https://pastein.ru/t/9W8
Загрузка данных
+==========================================================+
| RANSOMWARE TRIAGE COLLECTOR v1.0.0 |
+==========================================================+
[2026-06-02 11:52:36.807] [INFO] Case ID : triage_ilyavm_20260602_115236
[2026-06-02 11:52:36.838] [INFO] Host : ilyavm
[2026-06-02 11:52:36.840] [INFO] OS : Linux
[2026-06-02 11:52:36.844] [INFO] PS : 7.6.2 (Core)
[2026-06-02 11:52:36.846] [INFO] Admin : True
[2026-06-02 11:52:36.849] [INFO] Output : /home/ilya/Downloads/курсач (2)/курсач/.Output/triage_ilyavm_20260602_115236
[2026-06-02 11:52:36.851] [INFO] Started : 2026-06-02T11:52:36.6610303+03:00
[2026-06-02 11:52:36.857] [OK] ------------------------------------------------------------
[2026-06-02 11:52:36.859] [OK] Step 1/4 - Volatile data (RFC 3227)
[2026-06-02 11:52:36.862] [OK] ------------------------------------------------------------
[2026-06-02 11:52:36.926] [INFO] Module loaded: Collect-Volatile
[2026-06-02 11:54:51.270] [ERROR] ERROR in step 'Volatile': The script failed due to call depth overflow.
[2026-06-02 11:54:51.288] [ERROR] Stack: at Write-TriageLog, /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Volatile.psm1: line 31
at Write-TriageLog, /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Volatile.psm1: line 31
at Write-TriageLog, /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Volatile.psm1: line 31
at Write-TriageLog, /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Volatile.psm1: line 31
at Write-TriageLog, /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Volatile.psm1: line 31
at Write-TriageLog, /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Volatile.psm1: line 31
at Write-TriageLog, /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Volatile.psm1: line 31
at Write-TriageLog, /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Volatile.psm1: line 31
at Write-TriageLog, /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Volatile.psm1: line 31
at Write-TriageLog, /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Volatile.psm1: line 31
at Write-TriageLog, /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Volatile.psm1: line 31
at Invoke-VolatileCollection, /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Volatile.psm1: line 483
at <ScriptBlock>, /home/ilya/Downloads/курсач (2)/курсач/Invoke-Triage.ps1: line 421
at Invoke-TriageStep, /home/ilya/Downloads/курсач (2)/курсач/Invoke-Triage.ps1: line 287
at Start-Triage, /home/ilya/Downloads/курсач (2)/курсач/Invoke-Triage.ps1: line 419
at <ScriptBlock>, /home/ilya/Downloads/курсач (2)/курсач/Invoke-Triage.ps1: line 516
[2026-06-02 11:54:51.348] [OK] ------------------------------------------------------------
[2026-06-02 11:54:51.350] [OK] Step 2/4 - Network artifacts
[2026-06-02 11:54:51.352] [OK] ------------------------------------------------------------
[2026-06-02 11:54:51.361] [INFO] Module loaded: Collect-Network
[2026-06-02 11:54:51.371] [INFO] [net] DNS cache...
[2026-06-02 11:54:51.475] [INFO] [net] hosts file...
[2026-06-02 11:54:51.545] [WARN] [net] non-default lines in hosts: 6
[2026-06-02 11:54:51.559] [INFO] [net] ARP table...
[2026-06-02 11:54:51.684] [INFO] [net] routing table...
[2026-06-02 11:54:51.732] [INFO] [net] firewall...
[2026-06-02 11:54:51.819] [WARN] [net/fw] iptables empty or unavailable
[2026-06-02 11:54:51.828] [WARN] [net/fw] iptables empty or unavailable - system may be unprotected
[2026-06-02 11:54:51.830] [INFO] [net] network adapters...
[2026-06-02 11:54:51.845] [INFO] [net] IoC matching...
[2026-06-02 11:54:51.856] [INFO] [net] no IoC matches found
[2026-06-02 11:54:51.858] [OK] Network: complete
[2026-06-02 11:54:51.859] [OK] Step completed: Network
[2026-06-02 11:54:51.862] [OK] ------------------------------------------------------------
[2026-06-02 11:54:51.864] [OK] Step 3/4 - File system
[2026-06-02 11:54:51.867] [OK] ------------------------------------------------------------
[2026-06-02 11:54:51.887] [INFO] Module loaded: Collect-FileSystem
[2026-06-02 11:54:51.890] [INFO] Scan paths: /root/RansomwareTestEnv
[2026-06-02 11:54:51.899] [INFO] [fs] scan paths: /root/RansomwareTestEnv
[2026-06-02 11:54:51.910] [INFO] [fs] searching for suspicious extensions...
[2026-06-02 11:54:51.915] [INFO] [ext-scan] /root/RansomwareTestEnv
[2026-06-02 11:54:51.951] [WARN] [fs] found: 12 files, families: 12
[2026-06-02 11:54:51.953] [INFO] [fs] searching for ransom notes...
[2026-06-02 11:54:51.990] [WARN] [fs] ransom notes found: 3
[2026-06-02 11:54:51.992] [INFO] [fs] entropy analysis (threshold H > 7.9)...
[2026-06-02 11:54:52.002] [INFO] [entropy] checked files: 0, anomalies: 0
[2026-06-02 11:54:52.004] [INFO] [fs] no entropy anomalies found
[2026-06-02 11:54:52.007] [INFO] [fs] modification timeline analysis...
[2026-06-02 11:54:52.031] [OK] FileSystem: complete
[2026-06-02 11:54:52.043] [OK] Step completed: FileSystem
[2026-06-02 11:54:52.045] [OK] ------------------------------------------------------------
[2026-06-02 11:54:52.047] [OK] Step 4/4 - System artifacts (Linux)
[2026-06-02 11:54:52.049] [OK] ------------------------------------------------------------
[2026-06-02 11:54:52.060] [ERROR] ERROR in step 'Collect-Linux': The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: At /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Linux.psm1:235 char:38
+ @{ Pattern = "python.*-c\s+["'\\']import\s+socket"; Reason = …
+ ~~~~
Unexpected token ''\\'' in expression or statement.
At /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Linux.psm1:235 char:11
+ @{ Pattern = "python.*-c\s+["'\\']import\s+socket"; Reason = …
+ ~
Missing closing '}' in statement block or type definition.
At /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Linux.psm1:235 char:42
+ @{ Pattern = "python.*-c\s+["'\\']import\s+socket"; Reason = …
+ ~
Unexpected token ']' in expression or statement.
At /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Linux.psm1:471 char:71
+ … -Description "All authorized_keys ($($authKeysData.Count) keys)"
+ ~~~~
Unexpected token 'keys' in expression or statement.
At /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Linux.psm1:471 char:70
+ … -Description "All authorized_keys ($($authKeysData.Count) keys)"
+ ~
Missing closing ')' in expression.
At /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Linux.psm1:471 char:76
+ … -Description "All authorized_keys ($($authKeysData.Count) keys)"
+ ~
Unexpected token '"
}
Add-ToManifest -Path $sshDir -Category 'linux' -Description 'SSH configuration and keys'
Write-TriageLog "' in expression or statement.
At /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Linux.psm1:475 char:26
+ Write-TriageLog " [linux/ssh] SSH artifacts collected" -Level …
+ ~~~~~~~~~~~
Unexpected token '[linux/ssh]' in expression or statement.
At /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Linux.psm1:475 char:31
+ Write-TriageLog " [linux/ssh] SSH artifacts collected" -Level …
+ ~
Missing ] at end of attribute or type literal.
At /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Linux.psm1:475 char:33
+ Write-TriageLog " [linux/ssh] SSH artifacts collected" -Level …
+ ~
You must provide a value expression following the '/' operator.
At /home/ilya/Downloads/курсач (2)/курсач/Modules/Collect-Linux.psm1:475 char:33
+ Write-TriageLog " [linux/ssh] SSH artifacts collected" -Level …
+ ~~~~
Unexpected token 'ssh]' in expression or statement.
Not all parse errors were reported. Correct the reported errors and try again.
[2026-06-02 11:54:52.062] [ERROR] Stack: at Import-TriageModule, /home/ilya/Downloads/курсач (2)/курсач/Invoke-Triage.ps1: line 188
at <ScriptBlock>, /home/ilya/Downloads/курсач (2)/курсач/Invoke-Triage.ps1: line 460
at Invoke-TriageStep, /home/ilya/Downloads/курсач (2)/курсач/Invoke-Triage.ps1: line 287
at Start-Triage, /home/ilya/Downloads/курсач (2)/курсач/Invoke-Triage.ps1: line 459
at <ScriptBlock>, /home/ilya/Downloads/курсач (2)/курсач/Invoke-Triage.ps1: line 516
[2026-06-02 11:54:52.064] [OK] ------------------------------------------------------------
[2026-06-02 11:54:52.066] [OK] Finalization
[2026-06-02 11:54:52.068] [OK] ------------------------------------------------------------
[2026-06-02 11:54:52.106] [OK] Manifest saved: /home/ilya/Downloads/курсач (2)/курсач/.Output/triage_ilyavm_20260602_115236/manifest.json (13 artifacts)
[2026-06-02 11:54:52.113] [INFO] Module loaded: Export-Report
[2026-06-02 11:54:52.118] [INFO] [report] building summary...
[2026-06-02 11:54:52.165] [INFO] [report] generating HTML...
[2026-06-02 11:54:52.197] [WARN] [report] risk: CRITICAL (score: 70)
[2026-06-02 11:54:52.199] [OK] [report] summary.json -> /home/ilya/Downloads/курсач (2)/курсач/.Output/triage_ilyavm_20260602_115236/summary.json
[2026-06-02 11:54:52.201] [OK] [report] report.html -> /home/ilya/Downloads/курсач (2)/курсач/.Output/triage_ilyavm_20260602_115236/report.html
[2026-06-02 11:54:52.306] [INFO] [report] packing: /home/ilya/Downloads/курсач (2)/курсач/.Output/triage_ilyavm_20260602_115236.zip
[2026-06-02 11:54:52.588] [OK] [report] archive: /home/ilya/Downloads/курсач (2)/курсач/.Output/triage_ilyavm_20260602_115236.zip (0.04 MB)
[2026-06-02 11:54:52.590] [OK] [report] SHA256: 7D3EE0ADC585DC52CE5CFA75E57E699DEB84ABEF095993D74F5554C9DB8E5CBA
[2026-06-02 11:54:52.592] [OK] [report] hash file: /home/ilya/Downloads/курсач (2)/курсач/.Output/triage_ilyavm_20260602_115236.zip.sha256
[2026-06-02 11:54:52.593] [OK] Step completed: Export-Report
[2026-06-02 11:54:52.622] [OK] Manifest saved: /home/ilya/Downloads/курсач (2)/курсач/.Output/triage_ilyavm_20260602_115236/manifest.json (15 artifacts)
[2026-06-02 11:54:52.627] [OK] Duration: 00:02:15
============================================================
RANSOMWARE TRIAGE - COMPLETE
============================================================
Case ID : triage_ilyavm_20260602_115236
Host : ilyavm
OS : Linux
Duration : 00:02:15
Artifacts : 15
Errors : 2
RISK ASSESSMENT
Level : CRITICAL (score: 70/100)
OUTPUT
Dir : /home/ilya/Downloads/курсач (2)/курсач/.Output/triage_ilyavm_20260602_115236
Report : /home/ilya/Downloads/курсач (2)/курсач/.Output/triage_ilyavm_20260602_115236/report.html
Manifest : /home/ilya/Downloads/курсач (2)/курсач/.Output/triage_ilyavm_20260602_115236/manifest.json
Archive : /home/ilya/Downloads/курсач (2)/курсач/.Output/triage_ilyavm_20260602_115236.zip (0 MB)
============================================================
