doomedraven
commented
7 years ago post vbox conf, but use code escape
Closed Iforar closed 4 years ago
doomedraven
commented
7 years ago post vbox conf, but use code escape
Iforar
commented
7 years ago @doomedraven
``[virtualbox]
# Specify which VirtualBox mode you want to run your machines on.
# Can be "gui" or "headless". Please refer to VirtualBox's official
# documentation to understand the differences.
mode =gui
# Path to the local installation of the VBoxManage utility.
path = /usr/bin/vboxmanage
# If you are running Cuckoo on Mac OS X you have to change the path as follows:
# path = /Applications/VirtualBox.app/Contents/MacOS/VBoxManage
# Default network interface.
interface = vboxnet0
# Specify a comma-separated list of available machines to be used. For each
# specified ID you have to define a dedicated section containing the details
# on the respective machine. (E.g. cuckoo1,cuckoo2,cuckoo3)
machines = Cuckoo
[cuckoo1]
# Specify the label name of the current machine as specified in your
# VirtualBox configuration.
label = Cuckoo
# Specify the operating system platform used by current machine
# [windows/darwin/linux].
platform = windows
# Specify the IP address of the current virtual machine. Make sure that the
# IP address is valid and that the host machine is able to reach it. If not,
# the analysis will fail.
ip = 192.168.56.101
# (Optional) Specify the snapshot name to use. If you do not specify a snapshot
# name, the VirtualBox MachineManager will use the current snapshot.
# Example (Snapshot1 is the snapshot name):
snapshot = Snapshot 1
# (Optional) Specify the name of the network interface that should be used
# when dumping network traffic from this machine with tcpdump. If specified,
# overrides the default interface specified in auxiliary.conf
# Example (vboxnet0 is the interface name):
interface = vboxnet0
# (Optional) Specify the IP of the Result Server, as your virtual machine sees it.
# The Result Server will always bind to the address and port specified in cuckoo.conf,
# however you could set up your virtual network to use NAT/PAT, so you can specify here
# the IP address for the Result Server as your machine sees it. If you don't specify an
# address here, the machine will use the default value from cuckoo.conf.
# NOTE: if you set this option you have to set result server IP to 0.0.0.0 in cuckoo.conf.
# Example:
resultserver_ip = 192.168.56.1
# (Optional) Specify the port for the Result Server, as your virtual machine sees it.
# The Result Server will always bind to the address and port specified in cuckoo.conf,
# however you could set up your virtual network to use NAT/PAT, so you can specify here
# the port for the Result Server as your machine sees it. If you don't specify a port
# here, the machine will use the default value from cuckoo.conf.
# Example:
resultserver_port = 2042
# (Optional) Set your own tags. These are comma separated and help to identify
# specific VMs. You can run samples on VMs with tag you require.
tags =
# Mostly unused for now. Please don't fill it out.
options =
# (Optional) Specify the OS profile to be used by volatility for this
# virtual machine. This will override the guest_profile variable in
# memory.conf which solves the problem of having multiple types of VMs
# and properly determining which profile to use.
osprofile =
[honeyd]
# For more information on this VM please refer to the "services" section of
# the conf/auxiliary.conf configuration file. This machine is a bit special
# in the way that its used as an additional VM for an analysis.
# *NOTE* that if this functionality is used, the VM should be registered in
# the "machines" list in the beginning of this file.
label = honeyd
platform = linux
#ip = 192.168.56.102
# The tags should at least contain "service" and the name of this service.
# This way the services auxiliary module knows how to find this particular VM.
#tags = service, honeyd
# Not all services actually have a Cuckoo Agent running in the VM, for those
# services one can specify the "noagent" option so Cuckoo will just wait until
# the end of the analysis instead of trying to connect to the non-existing
# Cuckoo Agent. We can't really intercept any inter-VM communication from the
# host / gateway so in order to dump traffic between VMs we have to use a
# different network dumping approach. For this machine we use the "nictrace"
# functionality from VirtualBox (which is basically their internal tcpdump)
# and thus properly dumps inter-VM traffic.
options = nictrace noagent```no code escape...
here is your problem
machines = Cuckoo <- should be cuckoo1 [cuckoo1]
Iforar
commented
7 years ago @doomedraven
I rename virtual machine in cuckoo1. I received one more error
2017-11-03 22:22:27,723 [cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager
2017-11-03 22:22:28,686 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm cuckoo1
2017-11-03 22:22:28,733 [cuckoo] CRITICAL: CuckooCriticalError: Please update your configuration. Unable to shut 'cuckoo1' down or find the machine in its proper state: The virtual machine 'cuckoo1' doesn't exist! Please create one or more Cuckoo analysis VMs and properly fill out the Cuckoo configuration!
'machines = cuckoo1
[cuckoo1]
# Specify the label name of the current machine as specified in your
# VirtualBox configuration.
label = cuckoo1'
doomedraven
commented
7 years ago is snapshot taken in running state?
Iforar
commented
7 years ago @doomedraven Snapshot taken in power off state
doomedraven
commented
7 years ago did you read the documentation? read it!
Iforar
commented
7 years ago I taken snapshot like documentation but error stayed. @doomedraven
doomedraven
commented
7 years ago in running state?
Iforar
commented
7 years ago http://docs.cuckoosandbox.org/en/latest/installation/guest/saving/
i do snapshot like this
doomedraven
commented
7 years ago so which is the error if vm snapshot is in running state?
Iforar
commented
7 years ago [cuckoo.core.resultserver] DEBUG: ResultServer running on 192.168.56.1:2042. 2017-11-04 19:26:05,758 [cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2017-11-04 19:26:08,272 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm cuckoo1 2017-11-04 19:26:08,329 [cuckoo] CRITICAL: CuckooCriticalError: Please update your configuration. Unable to shut 'cuckoo1' down or find the machine in its proper state: The virtual machine 'cuckoo1' doesn't exist! Please create one or more Cuckoo analysis VMs and properly fill out the Cuckoo configuration! @doomedraven
doomedraven
commented
7 years ago post vbox conf again
Iforar
commented
7 years ago @doomedraven
# Specify the operating system platform used by current machine
# [windows/darwin/linux].
platform = windows
# Specify the IP address of the current virtual machine. Make sure that the
# IP address is valid and that the host machine is able to reach it. If not,
# the analysis will fail.
ip = 192.168.56.101
# (Optional) Specify the snapshot name to use. If you do not specify a snapshot
# name, the VirtualBox MachineManager will use the current snapshot.
# Example (Snapshot1 is the snapshot name):
snapshot = Snapshot1
# (Optional) Specify the name of the network interface that should be used
# when dumping network traffic from this machine with tcpdump. If specified,
# overrides the default interface specified in auxiliary.conf
# Example (vboxnet0 is the interface name):
interface = vboxnet0
# (Optional) Specify the IP of the Result Server, as your virtual machine sees it.
# The Result Server will always bind to the address and port specified in cuckoo.conf,
# however you could set up your virtual network to use NAT/PAT, so you can specify here
# the IP address for the Result Server as your machine sees it. If you don't specify an
# address here, the machine will use the default value from cuckoo.conf.
# NOTE: if you set this option you have to set result server IP to 0.0.0.0 in cuckoo.conf.
# Example:
resultserver_ip = 192.168.56.1
# (Optional) Specify the port for the Result Server, as your virtual machine sees it.
# The Result Server will always bind to the address and port specified in cuckoo.conf,
# however you could set up your virtual network to use NAT/PAT, so you can specify here
# the port for the Result Server as your machine sees it. If you don't specify a port
# here, the machine will use the default value from cuckoo.conf.
# Example:
resultserver_port = 2042
# (Optional) Set your own tags. These are comma separated and help to identify
# specific VMs. You can run samples on VMs with tag you require.
tags =
# Mostly unused for now. Please don't fill it out.
options =
# (Optional) Specify the OS profile to be used by volatility for this
# virtual machine. This will override the guest_profile variable in
# memory.conf which solves the problem of having multiple types of VMs
# and properly determining which profile to use.
osprofile =
[honeyd]
# For more information on this VM please refer to the "services" section of
# the conf/auxiliary.conf configuration file. This machine is a bit special
# in the way that its used as an additional VM for an analysis.
# *NOTE* that if this functionality is used, the VM should be registered in
# the "machines" list in the beginning of this file.
label = honeyd
platform = linux
#ip = 192.168.56.102
# The tags should at least contain "service" and the name of this service.
# This way the services auxiliary module knows how to find this particular VM.
#tags = service, honeyd
# Not all services actually have a Cuckoo Agent running in the VM, for those
# services one can specify the "noagent" option so Cuckoo will just wait until
# the end of the analysis instead of trying to connect to the non-existing
# Cuckoo Agent. We can't really intercept any inter-VM communication from the
# host / gateway so in order to dump traffic between VMs we have to use a
# different network dumping approach. For this machine we use the "nictrace"
# functionality from VirtualBox (which is basically their internal tcpdump)
# and thus properly dumps inter-VM traffic.
options = nictrace noagentthat is incomplate
Iforar
commented
7 years ago How to complete? @doomedraven
doomedraven
commented
7 years ago conpare with first config which you posted
Iforar
commented
7 years ago [virtualbox]
# Specify which VirtualBox mode you want to run your machines on.
# Can be "gui" or "headless". Please refer to VirtualBox's official
# documentation to understand the differences.
mode =gui
# Path to the local installation of the VBoxManage utility.
path = /usr/bin/vboxmanage
# If you are running Cuckoo on Mac OS X you have to change the path as follows:
# path = /Applications/VirtualBox.app/Contents/MacOS/VBoxManage
# Default network interface.
interface = vboxnet0
# Specify a comma-separated list of available machines to be used. For each
# specified ID you have to define a dedicated section containing the details
# on the respective machine. (E.g. cuckoo1,cuckoo2,cuckoo3)
machines = cuckoo1
[cuckoo1]
# Specify the label name of the current machine as specified in your
# VirtualBox configuration.
label = cuckoo1
# Specify the operating system platform used by current machine
# [windows/darwin/linux].
platform = windows
# Specify the IP address of the current virtual machine. Make sure that the
# IP address is valid and that the host machine is able to reach it. If not,
# the analysis will fail.
ip = 192.168.56.101
# (Optional) Specify the snapshot name to use. If you do not specify a snapshot
# name, the VirtualBox MachineManager will use the current snapshot.
# Example (Snapshot1 is the snapshot name):
snapshot = Snapshot1
# (Optional) Specify the name of the network interface that should be used
# when dumping network traffic from this machine with tcpdump. If specified,
# overrides the default interface specified in auxiliary.conf
# Example (vboxnet0 is the interface name):
interface = vboxnet0
# (Optional) Specify the IP of the Result Server, as your virtual machine sees it.
# The Result Server will always bind to the address and port specified in cuckoo.conf,
# however you could set up your virtual network to use NAT/PAT, so you can specify here
# the IP address for the Result Server as your machine sees it. If you don't specify an
# address here, the machine will use the default value from cuckoo.conf.
# NOTE: if you set this option you have to set result server IP to 0.0.0.0 in cuckoo.conf.
# Example:
resultserver_ip = 192.168.56.1
# (Optional) Specify the port for the Result Server, as your virtual machine sees it.
# The Result Server will always bind to the address and port specified in cuckoo.conf,
# however you could set up your virtual network to use NAT/PAT, so you can specify here
# the port for the Result Server as your machine sees it. If you don't specify a port
# here, the machine will use the default value from cuckoo.conf.
# Example:
resultserver_port = 2042
# (Optional) Set your own tags. These are comma separated and help to identify
# specific VMs. You can run samples on VMs with tag you require.
tags =
# Mostly unused for now. Please don't fill it out.
options =
# (Optional) Specify the OS profile to be used by volatility for this
# virtual machine. This will override the guest_profile variable in
# memory.conf which solves the problem of having multiple types of VMs
# and properly determining which profile to use.
osprofile =
[honeyd]
# For more information on this VM please refer to the "services" section of
# the conf/auxiliary.conf configuration file. This machine is a bit special
# in the way that its used as an additional VM for an analysis.
# *NOTE* that if this functionality is used, the VM should be registered in
# the "machines" list in the beginning of this file.
label = honeyd
platform = linux
#ip = 192.168.56.102
# The tags should at least contain "service" and the name of this service.
# This way the services auxiliary module knows how to find this particular VM.
#tags = service, honeyd
# Not all services actually have a Cuckoo Agent running in the VM, for those
# services one can specify the "noagent" option so Cuckoo will just wait until
# the end of the analysis instead of trying to connect to the non-existing
# Cuckoo Agent. We can't really intercept any inter-VM communication from the
# host / gateway so in order to dump traffic between VMs we have to use a
# different network dumping approach. For this machine we use the "nictrace"
# functionality from VirtualBox (which is basically their internal tcpdump)
# and thus properly dumps inter-VM traffic.
options = nictrace noagent
@doomedraven
Iforar
commented
7 years ago I don`t understand that i must configure in conf. I read many manuals but anyways have errors. @doomedraven
doomedraven
commented
7 years ago 1 start vm 2 start agent in vm or put in in startup(in startup then reboot and test what it working) 3 take snapshot in running mode and shutdown vm 4 enjoy
just that, nothing else, easy
Iforar
commented
7 years ago i according to the instructions and have errors @doomedraven
doomedraven
commented
7 years ago sorry can't spend more time here, maybe someone will can help you, good luck
hackdefendr
commented
6 years ago Additional:
jbremer
commented
6 years ago Any more questions here? Otherwise I'll be closing this issue.
I install cuckoo sandbox and configuration it. But when cuckoo start i have error. .-----------------. | Cuckoo Sandbox? | | OH NOES! |\ '-..-' '-----------------' \ /oo |--.--,--,--. _.-'._ii_i.' """""""""
Cuckoo Sandbox 2.0.4 www.cuckoosandbox.org Copyright (c) 2010-2017
Checking for updates... You're good to go! 2017-11-01 21:34:09,723 [cuckoo.core.startup] DEBUG: Imported modules... 2017-11-01 21:34:09,728 [cuckoo.core.startup] DEBUG: Imported "auxiliary" modules: 2017-11-01 21:34:09,729 [cuckoo.core.startup] DEBUG: |-- MITM 2017-11-01 21:34:09,729 [cuckoo.core.startup] DEBUG: |-- Reboot 2017-11-01 21:34:09,729 [cuckoo.core.startup] DEBUG: |-- Services 2017-11-01 21:34:09,729 [cuckoo.core.startup] DEBUG:
-- Sniffer 2017-11-01 21:34:09,729 [cuckoo.core.startup] DEBUG: Imported "machinery" modules: 2017-11-01 21:34:09,729 [cuckoo.core.startup] DEBUG: |-- vSphere 2017-11-01 21:34:09,729 [cuckoo.core.startup] DEBUG: |-- KVM 2017-11-01 21:34:09,729 [cuckoo.core.startup] DEBUG: |-- ESX 2017-11-01 21:34:09,729 [cuckoo.core.startup] DEBUG: |-- XenServer 2017-11-01 21:34:09,730 [cuckoo.core.startup] DEBUG: |-- VMware 2017-11-01 21:34:09,730 [cuckoo.core.startup] DEBUG: |-- Avd 2017-11-01 21:34:09,730 [cuckoo.core.startup] DEBUG: |-- QEMU 2017-11-01 21:34:09,730 [cuckoo.core.startup] DEBUG: |-- VirtualBox 2017-11-01 21:34:09,730 [cuckoo.core.startup] DEBUG:-- Physical 2017-11-01 21:34:09,730 [cuckoo.core.startup] DEBUG: Imported "processing" modules: 2017-11-01 21:34:09,730 [cuckoo.core.startup] DEBUG: |-- AnalysisInfo 2017-11-01 21:34:09,730 [cuckoo.core.startup] DEBUG: |-- ApkInfo 2017-11-01 21:34:09,730 [cuckoo.core.startup] DEBUG: |-- Baseline 2017-11-01 21:34:09,730 [cuckoo.core.startup] DEBUG: |-- BehaviorAnalysis 2017-11-01 21:34:09,731 [cuckoo.core.startup] DEBUG: |-- Debug 2017-11-01 21:34:09,731 [cuckoo.core.startup] DEBUG: |-- Droidmon 2017-11-01 21:34:09,731 [cuckoo.core.startup] DEBUG: |-- Dropped 2017-11-01 21:34:09,731 [cuckoo.core.startup] DEBUG: |-- DroppedBuffer 2017-11-01 21:34:09,731 [cuckoo.core.startup] DEBUG: |-- Extracted 2017-11-01 21:34:09,731 [cuckoo.core.startup] DEBUG: |-- GooglePlay 2017-11-01 21:34:09,731 [cuckoo.core.startup] DEBUG: |-- Irma 2017-11-01 21:34:09,731 [cuckoo.core.startup] DEBUG: |-- Memory 2017-11-01 21:34:09,731 [cuckoo.core.startup] DEBUG: |-- MetaInfo 2017-11-01 21:34:09,731 [cuckoo.core.startup] DEBUG: |-- MISP 2017-11-01 21:34:09,732 [cuckoo.core.startup] DEBUG: |-- NetworkAnalysis 2017-11-01 21:34:09,732 [cuckoo.core.startup] DEBUG: |-- ProcessMemory 2017-11-01 21:34:09,732 [cuckoo.core.startup] DEBUG: |-- Procmon 2017-11-01 21:34:09,732 [cuckoo.core.startup] DEBUG: |-- Screenshots 2017-11-01 21:34:09,732 [cuckoo.core.startup] DEBUG: |-- Snort 2017-11-01 21:34:09,732 [cuckoo.core.startup] DEBUG: |-- Static 2017-11-01 21:34:09,732 [cuckoo.core.startup] DEBUG: |-- Strings 2017-11-01 21:34:09,732 [cuckoo.core.startup] DEBUG: |-- Suricata 2017-11-01 21:34:09,732 [cuckoo.core.startup] DEBUG: |-- TargetInfo 2017-11-01 21:34:09,732 [cuckoo.core.startup] DEBUG: |-- TLSMasterSecrets 2017-11-01 21:34:09,732 [cuckoo.core.startup] DEBUG:-- VirusTotal 2017-11-01 21:34:09,733 [cuckoo.core.startup] DEBUG: Imported "signatures" modules: 2017-11-01 21:34:09,733 [cuckoo.core.startup] DEBUG: |-- AndroidAbortBroadcast 2017-11-01 21:34:09,733 [cuckoo.core.startup] DEBUG: |-- AndroidAccountInfo 2017-11-01 21:34:09,733 [cuckoo.core.startup] DEBUG: |-- AndroidAppInfo 2017-11-01 21:34:09,733 [cuckoo.core.startup] DEBUG: |-- AndroidAudio 2017-11-01 21:34:09,733 [cuckoo.core.startup] DEBUG: |-- AndroidCamera 2017-11-01 21:34:09,733 [cuckoo.core.startup] DEBUG: |-- AndroidDangerousPermissions 2017-11-01 21:34:09,733 [cuckoo.core.startup] DEBUG: |-- AndroidDeletedApp 2017-11-01 21:34:09,733 [cuckoo.core.startup] DEBUG: |-- AndroidDynamicCode 2017-11-01 21:34:09,733 [cuckoo.core.startup] DEBUG: |-- AndroidEmbeddedApk 2017-11-01 21:34:09,734 [cuckoo.core.startup] DEBUG: |-- AndroidGooglePlayDiff 2017-11-01 21:34:09,734 [cuckoo.core.startup] DEBUG: |-- AndroidInstalledApps 2017-11-01 21:34:09,734 [cuckoo.core.startup] DEBUG: |-- AndroidNativeCode 2017-11-01 21:34:09,734 [cuckoo.core.startup] DEBUG: |-- AndroidPhoneNumber 2017-11-01 21:34:09,734 [cuckoo.core.startup] DEBUG: |-- AndroidPrivateInfoQuery 2017-11-01 21:34:09,734 [cuckoo.core.startup] DEBUG: |-- AndroidReflectionCode 2017-11-01 21:34:09,734 [cuckoo.core.startup] DEBUG: |-- AndroidRegisteredReceiver 2017-11-01 21:34:09,734 [cuckoo.core.startup] DEBUG: |-- AndroidShellCommands 2017-11-01 21:34:09,735 [cuckoo.core.startup] DEBUG: |-- AndroidSMS 2017-11-01 21:34:09,735 [cuckoo.core.startup] DEBUG: |-- AndroidStopProcess 2017-11-01 21:34:09,735 [cuckoo.core.startup] DEBUG: |-- ApplicationUsesLocation 2017-11-01 21:34:09,735 [cuckoo.core.startup] DEBUG: |-- KnownVirustotal 2017-11-01 21:34:09,735 [cuckoo.core.startup] DEBUG: |-- AntiAnalysisJavascript 2017-11-01 21:34:09,735 [cuckoo.core.startup] DEBUG: |-- DumpedBuffer 2017-11-01 21:34:09,736 [cuckoo.core.startup] DEBUG: |-- DumpedBuffer2 2017-11-01 21:34:09,736 [cuckoo.core.startup] DEBUG: |-- EncryptionKeys 2017-11-01 21:34:09,736 [cuckoo.core.startup] DEBUG: |-- EvalJS 2017-11-01 21:34:09,736 [cuckoo.core.startup] DEBUG: |-- Exploit_zteF460F660 2017-11-01 21:34:09,736 [cuckoo.core.startup] DEBUG: |-- HtmlFlash 2017-11-01 21:34:09,736 [cuckoo.core.startup] DEBUG: |-- JsIframe 2017-11-01 21:34:09,736 [cuckoo.core.startup] DEBUG: |-- PDFAttachments 2017-11-01 21:34:09,736 [cuckoo.core.startup] DEBUG: |-- PDFJavaScript 2017-11-01 21:34:09,737 [cuckoo.core.startup] DEBUG: |-- PDFOpenAction 2017-11-01 21:34:09,737 [cuckoo.core.startup] DEBUG: |-- PDFOpenActionJS 2017-11-01 21:34:09,737 [cuckoo.core.startup] DEBUG: |-- SuspiciousJavascript 2017-11-01 21:34:09,737 [cuckoo.core.startup] DEBUG: |-- DarwinCodeInjection 2017-11-01 21:34:09,738 [cuckoo.core.startup] DEBUG: |-- TaskForPid 2017-11-01 21:34:09,738 [cuckoo.core.startup] DEBUG: |-- DeadHost 2017-11-01 21:34:09,738 [cuckoo.core.startup] DEBUG: |-- NetworkBIND 2017-11-01 21:34:09,738 [cuckoo.core.startup] DEBUG: |-- NetworkDynDNS 2017-11-01 21:34:09,739 [cuckoo.core.startup] DEBUG: |-- NetworkHTTP 2017-11-01 21:34:09,739 [cuckoo.core.startup] DEBUG: |-- NetworkICMP 2017-11-01 21:34:09,739 [cuckoo.core.startup] DEBUG: |-- NetworkIRC 2017-11-01 21:34:09,739 [cuckoo.core.startup] DEBUG: |-- NetworkSMTP 2017-11-01 21:34:09,739 [cuckoo.core.startup] DEBUG: |-- SnortAlert 2017-11-01 21:34:09,739 [cuckoo.core.startup] DEBUG: |-- SuricataAlert 2017-11-01 21:34:09,739 [cuckoo.core.startup] DEBUG: |-- Suspicious_TLD 2017-11-01 21:34:09,739 [cuckoo.core.startup] DEBUG: |-- TorGateway 2017-11-01 21:34:09,739 [cuckoo.core.startup] DEBUG: |-- WscriptDownloader 2017-11-01 21:34:09,739 [cuckoo.core.startup] DEBUG: |-- ADS 2017-11-01 21:34:09,740 [cuckoo.core.startup] DEBUG: |-- Adzok 2017-11-01 21:34:09,740 [cuckoo.core.startup] DEBUG: |-- AlinaFile 2017-11-01 21:34:09,740 [cuckoo.core.startup] DEBUG: |-- AlineURL 2017-11-01 21:34:09,740 [cuckoo.core.startup] DEBUG: |-- AllocatesRWX 2017-11-01 21:34:09,740 [cuckoo.core.startup] DEBUG: |-- AmsiBypass 2017-11-01 21:34:09,740 [cuckoo.core.startup] DEBUG: |-- Andromeda 2017-11-01 21:34:09,740 [cuckoo.core.startup] DEBUG: |-- AntiAnalysisDetectFile 2017-11-01 21:34:09,740 [cuckoo.core.startup] DEBUG: |-- AntiAVDetectFile 2017-11-01 21:34:09,740 [cuckoo.core.startup] DEBUG: |-- AntiAVDetectReg 2017-11-01 21:34:09,740 [cuckoo.core.startup] DEBUG: |-- AntiAVSRP 2017-11-01 21:34:09,740 [cuckoo.core.startup] DEBUG: |-- AntiDBGDevices 2017-11-01 21:34:09,741 [cuckoo.core.startup] DEBUG: |-- AntiDBGWindows 2017-11-01 21:34:09,741 [cuckoo.core.startup] DEBUG: |-- AntiSandboxFile 2017-11-01 21:34:09,741 [cuckoo.core.startup] DEBUG: |-- AntiSandboxForegroundWindow 2017-11-01 21:34:09,741 [cuckoo.core.startup] DEBUG: |-- AntiSandboxIdleTime 2017-11-01 21:34:09,741 [cuckoo.core.startup] DEBUG: |-- AntiSandboxRestart 2017-11-01 21:34:09,741 [cuckoo.core.startup] DEBUG: |-- AntiSandboxSleep 2017-11-01 21:34:09,741 [cuckoo.core.startup] DEBUG: |-- AntiVMBios 2017-11-01 21:34:09,741 [cuckoo.core.startup] DEBUG: |-- AntiVMComputernameQuery 2017-11-01 21:34:09,741 [cuckoo.core.startup] DEBUG: |-- AntiVMCPU 2017-11-01 21:34:09,741 [cuckoo.core.startup] DEBUG: |-- AntiVMDiskSize 2017-11-01 21:34:09,742 [cuckoo.core.startup] DEBUG: |-- AntiVMIDE 2017-11-01 21:34:09,742 [cuckoo.core.startup] DEBUG: |-- AntiVMSCSI 2017-11-01 21:34:09,742 [cuckoo.core.startup] DEBUG: |-- AntiVMServices 2017-11-01 21:34:09,742 [cuckoo.core.startup] DEBUG: |-- AntiVMSharedDevice 2017-11-01 21:34:09,742 [cuckoo.core.startup] DEBUG: |-- AppLockerBypass 2017-11-01 21:34:09,742 [cuckoo.core.startup] DEBUG: |-- APT_Carbunak 2017-11-01 21:34:09,742 [cuckoo.core.startup] DEBUG: |-- APT_CloudAtlas 2017-11-01 21:34:09,742 [cuckoo.core.startup] DEBUG: |-- apt_sandworm_ip 2017-11-01 21:34:09,742 [cuckoo.core.startup] DEBUG: |-- apt_sandworm_url 2017-11-01 21:34:09,742 [cuckoo.core.startup] DEBUG: |-- ArdamaxMutexes 2017-11-01 21:34:09,742 [cuckoo.core.startup] DEBUG: |-- AthenaHttp 2017-11-01 21:34:09,743 [cuckoo.core.startup] DEBUG: |-- AthenaURL 2017-11-01 21:34:09,743 [cuckoo.core.startup] DEBUG: |-- Autorun 2017-11-01 21:34:09,743 [cuckoo.core.startup] DEBUG: |-- AvastDetectLibs 2017-11-01 21:34:09,743 [cuckoo.core.startup] DEBUG: |-- AVDetectionChinaKey 2017-11-01 21:34:09,743 [cuckoo.core.startup] DEBUG: |-- BadCerts 2017-11-01 21:34:09,743 [cuckoo.core.startup] DEBUG: |-- Bagle 2017-11-01 21:34:09,743 [cuckoo.core.startup] DEBUG: |-- Bandook 2017-11-01 21:34:09,743 [cuckoo.core.startup] DEBUG: |-- banker_bancos 2017-11-01 21:34:09,743 [cuckoo.core.startup] DEBUG: |-- BankingMutexes 2017-11-01 21:34:09,743 [cuckoo.core.startup] DEBUG: |-- Banload 2017-11-01 21:34:09,743 [cuckoo.core.startup] DEBUG: |-- Beastdoor 2017-11-01 21:34:09,744 [cuckoo.core.startup] DEBUG: |-- BeebusMutexes 2017-11-01 21:34:09,744 [cuckoo.core.startup] DEBUG: |-- BegseabugTDMutexes 2017-11-01 21:34:09,744 [cuckoo.core.startup] DEBUG: |-- BetabotURL 2017-11-01 21:34:09,744 [cuckoo.core.startup] DEBUG: |-- Bifrose 2017-11-01 21:34:09,744 [cuckoo.core.startup] DEBUG: |-- BitcoinOpenCL 2017-11-01 21:34:09,744 [cuckoo.core.startup] DEBUG: |-- BitcoinWallet 2017-11-01 21:34:09,744 [cuckoo.core.startup] DEBUG: |-- BitdefenderDetectLibs 2017-11-01 21:34:09,744 [cuckoo.core.startup] DEBUG: |-- BlackEnergyMutexes 2017-11-01 21:34:09,744 [cuckoo.core.startup] DEBUG: |-- Blackhole 2017-11-01 21:34:09,744 [cuckoo.core.startup] DEBUG: |-- BlackholeURL 2017-11-01 21:34:09,745 [cuckoo.core.startup] DEBUG: |-- Blackice 2017-11-01 21:34:09,745 [cuckoo.core.startup] DEBUG: |-- BlackposURL 2017-11-01 21:34:09,745 [cuckoo.core.startup] DEBUG: |-- BlackRevMutexes 2017-11-01 21:34:09,745 [cuckoo.core.startup] DEBUG: |-- Blackshades 2017-11-01 21:34:09,745 [cuckoo.core.startup] DEBUG: |-- BladabindiMutexes 2017-11-01 21:34:09,745 [cuckoo.core.startup] DEBUG: |-- BochsDetectKeys 2017-11-01 21:34:09,745 [cuckoo.core.startup] DEBUG: |-- Bootkit 2017-11-01 21:34:09,745 [cuckoo.core.startup] DEBUG: |-- Bottilda 2017-11-01 21:34:09,745 [cuckoo.core.startup] DEBUG: |-- BozokKey 2017-11-01 21:34:09,745 [cuckoo.core.startup] DEBUG: |-- browser_startpage 2017-11-01 21:34:09,745 [cuckoo.core.startup] DEBUG: |-- BrowserSecurity 2017-11-01 21:34:09,746 [cuckoo.core.startup] DEBUG: |-- BrowserStealer 2017-11-01 21:34:09,746 [cuckoo.core.startup] DEBUG: |-- Btcbotnet 2017-11-01 21:34:09,746 [cuckoo.core.startup] DEBUG: |-- Bublik 2017-11-01 21:34:09,746 [cuckoo.core.startup] DEBUG: |-- BuildLangID 2017-11-01 21:34:09,746 [cuckoo.core.startup] DEBUG: |-- BuzusMutexes 2017-11-01 21:34:09,746 [cuckoo.core.startup] DEBUG: |-- BypassFirewall 2017-11-01 21:34:09,746 [cuckoo.core.startup] DEBUG: |-- c24URL 2017-11-01 21:34:09,746 [cuckoo.core.startup] DEBUG: |-- CarberpMutexes 2017-11-01 21:34:09,746 [cuckoo.core.startup] DEBUG: |-- Ceatrg 2017-11-01 21:34:09,746 [cuckoo.core.startup] DEBUG: |-- ChanitorMutexes 2017-11-01 21:34:09,747 [cuckoo.core.startup] DEBUG: |-- CheckIP 2017-11-01 21:34:09,747 [cuckoo.core.startup] DEBUG: |-- cloud_mediafire 2017-11-01 21:34:09,747 [cuckoo.core.startup] DEBUG: |-- cloud_wetransfer 2017-11-01 21:34:09,747 [cuckoo.core.startup] DEBUG: |-- CloudFlare 2017-11-01 21:34:09,747 [cuckoo.core.startup] DEBUG: |-- CloudGoogle 2017-11-01 21:34:09,747 [cuckoo.core.startup] DEBUG: |-- CoinminerMutexes 2017-11-01 21:34:09,747 [cuckoo.core.startup] DEBUG: |-- ComRAT 2017-11-01 21:34:09,747 [cuckoo.core.startup] DEBUG: |-- Crash 2017-11-01 21:34:09,747 [cuckoo.core.startup] DEBUG: |-- CreatesAutorunInf 2017-11-01 21:34:09,747 [cuckoo.core.startup] DEBUG: |-- CreatesDocument 2017-11-01 21:34:09,748 [cuckoo.core.startup] DEBUG: |-- CreatesExe 2017-11-01 21:34:09,748 [cuckoo.core.startup] DEBUG: |-- CreatesLargeKey 2017-11-01 21:34:09,748 [cuckoo.core.startup] DEBUG: |-- CreatesService 2017-11-01 21:34:09,748 [cuckoo.core.startup] DEBUG: |-- CreatesShortcut 2017-11-01 21:34:09,748 [cuckoo.core.startup] DEBUG: |-- CreatesSuspiciousProcess 2017-11-01 21:34:09,748 [cuckoo.core.startup] DEBUG: |-- Cridex 2017-11-01 21:34:09,748 [cuckoo.core.startup] DEBUG: |-- CryptGenKey 2017-11-01 21:34:09,748 [cuckoo.core.startup] DEBUG: |-- Cryptolocker 2017-11-01 21:34:09,748 [cuckoo.core.startup] DEBUG: |-- CuckooDetectFiles 2017-11-01 21:34:09,748 [cuckoo.core.startup] DEBUG: |-- Cybergate 2017-11-01 21:34:09,749 [cuckoo.core.startup] DEBUG: |-- Dapato 2017-11-01 21:34:09,749 [cuckoo.core.startup] DEBUG: |-- Darkcloud 2017-11-01 21:34:09,749 [cuckoo.core.startup] DEBUG: |-- DarkddosMutexes 2017-11-01 21:34:09,749 [cuckoo.core.startup] DEBUG: |-- Darkshell 2017-11-01 21:34:09,749 [cuckoo.core.startup] DEBUG: |-- Ddos556 2017-11-01 21:34:09,749 [cuckoo.core.startup] DEBUG: |-- Decay 2017-11-01 21:34:09,749 [cuckoo.core.startup] DEBUG: |-- DecebalMutexes 2017-11-01 21:34:09,749 [cuckoo.core.startup] DEBUG: |-- DeletesSelf 2017-11-01 21:34:09,749 [cuckoo.core.startup] DEBUG: |-- DelfTrojan 2017-11-01 21:34:09,749 [cuckoo.core.startup] DEBUG: |-- DEPHeapBypass 2017-11-01 21:34:09,749 [cuckoo.core.startup] DEBUG: |-- DEPStackBypass 2017-11-01 21:34:09,750 [cuckoo.core.startup] DEBUG: |-- DerusbiMutexes 2017-11-01 21:34:09,750 [cuckoo.core.startup] DEBUG: |-- Dexter 2017-11-01 21:34:09,750 [cuckoo.core.startup] DEBUG: |-- Dibik 2017-11-01 21:34:09,750 [cuckoo.core.startup] DEBUG: |-- DirtJumper 2017-11-01 21:34:09,750 [cuckoo.core.startup] DEBUG: |-- DisableCmd 2017-11-01 21:34:09,750 [cuckoo.core.startup] DEBUG: |-- DisableRegedit 2017-11-01 21:34:09,750 [cuckoo.core.startup] DEBUG: |-- DisablesAppLaunch 2017-11-01 21:34:09,750 [cuckoo.core.startup] DEBUG: |-- DisablesBrowserWarn 2017-11-01 21:34:09,750 [cuckoo.core.startup] DEBUG: |-- DisablesSecurity 2017-11-01 21:34:09,750 [cuckoo.core.startup] DEBUG: |-- DisablesSPDY 2017-11-01 21:34:09,751 [cuckoo.core.startup] DEBUG: |-- DisablesSystemRestore 2017-11-01 21:34:09,751 [cuckoo.core.startup] DEBUG: |-- DisablesWER 2017-11-01 21:34:09,751 [cuckoo.core.startup] DEBUG: |-- DisablesWindowsUpdate 2017-11-01 21:34:09,751 [cuckoo.core.startup] DEBUG: |-- DisableTaskMgr 2017-11-01 21:34:09,752 [cuckoo.core.startup] DEBUG: |-- DiskInformation 2017-11-01 21:34:09,752 [cuckoo.core.startup] DEBUG: |-- DisplaysHTA 2017-11-01 21:34:09,752 [cuckoo.core.startup] DEBUG: |-- Dns_Freehosting_Domain 2017-11-01 21:34:09,752 [cuckoo.core.startup] DEBUG: |-- dnsserver_dynamic 2017-11-01 21:34:09,752 [cuckoo.core.startup] DEBUG: |-- DocumentClose 2017-11-01 21:34:09,752 [cuckoo.core.startup] DEBUG: |-- DocumentOpen 2017-11-01 21:34:09,753 [cuckoo.core.startup] DEBUG: |-- DoFoil 2017-11-01 21:34:09,753 [cuckoo.core.startup] DEBUG: |-- DownloaderCabby 2017-11-01 21:34:09,753 [cuckoo.core.startup] DEBUG: |-- Dridex_APIs 2017-11-01 21:34:09,753 [cuckoo.core.startup] DEBUG: |-- Drive 2017-11-01 21:34:09,753 [cuckoo.core.startup] DEBUG: |-- Drive2 2017-11-01 21:34:09,753 [cuckoo.core.startup] DEBUG: |-- DriverLoad 2017-11-01 21:34:09,753 [cuckoo.core.startup] DEBUG: |-- DropBox 2017-11-01 21:34:09,754 [cuckoo.core.startup] DEBUG: |-- Dropper 2017-11-01 21:34:09,754 [cuckoo.core.startup] DEBUG: |-- Dyreza 2017-11-01 21:34:09,754 [cuckoo.core.startup] DEBUG: |-- EclipseMutexes 2017-11-01 21:34:09,754 [cuckoo.core.startup] DEBUG: |-- Emotet 2017-11-01 21:34:09,754 [cuckoo.core.startup] DEBUG: |-- Emotet_APIs 2017-11-01 21:34:09,755 [cuckoo.core.startup] DEBUG: |-- Evilbot 2017-11-01 21:34:09,755 [cuckoo.core.startup] DEBUG: |-- ExecBitsAdmin 2017-11-01 21:34:09,755 [cuckoo.core.startup] DEBUG: |-- ExecWaitFor 2017-11-01 21:34:09,756 [cuckoo.core.startup] DEBUG: |-- exp_3322_dom 2017-11-01 21:34:09,756 [cuckoo.core.startup] DEBUG: |-- Expiro 2017-11-01 21:34:09,756 [cuckoo.core.startup] DEBUG: |-- ExploitHeapspray 2017-11-01 21:34:09,756 [cuckoo.core.startup] DEBUG: |-- ExploitKitMutexes 2017-11-01 21:34:09,756 [cuckoo.core.startup] DEBUG: |-- FakeAVMutexes 2017-11-01 21:34:09,756 [cuckoo.core.startup] DEBUG: |-- FakeAVMutexes 2017-11-01 21:34:09,756 [cuckoo.core.startup] DEBUG: |-- FakeRean 2017-11-01 21:34:09,757 [cuckoo.core.startup] DEBUG: |-- FarFli 2017-11-01 21:34:09,757 [cuckoo.core.startup] DEBUG: |-- FesberMutexes 2017-11-01 21:34:09,757 [cuckoo.core.startup] DEBUG: |-- Fingerprint 2017-11-01 21:34:09,757 [cuckoo.core.startup] DEBUG: |-- Flame 2017-11-01 21:34:09,757 [cuckoo.core.startup] DEBUG: |-- Flystudio 2017-11-01 21:34:09,757 [cuckoo.core.startup] DEBUG: |-- FortinetDetectFiles 2017-11-01 21:34:09,757 [cuckoo.core.startup] DEBUG: |-- FTPStealer 2017-11-01 21:34:09,757 [cuckoo.core.startup] DEBUG: |-- Fynloski 2017-11-01 21:34:09,758 [cuckoo.core.startup] DEBUG: |-- Gaelicum 2017-11-01 21:34:09,758 [cuckoo.core.startup] DEBUG: |-- Ghostbot 2017-11-01 21:34:09,758 [cuckoo.core.startup] DEBUG: |-- HasAuthenticode 2017-11-01 21:34:09,758 [cuckoo.core.startup] DEBUG: |-- HasOfficeEps 2017-11-01 21:34:09,758 [cuckoo.core.startup] DEBUG: |-- HasPdb 2017-11-01 21:34:09,758 [cuckoo.core.startup] DEBUG: |-- HasWMI 2017-11-01 21:34:09,758 [cuckoo.core.startup] DEBUG: |-- Hesperbot 2017-11-01 21:34:09,758 [cuckoo.core.startup] DEBUG: |-- Hidden_Window 2017-11-01 21:34:09,758 [cuckoo.core.startup] DEBUG: |-- Hikit 2017-11-01 21:34:09,759 [cuckoo.core.startup] DEBUG: |-- HookMouse 2017-11-01 21:34:09,759 [cuckoo.core.startup] DEBUG: |-- Hupigon 2017-11-01 21:34:09,759 [cuckoo.core.startup] DEBUG: |-- HyperVDetectKeys 2017-11-01 21:34:09,759 [cuckoo.core.startup] DEBUG: |-- IcePoint 2017-11-01 21:34:09,759 [cuckoo.core.startup] DEBUG: |-- im_btb 2017-11-01 21:34:09,759 [cuckoo.core.startup] DEBUG: |-- im_qq 2017-11-01 21:34:09,759 [cuckoo.core.startup] DEBUG: |-- IMStealer 2017-11-01 21:34:09,759 [cuckoo.core.startup] DEBUG: |-- InceptionAPT 2017-11-01 21:34:09,759 [cuckoo.core.startup] DEBUG: |-- Infinity 2017-11-01 21:34:09,759 [cuckoo.core.startup] DEBUG: |-- InjectionRunPE 2017-11-01 21:34:09,760 [cuckoo.core.startup] DEBUG: |-- InjectionThread 2017-11-01 21:34:09,760 [cuckoo.core.startup] DEBUG: |-- InstalledApps 2017-11-01 21:34:09,760 [cuckoo.core.startup] DEBUG: |-- InstallsAppInit 2017-11-01 21:34:09,760 [cuckoo.core.startup] DEBUG: |-- InstallsBHO 2017-11-01 21:34:09,760 [cuckoo.core.startup] DEBUG: |-- InstallsWinpcap 2017-11-01 21:34:09,760 [cuckoo.core.startup] DEBUG: |-- IPKillerMutexes 2017-11-01 21:34:09,760 [cuckoo.core.startup] DEBUG: |-- Ircbrute 2017-11-01 21:34:09,760 [cuckoo.core.startup] DEBUG: |-- ISRstealerURL 2017-11-01 21:34:09,761 [cuckoo.core.startup] DEBUG: |-- iStealerURL 2017-11-01 21:34:09,761 [cuckoo.core.startup] DEBUG: |-- JackPOSFile 2017-11-01 21:34:09,761 [cuckoo.core.startup] DEBUG: |-- JackposURL 2017-11-01 21:34:09,761 [cuckoo.core.startup] DEBUG: |-- JeefoMutexes 2017-11-01 21:34:09,761 [cuckoo.core.startup] DEBUG: |-- Jewdo 2017-11-01 21:34:09,761 [cuckoo.core.startup] DEBUG: |-- JintorMutexes 2017-11-01 21:34:09,761 [cuckoo.core.startup] DEBUG: |-- JorikTrojan 2017-11-01 21:34:09,761 [cuckoo.core.startup] DEBUG: |-- Karagany 2017-11-01 21:34:09,761 [cuckoo.core.startup] DEBUG: |-- Karakum 2017-11-01 21:34:09,762 [cuckoo.core.startup] DEBUG: |-- Katusha 2017-11-01 21:34:09,762 [cuckoo.core.startup] DEBUG: |-- KelihosBot 2017-11-01 21:34:09,762 [cuckoo.core.startup] DEBUG: |-- Keylogger 2017-11-01 21:34:09,762 [cuckoo.core.startup] DEBUG: |-- Kilim 2017-11-01 21:34:09,762 [cuckoo.core.startup] DEBUG: |-- Killdisk 2017-11-01 21:34:09,762 [cuckoo.core.startup] DEBUG: |-- KnownVirustotal 2017-11-01 21:34:09,762 [cuckoo.core.startup] DEBUG: |-- Koobface 2017-11-01 21:34:09,762 [cuckoo.core.startup] DEBUG: |-- Koutodoor 2017-11-01 21:34:09,762 [cuckoo.core.startup] DEBUG: |-- KovterBot 2017-11-01 21:34:09,763 [cuckoo.core.startup] DEBUG: |-- KrepperMutexes 2017-11-01 21:34:09,763 [cuckoo.core.startup] DEBUG: |-- KuluozMutexes 2017-11-01 21:34:09,763 [cuckoo.core.startup] DEBUG: |-- Likseput 2017-11-01 21:34:09,763 [cuckoo.core.startup] DEBUG: |-- LocatesBrowser 2017-11-01 21:34:09,763 [cuckoo.core.startup] DEBUG: |-- LocatesSniffer 2017-11-01 21:34:09,763 [cuckoo.core.startup] DEBUG: |-- Lockscreen 2017-11-01 21:34:09,763 [cuckoo.core.startup] DEBUG: |-- LolBot 2017-11-01 21:34:09,763 [cuckoo.core.startup] DEBUG: |-- Luder 2017-11-01 21:34:09,763 [cuckoo.core.startup] DEBUG: |-- Madness 2017-11-01 21:34:09,763 [cuckoo.core.startup] DEBUG: |-- Madness 2017-11-01 21:34:09,764 [cuckoo.core.startup] DEBUG: |-- MadnessURL 2017-11-01 21:34:09,764 [cuckoo.core.startup] DEBUG: |-- MaganiaMutexes 2017-11-01 21:34:09,764 [cuckoo.core.startup] DEBUG: |-- MailStealer 2017-11-01 21:34:09,764 [cuckoo.core.startup] DEBUG: |-- MaliciousDocumentURLs 2017-11-01 21:34:09,764 [cuckoo.core.startup] DEBUG: |-- MegaUpload 2017-11-01 21:34:09,764 [cuckoo.core.startup] DEBUG: |-- MemoryAvailable 2017-11-01 21:34:09,764 [cuckoo.core.startup] DEBUG: |-- MetasploitShellcode 2017-11-01 21:34:09,764 [cuckoo.core.startup] DEBUG: |-- Minerbot 2017-11-01 21:34:09,764 [cuckoo.core.startup] DEBUG: |-- miningpool 2017-11-01 21:34:09,765 [cuckoo.core.startup] DEBUG: |-- MircFile 2017-11-01 21:34:09,765 [cuckoo.core.startup] DEBUG: |-- ModifiesBootConfig 2017-11-01 21:34:09,765 [cuckoo.core.startup] DEBUG: |-- ModifiesCertificates 2017-11-01 21:34:09,765 [cuckoo.core.startup] DEBUG: |-- ModifiesDesktopWallpaper 2017-11-01 21:34:09,765 [cuckoo.core.startup] DEBUG: |-- ModifiesUACNotify 2017-11-01 21:34:09,765 [cuckoo.core.startup] DEBUG: |-- ModifySecurityCenterWarnings 2017-11-01 21:34:09,765 [cuckoo.core.startup] DEBUG: |-- Multiple_UA 2017-11-01 21:34:09,765 [cuckoo.core.startup] DEBUG: |-- MyBot 2017-11-01 21:34:09,765 [cuckoo.core.startup] DEBUG: |-- Nakbot 2017-11-01 21:34:09,766 [cuckoo.core.startup] DEBUG: |-- Napolar 2017-11-01 21:34:09,766 [cuckoo.core.startup] DEBUG: |-- Nebuler 2017-11-01 21:34:09,766 [cuckoo.core.startup] DEBUG: |-- Netobserve 2017-11-01 21:34:09,766 [cuckoo.core.startup] DEBUG: |-- Netshadow 2017-11-01 21:34:09,766 [cuckoo.core.startup] DEBUG: |-- Netwire 2017-11-01 21:34:09,766 [cuckoo.core.startup] DEBUG: |-- NetworkAdapters 2017-11-01 21:34:09,766 [cuckoo.core.startup] DEBUG: |-- NetworkC2Details 2017-11-01 21:34:09,766 [cuckoo.core.startup] DEBUG: |-- NetworkDocumentFile 2017-11-01 21:34:09,766 [cuckoo.core.startup] DEBUG: |-- NetworkEXE 2017-11-01 21:34:09,767 [cuckoo.core.startup] DEBUG: |-- Nitol 2017-11-01 21:34:09,767 [cuckoo.core.startup] DEBUG: |-- NjRat 2017-11-01 21:34:09,767 [cuckoo.core.startup] DEBUG: |-- ObfusMutexes 2017-11-01 21:34:09,767 [cuckoo.core.startup] DEBUG: |-- OfficeCheckName 2017-11-01 21:34:09,767 [cuckoo.core.startup] DEBUG: |-- OfficeCheckProjectName 2017-11-01 21:34:09,767 [cuckoo.core.startup] DEBUG: |-- OfficeCheckVersion 2017-11-01 21:34:09,767 [cuckoo.core.startup] DEBUG: |-- OfficeCheckWindow 2017-11-01 21:34:09,767 [cuckoo.core.startup] DEBUG: |-- OfficeCountDirectories 2017-11-01 21:34:09,768 [cuckoo.core.startup] DEBUG: |-- OfficeCreateObject 2017-11-01 21:34:09,768 [cuckoo.core.startup] DEBUG: |-- OfficeEpsStrings 2017-11-01 21:34:09,768 [cuckoo.core.startup] DEBUG: |-- OfficeHttpRequest 2017-11-01 21:34:09,768 [cuckoo.core.startup] DEBUG: |-- OfficeIndirectCall 2017-11-01 21:34:09,768 [cuckoo.core.startup] DEBUG: |-- OfficePackager 2017-11-01 21:34:09,768 [cuckoo.core.startup] DEBUG: |-- OfficePlatformDetect 2017-11-01 21:34:09,768 [cuckoo.core.startup] DEBUG: |-- OfficeRecentFiles 2017-11-01 21:34:09,768 [cuckoo.core.startup] DEBUG: |-- OfficeVulnerableGuid 2017-11-01 21:34:09,768 [cuckoo.core.startup] DEBUG: |-- OfficeVulnModules 2017-11-01 21:34:09,768 [cuckoo.core.startup] DEBUG: |-- Oldrea 2017-11-01 21:34:09,769 [cuckoo.core.startup] DEBUG: |-- OverwritesFiles 2017-11-01 21:34:09,769 [cuckoo.core.startup] DEBUG: |-- PackerEntropy 2017-11-01 21:34:09,769 [cuckoo.core.startup] DEBUG: |-- Palevo 2017-11-01 21:34:09,769 [cuckoo.core.startup] DEBUG: |-- ParallelsDetectKeys 2017-11-01 21:34:09,769 [cuckoo.core.startup] DEBUG: |-- Pasta 2017-11-01 21:34:09,769 [cuckoo.core.startup] DEBUG: |-- PcClientMutexes 2017-11-01 21:34:09,769 [cuckoo.core.startup] DEBUG: |-- PEFeatures 2017-11-01 21:34:09,769 [cuckoo.core.startup] DEBUG: |-- PEIDPacker 2017-11-01 21:34:09,769 [cuckoo.core.startup] DEBUG: |-- PerfLogger 2017-11-01 21:34:09,770 [cuckoo.core.startup] DEBUG: |-- PersistanceRegJavaScript 2017-11-01 21:34:09,770 [cuckoo.core.startup] DEBUG: |-- PersistenceBootexecute 2017-11-01 21:34:09,770 [cuckoo.core.startup] DEBUG: |-- Phorpiex 2017-11-01 21:34:09,770 [cuckoo.core.startup] DEBUG: |-- Pidief 2017-11-01 21:34:09,770 [cuckoo.core.startup] DEBUG: |-- Plugx 2017-11-01 21:34:09,770 [cuckoo.core.startup] DEBUG: |-- Poebot 2017-11-01 21:34:09,770 [cuckoo.core.startup] DEBUG: |-- PoisonIvy 2017-11-01 21:34:09,770 [cuckoo.core.startup] DEBUG: |-- Polymorphic 2017-11-01 21:34:09,770 [cuckoo.core.startup] DEBUG: |-- Ponfoy 2017-11-01 21:34:09,771 [cuckoo.core.startup] DEBUG: |-- PonyURL 2017-11-01 21:34:09,771 [cuckoo.core.startup] DEBUG: |-- PosCardStealerURL 2017-11-01 21:34:09,771 [cuckoo.core.startup] DEBUG: |-- Powerfun 2017-11-01 21:34:09,771 [cuckoo.core.startup] DEBUG: |-- PowershellBitsTransfer 2017-11-01 21:34:09,771 [cuckoo.core.startup] DEBUG: |-- PowershellCcDns 2017-11-01 21:34:09,771 [cuckoo.core.startup] DEBUG: |-- PowershellDdiRc4 2017-11-01 21:34:09,771 [cuckoo.core.startup] DEBUG: |-- PowershellDFSP 2017-11-01 21:34:09,771 [cuckoo.core.startup] DEBUG: |-- PowershellDI 2017-11-01 21:34:09,771 [cuckoo.core.startup] DEBUG: |-- PowershellDownload 2017-11-01 21:34:09,772 [cuckoo.core.startup] DEBUG: |-- PowershellEmpire 2017-11-01 21:34:09,772 [cuckoo.core.startup] DEBUG: |-- PowershellMeterpreter 2017-11-01 21:34:09,772 [cuckoo.core.startup] DEBUG: |-- PowershellRegAdd 2017-11-01 21:34:09,772 [cuckoo.core.startup] DEBUG: |-- PowershellRequest 2017-11-01 21:34:09,772 [cuckoo.core.startup] DEBUG: |-- PowershellUnicorn 2017-11-01 21:34:09,772 [cuckoo.core.startup] DEBUG: |-- Powerworm 2017-11-01 21:34:09,772 [cuckoo.core.startup] DEBUG: |-- Prinimalka 2017-11-01 21:34:09,772 [cuckoo.core.startup] DEBUG: |-- ProcessInterest 2017-11-01 21:34:09,772 [cuckoo.core.startup] DEBUG: |-- ProcessMartian 2017-11-01 21:34:09,773 [cuckoo.core.startup] DEBUG: |-- ProcessNeeded 2017-11-01 21:34:09,773 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpIPURLs 2017-11-01 21:34:09,773 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpTORURLs 2017-11-01 21:34:09,773 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpURLs 2017-11-01 21:34:09,773 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpYara 2017-11-01 21:34:09,773 [cuckoo.core.startup] DEBUG: |-- Psyokym 2017-11-01 21:34:09,773 [cuckoo.core.startup] DEBUG: |-- PuceMutexes 2017-11-01 21:34:09,773 [cuckoo.core.startup] DEBUG: |-- PutterpandaMutexes 2017-11-01 21:34:09,773 [cuckoo.core.startup] DEBUG: |-- Putty 2017-11-01 21:34:09,774 [cuckoo.core.startup] DEBUG: |-- PWDumpFile 2017-11-01 21:34:09,774 [cuckoo.core.startup] DEBUG: |-- Pykse 2017-11-01 21:34:09,774 [cuckoo.core.startup] DEBUG: |-- Qakbot 2017-11-01 21:34:09,774 [cuckoo.core.startup] DEBUG: |-- Ragebot 2017-11-01 21:34:09,774 [cuckoo.core.startup] DEBUG: |-- RaisesException 2017-11-01 21:34:09,774 [cuckoo.core.startup] DEBUG: |-- Ramnit 2017-11-01 21:34:09,774 [cuckoo.core.startup] DEBUG: |-- RamsomwareFileMoves 2017-11-01 21:34:09,774 [cuckoo.core.startup] DEBUG: |-- ransomware_viruscoder 2017-11-01 21:34:09,774 [cuckoo.core.startup] DEBUG: |-- RansomwareAppendsExtension 2017-11-01 21:34:09,774 [cuckoo.core.startup] DEBUG: |-- RansomwareBcdedit 2017-11-01 21:34:09,775 [cuckoo.core.startup] DEBUG: |-- RansomwareDroppedFiles 2017-11-01 21:34:09,775 [cuckoo.core.startup] DEBUG: |-- RansomwareExtensions 2017-11-01 21:34:09,775 [cuckoo.core.startup] DEBUG: |-- RansomwareFiles 2017-11-01 21:34:09,775 [cuckoo.core.startup] DEBUG: |-- RansomwareMessage 2017-11-01 21:34:09,775 [cuckoo.core.startup] DEBUG: |-- RansomwareRecyclebin 2017-11-01 21:34:09,775 [cuckoo.core.startup] DEBUG: |-- RansomwareShadowcopy 2017-11-01 21:34:09,775 [cuckoo.core.startup] DEBUG: |-- RapidShare 2017-11-01 21:34:09,775 [cuckoo.core.startup] DEBUG: |-- rat_fexel_ip 2017-11-01 21:34:09,775 [cuckoo.core.startup] DEBUG: |-- rat_naid_ip 2017-11-01 21:34:09,776 [cuckoo.core.startup] DEBUG: |-- RatSiggen 2017-11-01 21:34:09,776 [cuckoo.core.startup] DEBUG: |-- RBot 2017-11-01 21:34:09,776 [cuckoo.core.startup] DEBUG: |-- RdpMutexes 2017-11-01 21:34:09,776 [cuckoo.core.startup] DEBUG: |-- Recon_Beacon 2017-11-01 21:34:09,776 [cuckoo.core.startup] DEBUG: |-- RemovesZoneIdADS 2017-11-01 21:34:09,776 [cuckoo.core.startup] DEBUG: |-- Renocide 2017-11-01 21:34:09,776 [cuckoo.core.startup] DEBUG: |-- RenosTrojan 2017-11-01 21:34:09,776 [cuckoo.core.startup] DEBUG: |-- Rovnix 2017-11-01 21:34:09,776 [cuckoo.core.startup] DEBUG: |-- Runbu 2017-11-01 21:34:09,777 [cuckoo.core.startup] DEBUG: |-- RunouceMutexes 2017-11-01 21:34:09,777 [cuckoo.core.startup] DEBUG: |-- Ruskill 2017-11-01 21:34:09,777 [cuckoo.core.startup] DEBUG: |-- Sadbot 2017-11-01 21:34:09,777 [cuckoo.core.startup] DEBUG: |-- SandboxieDetect 2017-11-01 21:34:09,777 [cuckoo.core.startup] DEBUG: |-- SandboxJoeAnubisDetectFiles 2017-11-01 21:34:09,777 [cuckoo.core.startup] DEBUG: |-- SDBot 2017-11-01 21:34:09,777 [cuckoo.core.startup] DEBUG: |-- SelfDeleteBat 2017-11-01 21:34:09,777 [cuckoo.core.startup] DEBUG: |-- Senna 2017-11-01 21:34:09,777 [cuckoo.core.startup] DEBUG: |-- Shadowbot 2017-11-01 21:34:09,777 [cuckoo.core.startup] DEBUG: |-- SharingRGhost 2017-11-01 21:34:09,778 [cuckoo.core.startup] DEBUG: |-- SharpStealerURL 2017-11-01 21:34:09,778 [cuckoo.core.startup] DEBUG: |-- ShellcodeWriteProcessMemory 2017-11-01 21:34:09,778 [cuckoo.core.startup] DEBUG: |-- Shiz 2017-11-01 21:34:09,778 [cuckoo.core.startup] DEBUG: |-- Shylock 2017-11-01 21:34:09,778 [cuckoo.core.startup] DEBUG: |-- SipStun 2017-11-01 21:34:09,778 [cuckoo.core.startup] DEBUG: |-- Smtp_GMail 2017-11-01 21:34:09,778 [cuckoo.core.startup] DEBUG: |-- Smtp_Live 2017-11-01 21:34:09,778 [cuckoo.core.startup] DEBUG: |-- Smtp_Mail_Ru 2017-11-01 21:34:09,778 [cuckoo.core.startup] DEBUG: |-- Smtp_Yahoo 2017-11-01 21:34:09,779 [cuckoo.core.startup] DEBUG: |-- SolarURL 2017-11-01 21:34:09,779 [cuckoo.core.startup] DEBUG: |-- SpyEyeMutexes 2017-11-01 21:34:09,779 [cuckoo.core.startup] DEBUG: |-- SpyeyeURL 2017-11-01 21:34:09,779 [cuckoo.core.startup] DEBUG: |-- SpynetRat 2017-11-01 21:34:09,779 [cuckoo.core.startup] DEBUG: |-- Spyrecorder 2017-11-01 21:34:09,779 [cuckoo.core.startup] DEBUG: |-- StackPivot 2017-11-01 21:34:09,779 [cuckoo.core.startup] DEBUG: |-- StackPivotDllLoad 2017-11-01 21:34:09,779 [cuckoo.core.startup] DEBUG: |-- Staser 2017-11-01 21:34:09,779 [cuckoo.core.startup] DEBUG: |-- StealthChildProc 2017-11-01 21:34:09,780 [cuckoo.core.startup] DEBUG: |-- StealthHiddenExtension 2017-11-01 21:34:09,780 [cuckoo.core.startup] DEBUG: |-- StealthHiddenFile 2017-11-01 21:34:09,780 [cuckoo.core.startup] DEBUG: |-- StealthHiddenIcons 2017-11-01 21:34:09,780 [cuckoo.core.startup] DEBUG: |-- StopsService 2017-11-01 21:34:09,780 [cuckoo.core.startup] DEBUG: |-- SunbeltDetectFiles 2017-11-01 21:34:09,780 [cuckoo.core.startup] DEBUG: |-- SunBeltSandboxDetect 2017-11-01 21:34:09,780 [cuckoo.core.startup] DEBUG: |-- SuspiciousCommandTools 2017-11-01 21:34:09,780 [cuckoo.core.startup] DEBUG: |-- SuspiciousPowershell 2017-11-01 21:34:09,780 [cuckoo.core.startup] DEBUG: |-- SuspiciousWriteEXE 2017-11-01 21:34:09,780 [cuckoo.core.startup] DEBUG: |-- SweetorangeMutexes 2017-11-01 21:34:09,781 [cuckoo.core.startup] DEBUG: |-- Swrort 2017-11-01 21:34:09,781 [cuckoo.core.startup] DEBUG: |-- SystemInfo 2017-11-01 21:34:09,781 [cuckoo.core.startup] DEBUG: |-- SystemMetrics 2017-11-01 21:34:09,781 [cuckoo.core.startup] DEBUG: |-- TapiDpMutexes 2017-11-01 21:34:09,781 [cuckoo.core.startup] DEBUG: |-- TDSSBackdoor 2017-11-01 21:34:09,781 [cuckoo.core.startup] DEBUG: |-- TeamviewerRat 2017-11-01 21:34:09,781 [cuckoo.core.startup] DEBUG: |-- ThreatTrackDetectFiles 2017-11-01 21:34:09,781 [cuckoo.core.startup] DEBUG: |-- TinbaMutexes 2017-11-01 21:34:09,782 [cuckoo.core.startup] DEBUG: |-- TnegaMutexes 2017-11-01 21:34:09,782 [cuckoo.core.startup] DEBUG: |-- Tor 2017-11-01 21:34:09,782 [cuckoo.core.startup] DEBUG: |-- TorHiddenService 2017-11-01 21:34:09,782 [cuckoo.core.startup] DEBUG: |-- Travnet 2017-11-01 21:34:09,782 [cuckoo.core.startup] DEBUG: |-- Trogbot 2017-11-01 21:34:09,782 [cuckoo.core.startup] DEBUG: |-- TrojanJorik 2017-11-01 21:34:09,783 [cuckoo.core.startup] DEBUG: |-- TrojanLethic 2017-11-01 21:34:09,783 [cuckoo.core.startup] DEBUG: |-- TrojanLethic 2017-11-01 21:34:09,783 [cuckoo.core.startup] DEBUG: |-- trojanmrblack 2017-11-01 21:34:09,783 [cuckoo.core.startup] DEBUG: |-- TrojanRedosru 2017-11-01 21:34:09,783 [cuckoo.core.startup] DEBUG: |-- TrojanSysn 2017-11-01 21:34:09,783 [cuckoo.core.startup] DEBUG: |-- trojanyoddos 2017-11-01 21:34:09,783 [cuckoo.core.startup] DEBUG: |-- TufikMutexes 2017-11-01 21:34:09,784 [cuckoo.core.startup] DEBUG: |-- Turkojan 2017-11-01 21:34:09,784 [cuckoo.core.startup] DEBUG: |-- TurlaCarbon 2017-11-01 21:34:09,784 [cuckoo.core.startup] DEBUG: |-- UFRStealer 2017-11-01 21:34:09,784 [cuckoo.core.startup] DEBUG: |-- Unhook 2017-11-01 21:34:09,784 [cuckoo.core.startup] DEBUG: |-- Upatre 2017-11-01 21:34:09,784 [cuckoo.core.startup] DEBUG: |-- UpatreTDMutexes 2017-11-01 21:34:09,784 [cuckoo.core.startup] DEBUG: |-- UPXCompressed 2017-11-01 21:34:09,785 [cuckoo.core.startup] DEBUG: |-- UrkShortCN 2017-11-01 21:34:09,785 [cuckoo.core.startup] DEBUG: |-- URLSpy 2017-11-01 21:34:09,785 [cuckoo.core.startup] DEBUG: |-- UroburosFile 2017-11-01 21:34:09,785 [cuckoo.core.startup] DEBUG: |-- UroburosMutexes 2017-11-01 21:34:09,785 [cuckoo.core.startup] DEBUG: |-- Urxbot 2017-11-01 21:34:09,785 [cuckoo.core.startup] DEBUG: |-- UsesWindowsUtilities 2017-11-01 21:34:09,786 [cuckoo.core.startup] DEBUG: |-- Vanbot 2017-11-01 21:34:09,786 [cuckoo.core.startup] DEBUG: |-- VBInject 2017-11-01 21:34:09,786 [cuckoo.core.startup] DEBUG: |-- VBoxDetectACPI 2017-11-01 21:34:09,786 [cuckoo.core.startup] DEBUG: |-- VBoxDetectDevices 2017-11-01 21:34:09,786 [cuckoo.core.startup] DEBUG: |-- VBoxDetectFiles 2017-11-01 21:34:09,786 [cuckoo.core.startup] DEBUG: |-- VBoxDetectKeys 2017-11-01 21:34:09,787 [cuckoo.core.startup] DEBUG: |-- VBoxDetectProvname 2017-11-01 21:34:09,787 [cuckoo.core.startup] DEBUG: |-- VBoxDetectWindow 2017-11-01 21:34:09,787 [cuckoo.core.startup] DEBUG: |-- Vertex 2017-11-01 21:34:09,787 [cuckoo.core.startup] DEBUG: |-- VertexSolarURL 2017-11-01 21:34:09,787 [cuckoo.core.startup] DEBUG: |-- VirtualPCDetect 2017-11-01 21:34:09,787 [cuckoo.core.startup] DEBUG: |-- VirtualPCIllegalInstruction 2017-11-01 21:34:09,787 [cuckoo.core.startup] DEBUG: |-- Virut 2017-11-01 21:34:09,787 [cuckoo.core.startup] DEBUG: |-- VMFirmware 2017-11-01 21:34:09,787 [cuckoo.core.startup] DEBUG: |-- VMPPacked 2017-11-01 21:34:09,788 [cuckoo.core.startup] DEBUG: |-- VMWareDetectFiles 2017-11-01 21:34:09,788 [cuckoo.core.startup] DEBUG: |-- VMWareDetectKeys 2017-11-01 21:34:09,788 [cuckoo.core.startup] DEBUG: |-- VMWareInInstruction 2017-11-01 21:34:09,788 [cuckoo.core.startup] DEBUG: |-- VncMutexes 2017-11-01 21:34:09,788 [cuckoo.core.startup] DEBUG: |-- VNLoaderURL 2017-11-01 21:34:09,788 [cuckoo.core.startup] DEBUG: |-- VolDevicetree1 2017-11-01 21:34:09,788 [cuckoo.core.startup] DEBUG: |-- VolHandles1 2017-11-01 21:34:09,788 [cuckoo.core.startup] DEBUG: |-- VolLdrModules1 2017-11-01 21:34:09,789 [cuckoo.core.startup] DEBUG: |-- VolLdrModules2 2017-11-01 21:34:09,789 [cuckoo.core.startup] DEBUG: |-- VolMalfind1 2017-11-01 21:34:09,789 [cuckoo.core.startup] DEBUG: |-- VolModscan1 2017-11-01 21:34:09,789 [cuckoo.core.startup] DEBUG: |-- VolSvcscan1 2017-11-01 21:34:09,789 [cuckoo.core.startup] DEBUG: |-- VolSvcscan2 2017-11-01 21:34:09,789 [cuckoo.core.startup] DEBUG: |-- VolSvcscan3 2017-11-01 21:34:09,790 [cuckoo.core.startup] DEBUG: |-- VPCDetectKeys 2017-11-01 21:34:09,790 [cuckoo.core.startup] DEBUG: |-- Wakbot 2017-11-01 21:34:09,790 [cuckoo.core.startup] DEBUG: |-- WarbotURL 2017-11-01 21:34:09,790 [cuckoo.core.startup] DEBUG: |-- Whimoo 2017-11-01 21:34:09,790 [cuckoo.core.startup] DEBUG: |-- Win32ProcessCreate 2017-11-01 21:34:09,791 [cuckoo.core.startup] DEBUG: |-- WineDetect 2017-11-01 21:34:09,791 [cuckoo.core.startup] DEBUG: |-- WinSCP 2017-11-01 21:34:09,791 [cuckoo.core.startup] DEBUG: |-- WinSxsBot 2017-11-01 21:34:09,791 [cuckoo.core.startup] DEBUG: |-- WMIAntiVM 2017-11-01 21:34:09,791 [cuckoo.core.startup] DEBUG: |-- WormAllaple 2017-11-01 21:34:09,791 [cuckoo.core.startup] DEBUG: |-- WormKolabc 2017-11-01 21:34:09,791 [cuckoo.core.startup] DEBUG: |-- XenDetectKeys 2017-11-01 21:34:09,791 [cuckoo.core.startup] DEBUG: |-- XtremeRAT 2017-11-01 21:34:09,791 [cuckoo.core.startup] DEBUG: |-- Xworm 2017-11-01 21:34:09,792 [cuckoo.core.startup] DEBUG: |-- Zegost 2017-11-01 21:34:09,792 [cuckoo.core.startup] DEBUG: |-- ZeusMutexes 2017-11-01 21:34:09,792 [cuckoo.core.startup] DEBUG: |-- ZeusP2P 2017-11-01 21:34:09,792 [cuckoo.core.startup] DEBUG: |-- ZeusURL 2017-11-01 21:34:09,792 [cuckoo.core.startup] DEBUG:-- ZoneID 2017-11-01 21:34:09,792 [cuckoo.core.startup] DEBUG: Imported "reporting" modules: 2017-11-01 21:34:09,792 [cuckoo.core.startup] DEBUG: |-- ElasticSearch 2017-11-01 21:34:09,792 [cuckoo.core.startup] DEBUG: |-- Feedback 2017-11-01 21:34:09,792 [cuckoo.core.startup] DEBUG: |-- JsonDump 2017-11-01 21:34:09,793 [cuckoo.core.startup] DEBUG: |-- Mattermost 2017-11-01 21:34:09,793 [cuckoo.core.startup] DEBUG: |-- MISP 2017-11-01 21:34:09,793 [cuckoo.core.startup] DEBUG: |-- Moloch 2017-11-01 21:34:09,793 [cuckoo.core.startup] DEBUG: |-- MongoDB 2017-11-01 21:34:09,793 [cuckoo.core.startup] DEBUG: |-- Notification 2017-11-01 21:34:09,793 [cuckoo.core.startup] DEBUG: `-- SingleFile 2017-11-01 21:34:09,799 [cuckoo.core.startup] DEBUG: Checking for locked tasks.. 2017-11-01 21:34:09,895 [cuckoo.core.startup] DEBUG: Checking for pending service tasks.. 2017-11-01 21:34:09,905 [cuckoo.core.startup] DEBUG: Initializing Yara... 2017-11-01 21:34:09,907 [cuckoo.core.startup] DEBUG: |-- binaries embedded.yar 2017-11-01 21:34:09,908 [cuckoo.core.startup] DEBUG: |-- binaries shellcodes.yar 2017-11-01 21:34:09,908 [cuckoo.core.startup] DEBUG: |-- binaries vmdetect.yar 2017-11-01 21:34:09,911 [cuckoo.core.startup] DEBUG: |-- scripts applocker_bypass.yar 2017-11-01 21:34:09,912 [cuckoo.core.startup] DEBUG: |-- scripts powerfun.yar 2017-11-01 21:34:09,912 [cuckoo.core.startup] DEBUG: |-- scripts powershell_AMSI.yar 2017-11-01 21:34:09,912 [cuckoo.core.startup] DEBUG: |-- scripts powershell_BITS_transfer.yar 2017-11-01 21:34:09,912 [cuckoo.core.startup] DEBUG: |-- scripts powershell_ddi_rc4.yar 2017-11-01 21:34:09,912 [cuckoo.core.startup] DEBUG: |-- scripts powershell_dfsp.yar 2017-11-01 21:34:09,912 [cuckoo.core.startup] DEBUG: |-- scripts powershell_di.yar 2017-11-01 21:34:09,912 [cuckoo.core.startup] DEBUG: |-- scripts powershell_empire.yar 2017-11-01 21:34:09,912 [cuckoo.core.startup] DEBUG: |-- scripts powershell_meterpreter.yar 2017-11-01 21:34:09,913 [cuckoo.core.startup] DEBUG: |-- scripts powershell_txt_c2.yar 2017-11-01 21:34:09,913 [cuckoo.core.startup] DEBUG: |-- scripts powershell_unicorn.yar 2017-11-01 21:34:09,913 [cuckoo.core.startup] DEBUG: |-- scripts powerworm.yar 2017-11-01 21:34:09,913 [cuckoo.core.startup] DEBUG: |-- shellcode metasploit.yar 2017-11-01 21:34:09,914 [cuckoo.core.resultserver] DEBUG: ResultServer running on 192.168.56.1:2042. 2017-11-01 21:34:09,915 [cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2017-11-01 21:34:10,169 [cuckoo] CRITICAL: CuckooConfigurationError: Option Cuckoo is not found in configuration