Processing module not triggering.

[RazviOverflow]

About accounts on capesandbox.com

• Issues isn't the way to ask for account activation. Ping capesandbox in Twitter with your username

This is open source and you are getting free support so be friendly!

• Free support from doomedraven ended - no whiskey, no support. For updates check the documentation.

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• [X] I am running the latest version
• [X] I did read the README!
• [X] I checked the documentation and found no answer
• [X] I checked to make sure that this issue has not already been filed
• [X] I'm reporting the issue to the correct repository (for multi-repository projects)
• [X] I have read and checked all configs (with all optional parts)

Expected Behavior

I expect the application to run all processing modules when submitting from the web interface.

Current Behavior

I created a custom processing module that performs several computations based on the self.results variable. However, I don't seem to get it running while submitting a sample either from the web interface or using the submit.py utility. I can only get the module running if I submit.py -r task_id the specific analysis. The behavior analysis, however, does work.

Isn't the processing module supposed to be running with every single submit or am I missing something?

Failure Information (for bugs)

Please help provide information about the failure if this is a bug. If it is not a bug, please remove the rest of this template.

Steps to Reproduce

Just submit a sample and the processing module does not work.

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions. Operating system version, bitness, installed software versions, test sample details/hash/binary (if applicable).

Question	Answer
Git commit	Type $ git log \| head -n1 to find out
OS version	Ubuntu 16.04, Windows 10, macOS 10.12.3

Failure Logs

Please include any relevant log snippets or files here.

[kevoreilly]

Yes each processing module should be run for each job.

Have you tried checking the processing log?! log/process.log

Have you tried reprocessing with debug output? python utils/process.py -d -r

[RazviOverflow]

Yes, I've been taking a look at the logs but nothing seems to be related with the problem. There are, however, other modules like suricata crashing, but I assume one module crashing doesn't imply stopping the execution of consecutive ones.

For example, when executing submit.py test.exe -d, this is cuckoo.log:

$ cat cuckoo.log
2022-11-04 08:48:32,243 [lib.cuckoo.core.scheduler] INFO: Task #20: Starting analysis of FILE '/tmp/cuckoo-tmp/upload_8icl9v6k/test.exe'
2022-11-04 08:48:32,246 [lib.cuckoo.core.scheduler] INFO: Task #20: File already exists at '/opt/CAPEv2/storage/binaries/62b79a7bc5d79a13539b24d782965b5f71d3af3006cfb0fbdbd81f7f12f78521'
2022-11-04 08:48:32,254 [lib.cuckoo.core.scheduler] INFO: Task #20: acquired machine cuckoo1 (label=win10, arch=x64, platform=windows)
2022-11-04 08:48:38,565 [lib.cuckoo.core.scheduler] WARNING: Unknown network routing destination specified, ignoring routing for this analysis: 0
2022-11-04 08:48:38,565 [lib.cuckoo.core.scheduler] INFO: Enabled route '0'
2022-11-04 08:48:38,566 [modules.auxiliary.sniffer] ERROR: Tcpdump does not exist at path "/usr/sbin/tcpdump", network capture aborted
2022-11-04 08:48:38,581 [lib.cuckoo.core.guest] INFO: Task #20: Starting analysis on guest (id=cuckoo1, ip=192.168.55.133)
2022-11-04 08:48:39,423 [lib.cuckoo.core.guest] INFO: Task #20: Guest is running CAPE Agent 0.11 (id=cuckoo1, ip=192.168.55.133)
2022-11-04 08:48:53,031 [lib.cuckoo.core.guest] INFO: Task #20: Uploading support files to guest (id=cuckoo1, ip=192.168.55.133)
2022-11-04 08:48:53,032 [lib.cuckoo.core.guest] INFO: Task #20: Uploading script files to guest (id=cuckoo1, ip=192.168.55.133)
2022-11-04 08:49:29,202 [lib.cuckoo.core.guest] INFO: Task #20: Analysis completed successfully (id=cuckoo1, ip=192.168.55.133)
2022-11-04 08:49:29,970 [lib.cuckoo.core.scheduler] INFO: Task #20: analysis procedure completed

Then, process.log:

$ cat process.log
2022-11-04 08:49:32,403 [Task 20] [modules.processing.network] WARNING: The PCAP file does not exist at path "/opt/CAPEv2/storage/analyses/20/dump.pcap"
2022-11-04 08:49:32,739 [Task 20] [modules.processing.suricata] WARNING: Unable to Run Suricata: Pcap file /opt/CAPEv2/storage/analyses/20/dump.pcap does not exist

And this is the full log I see in the show log section of the web interface (which I assume is the .bson log file associated with the task):

2022-08-17 09:27:31,010 [root] INFO: Date set to: 20221104T08:48:38, timeout set to: 200
2022-11-04 08:48:38,166 [root] DEBUG: Starting analyzer from: C:\tmpjf_aene3
2022-11-04 08:48:38,291 [root] DEBUG: Storing results at: C:\qdVUOyW
2022-11-04 08:48:38,291 [root] DEBUG: Pipe server name: \\.\PIPE\dLxkeODv
2022-11-04 08:48:38,323 [root] DEBUG: Python path: C:\Users\razv\AppData\Local\Programs\Python\Python310-32
2022-11-04 08:48:38,323 [root] INFO: Analysis package "exe" has been specified
2022-11-04 08:48:38,323 [root] DEBUG: Importing analysis package "exe"...
2022-11-04 08:48:39,385 [root] DEBUG: Initializing analysis package "exe"...
2022-11-04 08:48:39,510 [root] DEBUG: New location of moved file: C:\Users\razv\AppData\Local\Temp\test.exe
2022-11-04 08:48:39,510 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2022-11-04 08:48:39,525 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2022-11-04 08:48:39,525 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2022-11-04 08:48:39,525 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2022-11-04 08:48:50,557 [root] DEBUG: Importing auxiliary module "modules.auxiliary.browser"...
2022-11-04 08:48:50,729 [root] DEBUG: Importing auxiliary module "modules.auxiliary.curtain"...
2022-11-04 08:48:50,916 [root] DEBUG: Importing auxiliary module "modules.auxiliary.digisig"...
2022-11-04 08:48:50,963 [root] DEBUG: Importing auxiliary module "modules.auxiliary.disguise"...
2022-11-04 08:48:51,135 [root] DEBUG: Importing auxiliary module "modules.auxiliary.during_script"...
2022-11-04 08:48:51,150 [root] DEBUG: Importing auxiliary module "modules.auxiliary.evtx"...
2022-11-04 08:48:51,182 [root] DEBUG: Importing auxiliary module "modules.auxiliary.filepickup"...
2022-11-04 08:48:51,463 [root] DEBUG: Importing auxiliary module "modules.auxiliary.human"...
2022-11-04 08:48:51,479 [root] DEBUG: Importing auxiliary module "modules.auxiliary.permissions"...
2022-11-04 08:48:51,494 [root] DEBUG: Importing auxiliary module "modules.auxiliary.pre_script"...
2022-11-04 08:48:51,510 [root] DEBUG: Importing auxiliary module "modules.auxiliary.procmon"...
2022-11-04 08:48:51,557 [root] DEBUG: Importing auxiliary module "modules.auxiliary.screenshots"...
2022-11-04 08:48:51,572 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2022-11-04 08:48:52,338 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2022-11-04 08:48:52,369 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2022-11-04 08:48:52,557 [root] DEBUG: Importing auxiliary module "modules.auxiliary.sysmon"...
2022-11-04 08:48:52,635 [root] DEBUG: Importing auxiliary module "modules.auxiliary.tlsdump"...
2022-11-04 08:48:52,651 [root] DEBUG: Importing auxiliary module "modules.auxiliary.usage"...
2022-11-04 08:48:52,666 [root] DEBUG: Initialized auxiliary module "Browser"
2022-11-04 08:48:52,666 [root] DEBUG: Trying to start auxiliary module "Browser"...
2022-11-04 08:48:52,666 [root] DEBUG: Started auxiliary module "Browser"
2022-11-04 08:48:52,666 [root] DEBUG: Started auxiliary module Browser
2022-11-04 08:48:52,666 [root] DEBUG: Initialized auxiliary module "Curtain"
2022-11-04 08:48:52,666 [root] DEBUG: Trying to start auxiliary module "Curtain"...
2022-11-04 08:48:52,666 [root] DEBUG: Started auxiliary module "Curtain"
2022-11-04 08:48:52,666 [root] DEBUG: Started auxiliary module Curtain
2022-11-04 08:48:52,666 [root] DEBUG: Initialized auxiliary module "DigiSig"
2022-11-04 08:48:52,666 [root] DEBUG: Trying to start auxiliary module "DigiSig"...
2022-11-04 08:48:52,666 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature
2022-11-04 08:48:53,151 [modules.auxiliary.digisig] DEBUG: File is not signed
2022-11-04 08:48:53,151 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2022-11-04 08:48:53,166 [root] DEBUG: Started auxiliary module "DigiSig"
2022-11-04 08:48:53,166 [root] DEBUG: Started auxiliary module DigiSig
2022-11-04 08:48:53,166 [root] DEBUG: Initialized auxiliary module "Disguise"
2022-11-04 08:48:53,166 [root] DEBUG: Trying to start auxiliary module "Disguise"...
2022-11-04 08:48:53,166 [modules.auxiliary.disguise] INFO: Disguising GUID to 0cba9617-7038-431c-9426-b627440239d7
2022-11-04 08:48:53,166 [root] DEBUG: Started auxiliary module "Disguise"
2022-11-04 08:48:53,166 [root] DEBUG: Started auxiliary module Disguise
2022-11-04 08:48:53,166 [root] DEBUG: Initialized auxiliary module "Evtx"
2022-11-04 08:48:53,166 [root] DEBUG: Trying to start auxiliary module "Evtx"...
2022-11-04 08:48:53,166 [root] DEBUG: Started auxiliary module "Evtx"
2022-11-04 08:48:53,166 [root] DEBUG: Started auxiliary module Evtx
2022-11-04 08:48:53,166 [root] WARNING: Auxiliary module FilePickup was not implemented: 'Config' object has no attribute 'file_pickup'
2022-11-04 08:48:53,166 [root] DEBUG: Initialized auxiliary module "Human"
2022-11-04 08:48:53,166 [root] DEBUG: Trying to start auxiliary module "Human"...
2022-11-04 08:48:53,166 [root] DEBUG: Started auxiliary module "Human"
2022-11-04 08:48:53,166 [root] DEBUG: Started auxiliary module Human
2022-11-04 08:48:53,166 [root] WARNING: Auxiliary module Permissions was not implemented: 'Config' object has no attribute 'file_pickup'
2022-11-04 08:48:53,166 [root] DEBUG: Initialized auxiliary module "Pre_script"
2022-11-04 08:48:53,166 [root] DEBUG: Trying to start auxiliary module "Pre_script"...
2022-11-04 08:48:53,166 [root] DEBUG: Started auxiliary module "Pre_script"
2022-11-04 08:48:53,166 [root] DEBUG: Started auxiliary module Pre_script
2022-11-04 08:48:53,166 [root] DEBUG: Initialized auxiliary module "Procmon"
2022-11-04 08:48:53,166 [root] DEBUG: Trying to start auxiliary module "Procmon"...
2022-11-04 08:48:53,166 [root] DEBUG: Started auxiliary module "Procmon"
2022-11-04 08:48:53,166 [root] DEBUG: Started auxiliary module Procmon
2022-11-04 08:48:53,166 [root] DEBUG: Initialized auxiliary module "Screenshots"
2022-11-04 08:48:53,166 [root] DEBUG: Trying to start auxiliary module "Screenshots"...
2022-11-04 08:48:53,166 [root] DEBUG: Started auxiliary module "Screenshots"
2022-11-04 08:48:53,166 [root] DEBUG: Started auxiliary module Screenshots
2022-11-04 08:48:53,166 [root] DEBUG: Initialized auxiliary module "Sysmon"
2022-11-04 08:48:53,166 [root] DEBUG: Trying to start auxiliary module "Sysmon"...
2022-11-04 08:48:53,182 [root] DEBUG: Started auxiliary module "Sysmon"
2022-11-04 08:48:53,182 [root] DEBUG: Started auxiliary module Sysmon
2022-11-04 08:48:53,182 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets"
2022-11-04 08:48:53,182 [root] DEBUG: Trying to start auxiliary module "TLSDumpMasterSecrets"...
2022-11-04 08:48:53,182 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 608
2022-11-04 08:48:53,198 [lib.api.process] INFO: Monitor config for process 608: C:\tmpjf_aene3\dll\608.ini
2022-11-04 08:48:54,213 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor
2022-11-04 08:48:54,213 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpjf_aene3\dll\YoUAYwO.dll, loader C:\tmpjf_aene3\bin\sDWtcGia.exe
2022-11-04 08:48:54,260 [root] DEBUG: Loader: Injecting process 608 with C:\tmpjf_aene3\dll\YoUAYwO.dll.
2022-11-04 08:48:54,275 [root] DEBUG: Python path set to 'C:\Users\razv\AppData\Local\Programs\Python\Python310-32'.
2022-11-04 08:48:54,275 [root] DEBUG: TLS secret dump mode enabled.
2022-11-04 08:48:54,275 [root] INFO: Disabling sleep skipping.
2022-11-04 08:48:54,275 [root] DEBUG: Monitor initialised: 64-bit capemon loaded in process 608 at 0x00007FFDB7CC0000, thread 4728, image base 0x00007FF728100000, stack from 0x00000039C4B74000-0x00000039C4B80000
2022-11-04 08:48:54,291 [root] DEBUG: Commandline: C:\Windows\system32\lsass.exe
2022-11-04 08:48:54,291 [root] DEBUG: Post-init: Failed to initialise debugger.
2022-11-04 08:48:54,291 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2022-11-04 08:48:54,291 [root] DEBUG: Successfully injected DLL C:\tmpjf_aene3\dll\YoUAYwO.dll.
2022-11-04 08:48:54,307 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 608
2022-11-04 08:48:54,307 [root] DEBUG: Started auxiliary module "TLSDumpMasterSecrets"
2022-11-04 08:48:54,307 [root] DEBUG: Started auxiliary module TLSDumpMasterSecrets
2022-11-04 08:48:54,307 [root] DEBUG: Initialized auxiliary module "Usage"
2022-11-04 08:48:54,307 [root] DEBUG: Trying to start auxiliary module "Usage"...
2022-11-04 08:48:54,307 [root] DEBUG: Started auxiliary module "Usage"
2022-11-04 08:48:54,307 [root] DEBUG: Started auxiliary module Usage
2022-11-04 08:48:54,307 [root] DEBUG: Initialized auxiliary module "During_script"
2022-11-04 08:48:54,307 [root] DEBUG: Trying to start auxiliary module "During_script"...
2022-11-04 08:48:54,307 [root] DEBUG: Started auxiliary module "During_script"
2022-11-04 08:48:54,307 [root] DEBUG: Started auxiliary module During_script
2022-11-04 08:48:59,604 [root] INFO: Restarting WMI Service
2022-11-04 08:49:01,666 [lib.core.compound] INFO: C:\Users\razv\AppData\Local\Temp already exists, skipping creation
2022-11-04 08:49:01,713 [lib.api.process] INFO: Successfully executed process from path "C:\Users\razv\AppData\Local\Temp\test.exe" with arguments "" with pid 5884
2022-11-04 08:49:01,713 [lib.api.process] INFO: Monitor config for process 5884: C:\tmpjf_aene3\dll\5884.ini
2022-11-04 08:49:01,713 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpjf_aene3\dll\NeKcFs.dll, loader C:\tmpjf_aene3\bin\YSaQTmJ.exe
2022-11-04 08:49:01,776 [root] DEBUG: Loader: Injecting process 5884 (thread 4060) with C:\tmpjf_aene3\dll\NeKcFs.dll.
2022-11-04 08:49:01,776 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2022-11-04 08:49:01,776 [root] DEBUG: Successfully injected DLL C:\tmpjf_aene3\dll\NeKcFs.dll.
2022-11-04 08:49:01,776 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5884
2022-11-04 08:49:03,791 [lib.api.process] INFO: Successfully resumed process with pid 5884
2022-11-04 08:49:04,197 [root] DEBUG: Python path set to 'C:\Users\razv\AppData\Local\Programs\Python\Python310-32'.
2022-11-04 08:49:04,197 [root] DEBUG: Dropped file limit defaulting to 100.
2022-11-04 08:49:04,197 [root] DEBUG: Initialising Yara...
2022-11-04 08:49:04,276 [root] DEBUG: YaraInit: Compiled 18 rule files
2022-11-04 08:49:04,276 [root] DEBUG: YaraInit: Compiled rules saved to file C:\tmpjf_aene3\data\yara\capemon.yac
2022-11-04 08:49:04,276 [root] DEBUG: InternalYaraScan: Scanning 0x77820000, size 0x1a31c8
2022-11-04 08:49:04,291 [root] DEBUG: AmsiDumper initialised.
2022-11-04 08:49:04,291 [root] DEBUG: Monitor initialised: 32-bit capemon loaded in process 5884 at 0x73a40000, thread 4060, image base 0x400000, stack from 0x616000-0x620000
2022-11-04 08:49:04,291 [root] DEBUG: Commandline: "C:\Users\razv\AppData\Local\Temp\test.exe"
2022-11-04 08:49:04,307 [root] DEBUG: hook_api: Warning - CoCreateInstance export address 0x762A56BD differs from GetProcAddress -> 0x759A88C0
2022-11-04 08:49:04,307 [root] DEBUG: hook_api: Warning - CoCreateInstanceEx export address 0x762A56FC differs from GetProcAddress -> 0x759E3020
2022-11-04 08:49:04,307 [root] DEBUG: hook_api: Warning - CoGetClassObject export address 0x762A5C8C differs from GetProcAddress -> 0x759DD870
2022-11-04 08:49:04,354 [root] DEBUG: hook_api: Warning - SetWindowLongW export address 0x76315960 differs from GetProcAddress -> 0x73D459E0
2022-11-04 08:49:04,400 [root] DEBUG: hook_api: Warning - CLSIDFromProgID export address 0x762A4EF6 differs from GetProcAddress -> 0x75954F80
2022-11-04 08:49:04,432 [root] DEBUG: WoW64fix: Windows version 6.2 not supported.
2022-11-04 08:49:04,432 [root] DEBUG: RestoreHeaders: Restored original import table.
2022-11-04 08:49:04,432 [root] INFO: Loaded monitor into process with pid 5884
2022-11-04 08:49:04,432 [root] DEBUG: caller_dispatch: Adding region at 0x00400000 to caller regions list (kernel32::SetUnhandledExceptionFilter returns to 0x004011E8, thread 4060).
2022-11-04 08:49:04,432 [root] DEBUG: YaraScan: Scanning 0x00400000, size 0x10036
2022-11-04 08:49:04,432 [root] DEBUG: caller_dispatch: Dump of calling region at 0x00400000 skipped (kernel32::SetUnhandledExceptionFilter returns to 0x004011E8 mapped as \Device\HarddiskVolume2\Users\razv\AppData\Local\Temp\test.exe).
2022-11-04 08:49:04,432 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 600, handle 0x234.
2022-11-04 08:49:04,432 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 608, handle 0x234.
2022-11-04 08:49:04,432 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 756, handle 0x234.
2022-11-04 08:49:04,432 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 764, handle 0x234.
2022-11-04 08:49:04,432 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 772, handle 0x234.
2022-11-04 08:49:04,432 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 872, handle 0x234.
2022-11-04 08:49:04,432 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 976, handle 0x234.
2022-11-04 08:49:04,447 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 8, handle 0x234.
2022-11-04 08:49:04,447 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 492, handle 0x234.
2022-11-04 08:49:04,447 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 712, handle 0x234.
2022-11-04 08:49:04,447 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 916, handle 0x234.
2022-11-04 08:49:04,447 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 1096, handle 0x234.
2022-11-04 08:49:04,447 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 1244, handle 0x234.
2022-11-04 08:49:04,447 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 1452, handle 0x234.
2022-11-04 08:49:04,447 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 1556, handle 0x234.
2022-11-04 08:49:04,447 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 1580, handle 0x234.
2022-11-04 08:49:04,447 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 1612, handle 0x234.
2022-11-04 08:49:04,447 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 1784, handle 0x234.
2022-11-04 08:49:04,447 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 1992, handle 0x234.
2022-11-04 08:49:04,447 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 1568, handle 0x234.
2022-11-04 08:49:04,447 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 2688, handle 0x234.
2022-11-04 08:49:04,447 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 3000, handle 0x234.
2022-11-04 08:49:04,447 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 3024, handle 0x234.
2022-11-04 08:49:04,463 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 2296, handle 0x234.
2022-11-04 08:49:04,463 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 1124, handle 0x234.
2022-11-04 08:49:04,463 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 820, handle 0x234.
2022-11-04 08:49:04,463 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 2444, handle 0x234.
2022-11-04 08:49:04,463 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 2720, handle 0x234.
2022-11-04 08:49:04,463 [root] DEBUG: OpenProcessHandler: Image base for process 2720 (handle 0x234): 0x00A70000.
2022-11-04 08:49:04,463 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 880, handle 0x234.
2022-11-04 08:49:04,463 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 2932, handle 0x234.
2022-11-04 08:49:04,463 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 2056, handle 0x234.
2022-11-04 08:49:04,463 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 3132, handle 0x234.
2022-11-04 08:49:04,463 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 3228, handle 0x234.
2022-11-04 08:49:04,463 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 3304, handle 0x234.
2022-11-04 08:49:04,478 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 3452, handle 0x234.
2022-11-04 08:49:04,478 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 3676, handle 0x234.
2022-11-04 08:49:04,478 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 4012, handle 0x234.
2022-11-04 08:49:04,478 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 3220, handle 0x234.
2022-11-04 08:49:04,478 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 3896, handle 0x234.
2022-11-04 08:49:04,478 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 3108, handle 0x254.
2022-11-04 08:49:04,478 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 4236, handle 0x254.
2022-11-04 08:49:04,478 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 4252, handle 0x254.
2022-11-04 08:49:04,478 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 4484, handle 0x254.
2022-11-04 08:49:04,478 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 4492, handle 0x254.
2022-11-04 08:49:04,478 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 4544, handle 0x254.
2022-11-04 08:49:04,478 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 4756, handle 0x244.
2022-11-04 08:49:04,478 [root] DEBUG: OpenProcessHandler: Image base for process 4756 (handle 0x244): 0x001F0000.
2022-11-04 08:49:04,478 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 4976, handle 0x244.
2022-11-04 08:49:04,478 [root] DEBUG: OpenProcessHandler: Image base for process 4976 (handle 0x244): 0x001F0000.
2022-11-04 08:49:04,494 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 4872, handle 0x244.
2022-11-04 08:49:04,494 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 4868, handle 0x244.
2022-11-04 08:49:04,494 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 3940, handle 0x244.
2022-11-04 08:49:04,494 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 5220, handle 0x244.
2022-11-04 08:49:04,494 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 5276, handle 0x244.
2022-11-04 08:49:04,494 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 5412, handle 0x244.
2022-11-04 08:49:04,494 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 5496, handle 0x244.
2022-11-04 08:49:04,494 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 5712, handle 0x254.
2022-11-04 08:49:04,494 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 5876, handle 0x254.
2022-11-04 08:49:04,494 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 6040, handle 0x254.
2022-11-04 08:49:04,494 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 3372, handle 0x254.
2022-11-04 08:49:04,494 [root] DEBUG: TerminateHandler: Dumping hollowed process 2720, image base 0x00A70000.
2022-11-04 08:49:04,666 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00A70000.
2022-11-04 08:49:04,666 [root] DEBUG: CAPEExceptionFilter: Exception 0xc0000005 caught at RVA 0x49a5a in capemon caught accessing 0xa7003c (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,666 [root] DEBUG: CAPEExceptionFilter: Exception 0xc0000005 caught at RVA 0x4f220 in capemon caught accessing 0xa70000 (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,666 [root] DEBUG: TerminateHandler: Failed to dump PE image.
2022-11-04 08:49:04,666 [root] DEBUG: TerminateHandler: Dumping hollowed process 4756, image base 0x001F0000.
2022-11-04 08:49:04,666 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x001F0000.
2022-11-04 08:49:04,666 [root] DEBUG: DumpProcess: Disguised PE image (bad MZ and/or PE headers) at 0x001F0000.
2022-11-04 08:49:04,666 [root] DEBUG: CAPEExceptionFilter: Exception 0xc0000005 caught at RVA 0x4f307 in capemon caught accessing 0x1f003c (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,666 [root] DEBUG: TerminateHandler: Failed to dump PE image.
2022-11-04 08:49:04,666 [root] DEBUG: TerminateHandler: Dumping hollowed process 4976, image base 0x001F0000.
2022-11-04 08:49:04,666 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x001F0000.
2022-11-04 08:49:04,666 [root] DEBUG: DumpProcess: Disguised PE image (bad MZ and/or PE headers) at 0x001F0000.
2022-11-04 08:49:04,666 [root] DEBUG: CAPEExceptionFilter: Exception 0xc0000005 caught at RVA 0x4f307 in capemon caught accessing 0x1f003c (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,666 [root] DEBUG: TerminateHandler: Failed to dump PE image.
2022-11-04 08:49:04,682 [root] DEBUG: NtTerminateProcess hook: Debugger shutdown (process 5884).
2022-11-04 08:49:04,682 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 5884
2022-11-04 08:49:04,682 [root] DEBUG: GetHookCallerBase: thread 4060, return address 0x73A8A44E, allocation base 0x73A40000.
2022-11-04 08:49:04,682 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x00400000.
2022-11-04 08:49:04,682 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2022-11-04 08:49:04,682 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00400000.
2022-11-04 08:49:04,682 [root] DEBUG: DumpProcess: Module entry point VA is 0x000012E0.
2022-11-04 08:49:04,729 [lib.common.results] INFO: File C:\qdVUOyW\CAPE\5884_174244184291745112022 size is 30208, Max size: 100000000
2022-11-04 08:49:04,745 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x7600.
2022-11-04 08:49:04,745 [root] DEBUG: CAPEExceptionFilter: Exception 0x80000001 caught at RVA 0x49998 in capemon caught accessing 0x65503c (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,745 [root] DEBUG: CAPEExceptionFilter: Exception 0x80000001 caught at RVA 0x49998 in capemon caught accessing 0x7c503c (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,745 [root] DEBUG: CAPEExceptionFilter: Exception 0x80000001 caught at RVA 0x49998 in capemon caught accessing 0x80503c (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,745 [root] DEBUG: CAPEExceptionFilter: Exception 0x80000001 caught at RVA 0x49998 in capemon caught accessing 0xa1d03c (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,745 [root] DEBUG: CAPEExceptionFilter: Exception 0x80000001 caught at RVA 0x49998 in capemon caught accessing 0xc1d03c (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,745 [root] DEBUG: CAPEExceptionFilter: Exception 0x80000001 caught at RVA 0x49998 in capemon caught accessing 0x23f503c (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,745 [root] DEBUG: CAPEExceptionFilter: Exception 0x80000001 caught at RVA 0x49998 in capemon caught accessing 0x243503c (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,745 [root] DEBUG: CAPEExceptionFilter: Exception 0x80000001 caught at RVA 0x49998 in capemon caught accessing 0x247503c (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,745 [root] DEBUG: CAPEExceptionFilter: Exception 0x80000001 caught at RVA 0x49998 in capemon caught accessing 0x3c0c03c (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,745 [root] DEBUG: CAPEExceptionFilter: Exception 0x80000001 caught at RVA 0x49998 in capemon caught accessing 0x3e0c03c (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,745 [root] DEBUG: CAPEExceptionFilter: Exception 0x80000001 caught at RVA 0x49998 in capemon caught accessing 0x400c03c (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,745 [root] DEBUG: CAPEExceptionFilter: Exception 0x80000001 caught at RVA 0x49998 in capemon caught accessing 0x420c03c (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,745 [root] DEBUG: DLL unloaded from 0x77430000.
2022-11-04 08:49:04,745 [root] DEBUG: TerminateHandler: Dumping hollowed process 2720, image base 0x00A70000.
2022-11-04 08:49:04,745 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00A70000.
2022-11-04 08:49:04,745 [root] DEBUG: CAPEExceptionFilter: Exception 0xc0000005 caught at RVA 0x49a5a in capemon caught accessing 0xa7003c (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,745 [root] DEBUG: CAPEExceptionFilter: Exception 0xc0000005 caught at RVA 0x4f220 in capemon caught accessing 0xa70000 (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,760 [root] DEBUG: TerminateHandler: Failed to dump PE image.
2022-11-04 08:49:04,760 [root] DEBUG: TerminateHandler: Dumping hollowed process 4756, image base 0x001F0000.
2022-11-04 08:49:04,760 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x001F0000.
2022-11-04 08:49:04,760 [root] DEBUG: DumpProcess: Disguised PE image (bad MZ and/or PE headers) at 0x001F0000.
2022-11-04 08:49:04,760 [root] DEBUG: CAPEExceptionFilter: Exception 0xc0000005 caught at RVA 0x4f307 in capemon caught accessing 0x1f003c (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,760 [root] DEBUG: TerminateHandler: Failed to dump PE image.
2022-11-04 08:49:04,760 [root] DEBUG: TerminateHandler: Dumping hollowed process 4976, image base 0x001F0000.
2022-11-04 08:49:04,760 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x001F0000.
2022-11-04 08:49:04,760 [root] DEBUG: DumpProcess: Disguised PE image (bad MZ and/or PE headers) at 0x001F0000.
2022-11-04 08:49:04,760 [root] DEBUG: CAPEExceptionFilter: Exception 0xc0000005 caught at RVA 0x4f307 in capemon caught accessing 0x1f003c (expected in memory scans), passing to next handler.
2022-11-04 08:49:04,854 [root] DEBUG: TerminateHandler: Failed to dump PE image.
2022-11-04 08:49:04,963 [root] INFO: Process with pid 5884 has terminated
2022-11-04 08:49:10,948 [root] INFO: Process list is empty, terminating analysis
2022-11-04 08:49:11,963 [root] INFO: Created shutdown mutex
2022-11-04 08:49:12,979 [root] INFO: Shutting down package
2022-11-04 08:49:12,979 [root] INFO: Stopping auxiliary modules
2022-11-04 08:49:12,979 [root] INFO: Stopped auxiliary modules: <Browser(Thread-3, stopped 4188)>
2022-11-04 08:49:13,135 [lib.common.results] INFO: File C:\curtain.log size is 120508, Max size: 100000000
2022-11-04 08:49:13,150 [root] INFO: Stopped auxiliary modules: <Curtain(Thread-4, stopped 2156)>
2022-11-04 08:49:13,150 [root] INFO: Stopped auxiliary modules: <Evtx(Thread-7, stopped 3360)>
2022-11-04 08:49:13,150 [root] INFO: Stopped auxiliary modules: <Human(Thread-8, started 2548)>
2022-11-04 08:49:13,150 [root] INFO: Stopped auxiliary modules: <Pre_script(Thread-9, initial)>
2022-11-04 08:49:13,182 [lib.common.results] WARNING: File C:\qdVUOyW\bin\procmon.xml doesn't exist anymore
2022-11-04 08:49:13,182 [root] INFO: Stopped auxiliary modules: <Procmon(Thread-10, stopped 5736)>
2022-11-04 08:49:13,182 [root] INFO: Stopped auxiliary modules: <Screenshots(Thread-11, started 1640)>
2022-11-04 08:49:13,213 [root] WARNING: Cannot terminate auxiliary module Sysmon: Thread.__init__() was not called
2022-11-04 08:49:13,213 [root] INFO: Stopped auxiliary modules: <Usage(Thread-23, stopped 5332)>
2022-11-04 08:49:13,213 [root] INFO: Stopped auxiliary modules: <During_script(Thread-24, initial)>
2022-11-04 08:49:13,213 [root] INFO: Finishing auxiliary modules
2022-11-04 08:49:13,213 [root] INFO: Shutting down pipe server and dumping dropped files
2022-11-04 08:49:13,213 [root] WARNING: Folder at path "C:\qdVUOyW\debugger" does not exist, skipping
2022-11-04 08:49:13,213 [root] WARNING: Folder at path "C:\qdVUOyW\tlsdump" does not exist, skipping
2022-11-04 08:49:13,213 [root] INFO: Analysis completed

One thing I noted is that up to this point, there is no process-task_id.log file, like it was never triggered. After executing the process.py utility, the file is created. Now, if I'm to manually process the task again (task id is 20):

$ sudo -u cape poetry run python3 process.py 20 -d
XLMMacroDeobfuscator: pywin32 is not installed (only is required if you want to use MS Excel)
OPTIONAL! Missed dependency: pip3 install https://github.com/CAPESandbox/peepdf/archive/20eda78d7d77fc5b3b652ffc2d8a5b0af796e3dd.zip#egg=peepdf==0.4.2
2022-11-04 08:58:38,812 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "CAPE" on analysis at "/opt/CAPEv2/storage/analyses/20"
2022-11-04 08:58:39,709 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "AnalysisInfo" on analysis at "/opt/CAPEv2/storage/analyses/20"
2022-11-04 08:58:39,746 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "BehaviorAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/20"
2022-11-04 08:58:39,781 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Debug" on analysis at "/opt/CAPEv2/storage/analyses/20"
2022-11-04 08:58:39,783 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Dropped" on analysis at "/opt/CAPEv2/storage/analyses/20"
2022-11-04 08:58:39,783 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Markov" on analysis at "/opt/CAPEv2/storage/analyses/20" <------ This is my module
[...] (debug messages)
2022-11-04 08:58:40,040 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "NetworkAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/20"
2022-11-04 08:58:40,040 [Task 20] [modules.processing.network] WARNING: The PCAP file does not exist at path "/opt/CAPEv2/storage/analyses/20/dump.pcap"
2022-11-04 08:58:40,040 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "ProcDump" on analysis at "/opt/CAPEv2/storage/analyses/20"
2022-11-04 08:58:40,453 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Suricata" on analysis at "/opt/CAPEv2/storage/analyses/20"
2022-11-04 08:58:40,454 [Task 20] [modules.processing.suricata] WARNING: Unable to Run Suricata: Pcap file /opt/CAPEv2/storage/analyses/20/dump.pcap does not exist
2022-11-04 08:58:40,454 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "TargetInfo" on analysis at "/opt/CAPEv2/storage/analyses/20"
2022-11-04 08:58:40,836 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "script_log_processing" on analysis at "/opt/CAPEv2/storage/analyses/20"
2022-11-04 08:58:40,836 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "ProcessMemory" on analysis at "/opt/CAPEv2/storage/analyses/20"
2022-11-04 08:58:40,851 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Applying signature overlays for signatures: creates_exe
2022-11-04 08:58:40,852 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running 289 evented signatures
2022-11-04 08:58:40,852 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- compression
2022-11-04 08:58:40,853 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- decryption
2022-11-04 08:58:40,853 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- doppelganging
2022-11-04 08:58:40,853 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- evil_grab
2022-11-04 08:58:40,853 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- injection_inter_process
2022-11-04 08:58:40,853 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- injection_create_remote_thread
2022-11-04 08:58:40,853 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- injection_process_hollowing
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- injection_set_window_long
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- plugx
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- reg_binary
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- transacted_hollowing
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- unpacker
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- alphacrypt_behavior
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- andromeda_behavior
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- anomalous_deletefile
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antiav_360_libs
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antiav_ahnlab_libs
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antiav_avast_libs
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antiav_bitdefender_libs
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antiav_bullgaurd_libs
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antiav_emsisoft_libs
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antiav_qurb_libs
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antiav_servicestop
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antidebug_addvectoredexceptionhandler
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antiav_apioverride_libs
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antidebug_checkremotedebuggerpresent
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antidebug_debugactiveprocess
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antidebug_gettickcount
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antidebug_guardpages
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antidebug_ntcreatethreadex
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antiav_nthookengine_libs
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antidebug_ntsetinformationthread
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antidebug_outputdebugstring
2022-11-04 08:58:40,854 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antidebug_setunhandledexceptionfilter
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antidebug_windows
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antiemu_wine_func
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antisandbox_check_userdomain
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antisandbox_cuckoo
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antisandbox_cuckoocrash
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antisandbox_foregroundwindows
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antisandbox_mouse_hook
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antisandbox_restart
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antisandbox_sboxie_libs
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antisandbox_sboxie_objects
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antisandbox_script_timer
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antisandbox_sleep
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antisandbox_sunbelt_libs
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antisandbox_suspend
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antisandbox_unhook
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antivm_directory_objects
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antivm_generic_disk
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antivm_generic_disk_setupapi
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antivm_generic_scsi
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antivm_generic_services
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antivm_network_adapters
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antivm_vbox_libs
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antivm_vbox_provname
2022-11-04 08:58:40,855 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antivm_vbox_window
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antivm_vmware_events
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- antivm_vmware_libs
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- api_spamming
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- banker_prinimalka
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- bcdedit_command
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- betabot_behavior
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- bootkit
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- potential_overwrite_mbr
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- suspicious_ioctl_scsipassthough
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- browser_needed
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- browser_scanbox
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- firefox_disables_process_tab
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- regsvr32_squiblydoo_dll_load
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- uac_bypass_cmstp
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- uac_bypass_eventvwr
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- cerber_behavior
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- chimera_behavior
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- clickfraud_cookies
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- clickfraud_volume
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- dotnet_code_compile
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- creates_largekey
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- creates_nullvalue
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- lsass_credential_dumping
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- critical_process
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- generates_crypto_key
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- cryptowall_behavior
2022-11-04 08:58:40,856 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- cve_2014_6332
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- cve_2015_2419_js
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- cve_2016-0189
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- cve_2016_7200
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- dead_connect
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- dead_link
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- debugs_self
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- decoy_document
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- decoy_image
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- deletes_self
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- deletes_shadow_copies
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- deletes_system_state_backup
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- dep_bypass
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- dep_disable
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- disables_mappeddrives_autodisconnect
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- disables_spdy
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- disables_wfp
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- dll_load_uncommon_file_types
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- document_script_exe_drop
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- guloader_apis
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- dridex_behavior
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- driver_load
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- exe_dropper_js
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- dynamic_function_loading
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- angler_js
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- gondad_js
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- heapspray_js
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- java_js
2022-11-04 08:58:40,857 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- neutrino_js
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- nuclear_js
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- rig_js
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- silverlight_js
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- sundown_js
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- virtualcheck_js
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- encrypted_ioc
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- exec_crash
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- process_creation_suspicious_location
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- exploit_getbasekerneladdress
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- exploit_gethaldispatchtable
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- exploit_heapspray
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- koadic_apis
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- koadic_network_activity
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- downloads_from_filehosting
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- generic_phish
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- gootkit_behavior
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- h1n1_behavior
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- hancitor_behavior
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- hawkeye_behavior
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- http_request
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- https_urls
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- infostealer_browser
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- infostealer_browser_password
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- cryptbot_network
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- infostealer_keylog
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- masslogger_artifacts
2022-11-04 08:58:40,858 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- masslogger_version
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- purplewave_network_activity
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- quilclipper_behavior
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- raccoon_behavior
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- captures_screenshot
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- vidar_behavior
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- injection_createremotethread
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- injection_explorer
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- injection_needextension
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- injection_network_traffic
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- injection_runpe
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- injection_rwx
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- injection_themeinitapihook
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- internet_dropper
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- ipc_namedpipe
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- js_phish
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- js_suspicious_redirect
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- kazybot_behavior
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- kelihos_behavior
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- kibex_behavior
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- kovter_behavior
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- locky_behavior
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- malicious_dynamic_function_loading
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- encrypt_pcinfo
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- encrypt_data_agenttesla_http
2022-11-04 08:58:40,859 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- encrypt_data_agentteslat2_http
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- encrypt_data_nanocore
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- mimics_agent
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- mimics_filetime
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- quilclipper_behavior
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- modify_desktop_wallpaper
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- modify_zoneid_ads
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- move_file_on_reboot
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- multiple_useragents
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_anomaly
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_bind
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_cnc_https_archive
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_cnc_https_free_webshoting
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_cnc_https_generic
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_cnc_https_temp_urldns
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_cnc_https_pastesite
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_cnc_https_payload
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_cnc_https_socialmedia
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_cnc_https_telegram
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_cnc_https_tempstorage
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_cnc_https_temp_urldns
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_cnc_https_urlshortener
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_cnc_https_useragent
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_cnc_smtps_exfil
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_cnc_smtps_generic
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_dns_idn
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_dns_suspicious_querytype
2022-11-04 08:58:40,860 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_dns_tunneling_request
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_document_http
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- explorer_http
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_fake_useragent
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_document_file
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_downloader_exe
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- network_tor
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- nymaim_behavior
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- office_com_load
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- office_dotnet_load
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- office_mshtml_load
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- office_vb_load
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- office_wmi_load
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- office_cve2017_11882
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- office_cve2017_11882_network
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- office_cve_2021_40444
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- office_cve_2021_40444_m2
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- office_flash_load
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- office_postscript
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- office_suspicious_processes
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- office_write_exe
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- packer_themida
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- persistence_autorun
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- persistence_autorun_tasks
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- persistence_bootexecute
2022-11-04 08:58:40,861 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- persistence_registry_script
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- pony_behavior
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- powershell_network_connection
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- powershell_download
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- powershell_request
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- createtoolhelp32snapshot_module_enumeration
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- enumerates_running_processes
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- process_interest
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- process_needed
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- mass_data_encryption
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- ransomware_dmalocker
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- ransomware_file_modifications
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- ransomware_message
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- nemty_network_activity
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- nemty_note
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- sodinokibi_behavior
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- stop_ransomware_registry
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- blackrat_apis
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- blackrat_network_activity
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- blackrat_registry_keys
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- dcrat_behavior
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- karagany_system_event_objects
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- rat_luminosity
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- rat_nanocore
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- netwire_behavior
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- obliquerat_network_activity
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- orcusrat_behavior
2022-11-04 08:58:40,862 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- trochilusrat_apis
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- reads_self
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- recon_beacon
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- recon_programs
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- recon_systeminfo
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- accesses_recyclebin
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- removes_zoneid_ads
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- script_created_process
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- script_network_activity
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- suspicious_js_script
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- secure_login_phishing
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- securityxploded_modules
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- get_clipboard_data
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- sets_autoconfig_url
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- shifu_behavior
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- spoofs_procname
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- stack_pivot
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- stack_pivot_file_created
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- stack_pivot_process_create
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- set_clipboard_data
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- stealth_childproc
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- stealth_file
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- stealth_network
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- stealth_system_procname
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- stealth_timeout
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- stealth_window
2022-11-04 08:58:40,863 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- terminates_remote_process
2022-11-04 08:58:40,864 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- tinba_behavior
2022-11-04 08:58:40,864 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- trickbot_task_delete
2022-11-04 08:58:40,864 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- upatre_behavior
2022-11-04 08:58:40,864 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- ursnif_behavior
2022-11-04 08:58:40,864 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- user_enum
2022-11-04 08:58:40,864 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- vawtrak_behavior
2022-11-04 08:58:40,864 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- vawtrak_behavior
2022-11-04 08:58:40,864 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- virus
2022-11-04 08:58:40,864 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- neshta_files
2022-11-04 08:58:40,864 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- neshta_regkeys
2022-11-04 08:58:40,864 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- webmail_phish
2022-11-04 08:58:40,864 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- persists_dev_util
2022-11-04 08:58:40,864 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- spawns_dev_util
2022-11-04 08:58:40,864 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- alters_windows_utility
2022-11-04 08:58:40,864 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- overwrites_accessibility_utility
2022-11-04 08:58:40,864 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- wiper_zeroedbytes
2022-11-04 08:58:40,864 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- wmi_create_process
2022-11-04 08:58:40,864 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   |-- wmi_script_process
2022-11-04 08:58:40,864 [Task 20] [lib.cuckoo.core.plugins] DEBUG:   `-- win32_process_create
2022-11-04 08:58:40,898 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running non-evented signatures
2022-11-04 08:58:40,898 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_detected_threat"
2022-11-04 08:58:40,898 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_mailslot"
2022-11-04 08:58:40,898 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_netlogon_regkey"
2022-11-04 08:58:40,898 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_sysvol"
2022-11-04 08:58:40,899 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "writes_sysvol"
2022-11-04 08:58:40,899 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "adds_admin_user"
2022-11-04 08:58:40,899 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "adds_user"
2022-11-04 08:58:40,899 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "overwrites_admin_password"
2022-11-04 08:58:40,899 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectfile"
2022-11-04 08:58:40,900 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectreg"
2022-11-04 08:58:40,901 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_attachment_manager"
2022-11-04 08:58:40,902 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectfile"
2022-11-04 08:58:40,903 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectreg"
2022-11-04 08:58:40,906 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_srp"
2022-11-04 08:58:40,906 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_whitespace"
2022-11-04 08:58:40,906 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_devices"
2022-11-04 08:58:40,906 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_windefend"
2022-11-04 08:58:40,907 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_reg"
2022-11-04 08:58:40,907 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoo_files"
2022-11-04 08:58:40,907 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_fortinet_files"
2022-11-04 08:58:40,907 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_joe_anubis_files"
2022-11-04 08:58:40,907 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_mutex"
2022-11-04 08:58:40,908 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_files"
2022-11-04 08:58:40,908 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_threattrack_files"
2022-11-04 08:58:40,908 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivirus_clamav"
2022-11-04 08:58:40,908 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivirus_virustotal"
2022-11-04 08:58:40,908 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_bochs_keys"
2022-11-04 08:58:40,908 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_bios"
2022-11-04 08:58:40,909 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_cpu"
2022-11-04 08:58:40,909 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_diskreg"
2022-11-04 08:58:40,909 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_system"
2022-11-04 08:58:40,909 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_hyperv_keys"
2022-11-04 08:58:40,909 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_parallels_keys"
2022-11-04 08:58:40,910 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_devices"
2022-11-04 08:58:40,910 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_files"
2022-11-04 08:58:40,911 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_keys"
2022-11-04 08:58:40,911 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_devices"
2022-11-04 08:58:40,911 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_files"
2022-11-04 08:58:40,912 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_keys"
2022-11-04 08:58:40,912 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_mutexes"
2022-11-04 08:58:40,912 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_files"
2022-11-04 08:58:40,912 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_keys"
2022-11-04 08:58:40,913 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_mutex"
2022-11-04 08:58:40,913 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_xen_keys"
2022-11-04 08:58:40,913 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "gulpix_behavior"
2022-11-04 08:58:40,913 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "ketrican_regkeys"
2022-11-04 08:58:40,914 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "okrum_mutexes"
2022-11-04 08:58:40,914 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_certs"
2022-11-04 08:58:40,914 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_ssl_certs"
2022-11-04 08:58:40,914 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_cridex"
2022-11-04 08:58:40,914 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "geodo_banking_trojan"
2022-11-04 08:58:40,915 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_spyeye_mutexes"
2022-11-04 08:58:40,915 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_mutex"
2022-11-04 08:58:40,916 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_p2p"
2022-11-04 08:58:40,916 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_url"
2022-11-04 08:58:40,916 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "bitcoin_opencl"
2022-11-04 08:58:40,916 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_primary_patition"
2022-11-04 08:58:40,916 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "direct_hdd_access"
2022-11-04 08:58:40,917 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "physical_drive_access"
2022-11-04 08:58:40,917 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_athenahttp"
2022-11-04 08:58:40,917 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_dirtjumper"
2022-11-04 08:58:40,917 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive"
2022-11-04 08:58:40,917 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive2"
2022-11-04 08:58:40,918 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_madness"
2022-11-04 08:58:40,918 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_russkill"
2022-11-04 08:58:40,918 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_addon"
2022-11-04 08:58:40,918 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_helper_object"
2022-11-04 08:58:40,918 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_proxy"
2022-11-04 08:58:40,919 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_security"
2022-11-04 08:58:40,920 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_startpage"
2022-11-04 08:58:40,920 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "ie_disables_process_tab"
2022-11-04 08:58:40,920 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "odbcconf_bypass"
2022-11-04 08:58:40,920 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblydoo_bypass"
2022-11-04 08:58:40,920 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblytwo_bypass"
2022-11-04 08:58:40,920 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "bypass_firewall"
2022-11-04 08:58:40,920 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_cmstpcom"
2022-11-04 08:58:40,921 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_delegateexecute_sdclt"
2022-11-04 08:58:40,921 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_fodhelper"
2022-11-04 08:58:40,921 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_extracted_content"
2022-11-04 08:58:40,921 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_extracted_config"
2022-11-04 08:58:40,921 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_extracted_content"
2022-11-04 08:58:40,921 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "carberp_mutex"
2022-11-04 08:58:40,922 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "clears_logs"
2022-11-04 08:58:40,922 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_obfuscation"
2022-11-04 08:58:40,922 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_switches"
2022-11-04 08:58:40,922 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_terminate"
2022-11-04 08:58:40,922 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_forfiles_wildcard"
2022-11-04 08:58:40,922 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_http_link"
2022-11-04 08:58:40,922 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_long_string"
2022-11-04 08:58:40,923 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_reversed_http_link"
2022-11-04 08:58:40,923 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "long_commandline"
2022-11-04 08:58:40,923 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed_commandline"
2022-11-04 08:58:40,923 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "codelux_behavior"
2022-11-04 08:58:40,923 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_account_discovery_cmd"
2022-11-04 08:58:40,923 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_discovery_cmd"
2022-11-04 08:58:40,923 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_discovery_pwsh"
2022-11-04 08:58:40,924 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_cmd"
2022-11-04 08:58:40,924 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_pwsh"
2022-11-04 08:58:40,924 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_user_discovery_cmd"
2022-11-04 08:58:40,924 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "copies_self"
2022-11-04 08:58:40,924 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "enables_wdigest"
2022-11-04 08:58:40,924 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "file_credential_store_access"
2022-11-04 08:58:40,924 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "file_credential_store_write"
2022-11-04 08:58:40,925 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_dumping"
2022-11-04 08:58:40,925 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_store_access"
2022-11-04 08:58:40,925 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_lsa_secrets_access"
2022-11-04 08:58:40,925 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptomining_stratum_command"
2022-11-04 08:58:40,925 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptopool_domains"
2022-11-04 08:58:40,925 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "cypherit_mutexes"
2022-11-04 08:58:40,926 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "darkcomet_regkeys"
2022-11-04 08:58:40,926 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "datop_loader"
2022-11-04 08:58:40,926 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "deepfreeze_mutex"
2022-11-04 08:58:40,926 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_executed_files"
2022-11-04 08:58:40,926 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_app_launch"
2022-11-04 08:58:40,927 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_auto_app_termination"
2022-11-04 08:58:40,927 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_appv_virtualization"
2022-11-04 08:58:40,927 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_backups"
2022-11-04 08:58:40,927 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_browser_warn"
2022-11-04 08:58:40,928 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_context_menus"
2022-11-04 08:58:40,928 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_cpl_disable"
2022-11-04 08:58:40,928 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_event_logging"
2022-11-04 08:58:40,929 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_folder_options"
2022-11-04 08:58:40,929 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_notificationcenter"
2022-11-04 08:58:40,929 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_power_options"
2022-11-04 08:58:40,929 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_restore_default_state"
2022-11-04 08:58:40,930 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_run_command"
2022-11-04 08:58:40,930 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_security"
2022-11-04 08:58:40,930 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_smartscreen"
2022-11-04 08:58:40,930 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_startmenu_search"
2022-11-04 08:58:40,931 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_system_restore"
2022-11-04 08:58:40,931 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_uac"
2022-11-04 08:58:40,931 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wer"
2022-11-04 08:58:40,931 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender"
2022-11-04 08:58:40,931 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender_logging"
2022-11-04 08:58:40,932 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_windows_defender_contextmenu"
2022-11-04 08:58:40,932 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "windows_defender_powershell"
2022-11-04 08:58:40,932 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_file_protection"
2022-11-04 08:58:40,933 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windowsupdate"
2022-11-04 08:58:40,933 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_winfirewall"
2022-11-04 08:58:40,933 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "andromut_mutexes"
2022-11-04 08:58:40,933 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "downloader_cabby"
2022-11-04 08:58:40,934 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "phorpiex_mutexes"
2022-11-04 08:58:40,934 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "protonbot_mutexes"
2022-11-04 08:58:40,934 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "driver_filtermanager"
2022-11-04 08:58:40,934 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "dropper"
2022-11-04 08:58:40,934 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "excel4_macro_urls"
2022-11-04 08:58:40,935 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "spooler_access"
2022-11-04 08:58:40,935 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "spooler_svc_start"
2022-11-04 08:58:40,935 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "family_proxyback"
2022-11-04 08:58:40,935 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "mapped_drives_uac"
2022-11-04 08:58:40,935 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "hides_recycle_bin_icon"
2022-11-04 08:58:40,936 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "apocalypse_stealer_file_behavior"
2022-11-04 08:58:40,936 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "arkei_files"
2022-11-04 08:58:40,936 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "azorult_mutexes"
2022-11-04 08:58:40,936 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_bitcoin"
2022-11-04 08:58:40,937 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_cookies"
2022-11-04 08:58:40,938 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptbot_files"
2022-11-04 08:58:40,938 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "echelon_files"
2022-11-04 08:58:40,939 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_ftp"
2022-11-04 08:58:40,940 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_im"
2022-11-04 08:58:40,941 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_mail"
2022-11-04 08:58:40,941 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "masslogger_files"
2022-11-04 08:58:40,941 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "poullight_files"
2022-11-04 08:58:40,942 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "purplewave_mutexes"
2022-11-04 08:58:40,942 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "quilclipper_mutexes"
2022-11-04 08:58:40,942 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_files"
2022-11-04 08:58:40,943 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_mutexes"
2022-11-04 08:58:40,943 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_kraken_mutexes"
2022-11-04 08:58:40,943 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "locker_regedit"
2022-11-04 08:58:40,943 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "locker_taskmgr"
2022-11-04 08:58:40,944 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "ie_martian_children"
2022-11-04 08:58:40,944 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_martian_children"
2022-11-04 08:58:40,944 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_extension"
2022-11-04 08:58:40,944 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_icon"
2022-11-04 08:58:40,944 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "masquerade_process_name"
2022-11-04 08:58:40,945 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "mimikatz_modules"
2022-11-04 08:58:40,945 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_certs"
2022-11-04 08:58:40,945 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_clr_usagelog_regkeys"
2022-11-04 08:58:40,945 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_hostfile"
2022-11-04 08:58:40,946 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_oem_information"
2022-11-04 08:58:40,946 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_security_center_warnings"
2022-11-04 08:58:40,946 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_uac_prompt"
2022-11-04 08:58:40,947 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_country_distribution"
2022-11-04 08:58:40,947 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_multiple_direct_ip_connections"
2022-11-04 08:58:40,947 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_http"
2022-11-04 08:58:40,947 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_http_post"
2022-11-04 08:58:40,947 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_ip_exe"
2022-11-04 08:58:40,947 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga"
2022-11-04 08:58:40,947 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga_fraunhofer"
2022-11-04 08:58:40,948 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_blockchain"
2022-11-04 08:58:40,948 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_opennic"
2022-11-04 08:58:40,948 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_paste_site"
2022-11-04 08:58:40,948 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_reverse_proxy"
2022-11-04 08:58:40,948 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_temp_file_storage"
2022-11-04 08:58:40,948 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_temp_urldns"
2022-11-04 08:58:40,948 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_url_shortener"
2022-11-04 08:58:40,948 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_doh_tls"
2022-11-04 08:58:40,948 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_tld"
2022-11-04 08:58:40,949 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dyndns"
2022-11-04 08:58:40,949 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_excessive_udp"
2022-11-04 08:58:40,949 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_http"
2022-11-04 08:58:40,949 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_icmp"
2022-11-04 08:58:40,949 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_irc"
2022-11-04 08:58:40,949 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_open_proxy"
2022-11-04 08:58:40,949 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_p2p"
2022-11-04 08:58:40,949 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_questionable_http_path"
2022-11-04 08:58:40,949 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_questionable_https_path"
2022-11-04 08:58:40,950 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_smtp"
2022-11-04 08:58:40,950 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor_service"
2022-11-04 08:58:40,950 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_torgateway"
2022-11-04 08:58:40,950 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_code_page"
2022-11-04 08:58:40,950 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_addinloading"
2022-11-04 08:58:40,950 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_perfkey"
2022-11-04 08:58:40,950 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro"
2022-11-04 08:58:40,951 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "changes_trust_center_settings"
2022-11-04 08:58:40,951 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_vba_trust_access"
2022-11-04 08:58:40,951 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_autoexecution"
2022-11-04 08:58:40,951 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_ioc"
2022-11-04 08:58:40,951 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_malicious_prediction"
2022-11-04 08:58:40,951 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_suspicious"
2022-11-04 08:58:40,951 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_aslr_bypass"
2022-11-04 08:58:40,951 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_characterset"
2022-11-04 08:58:40,952 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_version"
2022-11-04 08:58:40,952 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_content"
2022-11-04 08:58:40,952 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_office_file"
2022-11-04 08:58:40,952 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_exploit_static"
2022-11-04 08:58:40,952 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_security"
2022-11-04 08:58:40,952 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_anomalous_feature"
2022-11-04 08:58:40,952 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_dde_command"
2022-11-04 08:58:40,952 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_langid"
2022-11-04 08:58:40,953 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_resource_langid"
2022-11-04 08:58:40,953 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "overlay"
2022-11-04 08:58:40,953 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_unknown_pe_section_name"
2022-11-04 08:58:40,953 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_mutex"
2022-11-04 08:58:40,953 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_regkey"
2022-11-04 08:58:40,953 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspack"
2022-11-04 08:58:40,953 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspirecrypt"
2022-11-04 08:58:40,953 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_bedsprotector"
2022-11-04 08:58:40,954 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_confuser"
2022-11-04 08:58:40,954 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_enigma"
2022-11-04 08:58:40,954 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_entropy"
2022-11-04 08:58:40,954 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_mpress"
2022-11-04 08:58:40,954 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nate"
2022-11-04 08:58:40,954 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nspack"
2022-11-04 08:58:40,954 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_smartassembly"
2022-11-04 08:58:40,954 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_spices"
2022-11-04 08:58:40,954 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_themida"
2022-11-04 08:58:40,954 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_titan"
2022-11-04 08:58:40,955 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_upx"
2022-11-04 08:58:40,955 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_vmprotect"
2022-11-04 08:58:40,955 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_yoda"
2022-11-04 08:58:40,955 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "pdf_annot_urls"
2022-11-04 08:58:40,955 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ads"
2022-11-04 08:58:40,955 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_safeboot"
2022-11-04 08:58:40,955 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ifeo"
2022-11-04 08:58:40,956 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_slient_process_exit"
2022-11-04 08:58:40,956 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_rdp_registry"
2022-11-04 08:58:40,956 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_rdp_shadowing"
2022-11-04 08:58:40,956 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_service"
2022-11-04 08:58:40,956 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_shim_database"
2022-11-04 08:58:40,957 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "polymorphic"
2022-11-04 08:58:40,957 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "powerpool_mutexes"
2022-11-04 08:58:40,957 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_scriptblock_logging"
2022-11-04 08:58:40,957 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_command_suspicious"
2022-11-04 08:58:40,957 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed"
2022-11-04 08:58:40,957 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_reversed"
2022-11-04 08:58:40,957 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_variable_obfuscation"
2022-11-04 08:58:40,958 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "punch_plus_plus_pcres"
2022-11-04 08:58:40,958 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "prevents_safeboot"
2022-11-04 08:58:40,958 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_process_discovery"
2022-11-04 08:58:40,958 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "procmem_yara"
2022-11-04 08:58:40,958 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptomix_mutexes"
2022-11-04 08:58:40,958 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "dharma_mutexes"
2022-11-04 08:58:40,958 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_extensions"
2022-11-04 08:58:40,960 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_files"
2022-11-04 08:58:40,963 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "fonix_mutexes"
2022-11-04 08:58:40,963 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "gandcrab_mutexes"
2022-11-04 08:58:40,963 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "germanwiper_mutexes"
2022-11-04 08:58:40,964 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_mutexes"
2022-11-04 08:58:40,964 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_regkeys"
2022-11-04 08:58:40,964 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_mutexes"
2022-11-04 08:58:40,964 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_regkeys"
2022-11-04 08:58:40,965 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "pysa_mutexes"
2022-11-04 08:58:40,965 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_radamant"
2022-11-04 08:58:40,965 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_recyclebin"
2022-11-04 08:58:40,965 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "revil_mutexes"
2022-11-04 08:58:40,966 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_revil_regkey"
2022-11-04 08:58:40,966 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "satan_mutexes"
2022-11-04 08:58:40,967 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "snake_ransom_mutexes"
2022-11-04 08:58:40,967 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransom_mutexes"
2022-11-04 08:58:40,967 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransomware_cmd"
2022-11-04 08:58:40,967 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_beebus_mutexes"
2022-11-04 08:58:40,968 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "blacknet_mutexes"
2022-11-04 08:58:40,968 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_mutexes"
2022-11-04 08:58:40,968 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "crat_mutexes"
2022-11-04 08:58:40,968 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_files"
2022-11-04 08:58:40,968 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_mutexes"
2022-11-04 08:58:40,969 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_fynloski_mutexes"
2022-11-04 08:58:40,969 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "karagany_files"
2022-11-04 08:58:40,969 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_mutexes"
2022-11-04 08:58:40,969 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_regkeys"
2022-11-04 08:58:40,969 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "lodarat_file_behavior"
2022-11-04 08:58:40,969 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "modirat_behavior"
2022-11-04 08:58:40,970 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "njrat_regkeys"
2022-11-04 08:58:40,970 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_files"
2022-11-04 08:58:40,970 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_mutexes"
2022-11-04 08:58:40,970 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "parallax_mutexes"
2022-11-04 08:58:40,971 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_pcclient"
2022-11-04 08:58:40,971 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_plugx_mutexes"
2022-11-04 08:58:40,971 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_poisonivy_mutexes"
2022-11-04 08:58:40,971 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_quasar_mutexes"
2022-11-04 08:58:40,971 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "ratsnif_mutexes"
2022-11-04 08:58:40,971 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_senna_mutexes"
2022-11-04 08:58:40,972 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_spynet"
2022-11-04 08:58:40,972 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "venomrat_mutexes"
2022-11-04 08:58:40,972 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_files"
2022-11-04 08:58:40,972 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_regkeys"
2022-11-04 08:58:40,973 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_files"
2022-11-04 08:58:40,973 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_mutexes"
2022-11-04 08:58:40,973 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_xtreme_mutexes"
2022-11-04 08:58:40,973 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_checkip"
2022-11-04 08:58:40,973 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_fingerprint"
2022-11-04 08:58:40,974 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_files"
2022-11-04 08:58:40,974 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_mutexes"
2022-11-04 08:58:40,974 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_regkeys"
2022-11-04 08:58:40,974 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "rdptcp_key"
2022-11-04 08:58:40,974 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_rdp_clip"
2022-11-04 08:58:40,975 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_remote_desktop_session"
2022-11-04 08:58:40,975 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_networking_icon"
2022-11-04 08:58:40,975 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_pinned_programs"
2022-11-04 08:58:40,975 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_security_maintenance_icon"
2022-11-04 08:58:40,975 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_startmenu_defaults"
2022-11-04 08:58:40,976 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_username_startmenu"
2022-11-04 08:58:40,976 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "spicyhotpot_behavior"
2022-11-04 08:58:40,976 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "sniffer_winpcap"
2022-11-04 08:58:40,977 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "spreading_autoruninf"
2022-11-04 08:58:40,977 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_authenticode"
2022-11-04 08:58:40,977 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "invalid_authenticode_signature"
2022-11-04 08:58:40,977 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_dotnet_anomaly"
2022-11-04 08:58:40,977 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_java"
2022-11-04 08:58:40,977 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pdf"
2022-11-04 08:58:40,977 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_anomaly"
2022-11-04 08:58:40,977 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "pe_compile_timestomping"
2022-11-04 08:58:40,977 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_pdbpath"
2022-11-04 08:58:40,978 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_rat_config"
2022-11-04 08:58:40,978 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_versioninfo_anomaly"
2022-11-04 08:58:40,978 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hidden_extension"
2022-11-04 08:58:40,978 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hiddenreg"
2022-11-04 08:58:40,978 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hide_notifications"
2022-11-04 08:58:40,979 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_webhistory"
2022-11-04 08:58:40,979 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "suricata_alert"
2022-11-04 08:58:40,979 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_psexec"
2022-11-04 08:58:40,979 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_tools"
2022-11-04 08:58:40,979 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_etw"
2022-11-04 08:58:40,980 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "lsa_tampering"
2022-11-04 08:58:40,980 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_powershell_logging"
2022-11-04 08:58:40,980 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "targeted_flame"
2022-11-04 08:58:40,980 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "territorial_disputes_sigs"
2022-11-04 08:58:40,982 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "trickbot_mutex"
2022-11-04 08:58:40,982 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "fleercivet_mutex"
2022-11-04 08:58:40,982 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "lokibot_mutexes"
2022-11-04 08:58:40,982 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "ursnif_behavior"
2022-11-04 08:58:40,983 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "troldesh_behavior"
2022-11-04 08:58:40,983 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "upatre_files"
2022-11-04 08:58:40,983 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "upatre_files"
2022-11-04 08:58:40,983 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_adfind"
2022-11-04 08:58:40,984 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_ms_protocol"
2022-11-04 08:58:40,984 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "neshta_mutexes"
2022-11-04 08:58:40,984 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "renamer_mutexes"
2022-11-04 08:58:40,984 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_devicetree_1"
2022-11-04 08:58:40,984 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_handles_1"
2022-11-04 08:58:40,984 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_1"
2022-11-04 08:58:40,984 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_2"
2022-11-04 08:58:40,984 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_1"
2022-11-04 08:58:40,985 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_2"
2022-11-04 08:58:40,985 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_modscan_1"
2022-11-04 08:58:40,985 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_1"
2022-11-04 08:58:40,985 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_2"
2022-11-04 08:58:40,985 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_3"
2022-11-04 08:58:40,985 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "owa_web_shell_files"
2022-11-04 08:58:40,985 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_files"
2022-11-04 08:58:40,985 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_processes"
2022-11-04 08:58:40,986 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "whois_create"
2022-11-04 08:58:40,986 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_csc_build"
2022-11-04 08:58:40,986 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "multiple_explorer_instances"
2022-11-04 08:58:40,986 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "script_tool_executed"
2022-11-04 08:58:40,986 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_certutil_use"
2022-11-04 08:58:40,986 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_command_tools"
2022-11-04 08:58:40,986 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_mpcmdrun_use"
2022-11-04 08:58:40,986 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_ping_use"
2022-11-04 08:58:40,986 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_powershell_copyitem"
2022-11-04 08:58:40,987 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities"
2022-11-04 08:58:40,987 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_appcmd"
2022-11-04 08:58:40,987 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_csvde_ldifde"
2022-11-04 08:58:40,987 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_cipher"
2022-11-04 08:58:40,987 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_clickonce"
2022-11-04 08:58:40,987 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_dsquery"
2022-11-04 08:58:40,987 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_esentutl"
2022-11-04 08:58:40,987 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_finger"
2022-11-04 08:58:40,988 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_mode"
2022-11-04 08:58:40,988 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_ntdsutil"
2022-11-04 08:58:40,988 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_nltest"
2022-11-04 08:58:40,988 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_to_create_scheduled_task"
2022-11-04 08:58:40,988 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_xcopy"
2022-11-04 08:58:40,988 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "wmic_command_suspicious"
2022-11-04 08:58:40,988 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "scrcons_wmi_script_consumer"
2022-11-04 08:58:40,988 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Running signature "allaple_mutexes"
2022-11-04 08:58:40,988 [Task 20] [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "antidebug_setunhandledexceptionfilter"
2022-11-04 08:58:40,989 [Task 20] [root] DEBUG: Finished processing task

It seems to me like the process.py is never triggered for some reason, unless I manually do so with process.py. What could be causing this problem?

[kevoreilly]

The only log that is relevant is the process log. The tip I gave you would produce debug output which would have been helpful. cuckoo log and bson are irrelevant.

The processing should run as a distinct service - sounds like it's not running.

systemctl status cape-processor

sudo systemctl start cape-processor

[RazviOverflow]

Understood. I checked the status of the service, restarted it and resubmitted.

$ systemctl status cape-processor.service 
● cape-processor.service - CAPE report processor
     Loaded: loaded (/lib/systemd/system/cape-processor.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2022-10-04 14:25:08 UTC; 1 month 0 days ago
       Docs: https://github.com/kevoreilly/CAPEv2
   Main PID: 1712 (python)
      Tasks: 20 (limit: 18844)
     Memory: 585.2M
        CPU: 2h 5min 51.702s
     CGroup: /system.slice/cape-processor.service
             ├─  1712 /home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/bin/python process.py -p7 auto -pt 900
             ├─297487 /home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/bin/python process.py -p7 auto -pt 900
             ├─297488 /home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/bin/python process.py -p7 auto -pt 900
             ├─297489 /home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/bin/python process.py -p7 auto -pt 900
             ├─297490 /home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/bin/python process.py -p7 auto -pt 900
             ├─297491 /home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/bin/python process.py -p7 auto -pt 900
             ├─297492 /home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/bin/python process.py -p7 auto -pt 900
             └─510428 /home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/bin/python process.py -p7 auto -pt 900

nov 03 16:49:51 rdp05 python3[1712]: 2022-11-03 16:49:51,805 [Task 19] [root] INFO: Processing analysis data for Task #19
nov 03 16:49:52 rdp05 python3[297492]: 2022-11-03 16:49:52,781 [Task 19] [modules.processing.network] WARNING: The PCAP file does >
nov 03 16:49:53 rdp05 python3[297492]: 2022-11-03 16:49:53,230 [Task 19] [modules.processing.suricata] WARNING: Unable to Run Suri>
nov 03 16:49:54 rdp05 python3[499345]: QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-cape'
nov 03 16:49:55 rdp05 python3[1712]: 2022-11-03 16:49:55,051 [Task 19] [root] INFO: Reports generation completed
nov 04 08:49:31 rdp05 python3[1712]: 2022-11-04 08:49:31,429 [Task 20] [root] INFO: Processing analysis data for Task #20
nov 04 08:49:32 rdp05 python3[297493]: 2022-11-04 08:49:32,403 [Task 20] [modules.processing.network] WARNING: The PCAP file does >
nov 04 08:49:32 rdp05 python3[297493]: 2022-11-04 08:49:32,739 [Task 20] [modules.processing.suricata] WARNING: Unable to Run Suri>
nov 04 08:49:33 rdp05 python3[510414]: QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-cape'
nov 04 08:49:34 rdp05 python3[1712]: 2022-11-04 08:49:34,282 [Task 20] [root] INFO: Reports generation completed

Status seems ok. I restarted it.

$ sudo systemctl restart cape-processor.service 
$ systemctl status cape-processor.service 
● cape-processor.service - CAPE report processor
     Loaded: loaded (/lib/systemd/system/cape-processor.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2022-11-04 09:26:08 UTC; 2s ago
       Docs: https://github.com/kevoreilly/CAPEv2
   Main PID: 511091 (python)
      Tasks: 16 (limit: 18844)
     Memory: 247.0M
        CPU: 3.124s
     CGroup: /system.slice/cape-processor.service
             └─511091 /home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/bin/python process.py -p7 auto -pt 900

I resubmitted the sample using submit.py -d path_to_file.exe. This is the output of process.log:

2022-11-04 09:26:09,777 [root] INFO: Processing analysis data
2022-11-04 09:28:55,143 [Task 21] [root] INFO: Processing analysis data for Task #21
2022-11-04 09:28:56,361 [Task 21] [modules.processing.network] WARNING: The PCAP file does not exist at path "/opt/CAPEv2/storage/analyses/21/dump.pcap"
2022-11-04 09:28:56,811 [Task 21] [modules.processing.suricata] WARNING: Unable to Run Suricata: Pcap file /opt/CAPEv2/storage/analyses/21/dump.pcap does not exist
2022-11-04 09:28:58,739 [Task 21] [root] INFO: Reports generation completed

There is nothing of interest, apparently. HOWEVER, this time my processing modules seem to be triggering. Apparently restarting the service solved the problem. I tried several samples now and if the module fails the error is now printed in the process.log file. If, on the other hand, everything works just fine, nothing is printed.

Thank you for you help.

[kevoreilly]

You are welcome

[Loky85]

I have the same problem, cape is working but not creating pcap file, can you help to solve this problem? Thanks in advance

[RazviOverflow]

I think this is not the correct issue to ask about PCAP generation. However, please make sure the user you use to launch cape has permission to execute tcpdump. Additionally, use whereis tcpdump and make sure the same path is specified in the configuration file of CAPE.

Upon making chanes, restart CAPE with systemctl.

[Loky85]

I checked, I manually run tcpdump and it works, but when I run the analysis I don't get a report for network analaysis.

That is my process.log:

022-11-16 23:05:09,272 [Task 45] [modules.processing.behavior] INFO: Analysis results folder does not contain any file or injection was disabled 2022-11-16 23:05:09,279 [Task 45] [modules.processing.network] WARNING: The PCAP file does not exist at path "/opt/CAPEv2/storage/analyses/45/dump.pcap" 2022-11-16 23:05:09,280 [Task 45] [modules.processing.suricata] WARNING: Unable to Run Suricata: Pcap file /opt/CAPEv2/storage/analyses/45/dump.pcap does not exist

[RazviOverflow]

You have to make sure the user running cape is able to run tcpdump (it is necessary the same as your main user). If you followed the docs, it is probably cape.

The logs you provided aren't of use.

[Loky85]

I can run tcpdump with both users. Did you manage to run tcpdump and did you have a problem with it?

[RazviOverflow]

Yes. Please, before creating several issues about the same topic or flooding a closed one, make sure you search for already existing issues. Check #1234 out.

[Loky85]

Thanks a lot for the advice, but I've already read all the mistakes, I wouldn't ask for help without trying. How did you solve the problem? Thanks in advanced

[Loky85]

https://github.com/kevoreilly/CAPEv2/issues/1234#issuecomment-1304881990 Where you set interface for internet? In which configuration file?

[kevoreilly]

Doesn't even seem like you bothered to properly read the documentation.

https://capev2.readthedocs.io/en/latest/installation/host/configuration.html#routing-conf

"The conf/routing.conf file contains information about how the guest VM is connected (or not) to the Internet via the Host"

[Loky85]

Thanks anyway, you did not understand the question in the right way, greetings!