.664] File: 0030c9190c6f96dffea80d960cf4d87aacbeffb2f08c2c9e7a60b318bd636dbf.exe
[2025-05-27 08:46:08.664] Path: D:\new\ransomware_high_confidence\gandcrab\0030c9190c6f96dffea80d960cf4d87aacbeffb2f08c2c9e7a60b318bd636dbf.exe
[2025-05-27 08:46:08.664] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\0030c9190c6f96dffea80d960cf4d87aacbeffb2f08c2c9e7a60b318bd636dbf.exe
[2025-05-27 08:46:08.664] Malware execution time: 60 seconds
[2025-05-27 08:46:08.664] Restoring snapshot 35
[2025-05-27 08:46:08.840] Restoring snapshot 35 done
[2025-05-27 08:46:08.840] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:46:13.674] Starting up VM done
[2025-05-27 08:46:13.674] Installing kernel driver
[2025-05-27 08:46:13.674] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:46:16.824] Kernel driver installation completed
[2025-05-27 08:46:16.824] Starting GP driver service
[2025-05-27 08:46:16.824] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:46:19.982] GP driver service started
[2025-05-27 08:46:19.983] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\0030c9190c6f96dffea80d960cf4d87aacbeffb2f08c2c9e7a60b318bd636dbf.exe
[2025-05-27 08:46:19.983] Malware execution started
[2025-05-27 08:46:19.983] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:47:19.991] Taking screenshot
[2025-05-27 08:47:20.054] Taking screenshot done
[2025-05-27 08:47:20.054] Terminating malware: 0030c9190c6f96dffea80d960cf4d

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:47:33.835] Powering off VM done
[2025-05-27 08:47:36.835] Restoring snapshot 35
[2025-05-27 08:47:36.886] Restoring snapshot 35 done
[2025-05-27 08:47:36.886] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 08:47:36.886] ✅ Analysis completed successfully!
[2025-05-27 08:47:36.886] Progress: 39.8% (561/1408)
[2025-05-27 08:47:36.886] Successful: 561, Failed: 0
[2025-05-27 08:47:36.886] Time remaining: 31.2h
[2025-05-27 08:47:36.886] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:47:41.886] SAMPLE 562/1408
[2025-05-27 08:47:41.886] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 08:47:41.886] File: 007988b1ffdce1e161071f92a130b64650735a5eed6445806c2c967d0902c286.exe
[2025-05-27 08:47:41.886] Path: D:\new\ransomware_high_confidence\gandcrab\007988b1ffdce1e161071f92a130b64650735a5eed6445806c2c967d0902c286.exe
[2025-05-27 08:47:41.886] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\007988b1ffdce1e161071f92a130b64650735a5eed6445806c2c967d0902c286.exe
[2025-05-27 08:47:41.886] Malware execution time: 60 seconds
[2025-05-27 08:47:41.886] Restoring snapshot 35
[2025-05-27 08:47:42.064] Restoring snapshot 35 done
[2025-05-27 08:47:42.064] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:47:46.938] Starting up VM done
[2025-05-27 08:47:46.938] Installing kernel driver
[2025-05-27 08:47:46.938] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:47:50.095] Kernel driver installation completed
[2025-05-27 08:47:50.095] Starting GP driver service
[2025-05-27 08:47:50.095] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:47:53.248] GP driver service started
[2025-05-27 08:47:53.248] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\007988b1ffdce1e161071f92a130b64650735a5eed6445806c2c967d0902c286.exe
[2025-05-27 08:47:53.249] Malware execution started
[2025-05-27 08:47:53.249] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:48:53.257] Taking screenshot
[2025-05-27 08:48:53.319] Taking screenshot done
[2025-05-27 08:48:53.319] Terminating malware: 007988b1ffdce1e161071f92a130b

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:49:09.336] Powering off VM done
[2025-05-27 08:49:12.336] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:49:13.732] Restoring snapshot 35 done
[2025-05-27 08:49:13.732] Kernel telemetry analysis completed in 91.8 seconds.

[2025-05-27 08:49:13.732] ✅ Analysis completed successfully!
[2025-05-27 08:49:13.732] Progress: 39.9% (562/1408)
[2025-05-27 08:49:13.732] Successful: 562, Failed: 0
[2025-05-27 08:49:13.732] Time remaining: 31.1h
[2025-05-27 08:49:13.732] Waiting 5 seconds before next sample...
[2025-05-27 08:49:18.732] SAMPLE 563/1408
[2025-05-27 08:49:18.732] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 08:49:18.732] File: 07c82be075c33f06ef8e411d5f32e7b3d51a47be63233f2d66250cbf2903b777.exe
[2025-05-27 08:49:18.732] Path: D:\new\ransomware_high_confidence\gandcrab\07c82be075c33f06ef8e411d5f32e7b3d51a47be63233f2d66250cbf2903b777.exe
[2025-05-27 08:49:18.732] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\07c82be075c33f06ef8e411d5f32e7b3d51a47be63233f2d66250cbf2903b777.exe
[2025-05-27 08:49:18.732] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:49:19.597] Restoring snapshot 35 done
[2025-05-27 08:49:19.597] Starting up VM
[2025-05-27 08:49:26.492] Starting up VM done
[2025-05-27 08:49:26.492] Installing kernel driver
[2025-05-27 08:49:26.492] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:49:30.491] Kernel driver installation completed
[2025-05-27 08:49:30.491] Starting GP driver service
[2025-05-27 08:49:30.491] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:49:33.645] GP driver service started
[2025-05-27 08:49:33.645] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\07c82be075c33f06ef8e411d5f32e7b3d51a47be63233f2d66250cbf2903b777.exe
[2025-05-27 08:49:33.646] Malware execution started
[2025-05-27 08:49:33.646] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:50:33.654] Taking screenshot
[2025-05-27 08:50:33.717] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:50:50.284] Powering off VM done
[2025-05-27 08:50:53.284] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:50:54.826] Restoring snapshot 35 done
[2025-05-27 08:50:54.826] Kernel telemetry analysis completed in 96.1 seconds.

[2025-05-27 08:50:54.826] ✅ Analysis completed successfully!
[2025-05-27 08:50:54.826] Progress: 40.0% (563/1408)
[2025-05-27 08:50:54.826] Successful: 563, Failed: 0
[2025-05-27 08:50:54.826] Time remaining: 31.1h
[2025-05-27 08:50:54.826] Waiting 5 seconds before next sample...
[2025-05-27 08:50:59.826] SAMPLE 564/1408
[2025-05-27 08:50:59.826] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 08:50:59.826] File: 098aad386b0f549cefddf2001dba9f31f40d88a3618cd3a8d5589b4b0b467342.exe
[2025-05-27 08:50:59.826] Path: D:\new\ransomware_high_confidence\gandcrab\098aad386b0f549cefddf2001dba9f31f40d88a3618cd3a8d5589b4b0b467342.exe
[2025-05-27 08:50:59.826] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\098aad386b0f549cefddf2001dba9f31f40d88a3618cd3a8d5589b4b0b467342.exe
[2025-05-27 08:50:59.826] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:51:01.508] Restoring snapshot 35 done
[2025-05-27 08:51:01.508] Starting up VM
[2025-05-27 08:51:08.295] Starting up VM done
[2025-05-27 08:51:08.295] Installing kernel driver
[2025-05-27 08:51:08.295] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:51:11.479] Kernel driver installation completed
[2025-05-27 08:51:11.479] Starting GP driver service
[2025-05-27 08:51:11.479] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:51:14.634] GP driver service started
[2025-05-27 08:51:14.634] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\098aad386b0f549cefddf2001dba9f31f40d88a3618cd3a8d5589b4b0b467342.exe
[2025-05-27 08:51:14.635] Malware execution started
[2025-05-27 08:51:14.635] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:52:14.643] Taking screenshot
[2025-05-27 08:52:14.708] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:52:35.098] Powering off VM done
[2025-05-27 08:52:38.098] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:52:39.942] Restoring snapshot 35 done
[2025-05-27 08:52:39.942] Kernel telemetry analysis completed in 100.1 seconds.

[2025-05-27 08:52:39.942] ✅ Analysis completed successfully!
[2025-05-27 08:52:39.942] Progress: 40.1% (564/1408)
[2025-05-27 08:52:39.942] Successful: 564, Failed: 0
[2025-05-27 08:52:39.942] Time remaining: 31.0h
[2025-05-27 08:52:39.943] Waiting 5 seconds before next sample...
[2025-05-27 08:52:44.943] SAMPLE 565/1408
[2025-05-27 08:52:44.943] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 08:52:44.943] File: 0d38a79805947ec49ba34769b9a9f9cdfc4032c3c7112bed465d46b09b587ef9.exe
[2025-05-27 08:52:44.943] Path: D:\new\ransomware_high_confidence\gandcrab\0d38a79805947ec49ba34769b9a9f9cdfc4032c3c7112bed465d46b09b587ef9.exe
[2025-05-27 08:52:44.943] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\0d38a79805947ec49ba34769b9a9f9cdfc4032c3c7112bed465d46b09b587ef9.exe
[2025-05-27 08:52:44.943] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:52:46.776] Restoring snapshot 35 done
[2025-05-27 08:52:46.776] Starting up VM
[2025-05-27 08:52:53.279] Starting up VM done
[2025-05-27 08:52:53.279] Installing kernel driver
[2025-05-27 08:52:53.279] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:52:57.024] Kernel driver installation completed
[2025-05-27 08:52:57.024] Starting GP driver service
[2025-05-27 08:52:57.024] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:53:00.172] GP driver service started
[2025-05-27 08:53:00.172] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\0d38a79805947ec49ba34769b9a9f9cdfc4032c3c7112bed465d46b09b587ef9.exe
[2025-05-27 08:53:00.173] Malware execution started
[2025-05-27 08:53:00.173] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:54:00.180] Taking screenshot
[2025-05-27 08:54:00.244] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:54:16.915] Powering off VM done
[2025-05-27 08:54:19.915] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:54:21.122] Restoring snapshot 35 done
[2025-05-27 08:54:21.122] Kernel telemetry analysis completed in 96.2 seconds.

[2025-05-27 08:54:21.122] ✅ Analysis completed successfully!
[2025-05-27 08:54:21.122] Progress: 40.1% (565/1408)
[2025-05-27 08:54:21.122] Successful: 565, Failed: 0
[2025-05-27 08:54:21.122] Time remaining: 31.0h
[2025-05-27 08:54:21.122] Waiting 5 seconds before next sample...
[2025-05-27 08:54:26.123] SAMPLE 566/1408
[2025-05-27 08:54:26.123] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 08:54:26.123] File: 0d8a1610fbe90831d4aae127563c8b6d0f0fe85aae3cd7062013f74cf38be4f0.exe
[2025-05-27 08:54:26.123] Path: D:\new\ransomware_high_confidence\gandcrab\0d8a1610fbe90831d4aae127563c8b6d0f0fe85aae3cd7062013f74cf38be4f0.exe
[2025-05-27 08:54:26.123] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\0d8a1610fbe90831d4aae127563c8b6d0f0fe85aae3cd7062013f74cf38be4f0.exe
[2025-05-27 08:54:26.123] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:54:27.640] Restoring snapshot 35 done
[2025-05-27 08:54:27.641] Starting up VM
[2025-05-27 08:54:33.944] Starting up VM done
[2025-05-27 08:54:33.944] Installing kernel driver
[2025-05-27 08:54:33.944] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:54:38.163] Kernel driver installation completed
[2025-05-27 08:54:38.163] Starting GP driver service
[2025-05-27 08:54:38.163] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:54:41.311] GP driver service started
[2025-05-27 08:54:41.311] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\0d8a1610fbe90831d4aae127563c8b6d0f0fe85aae3cd7062013f74cf38be4f0.exe
[2025-05-27 08:54:41.312] Malware execution started
[2025-05-27 08:54:41.312] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:55:41.319] Taking screenshot
[2025-05-27 08:55:41.382] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:56:07.456] Powering off VM done
[2025-05-27 08:56:10.457] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:56:11.618] Restoring snapshot 35 done
[2025-05-27 08:56:11.618] Kernel telemetry analysis completed in 105.5 seconds.

[2025-05-27 08:56:11.618] ✅ Analysis completed successfully!
[2025-05-27 08:56:11.618] Progress: 40.2% (566/1408)
[2025-05-27 08:56:11.618] Successful: 566, Failed: 0
[2025-05-27 08:56:11.619] Time remaining: 30.9h
[2025-05-27 08:56:11.619] Waiting 5 seconds before next sample...
[2025-05-27 08:56:16.619] SAMPLE 567/1408
[2025-05-27 08:56:16.619] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 08:56:16.619] File: 137e0d194e572f779a9334960063f1c482e73d4758d75663f2a298393bc52bea.exe
[2025-05-27 08:56:16.619] Path: D:\new\ransomware_high_confidence\gandcrab\137e0d194e572f779a9334960063f1c482e73d4758d75663f2a298393bc52bea.exe
[2025-05-27 08:56:16.619] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\137e0d194e572f779a9334960063f1c482e73d4758d75663f2a298393bc52bea.exe
[2025-05-27 08:56:16.619] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:56:18.240] Restoring snapshot 35 done
[2025-05-27 08:56:18.240] Starting up VM
[2025-05-27 08:56:24.497] Starting up VM done
[2025-05-27 08:56:24.497] Installing kernel driver
[2025-05-27 08:56:24.497] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:56:28.151] Kernel driver installation completed
[2025-05-27 08:56:28.151] Starting GP driver service
[2025-05-27 08:56:28.151] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:56:31.303] GP driver service started
[2025-05-27 08:56:31.303] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\137e0d194e572f779a9334960063f1c482e73d4758d75663f2a298393bc52bea.exe
[2025-05-27 08:56:31.303] Malware execution started
[2025-05-27 08:56:31.303] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:57:31.311] Taking screenshot
[2025-05-27 08:57:31.374] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:57:55.981] Powering off VM done
[2025-05-27 08:57:58.981] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:58:00.278] Restoring snapshot 35 done
[2025-05-27 08:58:00.278] Kernel telemetry analysis completed in 103.7 seconds.

[2025-05-27 08:58:00.278] ✅ Analysis completed successfully!
[2025-05-27 08:58:00.278] Progress: 40.3% (567/1408)
[2025-05-27 08:58:00.278] Successful: 567, Failed: 0
[2025-05-27 08:58:00.278] Time remaining: 30.9h
[2025-05-27 08:58:00.278] Waiting 5 seconds before next sample...
[2025-05-27 08:58:05.278] SAMPLE 568/1408
[2025-05-27 08:58:05.279] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 08:58:05.279] File: 1673a950aa003ed5110d0ced961bfb29e9acd424897cd27d846f3a686d73678c.exe
[2025-05-27 08:58:05.279] Path: D:\new\ransomware_high_confidence\gandcrab\1673a950aa003ed5110d0ced961bfb29e9acd424897cd27d846f3a686d73678c.exe
[2025-05-27 08:58:05.279] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\1673a950aa003ed5110d0ced961bfb29e9acd424897cd27d846f3a686d73678c.exe
[2025-05-27 08:58:05.279] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:58:07.104] Restoring snapshot 35 done
[2025-05-27 08:58:07.104] Starting up VM
[2025-05-27 08:58:12.903] Starting up VM done
[2025-05-27 08:58:12.903] Installing kernel driver
[2025-05-27 08:58:12.903] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 08:58:16.501] Kernel driver installation completed
[2025-05-27 08:58:16.501] Starting GP driver service
[2025-05-27 08:58:16.501] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 08:58:19.654] GP driver service started
[2025-05-27 08:58:19.654] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\1673a950aa003ed5110d0ced961bfb29e9acd424897cd27d846f3a686d73678c.exe
[2025-05-27 08:58:19.655] Malware execution started
[2025-05-27 08:58:19.655] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 08:59:19.663] Taking screenshot
[2025-05-27 08:59:19.725] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:59:47.635] Powering off VM done
[2025-05-27 08:59:50.635] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:59:52.122] Restoring snapshot 35 done
[2025-05-27 08:59:52.122] Kernel telemetry analysis completed in 106.8 seconds.

[2025-05-27 08:59:52.122] ✅ Analysis completed successfully!
[2025-05-27 08:59:52.122] Progress: 40.3% (568/1408)
[2025-05-27 08:59:52.122] Successful: 568, Failed: 0
[2025-05-27 08:59:52.122] Time remaining: 30.8h
[2025-05-27 08:59:52.122] Waiting 5 seconds before next sample...
[2025-05-27 08:59:57.122] SAMPLE 569/1408
[2025-05-27 08:59:57.122] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 08:59:57.122] File: 1b808c06993ff740e36df55805d367217933c17bff9a34c6767a5e6f3d4453fd.exe
[2025-05-27 08:59:57.122] Path: D:\new\ransomware_high_confidence\gandcrab\1b808c06993ff740e36df55805d367217933c17bff9a34c6767a5e6f3d4453fd.exe
[2025-05-27 08:59:57.122] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\1b808c06993ff740e36df55805d367217933c17bff9a34c6767a5e6f3d4453fd.exe
[2025-05-27 08:59:57.122] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 08:59:58.669] Restoring snapshot 35 done
[2025-05-27 08:59:58.669] Starting up VM
[2025-05-27 09:00:05.406] Starting up VM done
[2025-05-27 09:00:05.407] Installing kernel driver
[2025-05-27 09:00:05.407] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:00:09.169] Kernel driver installation completed
[2025-05-27 09:00:09.169] Starting GP driver service
[2025-05-27 09:00:09.169] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:00:12.327] GP driver service started
[2025-05-27 09:00:12.327] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\1b808c06993ff740e36df55805d367217933c17bff9a34c6767a5e6f3d4453fd.exe
[2025-05-27 09:00:12.328] Malware execution started
[2025-05-27 09:00:12.328] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:01:12.336] Taking screenshot
[2025-05-27 09:01:12.399] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:01:30.722] Powering off VM done
[2025-05-27 09:01:33.722] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:01:34.944] Restoring snapshot 35 done
[2025-05-27 09:01:34.944] Kernel telemetry analysis completed in 97.8 seconds.

[2025-05-27 09:01:34.944] ✅ Analysis completed successfully!
[2025-05-27 09:01:34.944] Progress: 40.4% (569/1408)
[2025-05-27 09:01:34.944] Successful: 569, Failed: 0
[2025-05-27 09:01:34.944] Time remaining: 30.8h
[2025-05-27 09:01:34.944] Waiting 5 seconds before next sample...
[2025-05-27 09:01:39.944] SAMPLE 570/1408
[2025-05-27 09:01:39.944] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:01:39.944] File: 2698c0506fd1c0332cfab3d1a7b3438269f2a2d1168eb3d09c83d805bf0724b1.exe
[2025-05-27 09:01:39.944] Path: D:\new\ransomware_high_confidence\gandcrab\2698c0506fd1c0332cfab3d1a7b3438269f2a2d1168eb3d09c83d805bf0724b1.exe
[2025-05-27 09:01:39.945] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\2698c0506fd1c0332cfab3d1a7b3438269f2a2d1168eb3d09c83d805bf0724b1.exe
[2025-05-27 09:01:39.945] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:01:41.258] Restoring snapshot 35 done
[2025-05-27 09:01:41.258] Starting up VM
[2025-05-27 09:01:47.096] Starting up VM done
[2025-05-27 09:01:47.096] Installing kernel driver
[2025-05-27 09:01:47.096] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:01:50.700] Kernel driver installation completed
[2025-05-27 09:01:50.700] Starting GP driver service
[2025-05-27 09:01:50.700] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:01:53.855] GP driver service started
[2025-05-27 09:01:53.855] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\2698c0506fd1c0332cfab3d1a7b3438269f2a2d1168eb3d09c83d805bf0724b1.exe
[2025-05-27 09:01:53.855] Malware execution started
[2025-05-27 09:01:53.855] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:02:53.863] Taking screenshot
[2025-05-27 09:02:53.925] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:03:11.307] Powering off VM done
[2025-05-27 09:03:14.308] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:03:15.541] Restoring snapshot 35 done
[2025-05-27 09:03:15.541] Kernel telemetry analysis completed in 95.6 seconds.

[2025-05-27 09:03:15.541] ✅ Analysis completed successfully!
[2025-05-27 09:03:15.541] Progress: 40.5% (570/1408)
[2025-05-27 09:03:15.541] Successful: 570, Failed: 0
[2025-05-27 09:03:15.541] Time remaining: 30.7h
[2025-05-27 09:03:15.541] Waiting 5 seconds before next sample...
[2025-05-27 09:03:20.541] SAMPLE 571/1408
[2025-05-27 09:03:20.541] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:03:20.541] File: 2c9538b89e32cac819526b5ec77a19cd32ec88c60631bec1f00311c11e3b0219.exe
[2025-05-27 09:03:20.541] Path: D:\new\ransomware_high_confidence\gandcrab\2c9538b89e32cac819526b5ec77a19cd32ec88c60631bec1f00311c11e3b0219.exe
[2025-05-27 09:03:20.541] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\2c9538b89e32cac819526b5ec77a19cd32ec88c60631bec1f00311c11e3b0219.exe
[2025-05-27 09:03:20.541] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:03:20.918] Restoring snapshot 35 done
[2025-05-27 09:03:20.918] Starting up VM
[2025-05-27 09:03:26.942] Starting up VM done
[2025-05-27 09:03:26.943] Installing kernel driver
[2025-05-27 09:03:26.943] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:03:30.104] Kernel driver installation completed
[2025-05-27 09:03:30.104] Starting GP driver service
[2025-05-27 09:03:30.104] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:03:33.251] GP driver service started
[2025-05-27 09:03:33.251] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\2c9538b89e32cac819526b5ec77a19cd32ec88c60631bec1f00311c11e3b0219.exe
[2025-05-27 09:03:33.252] Malware execution started
[2025-05-27 09:03:33.252] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:04:33.260] Taking screenshot
[2025-05-27 09:04:33.323] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:04:51.027] Powering off VM done
[2025-05-27 09:04:54.028] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:04:55.251] Restoring snapshot 35 done
[2025-05-27 09:04:55.251] Kernel telemetry analysis completed in 94.7 seconds.

[2025-05-27 09:04:55.251] ✅ Analysis completed successfully!
[2025-05-27 09:04:55.251] Progress: 40.6% (571/1408)
[2025-05-27 09:04:55.251] Successful: 571, Failed: 0
[2025-05-27 09:04:55.251] Time remaining: 30.7h
[2025-05-27 09:04:55.251] Waiting 5 seconds before next sample...
[2025-05-27 09:05:00.251] SAMPLE 572/1408
[2025-05-27 09:05:00.251] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:05:00.251] File: 2e92f62d73a7157e74bf3810356b799cfb77bf57b97e6f8c9261f02ed1ce944c.exe
[2025-05-27 09:05:00.251] Path: D:\new\ransomware_high_confidence\gandcrab\2e92f62d73a7157e74bf3810356b799cfb77bf57b97e6f8c9261f02ed1ce944c.exe
[2025-05-27 09:05:00.252] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\2e92f62d73a7157e74bf3810356b799cfb77bf57b97e6f8c9261f02ed1ce944c.exe
[2025-05-27 09:05:00.252] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:05:01.971] Restoring snapshot 35 done
[2025-05-27 09:05:01.972] Starting up VM
[2025-05-27 09:05:08.039] Starting up VM done
[2025-05-27 09:05:08.039] Installing kernel driver
[2025-05-27 09:05:08.039] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:05:12.331] Kernel driver installation completed
[2025-05-27 09:05:12.331] Starting GP driver service
[2025-05-27 09:05:12.331] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:05:15.492] GP driver service started
[2025-05-27 09:05:15.493] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\2e92f62d73a7157e74bf3810356b799cfb77bf57b97e6f8c9261f02ed1ce944c.exe
[2025-05-27 09:05:15.493] Malware execution started
[2025-05-27 09:05:15.493] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:06:15.501] Taking screenshot
[2025-05-27 09:06:15.562] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:06:32.815] Powering off VM done
[2025-05-27 09:06:35.816] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:06:36.936] Restoring snapshot 35 done
[2025-05-27 09:06:36.936] Kernel telemetry analysis completed in 96.7 seconds.

[2025-05-27 09:06:36.936] ✅ Analysis completed successfully!
[2025-05-27 09:06:36.936] Progress: 40.6% (572/1408)
[2025-05-27 09:06:36.936] Successful: 572, Failed: 0
[2025-05-27 09:06:36.936] Time remaining: 30.6h
[2025-05-27 09:06:36.936] Waiting 5 seconds before next sample...
[2025-05-27 09:06:41.936] SAMPLE 573/1408
[2025-05-27 09:06:41.936] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:06:41.936] File: 2fbe3c62a6ee7966c9bbc46be6e38d2a442fe544f38e74312b25f32f38d72715.exe
[2025-05-27 09:06:41.936] Path: D:\new\ransomware_high_confidence\gandcrab\2fbe3c62a6ee7966c9bbc46be6e38d2a442fe544f38e74312b25f32f38d72715.exe
[2025-05-27 09:06:41.936] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\2fbe3c62a6ee7966c9bbc46be6e38d2a442fe544f38e74312b25f32f38d72715.exe
[2025-05-27 09:06:41.936] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:06:43.602] Restoring snapshot 35 done
[2025-05-27 09:06:43.603] Starting up VM
[2025-05-27 09:06:49.607] Starting up VM done
[2025-05-27 09:06:49.607] Installing kernel driver
[2025-05-27 09:06:49.607] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:06:53.866] Kernel driver installation completed
[2025-05-27 09:06:53.866] Starting GP driver service
[2025-05-27 09:06:53.866] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:06:57.014] GP driver service started
[2025-05-27 09:06:57.014] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\2fbe3c62a6ee7966c9bbc46be6e38d2a442fe544f38e74312b25f32f38d72715.exe
[2025-05-27 09:06:57.014] Malware execution started
[2025-05-27 09:06:57.014] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:07:57.023] Taking screenshot
[2025-05-27 09:07:57.085] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:08:14.588] Powering off VM done
[2025-05-27 09:08:17.589] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:08:18.997] Restoring snapshot 35 done
[2025-05-27 09:08:18.997] Kernel telemetry analysis completed in 97.1 seconds.

[2025-05-27 09:08:18.997] ✅ Analysis completed successfully!
[2025-05-27 09:08:18.997] Progress: 40.7% (573/1408)
[2025-05-27 09:08:18.997] Successful: 573, Failed: 0
[2025-05-27 09:08:18.997] Time remaining: 30.6h
[2025-05-27 09:08:18.997] Waiting 5 seconds before next sample...
[2025-05-27 09:08:23.997] SAMPLE 574/1408
[2025-05-27 09:08:23.997] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:08:23.997] File: 33d1fcc12e2e01e484477df9a0c748fa6efd96fb2d004f6af7413939ebf36e12.exe
[2025-05-27 09:08:23.997] Path: D:\new\ransomware_high_confidence\gandcrab\33d1fcc12e2e01e484477df9a0c748fa6efd96fb2d004f6af7413939ebf36e12.exe
[2025-05-27 09:08:23.997] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\33d1fcc12e2e01e484477df9a0c748fa6efd96fb2d004f6af7413939ebf36e12.exe
[2025-05-27 09:08:23.997] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:08:25.830] Restoring snapshot 35 done
[2025-05-27 09:08:25.830] Starting up VM
[2025-05-27 09:08:31.673] Starting up VM done
[2025-05-27 09:08:31.673] Installing kernel driver
[2025-05-27 09:08:31.673] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:08:35.595] Kernel driver installation completed
[2025-05-27 09:08:35.595] Starting GP driver service
[2025-05-27 09:08:35.595] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:08:38.754] GP driver service started
[2025-05-27 09:08:38.755] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\33d1fcc12e2e01e484477df9a0c748fa6efd96fb2d004f6af7413939ebf36e12.exe
[2025-05-27 09:08:38.755] Malware execution started
[2025-05-27 09:08:38.755] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:09:38.763] Taking screenshot
[2025-05-27 09:09:38.828] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:09:59.791] Powering off VM done
[2025-05-27 09:10:02.791] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:10:04.161] Restoring snapshot 35 done
[2025-05-27 09:10:04.161] Kernel telemetry analysis completed in 100.2 seconds.

[2025-05-27 09:10:04.161] ✅ Analysis completed successfully!
[2025-05-27 09:10:04.161] Progress: 40.8% (574/1408)
[2025-05-27 09:10:04.161] Successful: 574, Failed: 0
[2025-05-27 09:10:04.161] Time remaining: 30.5h
[2025-05-27 09:10:04.161] Waiting 5 seconds before next sample...
[2025-05-27 09:10:09.161] SAMPLE 575/1408
[2025-05-27 09:10:09.161] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:10:09.161] File: 4837a97055193bf58d97c1c0e46dafdb754a5bd7654908231e3fb6cd650eec4c.exe
[2025-05-27 09:10:09.161] Path: D:\new\ransomware_high_confidence\gandcrab\4837a97055193bf58d97c1c0e46dafdb754a5bd7654908231e3fb6cd650eec4c.exe
[2025-05-27 09:10:09.162] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\4837a97055193bf58d97c1c0e46dafdb754a5bd7654908231e3fb6cd650eec4c.exe
[2025-05-27 09:10:09.162] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:10:10.715] Restoring snapshot 35 done
[2025-05-27 09:10:10.715] Starting up VM
[2025-05-27 09:10:16.568] Starting up VM done
[2025-05-27 09:10:16.568] Installing kernel driver
[2025-05-27 09:10:16.568] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:10:20.322] Kernel driver installation completed
[2025-05-27 09:10:20.322] Starting GP driver service
[2025-05-27 09:10:20.322] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:10:23.479] GP driver service started
[2025-05-27 09:10:23.479] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\4837a97055193bf58d97c1c0e46dafdb754a5bd7654908231e3fb6cd650eec4c.exe
[2025-05-27 09:10:23.480] Malware execution started
[2025-05-27 09:10:23.480] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:11:23.488] Taking screenshot
[2025-05-27 09:11:23.552] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:12:21.137] Powering off VM done
[2025-05-27 09:12:24.137] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:12:25.372] Restoring snapshot 35 done
[2025-05-27 09:12:25.372] Kernel telemetry analysis completed in 136.2 seconds.

[2025-05-27 09:12:25.372] ✅ Analysis completed successfully!
[2025-05-27 09:12:25.372] Progress: 40.8% (575/1408)
[2025-05-27 09:12:25.373] Successful: 575, Failed: 0
[2025-05-27 09:12:25.373] Time remaining: 30.5h
[2025-05-27 09:12:25.373] Waiting 5 seconds before next sample...
[2025-05-27 09:12:30.373] SAMPLE 576/1408
[2025-05-27 09:12:30.373] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:12:30.373] File: 4864e064c66cfa321ff21d0730b9d2e78009803b3c99b1500b8ccdf31efd4b7d.exe
[2025-05-27 09:12:30.373] Path: D:\new\ransomware_high_confidence\gandcrab\4864e064c66cfa321ff21d0730b9d2e78009803b3c99b1500b8ccdf31efd4b7d.exe
[2025-05-27 09:12:30.373] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\4864e064c66cfa321ff21d0730b9d2e78009803b3c99b1500b8ccdf31efd4b7d.exe
[2025-05-27 09:12:30.373] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:12:31.943] Restoring snapshot 35 done
[2025-05-27 09:12:31.943] Starting up VM
[2025-05-27 09:12:38.751] Starting up VM done
[2025-05-27 09:12:38.751] Installing kernel driver
[2025-05-27 09:12:38.751] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:12:42.920] Kernel driver installation completed
[2025-05-27 09:12:42.920] Starting GP driver service
[2025-05-27 09:12:42.920] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:12:46.080] GP driver service started
[2025-05-27 09:12:46.081] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\4864e064c66cfa321ff21d0730b9d2e78009803b3c99b1500b8ccdf31efd4b7d.exe
[2025-05-27 09:12:46.081] Malware execution started
[2025-05-27 09:12:46.081] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:13:46.089] Taking screenshot
[2025-05-27 09:13:46.152] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:14:04.003] Powering off VM done
[2025-05-27 09:14:07.004] Restoring snapshot 35
[2025-05-27 09:14:07.124] Restoring snapshot 35 done
[2025-05-27 09:14:07.124] Kernel telemetry analysis completed in 96.8 seconds.

[2025-05-27 09:14:07.124] ✅ Analysis completed successfully!
[2025-05-27 09:14:07.124] Progress: 40.9% (576/1408)
[2025-05-27 09:14:07.124] Successful: 576, Failed: 0
[2025-05-27 09:14:07.124] Time remaining: 30.4h
[2025-05-27 09:14:07.124] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:14:12.124] SAMPLE 577/1408
[2025-05-27 09:14:12.124] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:14:12.124] File: 4b5fe7497864d07f78af15fa3e1aa3702b303b89f9644624871d83dd0f484749.exe
[2025-05-27 09:14:12.124] Path: D:\new\ransomware_high_confidence\gandcrab\4b5fe7497864d07f78af15fa3e1aa3702b303b89f9644624871d83dd0f484749.exe
[2025-05-27 09:14:12.125] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\4b5fe7497864d07f78af15fa3e1aa3702b303b89f9644624871d83dd0f484749.exe
[2025-05-27 09:14:12.125] Malware execution time: 60 seconds
[2025-05-27 09:14:12.125] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:14:13.606] Restoring snapshot 35 done
[2025-05-27 09:14:13.606] Starting up VM
[2025-05-27 09:14:20.823] Starting up VM done
[2025-05-27 09:14:20.823] Installing kernel driver
[2025-05-27 09:14:20.823] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:14:23.988] Kernel driver installation completed
[2025-05-27 09:14:23.988] Starting GP driver service
[2025-05-27 09:14:23.988] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:14:27.138] GP driver service started
[2025-05-27 09:14:27.138] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\4b5fe7497864d07f78af15fa3e1aa3702b303b89f9644624871d83dd0f484749.exe
[2025-05-27 09:14:27.139] Malware execution started
[2025-05-27 09:14:27.139] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:15:27.147] Taking screenshot
[2025-05-27 09:15:27.208] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:15:49.675] Powering off VM done
[2025-05-27 09:15:52.675] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:15:54.129] Restoring snapshot 35 done
[2025-05-27 09:15:54.130] Kernel telemetry analysis completed in 102.0 seconds.

[2025-05-27 09:15:54.130] ✅ Analysis completed successfully!
[2025-05-27 09:15:54.130] Progress: 41.0% (577/1408)
[2025-05-27 09:15:54.130] Successful: 577, Failed: 0
[2025-05-27 09:15:54.130] Time remaining: 30.4h
[2025-05-27 09:15:54.130] Waiting 5 seconds before next sample...
[2025-05-27 09:15:59.130] SAMPLE 578/1408
[2025-05-27 09:15:59.130] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:15:59.130] File: 4be2d7cc2d715d7e5b87eb21f0c984f4da961d63aec448c790800fc1f76f2b98.exe
[2025-05-27 09:15:59.130] Path: D:\new\ransomware_high_confidence\gandcrab\4be2d7cc2d715d7e5b87eb21f0c984f4da961d63aec448c790800fc1f76f2b98.exe
[2025-05-27 09:15:59.130] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\4be2d7cc2d715d7e5b87eb21f0c984f4da961d63aec448c790800fc1f76f2b98.exe
[2025-05-27 09:15:59.130] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:16:01.286] Restoring snapshot 35 done
[2025-05-27 09:16:01.286] Starting up VM
[2025-05-27 09:16:07.390] Starting up VM done
[2025-05-27 09:16:07.390] Installing kernel driver
[2025-05-27 09:16:07.390] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:16:11.183] Kernel driver installation completed
[2025-05-27 09:16:11.183] Starting GP driver service
[2025-05-27 09:16:11.183] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:16:14.342] GP driver service started
[2025-05-27 09:16:14.342] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\4be2d7cc2d715d7e5b87eb21f0c984f4da961d63aec448c790800fc1f76f2b98.exe
[2025-05-27 09:16:14.342] Malware execution started
[2025-05-27 09:16:14.342] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:17:14.350] Taking screenshot
[2025-05-27 09:17:14.413] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:17:41.784] Powering off VM done
[2025-05-27 09:17:44.785] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:17:46.469] Restoring snapshot 35 done
[2025-05-27 09:17:46.469] Kernel telemetry analysis completed in 107.3 seconds.

[2025-05-27 09:17:46.469] ✅ Analysis completed successfully!
[2025-05-27 09:17:46.469] Progress: 41.1% (578/1408)
[2025-05-27 09:17:46.469] Successful: 578, Failed: 0
[2025-05-27 09:17:46.469] Time remaining: 30.4h
[2025-05-27 09:17:46.469] Waiting 5 seconds before next sample...
[2025-05-27 09:17:51.469] SAMPLE 579/1408
[2025-05-27 09:17:51.469] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:17:51.469] File: 52f2b6380b492c175837418285cbefa51f1de3187d00c01383bb5f9ca4ebe7db.exe
[2025-05-27 09:17:51.469] Path: D:\new\ransomware_high_confidence\gandcrab\52f2b6380b492c175837418285cbefa51f1de3187d00c01383bb5f9ca4ebe7db.exe
[2025-05-27 09:17:51.469] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\52f2b6380b492c175837418285cbefa51f1de3187d00c01383bb5f9ca4ebe7db.exe
[2025-05-27 09:17:51.469] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:17:53.302] Restoring snapshot 35 done
[2025-05-27 09:17:53.302] Starting up VM
[2025-05-27 09:17:59.390] Starting up VM done
[2025-05-27 09:17:59.390] Installing kernel driver
[2025-05-27 09:17:59.390] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:18:03.995] Kernel driver installation completed
[2025-05-27 09:18:03.995] Starting GP driver service
[2025-05-27 09:18:03.995] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:18:07.158] GP driver service started
[2025-05-27 09:18:07.158] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\52f2b6380b492c175837418285cbefa51f1de3187d00c01383bb5f9ca4ebe7db.exe
[2025-05-27 09:18:07.158] Malware execution started
[2025-05-27 09:18:07.158] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:19:07.167] Taking screenshot
[2025-05-27 09:19:07.228] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:19:47.535] Powering off VM done
[2025-05-27 09:19:50.536] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:19:51.643] Restoring snapshot 35 done
[2025-05-27 09:19:51.643] Kernel telemetry analysis completed in 120.2 seconds.

[2025-05-27 09:19:51.644] ✅ Analysis completed successfully!
[2025-05-27 09:19:51.644] Progress: 41.1% (579/1408)
[2025-05-27 09:19:51.644] Successful: 579, Failed: 0
[2025-05-27 09:19:51.644] Time remaining: 30.3h
[2025-05-27 09:19:51.644] Waiting 5 seconds before next sample...
[2025-05-27 09:19:56.644] SAMPLE 580/1408
[2025-05-27 09:19:56.644] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:19:56.644] File: 5c95c59b3a7fc2dfa43c0b372e3ae5af566d458d35296f3bd4313bbc4dcf050b.exe
[2025-05-27 09:19:56.644] Path: D:\new\ransomware_high_confidence\gandcrab\5c95c59b3a7fc2dfa43c0b372e3ae5af566d458d35296f3bd4313bbc4dcf050b.exe
[2025-05-27 09:19:56.644] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\5c95c59b3a7fc2dfa43c0b372e3ae5af566d458d35296f3bd4313bbc4dcf050b.exe
[2025-05-27 09:19:56.644] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:19:58.053] Restoring snapshot 35 done
[2025-05-27 09:19:58.053] Starting up VM
[2025-05-27 09:20:04.461] Starting up VM done
[2025-05-27 09:20:04.462] Installing kernel driver
[2025-05-27 09:20:04.462] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:20:09.081] Kernel driver installation completed
[2025-05-27 09:20:09.081] Starting GP driver service
[2025-05-27 09:20:09.081] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:20:12.237] GP driver service started
[2025-05-27 09:20:12.237] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\5c95c59b3a7fc2dfa43c0b372e3ae5af566d458d35296f3bd4313bbc4dcf050b.exe
[2025-05-27 09:20:12.238] Malware execution started
[2025-05-27 09:20:12.238] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:21:12.246] Taking screenshot
[2025-05-27 09:21:12.308] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:21:28.498] Powering off VM done
[2025-05-27 09:21:31.498] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:21:31.782] Restoring snapshot 35 done
[2025-05-27 09:21:31.782] Kernel telemetry analysis completed in 95.1 seconds.

[2025-05-27 09:21:31.782] ✅ Analysis completed successfully!
[2025-05-27 09:21:31.782] Progress: 41.2% (580/1408)
[2025-05-27 09:21:31.782] Successful: 580, Failed: 0
[2025-05-27 09:21:31.782] Time remaining: 30.3h
[2025-05-27 09:21:31.782] Waiting 5 seconds before next sample...
[2025-05-27 09:21:36.782] SAMPLE 581/1408
[2025-05-27 09:21:36.782] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:21:36.782] File: 5c9fec26413d6b015d395afb86b87bb0ef245618bfae2d6c3a9bffb3fc56052c.exe
[2025-05-27 09:21:36.782] Path: D:\new\ransomware_high_confidence\gandcrab\5c9fec26413d6b015d395afb86b87bb0ef245618bfae2d6c3a9bffb3fc56052c.exe
[2025-05-27 09:21:36.782] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\5c9fec26413d6b015d395afb86b87bb0ef245618bfae2d6c3a9bffb3fc56052c.exe
[2025-05-27 09:21:36.782] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:21:38.412] Restoring snapshot 35 done
[2025-05-27 09:21:38.412] Starting up VM
[2025-05-27 09:21:45.244] Starting up VM done
[2025-05-27 09:21:45.244] Installing kernel driver
[2025-05-27 09:21:45.244] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:21:49.485] Kernel driver installation completed
[2025-05-27 09:21:49.485] Starting GP driver service
[2025-05-27 09:21:49.486] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:21:52.639] GP driver service started
[2025-05-27 09:21:52.639] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\5c9fec26413d6b015d395afb86b87bb0ef245618bfae2d6c3a9bffb3fc56052c.exe
[2025-05-27 09:21:52.640] Malware execution started
[2025-05-27 09:21:52.640] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:22:52.648] Taking screenshot
[2025-05-27 09:22:52.711] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:23:08.540] Powering off VM done
[2025-05-27 09:23:11.541] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:23:12.782] Restoring snapshot 35 done
[2025-05-27 09:23:12.782] Kernel telemetry analysis completed in 96.0 seconds.

[2025-05-27 09:23:12.782] ✅ Analysis completed successfully!
[2025-05-27 09:23:12.782] Progress: 41.3% (581/1408)
[2025-05-27 09:23:12.782] Successful: 581, Failed: 0
[2025-05-27 09:23:12.782] Time remaining: 30.2h
[2025-05-27 09:23:12.782] Waiting 5 seconds before next sample...
[2025-05-27 09:23:17.783] SAMPLE 582/1408
[2025-05-27 09:23:17.783] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:23:17.783] File: 64d341ecbc52f9d78080bf23559ec1778824979dd19498ee44032ec1d5224ff6.exe
[2025-05-27 09:23:17.783] Path: D:\new\ransomware_high_confidence\gandcrab\64d341ecbc52f9d78080bf23559ec1778824979dd19498ee44032ec1d5224ff6.exe
[2025-05-27 09:23:17.783] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\64d341ecbc52f9d78080bf23559ec1778824979dd19498ee44032ec1d5224ff6.exe
[2025-05-27 09:23:17.783] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:23:19.545] Restoring snapshot 35 done
[2025-05-27 09:23:19.545] Starting up VM
[2025-05-27 09:23:26.434] Starting up VM done
[2025-05-27 09:23:26.434] Installing kernel driver
[2025-05-27 09:23:26.434] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:23:29.598] Kernel driver installation completed
[2025-05-27 09:23:29.598] Starting GP driver service
[2025-05-27 09:23:29.598] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:23:32.751] GP driver service started
[2025-05-27 09:23:32.752] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\64d341ecbc52f9d78080bf23559ec1778824979dd19498ee44032ec1d5224ff6.exe
[2025-05-27 09:23:32.752] Malware execution started
[2025-05-27 09:23:32.752] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:24:32.760] Taking screenshot
[2025-05-27 09:24:32.823] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:24:50.293] Powering off VM done
[2025-05-27 09:24:53.294] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:24:54.608] Restoring snapshot 35 done
[2025-05-27 09:24:54.608] Kernel telemetry analysis completed in 96.8 seconds.

[2025-05-27 09:24:54.608] ✅ Analysis completed successfully!
[2025-05-27 09:24:54.608] Progress: 41.3% (582/1408)
[2025-05-27 09:24:54.608] Successful: 582, Failed: 0
[2025-05-27 09:24:54.608] Time remaining: 30.2h
[2025-05-27 09:24:54.608] Waiting 5 seconds before next sample...
[2025-05-27 09:24:59.608] SAMPLE 583/1408
[2025-05-27 09:24:59.608] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:24:59.608] File: 650b1403bcd20a724261ecb656112ed5742610e41097d05d5eff160ce8fd0f91.exe
[2025-05-27 09:24:59.608] Path: D:\new\ransomware_high_confidence\gandcrab\650b1403bcd20a724261ecb656112ed5742610e41097d05d5eff160ce8fd0f91.exe
[2025-05-27 09:24:59.608] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\650b1403bcd20a724261ecb656112ed5742610e41097d05d5eff160ce8fd0f91.exe
[2025-05-27 09:24:59.608] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:25:01.452] Restoring snapshot 35 done
[2025-05-27 09:25:01.452] Starting up VM
[2025-05-27 09:25:07.338] Starting up VM done
[2025-05-27 09:25:07.338] Installing kernel driver
[2025-05-27 09:25:07.338] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:25:11.063] Kernel driver installation completed
[2025-05-27 09:25:11.063] Starting GP driver service
[2025-05-27 09:25:11.063] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:25:14.217] GP driver service started
[2025-05-27 09:25:14.217] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\650b1403bcd20a724261ecb656112ed5742610e41097d05d5eff160ce8fd0f91.exe
[2025-05-27 09:25:14.218] Malware execution started
[2025-05-27 09:25:14.218] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:26:14.226] Taking screenshot
[2025-05-27 09:26:14.291] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:26:48.931] Powering off VM done
[2025-05-27 09:26:51.932] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:26:52.969] Restoring snapshot 35 done
[2025-05-27 09:26:52.969] Kernel telemetry analysis completed in 113.4 seconds.

[2025-05-27 09:26:52.969] ✅ Analysis completed successfully!
[2025-05-27 09:26:52.969] Progress: 41.4% (583/1408)
[2025-05-27 09:26:52.969] Successful: 583, Failed: 0
[2025-05-27 09:26:52.969] Time remaining: 30.1h
[2025-05-27 09:26:52.969] Waiting 5 seconds before next sample...
[2025-05-27 09:26:57.970] SAMPLE 584/1408
[2025-05-27 09:26:57.970] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:26:57.970] File: 657ba4fed4cbf7c0b83967bfc80be084fb0a55afe6393914742232810275f052.exe
[2025-05-27 09:26:57.970] Path: D:\new\ransomware_high_confidence\gandcrab\657ba4fed4cbf7c0b83967bfc80be084fb0a55afe6393914742232810275f052.exe
[2025-05-27 09:26:57.970] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\657ba4fed4cbf7c0b83967bfc80be084fb0a55afe6393914742232810275f052.exe
[2025-05-27 09:26:57.970] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:26:59.505] Restoring snapshot 35 done
[2025-05-27 09:26:59.505] Starting up VM
[2025-05-27 09:27:05.602] Starting up VM done
[2025-05-27 09:27:05.602] Installing kernel driver
[2025-05-27 09:27:05.602] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:27:09.545] Kernel driver installation completed
[2025-05-27 09:27:09.545] Starting GP driver service
[2025-05-27 09:27:09.545] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:27:12.700] GP driver service started
[2025-05-27 09:27:12.700] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\657ba4fed4cbf7c0b83967bfc80be084fb0a55afe6393914742232810275f052.exe
[2025-05-27 09:27:12.700] Malware execution started
[2025-05-27 09:27:12.700] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:28:12.708] Taking screenshot
[2025-05-27 09:28:12.770] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:28:31.086] Powering off VM done
[2025-05-27 09:28:34.086] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:28:35.537] Restoring snapshot 35 done
[2025-05-27 09:28:35.537] Kernel telemetry analysis completed in 97.6 seconds.

[2025-05-27 09:28:35.537] ✅ Analysis completed successfully!
[2025-05-27 09:28:35.537] Progress: 41.5% (584/1408)
[2025-05-27 09:28:35.537] Successful: 584, Failed: 0
[2025-05-27 09:28:35.537] Time remaining: 30.1h
[2025-05-27 09:28:35.537] Waiting 5 seconds before next sample...
[2025-05-27 09:28:40.537] SAMPLE 585/1408
[2025-05-27 09:28:40.537] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:28:40.537] File: 6f4de91333804c26c9b9807a8480bd2b7c7116bd42c3ad3f8f3d6d835d2153b2.exe
[2025-05-27 09:28:40.538] Path: D:\new\ransomware_high_confidence\gandcrab\6f4de91333804c26c9b9807a8480bd2b7c7116bd42c3ad3f8f3d6d835d2153b2.exe
[2025-05-27 09:28:40.538] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\6f4de91333804c26c9b9807a8480bd2b7c7116bd42c3ad3f8f3d6d835d2153b2.exe
[2025-05-27 09:28:40.538] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:28:42.197] Restoring snapshot 35 done
[2025-05-27 09:28:42.197] Starting up VM
[2025-05-27 09:28:48.895] Starting up VM done
[2025-05-27 09:28:48.895] Installing kernel driver
[2025-05-27 09:28:48.895] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:28:53.243] Kernel driver installation completed
[2025-05-27 09:28:53.243] Starting GP driver service
[2025-05-27 09:28:53.243] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:28:56.405] GP driver service started
[2025-05-27 09:28:56.405] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\6f4de91333804c26c9b9807a8480bd2b7c7116bd42c3ad3f8f3d6d835d2153b2.exe
[2025-05-27 09:28:56.405] Malware execution started
[2025-05-27 09:28:56.406] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:29:56.414] Taking screenshot
[2025-05-27 09:29:56.475] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:30:13.912] Powering off VM done
[2025-05-27 09:30:16.912] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:30:18.455] Restoring snapshot 35 done
[2025-05-27 09:30:18.455] Kernel telemetry analysis completed in 97.9 seconds.

[2025-05-27 09:30:18.455] ✅ Analysis completed successfully!
[2025-05-27 09:30:18.455] Progress: 41.5% (585/1408)
[2025-05-27 09:30:18.455] Successful: 585, Failed: 0
[2025-05-27 09:30:18.455] Time remaining: 30.0h
[2025-05-27 09:30:18.455] Waiting 5 seconds before next sample...
[2025-05-27 09:30:23.455] SAMPLE 586/1408
[2025-05-27 09:30:23.455] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:30:23.455] File: 7a6daa99265f10fe73576aafdfcf5c8ccbd9602d482f999cdc53c7b4c7f89687.exe
[2025-05-27 09:30:23.455] Path: D:\new\ransomware_high_confidence\gandcrab\7a6daa99265f10fe73576aafdfcf5c8ccbd9602d482f999cdc53c7b4c7f89687.exe
[2025-05-27 09:30:23.455] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\7a6daa99265f10fe73576aafdfcf5c8ccbd9602d482f999cdc53c7b4c7f89687.exe
[2025-05-27 09:30:23.455] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:30:24.974] Restoring snapshot 35 done
[2025-05-27 09:30:24.974] Starting up VM
[2025-05-27 09:30:30.717] Starting up VM done
[2025-05-27 09:30:30.717] Installing kernel driver
[2025-05-27 09:30:30.717] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:30:34.175] Kernel driver installation completed
[2025-05-27 09:30:34.176] Starting GP driver service
[2025-05-27 09:30:34.176] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:30:37.323] GP driver service started
[2025-05-27 09:30:37.323] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\7a6daa99265f10fe73576aafdfcf5c8ccbd9602d482f999cdc53c7b4c7f89687.exe
[2025-05-27 09:30:37.324] Malware execution started
[2025-05-27 09:30:37.324] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:31:37.332] Taking screenshot
[2025-05-27 09:31:37.394] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:32:04.114] Powering off VM done
[2025-05-27 09:32:07.115] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:32:08.241] Restoring snapshot 35 done
[2025-05-27 09:32:08.241] Kernel telemetry analysis completed in 104.8 seconds.

[2025-05-27 09:32:08.241] ✅ Analysis completed successfully!
[2025-05-27 09:32:08.241] Progress: 41.6% (586/1408)
[2025-05-27 09:32:08.241] Successful: 586, Failed: 0
[2025-05-27 09:32:08.241] Time remaining: 30.0h
[2025-05-27 09:32:08.241] Waiting 5 seconds before next sample...
[2025-05-27 09:32:13.242] SAMPLE 587/1408
[2025-05-27 09:32:13.242] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:32:13.242] File: 7cbc7453ac42556c52a88011cca5e634d86a3f5398e44c8d33b3c08f0ffde633.exe
[2025-05-27 09:32:13.242] Path: D:\new\ransomware_high_confidence\gandcrab\7cbc7453ac42556c52a88011cca5e634d86a3f5398e44c8d33b3c08f0ffde633.exe
[2025-05-27 09:32:13.242] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\7cbc7453ac42556c52a88011cca5e634d86a3f5398e44c8d33b3c08f0ffde633.exe
[2025-05-27 09:32:13.242] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:32:14.759] Restoring snapshot 35 done
[2025-05-27 09:32:14.759] Starting up VM
[2025-05-27 09:32:21.327] Starting up VM done
[2025-05-27 09:32:21.327] Installing kernel driver
[2025-05-27 09:32:21.327] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:32:25.160] Kernel driver installation completed
[2025-05-27 09:32:25.160] Starting GP driver service
[2025-05-27 09:32:25.160] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:32:28.335] GP driver service started
[2025-05-27 09:32:28.336] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\7cbc7453ac42556c52a88011cca5e634d86a3f5398e44c8d33b3c08f0ffde633.exe
[2025-05-27 09:32:28.336] Malware execution started
[2025-05-27 09:32:28.336] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:33:28.344] Taking screenshot
[2025-05-27 09:33:28.406] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:33:56.463] Powering off VM done
[2025-05-27 09:33:59.464] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:34:00.986] Restoring snapshot 35 done
[2025-05-27 09:34:00.986] Kernel telemetry analysis completed in 107.7 seconds.

[2025-05-27 09:34:00.986] ✅ Analysis completed successfully!
[2025-05-27 09:34:00.986] Progress: 41.7% (587/1408)
[2025-05-27 09:34:00.986] Successful: 587, Failed: 0
[2025-05-27 09:34:00.986] Time remaining: 29.9h
[2025-05-27 09:34:00.986] Waiting 5 seconds before next sample...
[2025-05-27 09:34:05.986] SAMPLE 588/1408
[2025-05-27 09:34:05.987] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:34:05.987] File: 81e34ce24935bf192ee0eff4a43c673ff65a36e4f6c5a12973371c7389037625.exe
[2025-05-27 09:34:05.987] Path: D:\new\ransomware_high_confidence\gandcrab\81e34ce24935bf192ee0eff4a43c673ff65a36e4f6c5a12973371c7389037625.exe
[2025-05-27 09:34:05.987] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\81e34ce24935bf192ee0eff4a43c673ff65a36e4f6c5a12973371c7389037625.exe
[2025-05-27 09:34:05.987] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:34:07.799] Restoring snapshot 35 done
[2025-05-27 09:34:07.799] Starting up VM
[2025-05-27 09:34:14.209] Starting up VM done
[2025-05-27 09:34:14.209] Installing kernel driver
[2025-05-27 09:34:14.209] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:34:18.511] Kernel driver installation completed
[2025-05-27 09:34:18.511] Starting GP driver service
[2025-05-27 09:34:18.511] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:34:21.659] GP driver service started
[2025-05-27 09:34:21.659] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\81e34ce24935bf192ee0eff4a43c673ff65a36e4f6c5a12973371c7389037625.exe
[2025-05-27 09:34:21.660] Malware execution started
[2025-05-27 09:34:21.660] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:35:21.668] Taking screenshot
[2025-05-27 09:35:21.729] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:35:38.585] Powering off VM done
[2025-05-27 09:35:41.586] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:35:42.611] Restoring snapshot 35 done
[2025-05-27 09:35:42.611] Kernel telemetry analysis completed in 96.6 seconds.

[2025-05-27 09:35:42.611] ✅ Analysis completed successfully!
[2025-05-27 09:35:42.611] Progress: 41.8% (588/1408)
[2025-05-27 09:35:42.611] Successful: 588, Failed: 0
[2025-05-27 09:35:42.611] Time remaining: 29.9h
[2025-05-27 09:35:42.611] Waiting 5 seconds before next sample...
[2025-05-27 09:35:47.611] SAMPLE 589/1408
[2025-05-27 09:35:47.611] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:35:47.611] File: 872bf2c276fe3242513c2ed1b254a5ab3c0dea273dde944c05b711697811753f.exe
[2025-05-27 09:35:47.611] Path: D:\new\ransomware_high_confidence\gandcrab\872bf2c276fe3242513c2ed1b254a5ab3c0dea273dde944c05b711697811753f.exe
[2025-05-27 09:35:47.612] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\872bf2c276fe3242513c2ed1b254a5ab3c0dea273dde944c05b711697811753f.exe
[2025-05-27 09:35:47.612] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:35:49.442] Restoring snapshot 35 done
[2025-05-27 09:35:49.442] Starting up VM
[2025-05-27 09:35:56.137] Starting up VM done
[2025-05-27 09:35:56.137] Installing kernel driver
[2025-05-27 09:35:56.137] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:36:00.683] Kernel driver installation completed
[2025-05-27 09:36:00.683] Starting GP driver service
[2025-05-27 09:36:00.683] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:36:03.836] GP driver service started
[2025-05-27 09:36:03.836] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\872bf2c276fe3242513c2ed1b254a5ab3c0dea273dde944c05b711697811753f.exe
[2025-05-27 09:36:03.836] Malware execution started
[2025-05-27 09:36:03.836] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:37:03.844] Taking screenshot
[2025-05-27 09:37:03.908] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:37:20.666] Powering off VM done
[2025-05-27 09:37:23.667] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:37:25.074] Restoring snapshot 35 done
[2025-05-27 09:37:25.074] Kernel telemetry analysis completed in 97.5 seconds.

[2025-05-27 09:37:25.074] ✅ Analysis completed successfully!
[2025-05-27 09:37:25.074] Progress: 41.8% (589/1408)
[2025-05-27 09:37:25.074] Successful: 589, Failed: 0
[2025-05-27 09:37:25.074] Time remaining: 29.8h
[2025-05-27 09:37:25.074] Waiting 5 seconds before next sample...
[2025-05-27 09:37:30.074] SAMPLE 590/1408
[2025-05-27 09:37:30.074] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:37:30.074] File: 97351c2e4ccee87ee68146c2efee6f138e03bcfc7b029d106661d00f40528039.exe
[2025-05-27 09:37:30.074] Path: D:\new\ransomware_high_confidence\gandcrab\97351c2e4ccee87ee68146c2efee6f138e03bcfc7b029d106661d00f40528039.exe
[2025-05-27 09:37:30.074] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\97351c2e4ccee87ee68146c2efee6f138e03bcfc7b029d106661d00f40528039.exe
[2025-05-27 09:37:30.074] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:37:31.851] Restoring snapshot 35 done
[2025-05-27 09:37:31.851] Starting up VM
[2025-05-27 09:37:38.062] Starting up VM done
[2025-05-27 09:37:38.062] Installing kernel driver
[2025-05-27 09:37:38.062] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:37:42.832] Kernel driver installation completed
[2025-05-27 09:37:42.832] Starting GP driver service
[2025-05-27 09:37:42.832] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:37:45.987] GP driver service started
[2025-05-27 09:37:45.987] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\97351c2e4ccee87ee68146c2efee6f138e03bcfc7b029d106661d00f40528039.exe
[2025-05-27 09:37:45.988] Malware execution started
[2025-05-27 09:37:45.988] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:38:45.996] Taking screenshot
[2025-05-27 09:38:46.059] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:39:07.912] Powering off VM done
[2025-05-27 09:39:10.912] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:39:11.999] Restoring snapshot 35 done
[2025-05-27 09:39:11.999] Kernel telemetry analysis completed in 101.9 seconds.

[2025-05-27 09:39:11.999] ✅ Analysis completed successfully!
[2025-05-27 09:39:11.999] Progress: 41.9% (590/1408)
[2025-05-27 09:39:11.999] Successful: 590, Failed: 0
[2025-05-27 09:39:11.999] Time remaining: 29.8h
[2025-05-27 09:39:11.999] Waiting 5 seconds before next sample...
[2025-05-27 09:39:16.999] SAMPLE 591/1408
[2025-05-27 09:39:16.999] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:39:16.999] File: 9f7b9c0a9f745304a16b2e3b699b6ad2b7d3835cd6305b112f2590a9386c7fca.exe
[2025-05-27 09:39:16.999] Path: D:\new\ransomware_high_confidence\gandcrab\9f7b9c0a9f745304a16b2e3b699b6ad2b7d3835cd6305b112f2590a9386c7fca.exe
[2025-05-27 09:39:16.000] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\9f7b9c0a9f745304a16b2e3b699b6ad2b7d3835cd6305b112f2590a9386c7fca.exe
[2025-05-27 09:39:16.000] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:39:18.950] Restoring snapshot 35 done
[2025-05-27 09:39:18.950] Starting up VM
[2025-05-27 09:39:25.183] Starting up VM done
[2025-05-27 09:39:25.183] Installing kernel driver
[2025-05-27 09:39:25.183] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:39:29.288] Kernel driver installation completed
[2025-05-27 09:39:29.288] Starting GP driver service
[2025-05-27 09:39:29.288] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:39:32.444] GP driver service started
[2025-05-27 09:39:32.444] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\9f7b9c0a9f745304a16b2e3b699b6ad2b7d3835cd6305b112f2590a9386c7fca.exe
[2025-05-27 09:39:32.444] Malware execution started
[2025-05-27 09:39:32.444] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:40:32.452] Taking screenshot
[2025-05-27 09:40:32.515] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:41:26.299] Powering off VM done
[2025-05-27 09:41:29.300] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:41:30.322] Restoring snapshot 35 done
[2025-05-27 09:41:30.322] Kernel telemetry analysis completed in 133.3 seconds.

[2025-05-27 09:41:30.322] ✅ Analysis completed successfully!
[2025-05-27 09:41:30.322] Progress: 42.0% (591/1408)
[2025-05-27 09:41:30.322] Successful: 591, Failed: 0
[2025-05-27 09:41:30.322] Time remaining: 29.8h
[2025-05-27 09:41:30.322] Waiting 5 seconds before next sample...
[2025-05-27 09:41:35.322] SAMPLE 592/1408
[2025-05-27 09:41:35.322] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:41:35.322] File: a383ec861e033b3a0035caa3447aff798dc5f63f8931682610b09bae7c2cb88e.exe
[2025-05-27 09:41:35.322] Path: D:\new\ransomware_high_confidence\gandcrab\a383ec861e033b3a0035caa3447aff798dc5f63f8931682610b09bae7c2cb88e.exe
[2025-05-27 09:41:35.323] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\a383ec861e033b3a0035caa3447aff798dc5f63f8931682610b09bae7c2cb88e.exe
[2025-05-27 09:41:35.323] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:41:37.102] Restoring snapshot 35 done
[2025-05-27 09:41:37.102] Starting up VM
[2025-05-27 09:41:43.731] Starting up VM done
[2025-05-27 09:41:43.731] Installing kernel driver
[2025-05-27 09:41:43.731] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:41:47.913] Kernel driver installation completed
[2025-05-27 09:41:47.913] Starting GP driver service
[2025-05-27 09:41:47.913] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:41:51.067] GP driver service started
[2025-05-27 09:41:51.067] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\a383ec861e033b3a0035caa3447aff798dc5f63f8931682610b09bae7c2cb88e.exe
[2025-05-27 09:41:51.068] Malware execution started
[2025-05-27 09:41:51.068] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:42:51.076] Taking screenshot
[2025-05-27 09:42:51.140] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:43:09.320] Powering off VM done
[2025-05-27 09:43:12.320] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:43:14.034] Restoring snapshot 35 done
[2025-05-27 09:43:14.034] Kernel telemetry analysis completed in 98.7 seconds.

[2025-05-27 09:43:14.034] ✅ Analysis completed successfully!
[2025-05-27 09:43:14.034] Progress: 42.0% (592/1408)
[2025-05-27 09:43:14.034] Successful: 592, Failed: 0
[2025-05-27 09:43:14.034] Time remaining: 29.7h
[2025-05-27 09:43:14.034] Waiting 5 seconds before next sample...
[2025-05-27 09:43:19.034] SAMPLE 593/1408
[2025-05-27 09:43:19.034] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:43:19.034] File: a45bd4059d804b586397f43ee95232378d519c6b8978d334e07f6047435fe926.exe
[2025-05-27 09:43:19.034] Path: D:\new\ransomware_high_confidence\gandcrab\a45bd4059d804b586397f43ee95232378d519c6b8978d334e07f6047435fe926.exe
[2025-05-27 09:43:19.034] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\a45bd4059d804b586397f43ee95232378d519c6b8978d334e07f6047435fe926.exe
[2025-05-27 09:43:19.034] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:43:20.918] Restoring snapshot 35 done
[2025-05-27 09:43:20.918] Starting up VM
[2025-05-27 09:43:26.838] Starting up VM done
[2025-05-27 09:43:26.838] Installing kernel driver
[2025-05-27 09:43:26.838] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:43:31.129] Kernel driver installation completed
[2025-05-27 09:43:31.129] Starting GP driver service
[2025-05-27 09:43:31.129] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:43:34.285] GP driver service started
[2025-05-27 09:43:34.285] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\a45bd4059d804b586397f43ee95232378d519c6b8978d334e07f6047435fe926.exe
[2025-05-27 09:43:34.285] Malware execution started
[2025-05-27 09:43:34.285] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:44:34.294] Taking screenshot
[2025-05-27 09:44:34.357] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:44:51.942] Powering off VM done
[2025-05-27 09:44:54.942] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:44:56.812] Restoring snapshot 35 done
[2025-05-27 09:44:56.812] Kernel telemetry analysis completed in 97.8 seconds.

[2025-05-27 09:44:56.812] ✅ Analysis completed successfully!
[2025-05-27 09:44:56.812] Progress: 42.1% (593/1408)
[2025-05-27 09:44:56.812] Successful: 593, Failed: 0
[2025-05-27 09:44:56.812] Time remaining: 29.7h
[2025-05-27 09:44:56.812] Waiting 5 seconds before next sample...
[2025-05-27 09:45:01.812] SAMPLE 594/1408
[2025-05-27 09:45:01.812] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:45:01.812] File: a4934922ea9e1e6924f24bba64af5888d2b4df87ffb938d92304a5677549899b.exe
[2025-05-27 09:45:01.812] Path: D:\new\ransomware_high_confidence\gandcrab\a4934922ea9e1e6924f24bba64af5888d2b4df87ffb938d92304a5677549899b.exe
[2025-05-27 09:45:01.812] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\a4934922ea9e1e6924f24bba64af5888d2b4df87ffb938d92304a5677549899b.exe
[2025-05-27 09:45:01.812] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:45:03.771] Restoring snapshot 35 done
[2025-05-27 09:45:03.771] Starting up VM
[2025-05-27 09:45:09.598] Starting up VM done
[2025-05-27 09:45:09.598] Installing kernel driver
[2025-05-27 09:45:09.598] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:45:13.694] Kernel driver installation completed
[2025-05-27 09:45:13.694] Starting GP driver service
[2025-05-27 09:45:13.694] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:45:16.846] GP driver service started
[2025-05-27 09:45:16.846] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\a4934922ea9e1e6924f24bba64af5888d2b4df87ffb938d92304a5677549899b.exe
[2025-05-27 09:45:16.846] Malware execution started
[2025-05-27 09:45:16.846] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:46:16.854] Taking screenshot
[2025-05-27 09:46:16.917] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:46:33.195] Powering off VM done
[2025-05-27 09:46:36.195] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:46:37.856] Restoring snapshot 35 done
[2025-05-27 09:46:37.856] Kernel telemetry analysis completed in 96.0 seconds.

[2025-05-27 09:46:37.856] ✅ Analysis completed successfully!
[2025-05-27 09:46:37.856] Progress: 42.2% (594/1408)
[2025-05-27 09:46:37.856] Successful: 594, Failed: 0
[2025-05-27 09:46:37.856] Time remaining: 29.6h
[2025-05-27 09:46:37.856] Waiting 5 seconds before next sample...
[2025-05-27 09:46:42.856] SAMPLE 595/1408
[2025-05-27 09:46:42.856] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:46:42.856] File: a81d350afaf97cc038b3f20b46d4757150d7854df5e56780326f91bc7d4fd215.exe
[2025-05-27 09:46:42.856] Path: D:\new\ransomware_high_confidence\gandcrab\a81d350afaf97cc038b3f20b46d4757150d7854df5e56780326f91bc7d4fd215.exe
[2025-05-27 09:46:42.856] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\a81d350afaf97cc038b3f20b46d4757150d7854df5e56780326f91bc7d4fd215.exe
[2025-05-27 09:46:42.856] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:46:44.731] Restoring snapshot 35 done
[2025-05-27 09:46:44.731] Starting up VM
[2025-05-27 09:46:51.381] Starting up VM done
[2025-05-27 09:46:51.381] Installing kernel driver
[2025-05-27 09:46:51.381] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:46:55.021] Kernel driver installation completed
[2025-05-27 09:46:55.021] Starting GP driver service
[2025-05-27 09:46:55.021] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:46:58.172] GP driver service started
[2025-05-27 09:46:58.172] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\a81d350afaf97cc038b3f20b46d4757150d7854df5e56780326f91bc7d4fd215.exe
[2025-05-27 09:46:58.172] Malware execution started
[2025-05-27 09:46:58.172] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:47:58.180] Taking screenshot
[2025-05-27 09:47:58.246] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:48:14.781] Powering off VM done
[2025-05-27 09:48:17.781] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:48:19.151] Restoring snapshot 35 done
[2025-05-27 09:48:19.151] Kernel telemetry analysis completed in 96.3 seconds.

[2025-05-27 09:48:19.151] ✅ Analysis completed successfully!
[2025-05-27 09:48:19.151] Progress: 42.3% (595/1408)
[2025-05-27 09:48:19.151] Successful: 595, Failed: 0
[2025-05-27 09:48:19.151] Time remaining: 29.6h
[2025-05-27 09:48:19.151] Waiting 5 seconds before next sample...
[2025-05-27 09:48:24.151] SAMPLE 596/1408
[2025-05-27 09:48:24.151] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:48:24.151] File: adad8b68c55b43fb2344c3051a28514b9ee25c9664dc7b35f36477c923664519.exe
[2025-05-27 09:48:24.151] Path: D:\new\ransomware_high_confidence\gandcrab\adad8b68c55b43fb2344c3051a28514b9ee25c9664dc7b35f36477c923664519.exe
[2025-05-27 09:48:24.151] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\adad8b68c55b43fb2344c3051a28514b9ee25c9664dc7b35f36477c923664519.exe
[2025-05-27 09:48:24.151] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:48:25.851] Restoring snapshot 35 done
[2025-05-27 09:48:25.851] Starting up VM
[2025-05-27 09:48:32.190] Starting up VM done
[2025-05-27 09:48:32.190] Installing kernel driver
[2025-05-27 09:48:32.190] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:48:36.359] Kernel driver installation completed
[2025-05-27 09:48:36.360] Starting GP driver service
[2025-05-27 09:48:36.360] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:48:39.509] GP driver service started
[2025-05-27 09:48:39.509] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\adad8b68c55b43fb2344c3051a28514b9ee25c9664dc7b35f36477c923664519.exe
[2025-05-27 09:48:39.509] Malware execution started
[2025-05-27 09:48:39.509] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:49:39.518] Taking screenshot
[2025-05-27 09:49:39.580] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:50:15.451] Powering off VM done
[2025-05-27 09:50:18.452] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:50:18.767] Restoring snapshot 35 done
[2025-05-27 09:50:18.767] Kernel telemetry analysis completed in 114.6 seconds.

[2025-05-27 09:50:18.767] ✅ Analysis completed successfully!
[2025-05-27 09:50:18.767] Progress: 42.3% (596/1408)
[2025-05-27 09:50:18.767] Successful: 596, Failed: 0
[2025-05-27 09:50:18.767] Time remaining: 29.5h
[2025-05-27 09:50:18.767] Waiting 5 seconds before next sample...
[2025-05-27 09:50:23.767] SAMPLE 597/1408
[2025-05-27 09:50:23.767] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:50:23.767] File: b42540e0be78f72f1c3578634f8c89fbc9bd838c425bcbe2aabb0816dd3d2f84.exe
[2025-05-27 09:50:23.767] Path: D:\new\ransomware_high_confidence\gandcrab\b42540e0be78f72f1c3578634f8c89fbc9bd838c425bcbe2aabb0816dd3d2f84.exe
[2025-05-27 09:50:23.767] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\b42540e0be78f72f1c3578634f8c89fbc9bd838c425bcbe2aabb0816dd3d2f84.exe
[2025-05-27 09:50:23.767] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:50:25.401] Restoring snapshot 35 done
[2025-05-27 09:50:25.401] Starting up VM
[2025-05-27 09:50:31.901] Starting up VM done
[2025-05-27 09:50:31.901] Installing kernel driver
[2025-05-27 09:50:31.901] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:50:36.233] Kernel driver installation completed
[2025-05-27 09:50:36.233] Starting GP driver service
[2025-05-27 09:50:36.233] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:50:39.384] GP driver service started
[2025-05-27 09:50:39.384] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\b42540e0be78f72f1c3578634f8c89fbc9bd838c425bcbe2aabb0816dd3d2f84.exe
[2025-05-27 09:50:39.385] Malware execution started
[2025-05-27 09:50:39.385] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:51:39.393] Taking screenshot
[2025-05-27 09:51:39.456] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:51:56.069] Powering off VM done
[2025-05-27 09:51:59.069] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:52:00.599] Restoring snapshot 35 done
[2025-05-27 09:52:00.599] Kernel telemetry analysis completed in 96.8 seconds.

[2025-05-27 09:52:00.599] ✅ Analysis completed successfully!
[2025-05-27 09:52:00.599] Progress: 42.4% (597/1408)
[2025-05-27 09:52:00.599] Successful: 597, Failed: 0
[2025-05-27 09:52:00.599] Time remaining: 29.5h
[2025-05-27 09:52:00.599] Waiting 5 seconds before next sample...
[2025-05-27 09:52:05.599] SAMPLE 598/1408
[2025-05-27 09:52:05.599] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:52:05.599] File: b4f1fb8fea5f5155e0e7f4ecd22d4c4a9582df7fb240af41728ad98c70949c11.exe
[2025-05-27 09:52:05.599] Path: D:\new\ransomware_high_confidence\gandcrab\b4f1fb8fea5f5155e0e7f4ecd22d4c4a9582df7fb240af41728ad98c70949c11.exe
[2025-05-27 09:52:05.599] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\b4f1fb8fea5f5155e0e7f4ecd22d4c4a9582df7fb240af41728ad98c70949c11.exe
[2025-05-27 09:52:05.599] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:52:07.141] Restoring snapshot 35 done
[2025-05-27 09:52:07.141] Starting up VM
[2025-05-27 09:52:12.908] Starting up VM done
[2025-05-27 09:52:12.909] Installing kernel driver
[2025-05-27 09:52:12.909] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:52:17.003] Kernel driver installation completed
[2025-05-27 09:52:17.003] Starting GP driver service
[2025-05-27 09:52:17.003] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:52:20.464] GP driver service started
[2025-05-27 09:52:20.464] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\b4f1fb8fea5f5155e0e7f4ecd22d4c4a9582df7fb240af41728ad98c70949c11.exe
[2025-05-27 09:52:20.464] Malware execution started
[2025-05-27 09:52:20.464] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:53:20.472] Taking screenshot
[2025-05-27 09:53:20.536] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:53:35.606] Powering off VM done
[2025-05-27 09:53:38.606] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:53:40.002] Restoring snapshot 35 done
[2025-05-27 09:53:40.002] Kernel telemetry analysis completed in 94.4 seconds.

[2025-05-27 09:53:40.002] ✅ Analysis completed successfully!
[2025-05-27 09:53:40.002] Progress: 42.5% (598/1408)
[2025-05-27 09:53:40.002] Successful: 598, Failed: 0
[2025-05-27 09:53:40.002] Time remaining: 29.4h
[2025-05-27 09:53:40.002] Waiting 5 seconds before next sample...
[2025-05-27 09:53:45.002] SAMPLE 599/1408
[2025-05-27 09:53:45.003] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:53:45.003] File: b86383ac86f27e1e6fc8656407bfbcd2462ee00640e7a310a6df265c9a0e2ae6.exe
[2025-05-27 09:53:45.003] Path: D:\new\ransomware_high_confidence\gandcrab\b86383ac86f27e1e6fc8656407bfbcd2462ee00640e7a310a6df265c9a0e2ae6.exe
[2025-05-27 09:53:45.003] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\b86383ac86f27e1e6fc8656407bfbcd2462ee00640e7a310a6df265c9a0e2ae6.exe
[2025-05-27 09:53:45.003] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:53:46.228] Restoring snapshot 35 done
[2025-05-27 09:53:46.228] Starting up VM
[2025-05-27 09:53:52.642] Starting up VM done
[2025-05-27 09:53:52.642] Installing kernel driver
[2025-05-27 09:53:52.642] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:53:57.053] Kernel driver installation completed
[2025-05-27 09:53:57.053] Starting GP driver service
[2025-05-27 09:53:57.053] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:54:00.206] GP driver service started
[2025-05-27 09:54:00.206] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\b86383ac86f27e1e6fc8656407bfbcd2462ee00640e7a310a6df265c9a0e2ae6.exe
[2025-05-27 09:54:00.206] Malware execution started
[2025-05-27 09:54:00.206] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:55:00.215] Taking screenshot
[2025-05-27 09:55:00.277] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:55:15.661] Powering off VM done
[2025-05-27 09:55:18.661] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:55:20.373] Restoring snapshot 35 done
[2025-05-27 09:55:20.373] Kernel telemetry analysis completed in 95.4 seconds.

[2025-05-27 09:55:20.373] ✅ Analysis completed successfully!
[2025-05-27 09:55:20.373] Progress: 42.5% (599/1408)
[2025-05-27 09:55:20.373] Successful: 599, Failed: 0
[2025-05-27 09:55:20.373] Time remaining: 29.4h
[2025-05-27 09:55:20.373] Waiting 5 seconds before next sample...
[2025-05-27 09:55:25.373] SAMPLE 600/1408
[2025-05-27 09:55:25.373] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:55:25.373] File: c1eca612b5b4a7ac0076d05f8e4a6c5296296c1bf0139479b9c2dd02eb75d11f.exe
[2025-05-27 09:55:25.373] Path: D:\new\ransomware_high_confidence\gandcrab\c1eca612b5b4a7ac0076d05f8e4a6c5296296c1bf0139479b9c2dd02eb75d11f.exe
[2025-05-27 09:55:25.373] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\c1eca612b5b4a7ac0076d05f8e4a6c5296296c1bf0139479b9c2dd02eb75d11f.exe
[2025-05-27 09:55:25.373] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:55:27.258] Restoring snapshot 35 done
[2025-05-27 09:55:27.258] Starting up VM
[2025-05-27 09:55:33.249] Starting up VM done
[2025-05-27 09:55:33.249] Installing kernel driver
[2025-05-27 09:55:33.249] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:55:37.612] Kernel driver installation completed
[2025-05-27 09:55:37.612] Starting GP driver service
[2025-05-27 09:55:37.612] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:55:40.771] GP driver service started
[2025-05-27 09:55:40.771] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\c1eca612b5b4a7ac0076d05f8e4a6c5296296c1bf0139479b9c2dd02eb75d11f.exe
[2025-05-27 09:55:40.771] Malware execution started
[2025-05-27 09:55:40.771] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:56:40.779] Taking screenshot
[2025-05-27 09:56:40.842] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:56:59.310] Powering off VM done
[2025-05-27 09:57:02.310] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:57:03.540] Restoring snapshot 35 done
[2025-05-27 09:57:03.540] Kernel telemetry analysis completed in 98.2 seconds.

[2025-05-27 09:57:03.540] ✅ Analysis completed successfully!
[2025-05-27 09:57:03.540] Progress: 42.6% (600/1408)
[2025-05-27 09:57:03.540] Successful: 600, Failed: 0
[2025-05-27 09:57:03.540] Time remaining: 29.3h
[2025-05-27 09:57:03.540] Waiting 5 seconds before next sample...
[2025-05-27 09:57:08.540] SAMPLE 601/1408
[2025-05-27 09:57:08.540] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:57:08.540] File: c45c084efff13cc2d01cecde8656f71c9b56b6f00704e35d1f019acc787858c4.exe
[2025-05-27 09:57:08.540] Path: D:\new\ransomware_high_confidence\gandcrab\c45c084efff13cc2d01cecde8656f71c9b56b6f00704e35d1f019acc787858c4.exe
[2025-05-27 09:57:08.541] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\c45c084efff13cc2d01cecde8656f71c9b56b6f00704e35d1f019acc787858c4.exe
[2025-05-27 09:57:08.541] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:57:10.482] Restoring snapshot 35 done
[2025-05-27 09:57:10.482] Starting up VM
[2025-05-27 09:57:17.488] Starting up VM done
[2025-05-27 09:57:17.488] Installing kernel driver
[2025-05-27 09:57:17.488] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:57:22.141] Kernel driver installation completed
[2025-05-27 09:57:22.142] Starting GP driver service
[2025-05-27 09:57:22.142] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:57:25.315] GP driver service started
[2025-05-27 09:57:25.315] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\c45c084efff13cc2d01cecde8656f71c9b56b6f00704e35d1f019acc787858c4.exe
[2025-05-27 09:57:25.315] Malware execution started
[2025-05-27 09:57:25.315] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 09:58:25.324] Taking screenshot
[2025-05-27 09:58:25.387] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:59:14.280] Powering off VM done
[2025-05-27 09:59:17.280] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:59:19.199] Restoring snapshot 35 done
[2025-05-27 09:59:19.199] Kernel telemetry analysis completed in 130.7 seconds.

[2025-05-27 09:59:19.199] ✅ Analysis completed successfully!
[2025-05-27 09:59:19.199] Progress: 42.7% (601/1408)
[2025-05-27 09:59:19.199] Successful: 601, Failed: 0
[2025-05-27 09:59:19.199] Time remaining: 29.3h
[2025-05-27 09:59:19.199] Waiting 5 seconds before next sample...
[2025-05-27 09:59:24.199] SAMPLE 602/1408
[2025-05-27 09:59:24.199] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 09:59:24.199] File: cbcff29c73b151176818c93d10ae34a1be58c710bf8b4b86b4d8e13e2232264f.exe
[2025-05-27 09:59:24.199] Path: D:\new\ransomware_high_confidence\gandcrab\cbcff29c73b151176818c93d10ae34a1be58c710bf8b4b86b4d8e13e2232264f.exe
[2025-05-27 09:59:24.199] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\cbcff29c73b151176818c93d10ae34a1be58c710bf8b4b86b4d8e13e2232264f.exe
[2025-05-27 09:59:24.200] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 09:59:26.016] Restoring snapshot 35 done
[2025-05-27 09:59:26.016] Starting up VM
[2025-05-27 09:59:32.123] Starting up VM done
[2025-05-27 09:59:32.123] Installing kernel driver
[2025-05-27 09:59:32.123] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 09:59:35.761] Kernel driver installation completed
[2025-05-27 09:59:35.761] Starting GP driver service
[2025-05-27 09:59:35.761] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 09:59:38.914] GP driver service started
[2025-05-27 09:59:38.915] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\cbcff29c73b151176818c93d10ae34a1be58c710bf8b4b86b4d8e13e2232264f.exe
[2025-05-27 09:59:38.915] Malware execution started
[2025-05-27 09:59:38.915] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:00:38.923] Taking screenshot
[2025-05-27 10:00:38.985] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:00:54.635] Powering off VM done
[2025-05-27 10:00:57.636] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:00:58.856] Restoring snapshot 35 done
[2025-05-27 10:00:58.856] Kernel telemetry analysis completed in 94.7 seconds.

[2025-05-27 10:00:58.856] ✅ Analysis completed successfully!
[2025-05-27 10:00:58.856] Progress: 42.8% (602/1408)
[2025-05-27 10:00:58.856] Successful: 602, Failed: 0
[2025-05-27 10:00:58.856] Time remaining: 29.3h
[2025-05-27 10:00:58.856] Waiting 5 seconds before next sample...
[2025-05-27 10:01:03.857] SAMPLE 603/1408
[2025-05-27 10:01:03.857] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 10:01:03.857] File: ce093ffa19f020a2b73719f653b5e0423df28ef1d59035d55e99154a85c5c668.exe
[2025-05-27 10:01:03.857] Path: D:\new\ransomware_high_confidence\gandcrab\ce093ffa19f020a2b73719f653b5e0423df28ef1d59035d55e99154a85c5c668.exe
[2025-05-27 10:01:03.857] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\ce093ffa19f020a2b73719f653b5e0423df28ef1d59035d55e99154a85c5c668.exe
[2025-05-27 10:01:03.857] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:01:05.704] Restoring snapshot 35 done
[2025-05-27 10:01:05.704] Starting up VM
[2025-05-27 10:01:12.164] Starting up VM done
[2025-05-27 10:01:12.164] Installing kernel driver
[2025-05-27 10:01:12.164] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:01:16.769] Kernel driver installation completed
[2025-05-27 10:01:16.769] Starting GP driver service
[2025-05-27 10:01:16.769] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:01:19.922] GP driver service started
[2025-05-27 10:01:19.922] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\ce093ffa19f020a2b73719f653b5e0423df28ef1d59035d55e99154a85c5c668.exe
[2025-05-27 10:01:19.923] Malware execution started
[2025-05-27 10:01:19.923] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:02:19.930] Taking screenshot
[2025-05-27 10:02:19.994] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:02:35.194] Powering off VM done
[2025-05-27 10:02:38.195] Restoring snapshot 35
[2025-05-27 10:02:38.391] Restoring snapshot 35 done
[2025-05-27 10:02:38.391] Kernel telemetry analysis completed in 94.5 seconds.

[2025-05-27 10:02:38.391] ✅ Analysis completed successfully!
[2025-05-27 10:02:38.391] Progress: 42.8% (603/1408)
[2025-05-27 10:02:38.391] Successful: 603, Failed: 0
[2025-05-27 10:02:38.391] Time remaining: 29.2h
[2025-05-27 10:02:38.391] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:02:43.392] SAMPLE 604/1408
[2025-05-27 10:02:43.392] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 10:02:43.392] File: ce8a3474f1be9d750b5a5d5447e8f66b651d215799c1b5acb261296426542659.exe
[2025-05-27 10:02:43.392] Path: D:\new\ransomware_high_confidence\gandcrab\ce8a3474f1be9d750b5a5d5447e8f66b651d215799c1b5acb261296426542659.exe
[2025-05-27 10:02:43.392] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\ce8a3474f1be9d750b5a5d5447e8f66b651d215799c1b5acb261296426542659.exe
[2025-05-27 10:02:43.392] Malware execution time: 60 seconds
[2025-05-27 10:02:43.392] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:02:44.991] Restoring snapshot 35 done
[2025-05-27 10:02:44.992] Starting up VM
[2025-05-27 10:02:51.765] Starting up VM done
[2025-05-27 10:02:51.765] Installing kernel driver
[2025-05-27 10:02:51.765] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:02:56.007] Kernel driver installation completed
[2025-05-27 10:02:56.007] Starting GP driver service
[2025-05-27 10:02:56.007] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:02:59.155] GP driver service started
[2025-05-27 10:02:59.155] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\ce8a3474f1be9d750b5a5d5447e8f66b651d215799c1b5acb261296426542659.exe
[2025-05-27 10:02:59.156] Malware execution started
[2025-05-27 10:02:59.156] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:03:59.164] Taking screenshot
[2025-05-27 10:03:59.227] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:04:14.768] Powering off VM done
[2025-05-27 10:04:17.768] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:04:19.517] Restoring snapshot 35 done
[2025-05-27 10:04:19.517] Kernel telemetry analysis completed in 96.1 seconds.

[2025-05-27 10:04:19.517] ✅ Analysis completed successfully!
[2025-05-27 10:04:19.517] Progress: 42.9% (604/1408)
[2025-05-27 10:04:19.517] Successful: 604, Failed: 0
[2025-05-27 10:04:19.517] Time remaining: 29.2h
[2025-05-27 10:04:19.517] Waiting 5 seconds before next sample...
[2025-05-27 10:04:24.517] SAMPLE 605/1408
[2025-05-27 10:04:24.517] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 10:04:24.517] File: da8c0a6ac025e95d408e72e2656d4cad02d4a3b4027ecef9d97c1a12311f37b4.exe
[2025-05-27 10:04:24.517] Path: D:\new\ransomware_high_confidence\gandcrab\da8c0a6ac025e95d408e72e2656d4cad02d4a3b4027ecef9d97c1a12311f37b4.exe
[2025-05-27 10:04:24.517] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\da8c0a6ac025e95d408e72e2656d4cad02d4a3b4027ecef9d97c1a12311f37b4.exe
[2025-05-27 10:04:24.518] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:04:26.101] Restoring snapshot 35 done
[2025-05-27 10:04:26.101] Starting up VM
[2025-05-27 10:04:32.419] Starting up VM done
[2025-05-27 10:04:32.420] Installing kernel driver
[2025-05-27 10:04:32.420] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:04:36.619] Kernel driver installation completed
[2025-05-27 10:04:36.619] Starting GP driver service
[2025-05-27 10:04:36.619] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:04:39.776] GP driver service started
[2025-05-27 10:04:39.776] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\da8c0a6ac025e95d408e72e2656d4cad02d4a3b4027ecef9d97c1a12311f37b4.exe
[2025-05-27 10:04:39.776] Malware execution started
[2025-05-27 10:04:39.776] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:05:39.784] Taking screenshot
[2025-05-27 10:05:39.846] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:06:08.509] Powering off VM done
[2025-05-27 10:06:11.509] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:06:13.134] Restoring snapshot 35 done
[2025-05-27 10:06:13.134] Kernel telemetry analysis completed in 108.6 seconds.

[2025-05-27 10:06:13.134] ✅ Analysis completed successfully!
[2025-05-27 10:06:13.134] Progress: 43.0% (605/1408)
[2025-05-27 10:06:13.134] Successful: 605, Failed: 0
[2025-05-27 10:06:13.134] Time remaining: 29.1h
[2025-05-27 10:06:13.135] Waiting 5 seconds before next sample...
[2025-05-27 10:06:18.135] SAMPLE 606/1408
[2025-05-27 10:06:18.135] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 10:06:18.135] File: dbb88de4201933bdb099b21f91786be636b6e4486765f023abd3319300ed0006.exe
[2025-05-27 10:06:18.135] Path: D:\new\ransomware_high_confidence\gandcrab\dbb88de4201933bdb099b21f91786be636b6e4486765f023abd3319300ed0006.exe
[2025-05-27 10:06:18.135] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\dbb88de4201933bdb099b21f91786be636b6e4486765f023abd3319300ed0006.exe
[2025-05-27 10:06:18.135] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:06:19.878] Restoring snapshot 35 done
[2025-05-27 10:06:19.878] Starting up VM
[2025-05-27 10:06:25.917] Starting up VM done
[2025-05-27 10:06:25.917] Installing kernel driver
[2025-05-27 10:06:25.917] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:06:30.369] Kernel driver installation completed
[2025-05-27 10:06:30.369] Starting GP driver service
[2025-05-27 10:06:30.369] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:06:33.520] GP driver service started
[2025-05-27 10:06:33.521] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\dbb88de4201933bdb099b21f91786be636b6e4486765f023abd3319300ed0006.exe
[2025-05-27 10:06:33.521] Malware execution started
[2025-05-27 10:06:33.521] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:07:33.529] Taking screenshot
[2025-05-27 10:07:33.591] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:07:57.388] Powering off VM done
[2025-05-27 10:08:00.388] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:08:01.880] Restoring snapshot 35 done
[2025-05-27 10:08:01.880] Kernel telemetry analysis completed in 103.7 seconds.

[2025-05-27 10:08:01.880] ✅ Analysis completed successfully!
[2025-05-27 10:08:01.880] Progress: 43.0% (606/1408)
[2025-05-27 10:08:01.880] Successful: 606, Failed: 0
[2025-05-27 10:08:01.880] Time remaining: 29.1h
[2025-05-27 10:08:01.880] Waiting 5 seconds before next sample...
[2025-05-27 10:08:06.880] SAMPLE 607/1408
[2025-05-27 10:08:06.880] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 10:08:06.880] File: dc4e3c1a007475326c0a04eef870cecfd719c35f11908a113ce26355a62138ca.exe
[2025-05-27 10:08:06.880] Path: D:\new\ransomware_high_confidence\gandcrab\dc4e3c1a007475326c0a04eef870cecfd719c35f11908a113ce26355a62138ca.exe
[2025-05-27 10:08:06.881] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\dc4e3c1a007475326c0a04eef870cecfd719c35f11908a113ce26355a62138ca.exe
[2025-05-27 10:08:06.881] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:08:08.457] Restoring snapshot 35 done
[2025-05-27 10:08:08.457] Starting up VM
[2025-05-27 10:08:14.546] Starting up VM done
[2025-05-27 10:08:14.546] Installing kernel driver
[2025-05-27 10:08:14.546] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:08:18.800] Kernel driver installation completed
[2025-05-27 10:08:18.800] Starting GP driver service
[2025-05-27 10:08:18.800] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:08:21.948] GP driver service started
[2025-05-27 10:08:21.948] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\dc4e3c1a007475326c0a04eef870cecfd719c35f11908a113ce26355a62138ca.exe
[2025-05-27 10:08:21.948] Malware execution started
[2025-05-27 10:08:21.948] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:09:21.956] Taking screenshot
[2025-05-27 10:09:22.018] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:09:42.573] Powering off VM done
[2025-05-27 10:09:45.574] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:09:47.128] Restoring snapshot 35 done
[2025-05-27 10:09:47.128] Kernel telemetry analysis completed in 100.2 seconds.

[2025-05-27 10:09:47.128] ✅ Analysis completed successfully!
[2025-05-27 10:09:47.128] Progress: 43.1% (607/1408)
[2025-05-27 10:09:47.128] Successful: 607, Failed: 0
[2025-05-27 10:09:47.128] Time remaining: 29.0h
[2025-05-27 10:09:47.128] Waiting 5 seconds before next sample...
[2025-05-27 10:09:52.128] SAMPLE 608/1408
[2025-05-27 10:09:52.128] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 10:09:52.128] File: dcdd516739eb88e2781d92429e58f7d97298d63d2a3b4df805f771407f02d33e.exe
[2025-05-27 10:09:52.128] Path: D:\new\ransomware_high_confidence\gandcrab\dcdd516739eb88e2781d92429e58f7d97298d63d2a3b4df805f771407f02d33e.exe
[2025-05-27 10:09:52.128] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\dcdd516739eb88e2781d92429e58f7d97298d63d2a3b4df805f771407f02d33e.exe
[2025-05-27 10:09:52.128] Malware execution 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:09:53.939] Restoring snapshot 35 done
[2025-05-27 10:09:53.939] Starting up VM
[2025-05-27 10:10:00.275] Starting up VM done
[2025-05-27 10:10:00.275] Installing kernel driver
[2025-05-27 10:10:00.275] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:10:04.654] Kernel driver installation completed
[2025-05-27 10:10:04.654] Starting GP driver service
[2025-05-27 10:10:04.654] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:10:07.806] GP driver service started
[2025-05-27 10:10:07.806] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\dcdd516739eb88e2781d92429e58f7d97298d63d2a3b4df805f771407f02d33e.exe
[2025-05-27 10:10:07.806] Malware execution started
[2025-05-27 10:10:07.806] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:11:07.815] Taking screenshot
[2025-05-27 10:11:07.877] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:11:26.276] Powering off VM done
[2025-05-27 10:11:29.276] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:11:30.920] Restoring snapshot 35 done
[2025-05-27 10:11:30.920] Kernel telemetry analysis completed in 98.8 seconds.

[2025-05-27 10:11:30.920] ✅ Analysis completed successfully!
[2025-05-27 10:11:30.920] Progress: 43.2% (608/1408)
[2025-05-27 10:11:30.920] Successful: 608, Failed: 0
[2025-05-27 10:11:30.920] Time remaining: 29.0h
[2025-05-27 10:11:30.920] Waiting 5 seconds before next sample...
[2025-05-27 10:11:35.921] SAMPLE 609/1408
[2025-05-27 10:11:35.921] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 10:11:35.921] File: e906f1c983c7c2756f4bcd4de9edb2c6e8d16c1f84a18fecf15b698a459183fc.exe
[2025-05-27 10:11:35.921] Path: D:\new\ransomware_high_confidence\gandcrab\e906f1c983c7c2756f4bcd4de9edb2c6e8d16c1f84a18fecf15b698a459183fc.exe
[2025-05-27 10:11:35.921] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\e906f1c983c7c2756f4bcd4de9edb2c6e8d16c1f84a18fecf15b698a459183fc.exe
[2025-05-27 10:11:35.921] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:11:37.527] Restoring snapshot 35 done
[2025-05-27 10:11:37.527] Starting up VM
[2025-05-27 10:11:44.782] Starting up VM done
[2025-05-27 10:11:44.782] Installing kernel driver
[2025-05-27 10:11:44.782] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:11:48.980] Kernel driver installation completed
[2025-05-27 10:11:48.980] Starting GP driver service
[2025-05-27 10:11:48.980] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:11:52.126] GP driver service started
[2025-05-27 10:11:52.127] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\e906f1c983c7c2756f4bcd4de9edb2c6e8d16c1f84a18fecf15b698a459183fc.exe
[2025-05-27 10:11:52.127] Malware execution started
[2025-05-27 10:11:52.127] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:12:52.135] Taking screenshot
[2025-05-27 10:12:52.197] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:13:08.356] Powering off VM done
[2025-05-27 10:13:11.356] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:13:13.075] Restoring snapshot 35 done
[2025-05-27 10:13:13.075] Kernel telemetry analysis completed in 97.2 seconds.

[2025-05-27 10:13:13.075] ✅ Analysis completed successfully!
[2025-05-27 10:13:13.075] Progress: 43.3% (609/1408)
[2025-05-27 10:13:13.075] Successful: 609, Failed: 0
[2025-05-27 10:13:13.075] Time remaining: 28.9h
[2025-05-27 10:13:13.075] Waiting 5 seconds before next sample...
[2025-05-27 10:13:18.075] SAMPLE 610/1408
[2025-05-27 10:13:18.075] Family: D:\new\ransomware_high_confidence\gandcrab
[2025-05-27 10:13:18.075] File: f0cce9bb1ede97017e6edac8f3372c522df26b73a6f136cfcfb2e1d94d0e3168.exe
[2025-05-27 10:13:18.075] Path: D:\new\ransomware_high_confidence\gandcrab\f0cce9bb1ede97017e6edac8f3372c522df26b73a6f136cfcfb2e1d94d0e3168.exe
[2025-05-27 10:13:18.075] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\gandcrab\f0cce9bb1ede97017e6edac8f3372c522df26b73a6f136cfcfb2e1d94d0e3168.exe
[2025-05-27 10:13:18.075] Malware execution t

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:13:19.917] Restoring snapshot 35 done
[2025-05-27 10:13:19.917] Starting up VM
[2025-05-27 10:13:26.961] Starting up VM done
[2025-05-27 10:13:26.961] Installing kernel driver
[2025-05-27 10:13:26.961] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:13:31.216] Kernel driver installation completed
[2025-05-27 10:13:31.216] Starting GP driver service
[2025-05-27 10:13:31.216] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:13:34.368] GP driver service started
[2025-05-27 10:13:34.368] Executing malware sample: D:\new\ransomware_high_confidence\gandcrab\f0cce9bb1ede97017e6edac8f3372c522df26b73a6f136cfcfb2e1d94d0e3168.exe
[2025-05-27 10:13:34.369] Malware execution started
[2025-05-27 10:13:34.369] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:14:34.377] Taking screenshot
[2025-05-27 10:14:34.440] Takin

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:14:53.900] Powering off VM done
[2025-05-27 10:14:56.901] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:14:58.426] Restoring snapshot 35 done
[2025-05-27 10:14:58.426] Kernel telemetry analysis completed in 100.4 seconds.

[2025-05-27 10:14:58.426] ✅ Analysis completed successfully!
[2025-05-27 10:14:58.426] Progress: 43.3% (610/1408)
[2025-05-27 10:14:58.426] Successful: 610, Failed: 0
[2025-05-27 10:14:58.426] Time remaining: 28.9h
[2025-05-27 10:14:58.426] Waiting 5 seconds before next sample...
[2025-05-27 10:15:03.426] SAMPLE 611/1408
[2025-05-27 10:15:03.426] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 10:15:03.426] File: 05ae137c49d99b41296d91667f040082fc33d6f28acbccdc28cfbedf59f6f75b.exe
[2025-05-27 10:15:03.426] Path: D:\new\ransomware_high_confidence\hive\05ae137c49d99b41296d91667f040082fc33d6f28acbccdc28cfbedf59f6f75b.exe
[2025-05-27 10:15:03.426] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\05ae137c49d99b41296d91667f040082fc33d6f28acbccdc28cfbedf59f6f75b.exe
[2025-05-27 10:15:03.427] Malware execution time: 60 sec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:15:05.340] Restoring snapshot 35 done
[2025-05-27 10:15:05.340] Starting up VM
[2025-05-27 10:15:11.570] Starting up VM done
[2025-05-27 10:15:11.570] Installing kernel driver
[2025-05-27 10:15:11.570] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:15:15.856] Kernel driver installation completed
[2025-05-27 10:15:15.856] Starting GP driver service
[2025-05-27 10:15:15.856] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:15:19.014] GP driver service started
[2025-05-27 10:15:19.014] Executing malware sample: D:\new\ransomware_high_confidence\hive\05ae137c49d99b41296d91667f040082fc33d6f28acbccdc28cfbedf59f6f75b.exe
[2025-05-27 10:15:19.015] Malware execution started
[2025-05-27 10:15:19.015] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:16:19.023] Taking screenshot
[2025-05-27 10:16:19.084] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:18:59.351] Powering off VM done
[2025-05-27 10:19:02.351] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:19:03.729] Restoring snapshot 35 done
[2025-05-27 10:19:03.729] Kernel telemetry analysis completed in 240.3 seconds.

[2025-05-27 10:19:03.729] ✅ Analysis completed successfully!
[2025-05-27 10:19:03.729] Progress: 43.4% (611/1408)
[2025-05-27 10:19:03.729] Successful: 611, Failed: 0
[2025-05-27 10:19:03.729] Time remaining: 28.9h
[2025-05-27 10:19:03.729] Waiting 5 seconds before next sample...
[2025-05-27 10:19:08.729] SAMPLE 612/1408
[2025-05-27 10:19:08.729] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 10:19:08.729] File: 06173ef5e0646e104caad18a0f849975dfcddf6c292edfa4c2980b8947502ac8.exe
[2025-05-27 10:19:08.729] Path: D:\new\ransomware_high_confidence\hive\06173ef5e0646e104caad18a0f849975dfcddf6c292edfa4c2980b8947502ac8.exe
[2025-05-27 10:19:08.730] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\06173ef5e0646e104caad18a0f849975dfcddf6c292edfa4c2980b8947502ac8.exe
[2025-05-27 10:19:08.730] Malware execution time: 60 sec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:19:10.214] Restoring snapshot 35 done
[2025-05-27 10:19:10.214] Starting up VM
[2025-05-27 10:19:16.728] Starting up VM done
[2025-05-27 10:19:16.728] Installing kernel driver
[2025-05-27 10:19:16.728] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:19:20.959] Kernel driver installation completed
[2025-05-27 10:19:20.959] Starting GP driver service
[2025-05-27 10:19:20.959] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:19:24.107] GP driver service started
[2025-05-27 10:19:24.107] Executing malware sample: D:\new\ransomware_high_confidence\hive\06173ef5e0646e104caad18a0f849975dfcddf6c292edfa4c2980b8947502ac8.exe
[2025-05-27 10:19:24.107] Malware execution started
[2025-05-27 10:19:24.107] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:20:24.116] Taking screenshot
[2025-05-27 10:20:24.258] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:20:52.539] Powering off VM done
[2025-05-27 10:20:55.539] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:20:57.130] Restoring snapshot 35 done
[2025-05-27 10:20:57.130] Kernel telemetry analysis completed in 108.4 seconds.

[2025-05-27 10:20:57.130] ✅ Analysis completed successfully!
[2025-05-27 10:20:57.130] Progress: 43.5% (612/1408)
[2025-05-27 10:20:57.130] Successful: 612, Failed: 0
[2025-05-27 10:20:57.130] Time remaining: 28.9h
[2025-05-27 10:20:57.130] Waiting 5 seconds before next sample...


VBoxManage: error: Code NS_ERROR_CALL_FAILED (0x800706BE) - Call to remote object failed (extended info not available)
VBoxManage: error: Context: "Close()" at line 903 of file VBoxManageGuestCtrl.cpp
VBoxManage: error: The session is not locked (session state: Unlocked)
VBoxManage: error: Details: code NS_ERROR_UNEXPECTED (0x8000ffff), component SessionWrap, interface ISession, callee nsISupports
VBoxManage: error: Context: "UnlockMachine()" at line 918 of file VBoxManageGuestCtrl.cpp


[2025-05-27 10:21:02.131] SAMPLE 613/1408
[2025-05-27 10:21:02.131] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 10:21:02.131] File: 065208b037a2691eb75a14f97bdbd9914122655d42f6249d2cca419a1e4ba6f1.exe
[2025-05-27 10:21:02.131] Path: D:\new\ransomware_high_confidence\hive\065208b037a2691eb75a14f97bdbd9914122655d42f6249d2cca419a1e4ba6f1.exe
[2025-05-27 10:21:02.131] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\065208b037a2691eb75a14f97bdbd9914122655d42f6249d2cca419a1e4ba6f1.exe
[2025-05-27 10:21:02.131] Malware execution time: 60 seconds
[2025-05-27 10:21:02.131] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:21:03.928] Restoring snapshot 35 done
[2025-05-27 10:21:03.928] Starting up VM
[2025-05-27 10:21:10.388] Starting up VM done
[2025-05-27 10:21:10.388] Installing kernel driver
[2025-05-27 10:21:10.388] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:21:14.752] Kernel driver installation completed
[2025-05-27 10:21:14.752] Starting GP driver service
[2025-05-27 10:21:14.752] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:21:17.910] GP driver service started
[2025-05-27 10:21:17.910] Executing malware sample: D:\new\ransomware_high_confidence\hive\065208b037a2691eb75a14f97bdbd9914122655d42f6249d2cca419a1e4ba6f1.exe
[2025-05-27 10:21:17.911] Malware execution started
[2025-05-27 10:21:17.911] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:22:17.919] Taking screenshot
[2025-05-27 10:22:17.980] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:22:33.247] Powering off VM done
[2025-05-27 10:22:36.248] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:22:37.066] Restoring snapshot 35 done
[2025-05-27 10:22:37.066] Kernel telemetry analysis completed in 94.9 seconds.

[2025-05-27 10:22:37.066] ✅ Analysis completed successfully!
[2025-05-27 10:22:37.066] Progress: 43.5% (613/1408)
[2025-05-27 10:22:37.066] Successful: 613, Failed: 0
[2025-05-27 10:22:37.066] Time remaining: 28.8h
[2025-05-27 10:22:37.066] Waiting 5 seconds before next sample...
[2025-05-27 10:22:42.067] SAMPLE 614/1408
[2025-05-27 10:22:42.067] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 10:22:42.067] File: 08661aa84e59af054e1e7bcde2340b9b7ce83768273999c9ad055e6b6cbd4977.exe
[2025-05-27 10:22:42.067] Path: D:\new\ransomware_high_confidence\hive\08661aa84e59af054e1e7bcde2340b9b7ce83768273999c9ad055e6b6cbd4977.exe
[2025-05-27 10:22:42.067] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\08661aa84e59af054e1e7bcde2340b9b7ce83768273999c9ad055e6b6cbd4977.exe
[2025-05-27 10:22:42.067] Malware execution time: 60 seco

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:22:43.602] Restoring snapshot 35 done
[2025-05-27 10:22:43.602] Starting up VM
[2025-05-27 10:22:50.760] Starting up VM done
[2025-05-27 10:22:50.760] Installing kernel driver
[2025-05-27 10:22:50.760] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:22:55.124] Kernel driver installation completed
[2025-05-27 10:22:55.124] Starting GP driver service
[2025-05-27 10:22:55.124] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:22:58.272] GP driver service started
[2025-05-27 10:22:58.272] Executing malware sample: D:\new\ransomware_high_confidence\hive\08661aa84e59af054e1e7bcde2340b9b7ce83768273999c9ad055e6b6cbd4977.exe
[2025-05-27 10:22:58.272] Malware execution started
[2025-05-27 10:22:58.272] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:23:58.281] Taking screenshot
[2025-05-27 10:23:58.343] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:26:37.851] Powering off VM done
[2025-05-27 10:26:40.852] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:26:42.500] Restoring snapshot 35 done
[2025-05-27 10:26:42.500] Kernel telemetry analysis completed in 240.4 seconds.

[2025-05-27 10:26:42.500] ✅ Analysis completed successfully!
[2025-05-27 10:26:42.500] Progress: 43.6% (614/1408)
[2025-05-27 10:26:42.500] Successful: 614, Failed: 0
[2025-05-27 10:26:42.500] Time remaining: 28.8h
[2025-05-27 10:26:42.500] Waiting 5 seconds before next sample...
[2025-05-27 10:26:47.500] SAMPLE 615/1408
[2025-05-27 10:26:47.500] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 10:26:47.500] File: 0b71b4195c1dd5febd1bf22f62834c471e3c55f76ffa15d536b245652654ed94.exe
[2025-05-27 10:26:47.500] Path: D:\new\ransomware_high_confidence\hive\0b71b4195c1dd5febd1bf22f62834c471e3c55f76ffa15d536b245652654ed94.exe
[2025-05-27 10:26:47.501] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\0b71b4195c1dd5febd1bf22f62834c471e3c55f76ffa15d536b245652654ed94.exe
[2025-05-27 10:26:47.501] Malware execution time: 60 sec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:26:49.278] Restoring snapshot 35 done
[2025-05-27 10:26:49.278] Starting up VM
[2025-05-27 10:26:55.531] Starting up VM done
[2025-05-27 10:26:55.531] Installing kernel driver
[2025-05-27 10:26:55.531] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:26:59.186] Kernel driver installation completed
[2025-05-27 10:26:59.186] Starting GP driver service
[2025-05-27 10:26:59.186] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:27:02.334] GP driver service started
[2025-05-27 10:27:02.334] Executing malware sample: D:\new\ransomware_high_confidence\hive\0b71b4195c1dd5febd1bf22f62834c471e3c55f76ffa15d536b245652654ed94.exe
[2025-05-27 10:27:02.335] Malware execution started
[2025-05-27 10:27:02.335] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:28:02.344] Taking screenshot
[2025-05-27 10:28:02.406] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:28:19.506] Powering off VM done
[2025-05-27 10:28:22.506] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:28:23.735] Restoring snapshot 35 done
[2025-05-27 10:28:23.735] Kernel telemetry analysis completed in 96.2 seconds.

[2025-05-27 10:28:23.735] ✅ Analysis completed successfully!
[2025-05-27 10:28:23.735] Progress: 43.7% (615/1408)
[2025-05-27 10:28:23.735] Successful: 615, Failed: 0
[2025-05-27 10:28:23.735] Time remaining: 28.8h
[2025-05-27 10:28:23.735] Waiting 5 seconds before next sample...
[2025-05-27 10:28:28.735] SAMPLE 616/1408
[2025-05-27 10:28:28.735] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 10:28:28.735] File: 15a290552f9cdc38b18e6c0babe7fdd52ff8abfa73ff823220fa994e7f023dc0.exe
[2025-05-27 10:28:28.735] Path: D:\new\ransomware_high_confidence\hive\15a290552f9cdc38b18e6c0babe7fdd52ff8abfa73ff823220fa994e7f023dc0.exe
[2025-05-27 10:28:28.735] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\15a290552f9cdc38b18e6c0babe7fdd52ff8abfa73ff823220fa994e7f023dc0.exe
[2025-05-27 10:28:28.735] Malware execution time: 60 seco

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:28:30.553] Restoring snapshot 35 done
[2025-05-27 10:28:30.553] Starting up VM
[2025-05-27 10:28:36.855] Starting up VM done
[2025-05-27 10:28:36.855] Installing kernel driver
[2025-05-27 10:28:36.855] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:28:41.176] Kernel driver installation completed
[2025-05-27 10:28:41.177] Starting GP driver service
[2025-05-27 10:28:41.177] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:28:44.333] GP driver service started
[2025-05-27 10:28:44.334] Executing malware sample: D:\new\ransomware_high_confidence\hive\15a290552f9cdc38b18e6c0babe7fdd52ff8abfa73ff823220fa994e7f023dc0.exe
[2025-05-27 10:28:44.334] Malware execution started
[2025-05-27 10:28:44.334] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:29:44.343] Taking screenshot
[2025-05-27 10:29:44.404] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:30:00.547] Powering off VM done
[2025-05-27 10:30:03.548] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:30:04.858] Restoring snapshot 35 done
[2025-05-27 10:30:04.858] Kernel telemetry analysis completed in 96.1 seconds.

[2025-05-27 10:30:04.858] ✅ Analysis completed successfully!
[2025-05-27 10:30:04.858] Progress: 43.8% (616/1408)
[2025-05-27 10:30:04.858] Successful: 616, Failed: 0
[2025-05-27 10:30:04.858] Time remaining: 28.7h
[2025-05-27 10:30:04.858] Waiting 5 seconds before next sample...
[2025-05-27 10:30:09.858] SAMPLE 617/1408
[2025-05-27 10:30:09.858] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 10:30:09.858] File: 1613ba0352b2e9b8d40d001de73c0b747413fae95707f646ac8ad9e3c2f9dce7.exe
[2025-05-27 10:30:09.858] Path: D:\new\ransomware_high_confidence\hive\1613ba0352b2e9b8d40d001de73c0b747413fae95707f646ac8ad9e3c2f9dce7.exe
[2025-05-27 10:30:09.858] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\1613ba0352b2e9b8d40d001de73c0b747413fae95707f646ac8ad9e3c2f9dce7.exe
[2025-05-27 10:30:09.858] Malware execution time: 60 seco

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:30:10.831] Restoring snapshot 35 done
[2025-05-27 10:30:10.831] Starting up VM
[2025-05-27 10:30:17.194] Starting up VM done
[2025-05-27 10:30:17.194] Installing kernel driver
[2025-05-27 10:30:17.194] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:30:21.423] Kernel driver installation completed
[2025-05-27 10:30:21.423] Starting GP driver service
[2025-05-27 10:30:21.423] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:30:24.573] GP driver service started
[2025-05-27 10:30:24.573] Executing malware sample: D:\new\ransomware_high_confidence\hive\1613ba0352b2e9b8d40d001de73c0b747413fae95707f646ac8ad9e3c2f9dce7.exe
[2025-05-27 10:30:24.573] Malware execution started
[2025-05-27 10:30:24.573] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:31:24.581] Taking screenshot
[2025-05-27 10:31:24.645] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:31:43.279] Powering off VM done
[2025-05-27 10:31:46.279] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:31:47.845] Restoring snapshot 35 done
[2025-05-27 10:31:47.845] Kernel telemetry analysis completed in 98.0 seconds.

[2025-05-27 10:31:47.845] ✅ Analysis completed successfully!
[2025-05-27 10:31:47.845] Progress: 43.8% (617/1408)
[2025-05-27 10:31:47.845] Successful: 617, Failed: 0
[2025-05-27 10:31:47.845] Time remaining: 28.7h
[2025-05-27 10:31:47.845] Waiting 5 seconds before next sample...
[2025-05-27 10:31:52.846] SAMPLE 618/1408
[2025-05-27 10:31:52.846] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 10:31:52.846] File: 1670e8bb8065d23e1b93ed8173f079f338abef880047da21af95dd4db57e20bd.exe
[2025-05-27 10:31:52.846] Path: D:\new\ransomware_high_confidence\hive\1670e8bb8065d23e1b93ed8173f079f338abef880047da21af95dd4db57e20bd.exe
[2025-05-27 10:31:52.846] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\1670e8bb8065d23e1b93ed8173f079f338abef880047da21af95dd4db57e20bd.exe
[2025-05-27 10:31:52.846] Malware execution time: 60 seco

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:31:54.651] Restoring snapshot 35 done
[2025-05-27 10:31:54.651] Starting up VM
[2025-05-27 10:32:00.593] Starting up VM done
[2025-05-27 10:32:00.593] Installing kernel driver
[2025-05-27 10:32:00.593] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:32:04.347] Kernel driver installation completed
[2025-05-27 10:32:04.347] Starting GP driver service
[2025-05-27 10:32:04.347] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:32:07.522] GP driver service started
[2025-05-27 10:32:07.522] Executing malware sample: D:\new\ransomware_high_confidence\hive\1670e8bb8065d23e1b93ed8173f079f338abef880047da21af95dd4db57e20bd.exe
[2025-05-27 10:32:07.523] Malware execution started
[2025-05-27 10:32:07.523] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:33:07.531] Taking screenshot
[2025-05-27 10:33:07.591] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:35:45.966] Powering off VM done
[2025-05-27 10:35:48.966] Restoring snapshot 35
[2025-05-27 10:35:49.014] Restoring snapshot 35 done
[2025-05-27 10:35:49.015] Kernel telemetry analysis completed in 236.2 seconds.

[2025-05-27 10:35:49.015] ✅ Analysis completed successfully!
[2025-05-27 10:35:49.015] Progress: 43.9% (618/1408)
[2025-05-27 10:35:49.015] Successful: 618, Failed: 0
[2025-05-27 10:35:49.015] Time remaining: 28.7h
[2025-05-27 10:35:49.015] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:35:54.015] SAMPLE 619/1408
[2025-05-27 10:35:54.015] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 10:35:54.015] File: 16d0c9651cae4ca2641f9e875be9f7b39737292eede7a7870b6081922f40b4b1.exe
[2025-05-27 10:35:54.015] Path: D:\new\ransomware_high_confidence\hive\16d0c9651cae4ca2641f9e875be9f7b39737292eede7a7870b6081922f40b4b1.exe
[2025-05-27 10:35:54.015] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\16d0c9651cae4ca2641f9e875be9f7b39737292eede7a7870b6081922f40b4b1.exe
[2025-05-27 10:35:54.015] Malware execution time: 60 seconds
[2025-05-27 10:35:54.015] Restoring snapshot 35
[2025-05-27 10:35:54.193] Restoring snapshot 35 done
[2025-05-27 10:35:54.193] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:35:59.041] Starting up VM done
[2025-05-27 10:35:59.042] Installing kernel driver
[2025-05-27 10:35:59.042] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:36:02.196] Kernel driver installation completed
[2025-05-27 10:36:02.196] Starting GP driver service
[2025-05-27 10:36:02.196] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:36:05.356] GP driver service started
[2025-05-27 10:36:05.356] Executing malware sample: D:\new\ransomware_high_confidence\hive\16d0c9651cae4ca2641f9e875be9f7b39737292eede7a7870b6081922f40b4b1.exe
[2025-05-27 10:36:05.356] Malware execution started
[2025-05-27 10:36:05.356] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:37:05.365] Taking screenshot
[2025-05-27 10:37:05.424] Taking screenshot done
[2025-05-27 10:37:05.424] Terminating malware: 16d0c9651cae4ca2641f9e875be9f7b39

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:39:43.608] Powering off VM done
[2025-05-27 10:39:46.608] Restoring snapshot 35
[2025-05-27 10:39:46.658] Restoring snapshot 35 done
[2025-05-27 10:39:46.658] Kernel telemetry analysis completed in 232.6 seconds.

[2025-05-27 10:39:46.658] ✅ Analysis completed successfully!
[2025-05-27 10:39:46.658] Progress: 44.0% (619/1408)
[2025-05-27 10:39:46.658] Successful: 619, Failed: 0
[2025-05-27 10:39:46.658] Time remaining: 28.7h
[2025-05-27 10:39:46.658] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:39:51.658] SAMPLE 620/1408
[2025-05-27 10:39:51.658] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 10:39:51.658] File: 174fce7e7e2df156a3496ad0f4ecbb8aa6e2b76befc1f5e7a5108601ac62fc70.exe
[2025-05-27 10:39:51.658] Path: D:\new\ransomware_high_confidence\hive\174fce7e7e2df156a3496ad0f4ecbb8aa6e2b76befc1f5e7a5108601ac62fc70.exe
[2025-05-27 10:39:51.658] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\174fce7e7e2df156a3496ad0f4ecbb8aa6e2b76befc1f5e7a5108601ac62fc70.exe
[2025-05-27 10:39:51.658] Malware execution time: 60 seconds
[2025-05-27 10:39:51.658] Restoring snapshot 35
[2025-05-27 10:39:51.840] Restoring snapshot 35 done
[2025-05-27 10:39:51.840] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:39:56.693] Starting up VM done
[2025-05-27 10:39:56.694] Installing kernel driver
[2025-05-27 10:39:56.694] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:39:59.852] Kernel driver installation completed
[2025-05-27 10:39:59.852] Starting GP driver service
[2025-05-27 10:39:59.853] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:40:03.013] GP driver service started
[2025-05-27 10:40:03.013] Executing malware sample: D:\new\ransomware_high_confidence\hive\174fce7e7e2df156a3496ad0f4ecbb8aa6e2b76befc1f5e7a5108601ac62fc70.exe
[2025-05-27 10:40:03.014] Malware execution started
[2025-05-27 10:40:03.014] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:41:03.023] Taking screenshot
[2025-05-27 10:41:03.087] Taking screenshot done
[2025-05-27 10:41:03.087] Terminating malware: 174fce7e7e2df156a3496ad0f4ecbb8aa

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:41:16.839] Powering off VM done
[2025-05-27 10:41:19.839] Restoring snapshot 35
[2025-05-27 10:41:19.890] Restoring snapshot 35 done
[2025-05-27 10:41:19.890] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 10:41:19.890] ✅ Analysis completed successfully!
[2025-05-27 10:41:19.890] Progress: 44.0% (620/1408)
[2025-05-27 10:41:19.890] Successful: 620, Failed: 0
[2025-05-27 10:41:19.890] Time remaining: 28.6h
[2025-05-27 10:41:19.890] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:41:24.890] SAMPLE 621/1408
[2025-05-27 10:41:24.890] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 10:41:24.890] File: 199006f7d4dbc6ccdecbe99b18e8582ba42e6f66f6e3de865eebd3de095a3a63.exe
[2025-05-27 10:41:24.891] Path: D:\new\ransomware_high_confidence\hive\199006f7d4dbc6ccdecbe99b18e8582ba42e6f66f6e3de865eebd3de095a3a63.exe
[2025-05-27 10:41:24.891] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\199006f7d4dbc6ccdecbe99b18e8582ba42e6f66f6e3de865eebd3de095a3a63.exe
[2025-05-27 10:41:24.891] Malware execution time: 60 seconds
[2025-05-27 10:41:24.891] Restoring snapshot 35
[2025-05-27 10:41:25.067] Restoring snapshot 35 done
[2025-05-27 10:41:25.067] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:41:29.971] Starting up VM done
[2025-05-27 10:41:29.971] Installing kernel driver
[2025-05-27 10:41:29.971] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:41:33.129] Kernel driver installation completed
[2025-05-27 10:41:33.130] Starting GP driver service
[2025-05-27 10:41:33.130] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:41:36.277] GP driver service started
[2025-05-27 10:41:36.277] Executing malware sample: D:\new\ransomware_high_confidence\hive\199006f7d4dbc6ccdecbe99b18e8582ba42e6f66f6e3de865eebd3de095a3a63.exe
[2025-05-27 10:41:36.277] Malware execution started
[2025-05-27 10:41:36.277] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:42:36.286] Taking screenshot
[2025-05-27 10:42:36.344] Taking screenshot done
[2025-05-27 10:42:36.344] Terminating malware: 199006f7d4dbc6ccdecbe99b18e8582ba

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:45:14.709] Powering off VM done
[2025-05-27 10:45:17.709] Restoring snapshot 35
[2025-05-27 10:45:17.758] Restoring snapshot 35 done
[2025-05-27 10:45:17.758] Kernel telemetry analysis completed in 232.9 seconds.

[2025-05-27 10:45:17.758] ✅ Analysis completed successfully!
[2025-05-27 10:45:17.758] Progress: 44.1% (621/1408)
[2025-05-27 10:45:17.758] Successful: 621, Failed: 0
[2025-05-27 10:45:17.758] Time remaining: 28.6h
[2025-05-27 10:45:17.758] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:45:22.758] SAMPLE 622/1408
[2025-05-27 10:45:22.758] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 10:45:22.758] File: 1fb6c6be88080f6a91c33616a9aa4c839dbc1062a904eeacd9fd379a22962498.exe
[2025-05-27 10:45:22.758] Path: D:\new\ransomware_high_confidence\hive\1fb6c6be88080f6a91c33616a9aa4c839dbc1062a904eeacd9fd379a22962498.exe
[2025-05-27 10:45:22.758] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\1fb6c6be88080f6a91c33616a9aa4c839dbc1062a904eeacd9fd379a22962498.exe
[2025-05-27 10:45:22.758] Malware execution time: 60 seconds
[2025-05-27 10:45:22.758] Restoring snapshot 35
[2025-05-27 10:45:22.936] Restoring snapshot 35 done
[2025-05-27 10:45:22.936] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:45:27.827] Starting up VM done
[2025-05-27 10:45:27.827] Installing kernel driver
[2025-05-27 10:45:27.827] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:45:30.981] Kernel driver installation completed
[2025-05-27 10:45:30.981] Starting GP driver service
[2025-05-27 10:45:30.981] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:45:34.134] GP driver service started
[2025-05-27 10:45:34.134] Executing malware sample: D:\new\ransomware_high_confidence\hive\1fb6c6be88080f6a91c33616a9aa4c839dbc1062a904eeacd9fd379a22962498.exe
[2025-05-27 10:45:34.134] Malware execution started
[2025-05-27 10:45:34.135] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:46:34.143] Taking screenshot
[2025-05-27 10:46:34.201] Taking screenshot done
[2025-05-27 10:46:34.201] Terminating malware: 1fb6c6be88080f6a91c33616a9aa4c839

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:49:12.597] Powering off VM done
[2025-05-27 10:49:15.598] Restoring snapshot 35
[2025-05-27 10:49:15.647] Restoring snapshot 35 done
[2025-05-27 10:49:15.647] Kernel telemetry analysis completed in 232.9 seconds.

[2025-05-27 10:49:15.647] ✅ Analysis completed successfully!
[2025-05-27 10:49:15.647] Progress: 44.2% (622/1408)
[2025-05-27 10:49:15.647] Successful: 622, Failed: 0
[2025-05-27 10:49:15.647] Time remaining: 28.6h
[2025-05-27 10:49:15.647] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:49:20.647] SAMPLE 623/1408
[2025-05-27 10:49:20.647] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 10:49:20.647] File: 201215fdd6ba159d22621f2424f75b25fbe6dac1c85126e174e4ae999ef88111.exe
[2025-05-27 10:49:20.647] Path: D:\new\ransomware_high_confidence\hive\201215fdd6ba159d22621f2424f75b25fbe6dac1c85126e174e4ae999ef88111.exe
[2025-05-27 10:49:20.647] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\201215fdd6ba159d22621f2424f75b25fbe6dac1c85126e174e4ae999ef88111.exe
[2025-05-27 10:49:20.647] Malware execution time: 60 seconds
[2025-05-27 10:49:20.647] Restoring snapshot 35
[2025-05-27 10:49:20.830] Restoring snapshot 35 done
[2025-05-27 10:49:20.830] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:49:25.731] Starting up VM done
[2025-05-27 10:49:25.731] Installing kernel driver
[2025-05-27 10:49:25.731] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:49:28.894] Kernel driver installation completed
[2025-05-27 10:49:28.894] Starting GP driver service
[2025-05-27 10:49:28.894] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:49:32.042] GP driver service started
[2025-05-27 10:49:32.042] Executing malware sample: D:\new\ransomware_high_confidence\hive\201215fdd6ba159d22621f2424f75b25fbe6dac1c85126e174e4ae999ef88111.exe
[2025-05-27 10:49:32.043] Malware execution started
[2025-05-27 10:49:32.043] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:50:32.051] Taking screenshot
[2025-05-27 10:50:32.114] Taking screenshot done
[2025-05-27 10:50:32.114] Terminating malware: 201215fdd6ba159d22621f2424f75b25f

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:50:45.906] Powering off VM done
[2025-05-27 10:50:48.907] Restoring snapshot 35
[2025-05-27 10:50:48.955] Restoring snapshot 35 done
[2025-05-27 10:50:48.955] Kernel telemetry analysis completed in 88.3 seconds.

[2025-05-27 10:50:48.955] ✅ Analysis completed successfully!
[2025-05-27 10:50:48.955] Progress: 44.2% (623/1408)
[2025-05-27 10:50:48.955] Successful: 623, Failed: 0
[2025-05-27 10:50:48.955] Time remaining: 28.6h
[2025-05-27 10:50:48.955] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:50:53.955] SAMPLE 624/1408
[2025-05-27 10:50:53.955] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 10:50:53.955] File: 206de75058a7dfa0b96784965baab63a137f2e89a97e623842e7d0bb3f12c2fc.exe
[2025-05-27 10:50:53.955] Path: D:\new\ransomware_high_confidence\hive\206de75058a7dfa0b96784965baab63a137f2e89a97e623842e7d0bb3f12c2fc.exe
[2025-05-27 10:50:53.955] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\206de75058a7dfa0b96784965baab63a137f2e89a97e623842e7d0bb3f12c2fc.exe
[2025-05-27 10:50:53.955] Malware execution time: 60 seconds
[2025-05-27 10:50:53.955] Restoring snapshot 35
[2025-05-27 10:50:54.132] Restoring snapshot 35 done
[2025-05-27 10:50:54.132] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:50:58.998] Starting up VM done
[2025-05-27 10:50:58.998] Installing kernel driver
[2025-05-27 10:50:58.998] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:51:02.161] Kernel driver installation completed
[2025-05-27 10:51:02.161] Starting GP driver service
[2025-05-27 10:51:02.161] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:51:05.316] GP driver service started
[2025-05-27 10:51:05.316] Executing malware sample: D:\new\ransomware_high_confidence\hive\206de75058a7dfa0b96784965baab63a137f2e89a97e623842e7d0bb3f12c2fc.exe
[2025-05-27 10:51:05.317] Malware execution started
[2025-05-27 10:51:05.317] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:52:05.326] Taking screenshot
[2025-05-27 10:52:05.388] Taking screenshot done
[2025-05-27 10:52:05.388] Terminating malware: 206de75058a7dfa0b96784965baab63a1

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:52:19.125] Powering off VM done
[2025-05-27 10:52:22.125] Restoring snapshot 35
[2025-05-27 10:52:22.174] Restoring snapshot 35 done
[2025-05-27 10:52:22.174] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 10:52:22.174] ✅ Analysis completed successfully!
[2025-05-27 10:52:22.174] Progress: 44.3% (624/1408)
[2025-05-27 10:52:22.174] Successful: 624, Failed: 0
[2025-05-27 10:52:22.174] Time remaining: 28.5h
[2025-05-27 10:52:22.174] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:52:27.174] SAMPLE 625/1408
[2025-05-27 10:52:27.174] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 10:52:27.174] File: 29d2f9308947efac0c804497666e1f03d61bc9321fdb498152a5d481d1e61a35.exe
[2025-05-27 10:52:27.174] Path: D:\new\ransomware_high_confidence\hive\29d2f9308947efac0c804497666e1f03d61bc9321fdb498152a5d481d1e61a35.exe
[2025-05-27 10:52:27.175] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\29d2f9308947efac0c804497666e1f03d61bc9321fdb498152a5d481d1e61a35.exe
[2025-05-27 10:52:27.175] Malware execution time: 60 seconds
[2025-05-27 10:52:27.175] Restoring snapshot 35
[2025-05-27 10:52:27.349] Restoring snapshot 35 done
[2025-05-27 10:52:27.349] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:52:32.219] Starting up VM done
[2025-05-27 10:52:32.220] Installing kernel driver
[2025-05-27 10:52:32.220] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:52:35.385] Kernel driver installation completed
[2025-05-27 10:52:35.385] Starting GP driver service
[2025-05-27 10:52:35.385] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:52:38.543] GP driver service started
[2025-05-27 10:52:38.543] Executing malware sample: D:\new\ransomware_high_confidence\hive\29d2f9308947efac0c804497666e1f03d61bc9321fdb498152a5d481d1e61a35.exe
[2025-05-27 10:52:38.544] Malware execution started
[2025-05-27 10:52:38.544] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:53:38.552] Taking screenshot
[2025-05-27 10:53:38.611] Taking screenshot done
[2025-05-27 10:53:38.611] Terminating malware: 29d2f9308947efac0c804497666e1f03d

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:56:17.045] Powering off VM done
[2025-05-27 10:56:20.045] Restoring snapshot 35
[2025-05-27 10:56:20.095] Restoring snapshot 35 done
[2025-05-27 10:56:20.095] Kernel telemetry analysis completed in 232.9 seconds.

[2025-05-27 10:56:20.095] ✅ Analysis completed successfully!
[2025-05-27 10:56:20.095] Progress: 44.4% (625/1408)
[2025-05-27 10:56:20.095] Successful: 625, Failed: 0
[2025-05-27 10:56:20.095] Time remaining: 28.5h
[2025-05-27 10:56:20.095] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:56:25.095] SAMPLE 626/1408
[2025-05-27 10:56:25.095] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 10:56:25.095] File: 30414f35f5ae50c9133017c6100b6f82dca0ca872ac6fbcf159b7b1d2303664f.exe
[2025-05-27 10:56:25.095] Path: D:\new\ransomware_high_confidence\hive\30414f35f5ae50c9133017c6100b6f82dca0ca872ac6fbcf159b7b1d2303664f.exe
[2025-05-27 10:56:25.095] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\30414f35f5ae50c9133017c6100b6f82dca0ca872ac6fbcf159b7b1d2303664f.exe
[2025-05-27 10:56:25.095] Malware execution time: 60 seconds
[2025-05-27 10:56:25.095] Restoring snapshot 35
[2025-05-27 10:56:25.271] Restoring snapshot 35 done
[2025-05-27 10:56:25.271] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 10:56:30.137] Starting up VM done
[2025-05-27 10:56:30.137] Installing kernel driver
[2025-05-27 10:56:30.137] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 10:56:33.291] Kernel driver installation completed
[2025-05-27 10:56:33.291] Starting GP driver service
[2025-05-27 10:56:33.291] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 10:56:36.444] GP driver service started
[2025-05-27 10:56:36.444] Executing malware sample: D:\new\ransomware_high_confidence\hive\30414f35f5ae50c9133017c6100b6f82dca0ca872ac6fbcf159b7b1d2303664f.exe
[2025-05-27 10:56:36.445] Malware execution started
[2025-05-27 10:56:36.445] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 10:57:36.453] Taking screenshot
[2025-05-27 10:57:36.514] Taking screenshot done
[2025-05-27 10:57:36.514] Terminating malware: 30414f35f5ae50c9133017c6100b6f82d

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:00:14.942] Powering off VM done
[2025-05-27 11:00:17.943] Restoring snapshot 35
[2025-05-27 11:00:17.998] Restoring snapshot 35 done
[2025-05-27 11:00:17.998] Kernel telemetry analysis completed in 232.9 seconds.

[2025-05-27 11:00:17.998] ✅ Analysis completed successfully!
[2025-05-27 11:00:17.998] Progress: 44.5% (626/1408)
[2025-05-27 11:00:17.998] Successful: 626, Failed: 0
[2025-05-27 11:00:17.998] Time remaining: 28.5h
[2025-05-27 11:00:17.998] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:00:22.999] SAMPLE 627/1408
[2025-05-27 11:00:22.999] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:00:22.999] File: 32ff0e5d87ec16544b6ff936d6fd58023925c3bdabaf962c492f6b078cb01914.exe
[2025-05-27 11:00:22.999] Path: D:\new\ransomware_high_confidence\hive\32ff0e5d87ec16544b6ff936d6fd58023925c3bdabaf962c492f6b078cb01914.exe
[2025-05-27 11:00:22.999] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\32ff0e5d87ec16544b6ff936d6fd58023925c3bdabaf962c492f6b078cb01914.exe
[2025-05-27 11:00:22.999] Malware execution time: 60 seconds
[2025-05-27 11:00:22.999] Restoring snapshot 35
[2025-05-27 11:00:23.175] Restoring snapshot 35 done
[2025-05-27 11:00:23.175] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:00:28.063] Starting up VM done
[2025-05-27 11:00:28.063] Installing kernel driver
[2025-05-27 11:00:28.063] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:00:31.223] Kernel driver installation completed
[2025-05-27 11:00:31.223] Starting GP driver service
[2025-05-27 11:00:31.223] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:00:34.370] GP driver service started
[2025-05-27 11:00:34.370] Executing malware sample: D:\new\ransomware_high_confidence\hive\32ff0e5d87ec16544b6ff936d6fd58023925c3bdabaf962c492f6b078cb01914.exe
[2025-05-27 11:00:34.370] Malware execution started
[2025-05-27 11:00:34.370] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:01:34.378] Taking screenshot
[2025-05-27 11:01:34.442] Taking screenshot done
[2025-05-27 11:01:34.442] Terminating malware: 32ff0e5d87ec16544b6ff936d6fd58023

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:01:48.167] Powering off VM done
[2025-05-27 11:01:51.167] Restoring snapshot 35
[2025-05-27 11:01:51.214] Restoring snapshot 35 done
[2025-05-27 11:01:51.214] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 11:01:51.214] ✅ Analysis completed successfully!
[2025-05-27 11:01:51.214] Progress: 44.5% (627/1408)
[2025-05-27 11:01:51.214] Successful: 627, Failed: 0
[2025-05-27 11:01:51.214] Time remaining: 28.5h
[2025-05-27 11:01:51.214] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:01:56.215] SAMPLE 628/1408
[2025-05-27 11:01:56.215] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:01:56.215] File: 33aceb3dc0681a56226d4cfce32eee7a431e66f5c746a4d6dc7506a72b317277.exe
[2025-05-27 11:01:56.215] Path: D:\new\ransomware_high_confidence\hive\33aceb3dc0681a56226d4cfce32eee7a431e66f5c746a4d6dc7506a72b317277.exe
[2025-05-27 11:01:56.215] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\33aceb3dc0681a56226d4cfce32eee7a431e66f5c746a4d6dc7506a72b317277.exe
[2025-05-27 11:01:56.215] Malware execution time: 60 seconds
[2025-05-27 11:01:56.215] Restoring snapshot 35
[2025-05-27 11:01:56.391] Restoring snapshot 35 done
[2025-05-27 11:01:56.391] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:02:01.268] Starting up VM done
[2025-05-27 11:02:01.268] Installing kernel driver
[2025-05-27 11:02:01.268] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:02:04.434] Kernel driver installation completed
[2025-05-27 11:02:04.434] Starting GP driver service
[2025-05-27 11:02:04.434] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:02:07.592] GP driver service started
[2025-05-27 11:02:07.592] Executing malware sample: D:\new\ransomware_high_confidence\hive\33aceb3dc0681a56226d4cfce32eee7a431e66f5c746a4d6dc7506a72b317277.exe
[2025-05-27 11:02:07.593] Malware execution started
[2025-05-27 11:02:07.593] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:03:07.601] Taking screenshot
[2025-05-27 11:03:07.664] Taking screenshot done
[2025-05-27 11:03:07.664] Terminating malware: 33aceb3dc0681a56226d4cfce32eee7a4

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:05:54.329] Restoring snapshot 35
[2025-05-27 11:05:54.378] Restoring snapshot 35 done
[2025-05-27 11:05:54.378] Kernel telemetry analysis completed in 238.2 seconds.

[2025-05-27 11:05:54.378] ✅ Analysis completed successfully!
[2025-05-27 11:05:54.378] Progress: 44.6% (628/1408)
[2025-05-27 11:05:54.378] Successful: 628, Failed: 0
[2025-05-27 11:05:54.378] Time remaining: 28.5h
[2025-05-27 11:05:54.378] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:05:59.378] SAMPLE 629/1408
[2025-05-27 11:05:59.378] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:05:59.378] File: 3489cfa46b9cc21f3fbd73d3225b1f42223a9c14bec10c8d305f72192314a372.exe
[2025-05-27 11:05:59.378] Path: D:\new\ransomware_high_confidence\hive\3489cfa46b9cc21f3fbd73d3225b1f42223a9c14bec10c8d305f72192314a372.exe
[2025-05-27 11:05:59.379] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\3489cfa46b9cc21f3fbd73d3225b1f42223a9c14bec10c8d305f72192314a372.exe
[2025-05-27 11:05:59.379] Malware execution time: 60 seconds
[2025-05-27 11:05:59.379] Restoring snapshot 35
[2025-05-27 11:05:59.555] Restoring snapshot 35 done
[2025-05-27 11:05:59.555] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:06:04.446] Starting up VM done
[2025-05-27 11:06:04.447] Installing kernel driver
[2025-05-27 11:06:04.447] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:06:07.606] Kernel driver installation completed
[2025-05-27 11:06:07.606] Starting GP driver service
[2025-05-27 11:06:07.606] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:06:10.761] GP driver service started
[2025-05-27 11:06:10.761] Executing malware sample: D:\new\ransomware_high_confidence\hive\3489cfa46b9cc21f3fbd73d3225b1f42223a9c14bec10c8d305f72192314a372.exe
[2025-05-27 11:06:10.762] Malware execution started
[2025-05-27 11:06:10.762] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:07:10.770] Taking screenshot
[2025-05-27 11:07:10.828] Taking screenshot done
[2025-05-27 11:07:10.828] Terminating malware: 3489cfa46b9cc21f3fbd73d3225b1f422

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:09:49.208] Powering off VM done
[2025-05-27 11:09:52.209] Restoring snapshot 35
[2025-05-27 11:09:52.256] Restoring snapshot 35 done
[2025-05-27 11:09:52.257] Kernel telemetry analysis completed in 232.9 seconds.

[2025-05-27 11:09:52.257] ✅ Analysis completed successfully!
[2025-05-27 11:09:52.257] Progress: 44.7% (629/1408)
[2025-05-27 11:09:52.257] Successful: 629, Failed: 0
[2025-05-27 11:09:52.257] Time remaining: 28.5h
[2025-05-27 11:09:52.257] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:09:57.257] SAMPLE 630/1408
[2025-05-27 11:09:57.257] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:09:57.257] File: 36759cab7043cd7561ac6c3968832b30c9a442eff4d536e901d4ff70aef4d32d.exe
[2025-05-27 11:09:57.257] Path: D:\new\ransomware_high_confidence\hive\36759cab7043cd7561ac6c3968832b30c9a442eff4d536e901d4ff70aef4d32d.exe
[2025-05-27 11:09:57.257] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\36759cab7043cd7561ac6c3968832b30c9a442eff4d536e901d4ff70aef4d32d.exe
[2025-05-27 11:09:57.257] Malware execution time: 60 seconds
[2025-05-27 11:09:57.257] Restoring snapshot 35
[2025-05-27 11:09:57.433] Restoring snapshot 35 done
[2025-05-27 11:09:57.434] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:10:02.324] Starting up VM done
[2025-05-27 11:10:02.325] Installing kernel driver
[2025-05-27 11:10:02.325] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:10:05.488] Kernel driver installation completed
[2025-05-27 11:10:05.488] Starting GP driver service
[2025-05-27 11:10:05.488] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:10:08.648] GP driver service started
[2025-05-27 11:10:08.649] Executing malware sample: D:\new\ransomware_high_confidence\hive\36759cab7043cd7561ac6c3968832b30c9a442eff4d536e901d4ff70aef4d32d.exe
[2025-05-27 11:10:08.649] Malware execution started
[2025-05-27 11:10:08.649] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:11:08.657] Taking screenshot
[2025-05-27 11:11:08.719] Taking screenshot done
[2025-05-27 11:11:08.719] Terminating malware: 36759cab7043cd7561ac6c3968832b30c

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:11:22.484] Powering off VM done
[2025-05-27 11:11:25.485] Restoring snapshot 35
[2025-05-27 11:11:25.532] Restoring snapshot 35 done
[2025-05-27 11:11:25.532] Kernel telemetry analysis completed in 88.3 seconds.

[2025-05-27 11:11:25.532] ✅ Analysis completed successfully!
[2025-05-27 11:11:25.532] Progress: 44.7% (630/1408)
[2025-05-27 11:11:25.532] Successful: 630, Failed: 0
[2025-05-27 11:11:25.532] Time remaining: 28.4h
[2025-05-27 11:11:25.532] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:11:30.532] SAMPLE 631/1408
[2025-05-27 11:11:30.532] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:11:30.532] File: 382da46b770736639b495071c4c5a0b139eb486583b7b9548274ce6e4f663cb8.exe
[2025-05-27 11:11:30.532] Path: D:\new\ransomware_high_confidence\hive\382da46b770736639b495071c4c5a0b139eb486583b7b9548274ce6e4f663cb8.exe
[2025-05-27 11:11:30.533] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\382da46b770736639b495071c4c5a0b139eb486583b7b9548274ce6e4f663cb8.exe
[2025-05-27 11:11:30.533] Malware execution time: 60 seconds
[2025-05-27 11:11:30.533] Restoring snapshot 35
[2025-05-27 11:11:30.710] Restoring snapshot 35 done
[2025-05-27 11:11:30.710] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:11:35.590] Starting up VM done
[2025-05-27 11:11:35.590] Installing kernel driver
[2025-05-27 11:11:35.590] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:11:38.756] Kernel driver installation completed
[2025-05-27 11:11:38.756] Starting GP driver service
[2025-05-27 11:11:38.756] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:11:41.907] GP driver service started
[2025-05-27 11:11:41.907] Executing malware sample: D:\new\ransomware_high_confidence\hive\382da46b770736639b495071c4c5a0b139eb486583b7b9548274ce6e4f663cb8.exe
[2025-05-27 11:11:41.907] Malware execution started
[2025-05-27 11:11:41.907] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:12:41.915] Taking screenshot
[2025-05-27 11:12:41.978] Taking screenshot done
[2025-05-27 11:12:41.978] Terminating malware: 382da46b770736639b495071c4c5a0b13

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:12:55.748] Powering off VM done
[2025-05-27 11:12:58.748] Restoring snapshot 35
[2025-05-27 11:12:58.800] Restoring snapshot 35 done
[2025-05-27 11:12:58.800] Kernel telemetry analysis completed in 88.3 seconds.

[2025-05-27 11:12:58.800] ✅ Analysis completed successfully!
[2025-05-27 11:12:58.800] Progress: 44.8% (631/1408)
[2025-05-27 11:12:58.800] Successful: 631, Failed: 0
[2025-05-27 11:12:58.800] Time remaining: 28.4h
[2025-05-27 11:12:58.800] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:13:03.800] SAMPLE 632/1408
[2025-05-27 11:13:03.800] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:13:03.800] File: 4a484842f4376660894109a2123cd4e1917193efcce9b776e8c769fc667c05b3.exe
[2025-05-27 11:13:03.800] Path: D:\new\ransomware_high_confidence\hive\4a484842f4376660894109a2123cd4e1917193efcce9b776e8c769fc667c05b3.exe
[2025-05-27 11:13:03.800] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\4a484842f4376660894109a2123cd4e1917193efcce9b776e8c769fc667c05b3.exe
[2025-05-27 11:13:03.800] Malware execution time: 60 seconds
[2025-05-27 11:13:03.800] Restoring snapshot 35
[2025-05-27 11:13:03.979] Restoring snapshot 35 done
[2025-05-27 11:13:03.979] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:13:08.843] Starting up VM done
[2025-05-27 11:13:08.843] Installing kernel driver
[2025-05-27 11:13:08.843] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:13:12.003] Kernel driver installation completed
[2025-05-27 11:13:12.004] Starting GP driver service
[2025-05-27 11:13:12.004] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:13:15.160] GP driver service started
[2025-05-27 11:13:15.160] Executing malware sample: D:\new\ransomware_high_confidence\hive\4a484842f4376660894109a2123cd4e1917193efcce9b776e8c769fc667c05b3.exe
[2025-05-27 11:13:15.161] Malware execution started
[2025-05-27 11:13:15.161] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:14:15.169] Taking screenshot
[2025-05-27 11:14:15.228] Taking screenshot done
[2025-05-27 11:14:15.229] Terminating malware: 4a484842f4376660894109a2123cd4e19

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:16:53.513] Powering off VM done
[2025-05-27 11:16:56.513] Restoring snapshot 35
[2025-05-27 11:16:56.561] Restoring snapshot 35 done
[2025-05-27 11:16:56.561] Kernel telemetry analysis completed in 232.8 seconds.

[2025-05-27 11:16:56.561] ✅ Analysis completed successfully!
[2025-05-27 11:16:56.561] Progress: 44.9% (632/1408)
[2025-05-27 11:16:56.561] Successful: 632, Failed: 0
[2025-05-27 11:16:56.561] Time remaining: 28.4h
[2025-05-27 11:16:56.561] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:17:01.562] SAMPLE 633/1408
[2025-05-27 11:17:01.562] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:17:01.562] File: 4a5bc30a85bc4b000d8dcedf533c8049fb6d42f31c7a0a524aaa2a0275ac6c0f.exe
[2025-05-27 11:17:01.562] Path: D:\new\ransomware_high_confidence\hive\4a5bc30a85bc4b000d8dcedf533c8049fb6d42f31c7a0a524aaa2a0275ac6c0f.exe
[2025-05-27 11:17:01.562] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\4a5bc30a85bc4b000d8dcedf533c8049fb6d42f31c7a0a524aaa2a0275ac6c0f.exe
[2025-05-27 11:17:01.562] Malware execution time: 60 seconds
[2025-05-27 11:17:01.562] Restoring snapshot 35
[2025-05-27 11:17:01.739] Restoring snapshot 35 done
[2025-05-27 11:17:01.739] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:17:06.587] Starting up VM done
[2025-05-27 11:17:06.587] Installing kernel driver
[2025-05-27 11:17:06.587] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:17:09.740] Kernel driver installation completed
[2025-05-27 11:17:09.740] Starting GP driver service
[2025-05-27 11:17:09.740] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:17:12.892] GP driver service started
[2025-05-27 11:17:12.892] Executing malware sample: D:\new\ransomware_high_confidence\hive\4a5bc30a85bc4b000d8dcedf533c8049fb6d42f31c7a0a524aaa2a0275ac6c0f.exe
[2025-05-27 11:17:12.892] Malware execution started
[2025-05-27 11:17:12.893] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:18:12.900] Taking screenshot
[2025-05-27 11:18:12.960] Taking screenshot done
[2025-05-27 11:18:12.960] Terminating malware: 4a5bc30a85bc4b000d8dcedf533c8049f

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:20:51.322] Powering off VM done
[2025-05-27 11:20:54.322] Restoring snapshot 35
[2025-05-27 11:20:54.382] Restoring snapshot 35 done
[2025-05-27 11:20:54.382] Kernel telemetry analysis completed in 232.8 seconds.

[2025-05-27 11:20:54.382] ✅ Analysis completed successfully!
[2025-05-27 11:20:54.382] Progress: 45.0% (633/1408)
[2025-05-27 11:20:54.382] Successful: 633, Failed: 0
[2025-05-27 11:20:54.382] Time remaining: 28.4h
[2025-05-27 11:20:54.382] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:20:59.383] SAMPLE 634/1408
[2025-05-27 11:20:59.383] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:20:59.383] File: 4b62c93fbf0b964c4de93a0ce456bccdaee2908b3c0135b3f62912068a728d3e.exe
[2025-05-27 11:20:59.383] Path: D:\new\ransomware_high_confidence\hive\4b62c93fbf0b964c4de93a0ce456bccdaee2908b3c0135b3f62912068a728d3e.exe
[2025-05-27 11:20:59.383] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\4b62c93fbf0b964c4de93a0ce456bccdaee2908b3c0135b3f62912068a728d3e.exe
[2025-05-27 11:20:59.383] Malware execution time: 60 seconds
[2025-05-27 11:20:59.383] Restoring snapshot 35
[2025-05-27 11:20:59.566] Restoring snapshot 35 done
[2025-05-27 11:20:59.566] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:21:04.469] Starting up VM done
[2025-05-27 11:21:04.470] Installing kernel driver
[2025-05-27 11:21:04.470] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:21:07.621] Kernel driver installation completed
[2025-05-27 11:21:07.621] Starting GP driver service
[2025-05-27 11:21:07.621] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:21:10.780] GP driver service started
[2025-05-27 11:21:10.780] Executing malware sample: D:\new\ransomware_high_confidence\hive\4b62c93fbf0b964c4de93a0ce456bccdaee2908b3c0135b3f62912068a728d3e.exe
[2025-05-27 11:21:10.780] Malware execution started
[2025-05-27 11:21:10.780] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:22:10.789] Taking screenshot
[2025-05-27 11:22:10.852] Taking screenshot done
[2025-05-27 11:22:10.852] Terminating malware: 4b62c93fbf0b964c4de93a0ce456bccda

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:22:24.586] Powering off VM done
[2025-05-27 11:22:27.586] Restoring snapshot 35
[2025-05-27 11:22:27.634] Restoring snapshot 35 done
[2025-05-27 11:22:27.634] Kernel telemetry analysis completed in 88.3 seconds.

[2025-05-27 11:22:27.634] ✅ Analysis completed successfully!
[2025-05-27 11:22:27.634] Progress: 45.0% (634/1408)
[2025-05-27 11:22:27.634] Successful: 634, Failed: 0
[2025-05-27 11:22:27.634] Time remaining: 28.3h
[2025-05-27 11:22:27.634] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:22:32.634] SAMPLE 635/1408
[2025-05-27 11:22:32.634] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:22:32.634] File: 4d15aa5d68b0e8b081c18d0ee5c06cc1758d17246a8d01b3c8ac48d1ef07610b.exe
[2025-05-27 11:22:32.634] Path: D:\new\ransomware_high_confidence\hive\4d15aa5d68b0e8b081c18d0ee5c06cc1758d17246a8d01b3c8ac48d1ef07610b.exe
[2025-05-27 11:22:32.634] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\4d15aa5d68b0e8b081c18d0ee5c06cc1758d17246a8d01b3c8ac48d1ef07610b.exe
[2025-05-27 11:22:32.634] Malware execution time: 60 seconds
[2025-05-27 11:22:32.634] Restoring snapshot 35
[2025-05-27 11:22:32.812] Restoring snapshot 35 done
[2025-05-27 11:22:32.812] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:22:37.785] Starting up VM done
[2025-05-27 11:22:37.785] Installing kernel driver
[2025-05-27 11:22:37.785] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:22:40.951] Kernel driver installation completed
[2025-05-27 11:22:40.951] Starting GP driver service
[2025-05-27 11:22:40.951] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:22:44.100] GP driver service started
[2025-05-27 11:22:44.101] Executing malware sample: D:\new\ransomware_high_confidence\hive\4d15aa5d68b0e8b081c18d0ee5c06cc1758d17246a8d01b3c8ac48d1ef07610b.exe
[2025-05-27 11:22:44.101] Malware execution started
[2025-05-27 11:22:44.101] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:23:44.114] Taking screenshot
[2025-05-27 11:23:44.180] Taking screenshot done
[2025-05-27 11:23:44.180] Terminating malware: 4d15aa5d68b0e8b081c18d0ee5c06cc17

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:26:03.306] Powering off VM done
[2025-05-27 11:26:06.306] Restoring snapshot 35
[2025-05-27 11:26:06.356] Restoring snapshot 35 done
[2025-05-27 11:26:06.356] Kernel telemetry analysis completed in 213.7 seconds.

[2025-05-27 11:26:06.356] ✅ Analysis completed successfully!
[2025-05-27 11:26:06.356] Progress: 45.1% (635/1408)
[2025-05-27 11:26:06.356] Successful: 635, Failed: 0
[2025-05-27 11:26:06.356] Time remaining: 28.3h
[2025-05-27 11:26:06.356] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:26:11.357] SAMPLE 636/1408
[2025-05-27 11:26:11.357] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:26:11.357] File: 545a22b900104571ca0718336c6dfe37574263f1670d55835859b30f9776b028.exe
[2025-05-27 11:26:11.357] Path: D:\new\ransomware_high_confidence\hive\545a22b900104571ca0718336c6dfe37574263f1670d55835859b30f9776b028.exe
[2025-05-27 11:26:11.357] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\545a22b900104571ca0718336c6dfe37574263f1670d55835859b30f9776b028.exe
[2025-05-27 11:26:11.357] Malware execution time: 60 seconds
[2025-05-27 11:26:11.357] Restoring snapshot 35
[2025-05-27 11:26:11.535] Restoring snapshot 35 done
[2025-05-27 11:26:11.535] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:26:16.407] Starting up VM done
[2025-05-27 11:26:16.407] Installing kernel driver
[2025-05-27 11:26:16.407] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:26:19.575] Kernel driver installation completed
[2025-05-27 11:26:19.575] Starting GP driver service
[2025-05-27 11:26:19.575] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:26:22.737] GP driver service started
[2025-05-27 11:26:22.737] Executing malware sample: D:\new\ransomware_high_confidence\hive\545a22b900104571ca0718336c6dfe37574263f1670d55835859b30f9776b028.exe
[2025-05-27 11:26:22.738] Malware execution started
[2025-05-27 11:26:22.738] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:27:22.747] Taking screenshot
[2025-05-27 11:27:22.809] Taking screenshot done
[2025-05-27 11:27:22.809] Terminating malware: 545a22b900104571ca0718336c6dfe375

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:27:36.553] Powering off VM done
[2025-05-27 11:27:39.553] Restoring snapshot 35
[2025-05-27 11:27:39.601] Restoring snapshot 35 done
[2025-05-27 11:27:39.601] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 11:27:39.601] ✅ Analysis completed successfully!
[2025-05-27 11:27:39.601] Progress: 45.2% (636/1408)
[2025-05-27 11:27:39.601] Successful: 636, Failed: 0
[2025-05-27 11:27:39.601] Time remaining: 28.3h
[2025-05-27 11:27:39.601] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:27:44.602] SAMPLE 637/1408
[2025-05-27 11:27:44.602] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:27:44.602] File: 6920e86a65fc94f9fd46c46c09187b802a13801904e06c6aa63c10e0c9197218.exe
[2025-05-27 11:27:44.602] Path: D:\new\ransomware_high_confidence\hive\6920e86a65fc94f9fd46c46c09187b802a13801904e06c6aa63c10e0c9197218.exe
[2025-05-27 11:27:44.602] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\6920e86a65fc94f9fd46c46c09187b802a13801904e06c6aa63c10e0c9197218.exe
[2025-05-27 11:27:44.602] Malware execution time: 60 seconds
[2025-05-27 11:27:44.602] Restoring snapshot 35
[2025-05-27 11:27:44.779] Restoring snapshot 35 done
[2025-05-27 11:27:44.779] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:27:49.659] Starting up VM done
[2025-05-27 11:27:49.660] Installing kernel driver
[2025-05-27 11:27:49.660] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:27:52.810] Kernel driver installation completed
[2025-05-27 11:27:52.810] Starting GP driver service
[2025-05-27 11:27:52.810] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:27:55.967] GP driver service started
[2025-05-27 11:27:55.967] Executing malware sample: D:\new\ransomware_high_confidence\hive\6920e86a65fc94f9fd46c46c09187b802a13801904e06c6aa63c10e0c9197218.exe
[2025-05-27 11:27:55.968] Malware execution started
[2025-05-27 11:27:55.968] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:28:55.975] Taking screenshot
[2025-05-27 11:28:56.036] Taking screenshot done
[2025-05-27 11:28:56.036] Terminating malware: 6920e86a65fc94f9fd46c46c09187b802

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:31:34.458] Powering off VM done
[2025-05-27 11:31:37.459] Restoring snapshot 35
[2025-05-27 11:31:37.510] Restoring snapshot 35 done
[2025-05-27 11:31:37.511] Kernel telemetry analysis completed in 232.9 seconds.

[2025-05-27 11:31:37.511] ✅ Analysis completed successfully!
[2025-05-27 11:31:37.511] Progress: 45.2% (637/1408)
[2025-05-27 11:31:37.511] Successful: 637, Failed: 0
[2025-05-27 11:31:37.511] Time remaining: 28.3h
[2025-05-27 11:31:37.511] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:31:42.511] SAMPLE 638/1408
[2025-05-27 11:31:42.511] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:31:42.511] File: 70b278b5e01f7cc409a112892e8f2ff243afa0d0815d060e31a813ba24316d37.exe
[2025-05-27 11:31:42.511] Path: D:\new\ransomware_high_confidence\hive\70b278b5e01f7cc409a112892e8f2ff243afa0d0815d060e31a813ba24316d37.exe
[2025-05-27 11:31:42.511] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\70b278b5e01f7cc409a112892e8f2ff243afa0d0815d060e31a813ba24316d37.exe
[2025-05-27 11:31:42.511] Malware execution time: 60 seconds
[2025-05-27 11:31:42.511] Restoring snapshot 35
[2025-05-27 11:31:42.687] Restoring snapshot 35 done
[2025-05-27 11:31:42.687] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:31:47.537] Starting up VM done
[2025-05-27 11:31:47.537] Installing kernel driver
[2025-05-27 11:31:47.537] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:31:50.689] Kernel driver installation completed
[2025-05-27 11:31:50.689] Starting GP driver service
[2025-05-27 11:31:50.689] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:31:53.844] GP driver service started
[2025-05-27 11:31:53.844] Executing malware sample: D:\new\ransomware_high_confidence\hive\70b278b5e01f7cc409a112892e8f2ff243afa0d0815d060e31a813ba24316d37.exe
[2025-05-27 11:31:53.845] Malware execution started
[2025-05-27 11:31:53.845] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:32:53.853] Taking screenshot
[2025-05-27 11:32:53.917] Taking screenshot done
[2025-05-27 11:32:53.917] Terminating malware: 70b278b5e01f7cc409a112892e8f2ff24

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:33:10.438] Restoring snapshot 35
[2025-05-27 11:33:10.485] Restoring snapshot 35 done
[2025-05-27 11:33:10.485] Kernel telemetry analysis completed in 88.0 seconds.

[2025-05-27 11:33:10.486] ✅ Analysis completed successfully!
[2025-05-27 11:33:10.486] Progress: 45.3% (638/1408)
[2025-05-27 11:33:10.486] Successful: 638, Failed: 0
[2025-05-27 11:33:10.486] Time remaining: 28.2h
[2025-05-27 11:33:10.486] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:33:15.486] SAMPLE 639/1408
[2025-05-27 11:33:15.486] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:33:15.486] File: 7bdb4508714a56fe5e6d9eb757ee475d08809470c6a02baa901484f0697cc362.exe
[2025-05-27 11:33:15.486] Path: D:\new\ransomware_high_confidence\hive\7bdb4508714a56fe5e6d9eb757ee475d08809470c6a02baa901484f0697cc362.exe
[2025-05-27 11:33:15.486] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\7bdb4508714a56fe5e6d9eb757ee475d08809470c6a02baa901484f0697cc362.exe
[2025-05-27 11:33:15.486] Malware execution time: 60 seconds
[2025-05-27 11:33:15.486] Restoring snapshot 35
[2025-05-27 11:33:15.662] Restoring snapshot 35 done
[2025-05-27 11:33:15.662] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:33:20.568] Starting up VM done
[2025-05-27 11:33:20.568] Installing kernel driver
[2025-05-27 11:33:20.569] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:33:23.733] Kernel driver installation completed
[2025-05-27 11:33:23.733] Starting GP driver service
[2025-05-27 11:33:23.733] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:33:26.890] GP driver service started
[2025-05-27 11:33:26.891] Executing malware sample: D:\new\ransomware_high_confidence\hive\7bdb4508714a56fe5e6d9eb757ee475d08809470c6a02baa901484f0697cc362.exe
[2025-05-27 11:33:26.891] Malware execution started
[2025-05-27 11:33:26.891] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:34:26.899] Taking screenshot
[2025-05-27 11:34:26.962] Taking screenshot done
[2025-05-27 11:34:26.962] Terminating malware: 7bdb4508714a56fe5e6d9eb757ee475d0

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:34:40.711] Powering off VM done
[2025-05-27 11:34:43.712] Restoring snapshot 35
[2025-05-27 11:34:43.759] Restoring snapshot 35 done
[2025-05-27 11:34:43.759] Kernel telemetry analysis completed in 88.3 seconds.

[2025-05-27 11:34:43.759] ✅ Analysis completed successfully!
[2025-05-27 11:34:43.759] Progress: 45.4% (639/1408)
[2025-05-27 11:34:43.759] Successful: 639, Failed: 0
[2025-05-27 11:34:43.759] Time remaining: 28.2h
[2025-05-27 11:34:43.759] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:34:48.760] SAMPLE 640/1408
[2025-05-27 11:34:48.760] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:34:48.760] File: 7cb066628b72dafaf1ad07e3c98c8bc5520df2f3b417d5b0acb5ded1b0279347.exe
[2025-05-27 11:34:48.760] Path: D:\new\ransomware_high_confidence\hive\7cb066628b72dafaf1ad07e3c98c8bc5520df2f3b417d5b0acb5ded1b0279347.exe
[2025-05-27 11:34:48.760] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\7cb066628b72dafaf1ad07e3c98c8bc5520df2f3b417d5b0acb5ded1b0279347.exe
[2025-05-27 11:34:48.760] Malware execution time: 60 seconds
[2025-05-27 11:34:48.760] Restoring snapshot 35
[2025-05-27 11:34:48.938] Restoring snapshot 35 done
[2025-05-27 11:34:48.938] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:34:53.868] Starting up VM done
[2025-05-27 11:34:53.869] Installing kernel driver
[2025-05-27 11:34:53.869] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:34:57.020] Kernel driver installation completed
[2025-05-27 11:34:57.020] Starting GP driver service
[2025-05-27 11:34:57.020] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:35:00.170] GP driver service started
[2025-05-27 11:35:00.170] Executing malware sample: D:\new\ransomware_high_confidence\hive\7cb066628b72dafaf1ad07e3c98c8bc5520df2f3b417d5b0acb5ded1b0279347.exe
[2025-05-27 11:35:00.170] Malware execution started
[2025-05-27 11:35:00.170] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:36:00.179] Taking screenshot
[2025-05-27 11:36:00.238] Taking screenshot done
[2025-05-27 11:36:00.238] Terminating malware: 7cb066628b72dafaf1ad07e3c98c8bc55

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:38:38.379] Powering off VM done
[2025-05-27 11:38:41.379] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:38:41.739] Restoring snapshot 35 done
[2025-05-27 11:38:41.739] Kernel telemetry analysis completed in 233.0 seconds.

[2025-05-27 11:38:41.739] ✅ Analysis completed successfully!
[2025-05-27 11:38:41.739] Progress: 45.5% (640/1408)
[2025-05-27 11:38:41.739] Successful: 640, Failed: 0
[2025-05-27 11:38:41.739] Time remaining: 28.2h
[2025-05-27 11:38:41.739] Waiting 5 seconds before next sample...
[2025-05-27 11:38:46.739] SAMPLE 641/1408
[2025-05-27 11:38:46.739] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:38:46.739] File: 7fb0391651fff5ea815395dd278986dc23af9e91036ce178dd25951758ea94c6.exe
[2025-05-27 11:38:46.739] Path: D:\new\ransomware_high_confidence\hive\7fb0391651fff5ea815395dd278986dc23af9e91036ce178dd25951758ea94c6.exe
[2025-05-27 11:38:46.740] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\7fb0391651fff5ea815395dd278986dc23af9e91036ce178dd25951758ea94c6.exe
[2025-05-27 11:38:46.740] Malware execution time: 60 sec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:38:51.786] Starting up VM done
[2025-05-27 11:38:51.786] Installing kernel driver
[2025-05-27 11:38:51.786] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:38:54.939] Kernel driver installation completed
[2025-05-27 11:38:54.939] Starting GP driver service
[2025-05-27 11:38:54.939] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:38:58.091] GP driver service started
[2025-05-27 11:38:58.091] Executing malware sample: D:\new\ransomware_high_confidence\hive\7fb0391651fff5ea815395dd278986dc23af9e91036ce178dd25951758ea94c6.exe
[2025-05-27 11:38:58.092] Malware execution started
[2025-05-27 11:38:58.092] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:39:58.100] Taking screenshot
[2025-05-27 11:39:58.158] Taking screenshot done
[2025-05-27 11:39:58.158] Terminating malware: 7fb0391651fff5ea815395dd278986dc2

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:42:36.564] Powering off VM done
[2025-05-27 11:42:39.564] Restoring snapshot 35
[2025-05-27 11:42:39.613] Restoring snapshot 35 done
[2025-05-27 11:42:39.613] Kernel telemetry analysis completed in 232.9 seconds.

[2025-05-27 11:42:39.613] ✅ Analysis completed successfully!
[2025-05-27 11:42:39.613] Progress: 45.5% (641/1408)
[2025-05-27 11:42:39.613] Successful: 641, Failed: 0
[2025-05-27 11:42:39.613] Time remaining: 28.2h
[2025-05-27 11:42:39.613] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:42:44.613] SAMPLE 642/1408
[2025-05-27 11:42:44.613] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:42:44.613] File: 89a9279a31e78ceb036d8be5b2e3c7aeb1021a05cff7bbd5e5025250c911234b.exe
[2025-05-27 11:42:44.613] Path: D:\new\ransomware_high_confidence\hive\89a9279a31e78ceb036d8be5b2e3c7aeb1021a05cff7bbd5e5025250c911234b.exe
[2025-05-27 11:42:44.613] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\89a9279a31e78ceb036d8be5b2e3c7aeb1021a05cff7bbd5e5025250c911234b.exe
[2025-05-27 11:42:44.613] Malware execution time: 60 seconds
[2025-05-27 11:42:44.613] Restoring snapshot 35
[2025-05-27 11:42:44.790] Restoring snapshot 35 done
[2025-05-27 11:42:44.790] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:42:49.677] Starting up VM done
[2025-05-27 11:42:49.678] Installing kernel driver
[2025-05-27 11:42:49.678] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:42:52.828] Kernel driver installation completed
[2025-05-27 11:42:52.828] Starting GP driver service
[2025-05-27 11:42:52.828] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:42:55.984] GP driver service started
[2025-05-27 11:42:55.984] Executing malware sample: D:\new\ransomware_high_confidence\hive\89a9279a31e78ceb036d8be5b2e3c7aeb1021a05cff7bbd5e5025250c911234b.exe
[2025-05-27 11:42:55.985] Malware execution started
[2025-05-27 11:42:55.985] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:43:55.993] Taking screenshot
[2025-05-27 11:43:56.054] Taking screenshot done
[2025-05-27 11:43:56.054] Terminating malware: 89a9279a31e78ceb036d8be5b2e3c7aeb

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:46:34.357] Powering off VM done
[2025-05-27 11:46:37.358] Restoring snapshot 35
[2025-05-27 11:46:37.411] Restoring snapshot 35 done
[2025-05-27 11:46:37.411] Kernel telemetry analysis completed in 232.8 seconds.

[2025-05-27 11:46:37.411] ✅ Analysis completed successfully!
[2025-05-27 11:46:37.411] Progress: 45.6% (642/1408)
[2025-05-27 11:46:37.411] Successful: 642, Failed: 0
[2025-05-27 11:46:37.411] Time remaining: 28.2h
[2025-05-27 11:46:37.411] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:46:42.412] SAMPLE 643/1408
[2025-05-27 11:46:42.412] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:46:42.412] File: 9377cbf352b7aa61f79190789c669ab2d6855cb3429ce494bc79abe0267bf4cc.exe
[2025-05-27 11:46:42.412] Path: D:\new\ransomware_high_confidence\hive\9377cbf352b7aa61f79190789c669ab2d6855cb3429ce494bc79abe0267bf4cc.exe
[2025-05-27 11:46:42.412] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\9377cbf352b7aa61f79190789c669ab2d6855cb3429ce494bc79abe0267bf4cc.exe
[2025-05-27 11:46:42.412] Malware execution time: 60 seconds
[2025-05-27 11:46:42.412] Restoring snapshot 35
[2025-05-27 11:46:42.592] Restoring snapshot 35 done
[2025-05-27 11:46:42.592] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:46:47.471] Starting up VM done
[2025-05-27 11:46:47.471] Installing kernel driver
[2025-05-27 11:46:47.471] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:46:50.639] Kernel driver installation completed
[2025-05-27 11:46:50.639] Starting GP driver service
[2025-05-27 11:46:50.639] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:46:53.787] GP driver service started
[2025-05-27 11:46:53.787] Executing malware sample: D:\new\ransomware_high_confidence\hive\9377cbf352b7aa61f79190789c669ab2d6855cb3429ce494bc79abe0267bf4cc.exe
[2025-05-27 11:46:53.788] Malware execution started
[2025-05-27 11:46:53.788] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:47:53.796] Taking screenshot
[2025-05-27 11:47:53.856] Taking screenshot done
[2025-05-27 11:47:53.856] Terminating malware: 9377cbf352b7aa61f79190789c669ab2d

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:50:32.194] Powering off VM done
[2025-05-27 11:50:35.195] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:50:35.587] Restoring snapshot 35 done
[2025-05-27 11:50:35.587] Kernel telemetry analysis completed in 233.2 seconds.

[2025-05-27 11:50:35.587] ✅ Analysis completed successfully!
[2025-05-27 11:50:35.587] Progress: 45.7% (643/1408)
[2025-05-27 11:50:35.587] Successful: 643, Failed: 0
[2025-05-27 11:50:35.587] Time remaining: 28.2h
[2025-05-27 11:50:35.587] Waiting 5 seconds before next sample...
[2025-05-27 11:50:40.588] SAMPLE 644/1408
[2025-05-27 11:50:40.588] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:50:40.588] File: a33e93343f46eafa16ccd18a9376f528e146de57673d9fad0a6ce68130cd9357.exe
[2025-05-27 11:50:40.588] Path: D:\new\ransomware_high_confidence\hive\a33e93343f46eafa16ccd18a9376f528e146de57673d9fad0a6ce68130cd9357.exe
[2025-05-27 11:50:40.588] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\a33e93343f46eafa16ccd18a9376f528e146de57673d9fad0a6ce68130cd9357.exe
[2025-05-27 11:50:40.588] Malware execution time: 60 sec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:50:41.075] Restoring snapshot 35 done
[2025-05-27 11:50:41.075] Starting up VM
[2025-05-27 11:50:45.959] Starting up VM done
[2025-05-27 11:50:45.959] Installing kernel driver
[2025-05-27 11:50:45.959] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:50:49.118] Kernel driver installation completed
[2025-05-27 11:50:49.118] Starting GP driver service
[2025-05-27 11:50:49.118] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:50:52.271] GP driver service started
[2025-05-27 11:50:52.271] Executing malware sample: D:\new\ransomware_high_confidence\hive\a33e93343f46eafa16ccd18a9376f528e146de57673d9fad0a6ce68130cd9357.exe
[2025-05-27 11:50:52.272] Malware execution started
[2025-05-27 11:50:52.272] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:51:52.280] Taking screenshot
[2025-05-27 11:51:52.340] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:54:30.790] Powering off VM done
[2025-05-27 11:54:33.790] Restoring snapshot 35
[2025-05-27 11:54:33.839] Restoring snapshot 35 done
[2025-05-27 11:54:33.839] Kernel telemetry analysis completed in 233.3 seconds.

[2025-05-27 11:54:33.839] ✅ Analysis completed successfully!
[2025-05-27 11:54:33.839] Progress: 45.7% (644/1408)
[2025-05-27 11:54:33.839] Successful: 644, Failed: 0
[2025-05-27 11:54:33.839] Time remaining: 28.2h
[2025-05-27 11:54:33.839] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:54:38.839] SAMPLE 645/1408
[2025-05-27 11:54:38.839] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:54:38.839] File: a4878bb4655f21dd34b5a8a853ebea6b9cca292190c6ca180b4afe44077002ab.exe
[2025-05-27 11:54:38.840] Path: D:\new\ransomware_high_confidence\hive\a4878bb4655f21dd34b5a8a853ebea6b9cca292190c6ca180b4afe44077002ab.exe
[2025-05-27 11:54:38.840] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\a4878bb4655f21dd34b5a8a853ebea6b9cca292190c6ca180b4afe44077002ab.exe
[2025-05-27 11:54:38.840] Malware execution time: 60 seconds
[2025-05-27 11:54:38.840] Restoring snapshot 35
[2025-05-27 11:54:39.019] Restoring snapshot 35 done
[2025-05-27 11:54:39.019] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:54:43.891] Starting up VM done
[2025-05-27 11:54:43.891] Installing kernel driver
[2025-05-27 11:54:43.891] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:54:47.055] Kernel driver installation completed
[2025-05-27 11:54:47.055] Starting GP driver service
[2025-05-27 11:54:47.055] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:54:50.205] GP driver service started
[2025-05-27 11:54:50.205] Executing malware sample: D:\new\ransomware_high_confidence\hive\a4878bb4655f21dd34b5a8a853ebea6b9cca292190c6ca180b4afe44077002ab.exe
[2025-05-27 11:54:50.206] Malware execution started
[2025-05-27 11:54:50.206] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:55:50.214] Taking screenshot
[2025-05-27 11:55:50.275] Taking screenshot done
[2025-05-27 11:55:50.275] Terminating malware: a4878bb4655f21dd34b5a8a853ebea6b9

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:58:28.523] Powering off VM done
[2025-05-27 11:58:31.523] Restoring snapshot 35
[2025-05-27 11:58:31.574] Restoring snapshot 35 done
[2025-05-27 11:58:31.574] Kernel telemetry analysis completed in 232.7 seconds.

[2025-05-27 11:58:31.574] ✅ Analysis completed successfully!
[2025-05-27 11:58:31.574] Progress: 45.8% (645/1408)
[2025-05-27 11:58:31.574] Successful: 645, Failed: 0
[2025-05-27 11:58:31.574] Time remaining: 28.2h
[2025-05-27 11:58:31.574] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:58:36.574] SAMPLE 646/1408
[2025-05-27 11:58:36.574] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 11:58:36.574] File: b1bfc90de9dcea999dedf285c3d3d7e1901847d84ec297224a0d82720d0ed501.exe
[2025-05-27 11:58:36.574] Path: D:\new\ransomware_high_confidence\hive\b1bfc90de9dcea999dedf285c3d3d7e1901847d84ec297224a0d82720d0ed501.exe
[2025-05-27 11:58:36.575] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\b1bfc90de9dcea999dedf285c3d3d7e1901847d84ec297224a0d82720d0ed501.exe
[2025-05-27 11:58:36.575] Malware execution time: 60 seconds
[2025-05-27 11:58:36.575] Restoring snapshot 35
[2025-05-27 11:58:36.751] Restoring snapshot 35 done
[2025-05-27 11:58:36.751] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 11:58:41.624] Starting up VM done
[2025-05-27 11:58:41.624] Installing kernel driver
[2025-05-27 11:58:41.624] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 11:58:44.788] Kernel driver installation completed
[2025-05-27 11:58:44.788] Starting GP driver service
[2025-05-27 11:58:44.788] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 11:58:47.949] GP driver service started
[2025-05-27 11:58:47.949] Executing malware sample: D:\new\ransomware_high_confidence\hive\b1bfc90de9dcea999dedf285c3d3d7e1901847d84ec297224a0d82720d0ed501.exe
[2025-05-27 11:58:47.950] Malware execution started
[2025-05-27 11:58:47.950] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 11:59:47.958] Taking screenshot
[2025-05-27 11:59:48.021] Taking screenshot done
[2025-05-27 11:59:48.021] Terminating malware: b1bfc90de9dcea999dedf285c3d3d7e19

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:02:26.529] Powering off VM done
[2025-05-27 12:02:29.530] Restoring snapshot 35
[2025-05-27 12:02:29.580] Restoring snapshot 35 done
[2025-05-27 12:02:29.580] Kernel telemetry analysis completed in 233.0 seconds.

[2025-05-27 12:02:29.580] ✅ Analysis completed successfully!
[2025-05-27 12:02:29.580] Progress: 45.9% (646/1408)
[2025-05-27 12:02:29.580] Successful: 646, Failed: 0
[2025-05-27 12:02:29.580] Time remaining: 28.2h
[2025-05-27 12:02:29.580] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:02:34.580] SAMPLE 647/1408
[2025-05-27 12:02:34.580] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 12:02:34.580] File: b5daf399518d76b8e7ca86ada767d9e90fd0ae6efbe5acc2cc775b929f188228.exe
[2025-05-27 12:02:34.580] Path: D:\new\ransomware_high_confidence\hive\b5daf399518d76b8e7ca86ada767d9e90fd0ae6efbe5acc2cc775b929f188228.exe
[2025-05-27 12:02:34.580] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\b5daf399518d76b8e7ca86ada767d9e90fd0ae6efbe5acc2cc775b929f188228.exe
[2025-05-27 12:02:34.580] Malware execution time: 60 seconds
[2025-05-27 12:02:34.580] Restoring snapshot 35
[2025-05-27 12:02:34.759] Restoring snapshot 35 done
[2025-05-27 12:02:34.759] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:02:40.185] Starting up VM done
[2025-05-27 12:02:40.185] Installing kernel driver
[2025-05-27 12:02:40.185] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:02:43.340] Kernel driver installation completed
[2025-05-27 12:02:43.340] Starting GP driver service
[2025-05-27 12:02:43.340] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:02:46.497] GP driver service started
[2025-05-27 12:02:46.497] Executing malware sample: D:\new\ransomware_high_confidence\hive\b5daf399518d76b8e7ca86ada767d9e90fd0ae6efbe5acc2cc775b929f188228.exe
[2025-05-27 12:02:46.498] Malware execution started
[2025-05-27 12:02:46.498] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:03:46.506] Taking screenshot
[2025-05-27 12:03:46.568] Taking screenshot done
[2025-05-27 12:03:46.568] Terminating malware: b5daf399518d76b8e7ca86ada767d9e90

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:04:00.320] Powering off VM done
[2025-05-27 12:04:03.320] Restoring snapshot 35
[2025-05-27 12:04:03.369] Restoring snapshot 35 done
[2025-05-27 12:04:03.369] Kernel telemetry analysis completed in 88.8 seconds.

[2025-05-27 12:04:03.369] ✅ Analysis completed successfully!
[2025-05-27 12:04:03.369] Progress: 46.0% (647/1408)
[2025-05-27 12:04:03.369] Successful: 647, Failed: 0
[2025-05-27 12:04:03.369] Time remaining: 28.1h
[2025-05-27 12:04:03.369] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:04:08.370] SAMPLE 648/1408
[2025-05-27 12:04:08.370] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 12:04:08.370] File: b6b1ea26464c92c3d25956815c301caf6fa0da9723a2ef847e2bb9cd11563d8b.exe
[2025-05-27 12:04:08.370] Path: D:\new\ransomware_high_confidence\hive\b6b1ea26464c92c3d25956815c301caf6fa0da9723a2ef847e2bb9cd11563d8b.exe
[2025-05-27 12:04:08.370] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\b6b1ea26464c92c3d25956815c301caf6fa0da9723a2ef847e2bb9cd11563d8b.exe
[2025-05-27 12:04:08.370] Malware execution time: 60 seconds
[2025-05-27 12:04:08.370] Restoring snapshot 35
[2025-05-27 12:04:08.548] Restoring snapshot 35 done
[2025-05-27 12:04:08.548] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:04:13.402] Starting up VM done
[2025-05-27 12:04:13.402] Installing kernel driver
[2025-05-27 12:04:13.402] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:04:16.564] Kernel driver installation completed
[2025-05-27 12:04:16.564] Starting GP driver service
[2025-05-27 12:04:16.564] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:04:19.719] GP driver service started
[2025-05-27 12:04:19.719] Executing malware sample: D:\new\ransomware_high_confidence\hive\b6b1ea26464c92c3d25956815c301caf6fa0da9723a2ef847e2bb9cd11563d8b.exe
[2025-05-27 12:04:19.719] Malware execution started
[2025-05-27 12:04:19.719] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:05:19.729] Taking screenshot
[2025-05-27 12:05:19.789] Taking screenshot done
[2025-05-27 12:05:19.789] Terminating malware: b6b1ea26464c92c3d25956815c301caf6

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:05:33.533] Powering off VM done
[2025-05-27 12:05:36.534] Restoring snapshot 35
[2025-05-27 12:05:36.581] Restoring snapshot 35 done
[2025-05-27 12:05:36.581] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 12:05:36.581] ✅ Analysis completed successfully!
[2025-05-27 12:05:36.582] Progress: 46.0% (648/1408)
[2025-05-27 12:05:36.582] Successful: 648, Failed: 0
[2025-05-27 12:05:36.582] Time remaining: 28.1h
[2025-05-27 12:05:36.582] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:05:41.582] SAMPLE 649/1408
[2025-05-27 12:05:41.582] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 12:05:41.582] File: bd7f4d6a3f224536879cca70b940b16251c56707124d52fb09ad828a889648cd.exe
[2025-05-27 12:05:41.582] Path: D:\new\ransomware_high_confidence\hive\bd7f4d6a3f224536879cca70b940b16251c56707124d52fb09ad828a889648cd.exe
[2025-05-27 12:05:41.582] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\bd7f4d6a3f224536879cca70b940b16251c56707124d52fb09ad828a889648cd.exe
[2025-05-27 12:05:41.582] Malware execution time: 60 seconds
[2025-05-27 12:05:41.582] Restoring snapshot 35
[2025-05-27 12:05:41.758] Restoring snapshot 35 done
[2025-05-27 12:05:41.758] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:05:46.610] Starting up VM done
[2025-05-27 12:05:46.610] Installing kernel driver
[2025-05-27 12:05:46.610] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:05:49.765] Kernel driver installation completed
[2025-05-27 12:05:49.766] Starting GP driver service
[2025-05-27 12:05:49.766] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:05:52.920] GP driver service started
[2025-05-27 12:05:52.920] Executing malware sample: D:\new\ransomware_high_confidence\hive\bd7f4d6a3f224536879cca70b940b16251c56707124d52fb09ad828a889648cd.exe
[2025-05-27 12:05:52.921] Malware execution started
[2025-05-27 12:05:52.921] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:06:52.929] Taking screenshot
[2025-05-27 12:06:52.992] Taking screenshot done
[2025-05-27 12:06:52.992] Terminating malware: bd7f4d6a3f224536879cca70b940b1625

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:07:06.745] Powering off VM done
[2025-05-27 12:07:09.746] Restoring snapshot 35
[2025-05-27 12:07:09.794] Restoring snapshot 35 done
[2025-05-27 12:07:09.794] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 12:07:09.794] ✅ Analysis completed successfully!
[2025-05-27 12:07:09.794] Progress: 46.1% (649/1408)
[2025-05-27 12:07:09.794] Successful: 649, Failed: 0
[2025-05-27 12:07:09.794] Time remaining: 28.0h
[2025-05-27 12:07:09.794] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:07:14.794] SAMPLE 650/1408
[2025-05-27 12:07:14.794] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 12:07:14.794] File: bd9807c6e5c69f21153103703faa8067a9a883124bcfeb6b0f0645158a97d57d.exe
[2025-05-27 12:07:14.794] Path: D:\new\ransomware_high_confidence\hive\bd9807c6e5c69f21153103703faa8067a9a883124bcfeb6b0f0645158a97d57d.exe
[2025-05-27 12:07:14.794] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\bd9807c6e5c69f21153103703faa8067a9a883124bcfeb6b0f0645158a97d57d.exe
[2025-05-27 12:07:14.794] Malware execution time: 60 seconds
[2025-05-27 12:07:14.794] Restoring snapshot 35
[2025-05-27 12:07:14.970] Restoring snapshot 35 done
[2025-05-27 12:07:14.970] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:07:19.830] Starting up VM done
[2025-05-27 12:07:19.830] Installing kernel driver
[2025-05-27 12:07:19.830] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:07:22.985] Kernel driver installation completed
[2025-05-27 12:07:22.985] Starting GP driver service
[2025-05-27 12:07:22.985] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:07:26.142] GP driver service started
[2025-05-27 12:07:26.142] Executing malware sample: D:\new\ransomware_high_confidence\hive\bd9807c6e5c69f21153103703faa8067a9a883124bcfeb6b0f0645158a97d57d.exe
[2025-05-27 12:07:26.142] Malware execution started
[2025-05-27 12:07:26.142] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:08:26.150] Taking screenshot
[2025-05-27 12:08:26.210] Taking screenshot done
[2025-05-27 12:08:26.211] Terminating malware: bd9807c6e5c69f21153103703faa8067a

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:11:04.649] Powering off VM done
[2025-05-27 12:11:07.649] Restoring snapshot 35
[2025-05-27 12:11:07.697] Restoring snapshot 35 done
[2025-05-27 12:11:07.697] Kernel telemetry analysis completed in 232.9 seconds.

[2025-05-27 12:11:07.697] ✅ Analysis completed successfully!
[2025-05-27 12:11:07.697] Progress: 46.2% (650/1408)
[2025-05-27 12:11:07.697] Successful: 650, Failed: 0
[2025-05-27 12:11:07.697] Time remaining: 28.0h
[2025-05-27 12:11:07.697] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:11:12.697] SAMPLE 651/1408
[2025-05-27 12:11:12.697] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 12:11:12.697] File: c2fa59fb0c3ed403c5f115310bbb62621bc9ddbf5cba29730e16c65e53b88f64.exe
[2025-05-27 12:11:12.698] Path: D:\new\ransomware_high_confidence\hive\c2fa59fb0c3ed403c5f115310bbb62621bc9ddbf5cba29730e16c65e53b88f64.exe
[2025-05-27 12:11:12.698] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\c2fa59fb0c3ed403c5f115310bbb62621bc9ddbf5cba29730e16c65e53b88f64.exe
[2025-05-27 12:11:12.698] Malware execution time: 60 seconds
[2025-05-27 12:11:12.698] Restoring snapshot 35
[2025-05-27 12:11:12.876] Restoring snapshot 35 done
[2025-05-27 12:11:12.876] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:11:17.749] Starting up VM done
[2025-05-27 12:11:17.749] Installing kernel driver
[2025-05-27 12:11:17.749] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:11:20.907] Kernel driver installation completed
[2025-05-27 12:11:20.908] Starting GP driver service
[2025-05-27 12:11:20.908] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:11:24.068] GP driver service started
[2025-05-27 12:11:24.068] Executing malware sample: D:\new\ransomware_high_confidence\hive\c2fa59fb0c3ed403c5f115310bbb62621bc9ddbf5cba29730e16c65e53b88f64.exe
[2025-05-27 12:11:24.069] Malware execution started
[2025-05-27 12:11:24.069] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:12:24.077] Taking screenshot
[2025-05-27 12:12:24.136] Taking screenshot done
[2025-05-27 12:12:24.137] Terminating malware: c2fa59fb0c3ed403c5f115310bbb62621

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:15:02.380] Powering off VM done
[2025-05-27 12:15:05.380] Restoring snapshot 35
[2025-05-27 12:15:05.432] Restoring snapshot 35 done
[2025-05-27 12:15:05.432] Kernel telemetry analysis completed in 232.7 seconds.

[2025-05-27 12:15:05.432] ✅ Analysis completed successfully!
[2025-05-27 12:15:05.432] Progress: 46.2% (651/1408)
[2025-05-27 12:15:05.432] Successful: 651, Failed: 0
[2025-05-27 12:15:05.432] Time remaining: 28.0h
[2025-05-27 12:15:05.432] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:15:10.432] SAMPLE 652/1408
[2025-05-27 12:15:10.432] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 12:15:10.432] File: c7c04bcd56f282bc27f160cc80ccab73485dd3123f2efb35b9726a8528b7950f.exe
[2025-05-27 12:15:10.432] Path: D:\new\ransomware_high_confidence\hive\c7c04bcd56f282bc27f160cc80ccab73485dd3123f2efb35b9726a8528b7950f.exe
[2025-05-27 12:15:10.432] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\c7c04bcd56f282bc27f160cc80ccab73485dd3123f2efb35b9726a8528b7950f.exe
[2025-05-27 12:15:10.432] Malware execution time: 60 seconds
[2025-05-27 12:15:10.432] Restoring snapshot 35
[2025-05-27 12:15:10.607] Restoring snapshot 35 done
[2025-05-27 12:15:10.607] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:15:15.493] Starting up VM done
[2025-05-27 12:15:15.493] Installing kernel driver
[2025-05-27 12:15:15.493] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:15:18.642] Kernel driver installation completed
[2025-05-27 12:15:18.643] Starting GP driver service
[2025-05-27 12:15:18.643] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:15:21.795] GP driver service started
[2025-05-27 12:15:21.795] Executing malware sample: D:\new\ransomware_high_confidence\hive\c7c04bcd56f282bc27f160cc80ccab73485dd3123f2efb35b9726a8528b7950f.exe
[2025-05-27 12:15:21.796] Malware execution started
[2025-05-27 12:15:21.796] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:16:21.804] Taking screenshot
[2025-05-27 12:16:21.867] Taking screenshot done
[2025-05-27 12:16:21.868] Terminating malware: c7c04bcd56f282bc27f160cc80ccab734

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:16:35.628] Powering off VM done
[2025-05-27 12:16:38.629] Restoring snapshot 35
[2025-05-27 12:16:38.679] Restoring snapshot 35 done
[2025-05-27 12:16:38.679] Kernel telemetry analysis completed in 88.2 seconds.

[2025-05-27 12:16:38.679] ✅ Analysis completed successfully!
[2025-05-27 12:16:38.679] Progress: 46.3% (652/1408)
[2025-05-27 12:16:38.679] Successful: 652, Failed: 0
[2025-05-27 12:16:38.679] Time remaining: 28.0h
[2025-05-27 12:16:38.679] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:16:43.679] SAMPLE 653/1408
[2025-05-27 12:16:43.679] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 12:16:43.679] File: cba0c8e316db8c6abcdb69f03936a803d81299d9ae4c59c77839c37cda752539.exe
[2025-05-27 12:16:43.679] Path: D:\new\ransomware_high_confidence\hive\cba0c8e316db8c6abcdb69f03936a803d81299d9ae4c59c77839c37cda752539.exe
[2025-05-27 12:16:43.679] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\cba0c8e316db8c6abcdb69f03936a803d81299d9ae4c59c77839c37cda752539.exe
[2025-05-27 12:16:43.679] Malware execution time: 60 seconds
[2025-05-27 12:16:43.679] Restoring snapshot 35
[2025-05-27 12:16:43.856] Restoring snapshot 35 done
[2025-05-27 12:16:43.856] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:16:48.752] Starting up VM done
[2025-05-27 12:16:48.752] Installing kernel driver
[2025-05-27 12:16:48.752] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:16:51.907] Kernel driver installation completed
[2025-05-27 12:16:51.907] Starting GP driver service
[2025-05-27 12:16:51.907] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:16:55.055] GP driver service started
[2025-05-27 12:16:55.055] Executing malware sample: D:\new\ransomware_high_confidence\hive\cba0c8e316db8c6abcdb69f03936a803d81299d9ae4c59c77839c37cda752539.exe
[2025-05-27 12:16:55.055] Malware execution started
[2025-05-27 12:16:55.055] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:17:55.064] Taking screenshot
[2025-05-27 12:17:55.124] Taking screenshot done
[2025-05-27 12:17:55.124] Terminating malware: cba0c8e316db8c6abcdb69f03936a803d

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:20:42.110] Restoring snapshot 35
[2025-05-27 12:20:42.159] Restoring snapshot 35 done
[2025-05-27 12:20:42.159] Kernel telemetry analysis completed in 238.5 seconds.

[2025-05-27 12:20:42.159] ✅ Analysis completed successfully!
[2025-05-27 12:20:42.159] Progress: 46.4% (653/1408)
[2025-05-27 12:20:42.159] Successful: 653, Failed: 0
[2025-05-27 12:20:42.159] Time remaining: 28.0h
[2025-05-27 12:20:42.159] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:20:47.159] SAMPLE 654/1408
[2025-05-27 12:20:47.159] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 12:20:47.159] File: d83a875db07877be5b2b67341d665a06f476f862a48363f30440091d359a749f.exe
[2025-05-27 12:20:47.159] Path: D:\new\ransomware_high_confidence\hive\d83a875db07877be5b2b67341d665a06f476f862a48363f30440091d359a749f.exe
[2025-05-27 12:20:47.159] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\d83a875db07877be5b2b67341d665a06f476f862a48363f30440091d359a749f.exe
[2025-05-27 12:20:47.159] Malware execution time: 60 seconds
[2025-05-27 12:20:47.159] Restoring snapshot 35
[2025-05-27 12:20:47.337] Restoring snapshot 35 done
[2025-05-27 12:20:47.337] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:20:52.466] Starting up VM done
[2025-05-27 12:20:52.466] Installing kernel driver
[2025-05-27 12:20:52.466] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:20:55.624] Kernel driver installation completed
[2025-05-27 12:20:55.624] Starting GP driver service
[2025-05-27 12:20:55.624] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:20:58.775] GP driver service started
[2025-05-27 12:20:58.775] Executing malware sample: D:\new\ransomware_high_confidence\hive\d83a875db07877be5b2b67341d665a06f476f862a48363f30440091d359a749f.exe
[2025-05-27 12:20:58.775] Malware execution started
[2025-05-27 12:20:58.776] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:21:58.784] Taking screenshot
[2025-05-27 12:21:58.847] Taking screenshot done
[2025-05-27 12:21:58.847] Terminating malware: d83a875db07877be5b2b67341d665a06f

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:22:12.612] Powering off VM done
[2025-05-27 12:22:15.613] Restoring snapshot 35
[2025-05-27 12:22:15.661] Restoring snapshot 35 done
[2025-05-27 12:22:15.661] Kernel telemetry analysis completed in 88.5 seconds.

[2025-05-27 12:22:15.661] ✅ Analysis completed successfully!
[2025-05-27 12:22:15.661] Progress: 46.4% (654/1408)
[2025-05-27 12:22:15.661] Successful: 654, Failed: 0
[2025-05-27 12:22:15.661] Time remaining: 27.9h
[2025-05-27 12:22:15.661] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:22:20.661] SAMPLE 655/1408
[2025-05-27 12:22:20.661] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 12:22:20.661] File: da2128b5608ed39f1a4e4568e0751bd9f8cb4e8587f1a262314d13c03a6a8b9e.exe
[2025-05-27 12:22:20.661] Path: D:\new\ransomware_high_confidence\hive\da2128b5608ed39f1a4e4568e0751bd9f8cb4e8587f1a262314d13c03a6a8b9e.exe
[2025-05-27 12:22:20.661] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\da2128b5608ed39f1a4e4568e0751bd9f8cb4e8587f1a262314d13c03a6a8b9e.exe
[2025-05-27 12:22:20.661] Malware execution time: 60 seconds
[2025-05-27 12:22:20.661] Restoring snapshot 35
[2025-05-27 12:22:20.838] Restoring snapshot 35 done
[2025-05-27 12:22:20.838] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:22:25.691] Starting up VM done
[2025-05-27 12:22:25.691] Installing kernel driver
[2025-05-27 12:22:25.691] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:22:28.855] Kernel driver installation completed
[2025-05-27 12:22:28.855] Starting GP driver service
[2025-05-27 12:22:28.855] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:22:32.004] GP driver service started
[2025-05-27 12:22:32.004] Executing malware sample: D:\new\ransomware_high_confidence\hive\da2128b5608ed39f1a4e4568e0751bd9f8cb4e8587f1a262314d13c03a6a8b9e.exe
[2025-05-27 12:22:32.004] Malware execution started
[2025-05-27 12:22:32.004] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:23:32.013] Taking screenshot
[2025-05-27 12:23:32.074] Taking screenshot done
[2025-05-27 12:23:32.074] Terminating malware: da2128b5608ed39f1a4e4568e0751bd9f

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:26:12.585] Powering off VM done
[2025-05-27 12:26:15.585] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:26:16.808] Restoring snapshot 35 done
[2025-05-27 12:26:16.809] Kernel telemetry analysis completed in 236.1 seconds.

[2025-05-27 12:26:16.809] ✅ Analysis completed successfully!
[2025-05-27 12:26:16.809] Progress: 46.5% (655/1408)
[2025-05-27 12:26:16.809] Successful: 655, Failed: 0
[2025-05-27 12:26:16.809] Time remaining: 27.9h
[2025-05-27 12:26:16.809] Waiting 5 seconds before next sample...
[2025-05-27 12:26:21.809] SAMPLE 656/1408
[2025-05-27 12:26:21.809] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 12:26:21.809] File: e17cf8294694af4ed412123981f620908a192947aab6ecd0c31cc59f2ac540ce.exe
[2025-05-27 12:26:21.809] Path: D:\new\ransomware_high_confidence\hive\e17cf8294694af4ed412123981f620908a192947aab6ecd0c31cc59f2ac540ce.exe
[2025-05-27 12:26:21.809] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\e17cf8294694af4ed412123981f620908a192947aab6ecd0c31cc59f2ac540ce.exe
[2025-05-27 12:26:21.809] Malware execution time: 60 sec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:26:23.651] Restoring snapshot 35 done
[2025-05-27 12:26:23.651] Starting up VM
[2025-05-27 12:26:30.492] Starting up VM done
[2025-05-27 12:26:30.492] Installing kernel driver
[2025-05-27 12:26:30.492] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:26:34.752] Kernel driver installation completed
[2025-05-27 12:26:34.752] Starting GP driver service
[2025-05-27 12:26:34.752] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:26:37.900] GP driver service started
[2025-05-27 12:26:37.900] Executing malware sample: D:\new\ransomware_high_confidence\hive\e17cf8294694af4ed412123981f620908a192947aab6ecd0c31cc59f2ac540ce.exe
[2025-05-27 12:26:37.900] Malware execution started
[2025-05-27 12:26:37.900] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:27:37.908] Taking screenshot
[2025-05-27 12:27:37.969] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:30:17.475] Powering off VM done
[2025-05-27 12:30:20.476] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:30:22.213] Restoring snapshot 35 done
[2025-05-27 12:30:22.213] Kernel telemetry analysis completed in 240.4 seconds.

[2025-05-27 12:30:22.213] ✅ Analysis completed successfully!
[2025-05-27 12:30:22.213] Progress: 46.6% (656/1408)
[2025-05-27 12:30:22.213] Successful: 656, Failed: 0
[2025-05-27 12:30:22.213] Time remaining: 27.9h
[2025-05-27 12:30:22.213] Waiting 5 seconds before next sample...
[2025-05-27 12:30:27.213] SAMPLE 657/1408
[2025-05-27 12:30:27.213] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 12:30:27.213] File: e9def82da36450f16c48af3abbba2a31f53c9c2f6fae6cf895fbf10698c04ed2.exe
[2025-05-27 12:30:27.213] Path: D:\new\ransomware_high_confidence\hive\e9def82da36450f16c48af3abbba2a31f53c9c2f6fae6cf895fbf10698c04ed2.exe
[2025-05-27 12:30:27.213] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\e9def82da36450f16c48af3abbba2a31f53c9c2f6fae6cf895fbf10698c04ed2.exe
[2025-05-27 12:30:27.213] Malware execution time: 60 sec

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:30:29.015] Restoring snapshot 35 done
[2025-05-27 12:30:29.015] Starting up VM
[2025-05-27 12:30:35.543] Starting up VM done
[2025-05-27 12:30:35.543] Installing kernel driver
[2025-05-27 12:30:35.543] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:30:39.240] Kernel driver installation completed
[2025-05-27 12:30:39.240] Starting GP driver service
[2025-05-27 12:30:39.240] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:30:42.389] GP driver service started
[2025-05-27 12:30:42.390] Executing malware sample: D:\new\ransomware_high_confidence\hive\e9def82da36450f16c48af3abbba2a31f53c9c2f6fae6cf895fbf10698c04ed2.exe
[2025-05-27 12:30:42.390] Malware execution started
[2025-05-27 12:30:42.390] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:31:42.398] Taking screenshot
[2025-05-27 12:31:42.458] Taking sc

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:34:23.853] Restoring snapshot 35
[2025-05-27 12:34:23.904] Restoring snapshot 35 done
[2025-05-27 12:34:23.904] Kernel telemetry analysis completed in 236.7 seconds.

[2025-05-27 12:34:23.904] ✅ Analysis completed successfully!
[2025-05-27 12:34:23.904] Progress: 46.7% (657/1408)
[2025-05-27 12:34:23.904] Successful: 657, Failed: 0
[2025-05-27 12:34:23.905] Time remaining: 27.9h
[2025-05-27 12:34:23.905] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:34:28.905] SAMPLE 658/1408
[2025-05-27 12:34:28.905] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 12:34:28.905] File: ea953cb3c4858e971dc4d75a2a11a6d0af42af36c0cad9c3f1e08d4c6e5f2ef8.exe
[2025-05-27 12:34:28.905] Path: D:\new\ransomware_high_confidence\hive\ea953cb3c4858e971dc4d75a2a11a6d0af42af36c0cad9c3f1e08d4c6e5f2ef8.exe
[2025-05-27 12:34:28.905] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\ea953cb3c4858e971dc4d75a2a11a6d0af42af36c0cad9c3f1e08d4c6e5f2ef8.exe
[2025-05-27 12:34:28.905] Malware execution time: 60 seconds
[2025-05-27 12:34:28.905] Restoring snapshot 35
[2025-05-27 12:34:29.081] Restoring snapshot 35 done
[2025-05-27 12:34:29.081] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:34:33.976] Starting up VM done
[2025-05-27 12:34:33.976] Installing kernel driver
[2025-05-27 12:34:33.976] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:34:37.140] Kernel driver installation completed
[2025-05-27 12:34:37.140] Starting GP driver service
[2025-05-27 12:34:37.140] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:34:40.295] GP driver service started
[2025-05-27 12:34:40.295] Executing malware sample: D:\new\ransomware_high_confidence\hive\ea953cb3c4858e971dc4d75a2a11a6d0af42af36c0cad9c3f1e08d4c6e5f2ef8.exe
[2025-05-27 12:34:40.296] Malware execution started
[2025-05-27 12:34:40.296] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:35:40.303] Taking screenshot
[2025-05-27 12:35:40.361] Taking screenshot done
[2025-05-27 12:35:40.361] Terminating malware: ea953cb3c4858e971dc4d75a2a11a6d0a

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:38:18.470] Powering off VM done
[2025-05-27 12:38:21.470] Restoring snapshot 35
[2025-05-27 12:38:21.517] Restoring snapshot 35 done
[2025-05-27 12:38:21.517] Kernel telemetry analysis completed in 232.6 seconds.

[2025-05-27 12:38:21.517] ✅ Analysis completed successfully!
[2025-05-27 12:38:21.517] Progress: 46.7% (658/1408)
[2025-05-27 12:38:21.517] Successful: 658, Failed: 0
[2025-05-27 12:38:21.517] Time remaining: 27.9h
[2025-05-27 12:38:21.517] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:38:26.518] SAMPLE 659/1408
[2025-05-27 12:38:26.518] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 12:38:26.518] File: edf745e4d22485a77b93437843023b27d072fcffb14ea91ca8f309b14d5c5826.exe
[2025-05-27 12:38:26.518] Path: D:\new\ransomware_high_confidence\hive\edf745e4d22485a77b93437843023b27d072fcffb14ea91ca8f309b14d5c5826.exe
[2025-05-27 12:38:26.518] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\edf745e4d22485a77b93437843023b27d072fcffb14ea91ca8f309b14d5c5826.exe
[2025-05-27 12:38:26.518] Malware execution time: 60 seconds
[2025-05-27 12:38:26.518] Restoring snapshot 35
[2025-05-27 12:38:26.694] Restoring snapshot 35 done
[2025-05-27 12:38:26.694] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:38:31.681] Starting up VM done
[2025-05-27 12:38:31.681] Installing kernel driver
[2025-05-27 12:38:31.681] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:38:34.835] Kernel driver installation completed
[2025-05-27 12:38:34.835] Starting GP driver service
[2025-05-27 12:38:34.835] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:38:37.987] GP driver service started
[2025-05-27 12:38:37.988] Executing malware sample: D:\new\ransomware_high_confidence\hive\edf745e4d22485a77b93437843023b27d072fcffb14ea91ca8f309b14d5c5826.exe
[2025-05-27 12:38:37.988] Malware execution started
[2025-05-27 12:38:37.988] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:39:37.996] Taking screenshot
[2025-05-27 12:39:38.055] Taking screenshot done
[2025-05-27 12:39:38.055] Terminating malware: edf745e4d22485a77b93437843023b27d

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:42:16.490] Powering off VM done
[2025-05-27 12:42:19.491] Restoring snapshot 35
[2025-05-27 12:42:19.543] Restoring snapshot 35 done
[2025-05-27 12:42:19.543] Kernel telemetry analysis completed in 233.0 seconds.

[2025-05-27 12:42:19.543] ✅ Analysis completed successfully!
[2025-05-27 12:42:19.543] Progress: 46.8% (659/1408)
[2025-05-27 12:42:19.543] Successful: 659, Failed: 0
[2025-05-27 12:42:19.543] Time remaining: 27.9h
[2025-05-27 12:42:19.543] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:42:24.544] SAMPLE 660/1408
[2025-05-27 12:42:24.544] Family: D:\new\ransomware_high_confidence\hive
[2025-05-27 12:42:24.544] File: eeee2a6820eedbe2a37e4c992dc6b3135ee0e340892d2acf74e8a5defb30c7d4.exe
[2025-05-27 12:42:24.544] Path: D:\new\ransomware_high_confidence\hive\eeee2a6820eedbe2a37e4c992dc6b3135ee0e340892d2acf74e8a5defb30c7d4.exe
[2025-05-27 12:42:24.544] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\hive\eeee2a6820eedbe2a37e4c992dc6b3135ee0e340892d2acf74e8a5defb30c7d4.exe
[2025-05-27 12:42:24.544] Malware execution time: 60 seconds
[2025-05-27 12:42:24.544] Restoring snapshot 35
[2025-05-27 12:42:24.726] Restoring snapshot 35 done
[2025-05-27 12:42:24.726] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:42:29.664] Starting up VM done
[2025-05-27 12:42:29.664] Installing kernel driver
[2025-05-27 12:42:29.664] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:42:32.829] Kernel driver installation completed
[2025-05-27 12:42:32.829] Starting GP driver service
[2025-05-27 12:42:32.829] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:42:35.982] GP driver service started
[2025-05-27 12:42:35.982] Executing malware sample: D:\new\ransomware_high_confidence\hive\eeee2a6820eedbe2a37e4c992dc6b3135ee0e340892d2acf74e8a5defb30c7d4.exe
[2025-05-27 12:42:35.982] Malware execution started
[2025-05-27 12:42:35.982] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:43:35.991] Taking screenshot
[2025-05-27 12:43:36.053] Taking screenshot done
[2025-05-27 12:43:36.053] Terminating malware: eeee2a6820eedbe2a37e4c992dc6b3135

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:43:49.802] Powering off VM done
[2025-05-27 12:43:52.803] Restoring snapshot 35
[2025-05-27 12:43:52.851] Restoring snapshot 35 done
[2025-05-27 12:43:52.851] Kernel telemetry analysis completed in 88.3 seconds.

[2025-05-27 12:43:52.851] ✅ Analysis completed successfully!
[2025-05-27 12:43:52.851] Progress: 46.9% (660/1408)
[2025-05-27 12:43:52.851] Successful: 660, Failed: 0
[2025-05-27 12:43:52.851] Time remaining: 27.9h
[2025-05-27 12:43:52.851] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:43:57.851] SAMPLE 661/1408
[2025-05-27 12:43:57.851] Family: D:\new\ransomware_high_confidence\holyghost
[2025-05-27 12:43:57.851] File: 541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.exe
[2025-05-27 12:43:57.851] Path: D:\new\ransomware_high_confidence\holyghost\541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.exe
[2025-05-27 12:43:57.851] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\holyghost\541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.exe
[2025-05-27 12:43:57.851] Malware execution time: 60 seconds
[2025-05-27 12:43:57.851] Restoring snapshot 35
[2025-05-27 12:43:58.027] Restoring snapshot 35 done
[2025-05-27 12:43:58.027] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:44:02.916] Starting up VM done
[2025-05-27 12:44:02.916] Installing kernel driver
[2025-05-27 12:44:02.916] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:44:06.065] Kernel driver installation completed
[2025-05-27 12:44:06.065] Starting GP driver service
[2025-05-27 12:44:06.065] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:44:09.213] GP driver service started
[2025-05-27 12:44:09.213] Executing malware sample: D:\new\ransomware_high_confidence\holyghost\541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.exe
[2025-05-27 12:44:09.213] Malware execution started
[2025-05-27 12:44:09.213] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:45:09.222] Taking screenshot
[2025-05-27 12:45:09.292] Taking screenshot done
[2025-05-27 12:45:09.292] Terminating malware: 541825cb652606c2ea12fd25a842

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:45:22.925] Powering off VM done
[2025-05-27 12:45:25.925] Restoring snapshot 35
[2025-05-27 12:45:25.978] Restoring snapshot 35 done
[2025-05-27 12:45:25.978] Kernel telemetry analysis completed in 88.1 seconds.

[2025-05-27 12:45:25.978] ✅ Analysis completed successfully!
[2025-05-27 12:45:25.978] Progress: 46.9% (661/1408)
[2025-05-27 12:45:25.978] Successful: 661, Failed: 0
[2025-05-27 12:45:25.978] Time remaining: 27.8h
[2025-05-27 12:45:25.978] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:45:30.978] SAMPLE 662/1408
[2025-05-27 12:45:30.978] Family: D:\new\ransomware_high_confidence\holyghost
[2025-05-27 12:45:30.978] File: 99fc54786a72f32fd44c7391c2171ca31e72ca52725c68e2dde94d04c286fccd.exe
[2025-05-27 12:45:30.978] Path: D:\new\ransomware_high_confidence\holyghost\99fc54786a72f32fd44c7391c2171ca31e72ca52725c68e2dde94d04c286fccd.exe
[2025-05-27 12:45:30.978] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\holyghost\99fc54786a72f32fd44c7391c2171ca31e72ca52725c68e2dde94d04c286fccd.exe
[2025-05-27 12:45:30.978] Malware execution time: 60 seconds
[2025-05-27 12:45:30.978] Restoring snapshot 35
[2025-05-27 12:45:31.155] Restoring snapshot 35 done
[2025-05-27 12:45:31.155] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:45:36.092] Starting up VM done
[2025-05-27 12:45:36.092] Installing kernel driver
[2025-05-27 12:45:36.092] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:45:39.250] Kernel driver installation completed
[2025-05-27 12:45:39.250] Starting GP driver service
[2025-05-27 12:45:39.250] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:45:42.402] GP driver service started
[2025-05-27 12:45:42.402] Executing malware sample: D:\new\ransomware_high_confidence\holyghost\99fc54786a72f32fd44c7391c2171ca31e72ca52725c68e2dde94d04c286fccd.exe
[2025-05-27 12:45:42.403] Malware execution started
[2025-05-27 12:45:42.403] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:46:42.411] Taking screenshot
[2025-05-27 12:46:42.474] Taking screenshot done
[2025-05-27 12:46:42.474] Terminating malware: 99fc54786a72f32fd44c7391c217

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:46:56.256] Powering off VM done
[2025-05-27 12:46:59.256] Restoring snapshot 35
[2025-05-27 12:46:59.306] Restoring snapshot 35 done
[2025-05-27 12:46:59.306] Kernel telemetry analysis completed in 88.3 seconds.

[2025-05-27 12:46:59.306] ✅ Analysis completed successfully!
[2025-05-27 12:46:59.306] Progress: 47.0% (662/1408)
[2025-05-27 12:46:59.306] Successful: 662, Failed: 0
[2025-05-27 12:46:59.306] Time remaining: 27.8h
[2025-05-27 12:46:59.306] Waiting 5 seconds before next sample...


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:47:04.307] SAMPLE 663/1408
[2025-05-27 12:47:04.307] Family: D:\new\ransomware_high_confidence\holyghost
[2025-05-27 12:47:04.307] File: bea866b327a2dc2aa104b7ad7307008919c06620771ec3715a059e675d9f40af.exe
[2025-05-27 12:47:04.307] Path: D:\new\ransomware_high_confidence\holyghost\bea866b327a2dc2aa104b7ad7307008919c06620771ec3715a059e675d9f40af.exe
[2025-05-27 12:47:04.307] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\holyghost\bea866b327a2dc2aa104b7ad7307008919c06620771ec3715a059e675d9f40af.exe
[2025-05-27 12:47:04.307] Malware execution time: 60 seconds
[2025-05-27 12:47:04.307] Restoring snapshot 35
[2025-05-27 12:47:04.484] Restoring snapshot 35 done
[2025-05-27 12:47:04.484] Starting up VM


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:47:09.429] Starting up VM done
[2025-05-27 12:47:09.429] Installing kernel driver
[2025-05-27 12:47:09.429] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:47:12.597] Kernel driver installation completed
[2025-05-27 12:47:12.597] Starting GP driver service
[2025-05-27 12:47:12.597] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:47:15.754] GP driver service started
[2025-05-27 12:47:15.754] Executing malware sample: D:\new\ransomware_high_confidence\holyghost\bea866b327a2dc2aa104b7ad7307008919c06620771ec3715a059e675d9f40af.exe
[2025-05-27 12:47:15.755] Malware execution started
[2025-05-27 12:47:15.755] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:48:15.763] Taking screenshot
[2025-05-27 12:48:15.830] Taking screenshot done
[2025-05-27 12:48:15.830] Terminating malware: bea866b327a2dc2aa104b7ad7307

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:48:32.189] Powering off VM done
[2025-05-27 12:48:35.189] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:48:36.192] Restoring snapshot 35 done
[2025-05-27 12:48:36.192] Kernel telemetry analysis completed in 91.9 seconds.

[2025-05-27 12:48:36.192] ✅ Analysis completed successfully!
[2025-05-27 12:48:36.192] Progress: 47.1% (663/1408)
[2025-05-27 12:48:36.192] Successful: 663, Failed: 0
[2025-05-27 12:48:36.192] Time remaining: 27.7h
[2025-05-27 12:48:36.192] Waiting 5 seconds before next sample...
[2025-05-27 12:48:41.192] SAMPLE 664/1408
[2025-05-27 12:48:41.192] Family: D:\new\ransomware_high_confidence\holyghost
[2025-05-27 12:48:41.192] File: f8fc2445a9814ca8cf48a979bff7f182d6538f4d1ff438cf259268e8b4b76f86.exe
[2025-05-27 12:48:41.192] Path: D:\new\ransomware_high_confidence\holyghost\f8fc2445a9814ca8cf48a979bff7f182d6538f4d1ff438cf259268e8b4b76f86.exe
[2025-05-27 12:48:41.192] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\holyghost\f8fc2445a9814ca8cf48a979bff7f182d6538f4d1ff438cf259268e8b4b76f86.exe
[2025-05-27 12:48:41.192] Malware executio

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:48:42.812] Restoring snapshot 35 done
[2025-05-27 12:48:42.812] Starting up VM
[2025-05-27 12:48:48.716] Starting up VM done
[2025-05-27 12:48:48.716] Installing kernel driver
[2025-05-27 12:48:48.716] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:48:52.941] Kernel driver installation completed
[2025-05-27 12:48:52.942] Starting GP driver service
[2025-05-27 12:48:52.942] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:48:56.099] GP driver service started
[2025-05-27 12:48:56.099] Executing malware sample: D:\new\ransomware_high_confidence\holyghost\f8fc2445a9814ca8cf48a979bff7f182d6538f4d1ff438cf259268e8b4b76f86.exe
[2025-05-27 12:48:56.099] Malware execution started
[2025-05-27 12:48:56.099] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:49:56.107] Taking screenshot
[2025-05-27 12:49:56.169] Taki

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:50:13.903] Powering off VM done
[2025-05-27 12:50:16.904] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:50:18.164] Restoring snapshot 35 done
[2025-05-27 12:50:18.164] Kernel telemetry analysis completed in 97.0 seconds.

[2025-05-27 12:50:18.164] ✅ Analysis completed successfully!
[2025-05-27 12:50:18.164] Progress: 47.2% (664/1408)
[2025-05-27 12:50:18.164] Successful: 664, Failed: 0
[2025-05-27 12:50:18.164] Time remaining: 27.7h
[2025-05-27 12:50:18.164] Waiting 5 seconds before next sample...
[2025-05-27 12:50:23.165] SAMPLE 665/1408
[2025-05-27 12:50:23.165] Family: D:\new\ransomware_high_confidence\karma
[2025-05-27 12:50:23.165] File: 04f76d44db4c3a8d810348f65e539f8d65af3ee764c058290033da8f5c508fc5.exe
[2025-05-27 12:50:23.165] Path: D:\new\ransomware_high_confidence\karma\04f76d44db4c3a8d810348f65e539f8d65af3ee764c058290033da8f5c508fc5.exe
[2025-05-27 12:50:23.165] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\karma\04f76d44db4c3a8d810348f65e539f8d65af3ee764c058290033da8f5c508fc5.exe
[2025-05-27 12:50:23.165] Malware execution time: 60 s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:50:24.838] Restoring snapshot 35 done
[2025-05-27 12:50:24.838] Starting up VM
[2025-05-27 12:50:30.763] Starting up VM done
[2025-05-27 12:50:30.763] Installing kernel driver
[2025-05-27 12:50:30.763] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:50:35.052] Kernel driver installation completed
[2025-05-27 12:50:35.052] Starting GP driver service
[2025-05-27 12:50:35.052] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:50:38.203] GP driver service started
[2025-05-27 12:50:38.203] Executing malware sample: D:\new\ransomware_high_confidence\karma\04f76d44db4c3a8d810348f65e539f8d65af3ee764c058290033da8f5c508fc5.exe
[2025-05-27 12:50:38.204] Malware execution started
[2025-05-27 12:50:38.204] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:51:38.212] Taking screenshot
[2025-05-27 12:51:38.275] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:52:08.275] Powering off VM done
[2025-05-27 12:52:11.276] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:52:12.508] Restoring snapshot 35 done
[2025-05-27 12:52:12.508] Kernel telemetry analysis completed in 109.3 seconds.

[2025-05-27 12:52:12.508] ✅ Analysis completed successfully!
[2025-05-27 12:52:12.508] Progress: 47.2% (665/1408)
[2025-05-27 12:52:12.508] Successful: 665, Failed: 0
[2025-05-27 12:52:12.508] Time remaining: 27.6h
[2025-05-27 12:52:12.508] Waiting 5 seconds before next sample...
[2025-05-27 12:52:17.508] SAMPLE 666/1408
[2025-05-27 12:52:17.508] Family: D:\new\ransomware_high_confidence\karma
[2025-05-27 12:52:17.508] File: 0d037ee0252e4f26800bcf7c750f61d0c549b7ba0a522c75e8d96dcf4f689e27.exe
[2025-05-27 12:52:17.508] Path: D:\new\ransomware_high_confidence\karma\0d037ee0252e4f26800bcf7c750f61d0c549b7ba0a522c75e8d96dcf4f689e27.exe
[2025-05-27 12:52:17.508] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\karma\0d037ee0252e4f26800bcf7c750f61d0c549b7ba0a522c75e8d96dcf4f689e27.exe
[2025-05-27 12:52:17.508] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:52:19.052] Restoring snapshot 35 done
[2025-05-27 12:52:19.052] Starting up VM
[2025-05-27 12:52:25.148] Starting up VM done
[2025-05-27 12:52:25.148] Installing kernel driver
[2025-05-27 12:52:25.148] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:52:29.344] Kernel driver installation completed
[2025-05-27 12:52:29.344] Starting GP driver service
[2025-05-27 12:52:29.344] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:52:32.492] GP driver service started
[2025-05-27 12:52:32.492] Executing malware sample: D:\new\ransomware_high_confidence\karma\0d037ee0252e4f26800bcf7c750f61d0c549b7ba0a522c75e8d96dcf4f689e27.exe
[2025-05-27 12:52:32.493] Malware execution started
[2025-05-27 12:52:32.493] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:53:32.501] Taking screenshot
[2025-05-27 12:53:32.567] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:54:31.134] Powering off VM done
[2025-05-27 12:54:34.134] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:54:35.635] Restoring snapshot 35 done
[2025-05-27 12:54:35.635] Kernel telemetry analysis completed in 138.1 seconds.

[2025-05-27 12:54:35.635] ✅ Analysis completed successfully!
[2025-05-27 12:54:35.635] Progress: 47.3% (666/1408)
[2025-05-27 12:54:35.635] Successful: 666, Failed: 0
[2025-05-27 12:54:35.635] Time remaining: 27.6h
[2025-05-27 12:54:35.635] Waiting 5 seconds before next sample...
[2025-05-27 12:54:40.636] SAMPLE 667/1408
[2025-05-27 12:54:40.636] Family: D:\new\ransomware_high_confidence\karma
[2025-05-27 12:54:40.636] File: 124f3a5caf6eb464027f2865225a6a1238c3639e5b4a399f0f7f2dda7bd75aec.exe
[2025-05-27 12:54:40.636] Path: D:\new\ransomware_high_confidence\karma\124f3a5caf6eb464027f2865225a6a1238c3639e5b4a399f0f7f2dda7bd75aec.exe
[2025-05-27 12:54:40.636] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\karma\124f3a5caf6eb464027f2865225a6a1238c3639e5b4a399f0f7f2dda7bd75aec.exe
[2025-05-27 12:54:40.636] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:54:42.332] Restoring snapshot 35 done
[2025-05-27 12:54:42.332] Starting up VM
[2025-05-27 12:54:49.082] Starting up VM done
[2025-05-27 12:54:49.082] Installing kernel driver
[2025-05-27 12:54:49.082] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:54:54.009] Kernel driver installation completed
[2025-05-27 12:54:54.009] Starting GP driver service
[2025-05-27 12:54:54.009] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:54:57.156] GP driver service started
[2025-05-27 12:54:57.156] Executing malware sample: D:\new\ransomware_high_confidence\karma\124f3a5caf6eb464027f2865225a6a1238c3639e5b4a399f0f7f2dda7bd75aec.exe
[2025-05-27 12:54:57.156] Malware execution started
[2025-05-27 12:54:57.156] Waiting for 60 seconds for malware execution
[############################################################] 60/60s - Complete!
[2025-05-27 12:55:57.165] Taking screenshot
[2025-05-27 12:55:57.227] Taking s

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:56:16.902] Powering off VM done
[2025-05-27 12:56:19.902] Restoring snapshot 35


0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:56:21.467] Restoring snapshot 35 done
[2025-05-27 12:56:21.467] Kernel telemetry analysis completed in 100.8 seconds.

[2025-05-27 12:56:21.468] ✅ Analysis completed successfully!
[2025-05-27 12:56:21.468] Progress: 47.4% (667/1408)
[2025-05-27 12:56:21.468] Successful: 667, Failed: 0
[2025-05-27 12:56:21.468] Time remaining: 27.5h
[2025-05-27 12:56:21.468] Waiting 5 seconds before next sample...
[2025-05-27 12:56:26.468] SAMPLE 668/1408
[2025-05-27 12:56:26.468] Family: D:\new\ransomware_high_confidence\karma
[2025-05-27 12:56:26.468] File: 19417c0a38a1206007a0cc82c0fc2e19db897214d27d0998bc4dbac53cc2788d.exe
[2025-05-27 12:56:26.468] Path: D:\new\ransomware_high_confidence\karma\19417c0a38a1206007a0cc82c0fc2e19db897214d27d0998bc4dbac53cc2788d.exe
[2025-05-27 12:56:26.468] Starting kernel telemetry analysis for D:\new\ransomware_high_confidence\karma\19417c0a38a1206007a0cc82c0fc2e19db897214d27d0998bc4dbac53cc2788d.exe
[2025-05-27 12:56:26.468] Malware execution time: 60 

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%


[2025-05-27 12:56:28.290] Restoring snapshot 35 done
[2025-05-27 12:56:28.290] Starting up VM
[2025-05-27 12:56:34.807] Starting up VM done
[2025-05-27 12:56:34.807] Installing kernel driver
[2025-05-27 12:56:34.807] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && install.bat
[2025-05-27 12:56:38.558] Kernel driver installation completed
[2025-05-27 12:56:38.558] Starting GP driver service
[2025-05-27 12:56:38.558] Executing: cd /d C:\Users\wineleven\Documents\Hafidz\ && sc start gp-driver
[2025-05-27 12:56:41.714] GP driver service started
[2025-05-27 12:56:41.714] Executing malware sample: D:\new\ransomware_high_confidence\karma\19417c0a38a1206007a0cc82c0fc2e19db897214d27d0998bc4dbac53cc2788d.exe
[2025-05-27 12:56:41.715] Malware execution started
[2025-05-27 12:56:41.715] Waiting for 60 seconds for malware execution
[############################________________________________] 28/60s