search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.54k stars 1.7k forks source link

Cuckoo not taking screenshots #1689

Closed arjunsharma97 closed 7 years ago

arjunsharma97 commented 7 years ago

After setting up cuckoo, I tried sumbitting tasks to it as below:

(venv) cuckoo@cic-OptiPlex-9010-AIO:/home/cic$ sudo cuckoo submit --url google.com Success: URL "google.com" added as task with ID #19

But cuckoo isn't taking screenshots during the analysis. The log is given below:

(venv) cuckoo@cic-OptiPlex-9010-AIO:~/.cuckoo$ sudo cuckoo -d

   ______   __  __   ______   ___   ___   ______   ______
  /_____/\ /_/\/_/\ /_____/\ /___/\/__/\ /_____/\ /_____/\
  \:::__\/ \:\ \:\ \\:::__\/ \::.\ \\ \ \\:::_ \ \\:::_ \ \
   \:\ \  __\:\ \:\ \\:\ \  __\:: \/_) \ \\:\ \ \ \\:\ \ \ \
    \:\ \/_/\\:\ \:\ \\:\ \/_/\\:. __  ( ( \:\ \ \ \\:\ \ \ \
     \:\_\ \ \\:\_\:\ \\:\_\ \ \\: \ )  \ \ \:\_\ \ \\:\_\ \ \
      \_____\/ \_____\/ \_____\/ \__\/\__\/  \_____\/ \_____\/

 Cuckoo Sandbox 2.0.3
 www.cuckoosandbox.org
 Copyright (c) 2010-2017

 Checking for updates...
 You're good to go!
2017-07-04 03:57:57,145 [cuckoo.core.startup] DEBUG: Imported modules...
2017-07-04 03:57:57,149 [cuckoo.core.startup] DEBUG: Imported "auxiliary" modules:
2017-07-04 03:57:57,149 [cuckoo.core.startup] DEBUG:     |-- MITM
2017-07-04 03:57:57,150 [cuckoo.core.startup] DEBUG:     |-- Reboot
2017-07-04 03:57:57,150 [cuckoo.core.startup] DEBUG:     |-- Services
2017-07-04 03:57:57,150 [cuckoo.core.startup] DEBUG:     `-- Sniffer
2017-07-04 03:57:57,150 [cuckoo.core.startup] DEBUG: Imported "machinery" modules:
2017-07-04 03:57:57,150 [cuckoo.core.startup] DEBUG:     |-- vSphere
2017-07-04 03:57:57,150 [cuckoo.core.startup] DEBUG:     |-- KVM
2017-07-04 03:57:57,150 [cuckoo.core.startup] DEBUG:     |-- ESX
2017-07-04 03:57:57,150 [cuckoo.core.startup] DEBUG:     |-- XenServer
2017-07-04 03:57:57,150 [cuckoo.core.startup] DEBUG:     |-- VMware
2017-07-04 03:57:57,151 [cuckoo.core.startup] DEBUG:     |-- Avd
2017-07-04 03:57:57,151 [cuckoo.core.startup] DEBUG:     |-- QEMU
2017-07-04 03:57:57,151 [cuckoo.core.startup] DEBUG:     |-- VirtualBox
2017-07-04 03:57:57,151 [cuckoo.core.startup] DEBUG:     `-- Physical
2017-07-04 03:57:57,151 [cuckoo.core.startup] DEBUG: Imported "processing" modules:
2017-07-04 03:57:57,151 [cuckoo.core.startup] DEBUG:     |-- AnalysisInfo
2017-07-04 03:57:57,151 [cuckoo.core.startup] DEBUG:     |-- ApkInfo
2017-07-04 03:57:57,151 [cuckoo.core.startup] DEBUG:     |-- Baseline
2017-07-04 03:57:57,151 [cuckoo.core.startup] DEBUG:     |-- BehaviorAnalysis
2017-07-04 03:57:57,151 [cuckoo.core.startup] DEBUG:     |-- Debug
2017-07-04 03:57:57,151 [cuckoo.core.startup] DEBUG:     |-- Droidmon
2017-07-04 03:57:57,152 [cuckoo.core.startup] DEBUG:     |-- Dropped
2017-07-04 03:57:57,152 [cuckoo.core.startup] DEBUG:     |-- DroppedBuffer
2017-07-04 03:57:57,152 [cuckoo.core.startup] DEBUG:     |-- GooglePlay
2017-07-04 03:57:57,152 [cuckoo.core.startup] DEBUG:     |-- Irma
2017-07-04 03:57:57,152 [cuckoo.core.startup] DEBUG:     |-- Memory
2017-07-04 03:57:57,152 [cuckoo.core.startup] DEBUG:     |-- MetaInfo
2017-07-04 03:57:57,152 [cuckoo.core.startup] DEBUG:     |-- MISP
2017-07-04 03:57:57,152 [cuckoo.core.startup] DEBUG:     |-- NetworkAnalysis
2017-07-04 03:57:57,152 [cuckoo.core.startup] DEBUG:     |-- ProcessMemory
2017-07-04 03:57:57,152 [cuckoo.core.startup] DEBUG:     |-- Procmon
2017-07-04 03:57:57,152 [cuckoo.core.startup] DEBUG:     |-- Screenshots
2017-07-04 03:57:57,153 [cuckoo.core.startup] DEBUG:     |-- Snort
2017-07-04 03:57:57,153 [cuckoo.core.startup] DEBUG:     |-- Static
2017-07-04 03:57:57,153 [cuckoo.core.startup] DEBUG:     |-- Strings
2017-07-04 03:57:57,153 [cuckoo.core.startup] DEBUG:     |-- Suricata
2017-07-04 03:57:57,153 [cuckoo.core.startup] DEBUG:     |-- TargetInfo
2017-07-04 03:57:57,153 [cuckoo.core.startup] DEBUG:     |-- TLSMasterSecrets
2017-07-04 03:57:57,153 [cuckoo.core.startup] DEBUG:     `-- VirusTotal
2017-07-04 03:57:57,153 [cuckoo.core.startup] DEBUG: Imported "signatures" modules:
2017-07-04 03:57:57,153 [cuckoo.core.startup] DEBUG:     |-- AndroidAbortBroadcast
2017-07-04 03:57:57,153 [cuckoo.core.startup] DEBUG:     |-- AndroidAccountInfo
2017-07-04 03:57:57,154 [cuckoo.core.startup] DEBUG:     |-- AndroidAppInfo
2017-07-04 03:57:57,154 [cuckoo.core.startup] DEBUG:     |-- AndroidAudio
2017-07-04 03:57:57,154 [cuckoo.core.startup] DEBUG:     |-- AndroidCamera
2017-07-04 03:57:57,154 [cuckoo.core.startup] DEBUG:     |-- AndroidDangerousPermissions
2017-07-04 03:57:57,154 [cuckoo.core.startup] DEBUG:     |-- AndroidDeletedApp
2017-07-04 03:57:57,154 [cuckoo.core.startup] DEBUG:     |-- AndroidDynamicCode
2017-07-04 03:57:57,154 [cuckoo.core.startup] DEBUG:     |-- AndroidEmbeddedApk
2017-07-04 03:57:57,154 [cuckoo.core.startup] DEBUG:     |-- AndroidGooglePlayDiff
2017-07-04 03:57:57,154 [cuckoo.core.startup] DEBUG:     |-- AndroidInstalledApps
2017-07-04 03:57:57,154 [cuckoo.core.startup] DEBUG:     |-- AndroidNativeCode
2017-07-04 03:57:57,154 [cuckoo.core.startup] DEBUG:     |-- AndroidPhoneNumber
2017-07-04 03:57:57,155 [cuckoo.core.startup] DEBUG:     |-- AndroidPrivateInfoQuery
2017-07-04 03:57:57,155 [cuckoo.core.startup] DEBUG:     |-- AndroidReflectionCode
2017-07-04 03:57:57,155 [cuckoo.core.startup] DEBUG:     |-- AndroidRegisteredReceiver
2017-07-04 03:57:57,155 [cuckoo.core.startup] DEBUG:     |-- AndroidShellCommands
2017-07-04 03:57:57,155 [cuckoo.core.startup] DEBUG:     |-- AndroidSMS
2017-07-04 03:57:57,155 [cuckoo.core.startup] DEBUG:     |-- AndroidStopProcess
2017-07-04 03:57:57,155 [cuckoo.core.startup] DEBUG:     |-- ApplicationUsesLocation
2017-07-04 03:57:57,155 [cuckoo.core.startup] DEBUG:     |-- KnownVirustotal
2017-07-04 03:57:57,155 [cuckoo.core.startup] DEBUG:     |-- AntiAnalysisJavascript
2017-07-04 03:57:57,155 [cuckoo.core.startup] DEBUG:     |-- DumpedBuffer
2017-07-04 03:57:57,155 [cuckoo.core.startup] DEBUG:     |-- DumpedBuffer2
2017-07-04 03:57:57,156 [cuckoo.core.startup] DEBUG:     |-- EncryptionKeys
2017-07-04 03:57:57,156 [cuckoo.core.startup] DEBUG:     |-- EvalJS
2017-07-04 03:57:57,156 [cuckoo.core.startup] DEBUG:     |-- Exploit_zteF460F660
2017-07-04 03:57:57,156 [cuckoo.core.startup] DEBUG:     |-- HtmlFlash
2017-07-04 03:57:57,156 [cuckoo.core.startup] DEBUG:     |-- JsIframe
2017-07-04 03:57:57,156 [cuckoo.core.startup] DEBUG:     |-- SuspiciousJavascript
2017-07-04 03:57:57,156 [cuckoo.core.startup] DEBUG:     |-- DarwinCodeInjection
2017-07-04 03:57:57,156 [cuckoo.core.startup] DEBUG:     |-- TaskForPid
2017-07-04 03:57:57,156 [cuckoo.core.startup] DEBUG:     |-- DeadHost
2017-07-04 03:57:57,156 [cuckoo.core.startup] DEBUG:     |-- NetworkBIND
2017-07-04 03:57:57,157 [cuckoo.core.startup] DEBUG:     |-- NetworkDynDNS
2017-07-04 03:57:57,157 [cuckoo.core.startup] DEBUG:     |-- NetworkHTTP
2017-07-04 03:57:57,157 [cuckoo.core.startup] DEBUG:     |-- NetworkICMP
2017-07-04 03:57:57,157 [cuckoo.core.startup] DEBUG:     |-- NetworkIRC
2017-07-04 03:57:57,157 [cuckoo.core.startup] DEBUG:     |-- NetworkSMTP
2017-07-04 03:57:57,157 [cuckoo.core.startup] DEBUG:     |-- SnortAlert
2017-07-04 03:57:57,157 [cuckoo.core.startup] DEBUG:     |-- SuricataAlert
2017-07-04 03:57:57,157 [cuckoo.core.startup] DEBUG:     |-- TorGateway
2017-07-04 03:57:57,157 [cuckoo.core.startup] DEBUG:     |-- WscriptDownloader
2017-07-04 03:57:57,158 [cuckoo.core.startup] DEBUG:     |-- ADS
2017-07-04 03:57:57,158 [cuckoo.core.startup] DEBUG:     |-- Adzok
2017-07-04 03:57:57,158 [cuckoo.core.startup] DEBUG:     |-- AlinaFile
2017-07-04 03:57:57,158 [cuckoo.core.startup] DEBUG:     |-- AlineURL
2017-07-04 03:57:57,158 [cuckoo.core.startup] DEBUG:     |-- AllocatesRWX
2017-07-04 03:57:57,158 [cuckoo.core.startup] DEBUG:     |-- AmsiBypass
2017-07-04 03:57:57,158 [cuckoo.core.startup] DEBUG:     |-- Andromeda
2017-07-04 03:57:57,158 [cuckoo.core.startup] DEBUG:     |-- AntiAnalysisDetectFile
2017-07-04 03:57:57,158 [cuckoo.core.startup] DEBUG:     |-- AntiAVDetectFile
2017-07-04 03:57:57,158 [cuckoo.core.startup] DEBUG:     |-- AntiAVDetectReg
2017-07-04 03:57:57,159 [cuckoo.core.startup] DEBUG:     |-- AntiAVSRP
2017-07-04 03:57:57,159 [cuckoo.core.startup] DEBUG:     |-- AntiDBGDevices
2017-07-04 03:57:57,159 [cuckoo.core.startup] DEBUG:     |-- AntiDBGWindows
2017-07-04 03:57:57,159 [cuckoo.core.startup] DEBUG:     |-- AntiSandboxFile
2017-07-04 03:57:57,159 [cuckoo.core.startup] DEBUG:     |-- AntiSandboxForegroundWindow
2017-07-04 03:57:57,159 [cuckoo.core.startup] DEBUG:     |-- AntiSandboxIdleTime
2017-07-04 03:57:57,159 [cuckoo.core.startup] DEBUG:     |-- AntiSandboxSleep
2017-07-04 03:57:57,159 [cuckoo.core.startup] DEBUG:     |-- AntiVMBios
2017-07-04 03:57:57,159 [cuckoo.core.startup] DEBUG:     |-- AntiVMComputernameQuery
2017-07-04 03:57:57,159 [cuckoo.core.startup] DEBUG:     |-- AntiVMCPU
2017-07-04 03:57:57,160 [cuckoo.core.startup] DEBUG:     |-- AntiVMDiskSize
2017-07-04 03:57:57,160 [cuckoo.core.startup] DEBUG:     |-- AntiVMIDE
2017-07-04 03:57:57,160 [cuckoo.core.startup] DEBUG:     |-- AntiVMSCSI
2017-07-04 03:57:57,160 [cuckoo.core.startup] DEBUG:     |-- AntiVMServices
2017-07-04 03:57:57,160 [cuckoo.core.startup] DEBUG:     |-- AntiVMSharedDevice
2017-07-04 03:57:57,160 [cuckoo.core.startup] DEBUG:     |-- AppLockerBypass
2017-07-04 03:57:57,160 [cuckoo.core.startup] DEBUG:     |-- APT_Carbunak
2017-07-04 03:57:57,160 [cuckoo.core.startup] DEBUG:     |-- APT_CloudAtlas
2017-07-04 03:57:57,160 [cuckoo.core.startup] DEBUG:     |-- apt_sandworm_ip
2017-07-04 03:57:57,160 [cuckoo.core.startup] DEBUG:     |-- apt_sandworm_url
2017-07-04 03:57:57,161 [cuckoo.core.startup] DEBUG:     |-- ArdamaxMutexes
2017-07-04 03:57:57,161 [cuckoo.core.startup] DEBUG:     |-- AthenaHttp
2017-07-04 03:57:57,161 [cuckoo.core.startup] DEBUG:     |-- AthenaURL
2017-07-04 03:57:57,161 [cuckoo.core.startup] DEBUG:     |-- Autorun
2017-07-04 03:57:57,161 [cuckoo.core.startup] DEBUG:     |-- AvastDetectLibs
2017-07-04 03:57:57,161 [cuckoo.core.startup] DEBUG:     |-- AVDetectionChinaKey
2017-07-04 03:57:57,161 [cuckoo.core.startup] DEBUG:     |-- BadCerts
2017-07-04 03:57:57,161 [cuckoo.core.startup] DEBUG:     |-- Bagle
2017-07-04 03:57:57,161 [cuckoo.core.startup] DEBUG:     |-- Bandook
2017-07-04 03:57:57,161 [cuckoo.core.startup] DEBUG:     |-- banker_bancos
2017-07-04 03:57:57,162 [cuckoo.core.startup] DEBUG:     |-- BankingMutexes
2017-07-04 03:57:57,162 [cuckoo.core.startup] DEBUG:     |-- Banload
2017-07-04 03:57:57,162 [cuckoo.core.startup] DEBUG:     |-- Beastdoor
2017-07-04 03:57:57,162 [cuckoo.core.startup] DEBUG:     |-- BeebusMutexes
2017-07-04 03:57:57,162 [cuckoo.core.startup] DEBUG:     |-- BegseabugTDMutexes
2017-07-04 03:57:57,162 [cuckoo.core.startup] DEBUG:     |-- BetabotURL
2017-07-04 03:57:57,162 [cuckoo.core.startup] DEBUG:     |-- Bifrose
2017-07-04 03:57:57,162 [cuckoo.core.startup] DEBUG:     |-- BitcoinOpenCL
2017-07-04 03:57:57,162 [cuckoo.core.startup] DEBUG:     |-- BitcoinWallet
2017-07-04 03:57:57,162 [cuckoo.core.startup] DEBUG:     |-- BitdefenderDetectLibs
2017-07-04 03:57:57,162 [cuckoo.core.startup] DEBUG:     |-- BlackEnergyMutexes
2017-07-04 03:57:57,163 [cuckoo.core.startup] DEBUG:     |-- Blackhole
2017-07-04 03:57:57,163 [cuckoo.core.startup] DEBUG:     |-- BlackholeURL
2017-07-04 03:57:57,163 [cuckoo.core.startup] DEBUG:     |-- Blackice
2017-07-04 03:57:57,163 [cuckoo.core.startup] DEBUG:     |-- BlackposURL
2017-07-04 03:57:57,163 [cuckoo.core.startup] DEBUG:     |-- BlackRevMutexes
2017-07-04 03:57:57,163 [cuckoo.core.startup] DEBUG:     |-- Blackshades
2017-07-04 03:57:57,163 [cuckoo.core.startup] DEBUG:     |-- BladabindiMutexes
2017-07-04 03:57:57,163 [cuckoo.core.startup] DEBUG:     |-- BochsDetectKeys
2017-07-04 03:57:57,163 [cuckoo.core.startup] DEBUG:     |-- Bottilda
2017-07-04 03:57:57,163 [cuckoo.core.startup] DEBUG:     |-- BozokKey
2017-07-04 03:57:57,163 [cuckoo.core.startup] DEBUG:     |-- browser_startpage
2017-07-04 03:57:57,164 [cuckoo.core.startup] DEBUG:     |-- BrowserSecurity
2017-07-04 03:57:57,164 [cuckoo.core.startup] DEBUG:     |-- BrowserStealer
2017-07-04 03:57:57,164 [cuckoo.core.startup] DEBUG:     |-- Btcbotnet
2017-07-04 03:57:57,164 [cuckoo.core.startup] DEBUG:     |-- Bublik
2017-07-04 03:57:57,164 [cuckoo.core.startup] DEBUG:     |-- BuildLangID
2017-07-04 03:57:57,164 [cuckoo.core.startup] DEBUG:     |-- BuzusMutexes
2017-07-04 03:57:57,164 [cuckoo.core.startup] DEBUG:     |-- BypassFirewall
2017-07-04 03:57:57,164 [cuckoo.core.startup] DEBUG:     |-- c24URL
2017-07-04 03:57:57,164 [cuckoo.core.startup] DEBUG:     |-- CarberpMutexes
2017-07-04 03:57:57,164 [cuckoo.core.startup] DEBUG:     |-- Ceatrg
2017-07-04 03:57:57,165 [cuckoo.core.startup] DEBUG:     |-- ChanitorMutexes
2017-07-04 03:57:57,165 [cuckoo.core.startup] DEBUG:     |-- CheckIP
2017-07-04 03:57:57,165 [cuckoo.core.startup] DEBUG:     |-- cloud_mediafire
2017-07-04 03:57:57,165 [cuckoo.core.startup] DEBUG:     |-- cloud_wetransfer
2017-07-04 03:57:57,165 [cuckoo.core.startup] DEBUG:     |-- CloudFlare
2017-07-04 03:57:57,165 [cuckoo.core.startup] DEBUG:     |-- CloudGoogle
2017-07-04 03:57:57,165 [cuckoo.core.startup] DEBUG:     |-- CoinminerMutexes
2017-07-04 03:57:57,165 [cuckoo.core.startup] DEBUG:     |-- ComRAT
2017-07-04 03:57:57,165 [cuckoo.core.startup] DEBUG:     |-- Crash
2017-07-04 03:57:57,165 [cuckoo.core.startup] DEBUG:     |-- CreatesAutorunInf
2017-07-04 03:57:57,166 [cuckoo.core.startup] DEBUG:     |-- CreatesDocument
2017-07-04 03:57:57,166 [cuckoo.core.startup] DEBUG:     |-- CreatesExe
2017-07-04 03:57:57,166 [cuckoo.core.startup] DEBUG:     |-- CreatesService
2017-07-04 03:57:57,166 [cuckoo.core.startup] DEBUG:     |-- CreatesSuspiciousProcess
2017-07-04 03:57:57,166 [cuckoo.core.startup] DEBUG:     |-- Cridex
2017-07-04 03:57:57,166 [cuckoo.core.startup] DEBUG:     |-- Cryptolocker
2017-07-04 03:57:57,166 [cuckoo.core.startup] DEBUG:     |-- CuckooDetectFiles
2017-07-04 03:57:57,166 [cuckoo.core.startup] DEBUG:     |-- Cybergate
2017-07-04 03:57:57,166 [cuckoo.core.startup] DEBUG:     |-- Dapato
2017-07-04 03:57:57,166 [cuckoo.core.startup] DEBUG:     |-- Darkcloud
2017-07-04 03:57:57,166 [cuckoo.core.startup] DEBUG:     |-- DarkddosMutexes
2017-07-04 03:57:57,167 [cuckoo.core.startup] DEBUG:     |-- Darkshell
2017-07-04 03:57:57,167 [cuckoo.core.startup] DEBUG:     |-- Ddos556
2017-07-04 03:57:57,167 [cuckoo.core.startup] DEBUG:     |-- Decay
2017-07-04 03:57:57,167 [cuckoo.core.startup] DEBUG:     |-- DecebalMutexes
2017-07-04 03:57:57,167 [cuckoo.core.startup] DEBUG:     |-- DeletesSelf
2017-07-04 03:57:57,167 [cuckoo.core.startup] DEBUG:     |-- DelfTrojan
2017-07-04 03:57:57,167 [cuckoo.core.startup] DEBUG:     |-- DEPHeapBypass
2017-07-04 03:57:57,167 [cuckoo.core.startup] DEBUG:     |-- DEPStackBypass
2017-07-04 03:57:57,167 [cuckoo.core.startup] DEBUG:     |-- DerusbiMutexes
2017-07-04 03:57:57,167 [cuckoo.core.startup] DEBUG:     |-- Dexter
2017-07-04 03:57:57,167 [cuckoo.core.startup] DEBUG:     |-- Dibik
2017-07-04 03:57:57,168 [cuckoo.core.startup] DEBUG:     |-- DirtJumper
2017-07-04 03:57:57,168 [cuckoo.core.startup] DEBUG:     |-- DisableCmd
2017-07-04 03:57:57,168 [cuckoo.core.startup] DEBUG:     |-- DisableRegedit
2017-07-04 03:57:57,168 [cuckoo.core.startup] DEBUG:     |-- DisablesAppLaunch
2017-07-04 03:57:57,168 [cuckoo.core.startup] DEBUG:     |-- DisablesBrowserWarn
2017-07-04 03:57:57,168 [cuckoo.core.startup] DEBUG:     |-- DisablesSecurity
2017-07-04 03:57:57,168 [cuckoo.core.startup] DEBUG:     |-- DisablesSPDY
2017-07-04 03:57:57,168 [cuckoo.core.startup] DEBUG:     |-- DisablesSystemRestore
2017-07-04 03:57:57,168 [cuckoo.core.startup] DEBUG:     |-- DisablesWER
2017-07-04 03:57:57,168 [cuckoo.core.startup] DEBUG:     |-- DisablesWindowsUpdate
2017-07-04 03:57:57,169 [cuckoo.core.startup] DEBUG:     |-- DisableTaskMgr
2017-07-04 03:57:57,169 [cuckoo.core.startup] DEBUG:     |-- DiskInformation
2017-07-04 03:57:57,169 [cuckoo.core.startup] DEBUG:     |-- DisplaysHTA
2017-07-04 03:57:57,169 [cuckoo.core.startup] DEBUG:     |-- Dns_Freehosting_Domain
2017-07-04 03:57:57,169 [cuckoo.core.startup] DEBUG:     |-- DNS_TLD_BY
2017-07-04 03:57:57,169 [cuckoo.core.startup] DEBUG:     |-- DNS_TLD_CC
2017-07-04 03:57:57,169 [cuckoo.core.startup] DEBUG:     |-- DNS_TLD_ONION
2017-07-04 03:57:57,169 [cuckoo.core.startup] DEBUG:     |-- DNS_TLD_PW
2017-07-04 03:57:57,169 [cuckoo.core.startup] DEBUG:     |-- DNS_TLD_RU
2017-07-04 03:57:57,169 [cuckoo.core.startup] DEBUG:     |-- DNS_TLD_SU
2017-07-04 03:57:57,169 [cuckoo.core.startup] DEBUG:     |-- dnsserver_dynamic
2017-07-04 03:57:57,170 [cuckoo.core.startup] DEBUG:     |-- DocumentClose
2017-07-04 03:57:57,170 [cuckoo.core.startup] DEBUG:     |-- DocumentOpen
2017-07-04 03:57:57,170 [cuckoo.core.startup] DEBUG:     |-- DoFoil
2017-07-04 03:57:57,170 [cuckoo.core.startup] DEBUG:     |-- DownloaderCabby
2017-07-04 03:57:57,170 [cuckoo.core.startup] DEBUG:     |-- Drive
2017-07-04 03:57:57,170 [cuckoo.core.startup] DEBUG:     |-- Drive2
2017-07-04 03:57:57,170 [cuckoo.core.startup] DEBUG:     |-- DriverLoad
2017-07-04 03:57:57,170 [cuckoo.core.startup] DEBUG:     |-- DropBox
2017-07-04 03:57:57,170 [cuckoo.core.startup] DEBUG:     |-- Dropper
2017-07-04 03:57:57,170 [cuckoo.core.startup] DEBUG:     |-- Dyreza
2017-07-04 03:57:57,170 [cuckoo.core.startup] DEBUG:     |-- EclipseMutexes
2017-07-04 03:57:57,171 [cuckoo.core.startup] DEBUG:     |-- Emotet
2017-07-04 03:57:57,171 [cuckoo.core.startup] DEBUG:     |-- Evilbot
2017-07-04 03:57:57,171 [cuckoo.core.startup] DEBUG:     |-- ExecBitsAdmin
2017-07-04 03:57:57,171 [cuckoo.core.startup] DEBUG:     |-- ExecWaitFor
2017-07-04 03:57:57,171 [cuckoo.core.startup] DEBUG:     |-- exp_3322_dom
2017-07-04 03:57:57,171 [cuckoo.core.startup] DEBUG:     |-- Expiro
2017-07-04 03:57:57,171 [cuckoo.core.startup] DEBUG:     |-- ExploitHeapspray
2017-07-04 03:57:57,171 [cuckoo.core.startup] DEBUG:     |-- ExploitKitMutexes
2017-07-04 03:57:57,171 [cuckoo.core.startup] DEBUG:     |-- FakeAVMutexes
2017-07-04 03:57:57,171 [cuckoo.core.startup] DEBUG:     |-- FakeAVMutexes
2017-07-04 03:57:57,172 [cuckoo.core.startup] DEBUG:     |-- FakeRean
2017-07-04 03:57:57,172 [cuckoo.core.startup] DEBUG:     |-- FarFli
2017-07-04 03:57:57,172 [cuckoo.core.startup] DEBUG:     |-- FesberMutexes
2017-07-04 03:57:57,172 [cuckoo.core.startup] DEBUG:     |-- Fingerprint
2017-07-04 03:57:57,172 [cuckoo.core.startup] DEBUG:     |-- Flame
2017-07-04 03:57:57,172 [cuckoo.core.startup] DEBUG:     |-- Flystudio
2017-07-04 03:57:57,172 [cuckoo.core.startup] DEBUG:     |-- FortinetDetectFiles
2017-07-04 03:57:57,172 [cuckoo.core.startup] DEBUG:     |-- FTPStealer
2017-07-04 03:57:57,173 [cuckoo.core.startup] DEBUG:     |-- Fynloski
2017-07-04 03:57:57,173 [cuckoo.core.startup] DEBUG:     |-- Gaelicum
2017-07-04 03:57:57,173 [cuckoo.core.startup] DEBUG:     |-- Ghostbot
2017-07-04 03:57:57,173 [cuckoo.core.startup] DEBUG:     |-- HasAuthenticode
2017-07-04 03:57:57,173 [cuckoo.core.startup] DEBUG:     |-- HasOfficeEps
2017-07-04 03:57:57,173 [cuckoo.core.startup] DEBUG:     |-- HasPdb
2017-07-04 03:57:57,173 [cuckoo.core.startup] DEBUG:     |-- HasWMI
2017-07-04 03:57:57,173 [cuckoo.core.startup] DEBUG:     |-- Hesperbot
2017-07-04 03:57:57,173 [cuckoo.core.startup] DEBUG:     |-- Hikit
2017-07-04 03:57:57,173 [cuckoo.core.startup] DEBUG:     |-- HookMouse
2017-07-04 03:57:57,174 [cuckoo.core.startup] DEBUG:     |-- Hupigon
2017-07-04 03:57:57,174 [cuckoo.core.startup] DEBUG:     |-- HyperVDetectKeys
2017-07-04 03:57:57,174 [cuckoo.core.startup] DEBUG:     |-- IcePoint
2017-07-04 03:57:57,174 [cuckoo.core.startup] DEBUG:     |-- IEMartian
2017-07-04 03:57:57,174 [cuckoo.core.startup] DEBUG:     |-- im_btb
2017-07-04 03:57:57,174 [cuckoo.core.startup] DEBUG:     |-- im_qq
2017-07-04 03:57:57,174 [cuckoo.core.startup] DEBUG:     |-- IMStealer
2017-07-04 03:57:57,174 [cuckoo.core.startup] DEBUG:     |-- InceptionAPT
2017-07-04 03:57:57,174 [cuckoo.core.startup] DEBUG:     |-- Infinity
2017-07-04 03:57:57,174 [cuckoo.core.startup] DEBUG:     |-- InjectionRunPE
2017-07-04 03:57:57,174 [cuckoo.core.startup] DEBUG:     |-- InjectionThread
2017-07-04 03:57:57,175 [cuckoo.core.startup] DEBUG:     |-- InstalledApps
2017-07-04 03:57:57,175 [cuckoo.core.startup] DEBUG:     |-- InstallsAppInit
2017-07-04 03:57:57,175 [cuckoo.core.startup] DEBUG:     |-- InstallsBHO
2017-07-04 03:57:57,175 [cuckoo.core.startup] DEBUG:     |-- InstallsWinpcap
2017-07-04 03:57:57,175 [cuckoo.core.startup] DEBUG:     |-- IPKillerMutexes
2017-07-04 03:57:57,175 [cuckoo.core.startup] DEBUG:     |-- Ircbrute
2017-07-04 03:57:57,175 [cuckoo.core.startup] DEBUG:     |-- ISRstealerURL
2017-07-04 03:57:57,175 [cuckoo.core.startup] DEBUG:     |-- iStealerURL
2017-07-04 03:57:57,175 [cuckoo.core.startup] DEBUG:     |-- JackPOSFile
2017-07-04 03:57:57,175 [cuckoo.core.startup] DEBUG:     |-- JackposURL
2017-07-04 03:57:57,176 [cuckoo.core.startup] DEBUG:     |-- JeefoMutexes
2017-07-04 03:57:57,176 [cuckoo.core.startup] DEBUG:     |-- Jewdo
2017-07-04 03:57:57,176 [cuckoo.core.startup] DEBUG:     |-- JintorMutexes
2017-07-04 03:57:57,176 [cuckoo.core.startup] DEBUG:     |-- JorikTrojan
2017-07-04 03:57:57,176 [cuckoo.core.startup] DEBUG:     |-- Karagany
2017-07-04 03:57:57,176 [cuckoo.core.startup] DEBUG:     |-- Karakum
2017-07-04 03:57:57,176 [cuckoo.core.startup] DEBUG:     |-- Katusha
2017-07-04 03:57:57,176 [cuckoo.core.startup] DEBUG:     |-- KelihosBot
2017-07-04 03:57:57,176 [cuckoo.core.startup] DEBUG:     |-- Keylogger
2017-07-04 03:57:57,176 [cuckoo.core.startup] DEBUG:     |-- Kilim
2017-07-04 03:57:57,177 [cuckoo.core.startup] DEBUG:     |-- Killdisk
2017-07-04 03:57:57,177 [cuckoo.core.startup] DEBUG:     |-- KnownVirustotal
2017-07-04 03:57:57,177 [cuckoo.core.startup] DEBUG:     |-- Koobface
2017-07-04 03:57:57,177 [cuckoo.core.startup] DEBUG:     |-- Koutodoor
2017-07-04 03:57:57,177 [cuckoo.core.startup] DEBUG:     |-- KovterBot
2017-07-04 03:57:57,177 [cuckoo.core.startup] DEBUG:     |-- KrepperMutexes
2017-07-04 03:57:57,177 [cuckoo.core.startup] DEBUG:     |-- KuluozMutexes
2017-07-04 03:57:57,177 [cuckoo.core.startup] DEBUG:     |-- Likseput
2017-07-04 03:57:57,177 [cuckoo.core.startup] DEBUG:     |-- LocatesBrowser
2017-07-04 03:57:57,177 [cuckoo.core.startup] DEBUG:     |-- LocatesSniffer
2017-07-04 03:57:57,177 [cuckoo.core.startup] DEBUG:     |-- Lockscreen
2017-07-04 03:57:57,178 [cuckoo.core.startup] DEBUG:     |-- LolBot
2017-07-04 03:57:57,178 [cuckoo.core.startup] DEBUG:     |-- Luder
2017-07-04 03:57:57,178 [cuckoo.core.startup] DEBUG:     |-- Madness
2017-07-04 03:57:57,178 [cuckoo.core.startup] DEBUG:     |-- Madness
2017-07-04 03:57:57,178 [cuckoo.core.startup] DEBUG:     |-- MadnessURL
2017-07-04 03:57:57,178 [cuckoo.core.startup] DEBUG:     |-- MaganiaMutexes
2017-07-04 03:57:57,178 [cuckoo.core.startup] DEBUG:     |-- MailStealer
2017-07-04 03:57:57,178 [cuckoo.core.startup] DEBUG:     |-- MaliciousDocumentURLs
2017-07-04 03:57:57,179 [cuckoo.core.startup] DEBUG:     |-- MegaUpload
2017-07-04 03:57:57,179 [cuckoo.core.startup] DEBUG:     |-- MemoryAvailable
2017-07-04 03:57:57,179 [cuckoo.core.startup] DEBUG:     |-- MetasploitShellcode
2017-07-04 03:57:57,179 [cuckoo.core.startup] DEBUG:     |-- Minerbot
2017-07-04 03:57:57,179 [cuckoo.core.startup] DEBUG:     |-- miningpool
2017-07-04 03:57:57,179 [cuckoo.core.startup] DEBUG:     |-- MircFile
2017-07-04 03:57:57,179 [cuckoo.core.startup] DEBUG:     |-- ModifiesDesktopWallpaper
2017-07-04 03:57:57,179 [cuckoo.core.startup] DEBUG:     |-- ModifiesFiles
2017-07-04 03:57:57,179 [cuckoo.core.startup] DEBUG:     |-- ModifiesUACNotify
2017-07-04 03:57:57,179 [cuckoo.core.startup] DEBUG:     |-- MyBot
2017-07-04 03:57:57,180 [cuckoo.core.startup] DEBUG:     |-- Nakbot
2017-07-04 03:57:57,180 [cuckoo.core.startup] DEBUG:     |-- Napolar
2017-07-04 03:57:57,180 [cuckoo.core.startup] DEBUG:     |-- Nebuler
2017-07-04 03:57:57,180 [cuckoo.core.startup] DEBUG:     |-- Netobserve
2017-07-04 03:57:57,180 [cuckoo.core.startup] DEBUG:     |-- Netshadow
2017-07-04 03:57:57,180 [cuckoo.core.startup] DEBUG:     |-- Netwire
2017-07-04 03:57:57,180 [cuckoo.core.startup] DEBUG:     |-- NetworkAdapters
2017-07-04 03:57:57,180 [cuckoo.core.startup] DEBUG:     |-- NetworkDocumentFile
2017-07-04 03:57:57,180 [cuckoo.core.startup] DEBUG:     |-- NetworkEXE
2017-07-04 03:57:57,180 [cuckoo.core.startup] DEBUG:     |-- Nitol
2017-07-04 03:57:57,180 [cuckoo.core.startup] DEBUG:     |-- NjRat
2017-07-04 03:57:57,181 [cuckoo.core.startup] DEBUG:     |-- ObfusMutexes
2017-07-04 03:57:57,181 [cuckoo.core.startup] DEBUG:     |-- OfficeCreateObject
2017-07-04 03:57:57,181 [cuckoo.core.startup] DEBUG:     |-- OfficeEpsStrings
2017-07-04 03:57:57,181 [cuckoo.core.startup] DEBUG:     |-- OfficeHttpRequest
2017-07-04 03:57:57,181 [cuckoo.core.startup] DEBUG:     |-- OfficePackager
2017-07-04 03:57:57,181 [cuckoo.core.startup] DEBUG:     |-- OfficeRecentFiles
2017-07-04 03:57:57,181 [cuckoo.core.startup] DEBUG:     |-- OfficeVulnerableGuid
2017-07-04 03:57:57,181 [cuckoo.core.startup] DEBUG:     |-- OfficeVulnModules
2017-07-04 03:57:57,181 [cuckoo.core.startup] DEBUG:     |-- Oldrea
2017-07-04 03:57:57,181 [cuckoo.core.startup] DEBUG:     |-- PackerEntropy
2017-07-04 03:57:57,182 [cuckoo.core.startup] DEBUG:     |-- Palevo
2017-07-04 03:57:57,182 [cuckoo.core.startup] DEBUG:     |-- ParallelsDetectKeys
2017-07-04 03:57:57,182 [cuckoo.core.startup] DEBUG:     |-- Pasta
2017-07-04 03:57:57,182 [cuckoo.core.startup] DEBUG:     |-- PcClientMutexes
2017-07-04 03:57:57,182 [cuckoo.core.startup] DEBUG:     |-- PEFeatures
2017-07-04 03:57:57,182 [cuckoo.core.startup] DEBUG:     |-- PerfLogger
2017-07-04 03:57:57,182 [cuckoo.core.startup] DEBUG:     |-- PersistenceBootexecute
2017-07-04 03:57:57,182 [cuckoo.core.startup] DEBUG:     |-- Phorpiex
2017-07-04 03:57:57,182 [cuckoo.core.startup] DEBUG:     |-- Pidief
2017-07-04 03:57:57,182 [cuckoo.core.startup] DEBUG:     |-- Plugx
2017-07-04 03:57:57,182 [cuckoo.core.startup] DEBUG:     |-- Poebot
2017-07-04 03:57:57,183 [cuckoo.core.startup] DEBUG:     |-- PoisonIvy
2017-07-04 03:57:57,183 [cuckoo.core.startup] DEBUG:     |-- Polymorphic
2017-07-04 03:57:57,183 [cuckoo.core.startup] DEBUG:     |-- Ponfoy
2017-07-04 03:57:57,183 [cuckoo.core.startup] DEBUG:     |-- PonyURL
2017-07-04 03:57:57,183 [cuckoo.core.startup] DEBUG:     |-- PosCardStealerURL
2017-07-04 03:57:57,183 [cuckoo.core.startup] DEBUG:     |-- Powerfun
2017-07-04 03:57:57,183 [cuckoo.core.startup] DEBUG:     |-- PowershellBitsTransfer
2017-07-04 03:57:57,183 [cuckoo.core.startup] DEBUG:     |-- PowershellCcDns
2017-07-04 03:57:57,183 [cuckoo.core.startup] DEBUG:     |-- PowershellDdiRc4
2017-07-04 03:57:57,183 [cuckoo.core.startup] DEBUG:     |-- PowershellDFSP
2017-07-04 03:57:57,184 [cuckoo.core.startup] DEBUG:     |-- PowershellDI
2017-07-04 03:57:57,184 [cuckoo.core.startup] DEBUG:     |-- PowershellDownload
2017-07-04 03:57:57,184 [cuckoo.core.startup] DEBUG:     |-- PowershellEmpire
2017-07-04 03:57:57,184 [cuckoo.core.startup] DEBUG:     |-- PowershellMeterpreter
2017-07-04 03:57:57,184 [cuckoo.core.startup] DEBUG:     |-- PowershellRegAdd
2017-07-04 03:57:57,184 [cuckoo.core.startup] DEBUG:     |-- PowershellRequest
2017-07-04 03:57:57,184 [cuckoo.core.startup] DEBUG:     |-- PowershellUnicorn
2017-07-04 03:57:57,184 [cuckoo.core.startup] DEBUG:     |-- Powerworm
2017-07-04 03:57:57,184 [cuckoo.core.startup] DEBUG:     |-- Prinimalka
2017-07-04 03:57:57,184 [cuckoo.core.startup] DEBUG:     |-- ProcessInterest
2017-07-04 03:57:57,184 [cuckoo.core.startup] DEBUG:     |-- ProcessNeeded
2017-07-04 03:57:57,185 [cuckoo.core.startup] DEBUG:     |-- ProcMemDumpURLs
2017-07-04 03:57:57,185 [cuckoo.core.startup] DEBUG:     |-- Psyokym
2017-07-04 03:57:57,185 [cuckoo.core.startup] DEBUG:     |-- PuceMutexes
2017-07-04 03:57:57,185 [cuckoo.core.startup] DEBUG:     |-- PutterpandaMutexes
2017-07-04 03:57:57,185 [cuckoo.core.startup] DEBUG:     |-- Putty
2017-07-04 03:57:57,185 [cuckoo.core.startup] DEBUG:     |-- PWDumpFile
2017-07-04 03:57:57,185 [cuckoo.core.startup] DEBUG:     |-- Pykse
2017-07-04 03:57:57,185 [cuckoo.core.startup] DEBUG:     |-- Qakbot
2017-07-04 03:57:57,185 [cuckoo.core.startup] DEBUG:     |-- Ragebot
2017-07-04 03:57:57,185 [cuckoo.core.startup] DEBUG:     |-- RaisesException
2017-07-04 03:57:57,185 [cuckoo.core.startup] DEBUG:     |-- Ramnit
2017-07-04 03:57:57,186 [cuckoo.core.startup] DEBUG:     |-- ransomware_viruscoder
2017-07-04 03:57:57,186 [cuckoo.core.startup] DEBUG:     |-- RansomwareBcdedit
2017-07-04 03:57:57,186 [cuckoo.core.startup] DEBUG:     |-- RansomwareExtensions
2017-07-04 03:57:57,186 [cuckoo.core.startup] DEBUG:     |-- RansomwareFiles
2017-07-04 03:57:57,186 [cuckoo.core.startup] DEBUG:     |-- RansomwareShadowcopy
2017-07-04 03:57:57,186 [cuckoo.core.startup] DEBUG:     |-- RapidShare
2017-07-04 03:57:57,186 [cuckoo.core.startup] DEBUG:     |-- rat_fexel_ip
2017-07-04 03:57:57,186 [cuckoo.core.startup] DEBUG:     |-- rat_naid_ip
2017-07-04 03:57:57,186 [cuckoo.core.startup] DEBUG:     |-- RatSiggen
2017-07-04 03:57:57,186 [cuckoo.core.startup] DEBUG:     |-- RBot
2017-07-04 03:57:57,187 [cuckoo.core.startup] DEBUG:     |-- RdpMutexes
2017-07-04 03:57:57,187 [cuckoo.core.startup] DEBUG:     |-- Renocide
2017-07-04 03:57:57,187 [cuckoo.core.startup] DEBUG:     |-- RenosTrojan
2017-07-04 03:57:57,187 [cuckoo.core.startup] DEBUG:     |-- Rovnix
2017-07-04 03:57:57,187 [cuckoo.core.startup] DEBUG:     |-- Runbu
2017-07-04 03:57:57,187 [cuckoo.core.startup] DEBUG:     |-- RunouceMutexes
2017-07-04 03:57:57,187 [cuckoo.core.startup] DEBUG:     |-- Ruskill
2017-07-04 03:57:57,187 [cuckoo.core.startup] DEBUG:     |-- Sadbot
2017-07-04 03:57:57,187 [cuckoo.core.startup] DEBUG:     |-- SandboxieDetect
2017-07-04 03:57:57,187 [cuckoo.core.startup] DEBUG:     |-- SandboxJoeAnubisDetectFiles
2017-07-04 03:57:57,187 [cuckoo.core.startup] DEBUG:     |-- SDBot
2017-07-04 03:57:57,188 [cuckoo.core.startup] DEBUG:     |-- SelfDeleteBat
2017-07-04 03:57:57,188 [cuckoo.core.startup] DEBUG:     |-- Senna
2017-07-04 03:57:57,188 [cuckoo.core.startup] DEBUG:     |-- Shadowbot
2017-07-04 03:57:57,188 [cuckoo.core.startup] DEBUG:     |-- SharingRGhost
2017-07-04 03:57:57,188 [cuckoo.core.startup] DEBUG:     |-- SharpStealerURL
2017-07-04 03:57:57,188 [cuckoo.core.startup] DEBUG:     |-- ShellcodeWriteProcessMemory
2017-07-04 03:57:57,188 [cuckoo.core.startup] DEBUG:     |-- Shiz
2017-07-04 03:57:57,188 [cuckoo.core.startup] DEBUG:     |-- ShutdownSystem
2017-07-04 03:57:57,188 [cuckoo.core.startup] DEBUG:     |-- Shylock
2017-07-04 03:57:57,188 [cuckoo.core.startup] DEBUG:     |-- SipStun
2017-07-04 03:57:57,189 [cuckoo.core.startup] DEBUG:     |-- Smtp_GMail
2017-07-04 03:57:57,189 [cuckoo.core.startup] DEBUG:     |-- Smtp_Live
2017-07-04 03:57:57,189 [cuckoo.core.startup] DEBUG:     |-- Smtp_Mail_Ru
2017-07-04 03:57:57,189 [cuckoo.core.startup] DEBUG:     |-- Smtp_Yahoo
2017-07-04 03:57:57,189 [cuckoo.core.startup] DEBUG:     |-- SolarURL
2017-07-04 03:57:57,189 [cuckoo.core.startup] DEBUG:     |-- SpyEyeMutexes
2017-07-04 03:57:57,189 [cuckoo.core.startup] DEBUG:     |-- SpyeyeURL
2017-07-04 03:57:57,189 [cuckoo.core.startup] DEBUG:     |-- SpynetRat
2017-07-04 03:57:57,189 [cuckoo.core.startup] DEBUG:     |-- Spyrecorder
2017-07-04 03:57:57,189 [cuckoo.core.startup] DEBUG:     |-- StackPivot
2017-07-04 03:57:57,189 [cuckoo.core.startup] DEBUG:     |-- StackPivotDllLoad
2017-07-04 03:57:57,190 [cuckoo.core.startup] DEBUG:     |-- Staser
2017-07-04 03:57:57,190 [cuckoo.core.startup] DEBUG:     |-- StealthChildProc
2017-07-04 03:57:57,190 [cuckoo.core.startup] DEBUG:     |-- StealthHiddenExtension
2017-07-04 03:57:57,190 [cuckoo.core.startup] DEBUG:     |-- StealthHiddenFile
2017-07-04 03:57:57,190 [cuckoo.core.startup] DEBUG:     |-- StealthHiddenIcons
2017-07-04 03:57:57,190 [cuckoo.core.startup] DEBUG:     |-- StopsService
2017-07-04 03:57:57,190 [cuckoo.core.startup] DEBUG:     |-- SunbeltDetectFiles
2017-07-04 03:57:57,190 [cuckoo.core.startup] DEBUG:     |-- SunBeltSandboxDetect
2017-07-04 03:57:57,190 [cuckoo.core.startup] DEBUG:     |-- SuspiciousPowershell
2017-07-04 03:57:57,190 [cuckoo.core.startup] DEBUG:     |-- SuspiciousWriteEXE
2017-07-04 03:57:57,190 [cuckoo.core.startup] DEBUG:     |-- SweetorangeMutexes
2017-07-04 03:57:57,191 [cuckoo.core.startup] DEBUG:     |-- Swrort
2017-07-04 03:57:57,191 [cuckoo.core.startup] DEBUG:     |-- SystemInfo
2017-07-04 03:57:57,191 [cuckoo.core.startup] DEBUG:     |-- SystemMetrics
2017-07-04 03:57:57,191 [cuckoo.core.startup] DEBUG:     |-- TapiDpMutexes
2017-07-04 03:57:57,191 [cuckoo.core.startup] DEBUG:     |-- TDSSBackdoor
2017-07-04 03:57:57,191 [cuckoo.core.startup] DEBUG:     |-- TeamviewerRat
2017-07-04 03:57:57,191 [cuckoo.core.startup] DEBUG:     |-- ThreatTrackDetectFiles
2017-07-04 03:57:57,191 [cuckoo.core.startup] DEBUG:     |-- TinbaMutexes
2017-07-04 03:57:57,191 [cuckoo.core.startup] DEBUG:     |-- TnegaMutexes
2017-07-04 03:57:57,191 [cuckoo.core.startup] DEBUG:     |-- Tor
2017-07-04 03:57:57,191 [cuckoo.core.startup] DEBUG:     |-- TorHiddenService
2017-07-04 03:57:57,192 [cuckoo.core.startup] DEBUG:     |-- Travnet
2017-07-04 03:57:57,192 [cuckoo.core.startup] DEBUG:     |-- Trogbot
2017-07-04 03:57:57,192 [cuckoo.core.startup] DEBUG:     |-- TrojanJorik
2017-07-04 03:57:57,192 [cuckoo.core.startup] DEBUG:     |-- TrojanLethic
2017-07-04 03:57:57,192 [cuckoo.core.startup] DEBUG:     |-- TrojanLethic
2017-07-04 03:57:57,192 [cuckoo.core.startup] DEBUG:     |-- trojanmrblack
2017-07-04 03:57:57,192 [cuckoo.core.startup] DEBUG:     |-- TrojanRedosru
2017-07-04 03:57:57,192 [cuckoo.core.startup] DEBUG:     |-- TrojanSysn
2017-07-04 03:57:57,192 [cuckoo.core.startup] DEBUG:     |-- trojanyoddos
2017-07-04 03:57:57,192 [cuckoo.core.startup] DEBUG:     |-- TufikMutexes
2017-07-04 03:57:57,193 [cuckoo.core.startup] DEBUG:     |-- Turkojan
2017-07-04 03:57:57,193 [cuckoo.core.startup] DEBUG:     |-- TurlaCarbon
2017-07-04 03:57:57,193 [cuckoo.core.startup] DEBUG:     |-- UFRStealer
2017-07-04 03:57:57,193 [cuckoo.core.startup] DEBUG:     |-- Unhook
2017-07-04 03:57:57,193 [cuckoo.core.startup] DEBUG:     |-- Upatre
2017-07-04 03:57:57,193 [cuckoo.core.startup] DEBUG:     |-- UpatreTDMutexes
2017-07-04 03:57:57,193 [cuckoo.core.startup] DEBUG:     |-- UPXCompressed
2017-07-04 03:57:57,193 [cuckoo.core.startup] DEBUG:     |-- UrkShortCN
2017-07-04 03:57:57,193 [cuckoo.core.startup] DEBUG:     |-- URLSpy
2017-07-04 03:57:57,193 [cuckoo.core.startup] DEBUG:     |-- UroburosFile
2017-07-04 03:57:57,193 [cuckoo.core.startup] DEBUG:     |-- UroburosMutexes
2017-07-04 03:57:57,194 [cuckoo.core.startup] DEBUG:     |-- Urxbot
2017-07-04 03:57:57,194 [cuckoo.core.startup] DEBUG:     |-- UsesWindowsUtilities
2017-07-04 03:57:57,194 [cuckoo.core.startup] DEBUG:     |-- Vanbot
2017-07-04 03:57:57,194 [cuckoo.core.startup] DEBUG:     |-- VBInject
2017-07-04 03:57:57,194 [cuckoo.core.startup] DEBUG:     |-- VBoxDetectACPI
2017-07-04 03:57:57,194 [cuckoo.core.startup] DEBUG:     |-- VBoxDetectDevices
2017-07-04 03:57:57,194 [cuckoo.core.startup] DEBUG:     |-- VBoxDetectFiles
2017-07-04 03:57:57,194 [cuckoo.core.startup] DEBUG:     |-- VBoxDetectKeys
2017-07-04 03:57:57,194 [cuckoo.core.startup] DEBUG:     |-- VBoxDetectProvname
2017-07-04 03:57:57,194 [cuckoo.core.startup] DEBUG:     |-- VBoxDetectWindow
2017-07-04 03:57:57,194 [cuckoo.core.startup] DEBUG:     |-- Vertex
2017-07-04 03:57:57,195 [cuckoo.core.startup] DEBUG:     |-- VertexSolarURL
2017-07-04 03:57:57,195 [cuckoo.core.startup] DEBUG:     |-- VirtualPCDetect
2017-07-04 03:57:57,195 [cuckoo.core.startup] DEBUG:     |-- VirtualPCIllegalInstruction
2017-07-04 03:57:57,195 [cuckoo.core.startup] DEBUG:     |-- Virut
2017-07-04 03:57:57,195 [cuckoo.core.startup] DEBUG:     |-- VMFirmware
2017-07-04 03:57:57,195 [cuckoo.core.startup] DEBUG:     |-- VMPPacked
2017-07-04 03:57:57,195 [cuckoo.core.startup] DEBUG:     |-- VMWareDetectFiles
2017-07-04 03:57:57,195 [cuckoo.core.startup] DEBUG:     |-- VMWareDetectKeys
2017-07-04 03:57:57,195 [cuckoo.core.startup] DEBUG:     |-- VMWareInInstruction
2017-07-04 03:57:57,195 [cuckoo.core.startup] DEBUG:     |-- VncMutexes
2017-07-04 03:57:57,196 [cuckoo.core.startup] DEBUG:     |-- VNLoaderURL
2017-07-04 03:57:57,196 [cuckoo.core.startup] DEBUG:     |-- VolDevicetree1
2017-07-04 03:57:57,196 [cuckoo.core.startup] DEBUG:     |-- VolHandles1
2017-07-04 03:57:57,196 [cuckoo.core.startup] DEBUG:     |-- VolLdrModules1
2017-07-04 03:57:57,196 [cuckoo.core.startup] DEBUG:     |-- VolLdrModules2
2017-07-04 03:57:57,196 [cuckoo.core.startup] DEBUG:     |-- VolMalfind1
2017-07-04 03:57:57,196 [cuckoo.core.startup] DEBUG:     |-- VolModscan1
2017-07-04 03:57:57,196 [cuckoo.core.startup] DEBUG:     |-- VolSvcscan1
2017-07-04 03:57:57,196 [cuckoo.core.startup] DEBUG:     |-- VolSvcscan2
2017-07-04 03:57:57,196 [cuckoo.core.startup] DEBUG:     |-- VolSvcscan3
2017-07-04 03:57:57,196 [cuckoo.core.startup] DEBUG:     |-- VPCDetectKeys
2017-07-04 03:57:57,197 [cuckoo.core.startup] DEBUG:     |-- Wakbot
2017-07-04 03:57:57,197 [cuckoo.core.startup] DEBUG:     |-- WarbotURL
2017-07-04 03:57:57,197 [cuckoo.core.startup] DEBUG:     |-- Whimoo
2017-07-04 03:57:57,197 [cuckoo.core.startup] DEBUG:     |-- Win32ProcessCreate
2017-07-04 03:57:57,197 [cuckoo.core.startup] DEBUG:     |-- WineDetect
2017-07-04 03:57:57,197 [cuckoo.core.startup] DEBUG:     |-- WinSCP
2017-07-04 03:57:57,197 [cuckoo.core.startup] DEBUG:     |-- WinSxsBot
2017-07-04 03:57:57,197 [cuckoo.core.startup] DEBUG:     |-- WMIAntiVM
2017-07-04 03:57:57,197 [cuckoo.core.startup] DEBUG:     |-- WormAllaple
2017-07-04 03:57:57,197 [cuckoo.core.startup] DEBUG:     |-- WormKolabc
2017-07-04 03:57:57,197 [cuckoo.core.startup] DEBUG:     |-- XenDetectKeys
2017-07-04 03:57:57,198 [cuckoo.core.startup] DEBUG:     |-- XtremeRAT
2017-07-04 03:57:57,198 [cuckoo.core.startup] DEBUG:     |-- Xworm
2017-07-04 03:57:57,198 [cuckoo.core.startup] DEBUG:     |-- Zegost
2017-07-04 03:57:57,198 [cuckoo.core.startup] DEBUG:     |-- ZeusMutexes
2017-07-04 03:57:57,198 [cuckoo.core.startup] DEBUG:     |-- ZeusP2P
2017-07-04 03:57:57,198 [cuckoo.core.startup] DEBUG:     |-- ZeusURL
2017-07-04 03:57:57,198 [cuckoo.core.startup] DEBUG:     `-- ZoneID
2017-07-04 03:57:57,198 [cuckoo.core.startup] DEBUG: Imported "reporting" modules:
2017-07-04 03:57:57,198 [cuckoo.core.startup] DEBUG:     |-- ElasticSearch
2017-07-04 03:57:57,198 [cuckoo.core.startup] DEBUG:     |-- Feedback
2017-07-04 03:57:57,198 [cuckoo.core.startup] DEBUG:     |-- JsonDump
2017-07-04 03:57:57,199 [cuckoo.core.startup] DEBUG:     |-- Mattermost
2017-07-04 03:57:57,199 [cuckoo.core.startup] DEBUG:     |-- MISP
2017-07-04 03:57:57,199 [cuckoo.core.startup] DEBUG:     |-- Moloch
2017-07-04 03:57:57,199 [cuckoo.core.startup] DEBUG:     |-- MongoDB
2017-07-04 03:57:57,199 [cuckoo.core.startup] DEBUG:     |-- Notification
2017-07-04 03:57:57,199 [cuckoo.core.startup] DEBUG:     `-- SingleFile
2017-07-04 03:57:57,199 [cuckoo.core.startup] DEBUG: Checking for locked tasks..
2017-07-04 03:57:57,210 [cuckoo.core.startup] DEBUG: Checking for pending service tasks..
2017-07-04 03:57:57,219 [cuckoo.core.startup] DEBUG: Initializing Yara...
2017-07-04 03:57:57,219 [cuckoo.core.startup] DEBUG:     |-- binaries embedded.yar
2017-07-04 03:57:57,220 [cuckoo.core.startup] DEBUG:     |-- binaries shellcodes.yar
2017-07-04 03:57:57,220 [cuckoo.core.startup] DEBUG:     `-- binaries vmdetect.yar
2017-07-04 03:57:57,222 [cuckoo.core.resultserver] DEBUG: ResultServer running on 192.168.56.1:2042.
2017-07-04 03:57:57,223 [cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager
2017-07-04 03:57:58,047 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine cuckoo1 to snapshot1
2017-07-04 03:57:58,286 [cuckoo.core.scheduler] INFO: Loaded 1 machine/s
2017-07-04 03:57:58,309 [cuckoo.core.scheduler] INFO: Waiting for analysis tasks.
2017-07-04 03:57:59,402 [cuckoo.core.scheduler] DEBUG: Processing task #19
2017-07-04 03:57:59,423 [cuckoo.core.scheduler] INFO: Starting analysis of URL "google.com" (task #19, options "")
2017-07-04 03:57:59,530 [cuckoo.core.scheduler] INFO: Task #19: acquired machine cuckoo1 (label=cuckoo1)
2017-07-04 03:57:59,542 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 26081 (interface=vboxnet0, host=192.168.56.101, pcap=/home/cuckoo/.cuckoo/storage/analyses/19/dump.pcap)
2017-07-04 03:57:59,543 [cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer
2017-07-04 03:57:59,607 [cuckoo.machinery.virtualbox] DEBUG: Starting vm cuckoo1
2017-07-04 03:57:59,769 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine cuckoo1 to snapshot1
2017-07-04 03:58:03,239 [cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.56.101)
2017-07-04 03:58:04,245 [cuckoo.core.guest] DEBUG: cuckoo1: not ready yet
2017-07-04 03:58:05,250 [cuckoo.core.guest] DEBUG: cuckoo1: not ready yet
2017-07-04 03:58:06,244 [cuckoo.core.guest] DEBUG: cuckoo1: not ready yet
2017-07-04 03:58:08,250 [cuckoo.core.guest] DEBUG: cuckoo1: not ready yet
2017-07-04 03:58:09,259 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.7 (id=cuckoo1, ip=192.168.56.101)
2017-07-04 03:58:09,285 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=cuckoo1, ip=192.168.56.101, monitor=latest, size=3819928)
2017-07-04 03:58:09,742 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:10,054 [cuckoo.core.resultserver] DEBUG: LogHandler for live analysis.log initialized.
2017-07-04 03:58:10,748 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:11,757 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:12,414 [cuckoo.core.resultserver] DEBUG: New process (pid=2372, ppid=2992, name=iexplore.exe)
2017-07-04 03:58:12,826 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:13,083 [cuckoo.core.resultserver] DEBUG: New process (pid=1084, ppid=2372, name=iexplore.exe)
2017-07-04 03:58:13,835 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:14,842 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:15,852 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:16,858 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:17,868 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:18,881 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:19,891 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:20,901 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:21,911 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:22,922 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:23,968 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:24,977 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:25,987 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:26,993 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:28,002 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:29,011 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:30,022 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:31,063 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:32,081 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:33,090 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:34,100 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:35,110 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:36,121 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:37,133 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:38,143 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:39,153 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:40,163 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:41,175 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:42,185 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:43,193 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:44,203 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:45,213 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:46,223 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:47,236 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:48,272 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:49,292 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:50,302 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:51,312 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:52,320 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:53,330 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:54,354 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:55,364 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:56,374 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:57,383 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:58,393 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:58:59,403 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:00,414 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:01,424 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:02,433 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:03,469 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:04,480 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:05,490 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:06,499 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:07,509 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:08,518 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:09,528 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:10,548 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:11,592 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:12,599 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:13,607 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:14,617 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:15,626 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:16,639 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:17,651 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:18,661 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:19,672 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:20,682 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:21,692 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:22,703 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:23,713 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:24,722 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:25,760 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:26,768 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:27,784 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:28,794 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:29,804 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:30,814 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:31,824 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:32,851 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:33,889 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:34,907 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:35,917 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:36,927 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:37,936 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:38,942 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:39,952 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:40,961 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:41,970 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:42,980 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:43,989 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:44,998 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:46,008 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:47,021 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:48,029 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:49,064 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:50,076 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:51,084 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:52,101 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:53,111 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:54,121 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:55,130 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:56,140 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:57,150 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:58,161 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 03:59:59,171 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 04:00:00,180 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 04:00:01,188 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 04:00:02,198 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 04:00:03,208 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 04:00:04,219 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 04:00:05,229 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 04:00:06,238 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 04:00:07,283 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 04:00:08,292 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 04:00:09,302 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 04:00:10,312 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 04:00:11,322 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2017-07-04 04:00:11,595 [cuckoo.core.resultserver] DEBUG: File upload request for files/7f7d4fd62ccae01d_recoverystore.{a0724232-60a7-11e7-ac1e-08002719ff52}.dat
2017-07-04 04:00:11,596 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 3584
2017-07-04 04:00:11,598 [cuckoo.core.resultserver] DEBUG: File upload request for files/f3312b1f3357ccff_google_co_in[1].htm
2017-07-04 04:00:11,598 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 51897
2017-07-04 04:00:11,604 [cuckoo.core.resultserver] DEBUG: File upload request for files/fffcf467f4e4d059_140th-anniversary-of-wimbledon-5176535811096576.3-law[1].gif
2017-07-04 04:00:11,608 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 259370
2017-07-04 04:00:11,609 [cuckoo.core.resultserver] DEBUG: File upload request for files/baf770e208182b7c_8059e9a0d314877e40fe93d8ccfb3c69_71764fb7d5c5c8c82ac1c58d221dd0ff
2017-07-04 04:00:11,610 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 390
2017-07-04 04:00:11,612 [cuckoo.core.resultserver] DEBUG: File upload request for files/d53d3fc5fd6e8b23_{a0724233-60a7-11e7-ac1e-08002719ff52}.dat
2017-07-04 04:00:11,612 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 6144
2017-07-04 04:00:11,615 [cuckoo.core.resultserver] DEBUG: File upload request for files/ca858453ce21cabd_nav_logo229[1].png
2017-07-04 04:00:11,615 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 12263
2017-07-04 04:00:11,618 [cuckoo.core.resultserver] DEBUG: File upload request for files/cee537df580a0835_8059e9a0d314877e40fe93d8ccfb3c69_71764fb7d5c5c8c82ac1c58d221dd0ff
2017-07-04 04:00:11,619 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 463
2017-07-04 04:00:11,621 [cuckoo.core.resultserver] DEBUG: File upload request for files/6da5620880159634_googleg_lodp[1].ico
2017-07-04 04:00:11,621 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 5430
2017-07-04 04:00:11,628 [cuckoo.core.resultserver] DEBUG: File upload request for files/45758d6ca4107f72_rs=act90oekdh71q7h5rkb6wfjghj2ht9hpvw[1]
2017-07-04 04:00:11,631 [cuckoo.core.resultserver] DEBUG: File upload request for files/71ce8f3b67947140_sem_2b1e718f323cc1d31be1bde129028845[1].js
2017-07-04 04:00:11,632 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 55617
2017-07-04 04:00:11,632 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 205736
2017-07-04 04:00:11,673 [cuckoo.core.resultserver] DEBUG: File upload request for files/596b1117169504f0_cuckoo1@google.co[2].txt
2017-07-04 04:00:11,673 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 198
2017-07-04 04:00:12,328 [cuckoo.core.guest] INFO: cuckoo1: analysis completed successfully
2017-07-04 04:00:12,428 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2017-07-04 04:00:12,429 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm cuckoo1
2017-07-04 04:00:15,767 [cuckoo.core.scheduler] DEBUG: Released database task #19
2017-07-04 04:00:15,825 [cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" on analysis at "/home/cuckoo/.cuckoo/storage/analyses/19"
2017-07-04 04:00:15,944 [cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" on analysis at "/home/cuckoo/.cuckoo/storage/analyses/19"
2017-07-04 04:00:15,993 [cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" on analysis at "/home/cuckoo/.cuckoo/storage/analyses/19"
2017-07-04 04:00:15,994 [cuckoo.core.plugins] DEBUG: Executed processing module "DroppedBuffer" on analysis at "/home/cuckoo/.cuckoo/storage/analyses/19"
2017-07-04 04:00:16,009 [cuckoo.core.plugins] DEBUG: Executed processing module "MetaInfo" on analysis at "/home/cuckoo/.cuckoo/storage/analyses/19"
2017-07-04 04:00:16,009 [cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" on analysis at "/home/cuckoo/.cuckoo/storage/analyses/19"
2017-07-04 04:00:16,010 [cuckoo.core.plugins] DEBUG: Executed processing module "Procmon" on analysis at "/home/cuckoo/.cuckoo/storage/analyses/19"
2017-07-04 04:00:16,010 [cuckoo.core.plugins] DEBUG: Executed processing module "Screenshots" on analysis at "/home/cuckoo/.cuckoo/storage/analyses/19"
2017-07-04 04:00:16,010 [cuckoo.core.plugins] DEBUG: Executed processing module "Static" on analysis at "/home/cuckoo/.cuckoo/storage/analyses/19"
2017-07-04 04:00:16,010 [cuckoo.core.plugins] DEBUG: Executed processing module "Strings" on analysis at "/home/cuckoo/.cuckoo/storage/analyses/19"
2017-07-04 04:00:16,011 [cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" on analysis at "/home/cuckoo/.cuckoo/storage/analyses/19"
2017-07-04 04:00:18,281 [cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" on analysis at "/home/cuckoo/.cuckoo/storage/analyses/19"
2017-07-04 04:00:19,524 [cuckoo.core.plugins] DEBUG: Executed processing module "VirusTotal" on analysis at "/home/cuckoo/.cuckoo/storage/analyses/19"
2017-07-04 04:00:19,525 [cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" on analysis at "/home/cuckoo/.cuckoo/storage/analyses/19"
2017-07-04 04:00:19,529 [cuckoo.core.plugins] DEBUG: Executed processing module "Debug" on analysis at "/home/cuckoo/.cuckoo/storage/analyses/19"
2017-07-04 04:00:19,531 [cuckoo.core.plugins] DEBUG: You are running a version of Cuckoo that's not compatible with this signature (either it's too old or too new): cuckoo=2.0.3 signature=amsi_bypass minversion=2.0.4 maxversion=None
2017-07-04 04:00:19,533 [cuckoo.core.plugins] DEBUG: You are running a version of Cuckoo that's not compatible with this signature (either it's too old or too new): cuckoo=2.0.3 signature=applocker_bypass minversion=2.0.4 maxversion=None
2017-07-04 04:00:19,540 [cuckoo.core.plugins] DEBUG: You are running a version of Cuckoo that's not compatible with this signature (either it's too old or too new): cuckoo=2.0.3 signature=metasploit_shellcode minversion=2.0.4 maxversion=None
2017-07-04 04:00:19,542 [cuckoo.core.plugins] DEBUG: You are running a version of Cuckoo that's not compatible with this signature (either it's too old or too new): cuckoo=2.0.3 signature=powerfun minversion=2.0.4 maxversion=None
2017-07-04 04:00:19,542 [cuckoo.core.plugins] DEBUG: You are running a version of Cuckoo that's not compatible with this signature (either it's too old or too new): cuckoo=2.0.3 signature=powershell_bitstransfer minversion=2.0.4 maxversion=None
2017-07-04 04:00:19,542 [cuckoo.core.plugins] DEBUG: You are running a version of Cuckoo that's not compatible with this signature (either it's too old or too new): cuckoo=2.0.3 signature=powershell_c2dns minversion=2.0.4 maxversion=None
2017-07-04 04:00:19,543 [cuckoo.core.plugins] DEBUG: You are running a version of Cuckoo that's not compatible with this signature (either it's too old or too new): cuckoo=2.0.3 signature=powershell_ddi_rc4 minversion=2.0.4 maxversion=None
2017-07-04 04:00:19,543 [cuckoo.core.plugins] DEBUG: You are running a version of Cuckoo that's not compatible with this signature (either it's too old or too new): cuckoo=2.0.3 signature=powershell_dfsp minversion=2.0.4 maxversion=None
2017-07-04 04:00:19,543 [cuckoo.core.plugins] DEBUG: You are running a version of Cuckoo that's not compatible with this signature (either it's too old or too new): cuckoo=2.0.3 signature=powershell_di minversion=2.0.4 maxversion=None
2017-07-04 04:00:19,544 [cuckoo.core.plugins] DEBUG: You are running a version of Cuckoo that's not compatible with this signature (either it's too old or too new): cuckoo=2.0.3 signature=powershell_empire minversion=2.0.4 maxversion=None
2017-07-04 04:00:19,544 [cuckoo.core.plugins] DEBUG: You are running a version of Cuckoo that's not compatible with this signature (either it's too old or too new): cuckoo=2.0.3 signature=powershell_meterpreter minversion=2.0.4 maxversion=None
2017-07-04 04:00:19,544 [cuckoo.core.plugins] DEBUG: You are running a version of Cuckoo that's not compatible with this signature (either it's too old or too new): cuckoo=2.0.3 signature=powershell_reg_add minversion=2.0.4 maxversion=None
2017-07-04 04:00:19,545 [cuckoo.core.plugins] DEBUG: You are running a version of Cuckoo that's not compatible with this signature (either it's too old or too new): cuckoo=2.0.3 signature=powershell_unicorn minversion=2.0.4 maxversion=None
2017-07-04 04:00:19,545 [cuckoo.core.plugins] DEBUG: You are running a version of Cuckoo that's not compatible with this signature (either it's too old or too new): cuckoo=2.0.3 signature=powerworm minversion=2.0.4 maxversion=None
2017-07-04 04:00:19,550 [cuckoo.core.plugins] DEBUG: Running 427 signatures
2017-07-04 04:00:20,085 [cuckoo.core.plugins] DEBUG: Analysis matched signature: network_http
2017-07-04 04:00:20,411 [cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump"
2017-07-04 04:00:21,383 [cuckoo.core.plugins] DEBUG: Executed reporting module "SingleFile"
2017-07-04 04:00:21,558 [cuckoo.core.plugins] DEBUG: Executed reporting module "MongoDB"
2017-07-04 04:00:21,558 [cuckoo.core.scheduler] INFO: Task #19: reports generation completed (path=/home/cuckoo/.cuckoo/storage/analyses/19)
2017-07-04 04:00:21,631 [cuckoo.core.scheduler] INFO: Task #19: analysis procedure completed

My host machine is running ubuntu 16.04 64-bit, guest is running windows 7 32-bit and the cuckoo version is 2.0.3.

seantree commented 7 years ago

have you install "pillow" in the your windows machine ?

jbremer commented 7 years ago

@arjunsharma97 What @seantree said - please double check your setup & the documentation.

arjunsharma97 commented 7 years ago

I had pillow installed on my host and PIL on my guest, went through the documentation multiple times and checked almost every relevant issue, nothing worked. I thought something might have gone wrong during the initial installation of the guest, so I switched to Windows 7 64-bit. It's working fine now.

Anyways thanks a lot @jbremer @seantree for your help.