Skip to content
This repository has been archived by the owner on Apr 26, 2021. It is now read-only.

Tor routing not working on HTTPS sites #3184

Open
lotreitu opened this issue Mar 4, 2021 · 0 comments
Open

Tor routing not working on HTTPS sites #3184

lotreitu opened this issue Mar 4, 2021 · 0 comments

Comments

@lotreitu
Copy link

lotreitu commented Mar 4, 2021

My issue is:

I have been trying for the last few days to set Tor routing but without much success.
My VMs have no access to https sites. To be specific during any analysis, when trying to connect to https sites I get
'Unable to connect message'. I can connect to http only sites without any problem.

I have installed Tor and configured it according the documentation.
Following my configuration files.

routing.conf
...
[tor]

Route a VM through Tor, requires a local setup of Tor (please refer to our

documentation).

enabled = yes
dnsport = 5353
proxyport = 9040

/etc/tor/torrc
TransPort 192.168.56.1:9040
DNSPort 192.168.56.1:5353

What I have tried:
#########################
I checked that TOR is up

sudo netstat -tulpn | grep 'tor'
tcp 0 0 192.168.56.1:9040 0.0.0.0:* LISTEN 4617/tor
tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 4617/tor
udp 0 0 192.168.56.1:5353 0.0.0.0:* 4617/tor

I thought it could be a firewall problem but my firewall is not blocking anything that i can see.
To be sure I disabled ufw and here are the current ip tables rules

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment cuckoo-rooter -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output

#########################
cuckoo rooter logs

2021-03-04 14:27:38,881 [cuckoo] INFO: Starting Cuckoo Rooter (group=cuckoo)!
2021-03-04 14:27:43,207 [cuckoo.apps.rooter] INFO: Processing command: forward_drop
2021-03-04 14:27:43,249 [cuckoo.apps.rooter] INFO: Processing command: state_disable
2021-03-04 14:27:43,253 [cuckoo.apps.rooter] INFO: Processing command: state_enable
2021-03-04 14:27:43,286 [cuckoo.apps.rooter] INFO: Processing command: nic_available enp3s0
2021-03-04 14:27:43,295 [cuckoo.apps.rooter] INFO: Processing command: rt_available main
2021-03-04 14:27:43,307 [cuckoo.apps.rooter] INFO: Processing command: disable_nat enp3s0
2021-03-04 14:27:43,320 [cuckoo.apps.rooter] INFO: Processing command: enable_nat enp3s0
2021-03-04 14:27:43,383 [cuckoo.apps.rooter] INFO: Processing command: flush_rttable main
2021-03-04 14:27:43,384 [cuckoo.apps.rooter] INFO: Processing command: init_rttable main enp3s0
2021-03-04 14:27:46,287 [cuckoo.apps.rooter] INFO: Processing command: forward_disable vboxnet0 enp3s0 192.168.56.101
2021-03-04 14:27:46,292 [cuckoo.apps.rooter] INFO: Processing command: forward_disable vboxnet0 enp3s0 192.168.56.101
2021-03-04 14:27:46,299 [cuckoo.apps.rooter] INFO: Processing command: forward_disable vboxnet0 enp3s0 192.168.56.101
2021-03-04 14:27:46,305 [cuckoo.apps.rooter] INFO: Processing command: forward_disable vboxnet0 enp3s0 192.168.56.101
2021-03-04 14:28:17,867 [cuckoo.apps.rooter] INFO: Processing command: tor_enable 192.168.56.101 192.168.56.1 5353 9040
2021-03-04 14:29:23,483 [cuckoo.apps.rooter] INFO: Processing command: tor_disable 192.168.56.101 192.168.56.1 5353 9040

#########################
Analyzer log

2021-03-04 14:28:12,000 [analyzer] DEBUG: Starting analyzer from: C:\tmpkj_dmy
2021-03-04 14:28:12,000 [analyzer] DEBUG: Pipe server name: ??\PIPE\ecXjNPTqBSrRkRqQPElBkMesdp
2021-03-04 14:28:12,000 [analyzer] DEBUG: Log pipe server name: ??\PIPE\HBVQopDUEHWNzjivySCQy
2021-03-04 14:28:12,062 [analyzer] DEBUG: Started auxiliary module DbgView
2021-03-04 14:28:12,203 [analyzer] DEBUG: Started auxiliary module Disguise
2021-03-04 14:28:12,358 [analyzer] DEBUG: Loaded monitor into process with pid 500
2021-03-04 14:28:12,358 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2021-03-04 14:28:12,358 [analyzer] DEBUG: Started auxiliary module Human
2021-03-04 14:28:12,358 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2021-03-04 14:28:12,358 [analyzer] DEBUG: Started auxiliary module Reboot
2021-03-04 14:28:12,390 [analyzer] DEBUG: Started auxiliary module RecentFiles
2021-03-04 14:28:12,405 [analyzer] DEBUG: Started auxiliary module Screenshots
2021-03-04 14:28:12,405 [modules.auxiliary.screenshots] INFO: Python Image Library (either PIL or Pillow) is not installed, screenshots are disabled.
2021-03-04 14:28:12,405 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2021-03-04 14:28:12,437 [lib.api.process] INFO: Successfully executed process from path 'C:\Python27\python.exe' with arguments [u'C:\Users\ADMINI~1\AppData\Local\Temp\sample.py'] and pid 2280
2021-03-04 14:28:12,578 [analyzer] DEBUG: Loaded monitor into process with pid 2280
2021-03-04 14:28:12,625 [analyzer] INFO: Added new file to list with pid 2280 and path C:\Python27\Lib\webbrowser.pyc
2021-03-04 14:28:12,733 [analyzer] INFO: Injected into process with pid 2472 and name u'iexplore.exe'
2021-03-04 14:28:12,858 [analyzer] DEBUG: Loaded monitor into process with pid 2472
2021-03-04 14:28:12,953 [analyzer] INFO: Injected into process with pid 2156 and name u'iexplore.exe'
2021-03-04 14:28:12,983 [lib.api.process] INFO: Memory dump of process with pid 2156 completed
2021-03-04 14:28:13,015 [analyzer] INFO: Added new file to list with pid 2472 and path C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{77800D8D-7CED-11EB-B699-4EF6F19AC246}.dat
2021-03-04 14:28:13,015 [analyzer] INFO: Added new file to list with pid 2472 and path C:\Users\Administrator\AppData\Local\Temp~DFDBC8842EFBE77E1C.TMP
2021-03-04 14:28:13,108 [analyzer] INFO: Added new file to list with pid 2472 and path C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active{77800D8E-7CED-11EB-B699-4EF6F19AC246}.dat
2021-03-04 14:28:13,125 [analyzer] INFO: Added new file to list with pid 2472 and path C:\Users\Administrator\AppData\Local\Temp~DFA2625ABE64BDCCEF.TMP
2021-03-04 14:28:13,155 [analyzer] DEBUG: Loaded monitor into process with pid 2156
2021-03-04 14:28:13,421 [lib.api.process] INFO: Memory dump of process with pid 2280 completed
2021-03-04 14:28:13,467 [analyzer] INFO: Added new file to list with pid 2472 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
2021-03-04 14:28:14,437 [analyzer] INFO: Process with pid 2280 has terminated
2021-03-04 14:28:14,562 [analyzer] DEBUG: Error resolving function mshtml!CDocument_write through our custom callback.
2021-03-04 14:28:14,562 [analyzer] DEBUG: Error resolving function mshtml!CElement_put_innerHTML through our custom callback.
2021-03-04 14:28:14,562 [analyzer] DEBUG: Error resolving function mshtml!CHyperlink_SetUrlComponent through our custom callback.
2021-03-04 14:28:14,562 [analyzer] DEBUG: Error resolving function mshtml!CIFrameElement_CreateElement through our custom callback.
2021-03-04 14:28:14,562 [analyzer] DEBUG: Error resolving function mshtml!CImgElement_put_src through our custom callback.
2021-03-04 14:28:14,562 [analyzer] DEBUG: Error resolving function mshtml!CScriptElement_put_src through our custom callback.
2021-03-04 14:28:14,562 [analyzer] DEBUG: Error resolving function mshtml!CWindow_AddTimeoutCode through our custom callback.
2021-03-04 14:28:14,578 [analyzer] DEBUG: Error resolving function mshtml!CDocument_write through our custom callback.
2021-03-04 14:28:14,578 [analyzer] DEBUG: Error resolving function mshtml!CElement_put_innerHTML through our custom callback.
2021-03-04 14:28:14,578 [analyzer] DEBUG: Error resolving function mshtml!CHyperlink_SetUrlComponent through our custom callback.
2021-03-04 14:28:14,578 [analyzer] DEBUG: Error resolving function mshtml!CIFrameElement_CreateElement through our custom callback.
2021-03-04 14:28:14,578 [analyzer] DEBUG: Error resolving function mshtml!CImgElement_put_src through our custom callback.
2021-03-04 14:28:14,578 [analyzer] DEBUG: Error resolving function mshtml!CScriptElement_put_src through our custom callback.
2021-03-04 14:28:14,578 [analyzer] DEBUG: Error resolving function mshtml!CWindow_AddTimeoutCode through our custom callback.
2021-03-04 14:28:14,578 [analyzer] INFO: Added new file to list with pid 2156 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI3BP3OK\dnserror[1]
2021-03-04 14:28:14,608 [analyzer] DEBUG: Error resolving function mshtml!CDocument_write through our custom callback.
2021-03-04 14:28:14,608 [analyzer] DEBUG: Error resolving function mshtml!CElement_put_innerHTML through our custom callback.
2021-03-04 14:28:14,608 [analyzer] DEBUG: Error resolving function mshtml!CHyperlink_SetUrlComponent through our custom callback.
2021-03-04 14:28:14,608 [analyzer] DEBUG: Error resolving function mshtml!CIFrameElement_CreateElement through our custom callback.
2021-03-04 14:28:14,608 [analyzer] DEBUG: Error resolving function mshtml!CImgElement_put_src through our custom callback.
2021-03-04 14:28:14,608 [analyzer] DEBUG: Error resolving function mshtml!CScriptElement_put_src through our custom callback.
2021-03-04 14:28:14,608 [analyzer] DEBUG: Error resolving function mshtml!CWindow_AddTimeoutCode through our custom callback.
2021-03-04 14:28:14,608 [analyzer] INFO: Added new file to list with pid 2156 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUQZZMW7\ErrorPageTemplate[1]
2021-03-04 14:28:14,625 [analyzer] INFO: Added new file to list with pid 2156 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9587UQ20\errorPageStrings[1]
2021-03-04 14:28:14,655 [analyzer] INFO: io=NULL
2021-03-04 14:28:14,655 [analyzer] DEBUG: Error resolving function jscript!ActiveXObjectFncObj_Construct through our custom callback.
2021-03-04 14:28:14,655 [analyzer] INFO: io=NULL
2021-03-04 14:28:14,655 [analyzer] DEBUG: Error resolving function jscript!COleScript_Compile through our custom callback.
2021-03-04 14:28:14,655 [analyzer] INFO: io=NULL
2021-03-04 14:28:14,655 [analyzer] DEBUG: Error resolving function jscript!Math_random through our custom callback.
2021-03-04 14:28:14,655 [analyzer] INFO: io=NULL
2021-03-04 14:28:14,655 [analyzer] DEBUG: Error resolving function jscript!ActiveXObjectFncObj_Construct through our custom callback.
2021-03-04 14:28:14,655 [analyzer] INFO: io=NULL
2021-03-04 14:28:14,655 [analyzer] DEBUG: Error resolving function jscript!COleScript_Compile through our custom callback.
2021-03-04 14:28:14,655 [analyzer] INFO: io=NULL
2021-03-04 14:28:14,655 [analyzer] DEBUG: Error resolving function jscript!Math_random through our custom callback.
2021-03-04 14:28:14,671 [analyzer] INFO: Added new file to list with pid 2156 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUQZZMW7\httpErrorPagesScripts[2]
2021-03-04 14:28:14,671 [analyzer] INFO: Added new file to list with pid 2156 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUQZZMW7\noConnect[1]
2021-03-04 14:28:14,671 [analyzer] DEBUG: Error resolving function mshtml!CDocument_write through our custom callback.
2021-03-04 14:28:14,671 [analyzer] DEBUG: Error resolving function mshtml!CElement_put_innerHTML through our custom callback.
2021-03-04 14:28:14,671 [analyzer] DEBUG: Error resolving function mshtml!CHyperlink_SetUrlComponent through our custom callback.
2021-03-04 14:28:14,671 [analyzer] DEBUG: Error resolving function mshtml!CIFrameElement_CreateElement through our custom callback.
2021-03-04 14:28:14,671 [analyzer] DEBUG: Error resolving function mshtml!CImgElement_put_src through our custom callback.
2021-03-04 14:28:14,671 [analyzer] DEBUG: Error resolving function mshtml!CScriptElement_put_src through our custom callback.
2021-03-04 14:28:14,671 [analyzer] DEBUG: Error resolving function mshtml!CWindow_AddTimeoutCode through our custom callback.
2021-03-04 14:28:14,671 [analyzer] INFO: Added new file to list with pid 2156 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9EXXWE74\background_gradient[1]
2021-03-04 14:28:14,687 [analyzer] DEBUG: Error resolving function mshtml!CDocument_write through our custom callback.
2021-03-04 14:28:14,687 [analyzer] INFO: Added new file to list with pid 2156 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUQZZMW7\down[1]
2021-03-04 14:28:14,687 [analyzer] DEBUG: Error resolving function mshtml!CElement_put_innerHTML through our custom callback.
2021-03-04 14:28:14,703 [analyzer] DEBUG: Error resolving function mshtml!CHyperlink_SetUrlComponent through our custom callback.
2021-03-04 14:28:14,703 [analyzer] DEBUG: Error resolving function mshtml!CIFrameElement_CreateElement through our custom callback.
2021-03-04 14:28:14,703 [analyzer] INFO: Added new file to list with pid 2156 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI3BP3OK\favcenter[1]
2021-03-04 14:28:14,703 [analyzer] DEBUG: Error resolving function mshtml!CImgElement_put_src through our custom callback.
2021-03-04 14:28:14,703 [analyzer] DEBUG: Error resolving function mshtml!CScriptElement_put_src through our custom callback.
2021-03-04 14:28:14,703 [analyzer] INFO: Added new file to list with pid 2156 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUQZZMW7\tools[1]
2021-03-04 14:28:14,703 [analyzer] DEBUG: Error resolving function mshtml!CWindow_AddTimeoutCode through our custom callback.
2021-03-04 14:29:11,437 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2021-03-04 14:29:11,780 [lib.api.process] INFO: Memory dump of process with pid 2472 completed
2021-03-04 14:29:12,000 [lib.api.process] INFO: Memory dump of process with pid 2156 completed
2021-03-04 14:29:12,000 [analyzer] INFO: Error dumping file from path "c:\users\administrator\appdata\local\temp~dfa2625abe64bdccef.tmp": [Errno 13] Permission denied: u'c:\users\administrator\appdata\local\temp\~dfa2625abe64bdccef.tmp'
2021-03-04 14:29:12,000 [analyzer] INFO: Error dumping file from path "c:\users\administrator\appdata\local\temp~dfdbc8842efbe77e1c.tmp": [Errno 13] Permission denied: u'c:\users\administrator\appdata\local\temp\~dfdbc8842efbe77e1c.tmp'
2021-03-04 14:29:12,015 [analyzer] INFO: Analysis completed.

Cuckoo Log

2021-03-04 14:28:13,060 [cuckoo.core.scheduler] INFO: Task #89: acquired machine cuckoo-test11 (label=cuckoo-test11)
2021-03-04 14:28:13,060 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.56.101 for task #89
2021-03-04 14:28:13,060 [cuckoo.core.plugins] DEBUG: Started auxiliary module: Replay
2021-03-04 14:28:13,221 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 10705 (interface=vboxnet0, host=192.168.56.101)
2021-03-04 14:28:13,222 [cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer
2021-03-04 14:28:13,234 [cuckoo.machinery.virtualbox] DEBUG: Starting vm cuckoo-test11
2021-03-04 14:28:13,449 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine cuckoo-test11 to vmcloak3
2021-03-04 14:28:18,075 [cuckoo.core.guest] INFO: Starting analysis #89 on guest (id=cuckoo-test11, ip=192.168.56.101)
2021-03-04 14:28:19,080 [cuckoo.core.guest] DEBUG: cuckoo-test11: not ready yet
2021-03-04 14:28:20,086 [cuckoo.core.guest] DEBUG: cuckoo-test11: not ready yet
2021-03-04 14:28:20,905 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=cuckoo-test11, ip=192.168.56.101)
2021-03-04 14:28:20,936 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=cuckoo-test11, ip=192.168.56.101, monitor=latest, size=4118743)
2021-03-04 14:28:21,167 [cuckoo.core.resultserver] DEBUG: Task #89: live log analysis.log initialized.
2021-03-04 14:28:21,468 [cuckoo.core.resultserver] DEBUG: Task #89 is sending a BSON stream
2021-03-04 14:28:21,685 [cuckoo.core.resultserver] DEBUG: Task #89 is sending a BSON stream
2021-03-04 14:28:21,967 [cuckoo.core.resultserver] DEBUG: Task #89 is sending a BSON stream
2021-03-04 14:28:22,149 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'memory/2156-1.dmp'
2021-03-04 14:28:22,153 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 4137680
2021-03-04 14:28:22,253 [cuckoo.core.resultserver] DEBUG: Task #89 is sending a BSON stream
2021-03-04 14:28:22,548 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'memory/2280-1.dmp'
2021-03-04 14:28:22,602 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 57790864
2021-03-04 14:28:22,654 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/6d8a01dc7647bc21_search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico'
2021-03-04 14:28:22,655 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 237
2021-03-04 14:28:23,763 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/1ff3334c3eb27033_dnserror[1]'
2021-03-04 14:28:23,764 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 5947
2021-03-04 14:28:23,799 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/8d018639281b33da_ErrorPageTemplate[1]'
2021-03-04 14:28:23,799 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 2168
2021-03-04 14:28:23,811 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/eb5678de9d8f29ca_errorPageStrings[2]'
2021-03-04 14:28:23,812 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 1817
2021-03-04 14:28:23,847 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/58268ca71a28973b_httpErrorPagesScripts[1]'
2021-03-04 14:28:23,848 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 8601
2021-03-04 14:28:23,853 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/6976c426e3ac66d6_noConnect[1]'
2021-03-04 14:28:23,853 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 8230
2021-03-04 14:28:23,859 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/1471693be91e53c2_background_gradient[1]'
2021-03-04 14:28:23,860 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 453
2021-03-04 14:28:23,870 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/70f316a5492848bb_down[1]'
2021-03-04 14:28:23,870 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 3414
2021-03-04 14:28:23,876 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/07d07a467e4988d3_favcenter[1]'
2021-03-04 14:28:23,877 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 3366
2021-03-04 14:28:23,881 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/62a7038cc42c1482_tools[1]'
2021-03-04 14:28:23,882 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 3560
2021-03-04 14:28:26,115 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:28:31,172 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:28:36,231 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:28:41,293 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:28:46,357 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:28:51,412 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:28:56,468 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:29:01,548 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:29:06,604 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:29:11,663 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:29:16,721 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:29:20,871 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'memory/2472-1.dmp'
2021-03-04 14:29:20,948 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 91869528
2021-03-04 14:29:21,079 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'memory/2156-2.dmp'
2021-03-04 14:29:21,171 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 90761952
2021-03-04 14:29:21,178 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/415764d860c06a24_{77800d8e-7ced-11eb-b699-4ef6f19ac246}.dat'
2021-03-04 14:29:21,178 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 4608
2021-03-04 14:29:21,180 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/7c9145fe38aa7c5b_webbrowser.pyc'
2021-03-04 14:29:21,180 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 19554
2021-03-04 14:29:21,184 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/0789bde8068f10be_recoverystore.{77800d8d-7ced-11eb-b699-4ef6f19ac246}.dat'
2021-03-04 14:29:21,185 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 3584
2021-03-04 14:29:21,767 [cuckoo.core.guest] INFO: cuckoo-test11: analysis completed successfully
2021-03-04 14:29:21,780 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Replay
2021-03-04 14:29:21,846 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2021-03-04 14:29:21,847 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm cuckoo-test11
2021-03-04 14:29:22,095 [cuckoo.core.resultserver] DEBUG: Task #89 had connection reset for
2021-03-04 14:29:23,483 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.56.101 for task #89
2021-03-04 14:29:23,687 [cuckoo.core.scheduler] DEBUG: Released database task #89
2021-03-04 14:29:23,698 [cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" for task #89
2021-03-04 14:29:23,934 [cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" for task #89
2021-03-04 14:29:23,970 [cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" for task #89
2021-03-04 14:29:23,970 [cuckoo.core.plugins] DEBUG: Executed processing module "DroppedBuffer" for task #89
2021-03-04 14:29:25,850 [cuckoo.core.plugins] DEBUG: Executed processing module "MetaInfo" for task #89
2021-03-04 14:29:28,277 [cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" for task #89
2021-03-04 14:29:28,278 [cuckoo.core.plugins] DEBUG: Executed processing module "Procmon" for task #89
2021-03-04 14:29:28,278 [cuckoo.core.plugins] DEBUG: Executed processing module "Screenshots" for task #89
2021-03-04 14:29:28,278 [cuckoo.core.plugins] DEBUG: Executed processing module "Static" for task #89
2021-03-04 14:29:28,279 [cuckoo.core.plugins] DEBUG: Executed processing module "Strings" for task #89
2021-03-04 14:29:28,280 [cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" for task #89
2021-03-04 14:29:28,288 [cuckoo.processing.network] DEBUG: DNS target go.microsoft.com whitelisted. Skipping ...
2021-03-04 14:29:28,288 [cuckoo.processing.network] DEBUG: DNS target go.microsoft.com whitelisted. Skipping ...
2021-03-04 14:29:28,289 [cuckoo.processing.network] DEBUG: DNS target teredo.ipv6.microsoft.com whitelisted. Skipping ...
2021-03-04 14:29:28,289 [cuckoo.processing.network] DEBUG: DNS target teredo.ipv6.microsoft.com whitelisted. Skipping ...
2021-03-04 14:29:28,289 [cuckoo.processing.network] DEBUG: DNS target www.msftncsi.com whitelisted. Skipping ...
2021-03-04 14:29:28,289 [cuckoo.processing.network] DEBUG: DNS target www.msftncsi.com whitelisted. Skipping ...
2021-03-04 14:29:28,295 [cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" for task #89
2021-03-04 14:29:28,296 [cuckoo.core.plugins] DEBUG: Executed processing module "Extracted" for task #89
2021-03-04 14:29:28,296 [cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" for task #89
2021-03-04 14:29:28,297 [cuckoo.core.plugins] DEBUG: Executed processing module "Debug" for task #89
2021-03-04 14:29:28,310 [cuckoo.core.plugins] DEBUG: Running 542 signatures
2021-03-04 14:29:29,226 [cuckoo.core.plugins] DEBUG: Analysis matched signature: dead_host
2021-03-04 14:29:29,227 [cuckoo.core.plugins] DEBUG: Analysis matched signature: allocates_rwx
2021-03-04 14:29:29,227 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_memory_available
2021-03-04 14:29:29,227 [cuckoo.core.plugins] DEBUG: Analysis matched signature: memdump_urls
2021-03-04 14:29:29,227 [cuckoo.core.plugins] DEBUG: Analysis matched signature: injection_resumethread
2021-03-04 14:29:29,228 [cuckoo.core.plugins] DEBUG: Analysis matched signature: uses_windows_utilities
2021-03-04 14:29:30,271 [cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump"
2021-03-04 14:29:30,791 [weasyprint] WARNING: Ignored text-rendering: auto at 16:3, unknown property.
2021-03-04 14:29:30,791 [weasyprint] WARNING: Ignored -webkit-font-smoothing: antialiased at 17:3, unknown property.
2021-03-04 14:29:30,791 [weasyprint] WARNING: Ignored -moz-osx-font-smoothing: grayscale at 18:3, unknown property.
2021-03-04 14:29:30,793 [weasyprint] WARNING: Ignored -webkit-animation: fa-spin 2s infinite linear at 91:3, unknown property.
2021-03-04 14:29:30,793 [weasyprint] WARNING: Ignored animation: fa-spin 2s infinite linear at 92:3, unknown property.
2021-03-04 14:29:30,793 [weasyprint] WARNING: Ignored -webkit-animation: fa-spin 1s infinite steps(8) at 95:3, unknown property.
2021-03-04 14:29:30,793 [weasyprint] WARNING: Ignored animation: fa-spin 1s infinite steps(8) at 96:3, unknown property.
2021-03-04 14:29:30,793 [weasyprint] WARNING: Ignored -ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=1)" at 119:3, unknown property.
2021-03-04 14:29:30,793 [weasyprint] WARNING: Ignored -webkit-transform: rotate(90deg) at 120:3, unknown property.
2021-03-04 14:29:30,794 [weasyprint] WARNING: Ignored -ms-transform: rotate(90deg) at 121:3, unknown property.
2021-03-04 14:29:30,794 [weasyprint] WARNING: Ignored -ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=2)" at 125:3, unknown property.
2021-03-04 14:29:30,794 [weasyprint] WARNING: Ignored -webkit-transform: rotate(180deg) at 126:3, unknown property.
2021-03-04 14:29:30,794 [weasyprint] WARNING: Ignored -ms-transform: rotate(180deg) at 127:3, unknown property.
2021-03-04 14:29:30,794 [weasyprint] WARNING: Ignored -ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=3)" at 131:3, unknown property.
2021-03-04 14:29:30,794 [weasyprint] WARNING: Ignored -webkit-transform: rotate(270deg) at 132:3, unknown property.
2021-03-04 14:29:30,794 [weasyprint] WARNING: Ignored -ms-transform: rotate(270deg) at 133:3, unknown property.
2021-03-04 14:29:30,795 [weasyprint] WARNING: Ignored -ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)" at 137:3, unknown property.
2021-03-04 14:29:30,795 [weasyprint] WARNING: Ignored -webkit-transform: scale(-1, 1) at 138:3, unknown property.
2021-03-04 14:29:30,795 [weasyprint] WARNING: Ignored -ms-transform: scale(-1, 1) at 139:3, unknown property.
2021-03-04 14:29:30,795 [weasyprint] WARNING: Ignored -ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)" at 143:3, unknown property.
2021-03-04 14:29:30,795 [weasyprint] WARNING: Ignored -webkit-transform: scale(1, -1) at 144:3, unknown property.
2021-03-04 14:29:30,795 [weasyprint] WARNING: Ignored -ms-transform: scale(1, -1) at 145:3, unknown property.
2021-03-04 14:29:30,796 [weasyprint] WARNING: Ignored filter: none at 153:3, unknown property.
2021-03-04 14:29:30,839 [weasyprint] WARNING: Ignored -ms-text-size-adjust: 100% at 2353:3, unknown property.
2021-03-04 14:29:30,839 [weasyprint] WARNING: Ignored -webkit-text-size-adjust: 100% at 2354:3, unknown property.
2021-03-04 14:29:30,840 [weasyprint] WARNING: Ignored -webkit-text-decoration-skip: objects at 2444:3, unknown property.
2021-03-04 14:29:30,841 [weasyprint] WARNING: Ignored text-decoration: underline dotted at 2465:3, invalid value.
2021-03-04 14:29:30,842 [weasyprint] WARNING: Ignored -webkit-appearance: button at 2630:3, unknown property.
2021-03-04 14:29:30,843 [weasyprint] WARNING: Invalid or unsupported selector 'button::-moz-focus-inner,
[type="button"]::-moz-focus-inner,
[type="reset"]::-moz-focus-inner,
[type="submit"]::-moz-focus-inner ', Unknown pseudo-element: -moz-focus-inner
2021-03-04 14:29:30,843 [weasyprint] WARNING: Ignored outline: 1px dotted ButtonText at 2653:3, invalid value.
2021-03-04 14:29:30,844 [weasyprint] WARNING: Invalid or unsupported selector '[type="number"]::-webkit-inner-spin-button,
[type="number"]::-webkit-outer-spin-button ', Unknown pseudo-element: -webkit-inner-spin-button
2021-03-04 14:29:30,844 [weasyprint] WARNING: Ignored -webkit-appearance: textfield at 2726:3, unknown property.
2021-03-04 14:29:30,844 [weasyprint] WARNING: Ignored outline-offset: -2px at 2727:3, unknown property.
2021-03-04 14:29:30,844 [weasyprint] WARNING: Ignored -webkit-appearance: none at 2736:3, unknown property.
2021-03-04 14:29:30,844 [weasyprint] WARNING: Ignored -webkit-appearance: button at 2745:3, unknown property.
2021-03-04 14:29:30,845 [weasyprint] WARNING: Invalid or unsupported selector '::-webkit-file-upload-button ', Unknown pseudo-element: -webkit-file-upload-button
2021-03-04 14:29:30,845 [weasyprint] WARNING: Invalid or unsupported selector 'details, /* 1 */
menu ', (<Comment 1 >, u'expected a compound selector, got comment')
2021-03-04 14:29:30,845 [weasyprint] WARNING: Ignored -webkit-font-smoothing: antialiased at 2804:2, unknown property.
2021-03-04 14:29:30,846 [weasyprint] WARNING: Ignored -webkit-box-sizing: border-box at 2810:2, unknown property.
2021-03-04 14:29:30,846 [weasyprint] WARNING: Ignored -moz-box-sizing: border-box at 2811:2, unknown property.
2021-03-04 14:29:30,846 [weasyprint] WARNING: Ignored display: flex at 2840:2, invalid value.
2021-03-04 14:29:30,847 [weasyprint] WARNING: Ignored align-items: center at 2841:2, unknown property.
2021-03-04 14:29:30,847 [weasyprint] WARNING: Ignored flex-basis: 93px at 2848:2, unknown property.
2021-03-04 14:29:30,848 [weasyprint] WARNING: Ignored display: flex at 2883:25, invalid value.
2021-03-04 14:29:30,848 [weasyprint] WARNING: Ignored flex-basis: 100% at 2884:29, unknown property.
2021-03-04 14:29:30,848 [weasyprint] WARNING: Ignored flex-grow: 0 at 2885:39, unknown property.
2021-03-04 14:29:30,849 [weasyprint] WARNING: Ignored cursor: pointer at 2897:39, the property does not apply for the print media.
2021-03-04 14:29:30,850 [weasyprint] WARNING: Ignored box-shadow: 0px 1px 0px rgba(255,255,255,1) at 2912:2, unknown property.
2021-03-04 14:29:30,851 [weasyprint] WARNING: Ignored display: flex at 2953:2, invalid value.
2021-03-04 14:29:30,851 [weasyprint] WARNING: Ignored flex-direction: column at 2954:2, unknown property.
2021-03-04 14:29:30,851 [weasyprint] WARNING: Ignored display: flex at 2962:3, invalid value.
2021-03-04 14:29:30,851 [weasyprint] WARNING: Ignored align-items: center at 2963:3, unknown property.
2021-03-04 14:29:30,853 [weasyprint] WARNING: Ignored text-rendering: auto at 3033:6, unknown property.
2021-03-04 14:29:30,853 [weasyprint] WARNING: Ignored -webkit-font-smoothing: antialiased at 3034:6, unknown property.
2021-03-04 14:29:30,854 [weasyprint] WARNING: Ignored -moz-osx-font-smoothing: grayscale at 3035:6, unknown property.
2021-03-04 14:29:30,859 [weasyprint] WARNING: Ignored display: flex at 3143:2, invalid value.
2021-03-04 14:29:30,859 [weasyprint] WARNING: Ignored flex-flow: row wrap at 3144:2, unknown property.
2021-03-04 14:29:30,859 [weasyprint] WARNING: Ignored flex-basis: 50% at 3148:3, unknown property.
2021-03-04 14:29:30,859 [weasyprint] WARNING: Ignored flex-shrink: 0 at 3149:3, unknown property.
2021-03-04 14:29:30,862 [weasyprint] WARNING: Ignored box-shadow: 0px 1px 0px rgba(0,0,0,.1) at 3250:2, unknown property.
2021-03-04 14:29:30,863 [weasyprint] WARNING: Ignored display: inline-flex at 3265:2, invalid value.
2021-03-04 14:29:30,863 [weasyprint] WARNING: Ignored align-items: center at 3266:2, unknown property.
2021-03-04 14:29:30,865 [weasyprint] WARNING: Ignored cursor: default at 3304:3, the property does not apply for the print media.
2021-03-04 14:29:30,865 [weasyprint] WARNING: Ignored display: inline-flex at 3309:2, invalid value.
2021-03-04 14:29:30,865 [weasyprint] WARNING: Ignored align-items: center at 3310:2, unknown property.
2021-03-04 14:29:30,872 [weasyprint] ERROR: Failed to load font at "data:application/font-woff2;charset=utf-8;base6...

#########################
Cuckoo log

2021-03-04 14:28:13,060 [cuckoo.core.scheduler] INFO: Task #89: acquired machine cuckoo-test11 (label=cuckoo-test11)
2021-03-04 14:28:13,060 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.56.101 for task #89
2021-03-04 14:28:13,060 [cuckoo.core.plugins] DEBUG: Started auxiliary module: Replay
2021-03-04 14:28:13,221 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 10705 (interface=vboxnet0, host=192.168.56.101)
2021-03-04 14:28:13,222 [cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer
2021-03-04 14:28:13,234 [cuckoo.machinery.virtualbox] DEBUG: Starting vm cuckoo-test11
2021-03-04 14:28:13,449 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine cuckoo-test11 to vmcloak3
2021-03-04 14:28:18,075 [cuckoo.core.guest] INFO: Starting analysis #89 on guest (id=cuckoo-test11, ip=192.168.56.101)
2021-03-04 14:28:19,080 [cuckoo.core.guest] DEBUG: cuckoo-test11: not ready yet
2021-03-04 14:28:20,086 [cuckoo.core.guest] DEBUG: cuckoo-test11: not ready yet
2021-03-04 14:28:20,905 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=cuckoo-test11, ip=192.168.56.101)
2021-03-04 14:28:20,936 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=cuckoo-test11, ip=192.168.56.101, monitor=latest, size=4118743)
2021-03-04 14:28:21,167 [cuckoo.core.resultserver] DEBUG: Task #89: live log analysis.log initialized.
2021-03-04 14:28:21,468 [cuckoo.core.resultserver] DEBUG: Task #89 is sending a BSON stream
2021-03-04 14:28:21,685 [cuckoo.core.resultserver] DEBUG: Task #89 is sending a BSON stream
2021-03-04 14:28:21,967 [cuckoo.core.resultserver] DEBUG: Task #89 is sending a BSON stream
2021-03-04 14:28:22,149 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'memory/2156-1.dmp'
2021-03-04 14:28:22,153 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 4137680
2021-03-04 14:28:22,253 [cuckoo.core.resultserver] DEBUG: Task #89 is sending a BSON stream
2021-03-04 14:28:22,548 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'memory/2280-1.dmp'
2021-03-04 14:28:22,602 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 57790864
2021-03-04 14:28:22,654 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/6d8a01dc7647bc21_search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico'
2021-03-04 14:28:22,655 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 237
2021-03-04 14:28:23,763 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/1ff3334c3eb27033_dnserror[1]'
2021-03-04 14:28:23,764 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 5947
2021-03-04 14:28:23,799 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/8d018639281b33da_ErrorPageTemplate[1]'
2021-03-04 14:28:23,799 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 2168
2021-03-04 14:28:23,811 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/eb5678de9d8f29ca_errorPageStrings[2]'
2021-03-04 14:28:23,812 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 1817
2021-03-04 14:28:23,847 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/58268ca71a28973b_httpErrorPagesScripts[1]'
2021-03-04 14:28:23,848 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 8601
2021-03-04 14:28:23,853 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/6976c426e3ac66d6_noConnect[1]'
2021-03-04 14:28:23,853 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 8230
2021-03-04 14:28:23,859 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/1471693be91e53c2_background_gradient[1]'
2021-03-04 14:28:23,860 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 453
2021-03-04 14:28:23,870 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/70f316a5492848bb_down[1]'
2021-03-04 14:28:23,870 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 3414
2021-03-04 14:28:23,876 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/07d07a467e4988d3_favcenter[1]'
2021-03-04 14:28:23,877 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 3366
2021-03-04 14:28:23,881 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/62a7038cc42c1482_tools[1]'
2021-03-04 14:28:23,882 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 3560
2021-03-04 14:28:26,115 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:28:31,172 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:28:36,231 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:28:41,293 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:28:46,357 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:28:51,412 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:28:56,468 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:29:01,548 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:29:06,604 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:29:11,663 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:29:16,721 [cuckoo.core.guest] DEBUG: cuckoo-test11: analysis #89 still processing
2021-03-04 14:29:20,871 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'memory/2472-1.dmp'
2021-03-04 14:29:20,948 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 91869528
2021-03-04 14:29:21,079 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'memory/2156-2.dmp'
2021-03-04 14:29:21,171 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 90761952
2021-03-04 14:29:21,178 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/415764d860c06a24_{77800d8e-7ced-11eb-b699-4ef6f19ac246}.dat'
2021-03-04 14:29:21,178 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 4608
2021-03-04 14:29:21,180 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/7c9145fe38aa7c5b_webbrowser.pyc'
2021-03-04 14:29:21,180 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 19554
2021-03-04 14:29:21,184 [cuckoo.core.resultserver] DEBUG: Task #89: File upload for 'files/0789bde8068f10be_recoverystore.{77800d8d-7ced-11eb-b699-4ef6f19ac246}.dat'
2021-03-04 14:29:21,185 [cuckoo.core.resultserver] DEBUG: Task #89 uploaded file length: 3584
2021-03-04 14:29:21,767 [cuckoo.core.guest] INFO: cuckoo-test11: analysis completed successfully
2021-03-04 14:29:21,780 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Replay
2021-03-04 14:29:21,846 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2021-03-04 14:29:21,847 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm cuckoo-test11
2021-03-04 14:29:22,095 [cuckoo.core.resultserver] DEBUG: Task #89 had connection reset for
2021-03-04 14:29:23,483 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.56.101 for task #89
2021-03-04 14:29:23,687 [cuckoo.core.scheduler] DEBUG: Released database task #89
2021-03-04 14:29:23,698 [cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" for task #89
2021-03-04 14:29:23,934 [cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" for task #89
2021-03-04 14:29:23,970 [cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" for task #89
2021-03-04 14:29:23,970 [cuckoo.core.plugins] DEBUG: Executed processing module "DroppedBuffer" for task #89
2021-03-04 14:29:25,850 [cuckoo.core.plugins] DEBUG: Executed processing module "MetaInfo" for task #89
2021-03-04 14:29:28,277 [cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" for task #89
2021-03-04 14:29:28,278 [cuckoo.core.plugins] DEBUG: Executed processing module "Procmon" for task #89
2021-03-04 14:29:28,278 [cuckoo.core.plugins] DEBUG: Executed processing module "Screenshots" for task #89
2021-03-04 14:29:28,278 [cuckoo.core.plugins] DEBUG: Executed processing module "Static" for task #89
2021-03-04 14:29:28,279 [cuckoo.core.plugins] DEBUG: Executed processing module "Strings" for task #89
2021-03-04 14:29:28,280 [cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" for task #89
2021-03-04 14:29:28,288 [cuckoo.processing.network] DEBUG: DNS target go.microsoft.com whitelisted. Skipping ...
2021-03-04 14:29:28,288 [cuckoo.processing.network] DEBUG: DNS target go.microsoft.com whitelisted. Skipping ...
2021-03-04 14:29:28,289 [cuckoo.processing.network] DEBUG: DNS target teredo.ipv6.microsoft.com whitelisted. Skipping ...
2021-03-04 14:29:28,289 [cuckoo.processing.network] DEBUG: DNS target teredo.ipv6.microsoft.com whitelisted. Skipping ...
2021-03-04 14:29:28,289 [cuckoo.processing.network] DEBUG: DNS target www.msftncsi.com whitelisted. Skipping ...
2021-03-04 14:29:28,289 [cuckoo.processing.network] DEBUG: DNS target www.msftncsi.com whitelisted. Skipping ...
2021-03-04 14:29:28,295 [cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" for task #89
2021-03-04 14:29:28,296 [cuckoo.core.plugins] DEBUG: Executed processing module "Extracted" for task #89
2021-03-04 14:29:28,296 [cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" for task #89
2021-03-04 14:29:28,297 [cuckoo.core.plugins] DEBUG: Executed processing module "Debug" for task #89
2021-03-04 14:29:28,310 [cuckoo.core.plugins] DEBUG: Running 542 signatures
2021-03-04 14:29:29,226 [cuckoo.core.plugins] DEBUG: Analysis matched signature: dead_host
2021-03-04 14:29:29,227 [cuckoo.core.plugins] DEBUG: Analysis matched signature: allocates_rwx
2021-03-04 14:29:29,227 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_memory_available
2021-03-04 14:29:29,227 [cuckoo.core.plugins] DEBUG: Analysis matched signature: memdump_urls
2021-03-04 14:29:29,227 [cuckoo.core.plugins] DEBUG: Analysis matched signature: injection_resumethread
2021-03-04 14:29:29,228 [cuckoo.core.plugins] DEBUG: Analysis matched signature: uses_windows_utilities
2021-03-04 14:29:30,271 [cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump"
2021-03-04 14:29:30,791 [weasyprint] WARNING: Ignored text-rendering: auto at 16:3, unknown property.
2021-03-04 14:29:30,791 [weasyprint] WARNING: Ignored -webkit-font-smoothing: antialiased at 17:3, unknown property.
2021-03-04 14:29:30,791 [weasyprint] WARNING: Ignored -moz-osx-font-smoothing: grayscale at 18:3, unknown property.
2021-03-04 14:29:30,793 [weasyprint] WARNING: Ignored -webkit-animation: fa-spin 2s infinite linear at 91:3, unknown property.
2021-03-04 14:29:30,793 [weasyprint] WARNING: Ignored animation: fa-spin 2s infinite linear at 92:3, unknown property.
2021-03-04 14:29:30,793 [weasyprint] WARNING: Ignored -webkit-animation: fa-spin 1s infinite steps(8) at 95:3, unknown property.
2021-03-04 14:29:30,793 [weasyprint] WARNING: Ignored animation: fa-spin 1s infinite steps(8) at 96:3, unknown property.
2021-03-04 14:29:30,793 [weasyprint] WARNING: Ignored -ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=1)" at 119:3, unknown property.
2021-03-04 14:29:30,793 [weasyprint] WARNING: Ignored -webkit-transform: rotate(90deg) at 120:3, unknown property.
2021-03-04 14:29:30,794 [weasyprint] WARNING: Ignored -ms-transform: rotate(90deg) at 121:3, unknown property.
2021-03-04 14:29:30,794 [weasyprint] WARNING: Ignored -ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=2)" at 125:3, unknown property.
2021-03-04 14:29:30,794 [weasyprint] WARNING: Ignored -webkit-transform: rotate(180deg) at 126:3, unknown property.
2021-03-04 14:29:30,794 [weasyprint] WARNING: Ignored -ms-transform: rotate(180deg) at 127:3, unknown property.
2021-03-04 14:29:30,794 [weasyprint] WARNING: Ignored -ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=3)" at 131:3, unknown property.
2021-03-04 14:29:30,794 [weasyprint] WARNING: Ignored -webkit-transform: rotate(270deg) at 132:3, unknown property.
2021-03-04 14:29:30,794 [weasyprint] WARNING: Ignored -ms-transform: rotate(270deg) at 133:3, unknown property.
2021-03-04 14:29:30,795 [weasyprint] WARNING: Ignored -ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)" at 137:3, unknown property.
2021-03-04 14:29:30,795 [weasyprint] WARNING: Ignored -webkit-transform: scale(-1, 1) at 138:3, unknown property.
2021-03-04 14:29:30,795 [weasyprint] WARNING: Ignored -ms-transform: scale(-1, 1) at 139:3, unknown property.
2021-03-04 14:29:30,795 [weasyprint] WARNING: Ignored -ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)" at 143:3, unknown property.
2021-03-04 14:29:30,795 [weasyprint] WARNING: Ignored -webkit-transform: scale(1, -1) at 144:3, unknown property.
2021-03-04 14:29:30,795 [weasyprint] WARNING: Ignored -ms-transform: scale(1, -1) at 145:3, unknown property.
2021-03-04 14:29:30,796 [weasyprint] WARNING: Ignored filter: none at 153:3, unknown property.
2021-03-04 14:29:30,839 [weasyprint] WARNING: Ignored -ms-text-size-adjust: 100% at 2353:3, unknown property.
2021-03-04 14:29:30,839 [weasyprint] WARNING: Ignored -webkit-text-size-adjust: 100% at 2354:3, unknown property.
2021-03-04 14:29:30,840 [weasyprint] WARNING: Ignored -webkit-text-decoration-skip: objects at 2444:3, unknown property.
2021-03-04 14:29:30,841 [weasyprint] WARNING: Ignored text-decoration: underline dotted at 2465:3, invalid value.
2021-03-04 14:29:30,842 [weasyprint] WARNING: Ignored -webkit-appearance: button at 2630:3, unknown property.
2021-03-04 14:29:30,843 [weasyprint] WARNING: Invalid or unsupported selector 'button::-moz-focus-inner,
[type="button"]::-moz-focus-inner,
[type="reset"]::-moz-focus-inner,
[type="submit"]::-moz-focus-inner ', Unknown pseudo-element: -moz-focus-inner
2021-03-04 14:29:30,843 [weasyprint] WARNING: Ignored outline: 1px dotted ButtonText at 2653:3, invalid value.
2021-03-04 14:29:30,844 [weasyprint] WARNING: Invalid or unsupported selector '[type="number"]::-webkit-inner-spin-button,
[type="number"]::-webkit-outer-spin-button ', Unknown pseudo-element: -webkit-inner-spin-button
2021-03-04 14:29:30,844 [weasyprint] WARNING: Ignored -webkit-appearance: textfield at 2726:3, unknown property.
2021-03-04 14:29:30,844 [weasyprint] WARNING: Ignored outline-offset: -2px at 2727:3, unknown property.
2021-03-04 14:29:30,844 [weasyprint] WARNING: Ignored -webkit-appearance: none at 2736:3, unknown property.
2021-03-04 14:29:30,844 [weasyprint] WARNING: Ignored -webkit-appearance: button at 2745:3, unknown property.
2021-03-04 14:29:30,845 [weasyprint] WARNING: Invalid or unsupported selector '::-webkit-file-upload-button ', Unknown pseudo-element: -webkit-file-upload-button
2021-03-04 14:29:30,845 [weasyprint] WARNING: Invalid or unsupported selector 'details, /* 1 */
menu ', (<Comment 1 >, u'expected a compound selector, got comment')
2021-03-04 14:29:30,845 [weasyprint] WARNING: Ignored -webkit-font-smoothing: antialiased at 2804:2, unknown property.
2021-03-04 14:29:30,846 [weasyprint] WARNING: Ignored -webkit-box-sizing: border-box at 2810:2, unknown property.
2021-03-04 14:29:30,846 [weasyprint] WARNING: Ignored -moz-box-sizing: border-box at 2811:2, unknown property.
2021-03-04 14:29:30,846 [weasyprint] WARNING: Ignored display: flex at 2840:2, invalid value.
2021-03-04 14:29:30,847 [weasyprint] WARNING: Ignored align-items: center at 2841:2, unknown property.
2021-03-04 14:29:30,847 [weasyprint] WARNING: Ignored flex-basis: 93px at 2848:2, unknown property.
2021-03-04 14:29:30,848 [weasyprint] WARNING: Ignored display: flex at 2883:25, invalid value.
2021-03-04 14:29:30,848 [weasyprint] WARNING: Ignored flex-basis: 100% at 2884:29, unknown property.
2021-03-04 14:29:30,848 [weasyprint] WARNING: Ignored flex-grow: 0 at 2885:39, unknown property.
2021-03-04 14:29:30,849 [weasyprint] WARNING: Ignored cursor: pointer at 2897:39, the property does not apply for the print media.
2021-03-04 14:29:30,850 [weasyprint] WARNING: Ignored box-shadow: 0px 1px 0px rgba(255,255,255,1) at 2912:2, unknown property.
2021-03-04 14:29:30,851 [weasyprint] WARNING: Ignored display: flex at 2953:2, invalid value.
2021-03-04 14:29:30,851 [weasyprint] WARNING: Ignored flex-direction: column at 2954:2, unknown property.
2021-03-04 14:29:30,851 [weasyprint] WARNING: Ignored display: flex at 2962:3, invalid value.
2021-03-04 14:29:30,851 [weasyprint] WARNING: Ignored align-items: center at 2963:3, unknown property.
2021-03-04 14:29:30,853 [weasyprint] WARNING: Ignored text-rendering: auto at 3033:6, unknown property.
2021-03-04 14:29:30,853 [weasyprint] WARNING: Ignored -webkit-font-smoothing: antialiased at 3034:6, unknown property.
2021-03-04 14:29:30,854 [weasyprint] WARNING: Ignored -moz-osx-font-smoothing: grayscale at 3035:6, unknown property.
2021-03-04 14:29:30,859 [weasyprint] WARNING: Ignored display: flex at 3143:2, invalid value.
2021-03-04 14:29:30,859 [weasyprint] WARNING: Ignored flex-flow: row wrap at 3144:2, unknown property.
2021-03-04 14:29:30,859 [weasyprint] WARNING: Ignored flex-basis: 50% at 3148:3, unknown property.
2021-03-04 14:29:30,859 [weasyprint] WARNING: Ignored flex-shrink: 0 at 3149:3, unknown property.
2021-03-04 14:29:30,862 [weasyprint] WARNING: Ignored box-shadow: 0px 1px 0px rgba(0,0,0,.1) at 3250:2, unknown property.
2021-03-04 14:29:30,863 [weasyprint] WARNING: Ignored display: inline-flex at 3265:2, invalid value.
2021-03-04 14:29:30,863 [weasyprint] WARNING: Ignored align-items: center at 3266:2, unknown property.
2021-03-04 14:29:30,865 [weasyprint] WARNING: Ignored cursor: default at 3304:3, the property does not apply for the print media.
2021-03-04 14:29:30,865 [weasyprint] WARNING: Ignored display: inline-flex at 3309:2, invalid value.
2021-03-04 14:29:30,865 [weasyprint] WARNING: Ignored align-items: center at 3310:2, unknown property.
2021-03-04 14:29:30,872 [weasyprint] ERROR: Failed to load font at "data:application/font-woff2;charset=utf-8;base64,d09GMgABAAAAAS1oAA0AAAAChpgAAS0O...
#########################

#########################
cuckoo -d

                      .:
                      ::
.-.     ,  :   .-.    ;;.-.  .-.   .-.

; ; ; ; ;; .' ; ;'; ;'
;;;;'.'..:;._;;;;'_.' .;;' `;;'

Cuckoo Sandbox 2.0.7
www.cuckoosandbox.org
Copyright (c) 2010-2018

2021-03-04 14:30:22,952 [cuckoo.core.database] DEBUG: Using database-wide lock for sqlite
2021-03-04 14:30:23,071 [cuckoo.core.startup] DEBUG: Imported modules...
2021-03-04 14:30:23,074 [cuckoo.core.startup] DEBUG: Imported "auxiliary" modules:
2021-03-04 14:30:23,074 [cuckoo.core.startup] DEBUG: |-- MITM
2021-03-04 14:30:23,074 [cuckoo.core.startup] DEBUG: |-- Reboot
2021-03-04 14:30:23,074 [cuckoo.core.startup] DEBUG: |-- Replay
2021-03-04 14:30:23,074 [cuckoo.core.startup] DEBUG: |-- Services
2021-03-04 14:30:23,074 [cuckoo.core.startup] DEBUG: -- Sniffer 2021-03-04 14:30:23,074 [cuckoo.core.startup] DEBUG: Imported "machinery" modules: 2021-03-04 14:30:23,074 [cuckoo.core.startup] DEBUG: |-- vSphere 2021-03-04 14:30:23,074 [cuckoo.core.startup] DEBUG: |-- KVM 2021-03-04 14:30:23,075 [cuckoo.core.startup] DEBUG: |-- ESX 2021-03-04 14:30:23,075 [cuckoo.core.startup] DEBUG: |-- XenServer 2021-03-04 14:30:23,075 [cuckoo.core.startup] DEBUG: |-- VirtualBox 2021-03-04 14:30:23,075 [cuckoo.core.startup] DEBUG: |-- Avd 2021-03-04 14:30:23,075 [cuckoo.core.startup] DEBUG: |-- QEMU 2021-03-04 14:30:23,075 [cuckoo.core.startup] DEBUG: |-- VMware 2021-03-04 14:30:23,075 [cuckoo.core.startup] DEBUG: -- Physical
2021-03-04 14:30:23,075 [cuckoo.core.startup] DEBUG: Imported "processing" modules:
2021-03-04 14:30:23,075 [cuckoo.core.startup] DEBUG: |-- AnalysisInfo
2021-03-04 14:30:23,075 [cuckoo.core.startup] DEBUG: |-- ApkInfo
2021-03-04 14:30:23,075 [cuckoo.core.startup] DEBUG: |-- Baseline
2021-03-04 14:30:23,075 [cuckoo.core.startup] DEBUG: |-- BehaviorAnalysis
2021-03-04 14:30:23,075 [cuckoo.core.startup] DEBUG: |-- Debug
2021-03-04 14:30:23,075 [cuckoo.core.startup] DEBUG: |-- Droidmon
2021-03-04 14:30:23,075 [cuckoo.core.startup] DEBUG: |-- Dropped
2021-03-04 14:30:23,075 [cuckoo.core.startup] DEBUG: |-- DroppedBuffer
2021-03-04 14:30:23,075 [cuckoo.core.startup] DEBUG: |-- Extracted
2021-03-04 14:30:23,075 [cuckoo.core.startup] DEBUG: |-- GooglePlay
2021-03-04 14:30:23,076 [cuckoo.core.startup] DEBUG: |-- Irma
2021-03-04 14:30:23,076 [cuckoo.core.startup] DEBUG: |-- Memory
2021-03-04 14:30:23,076 [cuckoo.core.startup] DEBUG: |-- MetaInfo
2021-03-04 14:30:23,076 [cuckoo.core.startup] DEBUG: |-- MISP
2021-03-04 14:30:23,076 [cuckoo.core.startup] DEBUG: |-- NetworkAnalysis
2021-03-04 14:30:23,076 [cuckoo.core.startup] DEBUG: |-- ProcessMemory
2021-03-04 14:30:23,076 [cuckoo.core.startup] DEBUG: |-- Procmon
2021-03-04 14:30:23,076 [cuckoo.core.startup] DEBUG: |-- Screenshots
2021-03-04 14:30:23,076 [cuckoo.core.startup] DEBUG: |-- Snort
2021-03-04 14:30:23,076 [cuckoo.core.startup] DEBUG: |-- Static
2021-03-04 14:30:23,076 [cuckoo.core.startup] DEBUG: |-- Strings
2021-03-04 14:30:23,076 [cuckoo.core.startup] DEBUG: |-- Suricata
2021-03-04 14:30:23,076 [cuckoo.core.startup] DEBUG: |-- TargetInfo
2021-03-04 14:30:23,076 [cuckoo.core.startup] DEBUG: |-- TLSMasterSecrets
2021-03-04 14:30:23,076 [cuckoo.core.startup] DEBUG: -- VirusTotal 2021-03-04 14:30:23,076 [cuckoo.core.startup] DEBUG: Imported "signatures" modules: 2021-03-04 14:30:23,076 [cuckoo.core.startup] DEBUG: |-- AndroidAbortBroadcast 2021-03-04 14:30:23,076 [cuckoo.core.startup] DEBUG: |-- AndroidAccountInfo 2021-03-04 14:30:23,076 [cuckoo.core.startup] DEBUG: |-- AndroidAppInfo 2021-03-04 14:30:23,077 [cuckoo.core.startup] DEBUG: |-- AndroidAudio 2021-03-04 14:30:23,077 [cuckoo.core.startup] DEBUG: |-- AndroidCamera 2021-03-04 14:30:23,077 [cuckoo.core.startup] DEBUG: |-- AndroidDangerousPermissions 2021-03-04 14:30:23,077 [cuckoo.core.startup] DEBUG: |-- AndroidDeletedApp 2021-03-04 14:30:23,077 [cuckoo.core.startup] DEBUG: |-- AndroidDynamicCode 2021-03-04 14:30:23,077 [cuckoo.core.startup] DEBUG: |-- AndroidEmbeddedApk 2021-03-04 14:30:23,077 [cuckoo.core.startup] DEBUG: |-- AndroidGooglePlayDiff 2021-03-04 14:30:23,077 [cuckoo.core.startup] DEBUG: |-- AndroidInstalledApps 2021-03-04 14:30:23,077 [cuckoo.core.startup] DEBUG: |-- AndroidNativeCode 2021-03-04 14:30:23,077 [cuckoo.core.startup] DEBUG: |-- AndroidPhoneNumber 2021-03-04 14:30:23,077 [cuckoo.core.startup] DEBUG: |-- AndroidPrivateInfoQuery 2021-03-04 14:30:23,077 [cuckoo.core.startup] DEBUG: |-- AndroidReflectionCode 2021-03-04 14:30:23,077 [cuckoo.core.startup] DEBUG: |-- AndroidRegisteredReceiver 2021-03-04 14:30:23,077 [cuckoo.core.startup] DEBUG: |-- AndroidShellCommands 2021-03-04 14:30:23,077 [cuckoo.core.startup] DEBUG: |-- AndroidSMS 2021-03-04 14:30:23,077 [cuckoo.core.startup] DEBUG: |-- AndroidStopProcess 2021-03-04 14:30:23,077 [cuckoo.core.startup] DEBUG: |-- ApplicationUsesLocation 2021-03-04 14:30:23,077 [cuckoo.core.startup] DEBUG: |-- KnownVirustotal 2021-03-04 14:30:23,078 [cuckoo.core.startup] DEBUG: |-- AntiAnalysisJavascript 2021-03-04 14:30:23,078 [cuckoo.core.startup] DEBUG: |-- DumpedBuffer 2021-03-04 14:30:23,078 [cuckoo.core.startup] DEBUG: |-- DumpedBuffer2 2021-03-04 14:30:23,078 [cuckoo.core.startup] DEBUG: |-- EncryptionKeys 2021-03-04 14:30:23,078 [cuckoo.core.startup] DEBUG: |-- EvalJS 2021-03-04 14:30:23,078 [cuckoo.core.startup] DEBUG: |-- HtmlFlash 2021-03-04 14:30:23,078 [cuckoo.core.startup] DEBUG: |-- JsIframe 2021-03-04 14:30:23,078 [cuckoo.core.startup] DEBUG: |-- PDFAttachments 2021-03-04 14:30:23,078 [cuckoo.core.startup] DEBUG: |-- PDFJavaScript 2021-03-04 14:30:23,078 [cuckoo.core.startup] DEBUG: |-- PDFOpenAction 2021-03-04 14:30:23,078 [cuckoo.core.startup] DEBUG: |-- PDFOpenActionJS 2021-03-04 14:30:23,078 [cuckoo.core.startup] DEBUG: |-- SuspiciousJavascript 2021-03-04 14:30:23,078 [cuckoo.core.startup] DEBUG: |-- DarwinCodeInjection 2021-03-04 14:30:23,078 [cuckoo.core.startup] DEBUG: |-- TaskForPid 2021-03-04 14:30:23,078 [cuckoo.core.startup] DEBUG: |-- DeadHost 2021-03-04 14:30:23,078 [cuckoo.core.startup] DEBUG: |-- NetworkBIND 2021-03-04 14:30:23,078 [cuckoo.core.startup] DEBUG: |-- NetworkCnCHTTP 2021-03-04 14:30:23,078 [cuckoo.core.startup] DEBUG: |-- NetworkDNSTXTLookup 2021-03-04 14:30:23,078 [cuckoo.core.startup] DEBUG: |-- NetworkDynDNS 2021-03-04 14:30:23,079 [cuckoo.core.startup] DEBUG: |-- NetworkHTTP 2021-03-04 14:30:23,079 [cuckoo.core.startup] DEBUG: |-- NetworkHTTPPOST 2021-03-04 14:30:23,079 [cuckoo.core.startup] DEBUG: |-- NetworkICMP 2021-03-04 14:30:23,079 [cuckoo.core.startup] DEBUG: |-- NetworkIRC 2021-03-04 14:30:23,079 [cuckoo.core.startup] DEBUG: |-- NetworkSMTP 2021-03-04 14:30:23,079 [cuckoo.core.startup] DEBUG: |-- NoLookupCommunication 2021-03-04 14:30:23,079 [cuckoo.core.startup] DEBUG: |-- P2PCnC 2021-03-04 14:30:23,079 [cuckoo.core.startup] DEBUG: |-- SnortAlert 2021-03-04 14:30:23,079 [cuckoo.core.startup] DEBUG: |-- SuricataAlert 2021-03-04 14:30:23,079 [cuckoo.core.startup] DEBUG: |-- Suspicious_TLD 2021-03-04 14:30:23,079 [cuckoo.core.startup] DEBUG: |-- TorGateway 2021-03-04 14:30:23,079 [cuckoo.core.startup] DEBUG: |-- WscriptDownloader 2021-03-04 14:30:23,079 [cuckoo.core.startup] DEBUG: |-- AddsUser 2021-03-04 14:30:23,079 [cuckoo.core.startup] DEBUG: |-- AddsUserAdmin 2021-03-04 14:30:23,079 [cuckoo.core.startup] DEBUG: |-- ADS 2021-03-04 14:30:23,080 [cuckoo.core.startup] DEBUG: |-- Adzok 2021-03-04 14:30:23,080 [cuckoo.core.startup] DEBUG: |-- AlinaFile 2021-03-04 14:30:23,080 [cuckoo.core.startup] DEBUG: |-- AlineURL 2021-03-04 14:30:23,080 [cuckoo.core.startup] DEBUG: |-- AllocatesExecuteRemoteProccess 2021-03-04 14:30:23,080 [cuckoo.core.startup] DEBUG: |-- AllocatesRWX 2021-03-04 14:30:23,080 [cuckoo.core.startup] DEBUG: |-- AmsiBypass 2021-03-04 14:30:23,080 [cuckoo.core.startup] DEBUG: |-- Andromeda 2021-03-04 14:30:23,080 [cuckoo.core.startup] DEBUG: |-- AntiAnalysisDetectFile 2021-03-04 14:30:23,080 [cuckoo.core.startup] DEBUG: |-- AntiAVDetectFile 2021-03-04 14:30:23,080 [cuckoo.core.startup] DEBUG: |-- AntiAVDetectReg 2021-03-04 14:30:23,080 [cuckoo.core.startup] DEBUG: |-- AntiAVServiceStop 2021-03-04 14:30:23,080 [cuckoo.core.startup] DEBUG: |-- AntiAVSRP 2021-03-04 14:30:23,080 [cuckoo.core.startup] DEBUG: |-- AntiDBGDevices 2021-03-04 14:30:23,080 [cuckoo.core.startup] DEBUG: |-- AntiDBGWindows 2021-03-04 14:30:23,080 [cuckoo.core.startup] DEBUG: |-- AntisandboxClipboard 2021-03-04 14:30:23,080 [cuckoo.core.startup] DEBUG: |-- AntiSandboxFile 2021-03-04 14:30:23,080 [cuckoo.core.startup] DEBUG: |-- AntiSandboxForegroundWindow 2021-03-04 14:30:23,080 [cuckoo.core.startup] DEBUG: |-- AntiSandboxIdleTime 2021-03-04 14:30:23,080 [cuckoo.core.startup] DEBUG: |-- AntiSandboxRestart 2021-03-04 14:30:23,081 [cuckoo.core.startup] DEBUG: |-- AntiSandboxSleep 2021-03-04 14:30:23,081 [cuckoo.core.startup] DEBUG: |-- AntiVirusIRMA 2021-03-04 14:30:23,081 [cuckoo.core.startup] DEBUG: |-- AntiVMBios 2021-03-04 14:30:23,081 [cuckoo.core.startup] DEBUG: |-- AntiVMComputernameQuery 2021-03-04 14:30:23,081 [cuckoo.core.startup] DEBUG: |-- AntiVMCPU 2021-03-04 14:30:23,081 [cuckoo.core.startup] DEBUG: |-- AntiVMDiskSize 2021-03-04 14:30:23,081 [cuckoo.core.startup] DEBUG: |-- AntiVMIDE 2021-03-04 14:30:23,081 [cuckoo.core.startup] DEBUG: |-- AntiVMSCSI 2021-03-04 14:30:23,081 [cuckoo.core.startup] DEBUG: |-- AntiVMServices 2021-03-04 14:30:23,081 [cuckoo.core.startup] DEBUG: |-- AntiVMSharedDevice 2021-03-04 14:30:23,081 [cuckoo.core.startup] DEBUG: |-- ApplicationExceptionCrash 2021-03-04 14:30:23,081 [cuckoo.core.startup] DEBUG: |-- AppLockerBypass 2021-03-04 14:30:23,081 [cuckoo.core.startup] DEBUG: |-- APT_Carbunak 2021-03-04 14:30:23,081 [cuckoo.core.startup] DEBUG: |-- APT_CloudAtlas 2021-03-04 14:30:23,081 [cuckoo.core.startup] DEBUG: |-- apt_sandworm_ip 2021-03-04 14:30:23,081 [cuckoo.core.startup] DEBUG: |-- apt_sandworm_url 2021-03-04 14:30:23,081 [cuckoo.core.startup] DEBUG: |-- ArdamaxMutexes 2021-03-04 14:30:23,082 [cuckoo.core.startup] DEBUG: |-- AthenaHttp 2021-03-04 14:30:23,082 [cuckoo.core.startup] DEBUG: |-- AthenaURL 2021-03-04 14:30:23,082 [cuckoo.core.startup] DEBUG: |-- Autorun 2021-03-04 14:30:23,082 [cuckoo.core.startup] DEBUG: |-- AvastDetectLibs 2021-03-04 14:30:23,082 [cuckoo.core.startup] DEBUG: |-- AVDetectionChinaKey 2021-03-04 14:30:23,082 [cuckoo.core.startup] DEBUG: |-- BadCerts 2021-03-04 14:30:23,082 [cuckoo.core.startup] DEBUG: |-- Bagle 2021-03-04 14:30:23,082 [cuckoo.core.startup] DEBUG: |-- Bandook 2021-03-04 14:30:23,082 [cuckoo.core.startup] DEBUG: |-- banker_bancos 2021-03-04 14:30:23,082 [cuckoo.core.startup] DEBUG: |-- BankingMutexes 2021-03-04 14:30:23,082 [cuckoo.core.startup] DEBUG: |-- Banload 2021-03-04 14:30:23,082 [cuckoo.core.startup] DEBUG: |-- Beastdoor 2021-03-04 14:30:23,082 [cuckoo.core.startup] DEBUG: |-- BeebusMutexes 2021-03-04 14:30:23,082 [cuckoo.core.startup] DEBUG: |-- BegseabugTDMutexes 2021-03-04 14:30:23,082 [cuckoo.core.startup] DEBUG: |-- BetabotURL 2021-03-04 14:30:23,082 [cuckoo.core.startup] DEBUG: |-- Bifrose 2021-03-04 14:30:23,082 [cuckoo.core.startup] DEBUG: |-- BitcoinOpenCL 2021-03-04 14:30:23,082 [cuckoo.core.startup] DEBUG: |-- BitcoinWallet 2021-03-04 14:30:23,083 [cuckoo.core.startup] DEBUG: |-- BitdefenderDetectLibs 2021-03-04 14:30:23,083 [cuckoo.core.startup] DEBUG: |-- BlackEnergyMutexes 2021-03-04 14:30:23,083 [cuckoo.core.startup] DEBUG: |-- Blackhole 2021-03-04 14:30:23,083 [cuckoo.core.startup] DEBUG: |-- BlackholeURL 2021-03-04 14:30:23,083 [cuckoo.core.startup] DEBUG: |-- Blackice 2021-03-04 14:30:23,083 [cuckoo.core.startup] DEBUG: |-- BlackposURL 2021-03-04 14:30:23,083 [cuckoo.core.startup] DEBUG: |-- BlackRevMutexes 2021-03-04 14:30:23,083 [cuckoo.core.startup] DEBUG: |-- Blackshades 2021-03-04 14:30:23,083 [cuckoo.core.startup] DEBUG: |-- BladabindiMutexes 2021-03-04 14:30:23,083 [cuckoo.core.startup] DEBUG: |-- BochsDetectKeys 2021-03-04 14:30:23,083 [cuckoo.core.startup] DEBUG: |-- Bootkit 2021-03-04 14:30:23,083 [cuckoo.core.startup] DEBUG: |-- Bottilda 2021-03-04 14:30:23,083 [cuckoo.core.startup] DEBUG: |-- BozokKey 2021-03-04 14:30:23,083 [cuckoo.core.startup] DEBUG: |-- browser_startpage 2021-03-04 14:30:23,083 [cuckoo.core.startup] DEBUG: |-- BrowserSecurity 2021-03-04 14:30:23,083 [cuckoo.core.startup] DEBUG: |-- BrowserStealer 2021-03-04 14:30:23,083 [cuckoo.core.startup] DEBUG: |-- Btcbotnet 2021-03-04 14:30:23,083 [cuckoo.core.startup] DEBUG: |-- Bublik 2021-03-04 14:30:23,084 [cuckoo.core.startup] DEBUG: |-- BuildLangID 2021-03-04 14:30:23,084 [cuckoo.core.startup] DEBUG: |-- BuzusMutexes 2021-03-04 14:30:23,084 [cuckoo.core.startup] DEBUG: |-- BypassFirewall 2021-03-04 14:30:23,084 [cuckoo.core.startup] DEBUG: |-- c24URL 2021-03-04 14:30:23,084 [cuckoo.core.startup] DEBUG: |-- CarberpMutexes 2021-03-04 14:30:23,084 [cuckoo.core.startup] DEBUG: |-- Ceatrg 2021-03-04 14:30:23,084 [cuckoo.core.startup] DEBUG: |-- ChanitorMutexes 2021-03-04 14:30:23,084 [cuckoo.core.startup] DEBUG: |-- CheckIP 2021-03-04 14:30:23,084 [cuckoo.core.startup] DEBUG: |-- ChecksDebugger 2021-03-04 14:30:23,084 [cuckoo.core.startup] DEBUG: |-- ChecksKernelDebugger 2021-03-04 14:30:23,084 [cuckoo.core.startup] DEBUG: |-- ClearPermissionEventLogs 2021-03-04 14:30:23,084 [cuckoo.core.startup] DEBUG: |-- ClearsEventLogs 2021-03-04 14:30:23,084 [cuckoo.core.startup] DEBUG: |-- ClickfraudCookies 2021-03-04 14:30:23,084 [cuckoo.core.startup] DEBUG: |-- cloud_mediafire 2021-03-04 14:30:23,084 [cuckoo.core.startup] DEBUG: |-- cloud_wetransfer 2021-03-04 14:30:23,084 [cuckoo.core.startup] DEBUG: |-- CloudFlare 2021-03-04 14:30:23,084 [cuckoo.core.startup] DEBUG: |-- CloudGoogle 2021-03-04 14:30:23,085 [cuckoo.core.startup] DEBUG: |-- CoinminerMutexes 2021-03-04 14:30:23,085 [cuckoo.core.startup] DEBUG: |-- ComRAT 2021-03-04 14:30:23,085 [cuckoo.core.startup] DEBUG: |-- ConsoleOutput 2021-03-04 14:30:23,085 [cuckoo.core.startup] DEBUG: |-- Crash 2021-03-04 14:30:23,085 [cuckoo.core.startup] DEBUG: |-- CreatesAutorunInf 2021-03-04 14:30:23,085 [cuckoo.core.startup] DEBUG: |-- CreatesDocument 2021-03-04 14:30:23,085 [cuckoo.core.startup] DEBUG: |-- CreatesExe 2021-03-04 14:30:23,085 [cuckoo.core.startup] DEBUG: |-- CreatesHiddenFile 2021-03-04 14:30:23,085 [cuckoo.core.startup] DEBUG: |-- CreatesLargeKey 2021-03-04 14:30:23,085 [cuckoo.core.startup] DEBUG: |-- CreatesNullRegistryEntry 2021-03-04 14:30:23,085 [cuckoo.core.startup] DEBUG: |-- CreatesService 2021-03-04 14:30:23,085 [cuckoo.core.startup] DEBUG: |-- CreatesShortcut 2021-03-04 14:30:23,085 [cuckoo.core.startup] DEBUG: |-- CreatesSuspiciousProcess 2021-03-04 14:30:23,085 [cuckoo.core.startup] DEBUG: |-- CreatesUserFolderEXE 2021-03-04 14:30:23,085 [cuckoo.core.startup] DEBUG: |-- CredentialDumpingLsass 2021-03-04 14:30:23,085 [cuckoo.core.startup] DEBUG: |-- CredentialDumpingLsassAccess 2021-03-04 14:30:23,085 [cuckoo.core.startup] DEBUG: |-- Cridex 2021-03-04 14:30:23,086 [cuckoo.core.startup] DEBUG: |-- CryptGenKey 2021-03-04 14:30:23,086 [cuckoo.core.startup] DEBUG: |-- Cryptolocker 2021-03-04 14:30:23,086 [cuckoo.core.startup] DEBUG: |-- CryptoMiningStratumCommand 2021-03-04 14:30:23,086 [cuckoo.core.startup] DEBUG: |-- CuckooDetectFiles 2021-03-04 14:30:23,086 [cuckoo.core.startup] DEBUG: |-- Cybergate 2021-03-04 14:30:23,086 [cuckoo.core.startup] DEBUG: |-- Dapato 2021-03-04 14:30:23,086 [cuckoo.core.startup] DEBUG: |-- Darkcloud 2021-03-04 14:30:23,086 [cuckoo.core.startup] DEBUG: |-- DarkddosMutexes 2021-03-04 14:30:23,086 [cuckoo.core.startup] DEBUG: |-- Darkshell 2021-03-04 14:30:23,086 [cuckoo.core.startup] DEBUG: |-- Ddos556 2021-03-04 14:30:23,086 [cuckoo.core.startup] DEBUG: |-- Decay 2021-03-04 14:30:23,086 [cuckoo.core.startup] DEBUG: |-- DecebalMutexes 2021-03-04 14:30:23,086 [cuckoo.core.startup] DEBUG: |-- DeepFreezeMutex 2021-03-04 14:30:23,086 [cuckoo.core.startup] DEBUG: |-- DeletesExecutedFiles 2021-03-04 14:30:23,086 [cuckoo.core.startup] DEBUG: |-- DelfTrojan 2021-03-04 14:30:23,086 [cuckoo.core.startup] DEBUG: |-- DEPHeapBypass 2021-03-04 14:30:23,086 [cuckoo.core.startup] DEBUG: |-- DEPStackBypass 2021-03-04 14:30:23,086 [cuckoo.core.startup] DEBUG: |-- DerusbiMutexes 2021-03-04 14:30:23,086 [cuckoo.core.startup] DEBUG: |-- Dexter 2021-03-04 14:30:23,087 [cuckoo.core.startup] DEBUG: |-- Dibik 2021-03-04 14:30:23,087 [cuckoo.core.startup] DEBUG: |-- DirtJumper 2021-03-04 14:30:23,087 [cuckoo.core.startup] DEBUG: |-- DisableCmd 2021-03-04 14:30:23,087 [cuckoo.core.startup] DEBUG: |-- DisableRegedit 2021-03-04 14:30:23,087 [cuckoo.core.startup] DEBUG: |-- DisablesAppLaunch 2021-03-04 14:30:23,087 [cuckoo.core.startup] DEBUG: |-- DisablesBrowserWarn 2021-03-04 14:30:23,087 [cuckoo.core.startup] DEBUG: |-- DisablesIEHTTP2 2021-03-04 14:30:23,087 [cuckoo.core.startup] DEBUG: |-- DisablesProxy 2021-03-04 14:30:23,087 [cuckoo.core.startup] DEBUG: |-- DisablesSecurity 2021-03-04 14:30:23,087 [cuckoo.core.startup] DEBUG: |-- DisablesSPDYChrome 2021-03-04 14:30:23,087 [cuckoo.core.startup] DEBUG: |-- DisablesSPDYFirefox 2021-03-04 14:30:23,087 [cuckoo.core.startup] DEBUG: |-- DisablesSPDYIE 2021-03-04 14:30:23,087 [cuckoo.core.startup] DEBUG: |-- DisablesSystemRestore 2021-03-04 14:30:23,087 [cuckoo.core.startup] DEBUG: |-- DisablesWER 2021-03-04 14:30:23,087 [cuckoo.core.startup] DEBUG: |-- DisablesWindowsUpdate 2021-03-04 14:30:23,087 [cuckoo.core.startup] DEBUG: |-- DisableTaskMgr 2021-03-04 14:30:23,087 [cuckoo.core.startup] DEBUG: |-- DiskInformation 2021-03-04 14:30:23,087 [cuckoo.core.startup] DEBUG: |-- Dns_Freehosting_Domain 2021-03-04 14:30:23,087 [cuckoo.core.startup] DEBUG: |-- dnsserver_dynamic 2021-03-04 14:30:23,088 [cuckoo.core.startup] DEBUG: |-- DocumentClose 2021-03-04 14:30:23,088 [cuckoo.core.startup] DEBUG: |-- DocumentOpen 2021-03-04 14:30:23,088 [cuckoo.core.startup] DEBUG: |-- DoFoil 2021-03-04 14:30:23,088 [cuckoo.core.startup] DEBUG: |-- DownloaderCabby 2021-03-04 14:30:23,088 [cuckoo.core.startup] DEBUG: |-- Dridex_APIs 2021-03-04 14:30:23,088 [cuckoo.core.startup] DEBUG: |-- Drive 2021-03-04 14:30:23,088 [cuckoo.core.startup] DEBUG: |-- Drive2 2021-03-04 14:30:23,088 [cuckoo.core.startup] DEBUG: |-- DriverLoad 2021-03-04 14:30:23,088 [cuckoo.core.startup] DEBUG: |-- DropBox 2021-03-04 14:30:23,088 [cuckoo.core.startup] DEBUG: |-- Dropper 2021-03-04 14:30:23,088 [cuckoo.core.startup] DEBUG: |-- Dyreza 2021-03-04 14:30:23,088 [cuckoo.core.startup] DEBUG: |-- EclipseMutexes 2021-03-04 14:30:23,088 [cuckoo.core.startup] DEBUG: |-- Emotet 2021-03-04 14:30:23,088 [cuckoo.core.startup] DEBUG: |-- Emotet_APIs 2021-03-04 14:30:23,088 [cuckoo.core.startup] DEBUG: |-- Evilbot 2021-03-04 14:30:23,088 [cuckoo.core.startup] DEBUG: |-- ExcelDataLinks 2021-03-04 14:30:23,088 [cuckoo.core.startup] DEBUG: |-- ExeAppData 2021-03-04 14:30:23,089 [cuckoo.core.startup] DEBUG: |-- ExecBitsAdmin 2021-03-04 14:30:23,089 [cuckoo.core.startup] DEBUG: |-- ExecWaitFor 2021-03-04 14:30:23,089 [cuckoo.core.startup] DEBUG: |-- exp_3322_dom 2021-03-04 14:30:23,089 [cuckoo.core.startup] DEBUG: |-- Expiro 2021-03-04 14:30:23,089 [cuckoo.core.startup] DEBUG: |-- ExploitHeapspray 2021-03-04 14:30:23,089 [cuckoo.core.startup] DEBUG: |-- ExploitKitMutexes 2021-03-04 14:30:23,089 [cuckoo.core.startup] DEBUG: |-- FakeAVMutexes 2021-03-04 14:30:23,089 [cuckoo.core.startup] DEBUG: |-- FakeAVMutexes 2021-03-04 14:30:23,089 [cuckoo.core.startup] DEBUG: |-- FakeRean 2021-03-04 14:30:23,089 [cuckoo.core.startup] DEBUG: |-- FarFli 2021-03-04 14:30:23,089 [cuckoo.core.startup] DEBUG: |-- FesberMutexes 2021-03-04 14:30:23,089 [cuckoo.core.startup] DEBUG: |-- Fingerprint 2021-03-04 14:30:23,089 [cuckoo.core.startup] DEBUG: |-- Flame 2021-03-04 14:30:23,089 [cuckoo.core.startup] DEBUG: |-- Flystudio 2021-03-04 14:30:23,090 [cuckoo.core.startup] DEBUG: |-- FortinetDetectFiles 2021-03-04 14:30:23,090 [cuckoo.core.startup] DEBUG: |-- FTPStealer 2021-03-04 14:30:23,090 [cuckoo.core.startup] DEBUG: |-- Fynloski 2021-03-04 14:30:23,090 [cuckoo.core.startup] DEBUG: |-- Gaelicum 2021-03-04 14:30:23,090 [cuckoo.core.startup] DEBUG: |-- Ghostbot 2021-03-04 14:30:23,090 [cuckoo.core.startup] DEBUG: |-- HasAuthenticode 2021-03-04 14:30:23,090 [cuckoo.core.startup] DEBUG: |-- HasOfficeEps 2021-03-04 14:30:23,090 [cuckoo.core.startup] DEBUG: |-- HasPdb 2021-03-04 14:30:23,090 [cuckoo.core.startup] DEBUG: |-- HasWMI 2021-03-04 14:30:23,090 [cuckoo.core.startup] DEBUG: |-- Hesperbot 2021-03-04 14:30:23,090 [cuckoo.core.startup] DEBUG: |-- Hidden_Window 2021-03-04 14:30:23,090 [cuckoo.core.startup] DEBUG: |-- Hikit 2021-03-04 14:30:23,090 [cuckoo.core.startup] DEBUG: |-- HookMouse 2021-03-04 14:30:23,090 [cuckoo.core.startup] DEBUG: |-- Hupigon 2021-03-04 14:30:23,090 [cuckoo.core.startup] DEBUG: |-- HyperVDetectKeys 2021-03-04 14:30:23,090 [cuckoo.core.startup] DEBUG: |-- IcePoint 2021-03-04 14:30:23,090 [cuckoo.core.startup] DEBUG: |-- im_btb 2021-03-04 14:30:23,090 [cuckoo.core.startup] DEBUG: |-- im_qq 2021-03-04 14:30:23,090 [cuckoo.core.startup] DEBUG: |-- IMStealer 2021-03-04 14:30:23,091 [cuckoo.core.startup] DEBUG: |-- InceptionAPT 2021-03-04 14:30:23,091 [cuckoo.core.startup] DEBUG: |-- Infinity 2021-03-04 14:30:23,091 [cuckoo.core.startup] DEBUG: |-- InfoStealerClipboard 2021-03-04 14:30:23,091 [cuckoo.core.startup] DEBUG: |-- InjectionCreateRemoteThread 2021-03-04 14:30:23,091 [cuckoo.core.startup] DEBUG: |-- InjectionExplorer 2021-03-04 14:30:23,091 [cuckoo.core.startup] DEBUG: |-- InjectionModifiesMemory 2021-03-04 14:30:23,091 [cuckoo.core.startup] DEBUG: |-- InjectionNetworkTraffic 2021-03-04 14:30:23,091 [cuckoo.core.startup] DEBUG: |-- InjectionProcessSearch 2021-03-04 14:30:23,091 [cuckoo.core.startup] DEBUG: |-- InjectionQueueApcThread 2021-03-04 14:30:23,091 [cuckoo.core.startup] DEBUG: |-- InjectionRunPE 2021-03-04 14:30:23,091 [cuckoo.core.startup] DEBUG: |-- InjectionWriteMemory 2021-03-04 14:30:23,091 [cuckoo.core.startup] DEBUG: |-- InjectionWriteMemoryEXE 2021-03-04 14:30:23,091 [cuckoo.core.startup] DEBUG: |-- InstalledApps 2021-03-04 14:30:23,091 [cuckoo.core.startup] DEBUG: |-- InstallsAppInit 2021-03-04 14:30:23,091 [cuckoo.core.startup] DEBUG: |-- InstallsBHO 2021-03-04 14:30:23,091 [cuckoo.core.startup] DEBUG: |-- InstallsWinpcap 2021-03-04 14:30:23,091 [cuckoo.core.startup] DEBUG: |-- IPKillerMutexes 2021-03-04 14:30:23,091 [cuckoo.core.startup] DEBUG: |-- Ircbrute 2021-03-04 14:30:23,092 [cuckoo.core.startup] DEBUG: |-- ISRstealerURL 2021-03-04 14:30:23,092 [cuckoo.core.startup] DEBUG: |-- iStealerURL 2021-03-04 14:30:23,092 [cuckoo.core.startup] DEBUG: |-- JackPOSFile 2021-03-04 14:30:23,092 [cuckoo.core.startup] DEBUG: |-- JackposURL 2021-03-04 14:30:23,092 [cuckoo.core.startup] DEBUG: |-- JavaScriptCommandline 2021-03-04 14:30:23,092 [cuckoo.core.startup] DEBUG: |-- JeefoMutexes 2021-03-04 14:30:23,092 [cuckoo.core.startup] DEBUG: |-- Jewdo 2021-03-04 14:30:23,092 [cuckoo.core.startup] DEBUG: |-- JintorMutexes 2021-03-04 14:30:23,092 [cuckoo.core.startup] DEBUG: |-- JorikTrojan 2021-03-04 14:30:23,092 [cuckoo.core.startup] DEBUG: |-- Karagany 2021-03-04 14:30:23,092 [cuckoo.core.startup] DEBUG: |-- Karakum 2021-03-04 14:30:23,092 [cuckoo.core.startup] DEBUG: |-- Katusha 2021-03-04 14:30:23,092 [cuckoo.core.startup] DEBUG: |-- KelihosBot 2021-03-04 14:30:23,092 [cuckoo.core.startup] DEBUG: |-- Keylogger 2021-03-04 14:30:23,092 [cuckoo.core.startup] DEBUG: |-- Kilim 2021-03-04 14:30:23,092 [cuckoo.core.startup] DEBUG: |-- Killdisk 2021-03-04 14:30:23,092 [cuckoo.core.startup] DEBUG: |-- KnownVirustotal 2021-03-04 14:30:23,092 [cuckoo.core.startup] DEBUG: |-- Koobface 2021-03-04 14:30:23,092 [cuckoo.core.startup] DEBUG: |-- Koutodoor 2021-03-04 14:30:23,093 [cuckoo.core.startup] DEBUG: |-- KovterBot 2021-03-04 14:30:23,093 [cuckoo.core.startup] DEBUG: |-- KrepperMutexes 2021-03-04 14:30:23,093 [cuckoo.core.startup] DEBUG: |-- KuluozMutexes 2021-03-04 14:30:23,093 [cuckoo.core.startup] DEBUG: |-- Likseput 2021-03-04 14:30:23,093 [cuckoo.core.startup] DEBUG: |-- LocatesBrowser 2021-03-04 14:30:23,093 [cuckoo.core.startup] DEBUG: |-- LocatesSniffer 2021-03-04 14:30:23,093 [cuckoo.core.startup] DEBUG: |-- Lockscreen 2021-03-04 14:30:23,093 [cuckoo.core.startup] DEBUG: |-- LolBot 2021-03-04 14:30:23,093 [cuckoo.core.startup] DEBUG: |-- Luder 2021-03-04 14:30:23,093 [cuckoo.core.startup] DEBUG: |-- Madness 2021-03-04 14:30:23,093 [cuckoo.core.startup] DEBUG: |-- Madness 2021-03-04 14:30:23,093 [cuckoo.core.startup] DEBUG: |-- MadnessURL 2021-03-04 14:30:23,093 [cuckoo.core.startup] DEBUG: |-- MaganiaMutexes 2021-03-04 14:30:23,093 [cuckoo.core.startup] DEBUG: |-- MailStealer 2021-03-04 14:30:23,093 [cuckoo.core.startup] DEBUG: |-- MaliciousDocumentURLs 2021-03-04 14:30:23,093 [cuckoo.core.startup] DEBUG: |-- MartianCommandProcess 2021-03-04 14:30:23,093 [cuckoo.core.startup] DEBUG: |-- MegaUpload 2021-03-04 14:30:23,093 [cuckoo.core.startup] DEBUG: |-- MemoryAvailable 2021-03-04 14:30:23,093 [cuckoo.core.startup] DEBUG: |-- MemoryProtectionRX 2021-03-04 14:30:23,094 [cuckoo.core.startup] DEBUG: |-- MetasploitShellcode 2021-03-04 14:30:23,094 [cuckoo.core.startup] DEBUG: |-- Minerbot 2021-03-04 14:30:23,094 [cuckoo.core.startup] DEBUG: |-- miningpool 2021-03-04 14:30:23,094 [cuckoo.core.startup] DEBUG: |-- MircFile 2021-03-04 14:30:23,094 [cuckoo.core.startup] DEBUG: |-- ModifiesBootConfig 2021-03-04 14:30:23,094 [cuckoo.core.startup] DEBUG: |-- ModifiesCertificates 2021-03-04 14:30:23,094 [cuckoo.core.startup] DEBUG: |-- ModifiesDesktopWallpaper 2021-03-04 14:30:23,094 [cuckoo.core.startup] DEBUG: |-- ModifiesFirefoxConfiguration 2021-03-04 14:30:23,094 [cuckoo.core.startup] DEBUG: |-- ModifiesProxyAutoConfig 2021-03-04 14:30:23,094 [cuckoo.core.startup] DEBUG: |-- ModifiesProxyOverride 2021-03-04 14:30:23,094 [cuckoo.core.startup] DEBUG: |-- ModifiesProxyWPAD 2021-03-04 14:30:23,094 [cuckoo.core.startup] DEBUG: |-- ModifiesUACNotify 2021-03-04 14:30:23,094 [cuckoo.core.startup] DEBUG: |-- ModifySecurityCenterWarnings 2021-03-04 14:30:23,094 [cuckoo.core.startup] DEBUG: |-- MovesSelf 2021-03-04 14:30:23,094 [cuckoo.core.startup] DEBUG: |-- Multiple_UA 2021-03-04 14:30:23,094 [cuckoo.core.startup] DEBUG: |-- MyBot 2021-03-04 14:30:23,094 [cuckoo.core.startup] DEBUG: |-- Nakbot 2021-03-04 14:30:23,094 [cuckoo.core.startup] DEBUG: |-- Napolar 2021-03-04 14:30:23,094 [cuckoo.core.startup] DEBUG: |-- Nebuler 2021-03-04 14:30:23,095 [cuckoo.core.startup] DEBUG: |-- Netobserve 2021-03-04 14:30:23,095 [cuckoo.core.startup] DEBUG: |-- Netshadow 2021-03-04 14:30:23,095 [cuckoo.core.startup] DEBUG: |-- Netwire 2021-03-04 14:30:23,095 [cuckoo.core.startup] DEBUG: |-- NetworkAdapters 2021-03-04 14:30:23,095 [cuckoo.core.startup] DEBUG: |-- NetworkDocumentFile 2021-03-04 14:30:23,095 [cuckoo.core.startup] DEBUG: |-- NetworkEXE 2021-03-04 14:30:23,095 [cuckoo.core.startup] DEBUG: |-- Nitol 2021-03-04 14:30:23,095 [cuckoo.core.startup] DEBUG: |-- NjRat 2021-03-04 14:30:23,095 [cuckoo.core.startup] DEBUG: |-- NtSetContextThreadRemote 2021-03-04 14:30:23,095 [cuckoo.core.startup] DEBUG: |-- Nymaim_APIs 2021-03-04 14:30:23,095 [cuckoo.core.startup] DEBUG: |-- ObfusMutexes 2021-03-04 14:30:23,095 [cuckoo.core.startup] DEBUG: |-- OfficeCheckName 2021-03-04 14:30:23,095 [cuckoo.core.startup] DEBUG: |-- OfficeCheckProjectName 2021-03-04 14:30:23,095 [cuckoo.core.startup] DEBUG: |-- OfficeCheckVersion 2021-03-04 14:30:23,095 [cuckoo.core.startup] DEBUG: |-- OfficeCheckWindow 2021-03-04 14:30:23,095 [cuckoo.core.startup] DEBUG: |-- OfficeCountDirectories 2021-03-04 14:30:23,095 [cuckoo.core.startup] DEBUG: |-- OfficeCreateObject 2021-03-04 14:30:23,096 [cuckoo.core.startup] DEBUG: |-- OfficeDDE 2021-03-04 14:30:23,096 [cuckoo.core.startup] DEBUG: |-- OfficeEpsStrings 2021-03-04 14:30:23,096 [cuckoo.core.startup] DEBUG: |-- OfficeHttpRequest 2021-03-04 14:30:23,096 [cuckoo.core.startup] DEBUG: |-- OfficeIndirectCall 2021-03-04 14:30:23,096 [cuckoo.core.startup] DEBUG: |-- OfficePackager 2021-03-04 14:30:23,096 [cuckoo.core.startup] DEBUG: |-- OfficePlatformDetect 2021-03-04 14:30:23,096 [cuckoo.core.startup] DEBUG: |-- OfficeRecentFiles 2021-03-04 14:30:23,096 [cuckoo.core.startup] DEBUG: |-- OfficeVulnerableGuid 2021-03-04 14:30:23,096 [cuckoo.core.startup] DEBUG: |-- OfficeVulnModules 2021-03-04 14:30:23,096 [cuckoo.core.startup] DEBUG: |-- Oldrea 2021-03-04 14:30:23,096 [cuckoo.core.startup] DEBUG: |-- PackerEntropy 2021-03-04 14:30:23,096 [cuckoo.core.startup] DEBUG: |-- Palevo 2021-03-04 14:30:23,096 [cuckoo.core.startup] DEBUG: |-- ParallelsDetectKeys 2021-03-04 14:30:23,096 [cuckoo.core.startup] DEBUG: |-- ParallelsDetectWindow 2021-03-04 14:30:23,096 [cuckoo.core.startup] DEBUG: |-- Pasta 2021-03-04 14:30:23,096 [cuckoo.core.startup] DEBUG: |-- PcClientMutexes 2021-03-04 14:30:23,096 [cuckoo.core.startup] DEBUG: |-- PEFeatures 2021-03-04 14:30:23,096 [cuckoo.core.startup] DEBUG: |-- PEIDPacker 2021-03-04 14:30:23,097 [cuckoo.core.startup] DEBUG: |-- PerfLogger 2021-03-04 14:30:23,097 [cuckoo.core.startup] DEBUG: |-- PersistenceBootexecute 2021-03-04 14:30:23,097 [cuckoo.core.startup] DEBUG: |-- PersistenceRegistryEXE 2021-03-04 14:30:23,097 [cuckoo.core.startup] DEBUG: |-- PersistenceRegistryJavaScript 2021-03-04 14:30:23,097 [cuckoo.core.startup] DEBUG: |-- PersistenceRegistryPowershell 2021-03-04 14:30:23,097 [cuckoo.core.startup] DEBUG: |-- PEUnknownResourceName 2021-03-04 14:30:23,097 [cuckoo.core.startup] DEBUG: |-- Phorpiex 2021-03-04 14:30:23,097 [cuckoo.core.startup] DEBUG: |-- Pidief 2021-03-04 14:30:23,097 [cuckoo.core.startup] DEBUG: |-- Plugx 2021-03-04 14:30:23,097 [cuckoo.core.startup] DEBUG: |-- Poebot 2021-03-04 14:30:23,097 [cuckoo.core.startup] DEBUG: |-- PoisonIvy 2021-03-04 14:30:23,097 [cuckoo.core.startup] DEBUG: |-- Polymorphic 2021-03-04 14:30:23,097 [cuckoo.core.startup] DEBUG: |-- Ponfoy 2021-03-04 14:30:23,097 [cuckoo.core.startup] DEBUG: |-- PonyURL 2021-03-04 14:30:23,097 [cuckoo.core.startup] DEBUG: |-- PosCardStealerURL 2021-03-04 14:30:23,097 [cuckoo.core.startup] DEBUG: |-- Powerfun 2021-03-04 14:30:23,097 [cuckoo.core.startup] DEBUG: |-- PowershellBitsTransfer 2021-03-04 14:30:23,097 [cuckoo.core.startup] DEBUG: |-- PowershellCcDns 2021-03-04 14:30:23,098 [cuckoo.core.startup] DEBUG: |-- PowershellDdiRc4 2021-03-04 14:30:23,098 [cuckoo.core.startup] DEBUG: |-- PowershellDFSP 2021-03-04 14:30:23,098 [cuckoo.core.startup] DEBUG: |-- PowershellDI 2021-03-04 14:30:23,098 [cuckoo.core.startup] DEBUG: |-- PowershellDownload 2021-03-04 14:30:23,098 [cuckoo.core.startup] DEBUG: |-- PowershellEmpire 2021-03-04 14:30:23,098 [cuckoo.core.startup] DEBUG: |-- PowershellMeterpreter 2021-03-04 14:30:23,098 [cuckoo.core.startup] DEBUG: |-- PowershellRegAdd 2021-03-04 14:30:23,098 [cuckoo.core.startup] DEBUG: |-- PowershellRequest 2021-03-04 14:30:23,098 [cuckoo.core.startup] DEBUG: |-- PowershellUnicorn 2021-03-04 14:30:23,098 [cuckoo.core.startup] DEBUG: |-- Powerworm 2021-03-04 14:30:23,098 [cuckoo.core.startup] DEBUG: |-- Prinimalka 2021-03-04 14:30:23,098 [cuckoo.core.startup] DEBUG: |-- PrivilegeLUIDCheck 2021-03-04 14:30:23,098 [cuckoo.core.startup] DEBUG: |-- ProcessInterest 2021-03-04 14:30:23,098 [cuckoo.core.startup] DEBUG: |-- ProcessMartian 2021-03-04 14:30:23,098 [cuckoo.core.startup] DEBUG: |-- ProcessNeeded 2021-03-04 14:30:23,099 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpIPURLs 2021-03-04 14:30:23,099 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpTorURLs 2021-03-04 14:30:23,099 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpURLs 2021-03-04 14:30:23,099 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpYara 2021-03-04 14:30:23,099 [cuckoo.core.startup] DEBUG: |-- Psyokym 2021-03-04 14:30:23,099 [cuckoo.core.startup] DEBUG: |-- PuceMutexes 2021-03-04 14:30:23,099 [cuckoo.core.startup] DEBUG: |-- PutterpandaMutexes 2021-03-04 14:30:23,099 [cuckoo.core.startup] DEBUG: |-- Putty 2021-03-04 14:30:23,099 [cuckoo.core.startup] DEBUG: |-- PWDumpFile 2021-03-04 14:30:23,099 [cuckoo.core.startup] DEBUG: |-- Pykse 2021-03-04 14:30:23,099 [cuckoo.core.startup] DEBUG: |-- Qakbot 2021-03-04 14:30:23,099 [cuckoo.core.startup] DEBUG: |-- QueriesInstalledApps 2021-03-04 14:30:23,099 [cuckoo.core.startup] DEBUG: |-- Ragebot 2021-03-04 14:30:23,099 [cuckoo.core.startup] DEBUG: |-- RaisesException 2021-03-04 14:30:23,099 [cuckoo.core.startup] DEBUG: |-- Ramnit 2021-03-04 14:30:23,100 [cuckoo.core.startup] DEBUG: |-- RamsomwareFileMoves 2021-03-04 14:30:23,100 [cuckoo.core.startup] DEBUG: |-- ransomware_viruscoder 2021-03-04 14:30:23,100 [cuckoo.core.startup] DEBUG: |-- RansomwareAppendsExtension 2021-03-04 14:30:23,100 [cuckoo.core.startup] DEBUG: |-- RansomwareBcdedit 2021-03-04 14:30:23,100 [cuckoo.core.startup] DEBUG: |-- RansomwareDroppedFiles 2021-03-04 14:30:23,100 [cuckoo.core.startup] DEBUG: |-- RansomwareExtensions 2021-03-04 14:30:23,100 [cuckoo.core.startup] DEBUG: |-- RansomwareFiles 2021-03-04 14:30:23,100 [cuckoo.core.startup] DEBUG: |-- RansomwareMassFileDelete 2021-03-04 14:30:23,100 [cuckoo.core.startup] DEBUG: |-- RansomwareMessage 2021-03-04 14:30:23,100 [cuckoo.core.startup] DEBUG: |-- RansomwareMessageOCR 2021-03-04 14:30:23,100 [cuckoo.core.startup] DEBUG: |-- RansomwareRecyclebin 2021-03-04 14:30:23,100 [cuckoo.core.startup] DEBUG: |-- RansomwareShadowcopy 2021-03-04 14:30:23,100 [cuckoo.core.startup] DEBUG: |-- RansomwareWbadmin 2021-03-04 14:30:23,100 [cuckoo.core.startup] DEBUG: |-- RapidShare 2021-03-04 14:30:23,100 [cuckoo.core.startup] DEBUG: |-- rat_fexel_ip 2021-03-04 14:30:23,100 [cuckoo.core.startup] DEBUG: |-- rat_naid_ip 2021-03-04 14:30:23,100 [cuckoo.core.startup] DEBUG: |-- RatSiggen 2021-03-04 14:30:23,101 [cuckoo.core.startup] DEBUG: |-- RBot 2021-03-04 14:30:23,101 [cuckoo.core.startup] DEBUG: |-- RdpMutexes 2021-03-04 14:30:23,101 [cuckoo.core.startup] DEBUG: |-- ReadsUserAgent 2021-03-04 14:30:23,101 [cuckoo.core.startup] DEBUG: |-- Recon_Beacon 2021-03-04 14:30:23,101 [cuckoo.core.startup] DEBUG: |-- RemovesZoneIdADS 2021-03-04 14:30:23,101 [cuckoo.core.startup] DEBUG: |-- Renocide 2021-03-04 14:30:23,101 [cuckoo.core.startup] DEBUG: |-- RenosTrojan 2021-03-04 14:30:23,101 [cuckoo.core.startup] DEBUG: |-- ResumeThread 2021-03-04 14:30:23,101 [cuckoo.core.startup] DEBUG: |-- Rovnix 2021-03-04 14:30:23,101 [cuckoo.core.startup] DEBUG: |-- RTFCharacterSet 2021-03-04 14:30:23,101 [cuckoo.core.startup] DEBUG: |-- RTFUnknownVersion 2021-03-04 14:30:23,101 [cuckoo.core.startup] DEBUG: |-- Runbu 2021-03-04 14:30:23,101 [cuckoo.core.startup] DEBUG: |-- RunouceMutexes 2021-03-04 14:30:23,101 [cuckoo.core.startup] DEBUG: |-- Ruskill 2021-03-04 14:30:23,101 [cuckoo.core.startup] DEBUG: |-- Sadbot 2021-03-04 14:30:23,101 [cuckoo.core.startup] DEBUG: |-- SandboxieDetect 2021-03-04 14:30:23,101 [cuckoo.core.startup] DEBUG: |-- SandboxJoeAnubisDetectFiles 2021-03-04 14:30:23,102 [cuckoo.core.startup] DEBUG: |-- SDBot 2021-03-04 14:30:23,102 [cuckoo.core.startup] DEBUG: |-- SelfDeleteBat 2021-03-04 14:30:23,102 [cuckoo.core.startup] DEBUG: |-- Senna 2021-03-04 14:30:23,102 [cuckoo.core.startup] DEBUG: |-- Shadowbot 2021-03-04 14:30:23,102 [cuckoo.core.startup] DEBUG: |-- SharingRGhost 2021-03-04 14:30:23,102 [cuckoo.core.startup] DEBUG: |-- SharpStealerURL 2021-03-04 14:30:23,102 [cuckoo.core.startup] DEBUG: |-- ShellcodeWriteProcessMemory 2021-03-04 14:30:23,102 [cuckoo.core.startup] DEBUG: |-- Shiz 2021-03-04 14:30:23,102 [cuckoo.core.startup] DEBUG: |-- Shylock 2021-03-04 14:30:23,102 [cuckoo.core.startup] DEBUG: |-- SipStun 2021-03-04 14:30:23,102 [cuckoo.core.startup] DEBUG: |-- Smtp_GMail 2021-03-04 14:30:23,102 [cuckoo.core.startup] DEBUG: |-- Smtp_Live 2021-03-04 14:30:23,102 [cuckoo.core.startup] DEBUG: |-- Smtp_Mail_Ru 2021-03-04 14:30:23,102 [cuckoo.core.startup] DEBUG: |-- Smtp_Yahoo 2021-03-04 14:30:23,102 [cuckoo.core.startup] DEBUG: |-- SolarURL 2021-03-04 14:30:23,102 [cuckoo.core.startup] DEBUG: |-- SpyEyeMutexes 2021-03-04 14:30:23,102 [cuckoo.core.startup] DEBUG: |-- SpyeyeURL 2021-03-04 14:30:23,102 [cuckoo.core.startup] DEBUG: |-- SpynetRat 2021-03-04 14:30:23,103 [cuckoo.core.startup] DEBUG: |-- Spyrecorder 2021-03-04 14:30:23,103 [cuckoo.core.startup] DEBUG: |-- StackPivot 2021-03-04 14:30:23,103 [cuckoo.core.startup] DEBUG: |-- StackPivotShellcodeAPIs 2021-03-04 14:30:23,103 [cuckoo.core.startup] DEBUG: |-- StackPivotShellcodeCreateProcess 2021-03-04 14:30:23,103 [cuckoo.core.startup] DEBUG: |-- Staser 2021-03-04 14:30:23,103 [cuckoo.core.startup] DEBUG: |-- StealthChildProc 2021-03-04 14:30:23,103 [cuckoo.core.startup] DEBUG: |-- StealthHiddenExtension 2021-03-04 14:30:23,103 [cuckoo.core.startup] DEBUG: |-- StealthHiddenFile 2021-03-04 14:30:23,103 [cuckoo.core.startup] DEBUG: |-- StealthHiddenIcons 2021-03-04 14:30:23,103 [cuckoo.core.startup] DEBUG: |-- StealthHideNotifications 2021-03-04 14:30:23,103 [cuckoo.core.startup] DEBUG: |-- StealthSystemProcName 2021-03-04 14:30:23,103 [cuckoo.core.startup] DEBUG: |-- StopsService 2021-03-04 14:30:23,103 [cuckoo.core.startup] DEBUG: |-- SunbeltDetectFiles 2021-03-04 14:30:23,103 [cuckoo.core.startup] DEBUG: |-- SunBeltSandboxDetect 2021-03-04 14:30:23,103 [cuckoo.core.startup] DEBUG: |-- SuspiciousCommandTools 2021-03-04 14:30:23,103 [cuckoo.core.startup] DEBUG: |-- SuspiciousPowershell 2021-03-04 14:30:23,103 [cuckoo.core.startup] DEBUG: |-- SuspiciousWriteEXE 2021-03-04 14:30:23,103 [cuckoo.core.startup] DEBUG: |-- SweetorangeMutexes 2021-03-04 14:30:23,104 [cuckoo.core.startup] DEBUG: |-- Swrort 2021-03-04 14:30:23,104 [cuckoo.core.startup] DEBUG: |-- SysInternalsToolsUsage 2021-03-04 14:30:23,104 [cuckoo.core.startup] DEBUG: |-- SystemInfo 2021-03-04 14:30:23,104 [cuckoo.core.startup] DEBUG: |-- SystemMetrics 2021-03-04 14:30:23,104 [cuckoo.core.startup] DEBUG: |-- TapiDpMutexes 2021-03-04 14:30:23,104 [cuckoo.core.startup] DEBUG: |-- TDSSBackdoor 2021-03-04 14:30:23,104 [cuckoo.core.startup] DEBUG: |-- TeamviewerRat 2021-03-04 14:30:23,104 [cuckoo.core.startup] DEBUG: |-- TerminatesRemoteProcess 2021-03-04 14:30:23,104 [cuckoo.core.startup] DEBUG: |-- ThreatTrackDetectFiles 2021-03-04 14:30:23,104 [cuckoo.core.startup] DEBUG: |-- TinbaMutexes 2021-03-04 14:30:23,104 [cuckoo.core.startup] DEBUG: |-- TnegaMutexes 2021-03-04 14:30:23,104 [cuckoo.core.startup] DEBUG: |-- Tor 2021-03-04 14:30:23,104 [cuckoo.core.startup] DEBUG: |-- TorHiddenService 2021-03-04 14:30:23,104 [cuckoo.core.startup] DEBUG: |-- Travnet 2021-03-04 14:30:23,104 [cuckoo.core.startup] DEBUG: |-- Trogbot 2021-03-04 14:30:23,104 [cuckoo.core.startup] DEBUG: |-- TrojanJorik 2021-03-04 14:30:23,104 [cuckoo.core.startup] DEBUG: |-- TrojanLethic 2021-03-04 14:30:23,104 [cuckoo.core.startup] DEBUG: |-- TrojanLethic 2021-03-04 14:30:23,105 [cuckoo.core.startup] DEBUG: |-- trojanmrblack 2021-03-04 14:30:23,105 [cuckoo.core.startup] DEBUG: |-- TrojanRedosru 2021-03-04 14:30:23,105 [cuckoo.core.startup] DEBUG: |-- TrojanSysn 2021-03-04 14:30:23,105 [cuckoo.core.startup] DEBUG: |-- trojanyoddos 2021-03-04 14:30:23,105 [cuckoo.core.startup] DEBUG: |-- TufikMutexes 2021-03-04 14:30:23,105 [cuckoo.core.startup] DEBUG: |-- Turkojan 2021-03-04 14:30:23,105 [cuckoo.core.startup] DEBUG: |-- TurlaCarbon 2021-03-04 14:30:23,105 [cuckoo.core.startup] DEBUG: |-- UFRStealer 2021-03-04 14:30:23,105 [cuckoo.core.startup] DEBUG: |-- Unhook 2021-03-04 14:30:23,105 [cuckoo.core.startup] DEBUG: |-- Upatre 2021-03-04 14:30:23,105 [cuckoo.core.startup] DEBUG: |-- UpatreTDMutexes 2021-03-04 14:30:23,105 [cuckoo.core.startup] DEBUG: |-- UPXCompressed 2021-03-04 14:30:23,105 [cuckoo.core.startup] DEBUG: |-- UrkShortCN 2021-03-04 14:30:23,105 [cuckoo.core.startup] DEBUG: |-- URLFile 2021-03-04 14:30:23,105 [cuckoo.core.startup] DEBUG: |-- URLSpy 2021-03-04 14:30:23,105 [cuckoo.core.startup] DEBUG: |-- UroburosFile 2021-03-04 14:30:23,105 [cuckoo.core.startup] DEBUG: |-- UroburosMutexes 2021-03-04 14:30:23,106 [cuckoo.core.startup] DEBUG: |-- Urxbot 2021-03-04 14:30:23,106 [cuckoo.core.startup] DEBUG: |-- UsesWindowsUtilities 2021-03-04 14:30:23,106 [cuckoo.core.startup] DEBUG: |-- Vanbot 2021-03-04 14:30:23,106 [cuckoo.core.startup] DEBUG: |-- VBInject 2021-03-04 14:30:23,106 [cuckoo.core.startup] DEBUG: |-- VBoxDetectACPI 2021-03-04 14:30:23,106 [cuckoo.core.startup] DEBUG: |-- VBoxDetectDevices 2021-03-04 14:30:23,106 [cuckoo.core.startup] DEBUG: |-- VBoxDetectFiles 2021-03-04 14:30:23,106 [cuckoo.core.startup] DEBUG: |-- VBoxDetectKeys 2021-03-04 14:30:23,106 [cuckoo.core.startup] DEBUG: |-- VBoxDetectProvname 2021-03-04 14:30:23,106 [cuckoo.core.startup] DEBUG: |-- VBoxDetectWindow 2021-03-04 14:30:23,106 [cuckoo.core.startup] DEBUG: |-- Vertex 2021-03-04 14:30:23,106 [cuckoo.core.startup] DEBUG: |-- VertexSolarURL 2021-03-04 14:30:23,106 [cuckoo.core.startup] DEBUG: |-- VirtualPCDetect 2021-03-04 14:30:23,106 [cuckoo.core.startup] DEBUG: |-- VirtualPCDetectWindow 2021-03-04 14:30:23,106 [cuckoo.core.startup] DEBUG: |-- VirtualPCIllegalInstruction 2021-03-04 14:30:23,106 [cuckoo.core.startup] DEBUG: |-- Virut 2021-03-04 14:30:23,106 [cuckoo.core.startup] DEBUG: |-- VMFirmware 2021-03-04 14:30:23,107 [cuckoo.core.startup] DEBUG: |-- VMPPacked 2021-03-04 14:30:23,107 [cuckoo.core.startup] DEBUG: |-- VMWareDetectFiles 2021-03-04 14:30:23,107 [cuckoo.core.startup] DEBUG: |-- VMWareDetectKeys 2021-03-04 14:30:23,107 [cuckoo.core.startup] DEBUG: |-- VMwareDetectWindow 2021-03-04 14:30:23,107 [cuckoo.core.startup] DEBUG: |-- VMWareInInstruction 2021-03-04 14:30:23,107 [cuckoo.core.startup] DEBUG: |-- VncMutexes 2021-03-04 14:30:23,107 [cuckoo.core.startup] DEBUG: |-- VNLoaderURL 2021-03-04 14:30:23,107 [cuckoo.core.startup] DEBUG: |-- VolDevicetree1 2021-03-04 14:30:23,107 [cuckoo.core.startup] DEBUG: |-- VolHandles1 2021-03-04 14:30:23,107 [cuckoo.core.startup] DEBUG: |-- VolLdrModules1 2021-03-04 14:30:23,107 [cuckoo.core.startup] DEBUG: |-- VolLdrModules2 2021-03-04 14:30:23,107 [cuckoo.core.startup] DEBUG: |-- VolMalfind1 2021-03-04 14:30:23,107 [cuckoo.core.startup] DEBUG: |-- VolModscan1 2021-03-04 14:30:23,107 [cuckoo.core.startup] DEBUG: |-- VolSvcscan1 2021-03-04 14:30:23,107 [cuckoo.core.startup] DEBUG: |-- VolSvcscan2 2021-03-04 14:30:23,107 [cuckoo.core.startup] DEBUG: |-- VolSvcscan3 2021-03-04 14:30:23,107 [cuckoo.core.startup] DEBUG: |-- VPCDetectKeys 2021-03-04 14:30:23,107 [cuckoo.core.startup] DEBUG: |-- Wakbot 2021-03-04 14:30:23,107 [cuckoo.core.startup] DEBUG: |-- WarbotURL 2021-03-04 14:30:23,108 [cuckoo.core.startup] DEBUG: |-- Whimoo 2021-03-04 14:30:23,108 [cuckoo.core.startup] DEBUG: |-- Win32ProcessCreate 2021-03-04 14:30:23,108 [cuckoo.core.startup] DEBUG: |-- WineDetect 2021-03-04 14:30:23,108 [cuckoo.core.startup] DEBUG: |-- WinSCP 2021-03-04 14:30:23,108 [cuckoo.core.startup] DEBUG: |-- WinSxsBot 2021-03-04 14:30:23,108 [cuckoo.core.startup] DEBUG: |-- WMIAntiVM 2021-03-04 14:30:23,108 [cuckoo.core.startup] DEBUG: |-- WMIPersistance 2021-03-04 14:30:23,108 [cuckoo.core.startup] DEBUG: |-- WMIService 2021-03-04 14:30:23,108 [cuckoo.core.startup] DEBUG: |-- WormAllaple 2021-03-04 14:30:23,108 [cuckoo.core.startup] DEBUG: |-- WormKolabc 2021-03-04 14:30:23,108 [cuckoo.core.startup] DEBUG: |-- XenDetectKeys 2021-03-04 14:30:23,108 [cuckoo.core.startup] DEBUG: |-- XtremeRAT 2021-03-04 14:30:23,108 [cuckoo.core.startup] DEBUG: |-- Xworm 2021-03-04 14:30:23,108 [cuckoo.core.startup] DEBUG: |-- Zegost 2021-03-04 14:30:23,108 [cuckoo.core.startup] DEBUG: |-- ZeusMutexes 2021-03-04 14:30:23,108 [cuckoo.core.startup] DEBUG: |-- ZeusP2P 2021-03-04 14:30:23,108 [cuckoo.core.startup] DEBUG: |-- ZeusURL 2021-03-04 14:30:23,108 [cuckoo.core.startup] DEBUG: -- ZoneID
2021-03-04 14:30:23,108 [cuckoo.core.startup] DEBUG: Imported "reporting" modules:
2021-03-04 14:30:23,109 [cuckoo.core.startup] DEBUG: |-- ElasticSearch
2021-03-04 14:30:23,109 [cuckoo.core.startup] DEBUG: |-- Feedback
2021-03-04 14:30:23,109 [cuckoo.core.startup] DEBUG: |-- JsonDump
2021-03-04 14:30:23,109 [cuckoo.core.startup] DEBUG: |-- Mattermost
2021-03-04 14:30:23,109 [cuckoo.core.startup] DEBUG: |-- MISP
2021-03-04 14:30:23,109 [cuckoo.core.startup] DEBUG: |-- Moloch
2021-03-04 14:30:23,109 [cuckoo.core.startup] DEBUG: |-- MongoDB
2021-03-04 14:30:23,109 [cuckoo.core.startup] DEBUG: |-- Notification
2021-03-04 14:30:23,109 [cuckoo.core.startup] DEBUG: `-- SingleFile
2021-03-04 14:30:23,114 [cuckoo.core.startup] DEBUG: Checking for locked tasks..
2021-03-04 14:30:23,120 [cuckoo.core.startup] DEBUG: Checking for pending service tasks..
2021-03-04 14:30:23,123 [cuckoo.core.startup] DEBUG: Initializing Yara...
2021-03-04 14:30:23,409 [cuckoo.core.startup] DEBUG: |-- binaries 000_common_rules.yar
2021-03-04 14:30:23,409 [cuckoo.core.startup] DEBUG: |-- binaries APT_APT1.yar
2021-03-04 14:30:23,409 [cuckoo.core.startup] DEBUG: |-- binaries APT_APT10.yar
2021-03-04 14:30:23,409 [cuckoo.core.startup] DEBUG: |-- binaries APT_APT15.yar
2021-03-04 14:30:23,409 [cuckoo.core.startup] DEBUG: |-- binaries APT_APT17.yar
2021-03-04 14:30:23,409 [cuckoo.core.startup] DEBUG: |-- binaries APT_APT29_Grizzly_Steppe.yar
2021-03-04 14:30:23,409 [cuckoo.core.startup] DEBUG: |-- binaries APT_APT3102.yar
2021-03-04 14:30:23,409 [cuckoo.core.startup] DEBUG: |-- binaries APT_APT9002.yar
2021-03-04 14:30:23,409 [cuckoo.core.startup] DEBUG: |-- binaries APT_Backspace.yar
2021-03-04 14:30:23,409 [cuckoo.core.startup] DEBUG: |-- binaries APT_Bestia.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_Blackenergy.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_Bluetermite_Emdivi.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_C16.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_Carbanak.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_Careto.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_Casper.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_CheshireCat.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_Cloudduke.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_Cobalt.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_Codoso.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_CrashOverride.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_DPRK_ROKRAT.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_DeepPanda_Anthem.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_DeputyDog.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_Derusbi.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_Dubnium.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_Duqu2.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_EQUATIONGRP.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_Emissary.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_EnergeticBear_backdoored_ssh.yar
2021-03-04 14:30:23,410 [cuckoo.core.startup] DEBUG: |-- binaries APT_Equation.yar
2021-03-04 14:30:23,411 [cuckoo.core.startup] DEBUG: |-- binaries APT_FVEY_ShadowBrokers_Jan17_Screen_Strings.yar
2021-03-04 14:30:23,411 [cuckoo.core.startup] DEBUG: |-- binaries APT_FiveEyes.yar
2021-03-04 14:30:23,411 [cuckoo.core.startup] DEBUG: |-- binaries APT_Grasshopper.yar
2021-03-04 14:30:23,411 [cuckoo.core.startup] DEBUG: |-- binaries APT_Greenbug.yar
2021-03-04 14:30:23,411 [cuckoo.core.startup] DEBUG: |-- binaries APT_Grizzlybear_uscert.yar
2021-03-04 14:30:23,411 [cuckoo.core.startup] DEBUG: |-- binaries APT_HackingTeam.yar
2021-03-04 14:30:23,411 [cuckoo.core.startup] DEBUG: |-- binaries APT_Hellsing.yar
2021-03-04 14:30:23,411 [cuckoo.core.startup] DEBUG: |-- binaries APT_HiddenCobra.yar
2021-03-04 14:30:23,411 [cuckoo.core.startup] DEBUG: |-- binaries APT_Hikit.yar
2021-03-04 14:30:23,411 [cuckoo.core.startup] DEBUG: |-- binaries APT_Industroyer.yar
2021-03-04 14:30:23,411 [cuckoo.core.startup] DEBUG: |-- binaries APT_Irontiger.yar
2021-03-04 14:30:23,411 [cuckoo.core.startup] DEBUG: |-- binaries APT_Kaba.yar
2021-03-04 14:30:23,411 [cuckoo.core.startup] DEBUG: |-- binaries APT_Ke3Chang_TidePool.yar
2021-03-04 14:30:23,411 [cuckoo.core.startup] DEBUG: |-- binaries APT_KeyBoy.yar
2021-03-04 14:30:23,411 [cuckoo.core.startup] DEBUG: |-- binaries APT_LotusBlossom.yar
2021-03-04 14:30:23,412 [cuckoo.core.startup] DEBUG: |-- binaries APT_Minidionis.yar
2021-03-04 14:30:23,412 [cuckoo.core.startup] DEBUG: |-- binaries APT_Mirage.yar
2021-03-04 14:30:23,412 [cuckoo.core.startup] DEBUG: |-- binaries APT_Molerats.yar
2021-03-04 14:30:23,412 [cuckoo.core.startup] DEBUG: |-- binaries APT_Mongall.yar
2021-03-04 14:30:23,412 [cuckoo.core.startup] DEBUG: |-- binaries APT_MoonlightMaze.yar
2021-03-04 14:30:23,412 [cuckoo.core.startup] DEBUG: |-- binaries APT_NGO.yar
2021-03-04 14:30:23,412 [cuckoo.core.startup] DEBUG: |-- binaries APT_OPCleaver.yar
2021-03-04 14:30:23,412 [cuckoo.core.startup] DEBUG: |-- binaries APT_Oilrig.yar
2021-03-04 14:30:23,412 [cuckoo.core.startup] DEBUG: |-- binaries APT_OpClandestineWolf.yar
2021-03-04 14:30:23,412 [cuckoo.core.startup] DEBUG: |-- binaries APT_OpDustStorm.yar
2021-03-04 14:30:23,412 [cuckoo.core.startup] DEBUG: |-- binaries APT_OpPotao.yar
2021-03-04 14:30:23,412 [cuckoo.core.startup] DEBUG: |-- binaries APT_PCclient.yar
2021-03-04 14:30:23,412 [cuckoo.core.startup] DEBUG: |-- binaries APT_Passcv.yar
2021-03-04 14:30:23,412 [cuckoo.core.startup] DEBUG: |-- binaries APT_Pipcreat.yar
2021-03-04 14:30:23,412 [cuckoo.core.startup] DEBUG: |-- binaries APT_Platinum.yar
2021-03-04 14:30:23,412 [cuckoo.core.startup] DEBUG: |-- binaries APT_Poseidon_Group.yar
2021-03-04 14:30:23,412 [cuckoo.core.startup] DEBUG: |-- binaries APT_Prikormka.yar
2021-03-04 14:30:23,412 [cuckoo.core.startup] DEBUG: |-- binaries APT_PutterPanda.yar
2021-03-04 14:30:23,413 [cuckoo.core.startup] DEBUG: |-- binaries APT_RedLeaves.yar
2021-03-04 14:30:23,413 [cuckoo.core.startup] DEBUG: |-- binaries APT_Regin.yar
2021-03-04 14:30:23,413 [cuckoo.core.startup] DEBUG: |-- binaries APT_RemSec.yar
2021-03-04 14:30:23,413 [cuckoo.core.startup] DEBUG: |-- binaries APT_Sauron.yar
2021-03-04 14:30:23,413 [cuckoo.core.startup] DEBUG: |-- binaries APT_Sauron_extras.yar
2021-03-04 14:30:23,413 [cuckoo.core.startup] DEBUG: |-- binaries APT_Scarab_Scieron.yar
2021-03-04 14:30:23,413 [cuckoo.core.startup] DEBUG: |-- binaries APT_Seaduke.yar
2021-03-04 14:30:23,413 [cuckoo.core.startup] DEBUG: |-- binaries APT_Shamoon_StoneDrill.yar
2021-03-04 14:30:23,413 [cuckoo.core.startup] DEBUG: |-- binaries APT_Snowglobe_Babar.yar
2021-03-04 14:30:23,413 [cuckoo.core.startup] DEBUG: |-- binaries APT_Sofacy_Bundestag.yar
2021-03-04 14:30:23,413 [cuckoo.core.startup] DEBUG: |-- binaries APT_Sofacy_Fysbis.yar
2021-03-04 14:30:23,413 [cuckoo.core.startup] DEBUG: |-- binaries APT_Sofacy_Jun16.yar
2021-03-04 14:30:23,413 [cuckoo.core.startup] DEBUG: |-- binaries APT_Sphinx_Moth.yar
2021-03-04 14:30:23,413 [cuckoo.core.startup] DEBUG: |-- binaries APT_Stuxnet.yar
2021-03-04 14:30:23,413 [cuckoo.core.startup] DEBUG: |-- binaries APT_Terracota.yar
2021-03-04 14:30:23,413 [cuckoo.core.startup] DEBUG: |-- binaries APT_ThreatGroup3390.yar
2021-03-04 14:30:23,413 [cuckoo.core.startup] DEBUG: |-- binaries APT_TradeSecret.yar
2021-03-04 14:30:23,413 [cuckoo.core.startup] DEBUG: |-- binaries APT_Turla_Neuron.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries APT_Turla_RUAG.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries APT_UP007_SLServer.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries APT_Unit78020.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries APT_Uppercut.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries APT_Waterbug.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries APT_WildNeutron.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries APT_Windigo_Onimiki.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries APT_Winnti.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries APT_WoolenGoldfish.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries APT_eqgrp_apr17.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries APT_fancybear_dnc.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries APT_fancybear_downdelph.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries APT_furtim.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries EXPERIMENTAL_Beef.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries GEN_PowerShell.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries MALW_ATMPot.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries MALW_ATM_HelloWorld.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries MALW_AgentTesla.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries MALW_AgentTesla_SMTP.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries MALW_AlMashreq.yar
2021-03-04 14:30:23,414 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Alina.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Andromeda.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Arkei.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Athena.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Atmos.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_BackdoorSSH.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Backoff.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Bangat.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Batel.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_BlackRev.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_BlackWorm.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Boouset.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Bublik.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Buzus_Softpulse.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_CAP_HookExKeylogger.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Chicken.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Citadel.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Cloaking.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Cookies.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Corkow.yar
2021-03-04 14:30:23,415 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Cxpid.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Cythosia.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_DDoSTf.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Derkziel.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Dexter.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_DiamondFox.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_DirtJumper.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Eicar.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Elex.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Elknot.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Emotet.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Empire.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Enfal.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Exploit_UAC_Elevators.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Ezcob.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_F0xy.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_FALLCHILL.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_FUDCrypt.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_FakeM.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Fareit.yar
2021-03-04 14:30:23,416 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Favorite.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Furtim.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Gafgyt.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Genome.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Glasses.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Gozi.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Grozlex.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Hajime.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Hsdfihdf_banking.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_IMuler.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_IcedID.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Iexpl0ree.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Install11.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Intel_Virtualization.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_IotReaper.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Jolob_Backdoor.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_KINS.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Kelihos.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_KeyBase.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Korlia.yar
2021-03-04 14:30:23,417 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Korplug.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Kovter.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Kraken.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Kwampirs.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_LURK0.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Lateral_Movement.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Lenovo_Superfish.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_LinuxBew.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_LinuxHelios.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_LinuxMoose.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_LostDoor.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_LuaBot.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_LuckyCat.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_MSILStealer.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_MacControl.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Madness.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Magento_backend.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Magento_frontend.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Magento_suspicious.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Mailers.yar
2021-03-04 14:30:23,418 [cuckoo.core.startup] DEBUG: |-- binaries MALW_MedusaHTTP_2019.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Miancha.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_MiniAsp3_mem.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Mirai.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Miscelanea.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Miscelanea_Linux.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Monero_Miner_installer.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_NSFree.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Naikon.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Naspyupdate.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_NetTraveler.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_NionSpy.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Notepad.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_OSX_Leverage.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Odinaff.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Olyx.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_PE_sections.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_PittyTiger.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_PolishBankRat.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Ponmocup.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Pony.yar
2021-03-04 14:30:23,419 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Predator.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_PubSab.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_PurpleWave.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_PyPI.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Pyinstaller.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Quarian.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Regsubdat.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Retefe.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Rockloader.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Rooter.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Rovnix.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Safenet.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Sakurel.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Sayad.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Scarhikn.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Sendsafe.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Shamoon.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Shifu.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Skeleton.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Spora.yar
2021-03-04 14:30:23,420 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Sqlite.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Stealer.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Surtr.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_T5000.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_TRITON_HATMAN.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_TRITON_ICS_FRAMEWORK.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Tedroo.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Tinba.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_TreasureHunt.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_TrickBot.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Trumpbot.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Upatre.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Urausy.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Vidgrab.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Virut_FileInfector_UNK_VERSION.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Volgmer.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Wabot.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Warp.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Wimmie.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_XHide.yar
2021-03-04 14:30:23,421 [cuckoo.core.startup] DEBUG: |-- binaries MALW_XMRIG_Miner.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries MALW_XOR_DDos.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Yayih.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Yordanyan_ActiveAgent.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Zegost.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries MALW_Zeus.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries MALW_adwind_RAT.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries MALW_hancitor.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries MALW_kirbi_mimikatz.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries MALW_kpot.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries MALW_marap.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries MALW_shifu_shiz.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries MALW_sitrof_fortis_scar.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries MALW_viotto_keylogger.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries MALW_xDedic_marketplace.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries MalConfScan.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries POS.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries POS_Bernhard.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries POS_BruteforcingBot.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries POS_Easterjack.yar
2021-03-04 14:30:23,422 [cuckoo.core.startup] DEBUG: |-- binaries POS_FastPOS.yar
2021-03-04 14:30:23,423 [cuckoo.core.startup] DEBUG: |-- binaries POS_LogPOS.yar
2021-03-04 14:30:23,423 [cuckoo.core.startup] DEBUG: |-- binaries POS_MalumPOS.yar
2021-03-04 14:30:23,423 [cuckoo.core.startup] DEBUG: |-- binaries POS_Mozart.yar
2021-03-04 14:30:23,423 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_.CRYPTXXX.yar
2021-03-04 14:30:23,423 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_777.yar
2021-03-04 14:30:23,423 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_Alpha.yar
2021-03-04 14:30:23,423 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_BadRabbit.yar
2021-03-04 14:30:23,423 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_Cerber.yar
2021-03-04 14:30:23,423 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_Comodosec.yar
2021-03-04 14:30:23,423 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_Crypren.yar
2021-03-04 14:30:23,423 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_CryptoNar.yar
2021-03-04 14:30:23,423 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_Cryptolocker.yar
2021-03-04 14:30:23,423 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_DMALocker.yar
2021-03-04 14:30:23,423 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_DoublePulsar_Petya.yar
2021-03-04 14:30:23,423 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_Erebus.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_GPGQwerty.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_GoldenEye.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_Locky.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_MS17-010_Wannacrypt.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_Maze.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_PetrWrap.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_Petya.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_Petya_MS17_010.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_Pico.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_SamSam.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_Satana.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_Shiva.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_Sigma.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_Snake.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_Stampado.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_TeslaCrypt.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_Tox.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_acroware.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_jeff_dev.yar
2021-03-04 14:30:23,424 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_locdoor.yar
2021-03-04 14:30:23,425 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_screenlocker_5h311_1nj3c706.yar
2021-03-04 14:30:23,425 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_shrug2.yar
2021-03-04 14:30:23,425 [cuckoo.core.startup] DEBUG: |-- binaries RANSOM_termite.yar
2021-03-04 14:30:23,425 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Adwind.yar
2021-03-04 14:30:23,425 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Adzok.yar
2021-03-04 14:30:23,425 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Asyncrat.yar
2021-03-04 14:30:23,425 [cuckoo.core.startup] DEBUG: |-- binaries RAT_BlackShades.yar
2021-03-04 14:30:23,425 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Bolonyokte.yar
2021-03-04 14:30:23,425 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Bozok.yar
2021-03-04 14:30:23,425 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Cerberus.yar
2021-03-04 14:30:23,425 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Crimson.yar
2021-03-04 14:30:23,425 [cuckoo.core.startup] DEBUG: |-- binaries RAT_CrossRAT.yar
2021-03-04 14:30:23,425 [cuckoo.core.startup] DEBUG: |-- binaries RAT_CyberGate.yar
2021-03-04 14:30:23,425 [cuckoo.core.startup] DEBUG: |-- binaries RAT_DarkComet.yar
2021-03-04 14:30:23,425 [cuckoo.core.startup] DEBUG: |-- binaries RAT_FlyingKitten.yar
2021-03-04 14:30:23,425 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Gh0st.yar
2021-03-04 14:30:23,425 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Gholee.yar
2021-03-04 14:30:23,425 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Glass.yar
2021-03-04 14:30:23,425 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Havex.yar
2021-03-04 14:30:23,426 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Hizor.yar
2021-03-04 14:30:23,426 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Indetectables.yar
2021-03-04 14:30:23,426 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Inocnation.yar
2021-03-04 14:30:23,426 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Meterpreter_Reverse_Tcp.yar
2021-03-04 14:30:23,426 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Nanocore.yar
2021-03-04 14:30:23,426 [cuckoo.core.startup] DEBUG: |-- binaries RAT_NetwiredRC.yar
2021-03-04 14:30:23,426 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Njrat.yar
2021-03-04 14:30:23,426 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Orcus.yar
2021-03-04 14:30:23,426 [cuckoo.core.startup] DEBUG: |-- binaries RAT_PlugX.yar
2021-03-04 14:30:23,426 [cuckoo.core.startup] DEBUG: |-- binaries RAT_PoetRATDoc.yar
2021-03-04 14:30:23,426 [cuckoo.core.startup] DEBUG: |-- binaries RAT_PoetRATPython.yar
2021-03-04 14:30:23,426 [cuckoo.core.startup] DEBUG: |-- binaries RAT_PoisonIvy.yar
2021-03-04 14:30:23,426 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Ratdecoders.yar
2021-03-04 14:30:23,426 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Sakula.yar
2021-03-04 14:30:23,426 [cuckoo.core.startup] DEBUG: |-- binaries RAT_ShadowTech.yar
2021-03-04 14:30:23,426 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Shim.yar
2021-03-04 14:30:23,426 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Terminator.yar
2021-03-04 14:30:23,426 [cuckoo.core.startup] DEBUG: |-- binaries RAT_Xtreme.yar
2021-03-04 14:30:23,426 [cuckoo.core.startup] DEBUG: |-- binaries RAT_ZoxPNG.yar
2021-03-04 14:30:23,427 [cuckoo.core.startup] DEBUG: |-- binaries RAT_jRAT.yar
2021-03-04 14:30:23,427 [cuckoo.core.startup] DEBUG: |-- binaries RAT_xRAT.yar
2021-03-04 14:30:23,427 [cuckoo.core.startup] DEBUG: |-- binaries RAT_xRAT20.yar
2021-03-04 14:30:23,427 [cuckoo.core.startup] DEBUG: |-- binaries TOOLKIT_Chinese_Hacktools.yar
2021-03-04 14:30:23,427 [cuckoo.core.startup] DEBUG: |-- binaries TOOLKIT_Dubrute.yar
2021-03-04 14:30:23,427 [cuckoo.core.startup] DEBUG: |-- binaries TOOLKIT_FinFisher_.yar
2021-03-04 14:30:23,427 [cuckoo.core.startup] DEBUG: |-- binaries TOOLKIT_Gen_powerkatz.yar
2021-03-04 14:30:23,427 [cuckoo.core.startup] DEBUG: |-- binaries TOOLKIT_PassTheHash.yar
2021-03-04 14:30:23,427 [cuckoo.core.startup] DEBUG: |-- binaries TOOLKIT_Powerstager.yar
2021-03-04 14:30:23,427 [cuckoo.core.startup] DEBUG: |-- binaries TOOLKIT_Pwdump.yar
2021-03-04 14:30:23,427 [cuckoo.core.startup] DEBUG: |-- binaries TOOLKIT_Redteam_Tools_by_GUID.yar
2021-03-04 14:30:23,427 [cuckoo.core.startup] DEBUG: |-- binaries TOOLKIT_Redteam_Tools_by_Name.yar
2021-03-04 14:30:23,427 [cuckoo.core.startup] DEBUG: |-- binaries TOOLKIT_Solarwinds_credential_stealer.yar
2021-03-04 14:30:23,427 [cuckoo.core.startup] DEBUG: |-- binaries TOOLKIT_THOR_HackTools.yar
2021-03-04 14:30:23,427 [cuckoo.core.startup] DEBUG: |-- binaries TOOLKIT_Wineggdrop.yar
2021-03-04 14:30:23,427 [cuckoo.core.startup] DEBUG: |-- binaries TOOLKIT_exe2hex_payload.yar
2021-03-04 14:30:23,427 [cuckoo.core.startup] DEBUG: |-- binaries embedded.yar
2021-03-04 14:30:23,427 [cuckoo.core.startup] DEBUG: |-- binaries filetypes.yar
2021-03-04 14:30:23,427 [cuckoo.core.startup] DEBUG: |-- binaries shellcodes.yar
2021-03-04 14:30:23,428 [cuckoo.core.startup] DEBUG: |-- binaries vmdetect.yar
2021-03-04 14:30:23,429 [cuckoo.core.startup] DEBUG: |-- urls RANSOM_MS17-010_Wannacrypt.yar
2021-03-04 14:30:23,431 [cuckoo.core.startup] DEBUG: |-- memory RANSOM_MS17-010_Wannacrypt.yar
2021-03-04 14:30:23,434 [cuckoo.core.startup] DEBUG: |-- scripts RANSOM_MS17-010_Wannacrypt.yar
2021-03-04 14:30:23,434 [cuckoo.core.startup] DEBUG: |-- scripts applocker_bypass.yar
2021-03-04 14:30:23,434 [cuckoo.core.startup] DEBUG: |-- scripts powerfun.yar
2021-03-04 14:30:23,434 [cuckoo.core.startup] DEBUG: |-- scripts powershell_AMSI.yar
2021-03-04 14:30:23,434 [cuckoo.core.startup] DEBUG: |-- scripts powershell_BITS_transfer.yar
2021-03-04 14:30:23,434 [cuckoo.core.startup] DEBUG: |-- scripts powershell_ddi_rc4.yar
2021-03-04 14:30:23,434 [cuckoo.core.startup] DEBUG: |-- scripts powershell_dfsp.yar
2021-03-04 14:30:23,434 [cuckoo.core.startup] DEBUG: |-- scripts powershell_di.yar
2021-03-04 14:30:23,434 [cuckoo.core.startup] DEBUG: |-- scripts powershell_empire.yar
2021-03-04 14:30:23,434 [cuckoo.core.startup] DEBUG: |-- scripts powershell_meterpreter.yar
2021-03-04 14:30:23,434 [cuckoo.core.startup] DEBUG: |-- scripts powershell_txt_c2.yar
2021-03-04 14:30:23,434 [cuckoo.core.startup] DEBUG: |-- scripts powershell_unicorn.yar
2021-03-04 14:30:23,434 [cuckoo.core.startup] DEBUG: |-- scripts powerworm.yar
2021-03-04 14:30:23,436 [cuckoo.core.startup] DEBUG: |-- shellcode RANSOM_MS17-010_Wannacrypt.yar
2021-03-04 14:30:23,436 [cuckoo.core.startup] DEBUG: |-- shellcode metasploit.yar
2021-03-04 14:30:23,437 [cuckoo.core.startup] DEBUG: |-- dumpmem RANSOM_MS17-010_Wannacrypt.yar
2021-03-04 14:30:23,439 [cuckoo.core.startup] DEBUG: |-- office RANSOM_MS17-010_Wannacrypt.yar
2021-03-04 14:30:23,439 [cuckoo.core.startup] DEBUG: |-- office dde.yar
2021-03-04 14:30:23,439 [cuckoo.core.startup] DEBUG: |-- office ole.yar
2021-03-04 14:30:23,611 [cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager
2021-03-04 14:30:23,842 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm cuckoo-test11
2021-03-04 14:30:24,036 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm cuckoo-adobe-1
2021-03-04 14:30:24,240 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm cuckoo-win7-office2007
2021-03-04 14:30:24,404 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm cuckoo-win7-office2016
2021-03-04 14:30:24,556 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine cuckoo-test11 to vmcloak3
2021-03-04 14:30:24,632 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine cuckoo-adobe-1 to vmcloak2
2021-03-04 14:30:24,710 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine cuckoo-win7-office2007 to vmcloak2
2021-03-04 14:30:24,784 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine cuckoo-win7-office2016 to vmcloak2
2021-03-04 14:30:24,867 [cuckoo.core.scheduler] INFO: Loaded 4 machine/s
2021-03-04 14:30:24,870 [cuckoo.core.scheduler] WARNING: As you've configured Cuckoo to execute parallel analyses, we recommend you to switch to a MySQL or a PostgreSQL database as SQLite might cause some issues.
2021-03-04 14:30:24,896 [cuckoo.core.scheduler] INFO: Waiting for analysis tasks.

My Cuckoo version and operating system are:

2.0.7, Ubuntu 18.04
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lotreitu