It appears that this Virtual Machine hasn't been configured properly as the Cuckoo Host wasn't able to the connect to the Guest or the other way around (i.e., Guest wasn't able to contact the Cuckoo Host). There could be a few reasons for this:

[divyakamalmaddi]

Thanks for creating an issue! But first: did you read our community guidelines? https://cuckoo.sh/docs/introduction/community.html

My issue is: VM is restarting automatically when I run the cuckoo deamon, may be this is causing error in communication between host and VM. Ping is working bi-directionally. IP and config files are verified.

My Cuckoo version and operating system are: Cuckoo 2.0.6 and ubuntu 16.0.4, VM - Windows 7 Home, Oracle Virtualbox: 5.2.8,

As the machine is not starting, I manually restarted after some 30 cuckoo seconds, and I get the below error.

Does it restart the VM when I run the cuckoo? Is it expected behaviour? How to fix this?

This can be reproduced by:

The log, error, files etc can be found at:

divya@divya-buntu:~$ cuckoo -d

        _       _                   _             _              _            _
      /\ \     /\_\               /\ \           /\_\           /\ \         /\ \
     /  \ \   / / /         _    /  \ \         / / /  _       /  \ \       /  \ \
    / /\ \ \  \ \ \__      /\_\ / /\ \ \       / / /  /\_\    / /\ \ \     / /\ \ \
   / / /\ \ \  \ \___\    / / // / /\ \ \     / / /__/ / /   / / /\ \ \   / / /\ \ \
  / / /  \ \_\  \__  /   / / // / /  \ \_\   / /\_____/ /   / / /  \ \_\ / / /  \ \_\
 / / /    \/_/  / / /   / / // / /    \/_/  / /\_______/   / / /   / / // / /   / / /
/ / /          / / /   / / // / /          / / /\ \ \     / / /   / / // / /   / / /

/ / /____ / / // / // / /____ / / / \ \ \ / / // / // / /_/ / / / / /___\/ / /\/ // / /\/ / / \ \ \ / / /\/ // / /\/ / \/____/\// \/____/\// __\/____/ \/_____/

Cuckoo Sandbox 2.0.6 www.cuckoosandbox.org Copyright (c) 2010-2018

Checking for updates... You're good to go!

Our latest blogposts:

• Cuckoo Sandbox 2.0.6, June 07, 2018. Interim release awaiting the big release. More at https://cuckoosandbox.org/blog/206-interim-release

• Cuckoo Sandbox 2.0.5: Office DDE, December 03, 2017. Brand new release based on a DDE case study. More at https://cuckoosandbox.org/blog/205-office-dde

• Cuckoo Sandbox 2.0.4, September 06, 2017. Introducing Malware Configuration Extraction. More at https://cuckoosandbox.org/blog/cuckoo-sandbox-204

2018-09-28 13:14:04,158 [cuckoo.core.startup] DEBUG: Imported modules... 2018-09-28 13:14:04,224 [cuckoo.core.startup] DEBUG: Imported "auxiliary" modules: 2018-09-28 13:14:04,224 [cuckoo.core.startup] DEBUG: |-- MITM 2018-09-28 13:14:04,224 [cuckoo.core.startup] DEBUG: |-- Reboot 2018-09-28 13:14:04,224 [cuckoo.core.startup] DEBUG: |-- Services 2018-09-28 13:14:04,224 [cuckoo.core.startup] DEBUG: -- Sniffer 2018-09-28 13:14:04,224 [cuckoo.core.startup] DEBUG: Imported "machinery" modules: 2018-09-28 13:14:04,225 [cuckoo.core.startup] DEBUG: |-- vSphere 2018-09-28 13:14:04,225 [cuckoo.core.startup] DEBUG: |-- KVM 2018-09-28 13:14:04,225 [cuckoo.core.startup] DEBUG: |-- ESX 2018-09-28 13:14:04,225 [cuckoo.core.startup] DEBUG: |-- XenServer 2018-09-28 13:14:04,225 [cuckoo.core.startup] DEBUG: |-- VMware 2018-09-28 13:14:04,225 [cuckoo.core.startup] DEBUG: |-- Avd 2018-09-28 13:14:04,225 [cuckoo.core.startup] DEBUG: |-- QEMU 2018-09-28 13:14:04,225 [cuckoo.core.startup] DEBUG: |-- VirtualBox 2018-09-28 13:14:04,225 [cuckoo.core.startup] DEBUG:-- Physical 2018-09-28 13:14:04,225 [cuckoo.core.startup] DEBUG: Imported "processing" modules: 2018-09-28 13:14:04,225 [cuckoo.core.startup] DEBUG: |-- AnalysisInfo 2018-09-28 13:14:04,225 [cuckoo.core.startup] DEBUG: |-- ApkInfo 2018-09-28 13:14:04,225 [cuckoo.core.startup] DEBUG: |-- Baseline 2018-09-28 13:14:04,226 [cuckoo.core.startup] DEBUG: |-- BehaviorAnalysis 2018-09-28 13:14:04,226 [cuckoo.core.startup] DEBUG: |-- Debug 2018-09-28 13:14:04,226 [cuckoo.core.startup] DEBUG: |-- Droidmon 2018-09-28 13:14:04,226 [cuckoo.core.startup] DEBUG: |-- Dropped 2018-09-28 13:14:04,226 [cuckoo.core.startup] DEBUG: |-- DroppedBuffer 2018-09-28 13:14:04,226 [cuckoo.core.startup] DEBUG: |-- Extracted 2018-09-28 13:14:04,226 [cuckoo.core.startup] DEBUG: |-- GooglePlay 2018-09-28 13:14:04,226 [cuckoo.core.startup] DEBUG: |-- Irma 2018-09-28 13:14:04,226 [cuckoo.core.startup] DEBUG: |-- Memory 2018-09-28 13:14:04,226 [cuckoo.core.startup] DEBUG: |-- MetaInfo 2018-09-28 13:14:04,226 [cuckoo.core.startup] DEBUG: |-- MISP 2018-09-28 13:14:04,227 [cuckoo.core.startup] DEBUG: |-- NetworkAnalysis 2018-09-28 13:14:04,227 [cuckoo.core.startup] DEBUG: |-- ProcessMemory 2018-09-28 13:14:04,227 [cuckoo.core.startup] DEBUG: |-- Procmon 2018-09-28 13:14:04,227 [cuckoo.core.startup] DEBUG: |-- Screenshots 2018-09-28 13:14:04,227 [cuckoo.core.startup] DEBUG: |-- Snort 2018-09-28 13:14:04,227 [cuckoo.core.startup] DEBUG: |-- Static 2018-09-28 13:14:04,227 [cuckoo.core.startup] DEBUG: |-- Strings 2018-09-28 13:14:04,227 [cuckoo.core.startup] DEBUG: |-- Suricata 2018-09-28 13:14:04,227 [cuckoo.core.startup] DEBUG: |-- TargetInfo 2018-09-28 13:14:04,227 [cuckoo.core.startup] DEBUG: |-- TLSMasterSecrets 2018-09-28 13:14:04,227 [cuckoo.core.startup] DEBUG: -- VirusTotal 2018-09-28 13:14:04,227 [cuckoo.core.startup] DEBUG: Imported "signatures" modules: 2018-09-28 13:14:04,227 [cuckoo.core.startup] DEBUG: |-- AndroidAbortBroadcast 2018-09-28 13:14:04,227 [cuckoo.core.startup] DEBUG: |-- AndroidAccountInfo 2018-09-28 13:14:04,228 [cuckoo.core.startup] DEBUG: |-- AndroidAppInfo 2018-09-28 13:14:04,228 [cuckoo.core.startup] DEBUG: |-- AndroidAudio 2018-09-28 13:14:04,228 [cuckoo.core.startup] DEBUG: |-- AndroidCamera 2018-09-28 13:14:04,228 [cuckoo.core.startup] DEBUG: |-- AndroidDangerousPermissions 2018-09-28 13:14:04,228 [cuckoo.core.startup] DEBUG: |-- AndroidDeletedApp 2018-09-28 13:14:04,228 [cuckoo.core.startup] DEBUG: |-- AndroidDynamicCode 2018-09-28 13:14:04,228 [cuckoo.core.startup] DEBUG: |-- AndroidEmbeddedApk 2018-09-28 13:14:04,228 [cuckoo.core.startup] DEBUG: |-- AndroidGooglePlayDiff 2018-09-28 13:14:04,228 [cuckoo.core.startup] DEBUG: |-- AndroidInstalledApps 2018-09-28 13:14:04,228 [cuckoo.core.startup] DEBUG: |-- AndroidNativeCode 2018-09-28 13:14:04,228 [cuckoo.core.startup] DEBUG: |-- AndroidPhoneNumber 2018-09-28 13:14:04,228 [cuckoo.core.startup] DEBUG: |-- AndroidPrivateInfoQuery 2018-09-28 13:14:04,228 [cuckoo.core.startup] DEBUG: |-- AndroidReflectionCode 2018-09-28 13:14:04,229 [cuckoo.core.startup] DEBUG: |-- AndroidRegisteredReceiver 2018-09-28 13:14:04,229 [cuckoo.core.startup] DEBUG: |-- AndroidShellCommands 2018-09-28 13:14:04,229 [cuckoo.core.startup] DEBUG: |-- AndroidSMS 2018-09-28 13:14:04,229 [cuckoo.core.startup] DEBUG: |-- AndroidStopProcess 2018-09-28 13:14:04,229 [cuckoo.core.startup] DEBUG: |-- ApplicationUsesLocation 2018-09-28 13:14:04,229 [cuckoo.core.startup] DEBUG: |-- KnownVirustotal 2018-09-28 13:14:04,229 [cuckoo.core.startup] DEBUG: |-- AntiAnalysisJavascript 2018-09-28 13:14:04,229 [cuckoo.core.startup] DEBUG: |-- DumpedBuffer 2018-09-28 13:14:04,229 [cuckoo.core.startup] DEBUG: |-- DumpedBuffer2 2018-09-28 13:14:04,229 [cuckoo.core.startup] DEBUG: |-- EncryptionKeys 2018-09-28 13:14:04,229 [cuckoo.core.startup] DEBUG: |-- EvalJS 2018-09-28 13:14:04,229 [cuckoo.core.startup] DEBUG: |-- HtmlFlash 2018-09-28 13:14:04,229 [cuckoo.core.startup] DEBUG: |-- JsIframe 2018-09-28 13:14:04,230 [cuckoo.core.startup] DEBUG: |-- PDFAttachments 2018-09-28 13:14:04,230 [cuckoo.core.startup] DEBUG: |-- PDFJavaScript 2018-09-28 13:14:04,230 [cuckoo.core.startup] DEBUG: |-- PDFOpenAction 2018-09-28 13:14:04,230 [cuckoo.core.startup] DEBUG: |-- PDFOpenActionJS 2018-09-28 13:14:04,230 [cuckoo.core.startup] DEBUG: |-- SuspiciousJavascript 2018-09-28 13:14:04,230 [cuckoo.core.startup] DEBUG: |-- DarwinCodeInjection 2018-09-28 13:14:04,230 [cuckoo.core.startup] DEBUG: |-- TaskForPid 2018-09-28 13:14:04,230 [cuckoo.core.startup] DEBUG: |-- DeadHost 2018-09-28 13:14:04,230 [cuckoo.core.startup] DEBUG: |-- NetworkBIND 2018-09-28 13:14:04,230 [cuckoo.core.startup] DEBUG: |-- NetworkCnCHTTP 2018-09-28 13:14:04,230 [cuckoo.core.startup] DEBUG: |-- NetworkDNSTXTLookup 2018-09-28 13:14:04,230 [cuckoo.core.startup] DEBUG: |-- NetworkDynDNS 2018-09-28 13:14:04,230 [cuckoo.core.startup] DEBUG: |-- NetworkHTTP 2018-09-28 13:14:04,230 [cuckoo.core.startup] DEBUG: |-- NetworkHTTPPOST 2018-09-28 13:14:04,231 [cuckoo.core.startup] DEBUG: |-- NetworkICMP 2018-09-28 13:14:04,231 [cuckoo.core.startup] DEBUG: |-- NetworkIRC 2018-09-28 13:14:04,231 [cuckoo.core.startup] DEBUG: |-- NetworkSMTP 2018-09-28 13:14:04,231 [cuckoo.core.startup] DEBUG: |-- NoLookupCommunication 2018-09-28 13:14:04,231 [cuckoo.core.startup] DEBUG: |-- P2PCnC 2018-09-28 13:14:04,231 [cuckoo.core.startup] DEBUG: |-- SnortAlert 2018-09-28 13:14:04,231 [cuckoo.core.startup] DEBUG: |-- SuricataAlert 2018-09-28 13:14:04,231 [cuckoo.core.startup] DEBUG: |-- Suspicious_TLD 2018-09-28 13:14:04,231 [cuckoo.core.startup] DEBUG: |-- TorGateway 2018-09-28 13:14:04,231 [cuckoo.core.startup] DEBUG: |-- WscriptDownloader 2018-09-28 13:14:04,231 [cuckoo.core.startup] DEBUG: |-- AddsUser 2018-09-28 13:14:04,231 [cuckoo.core.startup] DEBUG: |-- AddsUserAdmin 2018-09-28 13:14:04,231 [cuckoo.core.startup] DEBUG: |-- ADS 2018-09-28 13:14:04,231 [cuckoo.core.startup] DEBUG: |-- Adzok 2018-09-28 13:14:04,232 [cuckoo.core.startup] DEBUG: |-- AlinaFile 2018-09-28 13:14:04,232 [cuckoo.core.startup] DEBUG: |-- AlineURL 2018-09-28 13:14:04,232 [cuckoo.core.startup] DEBUG: |-- AllocatesExecuteRemoteProccess 2018-09-28 13:14:04,232 [cuckoo.core.startup] DEBUG: |-- AllocatesRWX 2018-09-28 13:14:04,232 [cuckoo.core.startup] DEBUG: |-- AmsiBypass 2018-09-28 13:14:04,232 [cuckoo.core.startup] DEBUG: |-- Andromeda 2018-09-28 13:14:04,232 [cuckoo.core.startup] DEBUG: |-- AntiAnalysisDetectFile 2018-09-28 13:14:04,232 [cuckoo.core.startup] DEBUG: |-- AntiAVDetectFile 2018-09-28 13:14:04,232 [cuckoo.core.startup] DEBUG: |-- AntiAVDetectReg 2018-09-28 13:14:04,232 [cuckoo.core.startup] DEBUG: |-- AntiAVServiceStop 2018-09-28 13:14:04,232 [cuckoo.core.startup] DEBUG: |-- AntiAVSRP 2018-09-28 13:14:04,232 [cuckoo.core.startup] DEBUG: |-- AntiDBGDevices 2018-09-28 13:14:04,232 [cuckoo.core.startup] DEBUG: |-- AntiDBGWindows 2018-09-28 13:14:04,233 [cuckoo.core.startup] DEBUG: |-- AntisandboxClipboard 2018-09-28 13:14:04,233 [cuckoo.core.startup] DEBUG: |-- AntiSandboxFile 2018-09-28 13:14:04,233 [cuckoo.core.startup] DEBUG: |-- AntiSandboxForegroundWindow 2018-09-28 13:14:04,233 [cuckoo.core.startup] DEBUG: |-- AntiSandboxIdleTime 2018-09-28 13:14:04,233 [cuckoo.core.startup] DEBUG: |-- AntiSandboxRestart 2018-09-28 13:14:04,233 [cuckoo.core.startup] DEBUG: |-- AntiSandboxSleep 2018-09-28 13:14:04,233 [cuckoo.core.startup] DEBUG: |-- AntiVirusIRMA 2018-09-28 13:14:04,233 [cuckoo.core.startup] DEBUG: |-- AntiVMBios 2018-09-28 13:14:04,233 [cuckoo.core.startup] DEBUG: |-- AntiVMComputernameQuery 2018-09-28 13:14:04,233 [cuckoo.core.startup] DEBUG: |-- AntiVMCPU 2018-09-28 13:14:04,233 [cuckoo.core.startup] DEBUG: |-- AntiVMDiskSize 2018-09-28 13:14:04,233 [cuckoo.core.startup] DEBUG: |-- AntiVMIDE 2018-09-28 13:14:04,233 [cuckoo.core.startup] DEBUG: |-- AntiVMSCSI 2018-09-28 13:14:04,233 [cuckoo.core.startup] DEBUG: |-- AntiVMServices 2018-09-28 13:14:04,234 [cuckoo.core.startup] DEBUG: |-- AntiVMSharedDevice 2018-09-28 13:14:04,234 [cuckoo.core.startup] DEBUG: |-- ApplicationExceptionCrash 2018-09-28 13:14:04,234 [cuckoo.core.startup] DEBUG: |-- AppLockerBypass 2018-09-28 13:14:04,234 [cuckoo.core.startup] DEBUG: |-- APT_Carbunak 2018-09-28 13:14:04,234 [cuckoo.core.startup] DEBUG: |-- APT_CloudAtlas 2018-09-28 13:14:04,234 [cuckoo.core.startup] DEBUG: |-- apt_sandworm_ip 2018-09-28 13:14:04,234 [cuckoo.core.startup] DEBUG: |-- apt_sandworm_url 2018-09-28 13:14:04,234 [cuckoo.core.startup] DEBUG: |-- ArdamaxMutexes 2018-09-28 13:14:04,234 [cuckoo.core.startup] DEBUG: |-- AthenaHttp 2018-09-28 13:14:04,234 [cuckoo.core.startup] DEBUG: |-- AthenaURL 2018-09-28 13:14:04,234 [cuckoo.core.startup] DEBUG: |-- Autorun 2018-09-28 13:14:04,234 [cuckoo.core.startup] DEBUG: |-- AvastDetectLibs 2018-09-28 13:14:04,234 [cuckoo.core.startup] DEBUG: |-- AVDetectionChinaKey 2018-09-28 13:14:04,235 [cuckoo.core.startup] DEBUG: |-- BadCerts 2018-09-28 13:14:04,235 [cuckoo.core.startup] DEBUG: |-- Bagle 2018-09-28 13:14:04,235 [cuckoo.core.startup] DEBUG: |-- Bandook 2018-09-28 13:14:04,235 [cuckoo.core.startup] DEBUG: |-- banker_bancos 2018-09-28 13:14:04,235 [cuckoo.core.startup] DEBUG: |-- BankingMutexes 2018-09-28 13:14:04,235 [cuckoo.core.startup] DEBUG: |-- Banload 2018-09-28 13:14:04,235 [cuckoo.core.startup] DEBUG: |-- Beastdoor 2018-09-28 13:14:04,235 [cuckoo.core.startup] DEBUG: |-- BeebusMutexes 2018-09-28 13:14:04,235 [cuckoo.core.startup] DEBUG: |-- BegseabugTDMutexes 2018-09-28 13:14:04,235 [cuckoo.core.startup] DEBUG: |-- BetabotURL 2018-09-28 13:14:04,235 [cuckoo.core.startup] DEBUG: |-- Bifrose 2018-09-28 13:14:04,235 [cuckoo.core.startup] DEBUG: |-- BitcoinOpenCL 2018-09-28 13:14:04,235 [cuckoo.core.startup] DEBUG: |-- BitcoinWallet 2018-09-28 13:14:04,235 [cuckoo.core.startup] DEBUG: |-- BitdefenderDetectLibs 2018-09-28 13:14:04,236 [cuckoo.core.startup] DEBUG: |-- BlackEnergyMutexes 2018-09-28 13:14:04,236 [cuckoo.core.startup] DEBUG: |-- Blackhole 2018-09-28 13:14:04,236 [cuckoo.core.startup] DEBUG: |-- BlackholeURL 2018-09-28 13:14:04,236 [cuckoo.core.startup] DEBUG: |-- Blackice 2018-09-28 13:14:04,236 [cuckoo.core.startup] DEBUG: |-- BlackposURL 2018-09-28 13:14:04,236 [cuckoo.core.startup] DEBUG: |-- BlackRevMutexes 2018-09-28 13:14:04,236 [cuckoo.core.startup] DEBUG: |-- Blackshades 2018-09-28 13:14:04,236 [cuckoo.core.startup] DEBUG: |-- BladabindiMutexes 2018-09-28 13:14:04,236 [cuckoo.core.startup] DEBUG: |-- BochsDetectKeys 2018-09-28 13:14:04,236 [cuckoo.core.startup] DEBUG: |-- Bootkit 2018-09-28 13:14:04,236 [cuckoo.core.startup] DEBUG: |-- Bottilda 2018-09-28 13:14:04,236 [cuckoo.core.startup] DEBUG: |-- BozokKey 2018-09-28 13:14:04,236 [cuckoo.core.startup] DEBUG: |-- browser_startpage 2018-09-28 13:14:04,236 [cuckoo.core.startup] DEBUG: |-- BrowserSecurity 2018-09-28 13:14:04,237 [cuckoo.core.startup] DEBUG: |-- BrowserStealer 2018-09-28 13:14:04,237 [cuckoo.core.startup] DEBUG: |-- Btcbotnet 2018-09-28 13:14:04,237 [cuckoo.core.startup] DEBUG: |-- Bublik 2018-09-28 13:14:04,237 [cuckoo.core.startup] DEBUG: |-- BuildLangID 2018-09-28 13:14:04,237 [cuckoo.core.startup] DEBUG: |-- BuzusMutexes 2018-09-28 13:14:04,237 [cuckoo.core.startup] DEBUG: |-- BypassFirewall 2018-09-28 13:14:04,237 [cuckoo.core.startup] DEBUG: |-- c24URL 2018-09-28 13:14:04,237 [cuckoo.core.startup] DEBUG: |-- CarberpMutexes 2018-09-28 13:14:04,237 [cuckoo.core.startup] DEBUG: |-- Ceatrg 2018-09-28 13:14:04,238 [cuckoo.core.startup] DEBUG: |-- ChanitorMutexes 2018-09-28 13:14:04,238 [cuckoo.core.startup] DEBUG: |-- CheckIP 2018-09-28 13:14:04,238 [cuckoo.core.startup] DEBUG: |-- ChecksDebugger 2018-09-28 13:14:04,238 [cuckoo.core.startup] DEBUG: |-- ChecksKernelDebugger 2018-09-28 13:14:04,238 [cuckoo.core.startup] DEBUG: |-- ClearPermissionEventLogs 2018-09-28 13:14:04,238 [cuckoo.core.startup] DEBUG: |-- ClearsEventLogs 2018-09-28 13:14:04,238 [cuckoo.core.startup] DEBUG: |-- ClickfraudCookies 2018-09-28 13:14:04,238 [cuckoo.core.startup] DEBUG: |-- cloud_mediafire 2018-09-28 13:14:04,238 [cuckoo.core.startup] DEBUG: |-- cloud_wetransfer 2018-09-28 13:14:04,238 [cuckoo.core.startup] DEBUG: |-- CloudFlare 2018-09-28 13:14:04,238 [cuckoo.core.startup] DEBUG: |-- CloudGoogle 2018-09-28 13:14:04,238 [cuckoo.core.startup] DEBUG: |-- CoinminerMutexes 2018-09-28 13:14:04,238 [cuckoo.core.startup] DEBUG: |-- ComRAT 2018-09-28 13:14:04,239 [cuckoo.core.startup] DEBUG: |-- ConsoleOutput 2018-09-28 13:14:04,239 [cuckoo.core.startup] DEBUG: |-- Crash 2018-09-28 13:14:04,239 [cuckoo.core.startup] DEBUG: |-- CreatesAutorunInf 2018-09-28 13:14:04,239 [cuckoo.core.startup] DEBUG: |-- CreatesDocument 2018-09-28 13:14:04,239 [cuckoo.core.startup] DEBUG: |-- CreatesExe 2018-09-28 13:14:04,239 [cuckoo.core.startup] DEBUG: |-- CreatesHiddenFile 2018-09-28 13:14:04,239 [cuckoo.core.startup] DEBUG: |-- CreatesLargeKey 2018-09-28 13:14:04,239 [cuckoo.core.startup] DEBUG: |-- CreatesNullRegistryEntry 2018-09-28 13:14:04,239 [cuckoo.core.startup] DEBUG: |-- CreatesService 2018-09-28 13:14:04,239 [cuckoo.core.startup] DEBUG: |-- CreatesShortcut 2018-09-28 13:14:04,239 [cuckoo.core.startup] DEBUG: |-- CreatesSuspiciousProcess 2018-09-28 13:14:04,239 [cuckoo.core.startup] DEBUG: |-- CredentialDumpingLsass 2018-09-28 13:14:04,239 [cuckoo.core.startup] DEBUG: |-- CredentialDumpingLsassAccess 2018-09-28 13:14:04,239 [cuckoo.core.startup] DEBUG: |-- Cridex 2018-09-28 13:14:04,240 [cuckoo.core.startup] DEBUG: |-- CryptGenKey 2018-09-28 13:14:04,240 [cuckoo.core.startup] DEBUG: |-- Cryptolocker 2018-09-28 13:14:04,240 [cuckoo.core.startup] DEBUG: |-- CryptoMiningStratumCommand 2018-09-28 13:14:04,240 [cuckoo.core.startup] DEBUG: |-- CuckooDetectFiles 2018-09-28 13:14:04,240 [cuckoo.core.startup] DEBUG: |-- Cybergate 2018-09-28 13:14:04,240 [cuckoo.core.startup] DEBUG: |-- Dapato 2018-09-28 13:14:04,240 [cuckoo.core.startup] DEBUG: |-- Darkcloud 2018-09-28 13:14:04,240 [cuckoo.core.startup] DEBUG: |-- DarkddosMutexes 2018-09-28 13:14:04,240 [cuckoo.core.startup] DEBUG: |-- Darkshell 2018-09-28 13:14:04,240 [cuckoo.core.startup] DEBUG: |-- Ddos556 2018-09-28 13:14:04,240 [cuckoo.core.startup] DEBUG: |-- Decay 2018-09-28 13:14:04,240 [cuckoo.core.startup] DEBUG: |-- DecebalMutexes 2018-09-28 13:14:04,240 [cuckoo.core.startup] DEBUG: |-- DeepFreezeMutex 2018-09-28 13:14:04,240 [cuckoo.core.startup] DEBUG: |-- DeletesExecutedFiles 2018-09-28 13:14:04,241 [cuckoo.core.startup] DEBUG: |-- DelfTrojan 2018-09-28 13:14:04,241 [cuckoo.core.startup] DEBUG: |-- DEPHeapBypass 2018-09-28 13:14:04,241 [cuckoo.core.startup] DEBUG: |-- DEPStackBypass 2018-09-28 13:14:04,241 [cuckoo.core.startup] DEBUG: |-- DerusbiMutexes 2018-09-28 13:14:04,241 [cuckoo.core.startup] DEBUG: |-- Dexter 2018-09-28 13:14:04,241 [cuckoo.core.startup] DEBUG: |-- Dibik 2018-09-28 13:14:04,241 [cuckoo.core.startup] DEBUG: |-- DirtJumper 2018-09-28 13:14:04,241 [cuckoo.core.startup] DEBUG: |-- DisableCmd 2018-09-28 13:14:04,241 [cuckoo.core.startup] DEBUG: |-- DisableRegedit 2018-09-28 13:14:04,241 [cuckoo.core.startup] DEBUG: |-- DisablesAppLaunch 2018-09-28 13:14:04,241 [cuckoo.core.startup] DEBUG: |-- DisablesBrowserWarn 2018-09-28 13:14:04,241 [cuckoo.core.startup] DEBUG: |-- DisablesIEHTTP2 2018-09-28 13:14:04,241 [cuckoo.core.startup] DEBUG: |-- DisablesProxy 2018-09-28 13:14:04,242 [cuckoo.core.startup] DEBUG: |-- DisablesSecurity 2018-09-28 13:14:04,242 [cuckoo.core.startup] DEBUG: |-- DisablesSPDYChrome 2018-09-28 13:14:04,242 [cuckoo.core.startup] DEBUG: |-- DisablesSPDYFirefox 2018-09-28 13:14:04,242 [cuckoo.core.startup] DEBUG: |-- DisablesSPDYIE 2018-09-28 13:14:04,242 [cuckoo.core.startup] DEBUG: |-- DisablesSystemRestore 2018-09-28 13:14:04,242 [cuckoo.core.startup] DEBUG: |-- DisablesWER 2018-09-28 13:14:04,242 [cuckoo.core.startup] DEBUG: |-- DisablesWindowsUpdate 2018-09-28 13:14:04,242 [cuckoo.core.startup] DEBUG: |-- DisableTaskMgr 2018-09-28 13:14:04,242 [cuckoo.core.startup] DEBUG: |-- DiskInformation 2018-09-28 13:14:04,242 [cuckoo.core.startup] DEBUG: |-- Dns_Freehosting_Domain 2018-09-28 13:14:04,242 [cuckoo.core.startup] DEBUG: |-- dnsserver_dynamic 2018-09-28 13:14:04,242 [cuckoo.core.startup] DEBUG: |-- DocumentClose 2018-09-28 13:14:04,242 [cuckoo.core.startup] DEBUG: |-- DocumentOpen 2018-09-28 13:14:04,242 [cuckoo.core.startup] DEBUG: |-- DoFoil 2018-09-28 13:14:04,243 [cuckoo.core.startup] DEBUG: |-- DownloaderCabby 2018-09-28 13:14:04,243 [cuckoo.core.startup] DEBUG: |-- Dridex_APIs 2018-09-28 13:14:04,243 [cuckoo.core.startup] DEBUG: |-- Drive 2018-09-28 13:14:04,243 [cuckoo.core.startup] DEBUG: |-- Drive2 2018-09-28 13:14:04,243 [cuckoo.core.startup] DEBUG: |-- DriverLoad 2018-09-28 13:14:04,243 [cuckoo.core.startup] DEBUG: |-- DropBox 2018-09-28 13:14:04,243 [cuckoo.core.startup] DEBUG: |-- Dropper 2018-09-28 13:14:04,243 [cuckoo.core.startup] DEBUG: |-- Dyreza 2018-09-28 13:14:04,243 [cuckoo.core.startup] DEBUG: |-- EclipseMutexes 2018-09-28 13:14:04,243 [cuckoo.core.startup] DEBUG: |-- Emotet 2018-09-28 13:14:04,243 [cuckoo.core.startup] DEBUG: |-- Emotet_APIs 2018-09-28 13:14:04,243 [cuckoo.core.startup] DEBUG: |-- Evilbot 2018-09-28 13:14:04,243 [cuckoo.core.startup] DEBUG: |-- ExcelDataLinks 2018-09-28 13:14:04,243 [cuckoo.core.startup] DEBUG: |-- ExeAppData 2018-09-28 13:14:04,244 [cuckoo.core.startup] DEBUG: |-- ExecBitsAdmin 2018-09-28 13:14:04,244 [cuckoo.core.startup] DEBUG: |-- ExecWaitFor 2018-09-28 13:14:04,244 [cuckoo.core.startup] DEBUG: |-- exp_3322_dom 2018-09-28 13:14:04,244 [cuckoo.core.startup] DEBUG: |-- Expiro 2018-09-28 13:14:04,244 [cuckoo.core.startup] DEBUG: |-- ExploitHeapspray 2018-09-28 13:14:04,244 [cuckoo.core.startup] DEBUG: |-- ExploitKitMutexes 2018-09-28 13:14:04,244 [cuckoo.core.startup] DEBUG: |-- FakeAVMutexes 2018-09-28 13:14:04,244 [cuckoo.core.startup] DEBUG: |-- FakeAVMutexes 2018-09-28 13:14:04,244 [cuckoo.core.startup] DEBUG: |-- FakeRean 2018-09-28 13:14:04,244 [cuckoo.core.startup] DEBUG: |-- FarFli 2018-09-28 13:14:04,244 [cuckoo.core.startup] DEBUG: |-- FesberMutexes 2018-09-28 13:14:04,244 [cuckoo.core.startup] DEBUG: |-- Fingerprint 2018-09-28 13:14:04,244 [cuckoo.core.startup] DEBUG: |-- Flame 2018-09-28 13:14:04,245 [cuckoo.core.startup] DEBUG: |-- Flystudio 2018-09-28 13:14:04,245 [cuckoo.core.startup] DEBUG: |-- FortinetDetectFiles 2018-09-28 13:14:04,245 [cuckoo.core.startup] DEBUG: |-- FTPStealer 2018-09-28 13:14:04,245 [cuckoo.core.startup] DEBUG: |-- Fynloski 2018-09-28 13:14:04,245 [cuckoo.core.startup] DEBUG: |-- Gaelicum 2018-09-28 13:14:04,245 [cuckoo.core.startup] DEBUG: |-- Ghostbot 2018-09-28 13:14:04,245 [cuckoo.core.startup] DEBUG: |-- HasAuthenticode 2018-09-28 13:14:04,245 [cuckoo.core.startup] DEBUG: |-- HasOfficeEps 2018-09-28 13:14:04,245 [cuckoo.core.startup] DEBUG: |-- HasPdb 2018-09-28 13:14:04,245 [cuckoo.core.startup] DEBUG: |-- HasWMI 2018-09-28 13:14:04,245 [cuckoo.core.startup] DEBUG: |-- Hesperbot 2018-09-28 13:14:04,245 [cuckoo.core.startup] DEBUG: |-- Hidden_Window 2018-09-28 13:14:04,245 [cuckoo.core.startup] DEBUG: |-- Hikit 2018-09-28 13:14:04,245 [cuckoo.core.startup] DEBUG: |-- HookMouse 2018-09-28 13:14:04,246 [cuckoo.core.startup] DEBUG: |-- Hupigon 2018-09-28 13:14:04,246 [cuckoo.core.startup] DEBUG: |-- HyperVDetectKeys 2018-09-28 13:14:04,246 [cuckoo.core.startup] DEBUG: |-- IcePoint 2018-09-28 13:14:04,246 [cuckoo.core.startup] DEBUG: |-- im_btb 2018-09-28 13:14:04,246 [cuckoo.core.startup] DEBUG: |-- im_qq 2018-09-28 13:14:04,246 [cuckoo.core.startup] DEBUG: |-- IMStealer 2018-09-28 13:14:04,246 [cuckoo.core.startup] DEBUG: |-- InceptionAPT 2018-09-28 13:14:04,246 [cuckoo.core.startup] DEBUG: |-- Infinity 2018-09-28 13:14:04,246 [cuckoo.core.startup] DEBUG: |-- InfoStealerClipboard 2018-09-28 13:14:04,246 [cuckoo.core.startup] DEBUG: |-- InjectionCreateRemoteThread 2018-09-28 13:14:04,246 [cuckoo.core.startup] DEBUG: |-- InjectionExplorer 2018-09-28 13:14:04,246 [cuckoo.core.startup] DEBUG: |-- InjectionModifiesMemory 2018-09-28 13:14:04,246 [cuckoo.core.startup] DEBUG: |-- InjectionNetworkTraffic 2018-09-28 13:14:04,247 [cuckoo.core.startup] DEBUG: |-- InjectionProcessSearch 2018-09-28 13:14:04,247 [cuckoo.core.startup] DEBUG: |-- InjectionQueueApcThread 2018-09-28 13:14:04,247 [cuckoo.core.startup] DEBUG: |-- InjectionRunPE 2018-09-28 13:14:04,247 [cuckoo.core.startup] DEBUG: |-- InjectionWriteMemory 2018-09-28 13:14:04,247 [cuckoo.core.startup] DEBUG: |-- InjectionWriteMemoryEXE 2018-09-28 13:14:04,247 [cuckoo.core.startup] DEBUG: |-- InstalledApps 2018-09-28 13:14:04,247 [cuckoo.core.startup] DEBUG: |-- InstallsAppInit 2018-09-28 13:14:04,247 [cuckoo.core.startup] DEBUG: |-- InstallsBHO 2018-09-28 13:14:04,247 [cuckoo.core.startup] DEBUG: |-- InstallsWinpcap 2018-09-28 13:14:04,247 [cuckoo.core.startup] DEBUG: |-- IPKillerMutexes 2018-09-28 13:14:04,247 [cuckoo.core.startup] DEBUG: |-- Ircbrute 2018-09-28 13:14:04,247 [cuckoo.core.startup] DEBUG: |-- ISRstealerURL 2018-09-28 13:14:04,247 [cuckoo.core.startup] DEBUG: |-- iStealerURL 2018-09-28 13:14:04,248 [cuckoo.core.startup] DEBUG: |-- JackPOSFile 2018-09-28 13:14:04,248 [cuckoo.core.startup] DEBUG: |-- JackposURL 2018-09-28 13:14:04,248 [cuckoo.core.startup] DEBUG: |-- JavaScriptCommandline 2018-09-28 13:14:04,248 [cuckoo.core.startup] DEBUG: |-- JeefoMutexes 2018-09-28 13:14:04,248 [cuckoo.core.startup] DEBUG: |-- Jewdo 2018-09-28 13:14:04,248 [cuckoo.core.startup] DEBUG: |-- JintorMutexes 2018-09-28 13:14:04,248 [cuckoo.core.startup] DEBUG: |-- JorikTrojan 2018-09-28 13:14:04,248 [cuckoo.core.startup] DEBUG: |-- Karagany 2018-09-28 13:14:04,248 [cuckoo.core.startup] DEBUG: |-- Karakum 2018-09-28 13:14:04,248 [cuckoo.core.startup] DEBUG: |-- Katusha 2018-09-28 13:14:04,248 [cuckoo.core.startup] DEBUG: |-- KelihosBot 2018-09-28 13:14:04,248 [cuckoo.core.startup] DEBUG: |-- Keylogger 2018-09-28 13:14:04,249 [cuckoo.core.startup] DEBUG: |-- Kilim 2018-09-28 13:14:04,249 [cuckoo.core.startup] DEBUG: |-- Killdisk 2018-09-28 13:14:04,249 [cuckoo.core.startup] DEBUG: |-- KnownVirustotal 2018-09-28 13:14:04,249 [cuckoo.core.startup] DEBUG: |-- Koobface 2018-09-28 13:14:04,249 [cuckoo.core.startup] DEBUG: |-- Koutodoor 2018-09-28 13:14:04,249 [cuckoo.core.startup] DEBUG: |-- KovterBot 2018-09-28 13:14:04,249 [cuckoo.core.startup] DEBUG: |-- KrepperMutexes 2018-09-28 13:14:04,249 [cuckoo.core.startup] DEBUG: |-- KuluozMutexes 2018-09-28 13:14:04,249 [cuckoo.core.startup] DEBUG: |-- Likseput 2018-09-28 13:14:04,249 [cuckoo.core.startup] DEBUG: |-- LocatesBrowser 2018-09-28 13:14:04,250 [cuckoo.core.startup] DEBUG: |-- LocatesSniffer 2018-09-28 13:14:04,250 [cuckoo.core.startup] DEBUG: |-- Lockscreen 2018-09-28 13:14:04,250 [cuckoo.core.startup] DEBUG: |-- LolBot 2018-09-28 13:14:04,250 [cuckoo.core.startup] DEBUG: |-- Luder 2018-09-28 13:14:04,250 [cuckoo.core.startup] DEBUG: |-- Madness 2018-09-28 13:14:04,250 [cuckoo.core.startup] DEBUG: |-- Madness 2018-09-28 13:14:04,250 [cuckoo.core.startup] DEBUG: |-- MadnessURL 2018-09-28 13:14:04,250 [cuckoo.core.startup] DEBUG: |-- MaganiaMutexes 2018-09-28 13:14:04,251 [cuckoo.core.startup] DEBUG: |-- MailStealer 2018-09-28 13:14:04,251 [cuckoo.core.startup] DEBUG: |-- MaliciousDocumentURLs 2018-09-28 13:14:04,251 [cuckoo.core.startup] DEBUG: |-- MartianCommandProcess 2018-09-28 13:14:04,251 [cuckoo.core.startup] DEBUG: |-- MegaUpload 2018-09-28 13:14:04,251 [cuckoo.core.startup] DEBUG: |-- MemoryAvailable 2018-09-28 13:14:04,251 [cuckoo.core.startup] DEBUG: |-- MemoryProtectionRX 2018-09-28 13:14:04,251 [cuckoo.core.startup] DEBUG: |-- MetasploitShellcode 2018-09-28 13:14:04,251 [cuckoo.core.startup] DEBUG: |-- Minerbot 2018-09-28 13:14:04,251 [cuckoo.core.startup] DEBUG: |-- miningpool 2018-09-28 13:14:04,252 [cuckoo.core.startup] DEBUG: |-- MircFile 2018-09-28 13:14:04,252 [cuckoo.core.startup] DEBUG: |-- ModifiesBootConfig 2018-09-28 13:14:04,252 [cuckoo.core.startup] DEBUG: |-- ModifiesCertificates 2018-09-28 13:14:04,252 [cuckoo.core.startup] DEBUG: |-- ModifiesDesktopWallpaper 2018-09-28 13:14:04,252 [cuckoo.core.startup] DEBUG: |-- ModifiesFirefoxConfiguration 2018-09-28 13:14:04,252 [cuckoo.core.startup] DEBUG: |-- ModifiesProxyAutoConfig 2018-09-28 13:14:04,253 [cuckoo.core.startup] DEBUG: |-- ModifiesProxyOverride 2018-09-28 13:14:04,253 [cuckoo.core.startup] DEBUG: |-- ModifiesProxyWPAD 2018-09-28 13:14:04,253 [cuckoo.core.startup] DEBUG: |-- ModifiesUACNotify 2018-09-28 13:14:04,253 [cuckoo.core.startup] DEBUG: |-- ModifySecurityCenterWarnings 2018-09-28 13:14:04,253 [cuckoo.core.startup] DEBUG: |-- MovesSelf 2018-09-28 13:14:04,253 [cuckoo.core.startup] DEBUG: |-- Multiple_UA 2018-09-28 13:14:04,253 [cuckoo.core.startup] DEBUG: |-- MyBot 2018-09-28 13:14:04,253 [cuckoo.core.startup] DEBUG: |-- Nakbot 2018-09-28 13:14:04,254 [cuckoo.core.startup] DEBUG: |-- Napolar 2018-09-28 13:14:04,254 [cuckoo.core.startup] DEBUG: |-- Nebuler 2018-09-28 13:14:04,254 [cuckoo.core.startup] DEBUG: |-- Netobserve 2018-09-28 13:14:04,254 [cuckoo.core.startup] DEBUG: |-- Netshadow 2018-09-28 13:14:04,254 [cuckoo.core.startup] DEBUG: |-- Netwire 2018-09-28 13:14:04,254 [cuckoo.core.startup] DEBUG: |-- NetworkAdapters 2018-09-28 13:14:04,254 [cuckoo.core.startup] DEBUG: |-- NetworkDocumentFile 2018-09-28 13:14:04,255 [cuckoo.core.startup] DEBUG: |-- NetworkEXE 2018-09-28 13:14:04,255 [cuckoo.core.startup] DEBUG: |-- Nitol 2018-09-28 13:14:04,255 [cuckoo.core.startup] DEBUG: |-- NjRat 2018-09-28 13:14:04,255 [cuckoo.core.startup] DEBUG: |-- NtSetContextThreadRemote 2018-09-28 13:14:04,255 [cuckoo.core.startup] DEBUG: |-- Nymaim_APIs 2018-09-28 13:14:04,255 [cuckoo.core.startup] DEBUG: |-- ObfusMutexes 2018-09-28 13:14:04,255 [cuckoo.core.startup] DEBUG: |-- OfficeCheckName 2018-09-28 13:14:04,256 [cuckoo.core.startup] DEBUG: |-- OfficeCheckProjectName 2018-09-28 13:14:04,256 [cuckoo.core.startup] DEBUG: |-- OfficeCheckVersion 2018-09-28 13:14:04,256 [cuckoo.core.startup] DEBUG: |-- OfficeCheckWindow 2018-09-28 13:14:04,256 [cuckoo.core.startup] DEBUG: |-- OfficeCountDirectories 2018-09-28 13:14:04,256 [cuckoo.core.startup] DEBUG: |-- OfficeCreateObject 2018-09-28 13:14:04,257 [cuckoo.core.startup] DEBUG: |-- OfficeDDE 2018-09-28 13:14:04,257 [cuckoo.core.startup] DEBUG: |-- OfficeEpsStrings 2018-09-28 13:14:04,257 [cuckoo.core.startup] DEBUG: |-- OfficeHttpRequest 2018-09-28 13:14:04,257 [cuckoo.core.startup] DEBUG: |-- OfficeIndirectCall 2018-09-28 13:14:04,257 [cuckoo.core.startup] DEBUG: |-- OfficePackager 2018-09-28 13:14:04,257 [cuckoo.core.startup] DEBUG: |-- OfficePlatformDetect 2018-09-28 13:14:04,257 [cuckoo.core.startup] DEBUG: |-- OfficeRecentFiles 2018-09-28 13:14:04,257 [cuckoo.core.startup] DEBUG: |-- OfficeVulnerableGuid 2018-09-28 13:14:04,257 [cuckoo.core.startup] DEBUG: |-- OfficeVulnModules 2018-09-28 13:14:04,257 [cuckoo.core.startup] DEBUG: |-- Oldrea 2018-09-28 13:14:04,257 [cuckoo.core.startup] DEBUG: |-- PackerEntropy 2018-09-28 13:14:04,258 [cuckoo.core.startup] DEBUG: |-- Palevo 2018-09-28 13:14:04,258 [cuckoo.core.startup] DEBUG: |-- ParallelsDetectKeys 2018-09-28 13:14:04,258 [cuckoo.core.startup] DEBUG: |-- ParallelsDetectWindow 2018-09-28 13:14:04,258 [cuckoo.core.startup] DEBUG: |-- Pasta 2018-09-28 13:14:04,258 [cuckoo.core.startup] DEBUG: |-- PcClientMutexes 2018-09-28 13:14:04,258 [cuckoo.core.startup] DEBUG: |-- PEFeatures 2018-09-28 13:14:04,258 [cuckoo.core.startup] DEBUG: |-- PEIDPacker 2018-09-28 13:14:04,258 [cuckoo.core.startup] DEBUG: |-- PerfLogger 2018-09-28 13:14:04,258 [cuckoo.core.startup] DEBUG: |-- PersistenceBootexecute 2018-09-28 13:14:04,258 [cuckoo.core.startup] DEBUG: |-- PersistenceRegistryEXE 2018-09-28 13:14:04,258 [cuckoo.core.startup] DEBUG: |-- PersistenceRegistryJavaScript 2018-09-28 13:14:04,258 [cuckoo.core.startup] DEBUG: |-- PersistenceRegistryPowershell 2018-09-28 13:14:04,259 [cuckoo.core.startup] DEBUG: |-- PEUnknownResourceName 2018-09-28 13:14:04,259 [cuckoo.core.startup] DEBUG: |-- Phorpiex 2018-09-28 13:14:04,259 [cuckoo.core.startup] DEBUG: |-- Pidief 2018-09-28 13:14:04,259 [cuckoo.core.startup] DEBUG: |-- Plugx 2018-09-28 13:14:04,259 [cuckoo.core.startup] DEBUG: |-- Poebot 2018-09-28 13:14:04,259 [cuckoo.core.startup] DEBUG: |-- PoisonIvy 2018-09-28 13:14:04,259 [cuckoo.core.startup] DEBUG: |-- Polymorphic 2018-09-28 13:14:04,259 [cuckoo.core.startup] DEBUG: |-- Ponfoy 2018-09-28 13:14:04,259 [cuckoo.core.startup] DEBUG: |-- PonyURL 2018-09-28 13:14:04,259 [cuckoo.core.startup] DEBUG: |-- PosCardStealerURL 2018-09-28 13:14:04,259 [cuckoo.core.startup] DEBUG: |-- Powerfun 2018-09-28 13:14:04,260 [cuckoo.core.startup] DEBUG: |-- PowershellBitsTransfer 2018-09-28 13:14:04,260 [cuckoo.core.startup] DEBUG: |-- PowershellCcDns 2018-09-28 13:14:04,260 [cuckoo.core.startup] DEBUG: |-- PowershellDdiRc4 2018-09-28 13:14:04,260 [cuckoo.core.startup] DEBUG: |-- PowershellDFSP 2018-09-28 13:14:04,260 [cuckoo.core.startup] DEBUG: |-- PowershellDI 2018-09-28 13:14:04,260 [cuckoo.core.startup] DEBUG: |-- PowershellDownload 2018-09-28 13:14:04,260 [cuckoo.core.startup] DEBUG: |-- PowershellEmpire 2018-09-28 13:14:04,260 [cuckoo.core.startup] DEBUG: |-- PowershellMeterpreter 2018-09-28 13:14:04,260 [cuckoo.core.startup] DEBUG: |-- PowershellRegAdd 2018-09-28 13:14:04,260 [cuckoo.core.startup] DEBUG: |-- PowershellRequest 2018-09-28 13:14:04,260 [cuckoo.core.startup] DEBUG: |-- PowershellUnicorn 2018-09-28 13:14:04,261 [cuckoo.core.startup] DEBUG: |-- Powerworm 2018-09-28 13:14:04,261 [cuckoo.core.startup] DEBUG: |-- Prinimalka 2018-09-28 13:14:04,261 [cuckoo.core.startup] DEBUG: |-- PrivilegeLUIDCheck 2018-09-28 13:14:04,261 [cuckoo.core.startup] DEBUG: |-- ProcessInterest 2018-09-28 13:14:04,261 [cuckoo.core.startup] DEBUG: |-- ProcessMartian 2018-09-28 13:14:04,261 [cuckoo.core.startup] DEBUG: |-- ProcessNeeded 2018-09-28 13:14:04,261 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpIPURLs 2018-09-28 13:14:04,261 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpTORURLs 2018-09-28 13:14:04,261 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpURLs 2018-09-28 13:14:04,261 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpYara 2018-09-28 13:14:04,262 [cuckoo.core.startup] DEBUG: |-- Psyokym 2018-09-28 13:14:04,262 [cuckoo.core.startup] DEBUG: |-- PuceMutexes 2018-09-28 13:14:04,262 [cuckoo.core.startup] DEBUG: |-- PutterpandaMutexes 2018-09-28 13:14:04,262 [cuckoo.core.startup] DEBUG: |-- Putty 2018-09-28 13:14:04,262 [cuckoo.core.startup] DEBUG: |-- PWDumpFile 2018-09-28 13:14:04,262 [cuckoo.core.startup] DEBUG: |-- Pykse 2018-09-28 13:14:04,262 [cuckoo.core.startup] DEBUG: |-- Qakbot 2018-09-28 13:14:04,262 [cuckoo.core.startup] DEBUG: |-- QueriesInstalledApps 2018-09-28 13:14:04,262 [cuckoo.core.startup] DEBUG: |-- Ragebot 2018-09-28 13:14:04,262 [cuckoo.core.startup] DEBUG: |-- RaisesException 2018-09-28 13:14:04,262 [cuckoo.core.startup] DEBUG: |-- Ramnit 2018-09-28 13:14:04,263 [cuckoo.core.startup] DEBUG: |-- RamsomwareFileMoves 2018-09-28 13:14:04,263 [cuckoo.core.startup] DEBUG: |-- ransomware_viruscoder 2018-09-28 13:14:04,263 [cuckoo.core.startup] DEBUG: |-- RansomwareAppendsExtension 2018-09-28 13:14:04,263 [cuckoo.core.startup] DEBUG: |-- RansomwareBcdedit 2018-09-28 13:14:04,263 [cuckoo.core.startup] DEBUG: |-- RansomwareDroppedFiles 2018-09-28 13:14:04,263 [cuckoo.core.startup] DEBUG: |-- RansomwareExtensions 2018-09-28 13:14:04,263 [cuckoo.core.startup] DEBUG: |-- RansomwareFiles 2018-09-28 13:14:04,263 [cuckoo.core.startup] DEBUG: |-- RansomwareMassFileDelete 2018-09-28 13:14:04,263 [cuckoo.core.startup] DEBUG: |-- RansomwareMessage 2018-09-28 13:14:04,263 [cuckoo.core.startup] DEBUG: |-- RansomwareMessageOCR 2018-09-28 13:14:04,264 [cuckoo.core.startup] DEBUG: |-- RansomwareRecyclebin 2018-09-28 13:14:04,264 [cuckoo.core.startup] DEBUG: |-- RansomwareShadowcopy 2018-09-28 13:14:04,264 [cuckoo.core.startup] DEBUG: |-- RansomwareWbadmin 2018-09-28 13:14:04,264 [cuckoo.core.startup] DEBUG: |-- RapidShare 2018-09-28 13:14:04,264 [cuckoo.core.startup] DEBUG: |-- rat_fexel_ip 2018-09-28 13:14:04,264 [cuckoo.core.startup] DEBUG: |-- rat_naid_ip 2018-09-28 13:14:04,264 [cuckoo.core.startup] DEBUG: |-- RatSiggen 2018-09-28 13:14:04,264 [cuckoo.core.startup] DEBUG: |-- RBot 2018-09-28 13:14:04,264 [cuckoo.core.startup] DEBUG: |-- RdpMutexes 2018-09-28 13:14:04,264 [cuckoo.core.startup] DEBUG: |-- ReadsUserAgent 2018-09-28 13:14:04,264 [cuckoo.core.startup] DEBUG: |-- Recon_Beacon 2018-09-28 13:14:04,265 [cuckoo.core.startup] DEBUG: |-- RemovesZoneIdADS 2018-09-28 13:14:04,265 [cuckoo.core.startup] DEBUG: |-- Renocide 2018-09-28 13:14:04,265 [cuckoo.core.startup] DEBUG: |-- RenosTrojan 2018-09-28 13:14:04,265 [cuckoo.core.startup] DEBUG: |-- ResumeThread 2018-09-28 13:14:04,265 [cuckoo.core.startup] DEBUG: |-- Rovnix 2018-09-28 13:14:04,265 [cuckoo.core.startup] DEBUG: |-- RTFCharacterSet 2018-09-28 13:14:04,265 [cuckoo.core.startup] DEBUG: |-- RTFUnknownVersion 2018-09-28 13:14:04,265 [cuckoo.core.startup] DEBUG: |-- Runbu 2018-09-28 13:14:04,265 [cuckoo.core.startup] DEBUG: |-- RunouceMutexes 2018-09-28 13:14:04,265 [cuckoo.core.startup] DEBUG: |-- Ruskill 2018-09-28 13:14:04,265 [cuckoo.core.startup] DEBUG: |-- Sadbot 2018-09-28 13:14:04,266 [cuckoo.core.startup] DEBUG: |-- SandboxieDetect 2018-09-28 13:14:04,266 [cuckoo.core.startup] DEBUG: |-- SandboxJoeAnubisDetectFiles 2018-09-28 13:14:04,266 [cuckoo.core.startup] DEBUG: |-- SDBot 2018-09-28 13:14:04,266 [cuckoo.core.startup] DEBUG: |-- SelfDeleteBat 2018-09-28 13:14:04,266 [cuckoo.core.startup] DEBUG: |-- Senna 2018-09-28 13:14:04,266 [cuckoo.core.startup] DEBUG: |-- Shadowbot 2018-09-28 13:14:04,266 [cuckoo.core.startup] DEBUG: |-- SharingRGhost 2018-09-28 13:14:04,266 [cuckoo.core.startup] DEBUG: |-- SharpStealerURL 2018-09-28 13:14:04,266 [cuckoo.core.startup] DEBUG: |-- ShellcodeWriteProcessMemory 2018-09-28 13:14:04,266 [cuckoo.core.startup] DEBUG: |-- Shiz 2018-09-28 13:14:04,266 [cuckoo.core.startup] DEBUG: |-- Shylock 2018-09-28 13:14:04,266 [cuckoo.core.startup] DEBUG: |-- SipStun 2018-09-28 13:14:04,267 [cuckoo.core.startup] DEBUG: |-- Smtp_GMail 2018-09-28 13:14:04,267 [cuckoo.core.startup] DEBUG: |-- Smtp_Live 2018-09-28 13:14:04,267 [cuckoo.core.startup] DEBUG: |-- Smtp_Mail_Ru 2018-09-28 13:14:04,267 [cuckoo.core.startup] DEBUG: |-- Smtp_Yahoo 2018-09-28 13:14:04,267 [cuckoo.core.startup] DEBUG: |-- SolarURL 2018-09-28 13:14:04,267 [cuckoo.core.startup] DEBUG: |-- SpyEyeMutexes 2018-09-28 13:14:04,267 [cuckoo.core.startup] DEBUG: |-- SpyeyeURL 2018-09-28 13:14:04,267 [cuckoo.core.startup] DEBUG: |-- SpynetRat 2018-09-28 13:14:04,267 [cuckoo.core.startup] DEBUG: |-- Spyrecorder 2018-09-28 13:14:04,267 [cuckoo.core.startup] DEBUG: |-- StackPivot 2018-09-28 13:14:04,268 [cuckoo.core.startup] DEBUG: |-- StackPivotShellcodeAPIs 2018-09-28 13:14:04,268 [cuckoo.core.startup] DEBUG: |-- StackPivotShellcodeCreateProcess 2018-09-28 13:14:04,268 [cuckoo.core.startup] DEBUG: |-- Staser 2018-09-28 13:14:04,268 [cuckoo.core.startup] DEBUG: |-- StealthChildProc 2018-09-28 13:14:04,268 [cuckoo.core.startup] DEBUG: |-- StealthHiddenExtension 2018-09-28 13:14:04,268 [cuckoo.core.startup] DEBUG: |-- StealthHiddenFile 2018-09-28 13:14:04,268 [cuckoo.core.startup] DEBUG: |-- StealthHiddenIcons 2018-09-28 13:14:04,268 [cuckoo.core.startup] DEBUG: |-- StealthHideNotifications 2018-09-28 13:14:04,268 [cuckoo.core.startup] DEBUG: |-- StealthSystemProcName 2018-09-28 13:14:04,268 [cuckoo.core.startup] DEBUG: |-- StopsService 2018-09-28 13:14:04,268 [cuckoo.core.startup] DEBUG: |-- SunbeltDetectFiles 2018-09-28 13:14:04,269 [cuckoo.core.startup] DEBUG: |-- SunBeltSandboxDetect 2018-09-28 13:14:04,269 [cuckoo.core.startup] DEBUG: |-- SuspiciousCommandTools 2018-09-28 13:14:04,269 [cuckoo.core.startup] DEBUG: |-- SuspiciousPowershell 2018-09-28 13:14:04,269 [cuckoo.core.startup] DEBUG: |-- SuspiciousWriteEXE 2018-09-28 13:14:04,269 [cuckoo.core.startup] DEBUG: |-- SweetorangeMutexes 2018-09-28 13:14:04,269 [cuckoo.core.startup] DEBUG: |-- Swrort 2018-09-28 13:14:04,269 [cuckoo.core.startup] DEBUG: |-- SysInternalsToolsUsage 2018-09-28 13:14:04,269 [cuckoo.core.startup] DEBUG: |-- SystemInfo 2018-09-28 13:14:04,269 [cuckoo.core.startup] DEBUG: |-- SystemMetrics 2018-09-28 13:14:04,269 [cuckoo.core.startup] DEBUG: |-- TapiDpMutexes 2018-09-28 13:14:04,269 [cuckoo.core.startup] DEBUG: |-- TDSSBackdoor 2018-09-28 13:14:04,269 [cuckoo.core.startup] DEBUG: |-- TeamviewerRat 2018-09-28 13:14:04,269 [cuckoo.core.startup] DEBUG: |-- TerminatesRemoteProcess 2018-09-28 13:14:04,270 [cuckoo.core.startup] DEBUG: |-- ThreatTrackDetectFiles 2018-09-28 13:14:04,270 [cuckoo.core.startup] DEBUG: |-- TinbaMutexes 2018-09-28 13:14:04,270 [cuckoo.core.startup] DEBUG: |-- TnegaMutexes 2018-09-28 13:14:04,270 [cuckoo.core.startup] DEBUG: |-- Tor 2018-09-28 13:14:04,270 [cuckoo.core.startup] DEBUG: |-- TorHiddenService 2018-09-28 13:14:04,270 [cuckoo.core.startup] DEBUG: |-- Travnet 2018-09-28 13:14:04,270 [cuckoo.core.startup] DEBUG: |-- Trogbot 2018-09-28 13:14:04,270 [cuckoo.core.startup] DEBUG: |-- TrojanJorik 2018-09-28 13:14:04,270 [cuckoo.core.startup] DEBUG: |-- TrojanLethic 2018-09-28 13:14:04,270 [cuckoo.core.startup] DEBUG: |-- TrojanLethic 2018-09-28 13:14:04,270 [cuckoo.core.startup] DEBUG: |-- trojanmrblack 2018-09-28 13:14:04,270 [cuckoo.core.startup] DEBUG: |-- TrojanRedosru 2018-09-28 13:14:04,271 [cuckoo.core.startup] DEBUG: |-- TrojanSysn 2018-09-28 13:14:04,271 [cuckoo.core.startup] DEBUG: |-- trojanyoddos 2018-09-28 13:14:04,271 [cuckoo.core.startup] DEBUG: |-- TufikMutexes 2018-09-28 13:14:04,271 [cuckoo.core.startup] DEBUG: |-- Turkojan 2018-09-28 13:14:04,271 [cuckoo.core.startup] DEBUG: |-- TurlaCarbon 2018-09-28 13:14:04,271 [cuckoo.core.startup] DEBUG: |-- UFRStealer 2018-09-28 13:14:04,271 [cuckoo.core.startup] DEBUG: |-- Unhook 2018-09-28 13:14:04,271 [cuckoo.core.startup] DEBUG: |-- Upatre 2018-09-28 13:14:04,271 [cuckoo.core.startup] DEBUG: |-- UpatreTDMutexes 2018-09-28 13:14:04,271 [cuckoo.core.startup] DEBUG: |-- UPXCompressed 2018-09-28 13:14:04,271 [cuckoo.core.startup] DEBUG: |-- UrkShortCN 2018-09-28 13:14:04,271 [cuckoo.core.startup] DEBUG: |-- URLFile 2018-09-28 13:14:04,272 [cuckoo.core.startup] DEBUG: |-- URLSpy 2018-09-28 13:14:04,272 [cuckoo.core.startup] DEBUG: |-- UroburosFile 2018-09-28 13:14:04,272 [cuckoo.core.startup] DEBUG: |-- UroburosMutexes 2018-09-28 13:14:04,272 [cuckoo.core.startup] DEBUG: |-- Urxbot 2018-09-28 13:14:04,272 [cuckoo.core.startup] DEBUG: |-- UsesWindowsUtilities 2018-09-28 13:14:04,272 [cuckoo.core.startup] DEBUG: |-- Vanbot 2018-09-28 13:14:04,272 [cuckoo.core.startup] DEBUG: |-- VBInject 2018-09-28 13:14:04,272 [cuckoo.core.startup] DEBUG: |-- VBoxDetectACPI 2018-09-28 13:14:04,272 [cuckoo.core.startup] DEBUG: |-- VBoxDetectDevices 2018-09-28 13:14:04,272 [cuckoo.core.startup] DEBUG: |-- VBoxDetectFiles 2018-09-28 13:14:04,272 [cuckoo.core.startup] DEBUG: |-- VBoxDetectKeys 2018-09-28 13:14:04,273 [cuckoo.core.startup] DEBUG: |-- VBoxDetectProvname 2018-09-28 13:14:04,273 [cuckoo.core.startup] DEBUG: |-- VBoxDetectWindow 2018-09-28 13:14:04,273 [cuckoo.core.startup] DEBUG: |-- Vertex 2018-09-28 13:14:04,273 [cuckoo.core.startup] DEBUG: |-- VertexSolarURL 2018-09-28 13:14:04,273 [cuckoo.core.startup] DEBUG: |-- VirtualPCDetect 2018-09-28 13:14:04,273 [cuckoo.core.startup] DEBUG: |-- VirtualPCDetectWindow 2018-09-28 13:14:04,273 [cuckoo.core.startup] DEBUG: |-- VirtualPCIllegalInstruction 2018-09-28 13:14:04,273 [cuckoo.core.startup] DEBUG: |-- Virut 2018-09-28 13:14:04,273 [cuckoo.core.startup] DEBUG: |-- VMFirmware 2018-09-28 13:14:04,273 [cuckoo.core.startup] DEBUG: |-- VMPPacked 2018-09-28 13:14:04,273 [cuckoo.core.startup] DEBUG: |-- VMWareDetectFiles 2018-09-28 13:14:04,274 [cuckoo.core.startup] DEBUG: |-- VMWareDetectKeys 2018-09-28 13:14:04,274 [cuckoo.core.startup] DEBUG: |-- VMwareDetectWindow 2018-09-28 13:14:04,274 [cuckoo.core.startup] DEBUG: |-- VMWareInInstruction 2018-09-28 13:14:04,274 [cuckoo.core.startup] DEBUG: |-- VncMutexes 2018-09-28 13:14:04,274 [cuckoo.core.startup] DEBUG: |-- VNLoaderURL 2018-09-28 13:14:04,274 [cuckoo.core.startup] DEBUG: |-- VolDevicetree1 2018-09-28 13:14:04,274 [cuckoo.core.startup] DEBUG: |-- VolHandles1 2018-09-28 13:14:04,274 [cuckoo.core.startup] DEBUG: |-- VolLdrModules1 2018-09-28 13:14:04,274 [cuckoo.core.startup] DEBUG: |-- VolLdrModules2 2018-09-28 13:14:04,274 [cuckoo.core.startup] DEBUG: |-- VolMalfind1 2018-09-28 13:14:04,274 [cuckoo.core.startup] DEBUG: |-- VolModscan1 2018-09-28 13:14:04,275 [cuckoo.core.startup] DEBUG: |-- VolSvcscan1 2018-09-28 13:14:04,275 [cuckoo.core.startup] DEBUG: |-- VolSvcscan2 2018-09-28 13:14:04,275 [cuckoo.core.startup] DEBUG: |-- VolSvcscan3 2018-09-28 13:14:04,275 [cuckoo.core.startup] DEBUG: |-- VPCDetectKeys 2018-09-28 13:14:04,275 [cuckoo.core.startup] DEBUG: |-- Wakbot 2018-09-28 13:14:04,275 [cuckoo.core.startup] DEBUG: |-- WarbotURL 2018-09-28 13:14:04,275 [cuckoo.core.startup] DEBUG: |-- Whimoo 2018-09-28 13:14:04,275 [cuckoo.core.startup] DEBUG: |-- Win32ProcessCreate 2018-09-28 13:14:04,275 [cuckoo.core.startup] DEBUG: |-- WineDetect 2018-09-28 13:14:04,275 [cuckoo.core.startup] DEBUG: |-- WinSCP 2018-09-28 13:14:04,275 [cuckoo.core.startup] DEBUG: |-- WinSxsBot 2018-09-28 13:14:04,275 [cuckoo.core.startup] DEBUG: |-- WMIAntiVM 2018-09-28 13:14:04,276 [cuckoo.core.startup] DEBUG: |-- WMIPersistance 2018-09-28 13:14:04,276 [cuckoo.core.startup] DEBUG: |-- WMIService 2018-09-28 13:14:04,276 [cuckoo.core.startup] DEBUG: |-- WormAllaple 2018-09-28 13:14:04,276 [cuckoo.core.startup] DEBUG: |-- WormKolabc 2018-09-28 13:14:04,276 [cuckoo.core.startup] DEBUG: |-- XenDetectKeys 2018-09-28 13:14:04,276 [cuckoo.core.startup] DEBUG: |-- XtremeRAT 2018-09-28 13:14:04,276 [cuckoo.core.startup] DEBUG: |-- Xworm 2018-09-28 13:14:04,276 [cuckoo.core.startup] DEBUG: |-- Zegost 2018-09-28 13:14:04,276 [cuckoo.core.startup] DEBUG: |-- ZeusMutexes 2018-09-28 13:14:04,276 [cuckoo.core.startup] DEBUG: |-- ZeusP2P 2018-09-28 13:14:04,276 [cuckoo.core.startup] DEBUG: |-- ZeusURL 2018-09-28 13:14:04,277 [cuckoo.core.startup] DEBUG:-- ZoneID 2018-09-28 13:14:04,277 [cuckoo.core.startup] DEBUG: Imported "reporting" modules: 2018-09-28 13:14:04,277 [cuckoo.core.startup] DEBUG: |-- ElasticSearch 2018-09-28 13:14:04,277 [cuckoo.core.startup] DEBUG: |-- Feedback 2018-09-28 13:14:04,277 [cuckoo.core.startup] DEBUG: |-- JsonDump 2018-09-28 13:14:04,277 [cuckoo.core.startup] DEBUG: |-- Mattermost 2018-09-28 13:14:04,277 [cuckoo.core.startup] DEBUG: |-- MISP 2018-09-28 13:14:04,277 [cuckoo.core.startup] DEBUG: |-- Moloch 2018-09-28 13:14:04,277 [cuckoo.core.startup] DEBUG: |-- MongoDB 2018-09-28 13:14:04,277 [cuckoo.core.startup] DEBUG: |-- Notification 2018-09-28 13:14:04,277 [cuckoo.core.startup] DEBUG: `-- SingleFile 2018-09-28 13:14:04,282 [cuckoo.core.startup] DEBUG: Checking for locked tasks.. 2018-09-28 13:14:04,295 [cuckoo.core.startup] DEBUG: Checking for pending service tasks.. 2018-09-28 13:14:04,303 [cuckoo.core.startup] DEBUG: Initializing Yara... 2018-09-28 13:14:04,306 [cuckoo.core.startup] DEBUG: |-- binaries embedded.yar 2018-09-28 13:14:04,306 [cuckoo.core.startup] DEBUG: |-- binaries filetypes.yar 2018-09-28 13:14:04,306 [cuckoo.core.startup] DEBUG: |-- binaries shellcodes.yar 2018-09-28 13:14:04,306 [cuckoo.core.startup] DEBUG: |-- binaries vmdetect.yar 2018-09-28 13:14:04,311 [cuckoo.core.startup] DEBUG: |-- scripts applocker_bypass.yar 2018-09-28 13:14:04,311 [cuckoo.core.startup] DEBUG: |-- scripts powerfun.yar 2018-09-28 13:14:04,311 [cuckoo.core.startup] DEBUG: |-- scripts powershell_AMSI.yar 2018-09-28 13:14:04,311 [cuckoo.core.startup] DEBUG: |-- scripts powershell_BITS_transfer.yar 2018-09-28 13:14:04,311 [cuckoo.core.startup] DEBUG: |-- scripts powershell_ddi_rc4.yar 2018-09-28 13:14:04,311 [cuckoo.core.startup] DEBUG: |-- scripts powershell_dfsp.yar 2018-09-28 13:14:04,311 [cuckoo.core.startup] DEBUG: |-- scripts powershell_di.yar 2018-09-28 13:14:04,311 [cuckoo.core.startup] DEBUG: |-- scripts powershell_empire.yar 2018-09-28 13:14:04,311 [cuckoo.core.startup] DEBUG: |-- scripts powershell_meterpreter.yar 2018-09-28 13:14:04,312 [cuckoo.core.startup] DEBUG: |-- scripts powershell_txt_c2.yar 2018-09-28 13:14:04,312 [cuckoo.core.startup] DEBUG: |-- scripts powershell_unicorn.yar 2018-09-28 13:14:04,312 [cuckoo.core.startup] DEBUG: |-- scripts powerworm.yar 2018-09-28 13:14:04,312 [cuckoo.core.startup] DEBUG: |-- shellcode metasploit.yar 2018-09-28 13:14:04,313 [cuckoo.core.startup] DEBUG: |-- office dde.yar 2018-09-28 13:14:04,313 [cuckoo.core.startup] DEBUG: |-- office ole.yar 2018-09-28 13:14:04,314 [cuckoo.core.resultserver] DEBUG: ResultServer running on 192.168.56.1:2042. 2018-09-28 13:14:04,315 [cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2018-09-28 13:14:04,562 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm windows 2018-09-28 13:14:05,815 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine windows to clean 2018-09-28 13:14:05,934 [cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2018-09-28 13:14:05,947 [cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2018-09-28 13:17:29,327 [cuckoo.core.scheduler] DEBUG: Processing task #1 2018-09-28 13:17:29,335 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "test5" (task #1, options "procmemdump=yes,route=none") 2018-09-28 13:17:29,367 [cuckoo.core.scheduler] INFO: Task #1: acquired machine windows (label=windows) 2018-09-28 13:17:29,367 [cuckoo.auxiliary.mitm] ERROR: Mitmdump root certificate not found at path "bin/cert.p12" (real path "/home/divya/.cuckoo/analyzer/windows/bin/cert.p12"), man in the middle interception aborted. 2018-09-28 13:17:29,367 [cuckoo.core.plugins] DEBUG: Started auxiliary module: MITM 2018-09-28 13:17:29,373 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 3790 (interface=vboxnet0, host=192.168.56.101) 2018-09-28 13:17:29,373 [cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer 2018-09-28 13:17:29,402 [cuckoo.machinery.virtualbox] DEBUG: Starting vm windows 2018-09-28 13:17:29,493 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine windows to clean 2018-09-28 13:17:29,658 [cuckoo.common.abstracts] DEBUG: Waiting 0 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:30,733 [cuckoo.common.abstracts] DEBUG: Waiting 1 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:31,811 [cuckoo.common.abstracts] DEBUG: Waiting 2 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:32,898 [cuckoo.common.abstracts] DEBUG: Waiting 3 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:33,987 [cuckoo.common.abstracts] DEBUG: Waiting 4 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:35,072 [cuckoo.common.abstracts] DEBUG: Waiting 5 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:36,170 [cuckoo.common.abstracts] DEBUG: Waiting 6 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:37,255 [cuckoo.common.abstracts] DEBUG: Waiting 7 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:38,341 [cuckoo.common.abstracts] DEBUG: Waiting 8 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:39,438 [cuckoo.common.abstracts] DEBUG: Waiting 9 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:40,525 [cuckoo.common.abstracts] DEBUG: Waiting 10 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:41,615 [cuckoo.common.abstracts] DEBUG: Waiting 11 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:42,709 [cuckoo.common.abstracts] DEBUG: Waiting 12 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:43,808 [cuckoo.common.abstracts] DEBUG: Waiting 13 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:44,901 [cuckoo.common.abstracts] DEBUG: Waiting 14 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:45,996 [cuckoo.common.abstracts] DEBUG: Waiting 15 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:47,079 [cuckoo.common.abstracts] DEBUG: Waiting 16 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:48,178 [cuckoo.common.abstracts] DEBUG: Waiting 17 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:49,252 [cuckoo.common.abstracts] DEBUG: Waiting 18 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:50,343 [cuckoo.common.abstracts] DEBUG: Waiting 19 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:51,426 [cuckoo.common.abstracts] DEBUG: Waiting 20 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:52,512 [cuckoo.common.abstracts] DEBUG: Waiting 21 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:53,591 [cuckoo.common.abstracts] DEBUG: Waiting 22 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:54,673 [cuckoo.common.abstracts] DEBUG: Waiting 23 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:55,748 [cuckoo.common.abstracts] DEBUG: Waiting 24 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:56,840 [cuckoo.common.abstracts] DEBUG: Waiting 25 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:57,941 [cuckoo.common.abstracts] DEBUG: Waiting 26 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:17:59,042 [cuckoo.common.abstracts] DEBUG: Waiting 27 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:00,145 [cuckoo.common.abstracts] DEBUG: Waiting 28 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:01,233 [cuckoo.common.abstracts] DEBUG: Waiting 29 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:02,327 [cuckoo.common.abstracts] DEBUG: Waiting 30 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:03,422 [cuckoo.common.abstracts] DEBUG: Waiting 31 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:04,532 [cuckoo.common.abstracts] DEBUG: Waiting 32 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:05,634 [cuckoo.common.abstracts] DEBUG: Waiting 33 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:06,718 [cuckoo.common.abstracts] DEBUG: Waiting 34 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:07,809 [cuckoo.common.abstracts] DEBUG: Waiting 35 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:08,909 [cuckoo.common.abstracts] DEBUG: Waiting 36 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:10,010 [cuckoo.common.abstracts] DEBUG: Waiting 37 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:11,105 [cuckoo.common.abstracts] DEBUG: Waiting 38 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:12,198 [cuckoo.common.abstracts] DEBUG: Waiting 39 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:13,292 [cuckoo.common.abstracts] DEBUG: Waiting 40 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:14,390 [cuckoo.common.abstracts] DEBUG: Waiting 41 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:15,486 [cuckoo.common.abstracts] DEBUG: Waiting 42 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:16,573 [cuckoo.common.abstracts] DEBUG: Waiting 43 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:17,661 [cuckoo.common.abstracts] DEBUG: Waiting 44 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:18,754 [cuckoo.common.abstracts] DEBUG: Waiting 45 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:19,826 [cuckoo.common.abstracts] DEBUG: Waiting 46 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:20,919 [cuckoo.common.abstracts] DEBUG: Waiting 47 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:22,013 [cuckoo.common.abstracts] DEBUG: Waiting 48 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:23,109 [cuckoo.common.abstracts] DEBUG: Waiting 49 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:24,213 [cuckoo.common.abstracts] DEBUG: Waiting 50 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:25,325 [cuckoo.common.abstracts] DEBUG: Waiting 51 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:26,423 [cuckoo.common.abstracts] DEBUG: Waiting 52 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:27,522 [cuckoo.common.abstracts] DEBUG: Waiting 53 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:28,626 [cuckoo.common.abstracts] DEBUG: Waiting 54 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:29,711 [cuckoo.common.abstracts] DEBUG: Waiting 55 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:30,800 [cuckoo.common.abstracts] DEBUG: Waiting 56 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:31,900 [cuckoo.common.abstracts] DEBUG: Waiting 57 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:33,003 [cuckoo.common.abstracts] DEBUG: Waiting 58 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:34,083 [cuckoo.common.abstracts] DEBUG: Waiting 59 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:35,179 [cuckoo.common.abstracts] DEBUG: Waiting 60 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:36,278 [cuckoo.common.abstracts] DEBUG: Waiting 61 cuckooseconds for machine windows to switch to status ('saved',) 2018-09-28 13:18:36,278 [cuckoo.core.scheduler] ERROR: Error starting Virtual Machine! VM: windows, error: Timeout hit while for machine windows to change status 2018-09-28 13:18:36,279 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: MITM 2018-09-28 13:18:36,279 [cuckoo.core.plugins] ERROR: Unable to stop auxiliary module: Sniffer Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/plugins.py", line 163, in stop module.stop() File "/usr/local/lib/python2.7/dist-packages/cuckoo/auxiliary/sniffer.py", line 156, in stop (out, err, faq("permission-denied-for-tcpdump")) CuckooOperationalError: Error running tcpdump to sniff the network traffic during the analysis; stdout = '' and stderr = 'tcpdump: /home/divya/.cuckoo/storage/analyses/1/dump.pcap: Permission denied\n'. Did you enable the extra capabilities to allow running tcpdump as non-root user and disable AppArmor properly (the latter only applies to Ubuntu-based distributions with AppArmor, see also https://cuckoo.sh/docs/faq/index.html#permission-denied-for-tcpdump)? ^A2018-09-28 13:18:44,727 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label windows to path /home/divya/.cuckoo/storage/analyses/1/memory.dmp 2018-09-28 13:18:44,727 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm windows 2018-09-28 13:18:47,123 [cuckoo.core.rooter] CRITICAL: Unable to passthrough root command (drop_disable) as the rooter unix socket doesn't exist. 2018-09-28 13:18:47,135 [cuckoo.core.scheduler] DEBUG: Released database task #1 2018-09-28 13:18:47,170 [cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" for task #1 2018-09-28 13:18:47,171 [cuckoo.processing.behavior] WARNING: Analysis results folder does not exist at path '/home/divya/.cuckoo/storage/analyses/1/logs'. 2018-09-28 13:18:47,171 [cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" for task #1 2018-09-28 13:18:47,171 [cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" for task #1 2018-09-28 13:18:47,171 [cuckoo.core.plugins] DEBUG: Executed processing module "DroppedBuffer" for task #1 2018-09-28 13:18:47,172 [cuckoo.core.plugins] DEBUG: Executed processing module "MetaInfo" for task #1 2018-09-28 13:18:47,172 [cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" for task #1 2018-09-28 13:18:47,172 [cuckoo.core.plugins] DEBUG: Executed processing module "Procmon" for task #1 2018-09-28 13:18:47,172 [cuckoo.core.plugins] DEBUG: Executed processing module "Screenshots" for task #1 2018-09-28 13:18:47,175 [cuckoo.core.plugins] DEBUG: Executed processing module "Static" for task #1 2018-09-28 13:18:47,176 [cuckoo.core.plugins] DEBUG: Executed processing module "Strings" for task #1 2018-09-28 13:18:47,180 [cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" for task #1 2018-09-28 13:18:47,181 [cuckoo.processing.network] WARNING: The PCAP file does not exist at path "/home/divya/.cuckoo/storage/analyses/1/dump.pcap". 2018-09-28 13:18:47,181 [cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" for task #1 2018-09-28 13:18:47,181 [cuckoo.core.plugins] DEBUG: Executed processing module "Extracted" for task #1 2018-09-28 13:18:47,182 [cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" for task #1 2018-09-28 13:18:47,182 [cuckoo.processing.debug] ERROR: Error processing task #1: it appears that the Virtual Machine hasn't been able to contact back to the Cuckoo Host. There could be a few reasons for this, please refer to our documentation on the matter: https://cuckoo.sh/docs/faq/index.html#troubleshooting-vm-network-configuration 2018-09-28 13:18:47,199 [cuckoo.core.plugins] DEBUG: Executed processing module "Debug" for task #1 2018-09-28 13:18:47,201 [cuckoo.core.plugins] DEBUG: Running 540 signatures 2018-09-28 13:18:47,320 [cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump" 2018-09-28 13:18:47,367 [cuckoo.core.plugins] WARNING: The reporting module "SingleFile" returned the following error: The weasyprint library hasn't been installed on your Operating System and as such we can't generate a PDF report for you. You can install 'weasyprint' manually by running 'pip install weasyprint' or by compiling and installing package yourself. 2018-09-28 13:18:47,433 [cuckoo.core.plugins] DEBUG: Executed reporting module "MongoDB" 2018-09-28 13:18:47,434 [cuckoo.core.scheduler] INFO: Task #1: reports generation completed 2018-09-28 13:18:47,442 [cuckoo.core.scheduler] INFO: Task #1: analysis procedure completed

[reox]

Have you verified, that you can reach the agent inside the VM on the configured IP?

I also get this error, usually when the system load on the host system is too high which makes the VM start much slower. Then, the timeout is hit before the agent is started up.

[divyakamalmaddi]

Yes, the agent runs on the VM. I can see when I curl vmip:8000

I can see the version and agent details

I know it has to start agent in command line but I dont see that

[divyakamalmaddi]

Issue occured because I have taken an offline snapshot and it couldn't restart the machine.

Resolved now!

[Mrqlxdd]

Hello! I had the same problem! Can you tell me how to solve it?

[Mrqlxdd]

This problem troubled me for several days. Never resolved！

[divyakamalmaddi]

Start the agent, turn off the firewall of Guest, make sure the IP address is correctly assigned. See that the host and Guest can connect to each other by testing Ping. Then, take a snapshot when the Guest machine is up and running.

It should fix the issue.

[Mrqlxdd]

Thank you for your reply! As you said, I took a snapshot offline. I have solved the problem!

[Kankarollo]

Thanks, I was strugling with this issue myself for hours. I think that info about doing snapshot when guest machine is up and running should be in documentation under Saving the Virtual Machine->VirtualBox section. Right now is only in KVM section.