search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.55k stars 1.71k forks source link

Snapshot is infected/corrupted #1534

Closed pskmsc closed 7 years ago

pskmsc commented 7 years ago

Hello,

I got an issue with my brand new cuckoo setup, the snapshot is not duplicated before the analyzis, resulting in a corrupted snapshot and then a cuckoo hangup, because at the next run the agent is not enable to start (encrypted python libs).

I'm suspecting an misconfiguration but I cannot find where the option is.

Any tips is welcome.

Regards,

doomedraven commented 7 years ago

no logs no problem

doomedraven commented 7 years ago

encrypted python libs -> ransomare? :D

pskmsc commented 7 years ago

in cuckoo.conf machinery = virtualbox

virtualbox.conf [virtualbox] mode = headless path = /usr/bin/vboxmanage interface = vboxnet0 machines = Workstation7

[Workstation7] label = Workstation7 platform = windows ip = 192.168.56.2 snapshot = cuckoo1 interface = vboxnet0

Logs :

2017-05-11 09:30:24,236 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "file.exe" (task #74, options "procmemdump=yes,route=none")
2017-05-11 09:30:24,286 [cuckoo.core.scheduler] INFO: Task #74: acquired machine Workstation7 (label=Workstation7)
2017-05-11 09:30:24,305 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 16010 (interface=vboxnet0, host=192.168.56.2, pcap=/opt/cuckoo/.cuckoo/storage/analyses/74/dump.pcap)
2017-05-11 09:30:24,306 [cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer
2017-05-11 09:30:24,400 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Workstation7
2017-05-11 09:30:24,702 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Workstation7 to cuckoo1
2017-05-11 09:30:27,176 [cuckoo.processing.memory] DEBUG: Executing volatility 'handles' module.
2017-05-11 09:30:27,544 [cuckoo.core.guest] INFO: Starting analysis on guest (id=Workstation7, ip=192.168.56.2)
2017-05-11 09:30:28,563 [cuckoo.core.guest] DEBUG: Workstation7: not ready yet
2017-05-11 09:30:29,571 [cuckoo.core.guest] DEBUG: Workstation7: not ready yet
2017-05-11 09:30:30,580 [cuckoo.core.guest] DEBUG: Workstation7: not ready yet
2017-05-11 09:30:31,587 [cuckoo.core.guest] DEBUG: Workstation7: not ready yet
2017-05-11 09:30:32,596 [cuckoo.core.guest] DEBUG: Workstation7: not ready yet
2017-05-11 09:30:33,615 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.7 (id=Workstation7, ip=192.168.56.2)
2017-05-11 09:30:33,688 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Workstation7, ip=192.168.56.2, monitor=latest, size=4589419)
2017-05-11 09:30:34,257 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:34,558 [cuckoo.core.resultserver] DEBUG: LogHandler for live analysis.log initialized.
2017-05-11 09:30:35,271 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:36,284 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:36,984 [cuckoo.core.resultserver] DEBUG: New process (pid=704, ppid=3012, name=file.exe)
2017-05-11 09:30:37,295 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:38,396 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:38,890 [cuckoo.core.resultserver] DEBUG: File upload request for files/e3b0c44298fc1c14_nsr63E5.tmp
2017-05-11 09:30:39,417 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:40,429 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:41,440 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:42,449 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:43,463 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:44,475 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:45,510 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:46,520 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:47,536 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:48,579 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:49,645 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:50,669 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:51,690 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:52,703 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:53,714 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:54,748 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:55,758 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:56,767 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:57,777 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:58,806 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:59,820 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:00,847 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:01,859 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:02,875 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:03,887 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:04,907 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:05,936 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:06,947 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:07,971 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:08,995 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:10,013 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:11,024 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:12,035 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:13,072 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:14,082 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:15,114 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:15,533 [cuckoo.core.resultserver] DEBUG: New process (pid=2276, ppid=704, name=file.exe)
2017-05-11 09:31:16,126 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:17,140 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:18,155 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:19,169 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:20,180 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:21,191 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:22,200 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:22,307 [cuckoo.core.resultserver] DEBUG: File upload request for memory/704-1.dmp
2017-05-11 09:31:22,497 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 43449904
2017-05-11 09:31:23,210 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:23,800 [cuckoo.processing.memory] DEBUG: Executing volatility 'ldrmodules' module.
2017-05-11 09:31:24,257 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:25,310 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:26,323 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:27,342 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:28,438 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:29,470 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:30,483 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:31,147 [volatility.debug] WARNING: NoneObject as string: Invalid offset 51650192 for dereferencing Buffer as String
2017-05-11 09:31:31,148 [volatility.debug] WARNING: NoneObject as string: Invalid offset 51650192 for dereferencing Buffer as String
2017-05-11 09:31:31,149 [volatility.debug] WARNING: NoneObject as string: Invalid offset 51650192 for dereferencing Buffer as String
2017-05-11 09:31:31,158 [volatility.debug] WARNING: NoneObject as string: Invalid offset 51649312 for dereferencing Buffer as String
2017-05-11 09:31:31,159 [volatility.debug] WARNING: NoneObject as string: Invalid offset 51649312 for dereferencing Buffer as String
2017-05-11 09:31:31,162 [volatility.debug] WARNING: NoneObject as string: Invalid offset 51649312 for dereferencing Buffer as String
2017-05-11 09:31:31,508 [volatility.debug] WARNING: NoneObject as string: Invalid offset 4525632 for dereferencing Buffer as String
2017-05-11 09:31:31,510 [volatility.debug] WARNING: NoneObject as string: Invalid offset 4525632 for dereferencing Buffer as String
2017-05-11 09:31:31,511 [volatility.debug] WARNING: NoneObject as string: Invalid offset 4525632 for dereferencing Buffer as String
2017-05-11 09:31:31,637 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:32,654 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:33,127 [volatility.debug] WARNING: NoneObject as string: Invalid offset 3258800 for dereferencing Buffer as String
2017-05-11 09:31:33,129 [volatility.debug] WARNING: NoneObject as string: Invalid offset 3258800 for dereferencing Buffer as String
2017-05-11 09:31:33,130 [volatility.debug] WARNING: NoneObject as string: Invalid offset 3258800 for dereferencing Buffer as String
2017-05-11 09:31:33,667 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:34,678 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:35,703 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:36,740 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:37,575 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1990848 for dereferencing Buffer as String
2017-05-11 09:31:37,576 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1990848 for dereferencing Buffer as String
2017-05-11 09:31:37,577 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1990848 for dereferencing Buffer as String
2017-05-11 09:31:37,578 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125840 for dereferencing Buffer as String
2017-05-11 09:31:37,579 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125840 for dereferencing Buffer as String
2017-05-11 09:31:37,580 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125840 for dereferencing Buffer as String
2017-05-11 09:31:37,587 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42434576 for dereferencing Buffer as String
2017-05-11 09:31:37,588 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42434576 for dereferencing Buffer as String
2017-05-11 09:31:37,590 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42434576 for dereferencing Buffer as String
2017-05-11 09:31:37,592 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66040864 for dereferencing Buffer as String
2017-05-11 09:31:37,593 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66040864 for dereferencing Buffer as String
2017-05-11 09:31:37,595 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66040864 for dereferencing Buffer as String
2017-05-11 09:31:37,602 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42429280 for dereferencing Buffer as String
2017-05-11 09:31:37,603 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42429280 for dereferencing Buffer as String
2017-05-11 09:31:37,604 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42429280 for dereferencing Buffer as String
2017-05-11 09:31:37,607 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2300800 for dereferencing Buffer as String
2017-05-11 09:31:37,608 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2300800 for dereferencing Buffer as String
2017-05-11 09:31:37,609 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2300800 for dereferencing Buffer as String
2017-05-11 09:31:37,611 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992368 for dereferencing Buffer as String
2017-05-11 09:31:37,613 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992368 for dereferencing Buffer as String
2017-05-11 09:31:37,614 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992368 for dereferencing Buffer as String
2017-05-11 09:31:37,619 [volatility.debug] WARNING: NoneObject as string: Invalid offset 65046944 for dereferencing Buffer as String
2017-05-11 09:31:37,620 [volatility.debug] WARNING: NoneObject as string: Invalid offset 65046944 for dereferencing Buffer as String
2017-05-11 09:31:37,622 [volatility.debug] WARNING: NoneObject as string: Invalid offset 65046944 for dereferencing Buffer as String
2017-05-11 09:31:37,623 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994608 for dereferencing Buffer as String
2017-05-11 09:31:37,624 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994608 for dereferencing Buffer as String
2017-05-11 09:31:37,626 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994608 for dereferencing Buffer as String
2017-05-11 09:31:37,627 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299680 for dereferencing Buffer as String
2017-05-11 09:31:37,628 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299680 for dereferencing Buffer as String
2017-05-11 09:31:37,629 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299680 for dereferencing Buffer as String
2017-05-11 09:31:37,634 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42433776 for dereferencing Buffer as String
2017-05-11 09:31:37,635 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42433776 for dereferencing Buffer as String
2017-05-11 09:31:37,636 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42433776 for dereferencing Buffer as String
2017-05-11 09:31:37,640 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991248 for dereferencing Buffer as String
2017-05-11 09:31:37,641 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991248 for dereferencing Buffer as String
2017-05-11 09:31:37,642 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991248 for dereferencing Buffer as String
2017-05-11 09:31:37,647 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1993648 for dereferencing Buffer as String
2017-05-11 09:31:37,649 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1993648 for dereferencing Buffer as String
2017-05-11 09:31:37,650 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1993648 for dereferencing Buffer as String
2017-05-11 09:31:37,652 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994288 for dereferencing Buffer as String
2017-05-11 09:31:37,653 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994288 for dereferencing Buffer as String
2017-05-11 09:31:37,655 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994288 for dereferencing Buffer as String
2017-05-11 09:31:37,657 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299760 for dereferencing Buffer as String
2017-05-11 09:31:37,659 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299760 for dereferencing Buffer as String
2017-05-11 09:31:37,660 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299760 for dereferencing Buffer as String
2017-05-11 09:31:37,670 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389664 for dereferencing Buffer as String
2017-05-11 09:31:37,672 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389664 for dereferencing Buffer as String
2017-05-11 09:31:37,673 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389664 for dereferencing Buffer as String
2017-05-11 09:31:37,675 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125760 for dereferencing Buffer as String
2017-05-11 09:31:37,676 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125760 for dereferencing Buffer as String
2017-05-11 09:31:37,677 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125760 for dereferencing Buffer as String
2017-05-11 09:31:37,678 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389824 for dereferencing Buffer as String
2017-05-11 09:31:37,679 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389824 for dereferencing Buffer as String
2017-05-11 09:31:37,680 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389824 for dereferencing Buffer as String
2017-05-11 09:31:37,688 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991408 for dereferencing Buffer as String
2017-05-11 09:31:37,689 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991408 for dereferencing Buffer as String
2017-05-11 09:31:37,690 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991408 for dereferencing Buffer as String
2017-05-11 09:31:37,692 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389504 for dereferencing Buffer as String
2017-05-11 09:31:37,693 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389504 for dereferencing Buffer as String
2017-05-11 09:31:37,694 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389504 for dereferencing Buffer as String
2017-05-11 09:31:37,695 [volatility.debug] WARNING: NoneObject as string: Invalid offset 65047232 for dereferencing Buffer as String
2017-05-11 09:31:37,696 [volatility.debug] WARNING: NoneObject as string: Invalid offset 65047232 for dereferencing Buffer as String
2017-05-11 09:31:37,697 [volatility.debug] WARNING: NoneObject as string: Invalid offset 65047232 for dereferencing Buffer as String
2017-05-11 09:31:37,702 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42434416 for dereferencing Buffer as String
2017-05-11 09:31:37,703 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42434416 for dereferencing Buffer as String
2017-05-11 09:31:37,704 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42434416 for dereferencing Buffer as String
2017-05-11 09:31:37,731 [volatility.debug] WARNING: NoneObject as string: Invalid offset 41850256 for dereferencing Buffer as String
2017-05-11 09:31:37,733 [volatility.debug] WARNING: NoneObject as string: Invalid offset 41850256 for dereferencing Buffer as String
2017-05-11 09:31:37,734 [volatility.debug] WARNING: NoneObject as string: Invalid offset 41850256 for dereferencing Buffer as String
2017-05-11 09:31:37,736 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992448 for dereferencing Buffer as String
2017-05-11 09:31:37,737 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992448 for dereferencing Buffer as String
2017-05-11 09:31:37,738 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992448 for dereferencing Buffer as String
2017-05-11 09:31:37,754 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:37,754 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2804736 for dereferencing Buffer as String
2017-05-11 09:31:37,757 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2804736 for dereferencing Buffer as String
2017-05-11 09:31:37,758 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2804736 for dereferencing Buffer as String
2017-05-11 09:31:37,768 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992608 for dereferencing Buffer as String
2017-05-11 09:31:37,770 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992608 for dereferencing Buffer as String
2017-05-11 09:31:37,771 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992608 for dereferencing Buffer as String
2017-05-11 09:31:37,783 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125680 for dereferencing Buffer as String
2017-05-11 09:31:37,784 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125680 for dereferencing Buffer as String
2017-05-11 09:31:37,785 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125680 for dereferencing Buffer as String
2017-05-11 09:31:37,789 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991648 for dereferencing Buffer as String
2017-05-11 09:31:37,790 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991648 for dereferencing Buffer as String
2017-05-11 09:31:37,791 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991648 for dereferencing Buffer as String
2017-05-11 09:31:37,804 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1993568 for dereferencing Buffer as String
2017-05-11 09:31:37,805 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1993568 for dereferencing Buffer as String
2017-05-11 09:31:37,806 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1993568 for dereferencing Buffer as String
2017-05-11 09:31:37,810 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991088 for dereferencing Buffer as String
2017-05-11 09:31:37,811 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991088 for dereferencing Buffer as String
2017-05-11 09:31:37,812 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991088 for dereferencing Buffer as String
2017-05-11 09:31:37,816 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991888 for dereferencing Buffer as String
2017-05-11 09:31:37,817 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991888 for dereferencing Buffer as String
2017-05-11 09:31:37,818 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991888 for dereferencing Buffer as String
2017-05-11 09:31:37,835 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994448 for dereferencing Buffer as String
2017-05-11 09:31:37,836 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994448 for dereferencing Buffer as String
2017-05-11 09:31:37,838 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994448 for dereferencing Buffer as String
2017-05-11 09:31:37,840 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991488 for dereferencing Buffer as String
2017-05-11 09:31:37,841 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991488 for dereferencing Buffer as String
2017-05-11 09:31:37,843 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991488 for dereferencing Buffer as String
2017-05-11 09:31:37,860 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991168 for dereferencing Buffer as String
2017-05-11 09:31:37,861 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991168 for dereferencing Buffer as String
2017-05-11 09:31:37,863 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991168 for dereferencing Buffer as String
2017-05-11 09:31:37,870 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389744 for dereferencing Buffer as String
2017-05-11 09:31:37,871 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389744 for dereferencing Buffer as String
2017-05-11 09:31:37,872 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389744 for dereferencing Buffer as String
2017-05-11 09:31:37,874 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66128080 for dereferencing Buffer as String
2017-05-11 09:31:37,875 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66128080 for dereferencing Buffer as String
2017-05-11 09:31:37,876 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66128080 for dereferencing Buffer as String
2017-05-11 09:31:37,877 [volatility.debug] WARNING: NoneObject as string: Invalid offset 41920976 for dereferencing Buffer as String
2017-05-11 09:31:37,878 [volatility.debug] WARNING: NoneObject as string: Invalid offset 41920976 for dereferencing Buffer as String
2017-05-11 09:31:37,879 [volatility.debug] WARNING: NoneObject as string: Invalid offset 41920976 for dereferencing Buffer as String
2017-05-11 09:31:37,880 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2300880 for dereferencing Buffer as String
2017-05-11 09:31:37,881 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2300880 for dereferencing Buffer as String
2017-05-11 09:31:37,882 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2300880 for dereferencing Buffer as String
2017-05-11 09:31:37,886 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125040 for dereferencing Buffer as String
2017-05-11 09:31:37,887 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125040 for dereferencing Buffer as String
2017-05-11 09:31:37,888 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125040 for dereferencing Buffer as String
2017-05-11 09:31:37,895 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1990768 for dereferencing Buffer as String
2017-05-11 09:31:37,896 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1990768 for dereferencing Buffer as String
2017-05-11 09:31:37,897 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1990768 for dereferencing Buffer as String
2017-05-11 09:31:37,904 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991968 for dereferencing Buffer as String
2017-05-11 09:31:37,905 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991968 for dereferencing Buffer as String
2017-05-11 09:31:37,906 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991968 for dereferencing Buffer as String
2017-05-11 09:31:37,907 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2187872 for dereferencing Buffer as String
2017-05-11 09:31:37,908 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2187872 for dereferencing Buffer as String
2017-05-11 09:31:37,909 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2187872 for dereferencing Buffer as String
2017-05-11 09:31:37,913 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991808 for dereferencing Buffer as String
2017-05-11 09:31:37,914 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991808 for dereferencing Buffer as String
2017-05-11 09:31:37,915 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991808 for dereferencing Buffer as String
2017-05-11 09:31:37,919 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66041632 for dereferencing Buffer as String
2017-05-11 09:31:37,920 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66041632 for dereferencing Buffer as String
2017-05-11 09:31:37,920 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66041632 for dereferencing Buffer as String
2017-05-11 09:31:37,922 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2635456 for dereferencing Buffer as String
2017-05-11 09:31:37,923 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2635456 for dereferencing Buffer as String
2017-05-11 09:31:37,925 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2635456 for dereferencing Buffer as String
2017-05-11 09:31:37,929 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66126960 for dereferencing Buffer as String
2017-05-11 09:31:37,930 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66126960 for dereferencing Buffer as String
2017-05-11 09:31:37,930 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66126960 for dereferencing Buffer as String
2017-05-11 09:31:37,932 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2298640 for dereferencing Buffer as String
2017-05-11 09:31:37,933 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2298640 for dereferencing Buffer as String
2017-05-11 09:31:37,934 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2298640 for dereferencing Buffer as String
2017-05-11 09:31:37,936 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991568 for dereferencing Buffer as String
2017-05-11 09:31:37,937 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991568 for dereferencing Buffer as String
2017-05-11 09:31:37,939 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991568 for dereferencing Buffer as String
2017-05-11 09:31:37,950 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991328 for dereferencing Buffer as String
2017-05-11 09:31:37,951 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991328 for dereferencing Buffer as String
2017-05-11 09:31:37,952 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991328 for dereferencing Buffer as String
2017-05-11 09:31:37,954 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2635296 for dereferencing Buffer as String
2017-05-11 09:31:37,955 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2635296 for dereferencing Buffer as String
2017-05-11 09:31:37,956 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2635296 for dereferencing Buffer as String
2017-05-11 09:31:37,958 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299840 for dereferencing Buffer as String
2017-05-11 09:31:37,959 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299840 for dereferencing Buffer as String
2017-05-11 09:31:37,960 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299840 for dereferencing Buffer as String
2017-05-11 09:31:38,766 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:39,778 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:40,491 [volatility.debug] WARNING: NoneObject as string: Invalid offset 4568400 for dereferencing Buffer as String
2017-05-11 09:31:40,492 [volatility.debug] WARNING: NoneObject as string: Invalid offset 4568400 for dereferencing Buffer as String
2017-05-11 09:31:40,493 [volatility.debug] WARNING: NoneObject as string: Invalid offset 4568400 for dereferencing Buffer as String
2017-05-11 09:31:40,792 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:41,873 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:42,895 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:43,907 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:44,918 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:45,930 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:46,944 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:47,175 [cuckoo.processing.memory] DEBUG: Executing volatility 'mutantscan' module.
2017-05-11 09:31:47,979 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:48,999 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:49,567 [cuckoo.processing.memory] DEBUG: Executing volatility 'devicetree' module.
2017-05-11 09:31:50,010 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:51,023 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:52,044 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:52,528 [cuckoo.processing.memory] DEBUG: Executing volatility 'svcscan' module.
2017-05-11 09:31:53,194 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:53,482 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,509 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,527 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,553 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,590 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,599 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,616 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,639 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,644 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,647 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,662 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,680 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,703 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,735 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,759 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,792 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,796 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,799 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,832 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,859 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,880 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,922 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,970 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,023 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,028 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,058 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,071 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,097 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,103 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,109 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,114 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,224 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:54,548 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,556 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,560 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,581 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,585 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,594 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid2017-05-11 09:30:24,236 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "file.exe" (task #74, options "procmemdump=yes,route=none")
2017-05-11 09:30:24,286 [cuckoo.core.scheduler] INFO: Task #74: acquired machine Workstation7 (label=Workstation7)
2017-05-11 09:30:24,305 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 16010 (interface=vboxnet0, host=192.168.56.2, pcap=/opt/cuckoo/.cuckoo/storage/analyses/74/dump.pcap)
2017-05-11 09:30:24,306 [cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer
2017-05-11 09:30:24,400 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Workstation7
2017-05-11 09:30:24,702 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Workstation7 to cuckoo1
2017-05-11 09:30:27,176 [cuckoo.processing.memory] DEBUG: Executing volatility 'handles' module.
2017-05-11 09:30:27,544 [cuckoo.core.guest] INFO: Starting analysis on guest (id=Workstation7, ip=192.168.56.2)
2017-05-11 09:30:28,563 [cuckoo.core.guest] DEBUG: Workstation7: not ready yet
2017-05-11 09:30:29,571 [cuckoo.core.guest] DEBUG: Workstation7: not ready yet
2017-05-11 09:30:30,580 [cuckoo.core.guest] DEBUG: Workstation7: not ready yet
2017-05-11 09:30:31,587 [cuckoo.core.guest] DEBUG: Workstation7: not ready yet
2017-05-11 09:30:32,596 [cuckoo.core.guest] DEBUG: Workstation7: not ready yet
2017-05-11 09:30:33,615 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.7 (id=Workstation7, ip=192.168.56.2)
2017-05-11 09:30:33,688 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Workstation7, ip=192.168.56.2, monitor=latest, size=4589419)
2017-05-11 09:30:34,257 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:34,558 [cuckoo.core.resultserver] DEBUG: LogHandler for live analysis.log initialized.
2017-05-11 09:30:35,271 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:36,284 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:36,984 [cuckoo.core.resultserver] DEBUG: New process (pid=704, ppid=3012, name=file.exe)
2017-05-11 09:30:37,295 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:38,396 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:38,890 [cuckoo.core.resultserver] DEBUG: File upload request for files/e3b0c44298fc1c14_nsr63E5.tmp
2017-05-11 09:30:39,417 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:40,429 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:41,440 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:42,449 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:43,463 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:44,475 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:45,510 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:46,520 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:47,536 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:48,579 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:49,645 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:50,669 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:51,690 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:52,703 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:53,714 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:54,748 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:55,758 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:56,767 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:57,777 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:58,806 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:59,820 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:00,847 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:01,859 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:02,875 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:03,887 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:04,907 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:05,936 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:06,947 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:07,971 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:08,995 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:10,013 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:11,024 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:12,035 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:13,072 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:14,082 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:15,114 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:15,533 [cuckoo.core.resultserver] DEBUG: New process (pid=2276, ppid=704, name=file.exe)
2017-05-11 09:31:16,126 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:17,140 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:18,155 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:19,169 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:20,180 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:21,191 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:22,200 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:22,307 [cuckoo.core.resultserver] DEBUG: File upload request for memory/704-1.dmp
2017-05-11 09:31:22,497 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 43449904
2017-05-11 09:31:23,210 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:23,800 [cuckoo.processing.memory] DEBUG: Executing volatility 'ldrmodules' module.
2017-05-11 09:31:24,257 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:25,310 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:26,323 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:27,342 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:28,438 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:29,470 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:30,483 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:31,147 [volatility.debug] WARNING: NoneObject as string: Invalid offset 51650192 for dereferencing Buffer as String
2017-05-11 09:31:31,148 [volatility.debug] WARNING: NoneObject as string: Invalid offset 51650192 for dereferencing Buffer as String
2017-05-11 09:31:31,149 [volatility.debug] WARNING: NoneObject as string: Invalid offset 51650192 for dereferencing Buffer as String
2017-05-11 09:31:31,158 [volatility.debug] WARNING: NoneObject as string: Invalid offset 51649312 for dereferencing Buffer as String
2017-05-11 09:31:31,159 [volatility.debug] WARNING: NoneObject as string: Invalid offset 51649312 for dereferencing Buffer as String
2017-05-11 09:31:31,162 [volatility.debug] WARNING: NoneObject as string: Invalid offset 51649312 for dereferencing Buffer as String
2017-05-11 09:31:31,508 [volatility.debug] WARNING: NoneObject as string: Invalid offset 4525632 for dereferencing Buffer as String
2017-05-11 09:31:31,510 [volatility.debug] WARNING: NoneObject as string: Invalid offset 4525632 for dereferencing Buffer as String
2017-05-11 09:31:31,511 [volatility.debug] WARNING: NoneObject as string: Invalid offset 4525632 for dereferencing Buffer as String
2017-05-11 09:31:31,637 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:32,654 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:33,127 [volatility.debug] WARNING: NoneObject as string: Invalid offset 3258800 for dereferencing Buffer as String
2017-05-11 09:31:33,129 [volatility.debug] WARNING: NoneObject as string: Invalid offset 3258800 for dereferencing Buffer as String
2017-05-11 09:31:33,130 [volatility.debug] WARNING: NoneObject as string: Invalid offset 3258800 for dereferencing Buffer as String
2017-05-11 09:31:33,667 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:34,678 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:35,703 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:36,740 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:37,575 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1990848 for dereferencing Buffer as String
2017-05-11 09:31:37,576 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1990848 for dereferencing Buffer as String
2017-05-11 09:31:37,577 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1990848 for dereferencing Buffer as String
2017-05-11 09:31:37,578 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125840 for dereferencing Buffer as String
2017-05-11 09:31:37,579 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125840 for dereferencing Buffer as String
2017-05-11 09:31:37,580 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125840 for dereferencing Buffer as String
2017-05-11 09:31:37,587 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42434576 for dereferencing Buffer as String
2017-05-11 09:31:37,588 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42434576 for dereferencing Buffer as String
2017-05-11 09:31:37,590 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42434576 for dereferencing Buffer as String
2017-05-11 09:31:37,592 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66040864 for dereferencing Buffer as String
2017-05-11 09:31:37,593 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66040864 for dereferencing Buffer as String
2017-05-11 09:31:37,595 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66040864 for dereferencing Buffer as String
2017-05-11 09:31:37,602 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42429280 for dereferencing Buffer as String
2017-05-11 09:31:37,603 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42429280 for dereferencing Buffer as String
2017-05-11 09:31:37,604 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42429280 for dereferencing Buffer as String
2017-05-11 09:31:37,607 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2300800 for dereferencing Buffer as String
2017-05-11 09:31:37,608 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2300800 for dereferencing Buffer as String
2017-05-11 09:31:37,609 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2300800 for dereferencing Buffer as String
2017-05-11 09:31:37,611 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992368 for dereferencing Buffer as String
2017-05-11 09:31:37,613 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992368 for dereferencing Buffer as String
2017-05-11 09:31:37,614 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992368 for dereferencing Buffer as String
2017-05-11 09:31:37,619 [volatility.debug] WARNING: NoneObject as string: Invalid offset 65046944 for dereferencing Buffer as String
2017-05-11 09:31:37,620 [volatility.debug] WARNING: NoneObject as string: Invalid offset 65046944 for dereferencing Buffer as String
2017-05-11 09:31:37,622 [volatility.debug] WARNING: NoneObject as string: Invalid offset 65046944 for dereferencing Buffer as String
2017-05-11 09:31:37,623 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994608 for dereferencing Buffer as String
2017-05-11 09:31:37,624 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994608 for dereferencing Buffer as String
2017-05-11 09:31:37,626 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994608 for dereferencing Buffer as String
2017-05-11 09:31:37,627 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299680 for dereferencing Buffer as String
2017-05-11 09:31:37,628 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299680 for dereferencing Buffer as String
2017-05-11 09:31:37,629 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299680 for dereferencing Buffer as String
2017-05-11 09:31:37,634 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42433776 for dereferencing Buffer as String
2017-05-11 09:31:37,635 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42433776 for dereferencing Buffer as String
2017-05-11 09:31:37,636 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42433776 for dereferencing Buffer as String
2017-05-11 09:31:37,640 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991248 for dereferencing Buffer as String
2017-05-11 09:31:37,641 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991248 for dereferencing Buffer as String
2017-05-11 09:31:37,642 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991248 for dereferencing Buffer as String
2017-05-11 09:31:37,647 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1993648 for dereferencing Buffer as String
2017-05-11 09:31:37,649 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1993648 for dereferencing Buffer as String
2017-05-11 09:31:37,650 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1993648 for dereferencing Buffer as String
2017-05-11 09:31:37,652 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994288 for dereferencing Buffer as String
2017-05-11 09:31:37,653 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994288 for dereferencing Buffer as String
2017-05-11 09:31:37,655 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994288 for dereferencing Buffer as String
2017-05-11 09:31:37,657 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299760 for dereferencing Buffer as String
2017-05-11 09:31:37,659 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299760 for dereferencing Buffer as String
2017-05-11 09:31:37,660 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299760 for dereferencing Buffer as String
2017-05-11 09:31:37,670 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389664 for dereferencing Buffer as String
2017-05-11 09:31:37,672 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389664 for dereferencing Buffer as String
2017-05-11 09:31:37,673 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389664 for dereferencing Buffer as String
2017-05-11 09:31:37,675 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125760 for dereferencing Buffer as String
2017-05-11 09:31:37,676 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125760 for dereferencing Buffer as String
2017-05-11 09:31:37,677 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125760 for dereferencing Buffer as String
2017-05-11 09:31:37,678 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389824 for dereferencing Buffer as String
2017-05-11 09:31:37,679 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389824 for dereferencing Buffer as String
2017-05-11 09:31:37,680 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389824 for dereferencing Buffer as String
2017-05-11 09:31:37,688 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991408 for dereferencing Buffer as String
2017-05-11 09:31:37,689 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991408 for dereferencing Buffer as String
2017-05-11 09:31:37,690 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991408 for dereferencing Buffer as String
2017-05-11 09:31:37,692 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389504 for dereferencing Buffer as String
2017-05-11 09:31:37,693 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389504 for dereferencing Buffer as String
2017-05-11 09:31:37,694 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389504 for dereferencing Buffer as String
2017-05-11 09:31:37,695 [volatility.debug] WARNING: NoneObject as string: Invalid offset 65047232 for dereferencing Buffer as String
2017-05-11 09:31:37,696 [volatility.debug] WARNING: NoneObject as string: Invalid offset 65047232 for dereferencing Buffer as String
2017-05-11 09:31:37,697 [volatility.debug] WARNING: NoneObject as string: Invalid offset 65047232 for dereferencing Buffer as String
2017-05-11 09:31:37,702 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42434416 for dereferencing Buffer as String
2017-05-11 09:31:37,703 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42434416 for dereferencing Buffer as String
2017-05-11 09:31:37,704 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42434416 for dereferencing Buffer as String
2017-05-11 09:31:37,731 [volatility.debug] WARNING: NoneObject as string: Invalid offset 41850256 for dereferencing Buffer as String
2017-05-11 09:31:37,733 [volatility.debug] WARNING: NoneObject as string: Invalid offset 41850256 for dereferencing Buffer as String
2017-05-11 09:31:37,734 [volatility.debug] WARNING: NoneObject as string: Invalid offset 41850256 for dereferencing Buffer as String
2017-05-11 09:31:37,736 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992448 for dereferencing Buffer as String
2017-05-11 09:31:37,737 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992448 for dereferencing Buffer as String
2017-05-11 09:31:37,738 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992448 for dereferencing Buffer as String
2017-05-11 09:31:37,754 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:37,754 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2804736 for dereferencing Buffer as String
2017-05-11 09:31:37,757 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2804736 for dereferencing Buffer as String
2017-05-11 09:31:37,758 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2804736 for dereferencing Buffer as String
2017-05-11 09:31:37,768 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992608 for dereferencing Buffer as String
2017-05-11 09:31:37,770 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992608 for dereferencing Buffer as String
2017-05-11 09:31:37,771 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992608 for dereferencing Buffer as String
2017-05-11 09:31:37,783 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125680 for dereferencing Buffer as String
2017-05-11 09:31:37,784 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125680 for dereferencing Buffer as String
2017-05-11 09:31:37,785 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125680 for dereferencing Buffer as String
2017-05-11 09:31:37,789 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991648 for dereferencing Buffer as String
2017-05-11 09:31:37,790 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991648 for dereferencing Buffer as String
2017-05-11 09:31:37,791 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991648 for dereferencing Buffer as String
2017-05-11 09:31:37,804 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1993568 for dereferencing Buffer as String
2017-05-11 09:31:37,805 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1993568 for dereferencing Buffer as String
2017-05-11 09:31:37,806 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1993568 for dereferencing Buffer as String
2017-05-11 09:31:37,810 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991088 for dereferencing Buffer as String
2017-05-11 09:31:37,811 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991088 for dereferencing Buffer as String
2017-05-11 09:31:37,812 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991088 for dereferencing Buffer as String
2017-05-11 09:31:37,816 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991888 for dereferencing Buffer as String
2017-05-11 09:31:37,817 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991888 for dereferencing Buffer as String
2017-05-11 09:31:37,818 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991888 for dereferencing Buffer as String
2017-05-11 09:31:37,835 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994448 for dereferencing Buffer as String
2017-05-11 09:31:37,836 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994448 for dereferencing Buffer as String
2017-05-11 09:31:37,838 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994448 for dereferencing Buffer as String
2017-05-11 09:31:37,840 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991488 for dereferencing Buffer as String
2017-05-11 09:31:37,841 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991488 for dereferencing Buffer as String
2017-05-11 09:31:37,843 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991488 for dereferencing Buffer as String
2017-05-11 09:31:37,860 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991168 for dereferencing Buffer as String
2017-05-11 09:31:37,861 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991168 for dereferencing Buffer as String
2017-05-11 09:31:37,863 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991168 for dereferencing Buffer as String
2017-05-11 09:31:37,870 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389744 for dereferencing Buffer as String
2017-05-11 09:31:37,871 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389744 for dereferencing Buffer as String
2017-05-11 09:31:37,872 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389744 for dereferencing Buffer as String
2017-05-11 09:31:37,874 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66128080 for dereferencing Buffer as String
2017-05-11 09:31:37,875 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66128080 for dereferencing Buffer as String
2017-05-11 09:31:37,876 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66128080 for dereferencing Buffer as String
2017-05-11 09:31:37,877 [volatility.debug] WARNING: NoneObject as string: Invalid offset 41920976 for dereferencing Buffer as String
2017-05-11 09:31:37,878 [volatility.debug] WARNING: NoneObject as string: Invalid offset 41920976 for dereferencing Buffer as String
2017-05-11 09:31:37,879 [volatility.debug] WARNING: NoneObject as string: Invalid offset 41920976 for dereferencing Buffer as String
2017-05-11 09:31:37,880 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2300880 for dereferencing Buffer as String
2017-05-11 09:31:37,881 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2300880 for dereferencing Buffer as String
2017-05-11 09:31:37,882 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2300880 for dereferencing Buffer as String
2017-05-11 09:31:37,886 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125040 for dereferencing Buffer as String
2017-05-11 09:31:37,887 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125040 for dereferencing Buffer as String
2017-05-11 09:31:37,888 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125040 for dereferencing Buffer as String
2017-05-11 09:31:37,895 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1990768 for dereferencing Buffer as String
2017-05-11 09:31:37,896 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1990768 for dereferencing Buffer as String
2017-05-11 09:31:37,897 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1990768 for dereferencing Buffer as String
2017-05-11 09:31:37,904 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991968 for dereferencing Buffer as String
2017-05-11 09:31:37,905 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991968 for dereferencing Buffer as String
2017-05-11 09:31:37,906 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991968 for dereferencing Buffer as String
2017-05-11 09:31:37,907 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2187872 for dereferencing Buffer as String
2017-05-11 09:31:37,908 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2187872 for dereferencing Buffer as String
2017-05-11 09:31:37,909 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2187872 for dereferencing Buffer as String
2017-05-11 09:31:37,913 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991808 for dereferencing Buffer as String
2017-05-11 09:31:37,914 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991808 for dereferencing Buffer as String
2017-05-11 09:31:37,915 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991808 for dereferencing Buffer as String
2017-05-11 09:31:37,919 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66041632 for dereferencing Buffer as String
2017-05-11 09:31:37,920 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66041632 for dereferencing Buffer as String
2017-05-11 09:31:37,920 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66041632 for dereferencing Buffer as String
2017-05-11 09:31:37,922 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2635456 for dereferencing Buffer as String
2017-05-11 09:31:37,923 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2635456 for dereferencing Buffer as String
2017-05-11 09:31:37,925 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2635456 for dereferencing Buffer as String
2017-05-11 09:31:37,929 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66126960 for dereferencing Buffer as String
2017-05-11 09:31:37,930 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66126960 for dereferencing Buffer as String
2017-05-11 09:31:37,930 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66126960 for dereferencing Buffer as String
2017-05-11 09:31:37,932 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2298640 for dereferencing Buffer as String
2017-05-11 09:31:37,933 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2298640 for dereferencing Buffer as String
2017-05-11 09:31:37,934 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2298640 for dereferencing Buffer as String
2017-05-11 09:31:37,936 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991568 for dereferencing Buffer as String
2017-05-11 09:31:37,937 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991568 for dereferencing Buffer as String
2017-05-11 09:31:37,939 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991568 for dereferencing Buffer as String
2017-05-11 09:31:37,950 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991328 for dereferencing Buffer as String
2017-05-11 09:31:37,951 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991328 for dereferencing Buffer as String
2017-05-11 09:31:37,952 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991328 for dereferencing Buffer as String
2017-05-11 09:31:37,954 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2635296 for dereferencing Buffer as String
2017-05-11 09:31:37,955 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2635296 for dereferencing Buffer as String
2017-05-11 09:31:37,956 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2635296 for dereferencing Buffer as String
2017-05-11 09:31:37,958 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299840 for dereferencing Buffer as String
2017-05-11 09:31:37,959 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299840 for dereferencing Buffer as String
2017-05-11 09:31:37,960 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299840 for dereferencing Buffer as String
2017-05-11 09:31:38,766 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:39,778 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:40,491 [volatility.debug] WARNING: NoneObject as string: Invalid offset 4568400 for dereferencing Buffer as String
2017-05-11 09:31:40,492 [volatility.debug] WARNING: NoneObject as string: Invalid offset 4568400 for dereferencing Buffer as String
2017-05-11 09:31:40,493 [volatility.debug] WARNING: NoneObject as string: Invalid offset 4568400 for dereferencing Buffer as String
2017-05-11 09:31:40,792 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:41,873 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:42,895 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:43,907 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:44,918 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:45,930 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:46,944 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:47,175 [cuckoo.processing.memory] DEBUG: Executing volatility 'mutantscan' module.
2017-05-11 09:31:47,979 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:48,999 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:49,567 [cuckoo.processing.memory] DEBUG: Executing volatility 'devicetree' module.
2017-05-11 09:31:50,010 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:51,023 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:52,044 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:52,528 [cuckoo.processing.memory] DEBUG: Executing volatility 'svcscan' module.
2017-05-11 09:31:53,194 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:53,482 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,509 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,527 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,553 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,590 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,599 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,616 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,639 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,644 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,647 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,662 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,680 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,703 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,735 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,759 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,792 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,796 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,799 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,832 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,859 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,880 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,922 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,970 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,023 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,028 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,058 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,071 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,097 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,103 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,109 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,114 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,224 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:54,548 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,556 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,560 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,581 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,585 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,594 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,604 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,609 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,624 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,632 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,646 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,659 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,670 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,685 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,690 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,695 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,707 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,717 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,732 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,737 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,745 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,765 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,775 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,787 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,800 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,835 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,840 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,845 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,876 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,880 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,891 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,900 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,907 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,922 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,927 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,933 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,937 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,942 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,951 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,957 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,001 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,114 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,146 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,195 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,206 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,213 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,219 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,232 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,244 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,267 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,274 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,292 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:55,332 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,791 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,801 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:56,306 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:56,553 [cuckoo.processing.memory] DEBUG: Executing volatility 'modscan' module.
2017-05-11 09:31:57,331 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:57,958 [cuckoo.processing.memory] DEBUG: Executing volatility 'yarascan' module.
2017-05-11 09:31:58,359 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:59,375 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:00,392 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:01,404 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:02,547 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:03,560 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:04,573 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:05,620 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:06,643 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:07,655 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:08,666 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:09,678 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:10,692 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:11,703 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:12,716 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:13,730 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:14,741 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:15,757 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:16,780 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:17,792 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:18,801 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:19,814 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:20,828 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:21,838 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:22,848 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:23,857 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:24,868 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:25,878 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:26,899 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:27,913 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:28,924 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:29,935 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:30,945 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:31,959 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:32,972 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:34,001 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:35,013 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:36,023 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:37,038 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:38,050 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:39,071 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:40,083 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:41,096 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:42,108 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:43,119 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:44,132 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:45,148 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:46,232 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:47,259 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:48,273 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:49,303 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:50,419 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:51,429 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:52,439 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:53,470 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:54,485 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:55,500 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:56,356 [cuckoo.core.resultserver] DEBUG: File upload request for memory/2276-1.dmp
2017-05-11 09:32:56,511 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:57,523 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:57,657 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 57797360
2017-05-11 09:32:58,458 [cuckoo.core.resultserver] DEBUG: File upload request for files/ad809c360cbd7dec_b4ise3kzku.b838
2017-05-11 09:32:58,474 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 85276
2017-05-11 09:32:58,494 [cuckoo.core.resultserver] DEBUG: File upload request for files/15956ca105dd44ba_wgtmmz-mlh.b838
2017-05-11 09:32:58,496 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 30131
2017-05-11 09:32:58,541 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:58,574 [cuckoo.core.resultserver] DEBUG: File upload request for files/a101c0c9fb841aac_veraia9umr.b838
2017-05-11 09:32:58,575 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 4530
2017-05-11 09:32:58,620 [cuckoo.core.resultserver] DEBUG: File upload request for files/1e5f8ab428f5325c_kiv1trvirn.b838

... skipping 3k encrypted files ...

2017-05-11 09:33:19,106 [cuckoo.core.resultserver] DEBUG: File upload request for files/a19cecbfc40841d9_3vywq512xk.b838
2017-05-11 09:33:19,109 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 11985
2017-05-11 09:33:19,111 [cuckoo.core.resultserver] DEBUG: File upload request for files/658a0e0b8cff3591_wb5mahdiq7.b838
2017-05-11 09:33:19,112 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 5387
2017-05-11 09:33:19,123 [cuckoo.core.resultserver] DEBUG: File upload request for files/9ede3cd08d35f8cc_9r7vz40mnp.b838
2017-05-11 09:33:19,124 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 27128
2017-05-11 09:33:19,127 [cuckoo.core.resultserver] DEBUG: File upload request for files/3bd851d786867b02_gsob4uedya.b838
2017-05-11 09:33:19,129 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 20047
2017-05-11 09:33:19,139 [cuckoo.core.resultserver] DEBUG: File upload request for files/9073286f137c725f_lsaartghnm.b838
2017-05-11 09:33:19,141 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 32356
2017-05-11 09:33:19,919 [cuckoo.core.guest] INFO: Workstation7: analysis completed successfully
2017-05-11 09:33:19,970 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2017-05-11 09:33:20,833 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Workstation7 to path /opt/cuckoo/.cuckoo/storage/analyses/74/memory.dmp
2017-05-11 09:33:20,835 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Workstation7
2017-05-11 09:33:22,292 [cuckoo.core.scheduler] DEBUG: Released database task #74
2017-05-11 09:33:22,328 [cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:33:33,112 [cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:33:39,831 [cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:33:39,842 [cuckoo.core.plugins] DEBUG: Executed processing module "DroppedBuffer" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:33:40,212 [cuckoo.processing.memory] DEBUG: Executing volatility 'pslist' module.
2017-05-11 09:33:41,879 [cuckoo.processing.memory] DEBUG: Executing volatility 'psxview' module.
2017-05-11 09:34:05,571 [cuckoo.processing.memory] DEBUG: Executing volatility 'callbacks' module.
2017-05-11 09:34:12,985 [cuckoo.processing.memory] DEBUG: Executing volatility 'ssdt' module.
2017-05-11 09:34:15,295 [cuckoo.processing.memory] DEBUG: Executing volatility 'timers' module.
2017-05-11 09:34:21,834 [cuckoo.processing.memory] DEBUG: Skipping 'messagehooks' volatility module
2017-05-11 09:34:21,834 [cuckoo.processing.memory] DEBUG: Executing volatility 'getsids' module.
2017-05-11 09:34:29,606 [cuckoo.processing.memory] DEBUG: Executing volatility 'privs' module.
2017-05-11 09:34:38,816 [cuckoo.processing.memory] DEBUG: Executing volatility 'malfind' module.
2017-05-11 09:35:00,827 [cuckoo.processing.memory] DEBUG: Executing volatility 'netscan' module.
2017-05-11 09:35:04,734 [cuckoo.core.plugins] DEBUG: Executed processing module "Memory" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:09,226 [cuckoo.processing.memory] DEBUG: Skipping 'apihooks' volatility module
2017-05-11 09:35:09,226 [cuckoo.processing.memory] DEBUG: Executing volatility 'dlllist' module.
2017-05-11 09:35:09,969 [cuckoo.core.plugins] DEBUG: Executed processing module "MetaInfo" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:14,249 [cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:14,250 [cuckoo.core.plugins] DEBUG: Executed processing module "Procmon" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:14,251 [cuckoo.core.plugins] DEBUG: Executed processing module "Screenshots" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:14,738 [cuckoo.core.plugins] DEBUG: Executed processing module "Static" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:14,779 [cuckoo.core.plugins] DEBUG: Executed processing module "Strings" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:14,795 [cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:15,127 [cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:15,128 [cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:15,135 [cuckoo.core.plugins] DEBUG: Executed processing module "Debug" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:15,151 [cuckoo.core.plugins] DEBUG: Running 422 signatures
2017-05-11 09:35:22,319 [cuckoo.core.plugins] DEBUG: Analysis matched signature: allocates_rwx
2017-05-11 09:35:22,320 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_queries_computername
2017-05-11 09:35:22,321 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_disk_size
2017-05-11 09:35:22,322 [cuckoo.core.plugins] DEBUG: Analysis matched signature: creates_exe
2017-05-11 09:35:22,322 [cuckoo.core.plugins] DEBUG: Analysis matched signature: suspicious_process
2017-05-11 09:35:22,323 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_memory_available
2017-05-11 09:35:22,324 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_network_adapters
2017-05-11 09:35:22,325 [cuckoo.core.plugins] DEBUG: Analysis matched signature: pe_features
2017-05-11 09:35:22,325 [cuckoo.core.plugins] DEBUG: Analysis matched signature: memdump_urls
2017-05-11 09:35:22,326 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_handles_1
2017-05-11 09:35:22,327 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_ldrmodules_1
2017-05-11 09:35:22,327 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_malfind_2
2017-05-11 09:35:22,328 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_svcscan_1
2017-05-11 09:35:22,329 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_svcscan_3
2017-05-11 09:35:24,089 [cuckoo.processing.memory] DEBUG: Executing volatility 'handles' module.
2017-05-11 09:35:24,618 [cuckoo.core.plugins] DEBUG: Executed reporting module "ElasticSearch"
2017-05-11 09:35:53,548 [cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump"
2017-05-11 09:35:56,715 [cuckoo.core.plugins] DEBUG: Executed reporting module "MongoDB"
2017-05-11 09:35:56,716 [cuckoo.core.scheduler] INFO: Task #73: reports generation completed (path=/opt/cuckoo/.cuckoo/storage/analyses/73)
2017-05-11 09:35:56,744 [cuckoo.core.scheduler] INFO: Task #73: analysis procedure completed
2017-05-11 09:36:34,835 [cuckoo.processing.memory] DEBUG: Executing volatility 'ldrmodules' module.
2017-05-11 09:36:51,570 [cuckoo.processing.memory] DEBUG: Executing volatility 'mutantscan' module.
2017-05-11 09:36:53,124 [cuckoo.processing.memory] DEBUG: Executing volatility 'devicetree' module.
2017-05-11 09:36:55,388 [cuckoo.processing.memory] DEBUG: Executing volatility 'svcscan' module.
2017-05-11 09:36:56,003 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,017 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,044 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,047 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,050 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,065 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,069 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,081 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,084 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,088 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,105 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,108 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,129 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,133 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,136 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,139 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,172 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,179 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,182 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,195 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,211 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,222 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,257 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,269 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,294 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,298 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,316 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,324 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,346 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:57,291 [cuckoo.processing.memory] DEBUG: Executing volatility 'modscan' module.
2017-05-11 09:36:58,389 [cuckoo.processing.memory] DEBUG: Executing volatility 'yarascan' module.
2017-05-11 09:38:12,916 [cuckoo.processing.memory] DEBUG: Executing volatility 'netscan' module.
2017-05-11 09:38:14,427 [cuckoo.core.plugins] DEBUG: Executed processing module "Memory" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:17,612 [cuckoo.core.plugins] DEBUG: Executed processing module "MetaInfo" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:18,910 [cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:18,911 [cuckoo.core.plugins] DEBUG: Executed processing module "Procmon" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:18,912 [cuckoo.core.plugins] DEBUG: Executed processing module "Screenshots" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,282 [cuckoo.core.plugins] DEBUG: Executed processing module "Static" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,310 [cuckoo.core.plugins] DEBUG: Executed processing module "Strings" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,320 [cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,648 [cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,649 [cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,655 [cuckoo.core.plugins] DEBUG: Executed processing module "Debug" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,667 [cuckoo.core.plugins] DEBUG: Running 422 signatures
2017-05-11 09:38:37,729 [cuckoo.core.plugins] DEBUG: Analysis matched signature: dumped_buffer
2017-05-11 09:38:37,729 [cuckoo.core.plugins] DEBUG: Analysis matched signature: dumped_buffer2
2017-05-11 09:38:37,730 [cuckoo.core.plugins] DEBUG: Analysis matched signature: allocates_rwx
2017-05-11 09:38:37,730 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antiav_detectfile
2017-05-11 09:38:37,730 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_queries_computername
2017-05-11 09:38:37,731 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_disk_size
2017-05-11 09:38:37,731 [cuckoo.core.plugins] DEBUG: Analysis matched signature: creates_doc
2017-05-11 09:38:37,731 [cuckoo.core.plugins] DEBUG: Analysis matched signature: creates_exe
2017-05-11 09:38:37,731 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antisandbox_cuckoo_files
2017-05-11 09:38:37,732 [cuckoo.core.plugins] DEBUG: Analysis matched signature: recon_fingerprint
2017-05-11 09:38:37,732 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_memory_available
2017-05-11 09:38:37,733 [cuckoo.core.plugins] DEBUG: Analysis matched signature: modifies_files
2017-05-11 09:38:37,733 [cuckoo.core.plugins] DEBUG: Analysis matched signature: pe_features
2017-05-11 09:38:37,733 [cuckoo.core.plugins] DEBUG: Analysis matched signature: memdump_urls
2017-05-11 09:38:37,734 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_vbox_devices
2017-05-11 09:38:37,734 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_vbox_files
2017-05-11 09:38:37,734 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_handles_1
2017-05-11 09:38:37,735 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_ldrmodules_1
2017-05-11 09:38:37,735 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_malfind_2
2017-05-11 09:38:37,735 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_svcscan_3
2017-05-11 09:38:40,464 [cuckoo.core.plugins] DEBUG: Executed reporting module "ElasticSearch"
2017-05-11 09:39:04,596 [cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump"
2017-05-11 09:39:24,502 [cuckoo.core.plugins] DEBUG: Executed reporting module "MongoDB"
2017-05-11 09:39:24,503 [cuckoo.core.scheduler] INFO: Task #74: reports generation completed (path=/opt/cuckoo/.cuckoo/storage/analyses/74)
2017-05-11 09:39:24,524 [cuckoo.core.scheduler] INFO: Task #74: analysis procedure completed

2017-05-11 09:31:54,604 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,609 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,624 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,632 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,646 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,659 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,670 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,685 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,690 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,695 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,707 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,717 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,732 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,737 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,745 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,765 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,775 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,787 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,800 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,835 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,840 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,845 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,876 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,880 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,891 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,900 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,907 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,922 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,927 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,933 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,937 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,942 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,951 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,957 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,001 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,114 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,146 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,195 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,206 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,213 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,219 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,232 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,244 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,267 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,274 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,292 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:55,332 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,791 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,801 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:56,306 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:56,553 [cuckoo.processing.memory] DEBUG: Executing volatility 'modscan' module.
2017-05-11 09:31:57,331 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:57,958 [cuckoo.processing.memory] DEBUG: Executing volatility 'yarascan' module.
2017-05-11 09:31:58,359 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:59,375 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:00,392 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:01,404 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:02,547 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:03,560 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:04,573 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:05,620 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:06,643 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:07,655 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:08,666 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:09,678 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:10,692 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:11,703 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:12,716 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:13,730 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:14,741 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:15,757 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:16,780 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:17,792 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:18,801 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:19,814 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:20,828 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:21,838 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:22,848 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:23,857 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:24,868 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:25,878 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:26,899 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:27,913 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:28,924 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:29,935 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:30,945 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:31,959 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:32,972 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:34,001 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:35,013 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:36,023 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:37,038 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:38,050 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:39,071 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:40,083 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:41,096 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:42,108 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:43,119 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:44,132 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:45,148 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:46,232 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:47,259 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:48,273 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:49,303 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:50,419 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:51,429 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:52,439 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:53,470 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:54,485 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:55,500 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:56,356 [cuckoo.core.resultserver] DEBUG: File upload request for memory/2276-1.dmp
2017-05-11 09:32:56,511 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:57,523 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:57,657 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 57797360
2017-05-11 09:32:58,458 [cuckoo.core.resultserver] DEBUG: File upload request for files/ad809c360cbd7dec_b4ise3kzku.b838
2017-05-11 09:32:58,474 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 85276
2017-05-11 09:32:58,494 [cuckoo.core.resultserver] DEBUG: File upload request for files/15956ca105dd44ba_wgtmmz-mlh.b838
2017-05-11 09:32:58,496 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 30131
2017-05-11 09:32:58,541 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:58,574 [cuckoo.core.resultserver] DEBUG: File upload request for files/a101c0c9fb841aac_veraia9umr.b838
2017-05-11 09:32:58,575 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 4530
2017-05-11 09:32:58,620 [cuckoo.core.resultserver] DEBUG: File upload request for files/1e5f8ab428f5325c_kiv1trvirn.b838

... skipping 3k encrypted files ...

2017-05-11 09:33:19,106 [cuckoo.core.resultserver] DEBUG: File upload request for files/a19cecbfc40841d9_3vywq512xk.b838
2017-05-11 09:33:19,109 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 11985
2017-05-11 09:33:19,111 [cuckoo.core.resultserver] DEBUG: File upload request for files/658a0e0b8cff3591_wb5mahdiq7.b838
2017-05-11 09:33:19,112 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 5387
2017-05-11 09:33:19,123 [cuckoo.core.resultserver] DEBUG: File upload request for files/9ede3cd08d35f8cc_9r7vz40mnp.b838
2017-05-11 09:33:19,124 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 27128
2017-05-11 09:33:19,127 [cuckoo.core.resultserver] DEBUG: File upload request for files/3bd851d786867b02_gsob4uedya.b838
2017-05-11 09:33:19,129 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 20047
2017-05-11 09:33:19,139 [cuckoo.core.resultserver] DEBUG: File upload request for files/9073286f137c725f_lsaartghnm.b838
2017-05-11 09:33:19,141 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 32356
2017-05-11 09:33:19,919 [cuckoo.core.guest] INFO: Workstation7: analysis completed successfully
2017-05-11 09:33:19,970 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2017-05-11 09:33:20,833 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Workstation7 to path /opt/cuckoo/.cuckoo/storage/analyses/74/memory.dmp
2017-05-11 09:33:20,835 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Workstation7
2017-05-11 09:33:22,292 [cuckoo.core.scheduler] DEBUG: Released database task #74
2017-05-11 09:33:22,328 [cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:33:33,112 [cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:33:39,831 [cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:33:39,842 [cuckoo.core.plugins] DEBUG: Executed processing module "DroppedBuffer" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:33:40,212 [cuckoo.processing.memory] DEBUG: Executing volatility 'pslist' module.
2017-05-11 09:33:41,879 [cuckoo.processing.memory] DEBUG: Executing volatility 'psxview' module.
2017-05-11 09:34:05,571 [cuckoo.processing.memory] DEBUG: Executing volatility 'callbacks' module.
2017-05-11 09:34:12,985 [cuckoo.processing.memory] DEBUG: Executing volatility 'ssdt' module.
2017-05-11 09:34:15,295 [cuckoo.processing.memory] DEBUG: Executing volatility 'timers' module.
2017-05-11 09:34:21,834 [cuckoo.processing.memory] DEBUG: Skipping 'messagehooks' volatility module
2017-05-11 09:34:21,834 [cuckoo.processing.memory] DEBUG: Executing volatility 'getsids' module.
2017-05-11 09:34:29,606 [cuckoo.processing.memory] DEBUG: Executing volatility 'privs' module.
2017-05-11 09:34:38,816 [cuckoo.processing.memory] DEBUG: Executing volatility 'malfind' module.
2017-05-11 09:35:00,827 [cuckoo.processing.memory] DEBUG: Executing volatility 'netscan' module.
2017-05-11 09:35:04,734 [cuckoo.core.plugins] DEBUG: Executed processing module "Memory" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:09,226 [cuckoo.processing.memory] DEBUG: Skipping 'apihooks' volatility module
2017-05-11 09:35:09,226 [cuckoo.processing.memory] DEBUG: Executing volatility 'dlllist' module.
2017-05-11 09:35:09,969 [cuckoo.core.plugins] DEBUG: Executed processing module "MetaInfo" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:14,249 [cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:14,250 [cuckoo.core.plugins] DEBUG: Executed processing module "Procmon" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:14,251 [cuckoo.core.plugins] DEBUG: Executed processing module "Screenshots" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:14,738 [cuckoo.core.plugins] DEBUG: Executed processing module "Static" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:14,779 [cuckoo.core.plugins] DEBUG: Executed processing module "Strings" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:14,795 [cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:15,127 [cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:15,128 [cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:15,135 [cuckoo.core.plugins] DEBUG: Executed processing module "Debug" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:15,151 [cuckoo.core.plugins] DEBUG: Running 422 signatures
2017-05-11 09:35:22,319 [cuckoo.core.plugins] DEBUG: Analysis matched signature: allocates_rwx
2017-05-11 09:35:22,320 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_queries_computername
2017-05-11 09:35:22,321 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_disk_size
2017-05-11 09:35:22,322 [cuckoo.core.plugins] DEBUG: Analysis matched signature: creates_exe
2017-05-11 09:35:22,322 [cuckoo.core.plugins] DEBUG: Analysis matched signature: suspicious_process
2017-05-11 09:35:22,323 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_memory_available
2017-05-11 09:35:22,324 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_network_adapters
2017-05-11 09:35:22,325 [cuckoo.core.plugins] DEBUG: Analysis matched signature: pe_features
2017-05-11 09:35:22,325 [cuckoo.core.plugins] DEBUG: Analysis matched signature: memdump_urls
2017-05-11 09:35:22,326 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_handles_1
2017-05-11 09:35:22,327 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_ldrmodules_1
2017-05-11 09:35:22,327 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_malfind_2
2017-05-11 09:35:22,328 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_svcscan_1
2017-05-11 09:35:22,329 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_svcscan_3
2017-05-11 09:35:24,089 [cuckoo.processing.memory] DEBUG: Executing volatility 'handles' module.
2017-05-11 09:35:24,618 [cuckoo.core.plugins] DEBUG: Executed reporting module "ElasticSearch"
2017-05-11 09:35:53,548 [cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump"
2017-05-11 09:35:56,715 [cuckoo.core.plugins] DEBUG: Executed reporting module "MongoDB"
2017-05-11 09:35:56,716 [cuckoo.core.scheduler] INFO: Task #73: reports generation completed (path=/opt/cuckoo/.cuckoo/storage/analyses/73)
2017-05-11 09:35:56,744 [cuckoo.core.scheduler] INFO: Task #73: analysis procedure completed
2017-05-11 09:36:34,835 [cuckoo.processing.memory] DEBUG: Executing volatility 'ldrmodules' module.
2017-05-11 09:36:51,570 [cuckoo.processing.memory] DEBUG: Executing volatility 'mutantscan' module.
2017-05-11 09:36:53,124 [cuckoo.processing.memory] DEBUG: Executing volatility 'devicetree' module.
2017-05-11 09:36:55,388 [cuckoo.processing.memory] DEBUG: Executing volatility 'svcscan' module.
2017-05-11 09:36:56,003 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,017 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,044 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,047 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,050 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,065 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,069 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,081 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,084 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,088 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,105 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,108 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,129 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,133 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,136 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,139 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,172 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,179 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,182 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,195 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,211 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,222 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,257 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,269 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,294 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,298 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,316 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,324 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,346 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:57,291 [cuckoo.processing.memory] DEBUG: Executing volatility 'modscan' module.
2017-05-11 09:36:58,389 [cuckoo.processing.memory] DEBUG: Executing volatility 'yarascan' module.
2017-05-11 09:38:12,916 [cuckoo.processing.memory] DEBUG: Executing volatility 'netscan' module.
2017-05-11 09:38:14,427 [cuckoo.core.plugins] DEBUG: Executed processing module "Memory" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:17,612 [cuckoo.core.plugins] DEBUG: Executed processing module "MetaInfo" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:18,910 [cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:18,911 [cuckoo.core.plugins] DEBUG: Executed processing module "Procmon" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:18,912 [cuckoo.core.plugins] DEBUG: Executed processing module "Screenshots" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,282 [cuckoo.core.plugins] DEBUG: Executed processing module "Static" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,310 [cuckoo.core.plugins] DEBUG: Executed processing module "Strings" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,320 [cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,648 [cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,649 [cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,655 [cuckoo.core.plugins] DEBUG: Executed processing module "Debug" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,667 [cuckoo.core.plugins] DEBUG: Running 422 signatures
2017-05-11 09:38:37,729 [cuckoo.core.plugins] DEBUG: Analysis matched signature: dumped_buffer
2017-05-11 09:38:37,729 [cuckoo.core.plugins] DEBUG: Analysis matched signature: dumped_buffer2
2017-05-11 09:38:37,730 [cuckoo.core.plugins] DEBUG: Analysis matched signature: allocates_rwx
2017-05-11 09:38:37,730 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antiav_detectfile
2017-05-11 09:38:37,730 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_queries_computername
2017-05-11 09:38:37,731 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_disk_size
2017-05-11 09:38:37,731 [cuckoo.core.plugins] DEBUG: Analysis matched signature: creates_doc
2017-05-11 09:38:37,731 [cuckoo.core.plugins] DEBUG: Analysis matched signature: creates_exe
2017-05-11 09:38:37,731 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antisandbox_cuckoo_files
2017-05-11 09:38:37,732 [cuckoo.core.plugins] DEBUG: Analysis matched signature: recon_fingerprint
2017-05-11 09:38:37,732 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_memory_available
2017-05-11 09:38:37,733 [cuckoo.core.plugins] DEBUG: Analysis matched signature: modifies_files
2017-05-11 09:38:37,733 [cuckoo.core.plugins] DEBUG: Analysis matched signature: pe_features
2017-05-11 09:38:37,733 [cuckoo.core.plugins] DEBUG: Analysis matched signature: memdump_urls
2017-05-11 09:38:37,734 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_vbox_devices
2017-05-11 09:38:37,734 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_vbox_files
2017-05-11 09:38:37,734 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_handles_1
2017-05-11 09:38:37,735 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_ldrmodules_1
2017-05-11 09:38:37,735 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_malfind_2
2017-05-11 09:38:37,735 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_svcscan_3
2017-05-11 09:38:40,464 [cuckoo.core.plugins] DEBUG: Executed reporting module "ElasticSearch"
2017-05-11 09:39:04,596 [cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump"
2017-05-11 09:39:24,502 [cuckoo.core.plugins] DEBUG: Executed reporting module "MongoDB"
2017-05-11 09:39:24,503 [cuckoo.core.scheduler] INFO: Task #74: reports generation completed (path=/opt/cuckoo/.cuckoo/storage/analyses/74)
2017-05-11 09:39:24,524 [cuckoo.core.scheduler] INFO: Task #74: analysis procedure completed

2017-05-11 09:30:24,236 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "file.exe" (task #74, options "procmemdump=yes,route=none")
2017-05-11 09:30:24,286 [cuckoo.core.scheduler] INFO: Task #74: acquired machine Workstation7 (label=Workstation7)
2017-05-11 09:30:24,305 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 16010 (interface=vboxnet0, host=192.168.56.2, pcap=/opt/cuckoo/.cuckoo/storage/analyses/74/dump.pcap)
2017-05-11 09:30:24,306 [cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer
2017-05-11 09:30:24,400 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Workstation7
2017-05-11 09:30:24,702 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Workstation7 to cuckoo1
2017-05-11 09:30:27,176 [cuckoo.processing.memory] DEBUG: Executing volatility 'handles' module.
2017-05-11 09:30:27,544 [cuckoo.core.guest] INFO: Starting analysis on guest (id=Workstation7, ip=192.168.56.2)
2017-05-11 09:30:28,563 [cuckoo.core.guest] DEBUG: Workstation7: not ready yet
2017-05-11 09:30:29,571 [cuckoo.core.guest] DEBUG: Workstation7: not ready yet
2017-05-11 09:30:30,580 [cuckoo.core.guest] DEBUG: Workstation7: not ready yet
2017-05-11 09:30:31,587 [cuckoo.core.guest] DEBUG: Workstation7: not ready yet
2017-05-11 09:30:32,596 [cuckoo.core.guest] DEBUG: Workstation7: not ready yet
2017-05-11 09:30:33,615 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.7 (id=Workstation7, ip=192.168.56.2)
2017-05-11 09:30:33,688 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Workstation7, ip=192.168.56.2, monitor=latest, size=4589419)
2017-05-11 09:30:34,257 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:34,558 [cuckoo.core.resultserver] DEBUG: LogHandler for live analysis.log initialized.
2017-05-11 09:30:35,271 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:36,284 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:36,984 [cuckoo.core.resultserver] DEBUG: New process (pid=704, ppid=3012, name=file.exe)
2017-05-11 09:30:37,295 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:38,396 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:38,890 [cuckoo.core.resultserver] DEBUG: File upload request for files/e3b0c44298fc1c14_nsr63E5.tmp
2017-05-11 09:30:39,417 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:40,429 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:41,440 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:42,449 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:43,463 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:44,475 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:45,510 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:46,520 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:47,536 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:48,579 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:49,645 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:50,669 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:51,690 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:52,703 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:53,714 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:54,748 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:55,758 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:56,767 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:57,777 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:58,806 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:30:59,820 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:00,847 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:01,859 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:02,875 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:03,887 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:04,907 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:05,936 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:06,947 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:07,971 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:08,995 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:10,013 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:11,024 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:12,035 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:13,072 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:14,082 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:15,114 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:15,533 [cuckoo.core.resultserver] DEBUG: New process (pid=2276, ppid=704, name=file.exe)
2017-05-11 09:31:16,126 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:17,140 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:18,155 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:19,169 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:20,180 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:21,191 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:22,200 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:22,307 [cuckoo.core.resultserver] DEBUG: File upload request for memory/704-1.dmp
2017-05-11 09:31:22,497 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 43449904
2017-05-11 09:31:23,210 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:23,800 [cuckoo.processing.memory] DEBUG: Executing volatility 'ldrmodules' module.
2017-05-11 09:31:24,257 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:25,310 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:26,323 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:27,342 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:28,438 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:29,470 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:30,483 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:31,147 [volatility.debug] WARNING: NoneObject as string: Invalid offset 51650192 for dereferencing Buffer as String
2017-05-11 09:31:31,148 [volatility.debug] WARNING: NoneObject as string: Invalid offset 51650192 for dereferencing Buffer as String
2017-05-11 09:31:31,149 [volatility.debug] WARNING: NoneObject as string: Invalid offset 51650192 for dereferencing Buffer as String
2017-05-11 09:31:31,158 [volatility.debug] WARNING: NoneObject as string: Invalid offset 51649312 for dereferencing Buffer as String
2017-05-11 09:31:31,159 [volatility.debug] WARNING: NoneObject as string: Invalid offset 51649312 for dereferencing Buffer as String
2017-05-11 09:31:31,162 [volatility.debug] WARNING: NoneObject as string: Invalid offset 51649312 for dereferencing Buffer as String
2017-05-11 09:31:31,508 [volatility.debug] WARNING: NoneObject as string: Invalid offset 4525632 for dereferencing Buffer as String
2017-05-11 09:31:31,510 [volatility.debug] WARNING: NoneObject as string: Invalid offset 4525632 for dereferencing Buffer as String
2017-05-11 09:31:31,511 [volatility.debug] WARNING: NoneObject as string: Invalid offset 4525632 for dereferencing Buffer as String
2017-05-11 09:31:31,637 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:32,654 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:33,127 [volatility.debug] WARNING: NoneObject as string: Invalid offset 3258800 for dereferencing Buffer as String
2017-05-11 09:31:33,129 [volatility.debug] WARNING: NoneObject as string: Invalid offset 3258800 for dereferencing Buffer as String
2017-05-11 09:31:33,130 [volatility.debug] WARNING: NoneObject as string: Invalid offset 3258800 for dereferencing Buffer as String
2017-05-11 09:31:33,667 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:34,678 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:35,703 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:36,740 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:37,575 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1990848 for dereferencing Buffer as String
2017-05-11 09:31:37,576 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1990848 for dereferencing Buffer as String
2017-05-11 09:31:37,577 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1990848 for dereferencing Buffer as String
2017-05-11 09:31:37,578 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125840 for dereferencing Buffer as String
2017-05-11 09:31:37,579 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125840 for dereferencing Buffer as String
2017-05-11 09:31:37,580 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125840 for dereferencing Buffer as String
2017-05-11 09:31:37,587 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42434576 for dereferencing Buffer as String
2017-05-11 09:31:37,588 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42434576 for dereferencing Buffer as String
2017-05-11 09:31:37,590 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42434576 for dereferencing Buffer as String
2017-05-11 09:31:37,592 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66040864 for dereferencing Buffer as String
2017-05-11 09:31:37,593 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66040864 for dereferencing Buffer as String
2017-05-11 09:31:37,595 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66040864 for dereferencing Buffer as String
2017-05-11 09:31:37,602 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42429280 for dereferencing Buffer as String
2017-05-11 09:31:37,603 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42429280 for dereferencing Buffer as String
2017-05-11 09:31:37,604 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42429280 for dereferencing Buffer as String
2017-05-11 09:31:37,607 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2300800 for dereferencing Buffer as String
2017-05-11 09:31:37,608 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2300800 for dereferencing Buffer as String
2017-05-11 09:31:37,609 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2300800 for dereferencing Buffer as String
2017-05-11 09:31:37,611 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992368 for dereferencing Buffer as String
2017-05-11 09:31:37,613 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992368 for dereferencing Buffer as String
2017-05-11 09:31:37,614 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992368 for dereferencing Buffer as String
2017-05-11 09:31:37,619 [volatility.debug] WARNING: NoneObject as string: Invalid offset 65046944 for dereferencing Buffer as String
2017-05-11 09:31:37,620 [volatility.debug] WARNING: NoneObject as string: Invalid offset 65046944 for dereferencing Buffer as String
2017-05-11 09:31:37,622 [volatility.debug] WARNING: NoneObject as string: Invalid offset 65046944 for dereferencing Buffer as String
2017-05-11 09:31:37,623 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994608 for dereferencing Buffer as String
2017-05-11 09:31:37,624 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994608 for dereferencing Buffer as String
2017-05-11 09:31:37,626 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994608 for dereferencing Buffer as String
2017-05-11 09:31:37,627 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299680 for dereferencing Buffer as String
2017-05-11 09:31:37,628 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299680 for dereferencing Buffer as String
2017-05-11 09:31:37,629 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299680 for dereferencing Buffer as String
2017-05-11 09:31:37,634 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42433776 for dereferencing Buffer as String
2017-05-11 09:31:37,635 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42433776 for dereferencing Buffer as String
2017-05-11 09:31:37,636 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42433776 for dereferencing Buffer as String
2017-05-11 09:31:37,640 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991248 for dereferencing Buffer as String
2017-05-11 09:31:37,641 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991248 for dereferencing Buffer as String
2017-05-11 09:31:37,642 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991248 for dereferencing Buffer as String
2017-05-11 09:31:37,647 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1993648 for dereferencing Buffer as String
2017-05-11 09:31:37,649 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1993648 for dereferencing Buffer as String
2017-05-11 09:31:37,650 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1993648 for dereferencing Buffer as String
2017-05-11 09:31:37,652 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994288 for dereferencing Buffer as String
2017-05-11 09:31:37,653 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994288 for dereferencing Buffer as String
2017-05-11 09:31:37,655 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994288 for dereferencing Buffer as String
2017-05-11 09:31:37,657 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299760 for dereferencing Buffer as String
2017-05-11 09:31:37,659 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299760 for dereferencing Buffer as String
2017-05-11 09:31:37,660 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299760 for dereferencing Buffer as String
2017-05-11 09:31:37,670 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389664 for dereferencing Buffer as String
2017-05-11 09:31:37,672 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389664 for dereferencing Buffer as String
2017-05-11 09:31:37,673 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389664 for dereferencing Buffer as String
2017-05-11 09:31:37,675 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125760 for dereferencing Buffer as String
2017-05-11 09:31:37,676 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125760 for dereferencing Buffer as String
2017-05-11 09:31:37,677 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125760 for dereferencing Buffer as String
2017-05-11 09:31:37,678 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389824 for dereferencing Buffer as String
2017-05-11 09:31:37,679 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389824 for dereferencing Buffer as String
2017-05-11 09:31:37,680 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389824 for dereferencing Buffer as String
2017-05-11 09:31:37,688 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991408 for dereferencing Buffer as String
2017-05-11 09:31:37,689 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991408 for dereferencing Buffer as String
2017-05-11 09:31:37,690 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991408 for dereferencing Buffer as String
2017-05-11 09:31:37,692 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389504 for dereferencing Buffer as String
2017-05-11 09:31:37,693 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389504 for dereferencing Buffer as String
2017-05-11 09:31:37,694 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389504 for dereferencing Buffer as String
2017-05-11 09:31:37,695 [volatility.debug] WARNING: NoneObject as string: Invalid offset 65047232 for dereferencing Buffer as String
2017-05-11 09:31:37,696 [volatility.debug] WARNING: NoneObject as string: Invalid offset 65047232 for dereferencing Buffer as String
2017-05-11 09:31:37,697 [volatility.debug] WARNING: NoneObject as string: Invalid offset 65047232 for dereferencing Buffer as String
2017-05-11 09:31:37,702 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42434416 for dereferencing Buffer as String
2017-05-11 09:31:37,703 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42434416 for dereferencing Buffer as String
2017-05-11 09:31:37,704 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42434416 for dereferencing Buffer as String
2017-05-11 09:31:37,731 [volatility.debug] WARNING: NoneObject as string: Invalid offset 41850256 for dereferencing Buffer as String
2017-05-11 09:31:37,733 [volatility.debug] WARNING: NoneObject as string: Invalid offset 41850256 for dereferencing Buffer as String
2017-05-11 09:31:37,734 [volatility.debug] WARNING: NoneObject as string: Invalid offset 41850256 for dereferencing Buffer as String
2017-05-11 09:31:37,736 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992448 for dereferencing Buffer as String
2017-05-11 09:31:37,737 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992448 for dereferencing Buffer as String
2017-05-11 09:31:37,738 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992448 for dereferencing Buffer as String
2017-05-11 09:31:37,754 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:37,754 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2804736 for dereferencing Buffer as String
2017-05-11 09:31:37,757 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2804736 for dereferencing Buffer as String
2017-05-11 09:31:37,758 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2804736 for dereferencing Buffer as String
2017-05-11 09:31:37,768 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992608 for dereferencing Buffer as String
2017-05-11 09:31:37,770 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992608 for dereferencing Buffer as String
2017-05-11 09:31:37,771 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1992608 for dereferencing Buffer as String
2017-05-11 09:31:37,783 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125680 for dereferencing Buffer as String
2017-05-11 09:31:37,784 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125680 for dereferencing Buffer as String
2017-05-11 09:31:37,785 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125680 for dereferencing Buffer as String
2017-05-11 09:31:37,789 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991648 for dereferencing Buffer as String
2017-05-11 09:31:37,790 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991648 for dereferencing Buffer as String
2017-05-11 09:31:37,791 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991648 for dereferencing Buffer as String
2017-05-11 09:31:37,804 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1993568 for dereferencing Buffer as String
2017-05-11 09:31:37,805 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1993568 for dereferencing Buffer as String
2017-05-11 09:31:37,806 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1993568 for dereferencing Buffer as String
2017-05-11 09:31:37,810 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991088 for dereferencing Buffer as String
2017-05-11 09:31:37,811 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991088 for dereferencing Buffer as String
2017-05-11 09:31:37,812 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991088 for dereferencing Buffer as String
2017-05-11 09:31:37,816 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991888 for dereferencing Buffer as String
2017-05-11 09:31:37,817 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991888 for dereferencing Buffer as String
2017-05-11 09:31:37,818 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991888 for dereferencing Buffer as String
2017-05-11 09:31:37,835 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994448 for dereferencing Buffer as String
2017-05-11 09:31:37,836 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994448 for dereferencing Buffer as String
2017-05-11 09:31:37,838 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1994448 for dereferencing Buffer as String
2017-05-11 09:31:37,840 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991488 for dereferencing Buffer as String
2017-05-11 09:31:37,841 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991488 for dereferencing Buffer as String
2017-05-11 09:31:37,843 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991488 for dereferencing Buffer as String
2017-05-11 09:31:37,860 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991168 for dereferencing Buffer as String
2017-05-11 09:31:37,861 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991168 for dereferencing Buffer as String
2017-05-11 09:31:37,863 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991168 for dereferencing Buffer as String
2017-05-11 09:31:37,870 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389744 for dereferencing Buffer as String
2017-05-11 09:31:37,871 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389744 for dereferencing Buffer as String
2017-05-11 09:31:37,872 [volatility.debug] WARNING: NoneObject as string: Invalid offset 42389744 for dereferencing Buffer as String
2017-05-11 09:31:37,874 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66128080 for dereferencing Buffer as String
2017-05-11 09:31:37,875 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66128080 for dereferencing Buffer as String
2017-05-11 09:31:37,876 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66128080 for dereferencing Buffer as String
2017-05-11 09:31:37,877 [volatility.debug] WARNING: NoneObject as string: Invalid offset 41920976 for dereferencing Buffer as String
2017-05-11 09:31:37,878 [volatility.debug] WARNING: NoneObject as string: Invalid offset 41920976 for dereferencing Buffer as String
2017-05-11 09:31:37,879 [volatility.debug] WARNING: NoneObject as string: Invalid offset 41920976 for dereferencing Buffer as String
2017-05-11 09:31:37,880 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2300880 for dereferencing Buffer as String
2017-05-11 09:31:37,881 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2300880 for dereferencing Buffer as String
2017-05-11 09:31:37,882 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2300880 for dereferencing Buffer as String
2017-05-11 09:31:37,886 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125040 for dereferencing Buffer as String
2017-05-11 09:31:37,887 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125040 for dereferencing Buffer as String
2017-05-11 09:31:37,888 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66125040 for dereferencing Buffer as String
2017-05-11 09:31:37,895 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1990768 for dereferencing Buffer as String
2017-05-11 09:31:37,896 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1990768 for dereferencing Buffer as String
2017-05-11 09:31:37,897 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1990768 for dereferencing Buffer as String
2017-05-11 09:31:37,904 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991968 for dereferencing Buffer as String
2017-05-11 09:31:37,905 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991968 for dereferencing Buffer as String
2017-05-11 09:31:37,906 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991968 for dereferencing Buffer as String
2017-05-11 09:31:37,907 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2187872 for dereferencing Buffer as String
2017-05-11 09:31:37,908 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2187872 for dereferencing Buffer as String
2017-05-11 09:31:37,909 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2187872 for dereferencing Buffer as String
2017-05-11 09:31:37,913 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991808 for dereferencing Buffer as String
2017-05-11 09:31:37,914 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991808 for dereferencing Buffer as String
2017-05-11 09:31:37,915 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991808 for dereferencing Buffer as String
2017-05-11 09:31:37,919 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66041632 for dereferencing Buffer as String
2017-05-11 09:31:37,920 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66041632 for dereferencing Buffer as String
2017-05-11 09:31:37,920 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66041632 for dereferencing Buffer as String
2017-05-11 09:31:37,922 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2635456 for dereferencing Buffer as String
2017-05-11 09:31:37,923 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2635456 for dereferencing Buffer as String
2017-05-11 09:31:37,925 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2635456 for dereferencing Buffer as String
2017-05-11 09:31:37,929 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66126960 for dereferencing Buffer as String
2017-05-11 09:31:37,930 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66126960 for dereferencing Buffer as String
2017-05-11 09:31:37,930 [volatility.debug] WARNING: NoneObject as string: Invalid offset 66126960 for dereferencing Buffer as String
2017-05-11 09:31:37,932 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2298640 for dereferencing Buffer as String
2017-05-11 09:31:37,933 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2298640 for dereferencing Buffer as String
2017-05-11 09:31:37,934 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2298640 for dereferencing Buffer as String
2017-05-11 09:31:37,936 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991568 for dereferencing Buffer as String
2017-05-11 09:31:37,937 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991568 for dereferencing Buffer as String
2017-05-11 09:31:37,939 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991568 for dereferencing Buffer as String
2017-05-11 09:31:37,950 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991328 for dereferencing Buffer as String
2017-05-11 09:31:37,951 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991328 for dereferencing Buffer as String
2017-05-11 09:31:37,952 [volatility.debug] WARNING: NoneObject as string: Invalid offset 1991328 for dereferencing Buffer as String
2017-05-11 09:31:37,954 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2635296 for dereferencing Buffer as String
2017-05-11 09:31:37,955 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2635296 for dereferencing Buffer as String
2017-05-11 09:31:37,956 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2635296 for dereferencing Buffer as String
2017-05-11 09:31:37,958 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299840 for dereferencing Buffer as String
2017-05-11 09:31:37,959 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299840 for dereferencing Buffer as String
2017-05-11 09:31:37,960 [volatility.debug] WARNING: NoneObject as string: Invalid offset 2299840 for dereferencing Buffer as String
2017-05-11 09:31:38,766 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:39,778 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:40,491 [volatility.debug] WARNING: NoneObject as string: Invalid offset 4568400 for dereferencing Buffer as String
2017-05-11 09:31:40,492 [volatility.debug] WARNING: NoneObject as string: Invalid offset 4568400 for dereferencing Buffer as String
2017-05-11 09:31:40,493 [volatility.debug] WARNING: NoneObject as string: Invalid offset 4568400 for dereferencing Buffer as String
2017-05-11 09:31:40,792 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:41,873 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:42,895 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:43,907 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:44,918 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:45,930 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:46,944 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:47,175 [cuckoo.processing.memory] DEBUG: Executing volatility 'mutantscan' module.
2017-05-11 09:31:47,979 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:48,999 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:49,567 [cuckoo.processing.memory] DEBUG: Executing volatility 'devicetree' module.
2017-05-11 09:31:50,010 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:51,023 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:52,044 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:52,528 [cuckoo.processing.memory] DEBUG: Executing volatility 'svcscan' module.
2017-05-11 09:31:53,194 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:53,482 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,509 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,527 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,553 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,590 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,599 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,616 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,639 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,644 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,647 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,662 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,680 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,703 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,735 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,759 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,792 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,796 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,799 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,832 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,859 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,880 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,922 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:53,970 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,023 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,028 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,058 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,071 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,097 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,103 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,109 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,114 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,224 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:54,548 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,556 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,560 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,581 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,585 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,594 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,604 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,609 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,624 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,632 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,646 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,659 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,670 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,685 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,690 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,695 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,707 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,717 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,732 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,737 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,745 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,765 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,775 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,787 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,800 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,835 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,840 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,845 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,876 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,880 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,891 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,900 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,907 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,922 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,927 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,933 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,937 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,942 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,951 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:54,957 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,001 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,114 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,146 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,195 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,206 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,213 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,219 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,232 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,244 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,267 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,274 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,292 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:55,332 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,791 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:55,801 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:31:56,306 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:56,553 [cuckoo.processing.memory] DEBUG: Executing volatility 'modscan' module.
2017-05-11 09:31:57,331 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:57,958 [cuckoo.processing.memory] DEBUG: Executing volatility 'yarascan' module.
2017-05-11 09:31:58,359 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:31:59,375 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:00,392 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:01,404 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:02,547 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:03,560 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:04,573 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:05,620 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:06,643 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:07,655 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:08,666 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:09,678 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:10,692 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:11,703 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:12,716 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:13,730 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:14,741 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:15,757 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:16,780 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:17,792 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:18,801 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:19,814 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:20,828 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:21,838 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:22,848 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:23,857 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:24,868 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:25,878 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:26,899 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:27,913 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:28,924 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:29,935 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:30,945 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:31,959 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:32,972 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:34,001 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:35,013 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:36,023 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:37,038 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:38,050 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:39,071 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:40,083 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:41,096 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:42,108 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:43,119 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:44,132 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:45,148 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:46,232 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:47,259 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:48,273 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:49,303 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:50,419 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:51,429 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:52,439 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:53,470 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:54,485 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:55,500 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:56,356 [cuckoo.core.resultserver] DEBUG: File upload request for memory/2276-1.dmp
2017-05-11 09:32:56,511 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:57,523 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:57,657 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 57797360
2017-05-11 09:32:58,458 [cuckoo.core.resultserver] DEBUG: File upload request for files/ad809c360cbd7dec_b4ise3kzku.b838
2017-05-11 09:32:58,474 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 85276
2017-05-11 09:32:58,494 [cuckoo.core.resultserver] DEBUG: File upload request for files/15956ca105dd44ba_wgtmmz-mlh.b838
2017-05-11 09:32:58,496 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 30131
2017-05-11 09:32:58,541 [cuckoo.core.guest] DEBUG: Workstation7: analysis still processing
2017-05-11 09:32:58,574 [cuckoo.core.resultserver] DEBUG: File upload request for files/a101c0c9fb841aac_veraia9umr.b838
2017-05-11 09:32:58,575 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 4530
2017-05-11 09:32:58,620 [cuckoo.core.resultserver] DEBUG: File upload request for files/1e5f8ab428f5325c_kiv1trvirn.b838

... skipping 3k encrypted files ...

2017-05-11 09:33:19,106 [cuckoo.core.resultserver] DEBUG: File upload request for files/a19cecbfc40841d9_3vywq512xk.b838
2017-05-11 09:33:19,109 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 11985
2017-05-11 09:33:19,111 [cuckoo.core.resultserver] DEBUG: File upload request for files/658a0e0b8cff3591_wb5mahdiq7.b838
2017-05-11 09:33:19,112 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 5387
2017-05-11 09:33:19,123 [cuckoo.core.resultserver] DEBUG: File upload request for files/9ede3cd08d35f8cc_9r7vz40mnp.b838
2017-05-11 09:33:19,124 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 27128
2017-05-11 09:33:19,127 [cuckoo.core.resultserver] DEBUG: File upload request for files/3bd851d786867b02_gsob4uedya.b838
2017-05-11 09:33:19,129 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 20047
2017-05-11 09:33:19,139 [cuckoo.core.resultserver] DEBUG: File upload request for files/9073286f137c725f_lsaartghnm.b838
2017-05-11 09:33:19,141 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 32356
2017-05-11 09:33:19,919 [cuckoo.core.guest] INFO: Workstation7: analysis completed successfully
2017-05-11 09:33:19,970 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2017-05-11 09:33:20,833 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Workstation7 to path /opt/cuckoo/.cuckoo/storage/analyses/74/memory.dmp
2017-05-11 09:33:20,835 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Workstation7
2017-05-11 09:33:22,292 [cuckoo.core.scheduler] DEBUG: Released database task #74
2017-05-11 09:33:22,328 [cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:33:33,112 [cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:33:39,831 [cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:33:39,842 [cuckoo.core.plugins] DEBUG: Executed processing module "DroppedBuffer" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:33:40,212 [cuckoo.processing.memory] DEBUG: Executing volatility 'pslist' module.
2017-05-11 09:33:41,879 [cuckoo.processing.memory] DEBUG: Executing volatility 'psxview' module.
2017-05-11 09:34:05,571 [cuckoo.processing.memory] DEBUG: Executing volatility 'callbacks' module.
2017-05-11 09:34:12,985 [cuckoo.processing.memory] DEBUG: Executing volatility 'ssdt' module.
2017-05-11 09:34:15,295 [cuckoo.processing.memory] DEBUG: Executing volatility 'timers' module.
2017-05-11 09:34:21,834 [cuckoo.processing.memory] DEBUG: Skipping 'messagehooks' volatility module
2017-05-11 09:34:21,834 [cuckoo.processing.memory] DEBUG: Executing volatility 'getsids' module.
2017-05-11 09:34:29,606 [cuckoo.processing.memory] DEBUG: Executing volatility 'privs' module.
2017-05-11 09:34:38,816 [cuckoo.processing.memory] DEBUG: Executing volatility 'malfind' module.
2017-05-11 09:35:00,827 [cuckoo.processing.memory] DEBUG: Executing volatility 'netscan' module.
2017-05-11 09:35:04,734 [cuckoo.core.plugins] DEBUG: Executed processing module "Memory" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:09,226 [cuckoo.processing.memory] DEBUG: Skipping 'apihooks' volatility module
2017-05-11 09:35:09,226 [cuckoo.processing.memory] DEBUG: Executing volatility 'dlllist' module.
2017-05-11 09:35:09,969 [cuckoo.core.plugins] DEBUG: Executed processing module "MetaInfo" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:14,249 [cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:14,250 [cuckoo.core.plugins] DEBUG: Executed processing module "Procmon" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:14,251 [cuckoo.core.plugins] DEBUG: Executed processing module "Screenshots" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:14,738 [cuckoo.core.plugins] DEBUG: Executed processing module "Static" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:14,779 [cuckoo.core.plugins] DEBUG: Executed processing module "Strings" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:14,795 [cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:15,127 [cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:15,128 [cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:15,135 [cuckoo.core.plugins] DEBUG: Executed processing module "Debug" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/73"
2017-05-11 09:35:15,151 [cuckoo.core.plugins] DEBUG: Running 422 signatures
2017-05-11 09:35:22,319 [cuckoo.core.plugins] DEBUG: Analysis matched signature: allocates_rwx
2017-05-11 09:35:22,320 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_queries_computername
2017-05-11 09:35:22,321 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_disk_size
2017-05-11 09:35:22,322 [cuckoo.core.plugins] DEBUG: Analysis matched signature: creates_exe
2017-05-11 09:35:22,322 [cuckoo.core.plugins] DEBUG: Analysis matched signature: suspicious_process
2017-05-11 09:35:22,323 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_memory_available
2017-05-11 09:35:22,324 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_network_adapters
2017-05-11 09:35:22,325 [cuckoo.core.plugins] DEBUG: Analysis matched signature: pe_features
2017-05-11 09:35:22,325 [cuckoo.core.plugins] DEBUG: Analysis matched signature: memdump_urls
2017-05-11 09:35:22,326 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_handles_1
2017-05-11 09:35:22,327 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_ldrmodules_1
2017-05-11 09:35:22,327 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_malfind_2
2017-05-11 09:35:22,328 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_svcscan_1
2017-05-11 09:35:22,329 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_svcscan_3
2017-05-11 09:35:24,089 [cuckoo.processing.memory] DEBUG: Executing volatility 'handles' module.
2017-05-11 09:35:24,618 [cuckoo.core.plugins] DEBUG: Executed reporting module "ElasticSearch"
2017-05-11 09:35:53,548 [cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump"
2017-05-11 09:35:56,715 [cuckoo.core.plugins] DEBUG: Executed reporting module "MongoDB"
2017-05-11 09:35:56,716 [cuckoo.core.scheduler] INFO: Task #73: reports generation completed (path=/opt/cuckoo/.cuckoo/storage/analyses/73)
2017-05-11 09:35:56,744 [cuckoo.core.scheduler] INFO: Task #73: analysis procedure completed
2017-05-11 09:36:34,835 [cuckoo.processing.memory] DEBUG: Executing volatility 'ldrmodules' module.
2017-05-11 09:36:51,570 [cuckoo.processing.memory] DEBUG: Executing volatility 'mutantscan' module.
2017-05-11 09:36:53,124 [cuckoo.processing.memory] DEBUG: Executing volatility 'devicetree' module.
2017-05-11 09:36:55,388 [cuckoo.processing.memory] DEBUG: Executing volatility 'svcscan' module.
2017-05-11 09:36:56,003 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,017 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,044 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,047 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,050 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,065 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,069 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,081 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,084 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,088 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,105 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,108 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,129 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,133 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,136 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,139 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,172 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,179 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,182 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,195 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,211 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,222 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,257 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,269 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,294 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,298 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,316 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,324 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:56,346 [volatility.debug] WARNING: NoneObject as string: Pointer DisplayName invalid
2017-05-11 09:36:57,291 [cuckoo.processing.memory] DEBUG: Executing volatility 'modscan' module.
2017-05-11 09:36:58,389 [cuckoo.processing.memory] DEBUG: Executing volatility 'yarascan' module.
2017-05-11 09:38:12,916 [cuckoo.processing.memory] DEBUG: Executing volatility 'netscan' module.
2017-05-11 09:38:14,427 [cuckoo.core.plugins] DEBUG: Executed processing module "Memory" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:17,612 [cuckoo.core.plugins] DEBUG: Executed processing module "MetaInfo" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:18,910 [cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:18,911 [cuckoo.core.plugins] DEBUG: Executed processing module "Procmon" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:18,912 [cuckoo.core.plugins] DEBUG: Executed processing module "Screenshots" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,282 [cuckoo.core.plugins] DEBUG: Executed processing module "Static" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,310 [cuckoo.core.plugins] DEBUG: Executed processing module "Strings" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,320 [cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,648 [cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,649 [cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,655 [cuckoo.core.plugins] DEBUG: Executed processing module "Debug" on analysis at "/opt/cuckoo/.cuckoo/storage/analyses/74"
2017-05-11 09:38:19,667 [cuckoo.core.plugins] DEBUG: Running 422 signatures
2017-05-11 09:38:37,729 [cuckoo.core.plugins] DEBUG: Analysis matched signature: dumped_buffer
2017-05-11 09:38:37,729 [cuckoo.core.plugins] DEBUG: Analysis matched signature: dumped_buffer2
2017-05-11 09:38:37,730 [cuckoo.core.plugins] DEBUG: Analysis matched signature: allocates_rwx
2017-05-11 09:38:37,730 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antiav_detectfile
2017-05-11 09:38:37,730 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_queries_computername
2017-05-11 09:38:37,731 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_disk_size
2017-05-11 09:38:37,731 [cuckoo.core.plugins] DEBUG: Analysis matched signature: creates_doc
2017-05-11 09:38:37,731 [cuckoo.core.plugins] DEBUG: Analysis matched signature: creates_exe
2017-05-11 09:38:37,731 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antisandbox_cuckoo_files
2017-05-11 09:38:37,732 [cuckoo.core.plugins] DEBUG: Analysis matched signature: recon_fingerprint
2017-05-11 09:38:37,732 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_memory_available
2017-05-11 09:38:37,733 [cuckoo.core.plugins] DEBUG: Analysis matched signature: modifies_files
2017-05-11 09:38:37,733 [cuckoo.core.plugins] DEBUG: Analysis matched signature: pe_features
2017-05-11 09:38:37,733 [cuckoo.core.plugins] DEBUG: Analysis matched signature: memdump_urls
2017-05-11 09:38:37,734 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_vbox_devices
2017-05-11 09:38:37,734 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_vbox_files
2017-05-11 09:38:37,734 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_handles_1
2017-05-11 09:38:37,735 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_ldrmodules_1
2017-05-11 09:38:37,735 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_malfind_2
2017-05-11 09:38:37,735 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_svcscan_3
2017-05-11 09:38:40,464 [cuckoo.core.plugins] DEBUG: Executed reporting module "ElasticSearch"
2017-05-11 09:39:04,596 [cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump"
2017-05-11 09:39:24,502 [cuckoo.core.plugins] DEBUG: Executed reporting module "MongoDB"
2017-05-11 09:39:24,503 [cuckoo.core.scheduler] INFO: Task #74: reports generation completed (path=/opt/cuckoo/.cuckoo/storage/analyses/74)
2017-05-11 09:39:24,524 [cuckoo.core.scheduler] INFO: Task #74: analysis procedure completed
pskmsc commented 7 years ago

End yes I'm testing a crypto....

doomedraven commented 7 years ago

one quick question

snapshot is not duplicated before the analyzis, resulting in a corrupted snapshot and then a cuckoo hangup

what you mean not duplicated? not created? if you took snapshot you can easily restore it, I think here something missing to get what is wrong try explain the situation

pskmsc commented 7 years ago

I thought cuckoo was running a different duplicate of the original snapshot for each submission, because it's not possible for users to to the restore by themselves.

Am I wrong ?

doomedraven commented 7 years ago

is not duplicated, you taking snapshot and cuckoo restores it before the submission, but nothing is the duplicated, why you don't read the documentation?

pskmsc commented 7 years ago

You are right, and it's a question of terms, I'm not a virtualization specialist, I was thinking of a duplication, it was a restore, sorry for that.

So let me reformulate my question : cuckoo is not restoring the snapshot after an analysis, can you please help ?

doomedraven commented 7 years ago

provide the version of vbox which you have, bcz it should restore, it restores maybe before next submission not at the end of analysis, not 100 sure in which part it does it

and provide output of vboxmanage showvminfo Workstation7

ixalle commented 7 years ago

vboxmanage -v 5.1.22r115126

`Name: Workstation7 Groups: / Guest OS: Windows 7 (64-bit) UUID: d02630ed-0c31-4b8e-90d5-3d298bfeb485 Config file: /opt/cuckoo/VirtualBox VMs/Workstation7/Workstation7.vbox Snapshot folder: /opt/cuckoo/VirtualBox VMs/Workstation7/Snapshots Log folder: /opt/cuckoo/VirtualBox VMs/Workstation7/Logs Hardware UUID: d02630ed-0c31-4b8e-90d5-3d298bfeb485 Memory size: 512MB Page Fusion: off VRAM size: 27MB CPU exec cap: 100% HPET: off Chipset: piix3 Firmware: BIOS Number of CPUs: 1 PAE: off Long Mode: on Triple Fault Reset: off APIC: on X2APIC: off CPUID Portability Level: 0 CPUID overrides: None Boot menu mode: message and menu Boot Device (1): DVD Boot Device (2): HardDisk Boot Device (3): Not Assigned Boot Device (4): Not Assigned ACPI: on IOAPIC: on BIOS APIC mode: APIC Time offset: 0ms RTC: local time Hardw. virt.ext: on Nested Paging: on Large Pages: off VT-x VPID: on VT-x unr. exec.: on Paravirt. Provider: Default Effective Paravirt. Provider: HyperV State: powered off (since 2017-05-11T14:26:46.000000000) Monitor count: 1 3D Acceleration: off 2D Video Acceleration: off Teleporter Enabled: off Teleporter Port: 0 Teleporter Address: Teleporter Password: Tracing Enabled: off Allow Tracing to Access VM: off Tracing Configuration: Autostart Enabled: off Autostart Delay: 0 Default Frontend: Storage Controller Name (0): SATA Storage Controller Type (0): IntelAhci Storage Controller Instance Number (0): 0 Storage Controller Max Port Count (0): 30 Storage Controller Port Count (0): 2 Storage Controller Bootable (0): on SATA (0, 0): /opt/cuckoo/VirtualBox VMs/Workstation7/Snapshots/{47a3ed34-6b4a-444d-ad05-198b04f45c70}.vmdk (UUID: 47a3ed34-6b4a-444d-ad05-198b04f45c70) SATA (1, 0): Empty NIC 1: MAC: 0800279B7ED3, Attachment: Host-only Interface 'vboxnet0', Cable connected: on, Trace: off (file: none), Type: 82540EM, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: allow-all, Bandwidth group: none NIC 2: disabled NIC 3: disabled NIC 4: disabled NIC 5: disabled NIC 6: disabled NIC 7: disabled NIC 8: disabled Pointing Device: USB Tablet Keyboard Device: PS/2 Keyboard UART 1: disabled UART 2: disabled UART 3: disabled UART 4: disabled LPT 1: disabled LPT 2: disabled Audio: disabled Clipboard Mode: disabled Drag and drop Mode: disabled VRDE: disabled USB: enabled EHCI: disabled XHCI: disabled

USB Device Filters:

Bandwidth groups: Video capturing: not active Capture screens: 0 Capture file: /opt/cuckoo/VirtualBox VMs/Workstation7/Workstation7.webm Capture dimensions: 1024x768 Capture rate: 512 kbps Capture FPS: 25 Guest: Configured memory balloon size: 0 MB Snapshots: Name: cuckoo1 (UUID: 8575d8a5-bfb5-425c-927f-cd3579d13785) *`
doomedraven commented 7 years ago

and can you restore manually snapshot to clear state?

ixalle commented 7 years ago

What do you mean by clear state ?

I can start the VM with this snapshot but lof of files are encrypted.

doomedraven commented 7 years ago

did you take snapshot before first malware submission?

ixalle commented 7 years ago

yes 

(venv) cuckoo@server:/opt/cuckoo/VirtualBox VMs$ VBoxManage snapshot Workstation7 take cuckoo1 --pause
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
Snapshot taken. UUID: 6f77a167-ed77-46a3-b6c2-f3deb8317a32
(venv) cuckoo@server:/opt/cuckoo/VirtualBox VMs$

(venv) cuckoo@server:/opt/cuckoo/VirtualBox VMs$ VBoxManage controlvm Workstation7 poweroff
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
(venv) cuckoo@server:/opt/cuckoo/VirtualBox VMs$

(venv) cuckoo@server:/opt/cuckoo/VirtualBox VMs$ VBoxManage snapshot Workstation7 restorecurrent
Restoring snapshot 8575d8a5-bfb5-425c-927f-cd3579d13785
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
(venv) cuckoo@server:/opt/cuckoo/VirtualBox VMs$
doomedraven commented 7 years ago

and that load already infected snapshot? which not make any sense

pskmsc commented 7 years ago

Hello,

I'm back, sorry I was in a meeting, this is why my colleague have taken the relay. About the VM:

That fact is it seems cuckoo is not doing the restoration (even if it should, if I well understood).

doomedraven commented 7 years ago

@jbremer any idea what can be wrong?

btw can you also provide version of cuckoo?

pskmsc commented 7 years ago

Cuckoo Sandbox 2.0.2 www.cuckoosandbox.org Copyright (c) 2010-2017

doomedraven commented 7 years ago

also it maybe can have some clues in log when you submit sample, but execute in debug mode cuckoo -d and provide that log?

jbremer commented 7 years ago

@pskmsc Cuckoo should certainly restore the VM before each and every analysis. In the first lines of your logs it even says it's doing so :-)

2017-05-11 09:30:24,702 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Workstation7 to cuckoo1
2017-05-11 09:30:27,176 [cuckoo.processing.memory] DEBUG: Executing volatility 'handles' module.
2017-05-11 09:30:27,544 [cuckoo.core.guest] INFO: Starting analysis on guest (id=Workstation7, ip=192.168.56.2)
2

So, what about it? :)

pskmsc commented 7 years ago

Hello,

Yep I've spent a long time reading the logs this week and I've seen this line, this is why I'm in debug mode. The fact is : after a crypto locker, the next analysis is not possible because of previous encryption and I don't understand why.

We tried so many things, read so many blogs and posts to find solutions around issues we had while trying to build this sandbox and we are stuck on this one for a day long. IMHO, we made a mistake in system or cuckoo configuration, because of all the trials we made during setup (VM config, network config, etc) and we are not able to put the finger on it.

This is why I'm coming here, as you are way more experienced on this topic than us, to be honest at the beginning of the week we had no idea about sandbox configuration and internal principles.

So if you have some tips about this issue, you are welcome.

pskmsc commented 7 years ago

One question : is cuckoo generating random files on the desktop ?

doomedraven commented 7 years ago

yes

pskmsc commented 7 years ago

Hello,

It seems we have mixed two symptoms with one issue. At a moment, during our tests we probably have deleted one snapshot and launched cuckoo, leading to a image infection. After that we made a lot of test within and without cuckoo, to backup and restore the snapshot. Where we failed, is when we have tested the purity of the image by doing RDP and trying to find unwanted files on the desktop. Sometimes we were right and sometimes not, because cuckoo is also generating files there.

We had an issue with restore, but it was due to our tests. After that we made a lot of tests based on a wrong assumption.

All is working right now, sorry for the mistake.

jbremer commented 7 years ago

Thanks for figuring out the problem yourself @pskmsc! If you have any additional questions and/or feedback, do not hesitate to let us know :)