Skip to content

Instantly share code, notes, and snippets.

@YESIHACK

YESIHACK/Cuckoo Log

Created August 9, 2019 13:44
Show Gist options
  • Save YESIHACK/10fb67add91840f28fa672e196d76e66 to your computer and use it in GitHub Desktop.
Save YESIHACK/10fb67add91840f28fa672e196d76e66 to your computer and use it in GitHub Desktop.
Download ZIP
Cuckoo log
Raw
Cuckoo Log
root@ubuntu:/opt/Tools/Virtualization# cuckooboot
sSSs .S S. sSSs .S S. sSSs_sSSs sSSs_sSSs
d%%SP .SS SS. d%%SP .SS SS. d%%SP~YS%%b d%%SP~YS%%b
d%S' S%S S%S d%S' S%S S&S d%S' `S%b d%S' `S%b
S%S S%S S%S S%S S%S d*S S%S S%S S%S S%S
S&S S&S S&S S&S S&S .S*S S&S S&S S&S S&S
S&S S&S S&S S&S S&S_sdSSS S&S S&S S&S S&S
S&S S&S S&S S&S S&S~YSSY%b S&S S&S S&S S&S
S&S S&S S&S S&S S&S `S% S&S S&S S&S S&S
S*b S*b d*S S*b S*S S% S*b d*S S*b d*S
S*S. S*S. .S*S S*S. S*S S& S*S. .S*S S*S. .S*S
SSSbs SSSbs_sdSSS SSSbs S*S S& SSSbs_sdSSS SSSbs_sdSSS
YSSP YSSP~YSSY YSSP S*S SS YSSP~YSSY YSSP~YSSY
SP
Y
Cuckoo Sandbox 1.3-CAPE
www.cuckoosandbox.org
Copyright (c) 2010-2015
CAPE: Config and Payload Extraction
github.com/ctxis/CAPE
2019-08-09 13:36:43,873 [root] DEBUG: Importing modules...
2019-08-09 13:36:44,048 [root] INFO: Generating grammar tables from /usr/lib/python2.7/lib2to3/
2019-08-09 13:36:44,063 [root] INFO: Generating grammar tables from /usr/lib/python2.7/lib2to3/
Ensure oletools are installed
WARNING [abstract.py:18 - <module>() ] You're using python 2, it is strongly recommended to use
2019-08-09 13:36:44,506 [pymisp] WARNING: You're using python 2, it is strongly recommended to
WARNING [mispevent.py:23 - <module>() ] You're using python 2, it is strongly recommended to us
2019-08-09 13:36:44,506 [pymisp] WARNING: You're using python 2, it is strongly recommended to
2019-08-09 13:36:44,602 [root] DEBUG: Imported "signatures" modules:
2019-08-09 13:36:44,603 [root] DEBUG: |-- CAPEDetectedThreat
2019-08-09 13:36:44,603 [root] DEBUG: |-- CAPE_Compression
2019-08-09 13:36:44,603 [root] DEBUG: |-- CAPE_Doppelganging
2019-08-09 13:36:44,603 [root] DEBUG: |-- CAPE_EvilGrab
2019-08-09 13:36:44,603 [root] DEBUG: |-- CAPE_Extraction
2019-08-09 13:36:44,603 [root] DEBUG: |-- CAPE_Injection
2019-08-09 13:36:44,603 [root] DEBUG: |-- CAPE_InjectionCreateRemoteThread
2019-08-09 13:36:44,603 [root] DEBUG: |-- CAPE_InjectionProcessHollowing
2019-08-09 13:36:44,603 [root] DEBUG: |-- CAPE_InjectionSetWindowLong
2019-08-09 13:36:44,603 [root] DEBUG: |-- CAPE_PlugX
2019-08-09 13:36:44,604 [root] DEBUG: |-- CAPE_RegBinary
2019-08-09 13:36:44,604 [root] DEBUG: |-- CAPE_TransactedHollowing
2019-08-09 13:36:44,604 [root] DEBUG: |-- Alphacrypt_APIs
2019-08-09 13:36:44,604 [root] DEBUG: |-- Andromeda_APIs
2019-08-09 13:36:44,604 [root] DEBUG: |-- anomalous_deletefile
2019-08-09 13:36:44,604 [root] DEBUG: |-- AntiAnalysisDetectFile
2019-08-09 13:36:44,604 [root] DEBUG: |-- AntiAnalysisDetectReg
2019-08-09 13:36:44,604 [root] DEBUG: |-- AvastDetectLibs
2019-08-09 13:36:44,604 [root] DEBUG: |-- BitdefenderDetectLibs
2019-08-09 13:36:44,604 [root] DEBUG: |-- ModifiesAttachmentManager
2019-08-09 13:36:44,604 [root] DEBUG: |-- AntiAVDetectFile
2019-08-09 13:36:44,604 [root] DEBUG: |-- AntiAVDetectReg
2019-08-09 13:36:44,604 [root] DEBUG: |-- AntiAVServiceStop
2019-08-09 13:36:44,604 [root] DEBUG: |-- AntiAVSRP
2019-08-09 13:36:44,604 [root] DEBUG: |-- AntiDBGDevices
2019-08-09 13:36:44,604 [root] DEBUG: |-- AntiDBGWindows
2019-08-09 13:36:44,605 [root] DEBUG: |-- antidebug_addvectoredexceptionhandler
2019-08-09 13:36:44,605 [root] DEBUG: |-- antidebug_checkremotedebuggerpresent
2019-08-09 13:36:44,605 [root] DEBUG: |-- antidebug_debugactiveprocess
2019-08-09 13:36:44,605 [root] DEBUG: |-- antidebug_gettickcount
2019-08-09 13:36:44,605 [root] DEBUG: |-- antidebug_guardpages
2019-08-09 13:36:44,605 [root] DEBUG: |-- antidebug_ntcreatethreadex
2019-08-09 13:36:44,605 [root] DEBUG: |-- antidebug_ntsetinformationthread
2019-08-09 13:36:44,605 [root] DEBUG: |-- antidebug_outputdebugstring
2019-08-09 13:36:44,605 [root] DEBUG: |-- antidebug_setunhandledexceptionfilter
2019-08-09 13:36:44,605 [root] DEBUG: |-- WineDetectReg
2019-08-09 13:36:44,605 [root] DEBUG: |-- WineDetectFunc
2019-08-09 13:36:44,605 [root] DEBUG: |-- AntiSandboxCheckUserdomain
2019-08-09 13:36:44,605 [root] DEBUG: |-- AntiCuckoo
2019-08-09 13:36:44,605 [root] DEBUG: |-- CuckooDetectFiles
2019-08-09 13:36:44,605 [root] DEBUG: |-- CuckooCrash
2019-08-09 13:36:44,605 [root] DEBUG: |-- FortinetDetectFiles
2019-08-09 13:36:44,606 [root] DEBUG: |-- SandboxJoeAnubisDetectFiles
2019-08-09 13:36:44,606 [root] DEBUG: |-- HookMouse
2019-08-09 13:36:44,606 [root] DEBUG: |-- AntiSandboxRestart
2019-08-09 13:36:44,606 [root] DEBUG: |-- SandboxieDetectLibs
2019-08-09 13:36:44,606 [root] DEBUG: |-- AntisandboxSboxieMutex
2019-08-09 13:36:44,606 [root] DEBUG: |-- AntiSandboxSboxieObjects
2019-08-09 13:36:44,606 [root] DEBUG: |-- AntiSandboxScriptTimer
2019-08-09 13:36:44,606 [root] DEBUG: |-- AntiSandboxSleep
2019-08-09 13:36:44,606 [root] DEBUG: |-- SunbeltDetectFiles
2019-08-09 13:36:44,606 [root] DEBUG: |-- SunbeltDetectLibs
2019-08-09 13:36:44,606 [root] DEBUG: |-- AntiSandboxSuspend
2019-08-09 13:36:44,606 [root] DEBUG: |-- ThreatTrackDetectFiles
2019-08-09 13:36:44,606 [root] DEBUG: |-- Unhook
2019-08-09 13:36:44,606 [root] DEBUG: |-- KnownVirustotal
2019-08-09 13:36:44,606 [root] DEBUG: |-- BochsDetectKeys
2019-08-09 13:36:44,606 [root] DEBUG: |-- AntiVMDirectoryObjects
2019-08-09 13:36:44,607 [root] DEBUG: |-- AntiVMBios
2019-08-09 13:36:44,607 [root] DEBUG: |-- AntiVMCPU
2019-08-09 13:36:44,607 [root] DEBUG: |-- DiskInformation
2019-08-09 13:36:44,607 [root] DEBUG: |-- SetupAPIDiskInformation
2019-08-09 13:36:44,607 [root] DEBUG: |-- AntiVMDiskReg
2019-08-09 13:36:44,607 [root] DEBUG: |-- AntiVMSCSI
2019-08-09 13:36:44,607 [root] DEBUG: |-- AntiVMServices
2019-08-09 13:36:44,607 [root] DEBUG: |-- AntiVMSystem
2019-08-09 13:36:44,607 [root] DEBUG: |-- HyperVDetectKeys
2019-08-09 13:36:44,607 [root] DEBUG: |-- ParallelsDetectKeys
2019-08-09 13:36:44,607 [root] DEBUG: |-- VBoxDetectDevices
2019-08-09 13:36:44,607 [root] DEBUG: |-- VBoxDetectFiles
2019-08-09 13:36:44,607 [root] DEBUG: |-- VBoxDetectKeys
2019-08-09 13:36:44,607 [root] DEBUG: |-- VBoxDetectLibs
2019-08-09 13:36:44,607 [root] DEBUG: |-- VBoxDetectProvname
2019-08-09 13:36:44,607 [root] DEBUG: |-- VBoxDetectWindow
2019-08-09 13:36:44,607 [root] DEBUG: |-- VMwareDetectDevices
2019-08-09 13:36:44,608 [root] DEBUG: |-- VMwareDetectEvent
2019-08-09 13:36:44,608 [root] DEBUG: |-- VMwareDetectFiles
2019-08-09 13:36:44,608 [root] DEBUG: |-- VMwareDetectKeys
2019-08-09 13:36:44,608 [root] DEBUG: |-- VMwareDetectLibs
2019-08-09 13:36:44,608 [root] DEBUG: |-- VMwareDetectMutexes
2019-08-09 13:36:44,608 [root] DEBUG: |-- VPCDetectFiles
2019-08-09 13:36:44,608 [root] DEBUG: |-- VPCDetectKeys
2019-08-09 13:36:44,608 [root] DEBUG: |-- VPCDetectMutex
2019-08-09 13:36:44,608 [root] DEBUG: |-- XenDetectKeys
2019-08-09 13:36:44,608 [root] DEBUG: |-- APISpamming
2019-08-09 13:36:44,608 [root] DEBUG: |-- BadCerts
2019-08-09 13:36:44,608 [root] DEBUG: |-- BadSSLCerts
2019-08-09 13:36:44,608 [root] DEBUG: |-- Cridex
2019-08-09 13:36:44,608 [root] DEBUG: |-- Geodo
2019-08-09 13:36:44,608 [root] DEBUG: |-- Prinimalka
2019-08-09 13:36:44,608 [root] DEBUG: |-- SpyEyeMutexes
2019-08-09 13:36:44,608 [root] DEBUG: |-- ZeusMutexes
2019-08-09 13:36:44,609 [root] DEBUG: |-- ZeusP2P
2019-08-09 13:36:44,609 [root] DEBUG: |-- ZeusURL
2019-08-09 13:36:44,609 [root] DEBUG: |-- BCDEditCommand
2019-08-09 13:36:44,609 [root] DEBUG: |-- BetaBot_APIs
2019-08-09 13:36:44,609 [root] DEBUG: |-- BitcoinOpenCL
2019-08-09 13:36:44,609 [root] DEBUG: |-- Bootkit
2019-08-09 13:36:44,609 [root] DEBUG: |-- AthenaHttp
2019-08-09 13:36:44,609 [root] DEBUG: |-- DirtJumper
2019-08-09 13:36:44,609 [root] DEBUG: |-- Drive
2019-08-09 13:36:44,609 [root] DEBUG: |-- Drive2
2019-08-09 13:36:44,609 [root] DEBUG: |-- Madness
2019-08-09 13:36:44,609 [root] DEBUG: |-- Ruskill
2019-08-09 13:36:44,609 [root] DEBUG: |-- BrowserAddon
2019-08-09 13:36:44,609 [root] DEBUG: |-- BrowserHelperObject
2019-08-09 13:36:44,609 [root] DEBUG: |-- BrowserNeeded
2019-08-09 13:36:44,609 [root] DEBUG: |-- ModifyProxy
2019-08-09 13:36:44,609 [root] DEBUG: |-- BrowserScanbox
2019-08-09 13:36:44,610 [root] DEBUG: |-- BrowserSecurity
2019-08-09 13:36:44,610 [root] DEBUG: |-- browser_startpage
2019-08-09 13:36:44,610 [root] DEBUG: |-- OdbcconfBypass
2019-08-09 13:36:44,610 [root] DEBUG: |-- RegSrv32SquiblydooDLLLoad
2019-08-09 13:36:44,610 [root] DEBUG: |-- SquiblydooBypass
2019-08-09 13:36:44,610 [root] DEBUG: |-- SquiblytwoBypass
2019-08-09 13:36:44,610 [root] DEBUG: |-- BypassFirewall
2019-08-09 13:36:44,610 [root] DEBUG: |-- CarberpMutexes
2019-08-09 13:36:44,610 [root] DEBUG: |-- Cerber_APIs
2019-08-09 13:36:44,610 [root] DEBUG: |-- Chimera_APIs
2019-08-09 13:36:44,610 [root] DEBUG: |-- ClamAV
2019-08-09 13:36:44,610 [root] DEBUG: |-- ClearsLogs
2019-08-09 13:36:44,610 [root] DEBUG: |-- ClickfraudCookies
2019-08-09 13:36:44,610 [root] DEBUG: |-- ClickfraudVolume
2019-08-09 13:36:44,610 [root] DEBUG: |-- CmdlineChracterObfsucation
2019-08-09 13:36:44,610 [root] DEBUG: |-- CmdlineCompsecEvasion
2019-08-09 13:36:44,610 [root] DEBUG: |-- CmdlineConcatenationObfsucation
2019-08-09 13:36:44,610 [root] DEBUG: |-- CmdlineSetCallObfsucation
2019-08-09 13:36:44,611 [root] DEBUG: |-- CmdlineSetForLoopObfsucation
2019-08-09 13:36:44,611 [root] DEBUG: |-- CmdlineSetObfsucation
2019-08-09 13:36:44,611 [root] DEBUG: |-- CmdlineSwitches
2019-08-09 13:36:44,611 [root] DEBUG: |-- CmdlineTerminate
2019-08-09 13:36:44,611 [root] DEBUG: |-- CommandLineForFilesWildCard
2019-08-09 13:36:44,611 [root] DEBUG: |-- CommandLineHTTPLink
2019-08-09 13:36:44,611 [root] DEBUG: |-- CommandLineLongString
2019-08-09 13:36:44,611 [root] DEBUG: |-- CommandLineReversedHTTPLink
2019-08-09 13:36:44,611 [root] DEBUG: |-- LongCommandline
2019-08-09 13:36:44,611 [root] DEBUG: |-- PowershellRenamedCommandLine
2019-08-09 13:36:44,611 [root] DEBUG: |-- CodeLux_APIs
2019-08-09 13:36:44,611 [root] DEBUG: |-- CopiesSelf
2019-08-09 13:36:44,611 [root] DEBUG: |-- CreatesExe
2019-08-09 13:36:44,611 [root] DEBUG: |-- CreatesLargeKey
2019-08-09 13:36:44,611 [root] DEBUG: |-- CreatesNullValue
2019-08-09 13:36:44,611 [root] DEBUG: |-- LsassCredentialDumping
2019-08-09 13:36:44,611 [root] DEBUG: |-- CriticalProcess
2019-08-09 13:36:44,612 [root] DEBUG: |-- CryptominingStratumCommand
2019-08-09 13:36:44,612 [root] DEBUG: |-- MINERS
2019-08-09 13:36:44,612 [root] DEBUG: |-- CryptoWall_APIs
2019-08-09 13:36:44,612 [root] DEBUG: |-- CVE_2014_6332
2019-08-09 13:36:44,612 [root] DEBUG: |-- CVE2015_2419_JS
2019-08-09 13:36:44,612 [root] DEBUG: |-- CVE_2016_0189
2019-08-09 13:36:44,612 [root] DEBUG: |-- CVE_2016_7200
2019-08-09 13:36:44,612 [root] DEBUG: |-- DarkCometRegkeys
2019-08-09 13:36:44,612 [root] DEBUG: |-- DeadConnect
2019-08-09 13:36:44,612 [root] DEBUG: |-- DeadLink
2019-08-09 13:36:44,612 [root] DEBUG: |-- DebugsSelf
2019-08-09 13:36:44,612 [root] DEBUG: |-- DecoyDocument
2019-08-09 13:36:44,612 [root] DEBUG: |-- DeepFreezeMutex
2019-08-09 13:36:44,612 [root] DEBUG: |-- DeletesSelf
2019-08-09 13:36:44,612 [root] DEBUG: |-- DeletesShadowCopies
2019-08-09 13:36:44,612 [root] DEBUG: |-- DEPBypass
2019-08-09 13:36:44,612 [root] DEBUG: |-- DEPDisable
2019-08-09 13:36:44,612 [root] DEBUG: |-- DisablesAppLaunch
2019-08-09 13:36:44,613 [root] DEBUG: |-- DisablesBrowserWarn
2019-08-09 13:36:44,613 [root] DEBUG: |-- DisablesSPDY
2019-08-09 13:36:44,613 [root] DEBUG: |-- DisablesSystemRestore
2019-08-09 13:36:44,613 [root] DEBUG: |-- DisablesUAC
2019-08-09 13:36:44,613 [root] DEBUG: |-- DisablesWER
2019-08-09 13:36:44,613 [root] DEBUG: |-- DisablesWFP
2019-08-09 13:36:44,613 [root] DEBUG: |-- DisablesWindowsDefender
2019-08-09 13:36:44,613 [root] DEBUG: |-- DisablesWindowsUpdate
2019-08-09 13:36:44,613 [root] DEBUG: |-- DownloaderCabby
2019-08-09 13:36:44,613 [root] DEBUG: |-- Dridex_APIs
2019-08-09 13:36:44,613 [root] DEBUG: |-- DriverLoad
2019-08-09 13:36:44,613 [root] DEBUG: |-- Dropper
2019-08-09 13:36:44,613 [root] DEBUG: |-- EXEDropper_JS
2019-08-09 13:36:44,613 [root] DEBUG: |-- dynamic_function_loading
2019-08-09 13:36:44,613 [root] DEBUG: |-- Dyre_APIs
2019-08-09 13:36:44,613 [root] DEBUG: |-- Angler_JS
2019-08-09 13:36:44,613 [root] DEBUG: |-- Gondad_JS
2019-08-09 13:36:44,613 [root] DEBUG: |-- HeapSpray_JS
2019-08-09 13:36:44,614 [root] DEBUG: |-- Java_JS
2019-08-09 13:36:44,614 [root] DEBUG: |-- Neutrino_JS
2019-08-09 13:36:44,614 [root] DEBUG: |-- Nuclear_JS
2019-08-09 13:36:44,614 [root] DEBUG: |-- RIG_JS
2019-08-09 13:36:44,614 [root] DEBUG: |-- Silverlight_JS
2019-08-09 13:36:44,614 [root] DEBUG: |-- Sundown_JS
2019-08-09 13:36:44,614 [root] DEBUG: |-- Virtualcheck_JS
2019-08-09 13:36:44,614 [root] DEBUG: |-- EncryptedIOC
2019-08-09 13:36:44,614 [root] DEBUG: |-- Crash
2019-08-09 13:36:44,614 [root] DEBUG: |-- exploit_getbasekerneladdress
2019-08-09 13:36:44,614 [root] DEBUG: |-- exploit_gethaldispatchtable
2019-08-09 13:36:44,614 [root] DEBUG: |-- ExploitHeapspray
2019-08-09 13:36:44,614 [root] DEBUG: |-- FamilyProxyBack
2019-08-09 13:36:44,614 [root] DEBUG: |-- SystemMetrics
2019-08-09 13:36:44,614 [root] DEBUG: |-- Generic_Phish
2019-08-09 13:36:44,614 [root] DEBUG: |-- Gootkit_APIs
2019-08-09 13:36:44,614 [root] DEBUG: |-- H1N1_APIs
2019-08-09 13:36:44,614 [root] DEBUG: |-- Hancitor_APIs
2019-08-09 13:36:44,615 [root] DEBUG: |-- HawkEye_APIs
2019-08-09 13:36:44,615 [root] DEBUG: |-- HTTP_Request
2019-08-09 13:36:44,615 [root] DEBUG: |-- BitcoinWallet
2019-08-09 13:36:44,615 [root] DEBUG: |-- BrowserStealer
2019-08-09 13:36:44,615 [root] DEBUG: |-- InfostealerBrowserPassword
2019-08-09 13:36:44,615 [root] DEBUG: |-- FTPStealer
2019-08-09 13:36:44,615 [root] DEBUG: |-- IMStealer
2019-08-09 13:36:44,615 [root] DEBUG: |-- KeyLogger
2019-08-09 13:36:44,615 [root] DEBUG: |-- EmailStealer
2019-08-09 13:36:44,615 [root] DEBUG: |-- InjectionCRT
2019-08-09 13:36:44,615 [root] DEBUG: |-- InjectionExplorer
2019-08-09 13:36:44,615 [root] DEBUG: |-- InjectionExtension
2019-08-09 13:36:44,615 [root] DEBUG: |-- InjectionNetworkTraffic
2019-08-09 13:36:44,615 [root] DEBUG: |-- InjectionRUNPE
2019-08-09 13:36:44,615 [root] DEBUG: |-- InjectionRWX
2019-08-09 13:36:44,615 [root] DEBUG: |-- injection_themeinitapihook
2019-08-09 13:36:44,615 [root] DEBUG: |-- Internet_Dropper
2019-08-09 13:36:44,615 [root] DEBUG: |-- IPC_NamedPipe
2019-08-09 13:36:44,615 [root] DEBUG: |-- iSpyKeylogger_APIs
2019-08-09 13:36:44,616 [root] DEBUG: |-- JS_Phish
2019-08-09 13:36:44,616 [root] DEBUG: |-- JS_SuspiciousRedirect
2019-08-09 13:36:44,616 [root] DEBUG: |-- KazyBot_APIs
2019-08-09 13:36:44,616 [root] DEBUG: |-- Kelihos_APIs
2019-08-09 13:36:44,616 [root] DEBUG: |-- Kibex_APIs
2019-08-09 13:36:44,616 [root] DEBUG: |-- Kovter_APIs
2019-08-09 13:36:44,616 [root] DEBUG: |-- KrakenMutexes
2019-08-09 13:36:44,616 [root] DEBUG: |-- DisableRegedit
2019-08-09 13:36:44,616 [root] DEBUG: |-- DisableTaskMgr
2019-08-09 13:36:44,616 [root] DEBUG: |-- Locky_APIs
2019-08-09 13:36:44,616 [root] DEBUG: |-- malicious_dynamic_function_loading
2019-08-09 13:36:44,616 [root] DEBUG: |-- MartiansIE
2019-08-09 13:36:44,616 [root] DEBUG: |-- MartiansOffice
2019-08-09 13:36:44,616 [root] DEBUG: |-- MimicsAgent
2019-08-09 13:36:44,616 [root] DEBUG: |-- MimicsExtension
2019-08-09 13:36:44,616 [root] DEBUG: |-- MimicsFiletime
2019-08-09 13:36:44,616 [root] DEBUG: |-- MimicsIcon
2019-08-09 13:36:44,616 [root] DEBUG: |-- ModifiesCerts
2019-08-09 13:36:44,616 [root] DEBUG: |-- Modifies_HostFile
2019-08-09 13:36:44,617 [root] DEBUG: |-- ModifySecurityCenterWarnings
2019-08-09 13:36:44,617 [root] DEBUG: |-- ModifiesUACNotify
2019-08-09 13:36:44,617 [root] DEBUG: |-- ModifiesDesktopWallpaper
2019-08-09 13:36:44,617 [root] DEBUG: |-- move_file_on_reboot
2019-08-09 13:36:44,617 [root] DEBUG: |-- Multiple_UA
2019-08-09 13:36:44,617 [root] DEBUG: |-- NetworkAnomaly
2019-08-09 13:36:44,617 [root] DEBUG: |-- NetworkBIND
2019-08-09 13:36:44,617 [root] DEBUG: |-- NetworkCountryDistribution
2019-08-09 13:36:44,617 [root] DEBUG: |-- NetworkMultipleDirectIPConnections
2019-08-09 13:36:44,617 [root] DEBUG: |-- NetworkCnCHTTP
2019-08-09 13:36:44,617 [root] DEBUG: |-- NetworkDGA
2019-08-09 13:36:44,617 [root] DEBUG: |-- NetworkDocumentHTTP
2019-08-09 13:36:44,617 [root] DEBUG: |-- NetworkExcessiveUDP
2019-08-09 13:36:44,617 [root] DEBUG: |-- NetworkHTTP
2019-08-09 13:36:44,617 [root] DEBUG: |-- NetworkICMP
2019-08-09 13:36:44,617 [root] DEBUG: |-- NetworkIRC
2019-08-09 13:36:44,617 [root] DEBUG: |-- NetworkSMTP
2019-08-09 13:36:44,617 [root] DEBUG: |-- Tor
2019-08-09 13:36:44,617 [root] DEBUG: |-- TorHiddenService
2019-08-09 13:36:44,618 [root] DEBUG: |-- TorGateway
2019-08-09 13:36:44,618 [root] DEBUG: |-- Nymaim_APIs
2019-08-09 13:36:44,618 [root] DEBUG: |-- Office_Code_Page
2019-08-09 13:36:44,618 [root] DEBUG: |-- OfficeCVE201711882
2019-08-09 13:36:44,618 [root] DEBUG: |-- OfficeFlashLoad
2019-08-09 13:36:44,618 [root] DEBUG: |-- OfficePostScript
2019-08-09 13:36:44,618 [root] DEBUG: |-- Office_Macro
2019-08-09 13:36:44,618 [root] DEBUG: |-- OfficeMacroAutoExecution
2019-08-09 13:36:44,618 [root] DEBUG: |-- OfficeMacroIOC
2019-08-09 13:36:44,618 [root] DEBUG: |-- OfficeMacroSuspicious
2019-08-09 13:36:44,618 [root] DEBUG: |-- RTFASLRBypass
2019-08-09 13:36:44,618 [root] DEBUG: |-- RTFAnomalyCharacterSet
2019-08-09 13:36:44,618 [root] DEBUG: |-- RTFAnomalyVersion
2019-08-09 13:36:44,618 [root] DEBUG: |-- RTFEmbeddedContent
2019-08-09 13:36:44,618 [root] DEBUG: |-- RTFEmbeddedOfficeFile
2019-08-09 13:36:44,618 [root] DEBUG: |-- RTFExploitStatic
2019-08-09 13:36:44,618 [root] DEBUG: |-- OfficeSecurity
2019-08-09 13:36:44,618 [root] DEBUG: |-- OfficeAnamalousFeature
2019-08-09 13:36:44,618 [root] DEBUG: |-- OfficeDDECommand
2019-08-09 13:36:44,619 [root] DEBUG: |-- OfficeWriteEXE
2019-08-09 13:36:44,619 [root] DEBUG: |-- BuildLangID
2019-08-09 13:36:44,619 [root] DEBUG: |-- ResourceLangID
2019-08-09 13:36:44,619 [root] DEBUG: |-- ArmadilloMutex
2019-08-09 13:36:44,619 [root] DEBUG: |-- ArmadilloRegKey
2019-08-09 13:36:44,619 [root] DEBUG: |-- ConfuserPacked
2019-08-09 13:36:44,619 [root] DEBUG: |-- PackerEntropy
2019-08-09 13:36:44,619 [root] DEBUG: |-- SmartAssemblyPacked
2019-08-09 13:36:44,619 [root] DEBUG: |-- ThemidaPacked
2019-08-09 13:36:44,619 [root] DEBUG: |-- UPXCompressed
2019-08-09 13:36:44,619 [root] DEBUG: |-- VMPPacked
2019-08-09 13:36:44,619 [root] DEBUG: |-- PDF_Annot_URLs
2019-08-09 13:36:44,619 [root] DEBUG: |-- ADS
2019-08-09 13:36:44,619 [root] DEBUG: |-- Autorun
2019-08-09 13:36:44,619 [root] DEBUG: |-- PersistenceBootexecute
2019-08-09 13:36:44,619 [root] DEBUG: |-- PersistenceRegistryScript
2019-08-09 13:36:44,619 [root] DEBUG: |-- PersistenceService
2019-08-09 13:36:44,619 [root] DEBUG: |-- Polymorphic
2019-08-09 13:36:44,619 [root] DEBUG: |-- Pony_APIs
2019-08-09 13:36:44,620 [root] DEBUG: |-- PowershellCommandSuspicious
2019-08-09 13:36:44,620 [root] DEBUG: |-- PowershellRenamed
2019-08-09 13:36:44,620 [root] DEBUG: |-- PowershellReversed
2019-08-09 13:36:44,620 [root] DEBUG: |-- PowershellVariableObfuscation
2019-08-09 13:36:44,620 [root] DEBUG: |-- PunchPlusPlusPCREs
2019-08-09 13:36:44,620 [root] DEBUG: |-- PreventsSafeboot
2019-08-09 13:36:44,620 [root] DEBUG: |-- ProcessInterest
2019-08-09 13:36:44,620 [root] DEBUG: |-- ProcessNeeded
2019-08-09 13:36:44,620 [root] DEBUG: |-- Procmem_Yara
2019-08-09 13:36:44,620 [root] DEBUG: |-- RansomwareDMALocker
2019-08-09 13:36:44,620 [root] DEBUG: |-- RansomwareExtensions
2019-08-09 13:36:44,620 [root] DEBUG: |-- RansomwareFileModifications
2019-08-09 13:36:44,620 [root] DEBUG: |-- RansomwareFiles
2019-08-09 13:36:44,620 [root] DEBUG: |-- RansomwareMessage
2019-08-09 13:36:44,620 [root] DEBUG: |-- RansomwareRadamant
2019-08-09 13:36:44,620 [root] DEBUG: |-- RansomwareRecyclebin
2019-08-09 13:36:44,620 [root] DEBUG: |-- BeebusMutexes
2019-08-09 13:36:44,620 [root] DEBUG: |-- FynloskiMutexes
2019-08-09 13:36:44,620 [root] DEBUG: |-- LuminosityRAT
2019-08-09 13:36:44,621 [root] DEBUG: |-- NanocoreRAT
2019-08-09 13:36:44,621 [root] DEBUG: |-- PcClientMutexes
2019-08-09 13:36:44,621 [root] DEBUG: |-- PlugxMutexes
2019-08-09 13:36:44,621 [root] DEBUG: |-- PoisonIvyMutexes
2019-08-09 13:36:44,621 [root] DEBUG: |-- QuasarMutexes
2019-08-09 13:36:44,621 [root] DEBUG: |-- SpynetRat
2019-08-09 13:36:44,621 [root] DEBUG: |-- XtremeMutexes
2019-08-09 13:36:44,621 [root] DEBUG: |-- ReadsSelf
2019-08-09 13:36:44,621 [root] DEBUG: |-- Recon_Beacon
2019-08-09 13:36:44,621 [root] DEBUG: |-- CheckIP
2019-08-09 13:36:44,621 [root] DEBUG: |-- Fingerprint
2019-08-09 13:36:44,621 [root] DEBUG: |-- InstalledApps
2019-08-09 13:36:44,621 [root] DEBUG: |-- SystemInfo
2019-08-09 13:36:44,621 [root] DEBUG: |-- RemovesZoneIdADS
2019-08-09 13:36:44,621 [root] DEBUG: |-- Secure_Login_Phish
2019-08-09 13:36:44,621 [root] DEBUG: |-- SecurityXploded_Modules
2019-08-09 13:36:44,621 [root] DEBUG: |-- SetsAutoconfigURL
2019-08-09 13:36:44,621 [root] DEBUG: |-- Shifu_APIs
2019-08-09 13:36:44,621 [root] DEBUG: |-- InstallsWinpcap
2019-08-09 13:36:44,621 [root] DEBUG: |-- SpoofsProcname
2019-08-09 13:36:44,622 [root] DEBUG: |-- CreatesAutorunInf
2019-08-09 13:36:44,622 [root] DEBUG: |-- StackPivot
2019-08-09 13:36:44,622 [root] DEBUG: |-- Authenticode
2019-08-09 13:36:44,622 [root] DEBUG: |-- DotNetAnomaly
2019-08-09 13:36:44,622 [root] DEBUG: |-- Static_Java
2019-08-09 13:36:44,622 [root] DEBUG: |-- Static_PDF
2019-08-09 13:36:44,622 [root] DEBUG: |-- PEAnomaly
2019-08-09 13:36:44,622 [root] DEBUG: |-- RATConfig
2019-08-09 13:36:44,622 [root] DEBUG: |-- VersionInfoAnomaly
2019-08-09 13:36:44,622 [root] DEBUG: |-- StealthChildProc
2019-08-09 13:36:44,622 [root] DEBUG: |-- StealthFile
2019-08-09 13:36:44,622 [root] DEBUG: |-- StealthHiddenExtension
2019-08-09 13:36:44,622 [root] DEBUG: |-- StealthHiddenReg
2019-08-09 13:36:44,622 [root] DEBUG: |-- StealthHideNotifications
2019-08-09 13:36:44,622 [root] DEBUG: |-- StealthNetwork
2019-08-09 13:36:44,622 [root] DEBUG: |-- StealthTimeout
2019-08-09 13:36:44,622 [root] DEBUG: |-- StealthWebHistory
2019-08-09 13:36:44,622 [root] DEBUG: |-- Hidden_Window
2019-08-09 13:36:44,622 [root] DEBUG: |-- SuricataAlert
2019-08-09 13:36:44,623 [root] DEBUG: |-- sysinternals_psexec
2019-08-09 13:36:44,623 [root] DEBUG: |-- sysinternals_tools
2019-08-09 13:36:44,623 [root] DEBUG: |-- Flame
2019-08-09 13:36:44,623 [root] DEBUG: |-- Tinba_APIs
2019-08-09 13:36:44,623 [root] DEBUG: |-- TrickBotTaskDelete
2019-08-09 13:36:44,623 [root] DEBUG: |-- TrickBotMutexes
2019-08-09 13:36:44,623 [root] DEBUG: |-- FleerCivetMutexes
2019-08-09 13:36:44,623 [root] DEBUG: |-- Troldesh_APIs
2019-08-09 13:36:44,623 [root] DEBUG: |-- Upatre_APIs
2019-08-09 13:36:44,623 [root] DEBUG: |-- Ursnif_APIs
2019-08-09 13:36:44,623 [root] DEBUG: |-- UserEnum
2019-08-09 13:36:44,623 [root] DEBUG: |-- Vawtrak_APIs
2019-08-09 13:36:44,623 [root] DEBUG: |-- Vawtrak_APIs
2019-08-09 13:36:44,623 [root] DEBUG: |-- Virus
2019-08-09 13:36:44,623 [root] DEBUG: |-- VolDevicetree1
2019-08-09 13:36:44,623 [root] DEBUG: |-- VolHandles1
2019-08-09 13:36:44,623 [root] DEBUG: |-- VolLdrModules1
2019-08-09 13:36:44,623 [root] DEBUG: |-- VolLdrModules2
2019-08-09 13:36:44,624 [root] DEBUG: |-- VolMalfind1
2019-08-09 13:36:44,624 [root] DEBUG: |-- VolMalfind2
2019-08-09 13:36:44,624 [root] DEBUG: |-- VolModscan1
2019-08-09 13:36:44,624 [root] DEBUG: |-- VolSvcscan1
2019-08-09 13:36:44,624 [root] DEBUG: |-- VolSvcscan2
2019-08-09 13:36:44,624 [root] DEBUG: |-- VolSvcscan3
2019-08-09 13:36:44,624 [root] DEBUG: |-- Webmail_Phish
2019-08-09 13:36:44,624 [root] DEBUG: |-- WHOIS_Create
2019-08-09 13:36:44,624 [root] DEBUG: |-- AltersWindowsUtility
2019-08-09 13:36:44,624 [root] DEBUG: |-- ScriptToolExecuted
2019-08-09 13:36:44,624 [root] DEBUG: |-- SuspiciousCertutilUse
2019-08-09 13:36:44,624 [root] DEBUG: |-- SuspiciousCommandTools
2019-08-09 13:36:44,624 [root] DEBUG: |-- SuspiciousPingUse
2019-08-09 13:36:44,624 [root] DEBUG: |-- UsesWindowsUtilities
2019-08-09 13:36:44,624 [root] DEBUG: |-- WMICCommandSuspicious
2019-08-09 13:36:44,624 [root] DEBUG: `-- WscriptDownloaderHTTP
2019-08-09 13:36:44,624 [root] DEBUG: Imported "auxiliary" modules:
2019-08-09 13:36:44,624 [root] DEBUG: |-- Sniffer
2019-08-09 13:36:44,624 [root] DEBUG: `-- Tor
2019-08-09 13:36:44,624 [root] DEBUG: Imported "processing" modules:
2019-08-09 13:36:44,625 [root] DEBUG: |-- CAPE
2019-08-09 13:36:44,625 [root] DEBUG: |-- AnalysisInfo
2019-08-09 13:36:44,625 [root] DEBUG: |-- BehaviorAnalysis
2019-08-09 13:36:44,625 [root] DEBUG: |-- CIF
2019-08-09 13:36:44,625 [root] DEBUG: |-- Curtain
2019-08-09 13:36:44,625 [root] DEBUG: |-- Debug
2019-08-09 13:36:44,625 [root] DEBUG: |-- Decompression
2019-08-09 13:36:44,625 [root] DEBUG: |-- Deduplicate
2019-08-09 13:36:44,625 [root] DEBUG: |-- Dropped
2019-08-09 13:36:44,625 [root] DEBUG: |-- MMBot
2019-08-09 13:36:44,625 [root] DEBUG: |-- Memory
2019-08-09 13:36:44,625 [root] DEBUG: |-- NetworkAnalysis
2019-08-09 13:36:44,625 [root] DEBUG: |-- ProcDump
2019-08-09 13:36:44,625 [root] DEBUG: |-- ProcessMemory
2019-08-09 13:36:44,625 [root] DEBUG: |-- Static
2019-08-09 13:36:44,625 [root] DEBUG: |-- Strings
2019-08-09 13:36:44,625 [root] DEBUG: |-- Suricata
2019-08-09 13:36:44,625 [root] DEBUG: |-- Sysmon
2019-08-09 13:36:44,625 [root] DEBUG: |-- TargetInfo
2019-08-09 13:36:44,626 [root] DEBUG: |-- TrID
2019-08-09 13:36:44,626 [root] DEBUG: |-- Usage
2019-08-09 13:36:44,626 [root] DEBUG: `-- VirusTotal
2019-08-09 13:36:44,626 [root] DEBUG: Imported "machinery" modules:
2019-08-09 13:36:44,626 [root] DEBUG: `-- KVM
2019-08-09 13:36:44,626 [root] DEBUG: Imported "feeds" modules:
2019-08-09 13:36:44,626 [root] DEBUG: `-- AbuseCH_SSL
2019-08-09 13:36:44,626 [root] DEBUG: Imported "reporting" modules:
2019-08-09 13:36:44,626 [root] DEBUG: |-- CALLBACKHOME
2019-08-09 13:36:44,626 [root] DEBUG: |-- Compression
2019-08-09 13:36:44,626 [root] DEBUG: |-- CompressResults
2019-08-09 13:36:44,626 [root] DEBUG: |-- ElasticsearchDB
2019-08-09 13:36:44,626 [root] DEBUG: |-- JsonDump
2019-08-09 13:36:44,626 [root] DEBUG: |-- MAEC41Report
2019-08-09 13:36:44,626 [root] DEBUG: |-- MaecReport
2019-08-09 13:36:44,626 [root] DEBUG: |-- Malheur
2019-08-09 13:36:44,626 [root] DEBUG: |-- MISP
2019-08-09 13:36:44,626 [root] DEBUG: |-- MMDef
2019-08-09 13:36:44,626 [root] DEBUG: |-- Moloch
2019-08-09 13:36:44,627 [root] DEBUG: |-- MongoDB
2019-08-09 13:36:44,627 [root] DEBUG: |-- RAMFSCLEAN
2019-08-09 13:36:44,627 [root] DEBUG: |-- ReportHTML
2019-08-09 13:36:44,627 [root] DEBUG: |-- ReportHTMLSummary
2019-08-09 13:36:44,627 [root] DEBUG: |-- ReportPDF
2019-08-09 13:36:44,627 [root] DEBUG: |-- ReSubmitExtractedEXE
2019-08-09 13:36:44,627 [root] DEBUG: |-- Retention
2019-08-09 13:36:44,627 [root] DEBUG: |-- SubmitCAPE
2019-08-09 13:36:44,627 [root] DEBUG: `-- Syslog
2019-08-09 13:36:44,628 [root] DEBUG: Checking for locked tasks...
2019-08-09 13:36:44,692 [root] DEBUG: Initializing Yara...
2019-08-09 13:36:44,727 [root] DEBUG: |-- index_binaries.yar
2019-08-09 13:36:44,727 [root] DEBUG: |-- index_memory.yar
2019-08-09 13:36:44,727 [root] DEBUG: `-- index_CAPE.yar
2019-08-09 13:36:44,731 [lib.cuckoo.core.resultserver] DEBUG: ResultServer running on 192.168.1
2019-08-09 13:36:44,732 [lib.cuckoo.core.scheduler] INFO: Using "kvm" machine manager with max_
2019-08-09 13:36:44,769 [lib.cuckoo.common.abstracts] DEBUG: Getting status for Win7
2019-08-09 13:36:44,780 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s
2019-08-09 13:36:44,786 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks.
Ensure oletools are installed
WARNING [abstract.py:18 - <module>() ] You're using python 2, it is strongly recommended to use
WARNING [mispevent.py:23 - <module>() ] You're using python 2, it is strongly recommended to us
2019-08-09 13:37:54,845 [lib.cuckoo.core.scheduler] DEBUG: Task #11: Processing task
2019-08-09 13:37:54,852 [lib.cuckoo.core.scheduler] INFO: Task #11: Starting analysis of FILE '/tmp/cuckoo-tmp/upload__5_7J7/keygenme'
2019-08-09 13:37:54,863 [lib.cuckoo.core.scheduler] INFO: Task #11: File already exists at '/opt/CAPE/storage/binaries/0094ce712626cf5e59de95b00f35128a989a3c809f2da5647b98aceb5be43dc1'
2019-08-09 13:37:54,897 [lib.cuckoo.core.scheduler] INFO: Task #11: acquired machine Win7 (label=Win7)
2019-08-09 13:37:54,916 [lib.cuckoo.common.abstracts] DEBUG: Starting machine Win7
2019-08-09 13:37:54,916 [lib.cuckoo.common.abstracts] DEBUG: Getting status for Win7
2019-08-09 13:37:54,932 [lib.cuckoo.common.abstracts] DEBUG: Using snapshot Win7Snapshot for virtual machine Win7
2019-08-09 13:37:56,332 [lib.cuckoo.common.abstracts] DEBUG: Getting status for Win7
2019-08-09 13:37:56,375 [lib.cuckoo.core.scheduler] INFO: Enabled route 'none'
2019-08-09 13:37:56,388 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 11256 (interface=virbr1, host=192.168.100.1
snapshot=Win7Snapshot, dump path=/opt/CAPE/storage/analyses/11/dump.pcap)
2019-08-09 13:37:56,389 [lib.cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer
2019-08-09 13:37:56,406 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=Win7, ip=192.168.100.1
snapshot=Win7Snapshot)
2019-08-09 13:37:56,407 [lib.cuckoo.core.guest] DEBUG: Win7: waiting for status 0x0001
2019-08-09 13:37:56,407 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:37:57,409 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:37:58,411 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:37:59,413 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:00,415 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:01,417 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:02,419 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:03,421 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:04,423 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:05,425 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:06,427 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:07,429 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:08,431 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:09,432 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:10,434 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:11,435 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:12,437 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:13,439 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:14,441 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:15,443 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:16,445 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:17,447 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:18,449 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:19,451 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:20,452 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:21,454 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:22,455 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:23,457 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:24,459 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:25,461 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:26,463 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:27,465 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:28,467 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:29,469 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:30,471 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:31,473 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:32,475 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:33,477 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:34,479 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:35,481 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:36,483 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:37,485 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:38,487 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:39,489 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:40,491 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:41,492 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:42,494 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:43,501 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:44,503 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:45,505 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:46,507 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:47,509 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:48,511 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:49,513 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:50,515 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:51,517 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:52,519 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:53,521 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:54,523 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:55,525 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:56,527 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:57,529 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:58,531 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:38:59,532 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:00,534 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:01,535 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:02,537 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:03,539 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:04,541 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:05,543 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:06,545 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:07,547 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:08,549 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:09,551 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:10,553 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:11,555 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:12,557 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:13,559 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:14,561 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:15,563 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:16,565 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:17,567 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:18,569 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:19,571 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:20,573 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:21,575 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:22,577 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:23,579 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:24,581 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:25,583 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:26,585 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:27,587 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:28,589 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:29,591 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:30,593 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:31,595 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:32,597 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:33,599 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:34,600 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:35,602 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:36,604 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:37,606 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:38,608 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:39,610 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:40,612 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:41,614 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:42,616 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:43,618 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:44,621 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:45,623 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:46,625 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:47,627 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:48,629 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:49,631 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:50,633 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:51,634 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:52,636 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:53,638 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:54,640 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:55,642 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:56,643 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:57,645 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:58,647 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:39:59,650 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:00,652 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:01,654 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:02,657 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:03,659 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:04,661 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:05,663 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:06,664 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:07,666 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:08,668 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:09,670 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:10,672 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:11,674 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:12,676 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:13,678 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:14,680 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:15,682 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:16,684 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:17,686 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:18,688 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:19,690 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:20,692 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:21,694 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:22,697 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:23,698 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:24,700 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:25,702 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:26,704 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:27,705 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:28,707 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:29,708 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:30,710 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:31,712 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:32,714 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:33,716 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:34,718 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:35,721 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:36,722 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:37,725 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:38,727 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:39,729 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:40,731 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:41,732 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:42,734 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:43,737 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:44,739 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:45,740 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:46,742 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:47,744 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:48,746 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:49,747 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:50,749 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:51,751 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:52,753 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:53,755 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:54,757 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:55,758 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:56,760 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:57,762 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:58,763 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:40:59,765 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:00,767 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:01,769 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:02,771 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:03,773 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:04,775 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:05,777 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:06,779 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:07,781 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:08,783 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:09,785 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:10,787 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:11,789 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:12,791 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:13,793 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:14,795 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:15,797 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:16,799 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:17,801 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:18,803 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:19,805 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:20,807 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:21,809 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:22,811 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:23,813 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:24,814 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:25,816 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:26,818 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:27,820 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:28,822 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:29,824 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:30,826 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:31,829 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:32,830 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:33,833 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:34,834 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:35,837 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:36,838 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:37,840 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:38,842 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:39,844 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:40,846 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:41,848 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:42,850 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:43,852 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:44,854 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:45,856 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:46,858 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:47,860 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:48,861 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:49,863 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:50,865 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:51,867 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:52,869 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:53,870 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:54,872 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:55,874 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:56,876 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:57,878 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:58,879 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:41:59,881 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:42:00,883 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:42:01,885 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:42:02,887 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:42:03,889 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:42:04,891 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:42:05,893 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:42:06,895 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:42:07,897 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:42:08,899 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:42:09,901 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:42:10,903 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:42:11,905 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:42:12,907 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:42:13,909 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:42:14,911 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:42:15,913 [lib.cuckoo.core.guest] DEBUG: Win7: not ready yet
2019-08-09 13:42:16,914 [lib.cuckoo.core.scheduler] ERROR: Win7: the guest initialization hit the critical timeout, analysis aborted.
2019-08-09 13:42:16,962 [lib.cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2019-08-09 13:42:16,963 [lib.cuckoo.common.abstracts] DEBUG: Stopping machine Win7
2019-08-09 13:42:16,963 [lib.cuckoo.common.abstracts] DEBUG: Getting status for Win7
2019-08-09 13:42:17,203 [lib.cuckoo.common.abstracts] DEBUG: Getting status for Win7
2019-08-09 13:42:17,259 [lib.cuckoo.core.scheduler] DEBUG: Task #11: Released database task with status False
2019-08-09 13:42:17,262 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Decompression" on analysis at "/opt/CAPE/storage/analyses/11"
2019-08-09 13:42:17,262 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "CAPE" on analysis at "/opt/CAPE/storage/analyses/11"
2019-08-09 13:42:17,278 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "AnalysisInfo" on analysis at "/opt/CAPE/storage/analyses/11"
2019-08-09 13:42:17,288 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "BehaviorAnalysis" on analysis at "/opt/CAPE/storage/analyses/11"
2019-08-09 13:42:17,289 [modules.processing.behavior] WARNING: Analysis results folder does not exist at path "/opt/CAPE/storage/analyses/11/logs".
2019-08-09 13:42:17,290 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Debug" on analysis at "/opt/CAPE/storage/analyses/11"
2019-08-09 13:42:17,292 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Deduplicate" on analysis at "/opt/CAPE/storage/analyses/11"
2019-08-09 13:42:17,292 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Dropped" on analysis at "/opt/CAPE/storage/analyses/11"
2019-08-09 13:42:17,292 [lib.cuckoo.core.plugins] ERROR: Failed to run the processing module "Dropped":
Traceback (most recent call last):
File "/opt/CAPE/lib/cuckoo/core/plugins.py", line 197, in process
data = current.run()
File "/opt/CAPE/modules/processing/dropped.py", line 28, in run
file_names = os.listdir(self.dropped_path)
OSError: [Errno 2] No such file or directory: '/opt/CAPE/storage/analyses/11/files'
2019-08-09 13:42:17,293 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "NetworkAnalysis" on analysis at "/opt/CAPE/storage/analyses/11"
2019-08-09 13:42:17,293 [modules.processing.network] WARNING: The PCAP file does not exist at path "/opt/CAPE/storage/analyses/11/dump.pcap".
2019-08-09 13:42:17,293 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "ProcDump" on analysis at "/opt/CAPE/storage/analyses/11"
2019-08-09 13:42:17,293 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Static" on analysis at "/opt/CAPE/storage/analyses/11"
2019-08-09 13:42:17,293 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Strings" on analysis at "/opt/CAPE/storage/analyses/11"
2019-08-09 13:42:17,294 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "TargetInfo" on analysis at "/opt/CAPE/storage/analyses/11"
2019-08-09 13:42:17,303 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "VirusTotal" on analysis at "/opt/CAPE/storage/analyses/11"
2019-08-09 13:42:17,305 [requests.packages.urllib3.connectionpool] DEBUG: Starting new HTTPS connection (1): www.virustotal.com
2019-08-09 13:42:17,746 [requests.packages.urllib3.connectionpool] DEBUG: https://www.virustotal.com:443 "GET /vtapi/v2/file/report?apikey=a0283a2c3d55728300d064874239b5346fb991317e8449fe43c902879d758088&resource=0094ce712626cf5e59de95b00f35128a989a3c809f2da5647b98aceb5be43dc1 HTTP/1.1" 200 5736
2019-08-09 13:42:17,772 [lib.cuckoo.core.plugins] DEBUG: Applying signature overlays for signatures: creates_exe
2019-08-09 13:42:17,773 [lib.cuckoo.core.plugins] DEBUG: Running 220 evented signatures
2019-08-09 13:42:17,773 [lib.cuckoo.core.plugins] DEBUG: |-- cape_detected_threat
2019-08-09 13:42:17,774 [lib.cuckoo.core.plugins] DEBUG: |-- Compression
2019-08-09 13:42:17,774 [lib.cuckoo.core.plugins] DEBUG: |-- Doppelganging
2019-08-09 13:42:17,775 [lib.cuckoo.core.plugins] DEBUG: |-- EvilGrab
2019-08-09 13:42:17,775 [lib.cuckoo.core.plugins] DEBUG: |-- Extraction
2019-08-09 13:42:17,775 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionInterProcess
2019-08-09 13:42:17,776 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionCreateRemoteThread
2019-08-09 13:42:17,776 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionProcessHollowing
2019-08-09 13:42:17,776 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionSetWindowLong
2019-08-09 13:42:17,777 [lib.cuckoo.core.plugins] DEBUG: |-- PlugX
2019-08-09 13:42:17,777 [lib.cuckoo.core.plugins] DEBUG: |-- RegBinary
2019-08-09 13:42:17,777 [lib.cuckoo.core.plugins] DEBUG: |-- TransactedHollowing
2019-08-09 13:42:17,778 [lib.cuckoo.core.plugins] DEBUG: |-- alphacrypt_behavior
2019-08-09 13:42:17,778 [lib.cuckoo.core.plugins] DEBUG: |-- andromeda_behavior
2019-08-09 13:42:17,778 [lib.cuckoo.core.plugins] DEBUG: |-- anomalous_deletefile
2019-08-09 13:42:17,778 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_avast_libs
2019-08-09 13:42:17,779 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_bitdefender_libs
2019-08-09 13:42:17,779 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_servicestop
2019-08-09 13:42:17,779 [lib.cuckoo.core.plugins] DEBUG: |-- antidbg_windows
2019-08-09 13:42:17,779 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_addvectoredexceptionhandler
2019-08-09 13:42:17,779 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_checkremotedebuggerpresent
2019-08-09 13:42:17,779 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_debugactiveprocess
2019-08-09 13:42:17,779 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_gettickcount
2019-08-09 13:42:17,780 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_guardpages
2019-08-09 13:42:17,780 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_ntcreatethreadex
2019-08-09 13:42:17,780 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_ntsetinformationthread
2019-08-09 13:42:17,780 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_outputdebugstring
2019-08-09 13:42:17,780 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_setunhandledexceptionfilter
2019-08-09 13:42:17,780 [lib.cuckoo.core.plugins] DEBUG: |-- antiemu_wine_func
2019-08-09 13:42:17,780 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_check_userdomain
2019-08-09 13:42:17,780 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_cuckoo
2019-08-09 13:42:17,780 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_cuckoocrash
2019-08-09 13:42:17,780 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_mouse_hook
2019-08-09 13:42:17,780 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_restart
2019-08-09 13:42:17,780 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sboxie_libs
2019-08-09 13:42:17,781 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sboxie_objects
2019-08-09 13:42:17,781 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_script_timer
2019-08-09 13:42:17,781 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sleep
2019-08-09 13:42:17,781 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sunbelt_libs
2019-08-09 13:42:17,781 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_suspend
2019-08-09 13:42:17,781 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_unhook
2019-08-09 13:42:17,781 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_directory_objects
2019-08-09 13:42:17,781 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_disk
2019-08-09 13:42:17,781 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_disk_setupapi
2019-08-09 13:42:17,781 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_scsi
2019-08-09 13:42:17,781 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_services
2019-08-09 13:42:17,782 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_libs
2019-08-09 13:42:17,782 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_provname
2019-08-09 13:42:17,782 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_window
2019-08-09 13:42:17,782 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vmware_events
2019-08-09 13:42:17,782 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vmware_libs
2019-08-09 13:42:17,782 [lib.cuckoo.core.plugins] DEBUG: |-- api_spamming
2019-08-09 13:42:17,782 [lib.cuckoo.core.plugins] DEBUG: |-- banker_prinimalka
2019-08-09 13:42:17,782 [lib.cuckoo.core.plugins] DEBUG: |-- bcdedit_command
2019-08-09 13:42:17,782 [lib.cuckoo.core.plugins] DEBUG: |-- betabot_behavior
2019-08-09 13:42:17,782 [lib.cuckoo.core.plugins] DEBUG: |-- bootkit
2019-08-09 13:42:17,782 [lib.cuckoo.core.plugins] DEBUG: |-- browser_needed
2019-08-09 13:42:17,782 [lib.cuckoo.core.plugins] DEBUG: |-- browser_scanbox
2019-08-09 13:42:17,783 [lib.cuckoo.core.plugins] DEBUG: |-- odbcconf_bypass
2019-08-09 13:42:17,783 [lib.cuckoo.core.plugins] DEBUG: |-- regsvr32_squiblydoo_dll_load
2019-08-09 13:42:17,783 [lib.cuckoo.core.plugins] DEBUG: |-- squiblydoo_bypass
2019-08-09 13:42:17,783 [lib.cuckoo.core.plugins] DEBUG: |-- squiblytwo_bypass
2019-08-09 13:42:17,783 [lib.cuckoo.core.plugins] DEBUG: |-- cerber_behavior
2019-08-09 13:42:17,783 [lib.cuckoo.core.plugins] DEBUG: |-- chimera_behavior
2019-08-09 13:42:17,783 [lib.cuckoo.core.plugins] DEBUG: |-- clears_logs
2019-08-09 13:42:17,783 [lib.cuckoo.core.plugins] DEBUG: |-- clickfraud_cookies
2019-08-09 13:42:17,783 [lib.cuckoo.core.plugins] DEBUG: |-- clickfraud_volume
2019-08-09 13:42:17,783 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_chracter_obfuscation
2019-08-09 13:42:17,783 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_comspec_evasion
2019-08-09 13:42:17,783 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_concatenation_obfuscation
2019-08-09 13:42:17,784 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_setcall_obfuscation
2019-08-09 13:42:17,784 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_set_forloop_obfuscation
2019-08-09 13:42:17,784 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_set_obfuscation
2019-08-09 13:42:17,784 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_switches
2019-08-09 13:42:17,784 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_terminate
2019-08-09 13:42:17,784 [lib.cuckoo.core.plugins] DEBUG: |-- commandline_forfiles_wildcard
2019-08-09 13:42:17,784 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_http_link
2019-08-09 13:42:17,784 [lib.cuckoo.core.plugins] DEBUG: |-- commandline_long_string
2019-08-09 13:42:17,784 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_reversed_http_link
2019-08-09 13:42:17,784 [lib.cuckoo.core.plugins] DEBUG: |-- long_commandline
2019-08-09 13:42:17,784 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_renamed_commandline
2019-08-09 13:42:17,784 [lib.cuckoo.core.plugins] DEBUG: |-- creates_largekey
2019-08-09 13:42:17,785 [lib.cuckoo.core.plugins] DEBUG: |-- creates_nullvalue
2019-08-09 13:42:17,785 [lib.cuckoo.core.plugins] DEBUG: |-- lsass_credential_dumping
2019-08-09 13:42:17,785 [lib.cuckoo.core.plugins] DEBUG: |-- critical_process
2019-08-09 13:42:17,785 [lib.cuckoo.core.plugins] DEBUG: |-- cyrptomining_stratum_command
2019-08-09 13:42:17,785 [lib.cuckoo.core.plugins] DEBUG: |-- cryptowall_behavior
2019-08-09 13:42:17,785 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2014_6332
2019-08-09 13:42:17,785 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2015_2419_js
2019-08-09 13:42:17,785 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2016-0189
2019-08-09 13:42:17,785 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2016_7200
2019-08-09 13:42:17,785 [lib.cuckoo.core.plugins] DEBUG: |-- dead_connect
2019-08-09 13:42:17,785 [lib.cuckoo.core.plugins] DEBUG: |-- dead_link
2019-08-09 13:42:17,785 [lib.cuckoo.core.plugins] DEBUG: |-- debugs_self
2019-08-09 13:42:17,786 [lib.cuckoo.core.plugins] DEBUG: |-- decoy_document
2019-08-09 13:42:17,786 [lib.cuckoo.core.plugins] DEBUG: |-- deletes_self
2019-08-09 13:42:17,786 [lib.cuckoo.core.plugins] DEBUG: |-- deletes_shadow_copies
2019-08-09 13:42:17,786 [lib.cuckoo.core.plugins] DEBUG: |-- dep_bypass
2019-08-09 13:42:17,786 [lib.cuckoo.core.plugins] DEBUG: |-- dep_disable
2019-08-09 13:42:17,786 [lib.cuckoo.core.plugins] DEBUG: |-- disables_spdy
2019-08-09 13:42:17,786 [lib.cuckoo.core.plugins] DEBUG: |-- disables_wfp
2019-08-09 13:42:17,786 [lib.cuckoo.core.plugins] DEBUG: |-- dridex_behavior
2019-08-09 13:42:17,786 [lib.cuckoo.core.plugins] DEBUG: |-- driver_load
2019-08-09 13:42:17,786 [lib.cuckoo.core.plugins] DEBUG: |-- exe_dropper_js
2019-08-09 13:42:17,786 [lib.cuckoo.core.plugins] DEBUG: |-- dynamic_function_loading
2019-08-09 13:42:17,786 [lib.cuckoo.core.plugins] DEBUG: |-- dyre_behavior
2019-08-09 13:42:17,787 [lib.cuckoo.core.plugins] DEBUG: |-- angler_js
2019-08-09 13:42:17,787 [lib.cuckoo.core.plugins] DEBUG: |-- gondad_js
2019-08-09 13:42:17,787 [lib.cuckoo.core.plugins] DEBUG: |-- heapspray_js
2019-08-09 13:42:17,787 [lib.cuckoo.core.plugins] DEBUG: |-- java_js
2019-08-09 13:42:17,787 [lib.cuckoo.core.plugins] DEBUG: |-- Neutrino_js
2019-08-09 13:42:17,787 [lib.cuckoo.core.plugins] DEBUG: |-- nuclear_js
2019-08-09 13:42:17,787 [lib.cuckoo.core.plugins] DEBUG: |-- rig_js
2019-08-09 13:42:17,787 [lib.cuckoo.core.plugins] DEBUG: |-- silverlight_js
2019-08-09 13:42:17,787 [lib.cuckoo.core.plugins] DEBUG: |-- sundown_js
2019-08-09 13:42:17,787 [lib.cuckoo.core.plugins] DEBUG: |-- virtualcheck_js
2019-08-09 13:42:17,787 [lib.cuckoo.core.plugins] DEBUG: |-- encrypted_ioc
2019-08-09 13:42:17,787 [lib.cuckoo.core.plugins] DEBUG: |-- exec_crash
2019-08-09 13:42:17,787 [lib.cuckoo.core.plugins] DEBUG: |-- exploit_getbasekerneladdress
2019-08-09 13:42:17,788 [lib.cuckoo.core.plugins] DEBUG: |-- exploit_gethaldispatchtable
2019-08-09 13:42:17,788 [lib.cuckoo.core.plugins] DEBUG: |-- exploit_heapspray
2019-08-09 13:42:17,788 [lib.cuckoo.core.plugins] DEBUG: |-- generic_phish
2019-08-09 13:42:17,788 [lib.cuckoo.core.plugins] DEBUG: |-- gootkit_behavior
2019-08-09 13:42:17,788 [lib.cuckoo.core.plugins] DEBUG: |-- h1n1_behavior
2019-08-09 13:42:17,788 [lib.cuckoo.core.plugins] DEBUG: |-- hancitor_behavior
2019-08-09 13:42:17,788 [lib.cuckoo.core.plugins] DEBUG: |-- hawkeye_behavior
2019-08-09 13:42:17,788 [lib.cuckoo.core.plugins] DEBUG: |-- http_request
2019-08-09 13:42:17,788 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_browser
2019-08-09 13:42:17,788 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_browser_password
2019-08-09 13:42:17,788 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_keylog
2019-08-09 13:42:17,788 [lib.cuckoo.core.plugins] DEBUG: |-- injection_createremotethread
2019-08-09 13:42:17,788 [lib.cuckoo.core.plugins] DEBUG: |-- injection_explorer
2019-08-09 13:42:17,789 [lib.cuckoo.core.plugins] DEBUG: |-- injection_needextension
2019-08-09 13:42:17,789 [lib.cuckoo.core.plugins] DEBUG: |-- injection_network_traffic
2019-08-09 13:42:17,789 [lib.cuckoo.core.plugins] DEBUG: |-- injection_runpe
2019-08-09 13:42:17,789 [lib.cuckoo.core.plugins] DEBUG: |-- injection_rwx
2019-08-09 13:42:17,789 [lib.cuckoo.core.plugins] DEBUG: |-- injection_themeinitapihook
2019-08-09 13:42:17,789 [lib.cuckoo.core.plugins] DEBUG: |-- internet_dropper
2019-08-09 13:42:17,789 [lib.cuckoo.core.plugins] DEBUG: |-- ipc_namedpipe
2019-08-09 13:42:17,789 [lib.cuckoo.core.plugins] DEBUG: |-- ispy_behavior
2019-08-09 13:42:17,789 [lib.cuckoo.core.plugins] DEBUG: |-- js_phish
2019-08-09 13:42:17,789 [lib.cuckoo.core.plugins] DEBUG: |-- js_suspicious_redirect
2019-08-09 13:42:17,789 [lib.cuckoo.core.plugins] DEBUG: |-- kazybot_behavior
2019-08-09 13:42:17,789 [lib.cuckoo.core.plugins] DEBUG: |-- kelihos_behavior
2019-08-09 13:42:17,789 [lib.cuckoo.core.plugins] DEBUG: |-- kibex_behavior
2019-08-09 13:42:17,790 [lib.cuckoo.core.plugins] DEBUG: |-- kovter_behavior
2019-08-09 13:42:17,790 [lib.cuckoo.core.plugins] DEBUG: |-- Locky_behavior
2019-08-09 13:42:17,790 [lib.cuckoo.core.plugins] DEBUG: |-- malicious_dynamic_function_loading
2019-08-09 13:42:17,790 [lib.cuckoo.core.plugins] DEBUG: |-- mimics_agent
2019-08-09 13:42:17,790 [lib.cuckoo.core.plugins] DEBUG: |-- mimics_filetime
2019-08-09 13:42:17,790 [lib.cuckoo.core.plugins] DEBUG: |-- modifies_desktop_wallpaper
2019-08-09 13:42:17,790 [lib.cuckoo.core.plugins] DEBUG: |-- move_file_on_reboot
2019-08-09 13:42:17,790 [lib.cuckoo.core.plugins] DEBUG: |-- multiple_useragents
2019-08-09 13:42:17,790 [lib.cuckoo.core.plugins] DEBUG: |-- network_anomaly
2019-08-09 13:42:17,790 [lib.cuckoo.core.plugins] DEBUG: |-- network_bind
2019-08-09 13:42:17,790 [lib.cuckoo.core.plugins] DEBUG: |-- network_document_http
2019-08-09 13:42:17,790 [lib.cuckoo.core.plugins] DEBUG: |-- network_tor
2019-08-09 13:42:17,790 [lib.cuckoo.core.plugins] DEBUG: |-- nymaim_behavior
2019-08-09 13:42:17,790 [lib.cuckoo.core.plugins] DEBUG: |-- office_cve2017_11882
2019-08-09 13:42:17,791 [lib.cuckoo.core.plugins] DEBUG: |-- office_flash_load
2019-08-09 13:42:17,791 [lib.cuckoo.core.plugins] DEBUG: |-- office_postscript
2019-08-09 13:42:17,791 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_aslr_bypass
2019-08-09 13:42:17,791 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_anomaly_characterset
2019-08-09 13:42:17,791 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_anomaly_version
2019-08-09 13:42:17,791 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_embedded_content
2019-08-09 13:42:17,791 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_embedded_office_file
2019-08-09 13:42:17,791 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_exploit_static
2019-08-09 13:42:17,791 [lib.cuckoo.core.plugins] DEBUG: |-- office_dde_command
2019-08-09 13:42:17,791 [lib.cuckoo.core.plugins] DEBUG: |-- office_write_exe
2019-08-09 13:42:17,791 [lib.cuckoo.core.plugins] DEBUG: |-- packer_themida
2019-08-09 13:42:17,791 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_autorun
2019-08-09 13:42:17,791 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_bootexecute
2019-08-09 13:42:17,792 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_registry_script
2019-08-09 13:42:17,792 [lib.cuckoo.core.plugins] DEBUG: |-- pony_behavior
2019-08-09 13:42:17,792 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_command_suspicious
2019-08-09 13:42:17,792 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_renamed
2019-08-09 13:42:17,792 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_reversed
2019-08-09 13:42:17,792 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_variable_obfuscation
2019-08-09 13:42:17,792 [lib.cuckoo.core.plugins] DEBUG: |-- process_interest
2019-08-09 13:42:17,792 [lib.cuckoo.core.plugins] DEBUG: |-- process_needed
2019-08-09 13:42:17,792 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_dmalocker
2019-08-09 13:42:17,792 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_file_modifications
2019-08-09 13:42:17,792 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_message
2019-08-09 13:42:17,792 [lib.cuckoo.core.plugins] DEBUG: |-- rat_luminosity
2019-08-09 13:42:17,792 [lib.cuckoo.core.plugins] DEBUG: |-- rat_nanocore
2019-08-09 13:42:17,793 [lib.cuckoo.core.plugins] DEBUG: |-- reads_self
2019-08-09 13:42:17,793 [lib.cuckoo.core.plugins] DEBUG: |-- recon_beacon
2019-08-09 13:42:17,793 [lib.cuckoo.core.plugins] DEBUG: |-- recon_programs
2019-08-09 13:42:17,793 [lib.cuckoo.core.plugins] DEBUG: |-- recon_systeminfo
2019-08-09 13:42:17,793 [lib.cuckoo.core.plugins] DEBUG: |-- removes_zoneid_ads
2019-08-09 13:42:17,793 [lib.cuckoo.core.plugins] DEBUG: |-- secure_login_phish
2019-08-09 13:42:17,793 [lib.cuckoo.core.plugins] DEBUG: |-- securityxploded_modules
2019-08-09 13:42:17,793 [lib.cuckoo.core.plugins] DEBUG: |-- sets_autoconfig_url
2019-08-09 13:42:17,793 [lib.cuckoo.core.plugins] DEBUG: |-- shifu_behavior
2019-08-09 13:42:17,793 [lib.cuckoo.core.plugins] DEBUG: |-- spoofs_procname
2019-08-09 13:42:17,793 [lib.cuckoo.core.plugins] DEBUG: |-- stack_pivot
2019-08-09 13:42:17,793 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_childproc
2019-08-09 13:42:17,793 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_file
2019-08-09 13:42:17,793 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_network
2019-08-09 13:42:17,794 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_timeout
2019-08-09 13:42:17,794 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_window
2019-08-09 13:42:17,794 [lib.cuckoo.core.plugins] DEBUG: |-- sysinternals_psexec
2019-08-09 13:42:17,794 [lib.cuckoo.core.plugins] DEBUG: |-- sysinternals_tools
2019-08-09 13:42:17,794 [lib.cuckoo.core.plugins] DEBUG: |-- tinba_behavior
2019-08-09 13:42:17,794 [lib.cuckoo.core.plugins] DEBUG: |-- TrickBotTaskDelete
2019-08-09 13:42:17,794 [lib.cuckoo.core.plugins] DEBUG: |-- upatre_behavior
2019-08-09 13:42:17,794 [lib.cuckoo.core.plugins] DEBUG: |-- ursnif_behavior
2019-08-09 13:42:17,794 [lib.cuckoo.core.plugins] DEBUG: |-- user_enum
2019-08-09 13:42:17,794 [lib.cuckoo.core.plugins] DEBUG: |-- vawtrak_behavior
2019-08-09 13:42:17,794 [lib.cuckoo.core.plugins] DEBUG: |-- vawtrak_behavior
2019-08-09 13:42:17,794 [lib.cuckoo.core.plugins] DEBUG: |-- virus
2019-08-09 13:42:17,794 [lib.cuckoo.core.plugins] DEBUG: |-- webmail_phish
2019-08-09 13:42:17,794 [lib.cuckoo.core.plugins] DEBUG: |-- alters_windows_utility
2019-08-09 13:42:17,795 [lib.cuckoo.core.plugins] DEBUG: |-- script_tool_executed
2019-08-09 13:42:17,795 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_certutil_use
2019-08-09 13:42:17,795 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_command_tools
2019-08-09 13:42:17,795 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_ping_use
2019-08-09 13:42:17,795 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities
2019-08-09 13:42:17,795 [lib.cuckoo.core.plugins] DEBUG: |-- wmic_command_suspicious
2019-08-09 13:42:17,795 [lib.cuckoo.core.plugins] DEBUG: `-- wscript_downloader_http
2019-08-09 13:42:17,805 [lib.cuckoo.core.plugins] DEBUG: Running non-evented signatures
2019-08-09 13:42:17,805 [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_detected_threat"
2019-08-09 13:42:17,805 [lib.cuckoo.core.plugins] DEBUG: Running signature "Compression"
2019-08-09 13:42:17,805 [lib.cuckoo.core.plugins] DEBUG: Running signature "Doppelganging"
2019-08-09 13:42:17,805 [lib.cuckoo.core.plugins] DEBUG: Running signature "EvilGrab"
2019-08-09 13:42:17,806 [lib.cuckoo.core.plugins] DEBUG: Running signature "Extraction"
2019-08-09 13:42:17,806 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionInterProcess"
2019-08-09 13:42:17,806 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionCreateRemoteThread"
2019-08-09 13:42:17,806 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionProcessHollowing"
2019-08-09 13:42:17,806 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionSetWindowLong"
2019-08-09 13:42:17,806 [lib.cuckoo.core.plugins] DEBUG: Running signature "PlugX"
2019-08-09 13:42:17,806 [lib.cuckoo.core.plugins] DEBUG: Running signature "RegBinary"
2019-08-09 13:42:17,806 [lib.cuckoo.core.plugins] DEBUG: Running signature "TransactedHollowing"
2019-08-09 13:42:17,806 [lib.cuckoo.core.plugins] DEBUG: Running signature "alphacrypt_behavior"
2019-08-09 13:42:17,806 [lib.cuckoo.core.plugins] DEBUG: Running signature "andromeda_behavior"
2019-08-09 13:42:17,806 [lib.cuckoo.core.plugins] DEBUG: Running signature "anomalous_deletefile"
2019-08-09 13:42:17,807 [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectfile"
2019-08-09 13:42:17,808 [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectreg"
2019-08-09 13:42:17,809 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_avast_libs"
2019-08-09 13:42:17,810 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_bitdefender_libs"
2019-08-09 13:42:17,810 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_attachment_manager"
2019-08-09 13:42:17,810 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectfile"
2019-08-09 13:42:17,813 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectreg"
2019-08-09 13:42:17,819 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_servicestop"
2019-08-09 13:42:17,819 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_srp"
2019-08-09 13:42:17,819 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidbg_devices"
2019-08-09 13:42:17,819 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidbg_windows"
2019-08-09 13:42:17,819 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_addvectoredexceptionhandler"
2019-08-09 13:42:17,820 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_checkremotedebuggerpresent"
2019-08-09 13:42:17,820 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_debugactiveprocess"
2019-08-09 13:42:17,820 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_gettickcount"
2019-08-09 13:42:17,820 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_guardpages"
2019-08-09 13:42:17,820 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_ntcreatethreadex"
2019-08-09 13:42:17,820 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_ntsetinformationthread"
2019-08-09 13:42:17,820 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_outputdebugstring"
2019-08-09 13:42:17,820 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_setunhandledexceptionfilter"
2019-08-09 13:42:17,820 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_reg"
2019-08-09 13:42:17,820 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_func"
2019-08-09 13:42:17,821 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_check_userdomain"
2019-08-09 13:42:17,821 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoo"
2019-08-09 13:42:17,821 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoo_files"
2019-08-09 13:42:17,821 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoocrash"
2019-08-09 13:42:17,821 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_fortinet_files"
2019-08-09 13:42:17,821 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_joe_anubis_files"
2019-08-09 13:42:17,822 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_mouse_hook"
2019-08-09 13:42:17,822 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_restart"
2019-08-09 13:42:17,822 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_libs"
2019-08-09 13:42:17,822 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_mutex"
2019-08-09 13:42:17,822 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_objects"
2019-08-09 13:42:17,822 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_script_timer"
2019-08-09 13:42:17,822 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sleep"
2019-08-09 13:42:17,822 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_files"
2019-08-09 13:42:17,823 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_libs"
2019-08-09 13:42:17,823 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_suspend"
2019-08-09 13:42:17,823 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_threattrack_files"
2019-08-09 13:42:17,823 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_unhook"
2019-08-09 13:42:17,823 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivirus_virustotal"
2019-08-09 13:42:17,823 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_xen_keys"
2019-08-09 13:42:17,824 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_directory_objects"
2019-08-09 13:42:17,824 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_bios"
2019-08-09 13:42:17,824 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_cpu"
2019-08-09 13:42:17,824 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_disk"
2019-08-09 13:42:17,824 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_disk_setupapi"
2019-08-09 13:42:17,824 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_diskreg"
2019-08-09 13:42:17,825 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_scsi"
2019-08-09 13:42:17,825 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_services"
2019-08-09 13:42:17,825 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_system"
2019-08-09 13:42:17,825 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_hyperv_keys"
2019-08-09 13:42:17,826 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_parallels_keys"
2019-08-09 13:42:17,826 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_devices"
2019-08-09 13:42:17,826 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_files"
2019-08-09 13:42:17,828 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_keys"
2019-08-09 13:42:17,829 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_libs"
2019-08-09 13:42:17,829 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_provname"
2019-08-09 13:42:17,829 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_window"
2019-08-09 13:42:17,829 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_devices"
2019-08-09 13:42:17,829 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_events"
2019-08-09 13:42:17,829 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_files"
2019-08-09 13:42:17,830 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_keys"
2019-08-09 13:42:17,830 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_libs"
2019-08-09 13:42:17,831 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_mutexes"
2019-08-09 13:42:17,831 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_files"
2019-08-09 13:42:17,831 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_keys"
2019-08-09 13:42:17,832 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_mutex"
2019-08-09 13:42:17,832 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_xen_keys"
2019-08-09 13:42:17,832 [lib.cuckoo.core.plugins] DEBUG: Running signature "api_spamming"
2019-08-09 13:42:17,832 [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_certs"
2019-08-09 13:42:17,832 [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_ssl_certs"
2019-08-09 13:42:17,833 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_cridex"
2019-08-09 13:42:17,833 [lib.cuckoo.core.plugins] DEBUG: Running signature "geodo_banking_trojan"
2019-08-09 13:42:17,834 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_prinimalka"
2019-08-09 13:42:17,834 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_spyeye_mutexes"
2019-08-09 13:42:17,834 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_mutex"
2019-08-09 13:42:17,835 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_p2p"
2019-08-09 13:42:17,835 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_url"
2019-08-09 13:42:17,835 [lib.cuckoo.core.plugins] DEBUG: Running signature "bcdedit_command"
2019-08-09 13:42:17,836 [lib.cuckoo.core.plugins] DEBUG: Running signature "betabot_behavior"
2019-08-09 13:42:17,836 [lib.cuckoo.core.plugins] DEBUG: Running signature "bitcoin_opencl"
2019-08-09 13:42:17,836 [lib.cuckoo.core.plugins] DEBUG: Running signature "bootkit"
2019-08-09 13:42:17,836 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_athenahttp"
2019-08-09 13:42:17,836 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_dirtjumper"
2019-08-09 13:42:17,836 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive"
2019-08-09 13:42:17,837 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive2"
2019-08-09 13:42:17,838 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_madness"
2019-08-09 13:42:17,838 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_russkill"
2019-08-09 13:42:17,838 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_addon"
2019-08-09 13:42:17,839 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_helper_object"
2019-08-09 13:42:17,839 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_needed"
2019-08-09 13:42:17,839 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_proxy"
2019-08-09 13:42:17,840 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_scanbox"
2019-08-09 13:42:17,840 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_security"
2019-08-09 13:42:17,842 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_startpage"
2019-08-09 13:42:17,842 [lib.cuckoo.core.plugins] DEBUG: Running signature "odbcconf_bypass"
2019-08-09 13:42:17,842 [lib.cuckoo.core.plugins] DEBUG: Running signature "regsvr32_squiblydoo_dll_load"
2019-08-09 13:42:17,843 [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblydoo_bypass"
2019-08-09 13:42:17,843 [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblytwo_bypass"
2019-08-09 13:42:17,843 [lib.cuckoo.core.plugins] DEBUG: Running signature "bypass_firewall"
2019-08-09 13:42:17,843 [lib.cuckoo.core.plugins] DEBUG: Running signature "carberp_mutex"
2019-08-09 13:42:17,843 [lib.cuckoo.core.plugins] DEBUG: Running signature "cerber_behavior"
2019-08-09 13:42:17,843 [lib.cuckoo.core.plugins] DEBUG: Running signature "chimera_behavior"
2019-08-09 13:42:17,844 [lib.cuckoo.core.plugins] DEBUG: Running signature "clamav"
2019-08-09 13:42:17,844 [lib.cuckoo.core.plugins] DEBUG: Running signature "clears_logs"
2019-08-09 13:42:17,844 [lib.cuckoo.core.plugins] DEBUG: Running signature "clickfraud_cookies"
2019-08-09 13:42:17,844 [lib.cuckoo.core.plugins] DEBUG: Running signature "clickfraud_volume"
2019-08-09 13:42:17,844 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_chracter_obfuscation"
2019-08-09 13:42:17,844 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_comspec_evasion"
2019-08-09 13:42:17,844 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_concatenation_obfuscation"
2019-08-09 13:42:17,845 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_setcall_obfuscation"
2019-08-09 13:42:17,845 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_set_forloop_obfuscation"
2019-08-09 13:42:17,845 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_set_obfuscation"
2019-08-09 13:42:17,845 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_switches"
2019-08-09 13:42:17,845 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_terminate"
2019-08-09 13:42:17,845 [lib.cuckoo.core.plugins] DEBUG: Running signature "commandline_forfiles_wildcard"
2019-08-09 13:42:17,845 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_http_link"
2019-08-09 13:42:17,845 [lib.cuckoo.core.plugins] DEBUG: Running signature "commandline_long_string"
2019-08-09 13:42:17,845 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_reversed_http_link"
2019-08-09 13:42:17,846 [lib.cuckoo.core.plugins] DEBUG: Running signature "long_commandline"
2019-08-09 13:42:17,846 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed_commandline"
2019-08-09 13:42:17,846 [lib.cuckoo.core.plugins] DEBUG: Running signature "codelux_behavior"
2019-08-09 13:42:17,846 [lib.cuckoo.core.plugins] DEBUG: Running signature "copies_self"
2019-08-09 13:42:17,846 [lib.cuckoo.core.plugins] DEBUG: Running signature "creates_largekey"
2019-08-09 13:42:17,846 [lib.cuckoo.core.plugins] DEBUG: Running signature "creates_nullvalue"
2019-08-09 13:42:17,846 [lib.cuckoo.core.plugins] DEBUG: Running signature "lsass_credential_dumping"
2019-08-09 13:42:17,847 [lib.cuckoo.core.plugins] DEBUG: Running signature "critical_process"
2019-08-09 13:42:17,847 [lib.cuckoo.core.plugins] DEBUG: Running signature "cyrptomining_stratum_command"
2019-08-09 13:42:17,847 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptopool_domains"
2019-08-09 13:42:17,847 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptowall_behavior"
2019-08-09 13:42:17,847 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2014_6332"
2019-08-09 13:42:17,847 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2015_2419_js"
2019-08-09 13:42:17,847 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2016-0189"
2019-08-09 13:42:17,847 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2016_7200"
2019-08-09 13:42:17,847 [lib.cuckoo.core.plugins] DEBUG: Running signature "darkcomet_regkeys"
2019-08-09 13:42:17,848 [lib.cuckoo.core.plugins] DEBUG: Running signature "dead_connect"
2019-08-09 13:42:17,848 [lib.cuckoo.core.plugins] DEBUG: Running signature "dead_link"
2019-08-09 13:42:17,848 [lib.cuckoo.core.plugins] DEBUG: Running signature "debugs_self"
2019-08-09 13:42:17,848 [lib.cuckoo.core.plugins] DEBUG: Running signature "decoy_document"
2019-08-09 13:42:17,848 [lib.cuckoo.core.plugins] DEBUG: Running signature "deepfreeze_mutex"
2019-08-09 13:42:17,848 [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_self"
2019-08-09 13:42:17,848 [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_shadow_copies"
2019-08-09 13:42:17,848 [lib.cuckoo.core.plugins] DEBUG: Running signature "dep_bypass"
2019-08-09 13:42:17,849 [lib.cuckoo.core.plugins] DEBUG: Running signature "dep_disable"
2019-08-09 13:42:17,849 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_app_launch"
2019-08-09 13:42:17,849 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_browser_warn"
2019-08-09 13:42:17,850 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_spdy"
2019-08-09 13:42:17,850 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_system_restore"
2019-08-09 13:42:17,851 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_uac"
2019-08-09 13:42:17,851 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wer"
2019-08-09 13:42:17,852 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wfp"
2019-08-09 13:42:17,852 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender"
2019-08-09 13:42:17,852 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windowsupdate"
2019-08-09 13:42:17,853 [lib.cuckoo.core.plugins] DEBUG: Running signature "downloader_cabby"
2019-08-09 13:42:17,853 [lib.cuckoo.core.plugins] DEBUG: Running signature "dridex_behavior"
2019-08-09 13:42:17,853 [lib.cuckoo.core.plugins] DEBUG: Running signature "driver_load"
2019-08-09 13:42:17,853 [lib.cuckoo.core.plugins] DEBUG: Running signature "dropper"
2019-08-09 13:42:17,853 [lib.cuckoo.core.plugins] DEBUG: Running signature "exe_dropper_js"
2019-08-09 13:42:17,853 [lib.cuckoo.core.plugins] DEBUG: Running signature "dynamic_function_loading"
2019-08-09 13:42:17,853 [lib.cuckoo.core.plugins] DEBUG: Running signature "dyre_behavior"
2019-08-09 13:42:17,853 [lib.cuckoo.core.plugins] DEBUG: Running signature "angler_js"
2019-08-09 13:42:17,853 [lib.cuckoo.core.plugins] DEBUG: Running signature "gondad_js"
2019-08-09 13:42:17,854 [lib.cuckoo.core.plugins] DEBUG: Running signature "heapspray_js"
2019-08-09 13:42:17,854 [lib.cuckoo.core.plugins] DEBUG: Running signature "java_js"
2019-08-09 13:42:17,854 [lib.cuckoo.core.plugins] DEBUG: Running signature "Neutrino_js"
2019-08-09 13:42:17,854 [lib.cuckoo.core.plugins] DEBUG: Running signature "nuclear_js"
2019-08-09 13:42:17,854 [lib.cuckoo.core.plugins] DEBUG: Running signature "rig_js"
2019-08-09 13:42:17,854 [lib.cuckoo.core.plugins] DEBUG: Running signature "silverlight_js"
2019-08-09 13:42:17,854 [lib.cuckoo.core.plugins] DEBUG: Running signature "sundown_js"
2019-08-09 13:42:17,854 [lib.cuckoo.core.plugins] DEBUG: Running signature "virtualcheck_js"
2019-08-09 13:42:17,854 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypted_ioc"
2019-08-09 13:42:17,854 [lib.cuckoo.core.plugins] DEBUG: Running signature "exec_crash"
2019-08-09 13:42:17,855 [lib.cuckoo.core.plugins] DEBUG: Running signature "exploit_getbasekerneladdress"
2019-08-09 13:42:17,855 [lib.cuckoo.core.plugins] DEBUG: Running signature "exploit_gethaldispatchtable"
2019-08-09 13:42:17,855 [lib.cuckoo.core.plugins] DEBUG: Running signature "exploit_heapspray"
2019-08-09 13:42:17,855 [lib.cuckoo.core.plugins] DEBUG: Running signature "family_proxyback"
2019-08-09 13:42:17,855 [lib.cuckoo.core.plugins] DEBUG: Running signature "generic_phish"
2019-08-09 13:42:17,855 [lib.cuckoo.core.plugins] DEBUG: Running signature "gootkit_behavior"
2019-08-09 13:42:17,856 [lib.cuckoo.core.plugins] DEBUG: Running signature "h1n1_behavior"
2019-08-09 13:42:17,856 [lib.cuckoo.core.plugins] DEBUG: Running signature "hancitor_behavior"
2019-08-09 13:42:17,856 [lib.cuckoo.core.plugins] DEBUG: Running signature "hawkeye_behavior"
2019-08-09 13:42:17,856 [lib.cuckoo.core.plugins] DEBUG: Running signature "http_request"
2019-08-09 13:42:17,856 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_bitcoin"
2019-08-09 13:42:17,858 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_browser"
2019-08-09 13:42:17,858 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_browser_password"
2019-08-09 13:42:17,858 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_ftp"
2019-08-09 13:42:17,861 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_im"
2019-08-09 13:42:17,863 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_keylog"
2019-08-09 13:42:17,863 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_mail"
2019-08-09 13:42:17,865 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_createremotethread"
2019-08-09 13:42:17,865 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_explorer"
2019-08-09 13:42:17,865 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_needextension"
2019-08-09 13:42:17,865 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_network_traffic"
2019-08-09 13:42:17,865 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_runpe"
2019-08-09 13:42:17,865 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_rwx"
2019-08-09 13:42:17,865 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_themeinitapihook"
2019-08-09 13:42:17,865 [lib.cuckoo.core.plugins] DEBUG: Running signature "internet_dropper"
2019-08-09 13:42:17,865 [lib.cuckoo.core.plugins] DEBUG: Running signature "ipc_namedpipe"
2019-08-09 13:42:17,865 [lib.cuckoo.core.plugins] DEBUG: Running signature "ispy_behavior"
2019-08-09 13:42:17,866 [lib.cuckoo.core.plugins] DEBUG: Running signature "js_phish"
2019-08-09 13:42:17,866 [lib.cuckoo.core.plugins] DEBUG: Running signature "js_suspicious_redirect"
2019-08-09 13:42:17,866 [lib.cuckoo.core.plugins] DEBUG: Running signature "kazybot_behavior"
2019-08-09 13:42:17,866 [lib.cuckoo.core.plugins] DEBUG: Running signature "kelihos_behavior"
2019-08-09 13:42:17,866 [lib.cuckoo.core.plugins] DEBUG: Running signature "kibex_behavior"
2019-08-09 13:42:17,866 [lib.cuckoo.core.plugins] DEBUG: Running signature "kovter_behavior"
2019-08-09 13:42:17,866 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_kraken_mutexes"
2019-08-09 13:42:17,866 [lib.cuckoo.core.plugins] DEBUG: Running signature "locker_regedit"
2019-08-09 13:42:17,867 [lib.cuckoo.core.plugins] DEBUG: Running signature "locker_taskmgr"
2019-08-09 13:42:17,867 [lib.cuckoo.core.plugins] DEBUG: Running signature "Locky_behavior"
2019-08-09 13:42:17,867 [lib.cuckoo.core.plugins] DEBUG: Running signature "malicious_dynamic_function_loading"
2019-08-09 13:42:17,867 [lib.cuckoo.core.plugins] DEBUG: Running signature "ie_martian_children"
2019-08-09 13:42:17,867 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_martian_children"
2019-08-09 13:42:17,867 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_agent"
2019-08-09 13:42:17,867 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_extension"
2019-08-09 13:42:17,868 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_filetime"
2019-08-09 13:42:17,868 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_icon"
2019-08-09 13:42:17,868 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_certs"
2019-08-09 13:42:17,868 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_hostfile"
2019-08-09 13:42:17,868 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_security_center_warnings"
2019-08-09 13:42:17,869 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_uac_prompt"
2019-08-09 13:42:17,870 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_desktop_wallpaper"
2019-08-09 13:42:17,870 [lib.cuckoo.core.plugins] DEBUG: Running signature "move_file_on_reboot"
2019-08-09 13:42:17,870 [lib.cuckoo.core.plugins] DEBUG: Running signature "multiple_useragents"
2019-08-09 13:42:17,870 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_anomaly"
2019-08-09 13:42:17,870 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_bind"
2019-08-09 13:42:17,870 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_country_distribution"
2019-08-09 13:42:17,870 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_multiple_direct_ip_connections"
2019-08-09 13:42:17,870 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_http"
2019-08-09 13:42:17,871 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga"
2019-08-09 13:42:17,871 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_document_http"
2019-08-09 13:42:17,871 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_excessive_udp"
2019-08-09 13:42:17,871 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_http"
2019-08-09 13:42:17,871 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_icmp"
2019-08-09 13:42:17,871 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_irc"
2019-08-09 13:42:17,871 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_smtp"
2019-08-09 13:42:17,871 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor"
2019-08-09 13:42:17,871 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor_service"
2019-08-09 13:42:17,872 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_torgateway"
2019-08-09 13:42:17,872 [lib.cuckoo.core.plugins] DEBUG: Running signature "nymaim_behavior"
2019-08-09 13:42:17,872 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_code_page"
2019-08-09 13:42:17,872 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_cve2017_11882"
2019-08-09 13:42:17,872 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_flash_load"
2019-08-09 13:42:17,872 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_postscript"
2019-08-09 13:42:17,872 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro"
2019-08-09 13:42:17,872 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_autoexecution"
2019-08-09 13:42:17,872 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_ioc"
2019-08-09 13:42:17,873 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_suspicious"
2019-08-09 13:42:17,873 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_aslr_bypass"
2019-08-09 13:42:17,873 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_characterset"
2019-08-09 13:42:17,873 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_version"
2019-08-09 13:42:17,873 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_content"
2019-08-09 13:42:17,873 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_office_file"
2019-08-09 13:42:17,873 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_exploit_static"
2019-08-09 13:42:17,873 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_security"
2019-08-09 13:42:17,874 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_anomalous_feature"
2019-08-09 13:42:17,874 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_dde_command"
2019-08-09 13:42:17,874 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_write_exe"
2019-08-09 13:42:17,874 [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_langid"
2019-08-09 13:42:17,874 [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_resource_langid"
2019-08-09 13:42:17,874 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_mutex"
2019-08-09 13:42:17,874 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_regkey"
2019-08-09 13:42:17,875 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_confuser"
2019-08-09 13:42:17,875 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_entropy"
2019-08-09 13:42:17,875 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_smartassembly"
2019-08-09 13:42:17,875 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_themida"
2019-08-09 13:42:17,875 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_upx"
2019-08-09 13:42:17,875 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_vmprotect"
2019-08-09 13:42:17,875 [lib.cuckoo.core.plugins] DEBUG: Running signature "pdf_annot_urls"
2019-08-09 13:42:17,875 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ads"
2019-08-09 13:42:17,876 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_autorun"
2019-08-09 13:42:17,876 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_bootexecute"
2019-08-09 13:42:17,876 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_registry_script"
2019-08-09 13:42:17,876 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_service"
2019-08-09 13:42:17,876 [lib.cuckoo.core.plugins] DEBUG: Running signature "polymorphic"
2019-08-09 13:42:17,876 [lib.cuckoo.core.plugins] DEBUG: Running signature "pony_behavior"
2019-08-09 13:42:17,876 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_command_suspicious"
2019-08-09 13:42:17,876 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed"
2019-08-09 13:42:17,876 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_reversed"
2019-08-09 13:42:17,876 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_variable_obfuscation"
2019-08-09 13:42:17,877 [lib.cuckoo.core.plugins] DEBUG: Running signature "punch_plus_plus_pcres"
2019-08-09 13:42:17,877 [lib.cuckoo.core.plugins] DEBUG: Running signature "prevents_safeboot"
2019-08-09 13:42:17,877 [lib.cuckoo.core.plugins] DEBUG: Running signature "process_interest"
2019-08-09 13:42:17,877 [lib.cuckoo.core.plugins] DEBUG: Running signature "process_needed"
2019-08-09 13:42:17,877 [lib.cuckoo.core.plugins] DEBUG: Running signature "procmem_yara"
2019-08-09 13:42:17,877 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_dmalocker"
2019-08-09 13:42:17,877 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_extensions"
2019-08-09 13:42:17,880 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_file_modifications"
2019-08-09 13:42:17,880 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_files"
2019-08-09 13:42:17,884 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_message"
2019-08-09 13:42:17,884 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_radamant"
2019-08-09 13:42:17,884 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_recyclebin"
2019-08-09 13:42:17,885 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_beebus_mutexes"
2019-08-09 13:42:17,885 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_fynloski_mutexes"
2019-08-09 13:42:17,885 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_luminosity"
2019-08-09 13:42:17,885 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_nanocore"
2019-08-09 13:42:17,885 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_pcclient"
2019-08-09 13:42:17,886 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_plugx_mutexes"
2019-08-09 13:42:17,886 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_poisonivy_mutexes"
2019-08-09 13:42:17,886 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_quasar_mutexes"
2019-08-09 13:42:17,886 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_spynet"
2019-08-09 13:42:17,886 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_xtreme_mutexes"
2019-08-09 13:42:17,887 [lib.cuckoo.core.plugins] DEBUG: Running signature "reads_self"
2019-08-09 13:42:17,887 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_beacon"
2019-08-09 13:42:17,887 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_checkip"
2019-08-09 13:42:17,887 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_fingerprint"
2019-08-09 13:42:17,888 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_programs"
2019-08-09 13:42:17,888 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_systeminfo"
2019-08-09 13:42:17,888 [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_zoneid_ads"
2019-08-09 13:42:17,888 [lib.cuckoo.core.plugins] DEBUG: Running signature "secure_login_phish"
2019-08-09 13:42:17,888 [lib.cuckoo.core.plugins] DEBUG: Running signature "securityxploded_modules"
2019-08-09 13:42:17,888 [lib.cuckoo.core.plugins] DEBUG: Running signature "sets_autoconfig_url"
2019-08-09 13:42:17,888 [lib.cuckoo.core.plugins] DEBUG: Running signature "shifu_behavior"
2019-08-09 13:42:17,888 [lib.cuckoo.core.plugins] DEBUG: Running signature "sniffer_winpcap"
2019-08-09 13:42:17,889 [lib.cuckoo.core.plugins] DEBUG: Running signature "spoofs_procname"
2019-08-09 13:42:17,889 [lib.cuckoo.core.plugins] DEBUG: Running signature "spreading_autoruninf"
2019-08-09 13:42:17,889 [lib.cuckoo.core.plugins] DEBUG: Running signature "stack_pivot"
2019-08-09 13:42:17,889 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_authenticode"
2019-08-09 13:42:17,889 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_dotnet_anomaly"
2019-08-09 13:42:17,889 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_java"
2019-08-09 13:42:17,889 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pdf"
2019-08-09 13:42:17,890 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_anomaly"
2019-08-09 13:42:17,890 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_rat_config"
2019-08-09 13:42:17,890 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_versioninfo_anomaly"
2019-08-09 13:42:17,890 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_childproc"
2019-08-09 13:42:17,890 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_file"
2019-08-09 13:42:17,890 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hidden_extension"
2019-08-09 13:42:17,890 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hiddenreg"
2019-08-09 13:42:17,891 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hide_notifications"
2019-08-09 13:42:17,891 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_network"
2019-08-09 13:42:17,891 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_timeout"
2019-08-09 13:42:17,892 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_webhistory"
2019-08-09 13:42:17,892 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_window"
2019-08-09 13:42:17,892 [lib.cuckoo.core.plugins] DEBUG: Running signature "suricata_alert"
2019-08-09 13:42:17,892 [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_psexec"
2019-08-09 13:42:17,892 [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_tools"
2019-08-09 13:42:17,893 [lib.cuckoo.core.plugins] DEBUG: Running signature "targeted_flame"
2019-08-09 13:42:17,893 [lib.cuckoo.core.plugins] DEBUG: Running signature "tinba_behavior"
2019-08-09 13:42:17,893 [lib.cuckoo.core.plugins] DEBUG: Running signature "TrickBotTaskDelete"
2019-08-09 13:42:17,893 [lib.cuckoo.core.plugins] DEBUG: Running signature "trickbot_mutex"
2019-08-09 13:42:17,893 [lib.cuckoo.core.plugins] DEBUG: Running signature "fleercivet_mutex"
2019-08-09 13:42:17,893 [lib.cuckoo.core.plugins] DEBUG: Running signature "troldesh_behavior"
2019-08-09 13:42:17,894 [lib.cuckoo.core.plugins] DEBUG: Running signature "upatre_behavior"
2019-08-09 13:42:17,894 [lib.cuckoo.core.plugins] DEBUG: Running signature "ursnif_behavior"
2019-08-09 13:42:17,894 [lib.cuckoo.core.plugins] DEBUG: Running signature "user_enum"
2019-08-09 13:42:17,894 [lib.cuckoo.core.plugins] DEBUG: Running signature "vawtrak_behavior"
2019-08-09 13:42:17,894 [lib.cuckoo.core.plugins] DEBUG: Running signature "vawtrak_behavior"
2019-08-09 13:42:17,894 [lib.cuckoo.core.plugins] DEBUG: Running signature "virus"
2019-08-09 13:42:17,894 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_devicetree_1"
2019-08-09 13:42:17,894 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_handles_1"
2019-08-09 13:42:17,894 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_1"
2019-08-09 13:42:17,895 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_2"
2019-08-09 13:42:17,895 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_1"
2019-08-09 13:42:17,895 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_2"
2019-08-09 13:42:17,895 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_modscan_1"
2019-08-09 13:42:17,895 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_1"
2019-08-09 13:42:17,895 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_2"
2019-08-09 13:42:17,895 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_3"
2019-08-09 13:42:17,895 [lib.cuckoo.core.plugins] DEBUG: Running signature "webmail_phish"
2019-08-09 13:42:17,895 [lib.cuckoo.core.plugins] DEBUG: Running signature "whois_create"
2019-08-09 13:42:17,895 [lib.cuckoo.core.plugins] DEBUG: Running signature "alters_windows_utility"
2019-08-09 13:42:17,896 [lib.cuckoo.core.plugins] DEBUG: Running signature "script_tool_executed"
2019-08-09 13:42:17,896 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_certutil_use"
2019-08-09 13:42:17,896 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_command_tools"
2019-08-09 13:42:17,896 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_ping_use"
2019-08-09 13:42:17,896 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities"
2019-08-09 13:42:17,896 [lib.cuckoo.core.plugins] DEBUG: Running signature "wmic_command_suspicious"
2019-08-09 13:42:17,896 [lib.cuckoo.core.plugins] DEBUG: Running signature "wscript_downloader_http"
2019-08-09 13:42:17,898 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "Compression"
2019-08-09 13:42:17,898 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "Malheur"
2019-08-09 13:42:17,905 [lib.cuckoo.core.plugins] WARNING: The reporting module "Malheur" returned the following error: Failed to perform Malheur classification: [Errno 2] No such file or directory
2019-08-09 13:42:17,905 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTML"
2019-08-09 13:42:18,081 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTMLSummary"
2019-08-09 13:42:18,257 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReSubmitExtractedEXE"
2019-08-09 13:42:18,257 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "SubmitCAPE"
2019-08-09 13:42:18,257 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportPDF"
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-cuckoo'
2019-08-09 13:42:18,931 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ElasticsearchDB"
2019-08-09 13:42:18,998 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "CompressResults"
2019-08-09 13:42:18,998 [lib.cuckoo.core.scheduler] INFO: Task #11: reports generation completed (path=/opt/CAPE/storage/analyses/11)
2019-08-09 13:42:19,006 [lib.cuckoo.core.scheduler] INFO: Task #11: analysis procedure completed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment