Closed meldzhaLV closed 10 months ago
malscore is useless is depends of community signatures(utils/communiy.py
). i would say reprocess your task with debug poetry run python utils/process.py -r <task_id> -d
to see debug output to see what is wrong on your side
This is the debug output:
Missed dependey XLMMacroDeobfuscator: pip3 install -U git+https://github.com/DissectMalware/XLMMacroDeobfuscator.git
OPTIONAL! Missed dependency: pip3 install https://github.com/CAPESandbox/peepdf/archive/20eda78d7d77fc5b3b652ffc2d8a5b0af796e3dd.zip#egg=peepdf==0.4.2
OPTIONAL! Missed dependency: pip3 install -U git+https://github.com/DissectMalware/batch_deobfuscator
OPTIONAL! Missed dependency: pip3 install -U git+https://github.com/CAPESandbox/httpreplay
DEBUG:lib.cuckoo.core.plugins:Executing processing module "CAPE" on analysis at "/opt/CAPEv2/storage/analyses/260"
2023-10-18 07:00:24,093 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "CAPE" on analysis at "/opt/CAPEv2/storage/analyses/260"
DEBUG:lib.cuckoo.common.integrations.parse_pdf:Starting to load PDF
2023-10-18 07:00:24,531 [Task 260] [lib.cuckoo.common.integrations.parse_pdf] DEBUG: Starting to load PDF
ERROR:lib.cuckoo.core.plugins:Failed to run the processing module "CAPE": [Errno 13] Permission denied: '/opt/CAPEv2/data/trid/trid'
Traceback (most recent call last):
File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 243, in process
data = current.run()
File "/opt/CAPEv2/utils/../modules/processing/CAPE.py", line 352, in run
self.process_file(
File "/opt/CAPEv2/utils/../modules/processing/CAPE.py", line 192, in process_file
static_file_info(
File "/opt/CAPEv2/utils/../lib/cuckoo/common/integrations/file_extra_info.py", line 232, in static_file_info
data_dictionary["trid"] = trid_info(file_path)
File "/opt/CAPEv2/utils/../lib/cuckoo/common/integrations/file_extra_info.py", line 289, in trid_info
output = subprocess.check_output(
File "/usr/lib/python3.10/subprocess.py", line 420, in check_output
return run(popenargs, stdout=PIPE, timeout=timeout, check=True,
File "/usr/lib/python3.10/subprocess.py", line 501, in run
with Popen(popenargs, kwargs) as process:
File "/usr/lib/python3.10/subprocess.py", line 969, in init
self._execute_child(args, executable, preexec_fn, close_fds,
File "/usr/lib/python3.10/subprocess.py", line 1845, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
PermissionError: [Errno 13] Permission denied: '/opt/CAPEv2/data/trid/trid'
2023-10-18 07:00:40,380 [Task 260] [lib.cuckoo.core.plugins] ERROR: Failed to run the processing module "CAPE": [Errno 13] Permission denied: '/opt/CAPEv2/data/trid/trid'
Traceback (most recent call last):
File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 243, in process
data = current.run()
File "/opt/CAPEv2/utils/../modules/processing/CAPE.py", line 352, in run
self.process_file(
File "/opt/CAPEv2/utils/../modules/processing/CAPE.py", line 192, in process_file
static_file_info(
File "/opt/CAPEv2/utils/../lib/cuckoo/common/integrations/file_extra_info.py", line 232, in static_file_info
data_dictionary["trid"] = trid_info(file_path)
File "/opt/CAPEv2/utils/../lib/cuckoo/common/integrations/file_extra_info.py", line 289, in trid_info
output = subprocess.check_output(
File "/usr/lib/python3.10/subprocess.py", line 420, in check_output
return run(popenargs, stdout=PIPE, timeout=timeout, check=True,
File "/usr/lib/python3.10/subprocess.py", line 501, in run
with Popen(popenargs, kwargs) as process:
File "/usr/lib/python3.10/subprocess.py", line 969, in init
self._execute_child(args, executable, preexec_fn, close_fds,
File "/usr/lib/python3.10/subprocess.py", line 1845, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
PermissionError: [Errno 13] Permission denied: '/opt/CAPEv2/data/trid/trid'
DEBUG:lib.cuckoo.core.plugins:Executing processing module "AnalysisInfo" on analysis at "/opt/CAPEv2/storage/analyses/260"
2023-10-18 07:00:40,382 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "AnalysisInfo" on analysis at "/opt/CAPEv2/storage/analyses/260"
DEBUG:lib.cuckoo.core.plugins:Executing processing module "BehaviorAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/260"
2023-10-18 07:00:40,401 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "BehaviorAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/260"
DEBUG:lib.cuckoo.core.plugins:Executing processing module "Debug" on analysis at "/opt/CAPEv2/storage/analyses/260"
2023-10-18 07:00:40,660 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Debug" on analysis at "/opt/CAPEv2/storage/analyses/260"
DEBUG:lib.cuckoo.core.plugins:Executing processing module "MMBot" on analysis at "/opt/CAPEv2/storage/analyses/260"
2023-10-18 07:00:40,663 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "MMBot" on analysis at "/opt/CAPEv2/storage/analyses/260"
ERROR:modules.processing.maliciousmacrobot:MaliciousMacroBot not installed, 'pip3 install mmbot', aborting mmbot analysis
2023-10-18 07:00:40,668 [Task 260] [modules.processing.maliciousmacrobot] ERROR: MaliciousMacroBot not installed, 'pip3 install mmbot', aborting mmbot analysis
DEBUG:lib.cuckoo.core.plugins:Executing processing module "NetworkAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/260"
2023-10-18 07:00:40,668 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "NetworkAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/260"
WARNING:modules.processing.network:The PCAP file does not exist at path "/opt/CAPEv2/storage/analyses/260/dump.pcap"
2023-10-18 07:00:40,668 [Task 260] [modules.processing.network] WARNING: The PCAP file does not exist at path "/opt/CAPEv2/storage/analyses/260/dump.pcap"
DEBUG:lib.cuckoo.core.plugins:Executing processing module "Procmon" on analysis at "/opt/CAPEv2/storage/analyses/260"
2023-10-18 07:00:40,668 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Procmon" on analysis at "/opt/CAPEv2/storage/analyses/260"
DEBUG:lib.cuckoo.core.plugins:Executing processing module "Suricata" on analysis at "/opt/CAPEv2/storage/analyses/260"
2023-10-18 07:00:40,669 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Suricata" on analysis at "/opt/CAPEv2/storage/analyses/260"
DEBUG:modules.processing.suricata:Unable to Run Suricata: Pcap file /opt/CAPEv2/storage/analyses/260/dump.pcap does not exist. Did you run analysis with live connection?
2023-10-18 07:00:40,669 [Task 260] [modules.processing.suricata] DEBUG: Unable to Run Suricata: Pcap file /opt/CAPEv2/storage/analyses/260/dump.pcap does not exist. Did you run analysis with live connection?
DEBUG:lib.cuckoo.core.plugins:Executing processing module "UrlAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/260"
2023-10-18 07:00:40,669 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "UrlAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/260"
DEBUG:lib.cuckoo.core.plugins:Executing processing module "Usage" on analysis at "/opt/CAPEv2/storage/analyses/260"
2023-10-18 07:00:40,669 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Usage" on analysis at "/opt/CAPEv2/storage/analyses/260"
DEBUG:lib.cuckoo.core.plugins:Executing processing module "extract_overlay_data" on analysis at "/opt/CAPEv2/storage/analyses/260"
2023-10-18 07:00:40,670 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "extract_overlay_data" on analysis at "/opt/CAPEv2/storage/analyses/260"
ERROR:lib.cuckoo.core.plugins:Failed to run the processing module "extract_overlay_data": 'extract_overlay_data' object has no attribute 'key'
Traceback (most recent call last):
File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 249, in process
return {current.key: data}
AttributeError: 'extract_overlay_data' object has no attribute 'key'
2023-10-18 07:00:40,670 [Task 260] [lib.cuckoo.core.plugins] ERROR: Failed to run the processing module "extract_overlay_data": 'extract_overlay_data' object has no attribute 'key'
Traceback (most recent call last):
File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 249, in process
return {current.key: data}
AttributeError: 'extract_overlay_data' object has no attribute 'key'
DEBUG:lib.cuckoo.core.plugins:Executing processing module "script_log_processing" on analysis at "/opt/CAPEv2/storage/analyses/260"
2023-10-18 07:00:40,670 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "script_log_processing" on analysis at "/opt/CAPEv2/storage/analyses/260"
DEBUG:lib.cuckoo.core.plugins:Executing processing module "ProcessMemory" on analysis at "/opt/CAPEv2/storage/analyses/260"
2023-10-18 07:00:40,671 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "ProcessMemory" on analysis at "/opt/CAPEv2/storage/analyses/260"
DEBUG:lib.cuckoo.core.plugins:Applying signature overlays for signatures: creates_exe
2023-10-18 07:00:40,685 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Applying signature overlays for signatures: creates_exe
DEBUG:lib.cuckoo.core.plugins:Running 242 evented signatures
2023-10-18 07:00:40,687 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running 242 evented signatures
DEBUG:lib.cuckoo.core.plugins: |-- compression
2023-10-18 07:00:40,688 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- compression
DEBUG:lib.cuckoo.core.plugins: |-- decryption
2023-10-18 07:00:40,688 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- decryption
DEBUG:lib.cuckoo.core.plugins: |-- doppelganging
2023-10-18 07:00:40,688 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- doppelganging
DEBUG:lib.cuckoo.core.plugins: |-- evil_grab
2023-10-18 07:00:40,688 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- evil_grab
DEBUG:lib.cuckoo.core.plugins: |-- injection_inter_process
2023-10-18 07:00:40,688 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- injection_inter_process
DEBUG:lib.cuckoo.core.plugins: |-- injection_create_remote_thread
2023-10-18 07:00:40,688 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- injection_create_remote_thread
DEBUG:lib.cuckoo.core.plugins: |-- injection_process_hollowing
2023-10-18 07:00:40,688 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- injection_process_hollowing
DEBUG:lib.cuckoo.core.plugins: |-- injection_set_window_long
2023-10-18 07:00:40,688 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- injection_set_window_long
DEBUG:lib.cuckoo.core.plugins: |-- PlugX
2023-10-18 07:00:40,688 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- PlugX
DEBUG:lib.cuckoo.core.plugins: |-- reg_binary
2023-10-18 07:00:40,688 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- reg_binary
DEBUG:lib.cuckoo.core.plugins: |-- transacted_hollowing
2023-10-18 07:00:40,689 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- transacted_hollowing
DEBUG:lib.cuckoo.core.plugins: |-- Unpacker
2023-10-18 07:00:40,689 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- Unpacker
DEBUG:lib.cuckoo.core.plugins: |-- anomalous_deletefile
2023-10-18 07:00:40,689 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- anomalous_deletefile
DEBUG:lib.cuckoo.core.plugins: |-- antiav_360_libs
2023-10-18 07:00:40,689 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antiav_360_libs
DEBUG:lib.cuckoo.core.plugins: |-- antiav_ahnlab_libs
2023-10-18 07:00:40,689 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antiav_ahnlab_libs
DEBUG:lib.cuckoo.core.plugins: |-- antiav_avast_libs
2023-10-18 07:00:40,689 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antiav_avast_libs
DEBUG:lib.cuckoo.core.plugins: |-- antiav_bitdefender_libs
2023-10-18 07:00:40,689 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antiav_bitdefender_libs
DEBUG:lib.cuckoo.core.plugins: |-- antiav_bullgaurd_libs
2023-10-18 07:00:40,689 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antiav_bullgaurd_libs
DEBUG:lib.cuckoo.core.plugins: |-- antiav_emsisoft_libs
2023-10-18 07:00:40,689 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antiav_emsisoft_libs
DEBUG:lib.cuckoo.core.plugins: |-- antiav_qurb_libs
2023-10-18 07:00:40,689 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antiav_qurb_libs
DEBUG:lib.cuckoo.core.plugins: |-- antiav_servicestop
2023-10-18 07:00:40,689 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antiav_servicestop
DEBUG:lib.cuckoo.core.plugins: |-- antidebug_addvectoredexceptionhandler
2023-10-18 07:00:40,690 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_addvectoredexceptionhandler
DEBUG:lib.cuckoo.core.plugins: |-- antiav_apioverride_libs
2023-10-18 07:00:40,690 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antiav_apioverride_libs
DEBUG:lib.cuckoo.core.plugins: |-- antidebug_checkremotedebuggerpresent
2023-10-18 07:00:40,690 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_checkremotedebuggerpresent
DEBUG:lib.cuckoo.core.plugins: |-- antidebug_debugactiveprocess
2023-10-18 07:00:40,690 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_debugactiveprocess
DEBUG:lib.cuckoo.core.plugins: |-- antidebug_gettickcount
2023-10-18 07:00:40,690 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_gettickcount
DEBUG:lib.cuckoo.core.plugins: |-- antidebug_guardpages
2023-10-18 07:00:40,690 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_guardpages
DEBUG:lib.cuckoo.core.plugins: |-- antidebug_ntcreatethreadex
2023-10-18 07:00:40,690 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_ntcreatethreadex
DEBUG:lib.cuckoo.core.plugins: |-- antiav_nthookengine_libs
2023-10-18 07:00:40,690 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antiav_nthookengine_libs
DEBUG:lib.cuckoo.core.plugins: |-- antidebug_ntsetinformationthread
2023-10-18 07:00:40,690 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_ntsetinformationthread
DEBUG:lib.cuckoo.core.plugins: |-- antidebug_outputdebugstring
2023-10-18 07:00:40,690 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_outputdebugstring
DEBUG:lib.cuckoo.core.plugins: |-- antidebug_setunhandledexceptionfilter
2023-10-18 07:00:40,690 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_setunhandledexceptionfilter
DEBUG:lib.cuckoo.core.plugins: |-- antidebug_windows
2023-10-18 07:00:40,691 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_windows
DEBUG:lib.cuckoo.core.plugins: |-- antiemu_wine_func
2023-10-18 07:00:40,691 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antiemu_wine_func
DEBUG:lib.cuckoo.core.plugins: |-- antisandbox_check_userdomain
2023-10-18 07:00:40,691 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_check_userdomain
DEBUG:lib.cuckoo.core.plugins: |-- antisandbox_cuckoo
2023-10-18 07:00:40,691 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_cuckoo
DEBUG:lib.cuckoo.core.plugins: |-- antisandbox_cuckoocrash
2023-10-18 07:00:40,691 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_cuckoocrash
DEBUG:lib.cuckoo.core.plugins: |-- antisandbox_foregroundwindows
2023-10-18 07:00:40,691 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_foregroundwindows
DEBUG:lib.cuckoo.core.plugins: |-- antisandbox_mouse_hook
2023-10-18 07:00:40,691 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_mouse_hook
DEBUG:lib.cuckoo.core.plugins: |-- antisandbox_restart
2023-10-18 07:00:40,691 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_restart
DEBUG:lib.cuckoo.core.plugins: |-- antisandbox_sboxie_libs
2023-10-18 07:00:40,691 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sboxie_libs
DEBUG:lib.cuckoo.core.plugins: |-- antisandbox_sboxie_objects
2023-10-18 07:00:40,691 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sboxie_objects
DEBUG:lib.cuckoo.core.plugins: |-- antisandbox_script_timer
2023-10-18 07:00:40,691 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_script_timer
DEBUG:lib.cuckoo.core.plugins: |-- antisandbox_sleep
2023-10-18 07:00:40,691 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sleep
DEBUG:lib.cuckoo.core.plugins: |-- antisandbox_sunbelt_libs
2023-10-18 07:00:40,692 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sunbelt_libs
DEBUG:lib.cuckoo.core.plugins: |-- antisandbox_suspend
2023-10-18 07:00:40,692 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_suspend
DEBUG:lib.cuckoo.core.plugins: |-- antisandbox_unhook
2023-10-18 07:00:40,692 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_unhook
DEBUG:lib.cuckoo.core.plugins: |-- antivm_directory_objects
2023-10-18 07:00:40,692 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antivm_directory_objects
DEBUG:lib.cuckoo.core.plugins: |-- antivm_generic_disk
2023-10-18 07:00:40,692 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_disk
DEBUG:lib.cuckoo.core.plugins: |-- antivm_generic_disk_setupapi
2023-10-18 07:00:40,692 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_disk_setupapi
DEBUG:lib.cuckoo.core.plugins: |-- antivm_generic_scsi
2023-10-18 07:00:40,692 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_scsi
DEBUG:lib.cuckoo.core.plugins: |-- antivm_generic_services
2023-10-18 07:00:40,692 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_services
DEBUG:lib.cuckoo.core.plugins: |-- antivm_network_adapters
2023-10-18 07:00:40,692 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antivm_network_adapters
DEBUG:lib.cuckoo.core.plugins: |-- antivm_vbox_libs
2023-10-18 07:00:40,692 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_libs
DEBUG:lib.cuckoo.core.plugins: |-- antivm_vbox_provname
2023-10-18 07:00:40,692 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_provname
DEBUG:lib.cuckoo.core.plugins: |-- antivm_vbox_window
2023-10-18 07:00:40,693 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_window
DEBUG:lib.cuckoo.core.plugins: |-- antivm_vmware_events
2023-10-18 07:00:40,693 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vmware_events
DEBUG:lib.cuckoo.core.plugins: |-- antivm_vmware_libs
2023-10-18 07:00:40,693 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vmware_libs
DEBUG:lib.cuckoo.core.plugins: |-- api_spamming
2023-10-18 07:00:40,693 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- api_spamming
DEBUG:lib.cuckoo.core.plugins: |-- banker_prinimalka
2023-10-18 07:00:40,693 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- banker_prinimalka
DEBUG:lib.cuckoo.core.plugins: |-- bcdedit_command
2023-10-18 07:00:40,693 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- bcdedit_command
DEBUG:lib.cuckoo.core.plugins: |-- bootkit
2023-10-18 07:00:40,693 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- bootkit
DEBUG:lib.cuckoo.core.plugins: |-- potential_overwrite_mbr
2023-10-18 07:00:40,693 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- potential_overwrite_mbr
DEBUG:lib.cuckoo.core.plugins: |-- suspicious_ioctl_scsipassthough
2023-10-18 07:00:40,693 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_ioctl_scsipassthough
DEBUG:lib.cuckoo.core.plugins: |-- browser_needed
2023-10-18 07:00:40,693 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- browser_needed
DEBUG:lib.cuckoo.core.plugins: |-- browser_scanbox
2023-10-18 07:00:40,693 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- browser_scanbox
DEBUG:lib.cuckoo.core.plugins: |-- firefox_disables_process_tab
2023-10-18 07:00:40,694 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- firefox_disables_process_tab
DEBUG:lib.cuckoo.core.plugins: |-- regsvr32_squiblydoo_dll_load
2023-10-18 07:00:40,694 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- regsvr32_squiblydoo_dll_load
DEBUG:lib.cuckoo.core.plugins: |-- uac_bypass_cmstp
2023-10-18 07:00:40,694 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- uac_bypass_cmstp
DEBUG:lib.cuckoo.core.plugins: |-- uac_bypass_eventvwr
2023-10-18 07:00:40,694 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- uac_bypass_eventvwr
DEBUG:lib.cuckoo.core.plugins: |-- clickfraud_cookies
2023-10-18 07:00:40,694 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- clickfraud_cookies
DEBUG:lib.cuckoo.core.plugins: |-- clickfraud_volume
2023-10-18 07:00:40,694 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- clickfraud_volume
DEBUG:lib.cuckoo.core.plugins: |-- creates_largekey
2023-10-18 07:00:40,694 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- creates_largekey
DEBUG:lib.cuckoo.core.plugins: |-- creates_nullvalue
2023-10-18 07:00:40,694 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- creates_nullvalue
DEBUG:lib.cuckoo.core.plugins: |-- lsass_credential_dumping
2023-10-18 07:00:40,694 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- lsass_credential_dumping
DEBUG:lib.cuckoo.core.plugins: |-- critical_process
2023-10-18 07:00:40,694 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- critical_process
DEBUG:lib.cuckoo.core.plugins: |-- generates_crypto_key
2023-10-18 07:00:40,694 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- generates_crypto_key
DEBUG:lib.cuckoo.core.plugins: |-- cve_2014_6332
2023-10-18 07:00:40,695 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- cve_2014_6332
DEBUG:lib.cuckoo.core.plugins: |-- cve_2015_2419_js
2023-10-18 07:00:40,695 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- cve_2015_2419_js
DEBUG:lib.cuckoo.core.plugins: |-- cve_2016-0189
2023-10-18 07:00:40,695 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- cve_2016-0189
DEBUG:lib.cuckoo.core.plugins: |-- cve_2016_7200
2023-10-18 07:00:40,695 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- cve_2016_7200
DEBUG:lib.cuckoo.core.plugins: |-- dead_connect
2023-10-18 07:00:40,695 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- dead_connect
DEBUG:lib.cuckoo.core.plugins: |-- dead_link
2023-10-18 07:00:40,695 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- dead_link
DEBUG:lib.cuckoo.core.plugins: |-- debugs_self
2023-10-18 07:00:40,695 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- debugs_self
DEBUG:lib.cuckoo.core.plugins: |-- decoy_image
2023-10-18 07:00:40,695 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- decoy_image
DEBUG:lib.cuckoo.core.plugins: |-- deletes_self
2023-10-18 07:00:40,695 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- deletes_self
DEBUG:lib.cuckoo.core.plugins: |-- deletes_shadow_copies
2023-10-18 07:00:40,695 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- deletes_shadow_copies
DEBUG:lib.cuckoo.core.plugins: |-- deletes_system_state_backup
2023-10-18 07:00:40,695 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- deletes_system_state_backup
DEBUG:lib.cuckoo.core.plugins: |-- dep_bypass
2023-10-18 07:00:40,696 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- dep_bypass
DEBUG:lib.cuckoo.core.plugins: |-- dep_disable
2023-10-18 07:00:40,696 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- dep_disable
DEBUG:lib.cuckoo.core.plugins: |-- disables_mappeddrives_autodisconnect
2023-10-18 07:00:40,696 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- disables_mappeddrives_autodisconnect
DEBUG:lib.cuckoo.core.plugins: |-- disables_spdy
2023-10-18 07:00:40,696 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- disables_spdy
DEBUG:lib.cuckoo.core.plugins: |-- disables_wfp
2023-10-18 07:00:40,696 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- disables_wfp
DEBUG:lib.cuckoo.core.plugins: |-- dll_load_uncommon_file_types
2023-10-18 07:00:40,696 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- dll_load_uncommon_file_types
DEBUG:lib.cuckoo.core.plugins: |-- document_script_exe_drop
2023-10-18 07:00:40,696 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- document_script_exe_drop
DEBUG:lib.cuckoo.core.plugins: |-- guloader_apis
2023-10-18 07:00:40,696 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- guloader_apis
DEBUG:lib.cuckoo.core.plugins: |-- driver_load
2023-10-18 07:00:40,696 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- driver_load
DEBUG:lib.cuckoo.core.plugins: |-- dynamic_function_loading
2023-10-18 07:00:40,696 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- dynamic_function_loading
DEBUG:lib.cuckoo.core.plugins: |-- exec_crash
2023-10-18 07:00:40,696 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- exec_crash
DEBUG:lib.cuckoo.core.plugins: |-- process_creation_suspicious_location
2023-10-18 07:00:40,696 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- process_creation_suspicious_location
DEBUG:lib.cuckoo.core.plugins: |-- exploit_getbasekerneladdress
2023-10-18 07:00:40,697 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- exploit_getbasekerneladdress
DEBUG:lib.cuckoo.core.plugins: |-- exploit_gethaldispatchtable
2023-10-18 07:00:40,697 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- exploit_gethaldispatchtable
DEBUG:lib.cuckoo.core.plugins: |-- exploit_heapspray
2023-10-18 07:00:40,697 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- exploit_heapspray
DEBUG:lib.cuckoo.core.plugins: |-- koadic_apis
2023-10-18 07:00:40,697 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- koadic_apis
DEBUG:lib.cuckoo.core.plugins: |-- koadic_network_activity
2023-10-18 07:00:40,697 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- koadic_network_activity
DEBUG:lib.cuckoo.core.plugins: |-- downloads_from_filehosting
2023-10-18 07:00:40,697 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- downloads_from_filehosting
DEBUG:lib.cuckoo.core.plugins: |-- generic_phish
2023-10-18 07:00:40,697 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- generic_phish
DEBUG:lib.cuckoo.core.plugins: |-- http_request
2023-10-18 07:00:40,697 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- http_request
DEBUG:lib.cuckoo.core.plugins: |-- https_urls
2023-10-18 07:00:40,697 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- https_urls
DEBUG:lib.cuckoo.core.plugins: |-- infostealer_browser
2023-10-18 07:00:40,697 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_browser
DEBUG:lib.cuckoo.core.plugins: |-- infostealer_browser_password
2023-10-18 07:00:40,697 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_browser_password
DEBUG:lib.cuckoo.core.plugins: |-- cryptbot_network
2023-10-18 07:00:40,698 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- cryptbot_network
DEBUG:lib.cuckoo.core.plugins: |-- infostealer_keylog
2023-10-18 07:00:40,698 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_keylog
DEBUG:lib.cuckoo.core.plugins: |-- masslogger_artifacts
2023-10-18 07:00:40,698 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- masslogger_artifacts
DEBUG:lib.cuckoo.core.plugins: |-- masslogger_version
2023-10-18 07:00:40,698 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- masslogger_version
DEBUG:lib.cuckoo.core.plugins: |-- purplewave_network_activity
2023-10-18 07:00:40,698 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- purplewave_network_activity
DEBUG:lib.cuckoo.core.plugins: |-- quilclipper_behavior
2023-10-18 07:00:40,698 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- quilclipper_behavior
DEBUG:lib.cuckoo.core.plugins: |-- raccoon_behavior
2023-10-18 07:00:40,698 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- raccoon_behavior
DEBUG:lib.cuckoo.core.plugins: |-- captures_screenshot
2023-10-18 07:00:40,698 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- captures_screenshot
DEBUG:lib.cuckoo.core.plugins: |-- vidar_behavior
2023-10-18 07:00:40,698 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- vidar_behavior
DEBUG:lib.cuckoo.core.plugins: |-- injection_createremotethread
2023-10-18 07:00:40,698 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- injection_createremotethread
DEBUG:lib.cuckoo.core.plugins: |-- injection_explorer
2023-10-18 07:00:40,698 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- injection_explorer
DEBUG:lib.cuckoo.core.plugins: |-- injection_needextension
2023-10-18 07:00:40,699 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- injection_needextension
DEBUG:lib.cuckoo.core.plugins: |-- injection_network_traffic
2023-10-18 07:00:40,699 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- injection_network_traffic
DEBUG:lib.cuckoo.core.plugins: |-- injection_runpe
2023-10-18 07:00:40,699 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- injection_runpe
DEBUG:lib.cuckoo.core.plugins: |-- injection_themeinitapihook
2023-10-18 07:00:40,699 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- injection_themeinitapihook
DEBUG:lib.cuckoo.core.plugins: |-- internet_dropper
2023-10-18 07:00:40,699 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- internet_dropper
DEBUG:lib.cuckoo.core.plugins: |-- ipc_namedpipe
2023-10-18 07:00:40,699 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- ipc_namedpipe
DEBUG:lib.cuckoo.core.plugins: |-- js_phish
2023-10-18 07:00:40,699 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- js_phish
DEBUG:lib.cuckoo.core.plugins: |-- js_suspicious_redirect
2023-10-18 07:00:40,699 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- js_suspicious_redirect
DEBUG:lib.cuckoo.core.plugins: |-- malicious_dynamic_function_loading
2023-10-18 07:00:40,699 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- malicious_dynamic_function_loading
DEBUG:lib.cuckoo.core.plugins: |-- encrypt_pcinfo
2023-10-18 07:00:40,699 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- encrypt_pcinfo
DEBUG:lib.cuckoo.core.plugins: |-- encrypt_data_agenttesla_http
2023-10-18 07:00:40,699 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- encrypt_data_agenttesla_http
DEBUG:lib.cuckoo.core.plugins: |-- encrypt_data_agentteslat2_http
2023-10-18 07:00:40,699 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- encrypt_data_agentteslat2_http
DEBUG:lib.cuckoo.core.plugins: |-- encrypt_data_nanocore
2023-10-18 07:00:40,700 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- encrypt_data_nanocore
DEBUG:lib.cuckoo.core.plugins: |-- mimics_filetime
2023-10-18 07:00:40,700 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- mimics_filetime
DEBUG:lib.cuckoo.core.plugins: |-- quilclipper_behavior
2023-10-18 07:00:40,700 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- quilclipper_behavior
DEBUG:lib.cuckoo.core.plugins: |-- modify_desktop_wallpaper
2023-10-18 07:00:40,700 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- modify_desktop_wallpaper
DEBUG:lib.cuckoo.core.plugins: |-- modify_zoneid_ads
2023-10-18 07:00:40,700 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- modify_zoneid_ads
DEBUG:lib.cuckoo.core.plugins: |-- move_file_on_reboot
2023-10-18 07:00:40,700 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- move_file_on_reboot
DEBUG:lib.cuckoo.core.plugins: |-- multiple_useragents
2023-10-18 07:00:40,700 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- multiple_useragents
DEBUG:lib.cuckoo.core.plugins: |-- network_anomaly
2023-10-18 07:00:40,700 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_anomaly
DEBUG:lib.cuckoo.core.plugins: |-- network_bind
2023-10-18 07:00:40,700 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_bind
DEBUG:lib.cuckoo.core.plugins: |-- network_cnc_https_archive
2023-10-18 07:00:40,700 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_archive
DEBUG:lib.cuckoo.core.plugins: |-- network_cnc_https_free_webshoting
2023-10-18 07:00:40,700 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_free_webshoting
DEBUG:lib.cuckoo.core.plugins: |-- network_cnc_https_generic
2023-10-18 07:00:40,701 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_generic
DEBUG:lib.cuckoo.core.plugins: |-- network_cnc_https_temp_urldns
2023-10-18 07:00:40,701 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_temp_urldns
DEBUG:lib.cuckoo.core.plugins: |-- network_cnc_https_pastesite
2023-10-18 07:00:40,701 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_pastesite
DEBUG:lib.cuckoo.core.plugins: |-- network_cnc_https_payload
2023-10-18 07:00:40,701 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_payload
DEBUG:lib.cuckoo.core.plugins: |-- network_cnc_https_socialmedia
2023-10-18 07:00:40,701 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_socialmedia
DEBUG:lib.cuckoo.core.plugins: |-- network_cnc_https_telegram
2023-10-18 07:00:40,701 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_telegram
DEBUG:lib.cuckoo.core.plugins: |-- network_cnc_https_tempstorage
2023-10-18 07:00:40,701 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_tempstorage
DEBUG:lib.cuckoo.core.plugins: |-- network_cnc_https_temp_urldns
2023-10-18 07:00:40,701 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_temp_urldns
DEBUG:lib.cuckoo.core.plugins: |-- network_cnc_https_urlshortener
2023-10-18 07:00:40,701 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_urlshortener
DEBUG:lib.cuckoo.core.plugins: |-- network_cnc_https_useragent
2023-10-18 07:00:40,701 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_useragent
DEBUG:lib.cuckoo.core.plugins: |-- network_cnc_smtps_exfil
2023-10-18 07:00:40,701 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_smtps_exfil
DEBUG:lib.cuckoo.core.plugins: |-- network_cnc_smtps_generic
2023-10-18 07:00:40,702 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_smtps_generic
DEBUG:lib.cuckoo.core.plugins: |-- network_dns_idn
2023-10-18 07:00:40,702 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_idn
DEBUG:lib.cuckoo.core.plugins: |-- network_dns_suspicious_querytype
2023-10-18 07:00:40,702 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_suspicious_querytype
DEBUG:lib.cuckoo.core.plugins: |-- network_dns_tunneling_request
2023-10-18 07:00:40,702 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_tunneling_request
DEBUG:lib.cuckoo.core.plugins: |-- explorer_http
2023-10-18 07:00:40,702 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- explorer_http
DEBUG:lib.cuckoo.core.plugins: |-- network_fake_useragent
2023-10-18 07:00:40,702 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_fake_useragent
DEBUG:lib.cuckoo.core.plugins: |-- network_downloader_exe
2023-10-18 07:00:40,702 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_downloader_exe
DEBUG:lib.cuckoo.core.plugins: |-- network_tor
2023-10-18 07:00:40,702 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- network_tor
DEBUG:lib.cuckoo.core.plugins: |-- office_com_load
2023-10-18 07:00:40,702 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- office_com_load
DEBUG:lib.cuckoo.core.plugins: |-- office_dotnet_load
2023-10-18 07:00:40,702 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- office_dotnet_load
DEBUG:lib.cuckoo.core.plugins: |-- office_mshtml_load
2023-10-18 07:00:40,702 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- office_mshtml_load
DEBUG:lib.cuckoo.core.plugins: |-- office_vb_load
2023-10-18 07:00:40,703 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- office_vb_load
DEBUG:lib.cuckoo.core.plugins: |-- office_wmi_load
2023-10-18 07:00:40,703 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- office_wmi_load
DEBUG:lib.cuckoo.core.plugins: |-- office_cve2017_11882_network
2023-10-18 07:00:40,703 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- office_cve2017_11882_network
DEBUG:lib.cuckoo.core.plugins: |-- office_cve_2021_40444
2023-10-18 07:00:40,703 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- office_cve_2021_40444
DEBUG:lib.cuckoo.core.plugins: |-- office_cve_2021_40444_m2
2023-10-18 07:00:40,703 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- office_cve_2021_40444_m2
DEBUG:lib.cuckoo.core.plugins: |-- office_flash_load
2023-10-18 07:00:40,703 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- office_flash_load
DEBUG:lib.cuckoo.core.plugins: |-- office_postscript
2023-10-18 07:00:40,703 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- office_postscript
DEBUG:lib.cuckoo.core.plugins: |-- office_suspicious_processes
2023-10-18 07:00:40,703 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- office_suspicious_processes
DEBUG:lib.cuckoo.core.plugins: |-- packer_themida
2023-10-18 07:00:40,703 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- packer_themida
DEBUG:lib.cuckoo.core.plugins: |-- persistence_autorun
2023-10-18 07:00:40,703 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- persistence_autorun
DEBUG:lib.cuckoo.core.plugins: |-- persistence_autorun_tasks
2023-10-18 07:00:40,703 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- persistence_autorun_tasks
DEBUG:lib.cuckoo.core.plugins: |-- persistence_bootexecute
2023-10-18 07:00:40,703 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- persistence_bootexecute
DEBUG:lib.cuckoo.core.plugins: |-- persistence_registry_script
2023-10-18 07:00:40,704 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- persistence_registry_script
DEBUG:lib.cuckoo.core.plugins: |-- powershell_download
2023-10-18 07:00:40,704 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- powershell_download
DEBUG:lib.cuckoo.core.plugins: |-- powershell_request
2023-10-18 07:00:40,704 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- powershell_request
DEBUG:lib.cuckoo.core.plugins: |-- createtoolhelp32snapshot_module_enumeration
2023-10-18 07:00:40,704 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- createtoolhelp32snapshot_module_enumeration
DEBUG:lib.cuckoo.core.plugins: |-- enumerates_running_processes
2023-10-18 07:00:40,704 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- enumerates_running_processes
DEBUG:lib.cuckoo.core.plugins: |-- process_interest
2023-10-18 07:00:40,704 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- process_interest
DEBUG:lib.cuckoo.core.plugins: |-- process_needed
2023-10-18 07:00:40,704 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- process_needed
DEBUG:lib.cuckoo.core.plugins: |-- mass_data_encryption
2023-10-18 07:00:40,704 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- mass_data_encryption
DEBUG:lib.cuckoo.core.plugins: |-- ransomware_dmalocker
2023-10-18 07:00:40,704 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_dmalocker
DEBUG:lib.cuckoo.core.plugins: |-- ransomware_file_modifications
2023-10-18 07:00:40,704 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_file_modifications
DEBUG:lib.cuckoo.core.plugins: |-- ransomware_message
2023-10-18 07:00:40,704 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_message
DEBUG:lib.cuckoo.core.plugins: |-- nemty_network_activity
2023-10-18 07:00:40,705 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- nemty_network_activity
DEBUG:lib.cuckoo.core.plugins: |-- nemty_note
2023-10-18 07:00:40,705 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- nemty_note
DEBUG:lib.cuckoo.core.plugins: |-- sodinokibi_behavior
2023-10-18 07:00:40,705 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- sodinokibi_behavior
DEBUG:lib.cuckoo.core.plugins: |-- stop_ransomware_registry
2023-10-18 07:00:40,705 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- stop_ransomware_registry
DEBUG:lib.cuckoo.core.plugins: |-- blackrat_apis
2023-10-18 07:00:40,705 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- blackrat_apis
DEBUG:lib.cuckoo.core.plugins: |-- blackrat_network_activity
2023-10-18 07:00:40,705 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- blackrat_network_activity
DEBUG:lib.cuckoo.core.plugins: |-- blackrat_registry_keys
2023-10-18 07:00:40,705 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- blackrat_registry_keys
DEBUG:lib.cuckoo.core.plugins: |-- dcrat_behavior
2023-10-18 07:00:40,705 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- dcrat_behavior
DEBUG:lib.cuckoo.core.plugins: |-- karagany_system_event_objects
2023-10-18 07:00:40,705 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- karagany_system_event_objects
DEBUG:lib.cuckoo.core.plugins: |-- rat_luminosity
2023-10-18 07:00:40,705 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- rat_luminosity
DEBUG:lib.cuckoo.core.plugins: |-- rat_nanocore
2023-10-18 07:00:40,705 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- rat_nanocore
DEBUG:lib.cuckoo.core.plugins: |-- netwire_behavior
2023-10-18 07:00:40,706 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- netwire_behavior
DEBUG:lib.cuckoo.core.plugins: |-- obliquerat_network_activity
2023-10-18 07:00:40,706 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- obliquerat_network_activity
DEBUG:lib.cuckoo.core.plugins: |-- orcusrat_behavior
2023-10-18 07:00:40,706 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- orcusrat_behavior
DEBUG:lib.cuckoo.core.plugins: |-- trochilusrat_apis
2023-10-18 07:00:40,706 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- trochilusrat_apis
DEBUG:lib.cuckoo.core.plugins: |-- recon_beacon
2023-10-18 07:00:40,706 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- recon_beacon
DEBUG:lib.cuckoo.core.plugins: |-- recon_programs
2023-10-18 07:00:40,706 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- recon_programs
DEBUG:lib.cuckoo.core.plugins: |-- recon_systeminfo
2023-10-18 07:00:40,706 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- recon_systeminfo
DEBUG:lib.cuckoo.core.plugins: |-- accesses_recyclebin
2023-10-18 07:00:40,706 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- accesses_recyclebin
DEBUG:lib.cuckoo.core.plugins: |-- removes_zoneid_ads
2023-10-18 07:00:40,706 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- removes_zoneid_ads
DEBUG:lib.cuckoo.core.plugins: |-- script_created_process
2023-10-18 07:00:40,706 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- script_created_process
DEBUG:lib.cuckoo.core.plugins: |-- script_network_activity
2023-10-18 07:00:40,706 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- script_network_activity
DEBUG:lib.cuckoo.core.plugins: |-- suspicious_js_script
2023-10-18 07:00:40,706 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_js_script
DEBUG:lib.cuckoo.core.plugins: |-- secure_login_phishing
2023-10-18 07:00:40,707 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- secure_login_phishing
DEBUG:lib.cuckoo.core.plugins: |-- securityxploded_modules
2023-10-18 07:00:40,707 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- securityxploded_modules
DEBUG:lib.cuckoo.core.plugins: |-- get_clipboard_data
2023-10-18 07:00:40,707 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- get_clipboard_data
DEBUG:lib.cuckoo.core.plugins: |-- sets_autoconfig_url
2023-10-18 07:00:40,707 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- sets_autoconfig_url
DEBUG:lib.cuckoo.core.plugins: |-- spoofs_procname
2023-10-18 07:00:40,707 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- spoofs_procname
DEBUG:lib.cuckoo.core.plugins: |-- stack_pivot
2023-10-18 07:00:40,707 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- stack_pivot
DEBUG:lib.cuckoo.core.plugins: |-- stack_pivot_file_created
2023-10-18 07:00:40,707 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- stack_pivot_file_created
DEBUG:lib.cuckoo.core.plugins: |-- stack_pivot_process_create
2023-10-18 07:00:40,707 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- stack_pivot_process_create
DEBUG:lib.cuckoo.core.plugins: |-- set_clipboard_data
2023-10-18 07:00:40,707 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- set_clipboard_data
DEBUG:lib.cuckoo.core.plugins: |-- stealth_childproc
2023-10-18 07:00:40,707 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- stealth_childproc
DEBUG:lib.cuckoo.core.plugins: |-- stealth_network
2023-10-18 07:00:40,707 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- stealth_network
DEBUG:lib.cuckoo.core.plugins: |-- stealth_system_procname
2023-10-18 07:00:40,707 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- stealth_system_procname
DEBUG:lib.cuckoo.core.plugins: |-- stealth_timeout
2023-10-18 07:00:40,708 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- stealth_timeout
DEBUG:lib.cuckoo.core.plugins: |-- stealth_window
2023-10-18 07:00:40,708 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- stealth_window
DEBUG:lib.cuckoo.core.plugins: |-- terminates_remote_process
2023-10-18 07:00:40,708 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- terminates_remote_process
DEBUG:lib.cuckoo.core.plugins: |-- trickbot_task_delete
2023-10-18 07:00:40,708 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- trickbot_task_delete
DEBUG:lib.cuckoo.core.plugins: |-- user_enum
2023-10-18 07:00:40,708 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- user_enum
DEBUG:lib.cuckoo.core.plugins: |-- virus
2023-10-18 07:00:40,708 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- virus
DEBUG:lib.cuckoo.core.plugins: |-- neshta_files
2023-10-18 07:00:40,708 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- neshta_files
DEBUG:lib.cuckoo.core.plugins: |-- neshta_regkeys
2023-10-18 07:00:40,708 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- neshta_regkeys
DEBUG:lib.cuckoo.core.plugins: |-- webmail_phish
2023-10-18 07:00:40,708 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- webmail_phish
DEBUG:lib.cuckoo.core.plugins: |-- persists_dev_util
2023-10-18 07:00:40,708 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- persists_dev_util
DEBUG:lib.cuckoo.core.plugins: |-- spawns_dev_util
2023-10-18 07:00:40,708 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- spawns_dev_util
DEBUG:lib.cuckoo.core.plugins: |-- alters_windows_utility
2023-10-18 07:00:40,709 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- alters_windows_utility
DEBUG:lib.cuckoo.core.plugins: |-- overwrites_accessibility_utility
2023-10-18 07:00:40,709 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- overwrites_accessibility_utility
DEBUG:lib.cuckoo.core.plugins: |-- wiper_zeroedbytes
2023-10-18 07:00:40,709 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- wiper_zeroedbytes
DEBUG:lib.cuckoo.core.plugins: |-- wmi_create_process
2023-10-18 07:00:40,709 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- wmi_create_process
DEBUG:lib.cuckoo.core.plugins: |-- wmi_script_process
2023-10-18 07:00:40,709 [Task 260] [lib.cuckoo.core.plugins] DEBUG: |-- wmi_script_process
DEBUG:lib.cuckoo.core.plugins: -- win32_process_create 2023-10-18 07:00:40,709 [Task 260] [lib.cuckoo.core.plugins] DEBUG:
-- win32_process_create
DEBUG:lib.cuckoo.core.plugins:Running non-evented signatures
2023-10-18 07:00:41,000 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running non-evented signatures
DEBUG:lib.cuckoo.core.plugins:Running signature "cape_detected_threat"
2023-10-18 07:00:41,000 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_detected_threat"
DEBUG:lib.cuckoo.core.plugins:Running signature "accesses_mailslot"
2023-10-18 07:00:41,001 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_mailslot"
DEBUG:lib.cuckoo.core.plugins:Running signature "accesses_netlogon_regkey"
2023-10-18 07:00:41,001 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_netlogon_regkey"
DEBUG:lib.cuckoo.core.plugins:Running signature "accesses_sysvol"
2023-10-18 07:00:41,002 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_sysvol"
DEBUG:lib.cuckoo.core.plugins:Running signature "writes_sysvol"
2023-10-18 07:00:41,002 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "writes_sysvol"
DEBUG:lib.cuckoo.core.plugins:Running signature "adds_admin_user"
2023-10-18 07:00:41,003 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "adds_admin_user"
DEBUG:lib.cuckoo.core.plugins:Running signature "adds_user"
2023-10-18 07:00:41,003 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "adds_user"
DEBUG:lib.cuckoo.core.plugins:Running signature "overwrites_admin_password"
2023-10-18 07:00:41,004 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "overwrites_admin_password"
DEBUG:lib.cuckoo.core.plugins:Running signature "antianalysis_detectfile"
2023-10-18 07:00:41,004 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectfile"
DEBUG:lib.cuckoo.core.plugins:Running signature "antianalysis_detectreg"
2023-10-18 07:00:41,014 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectreg"
DEBUG:lib.cuckoo.core.plugins:Running signature "modify_attachment_manager"
2023-10-18 07:00:41,017 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_attachment_manager"
DEBUG:lib.cuckoo.core.plugins:Running signature "antiav_detectfile"
2023-10-18 07:00:41,018 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectfile"
DEBUG:lib.cuckoo.core.plugins:Running signature "antiav_detectreg"
2023-10-18 07:00:41,024 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectreg"
DEBUG:lib.cuckoo.core.plugins:Running signature "antiav_srp"
2023-10-18 07:00:41,038 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_srp"
DEBUG:lib.cuckoo.core.plugins:Running signature "antiav_whitespace"
2023-10-18 07:00:41,038 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_whitespace"
DEBUG:lib.cuckoo.core.plugins:Running signature "antidebug_devices"
2023-10-18 07:00:41,039 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_devices"
DEBUG:lib.cuckoo.core.plugins:Running signature "antiemu_windefend"
2023-10-18 07:00:41,040 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_windefend"
DEBUG:lib.cuckoo.core.plugins:Running signature "antiemu_wine_reg"
2023-10-18 07:00:41,041 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_reg"
DEBUG:lib.cuckoo.core.plugins:Running signature "antisandbox_cuckoo_files"
2023-10-18 07:00:41,041 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoo_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "antisandbox_fortinet_files"
2023-10-18 07:00:41,042 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_fortinet_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "antisandbox_joe_anubis_files"
2023-10-18 07:00:41,043 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_joe_anubis_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "antisandbox_sboxie_mutex"
2023-10-18 07:00:41,043 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_mutex"
DEBUG:lib.cuckoo.core.plugins:Running signature "antisandbox_sunbelt_files"
2023-10-18 07:00:41,043 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "antisandbox_threattrack_files"
2023-10-18 07:00:41,044 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_threattrack_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivirus_clamav"
2023-10-18 07:00:41,045 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivirus_clamav"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivirus_virustotal"
2023-10-18 07:00:41,045 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivirus_virustotal"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivm_bochs_keys"
2023-10-18 07:00:41,045 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_bochs_keys"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivm_generic_bios"
2023-10-18 07:00:41,046 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_bios"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivm_generic_cpu"
2023-10-18 07:00:41,046 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_cpu"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivm_generic_diskreg"
2023-10-18 07:00:41,047 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_diskreg"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivm_generic_system"
2023-10-18 07:00:41,048 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_system"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivm_hyperv_keys"
2023-10-18 07:00:41,049 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_hyperv_keys"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivm_parallels_keys"
2023-10-18 07:00:41,049 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_parallels_keys"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivm_vbox_devices"
2023-10-18 07:00:41,051 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_devices"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivm_vbox_files"
2023-10-18 07:00:41,051 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivm_vbox_keys"
2023-10-18 07:00:41,055 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_keys"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivm_vmware_devices"
2023-10-18 07:00:41,057 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_devices"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivm_vmware_files"
2023-10-18 07:00:41,057 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivm_vmware_keys"
2023-10-18 07:00:41,058 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_keys"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivm_vmware_mutexes"
2023-10-18 07:00:41,060 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivm_vpc_files"
2023-10-18 07:00:41,060 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivm_vpc_keys"
2023-10-18 07:00:41,061 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_keys"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivm_vpc_mutex"
2023-10-18 07:00:41,062 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_mutex"
DEBUG:lib.cuckoo.core.plugins:Running signature "antivm_xen_keys"
2023-10-18 07:00:41,062 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_xen_keys"
DEBUG:lib.cuckoo.core.plugins:Running signature "gulpix_behavior"
2023-10-18 07:00:41,063 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "gulpix_behavior"
DEBUG:lib.cuckoo.core.plugins:Running signature "ketrican_regkeys"
2023-10-18 07:00:41,064 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "ketrican_regkeys"
DEBUG:lib.cuckoo.core.plugins:Running signature "okrum_mutexes"
2023-10-18 07:00:41,065 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "okrum_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "bad_certs"
2023-10-18 07:00:41,066 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_certs"
DEBUG:lib.cuckoo.core.plugins:Running signature "bad_ssl_certs"
2023-10-18 07:00:41,066 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_ssl_certs"
DEBUG:lib.cuckoo.core.plugins:Running signature "banker_cridex"
2023-10-18 07:00:41,066 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_cridex"
DEBUG:lib.cuckoo.core.plugins:Running signature "geodo_banking_trojan"
2023-10-18 07:00:41,067 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "geodo_banking_trojan"
DEBUG:lib.cuckoo.core.plugins:Running signature "banker_spyeye_mutexes"
2023-10-18 07:00:41,069 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_spyeye_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "banker_zeus_mutex"
2023-10-18 07:00:41,069 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_mutex"
DEBUG:lib.cuckoo.core.plugins:Running signature "banker_zeus_p2p"
2023-10-18 07:00:41,070 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_p2p"
DEBUG:lib.cuckoo.core.plugins:Running signature "banker_zeus_url"
2023-10-18 07:00:41,071 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_url"
DEBUG:lib.cuckoo.core.plugins:Running signature "bitcoin_opencl"
2023-10-18 07:00:41,071 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "bitcoin_opencl"
DEBUG:lib.cuckoo.core.plugins:Running signature "accesses_primary_patition"
2023-10-18 07:00:41,072 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_primary_patition"
DEBUG:lib.cuckoo.core.plugins:Running signature "direct_hdd_access"
2023-10-18 07:00:41,072 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "direct_hdd_access"
DEBUG:lib.cuckoo.core.plugins:Running signature "enumerates_physical_drives"
2023-10-18 07:00:41,073 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "enumerates_physical_drives"
DEBUG:lib.cuckoo.core.plugins:Running signature "physical_drive_access"
2023-10-18 07:00:41,073 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "physical_drive_access"
DEBUG:lib.cuckoo.core.plugins:Running signature "bot_athenahttp"
2023-10-18 07:00:41,073 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_athenahttp"
DEBUG:lib.cuckoo.core.plugins:Running signature "bot_dirtjumper"
2023-10-18 07:00:41,074 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_dirtjumper"
DEBUG:lib.cuckoo.core.plugins:Running signature "bot_drive"
2023-10-18 07:00:41,074 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive"
DEBUG:lib.cuckoo.core.plugins:Running signature "bot_drive2"
2023-10-18 07:00:41,075 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive2"
DEBUG:lib.cuckoo.core.plugins:Running signature "bot_madness"
2023-10-18 07:00:41,076 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_madness"
DEBUG:lib.cuckoo.core.plugins:Running signature "bot_russkill"
2023-10-18 07:00:41,077 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_russkill"
DEBUG:lib.cuckoo.core.plugins:Running signature "browser_addon"
2023-10-18 07:00:41,077 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_addon"
DEBUG:lib.cuckoo.core.plugins:Running signature "browser_helper_object"
2023-10-18 07:00:41,078 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_helper_object"
DEBUG:lib.cuckoo.core.plugins:Running signature "browser_security"
2023-10-18 07:00:41,079 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_security"
DEBUG:lib.cuckoo.core.plugins:Running signature "browser_startpage"
2023-10-18 07:00:41,079 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_startpage"
DEBUG:lib.cuckoo.core.plugins:Running signature "ie_disables_process_tab"
2023-10-18 07:00:41,079 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "ie_disables_process_tab"
DEBUG:lib.cuckoo.core.plugins:Running signature "odbcconf_bypass"
2023-10-18 07:00:41,080 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "odbcconf_bypass"
DEBUG:lib.cuckoo.core.plugins:Running signature "squiblydoo_bypass"
2023-10-18 07:00:41,080 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblydoo_bypass"
DEBUG:lib.cuckoo.core.plugins:Running signature "squiblytwo_bypass"
2023-10-18 07:00:41,080 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblytwo_bypass"
DEBUG:lib.cuckoo.core.plugins:Running signature "bypass_firewall"
2023-10-18 07:00:41,081 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "bypass_firewall"
DEBUG:lib.cuckoo.core.plugins:Running signature "uac_bypass_cmstpcom"
2023-10-18 07:00:41,081 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_cmstpcom"
DEBUG:lib.cuckoo.core.plugins:Running signature "uac_bypass_delegateexecute_sdclt"
2023-10-18 07:00:41,082 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_delegateexecute_sdclt"
DEBUG:lib.cuckoo.core.plugins:Running signature "uac_bypass_fodhelper"
2023-10-18 07:00:41,083 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_fodhelper"
DEBUG:lib.cuckoo.core.plugins:Running signature "cape_extracted_content"
2023-10-18 07:00:41,083 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_extracted_content"
DEBUG:lib.cuckoo.core.plugins:Running signature "cape_extracted_config"
2023-10-18 07:00:41,084 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_extracted_config"
DEBUG:lib.cuckoo.core.plugins:Running signature "cape_extracted_content"
2023-10-18 07:00:41,084 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_extracted_content"
DEBUG:lib.cuckoo.core.plugins:Running signature "carberp_mutex"
2023-10-18 07:00:41,084 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "carberp_mutex"
DEBUG:lib.cuckoo.core.plugins:Running signature "clears_logs"
2023-10-18 07:00:41,084 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "clears_logs"
DEBUG:lib.cuckoo.core.plugins:Running signature "cmdline_obfuscation"
2023-10-18 07:00:41,085 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_obfuscation"
DEBUG:lib.cuckoo.core.plugins:Running signature "cmdline_switches"
2023-10-18 07:00:41,085 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_switches"
DEBUG:lib.cuckoo.core.plugins:Running signature "cmdline_terminate"
2023-10-18 07:00:41,086 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_terminate"
DEBUG:lib.cuckoo.core.plugins:Running signature "cmdline_forfiles_wildcard"
2023-10-18 07:00:41,086 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_forfiles_wildcard"
DEBUG:lib.cuckoo.core.plugins:Running signature "cmdline_http_link"
2023-10-18 07:00:41,086 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_http_link"
DEBUG:lib.cuckoo.core.plugins:Running signature "cmdline_long_string"
2023-10-18 07:00:41,086 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_long_string"
DEBUG:lib.cuckoo.core.plugins:Running signature "cmdline_reversed_http_link"
2023-10-18 07:00:41,087 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_reversed_http_link"
DEBUG:lib.cuckoo.core.plugins:Running signature "long_commandline"
2023-10-18 07:00:41,087 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "long_commandline"
DEBUG:lib.cuckoo.core.plugins:Running signature "powershell_renamed_commandline"
2023-10-18 07:00:41,087 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed_commandline"
DEBUG:lib.cuckoo.core.plugins:Running signature "system_account_discovery_cmd"
2023-10-18 07:00:41,087 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_account_discovery_cmd"
DEBUG:lib.cuckoo.core.plugins:Running signature "system_info_discovery_cmd"
2023-10-18 07:00:41,087 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_discovery_cmd"
DEBUG:lib.cuckoo.core.plugins:Running signature "system_info_discovery_pwsh"
2023-10-18 07:00:41,088 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_discovery_pwsh"
DEBUG:lib.cuckoo.core.plugins:Running signature "system_network_discovery_cmd"
2023-10-18 07:00:41,088 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_cmd"
DEBUG:lib.cuckoo.core.plugins:Running signature "system_network_discovery_pwsh"
2023-10-18 07:00:41,088 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_pwsh"
DEBUG:lib.cuckoo.core.plugins:Running signature "system_user_discovery_cmd"
2023-10-18 07:00:41,088 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_user_discovery_cmd"
DEBUG:lib.cuckoo.core.plugins:Running signature "copies_self"
2023-10-18 07:00:41,089 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "copies_self"
DEBUG:lib.cuckoo.core.plugins:Running signature "enables_wdigest"
2023-10-18 07:00:41,089 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "enables_wdigest"
DEBUG:lib.cuckoo.core.plugins:Running signature "file_credential_store_access"
2023-10-18 07:00:41,089 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "file_credential_store_access"
DEBUG:lib.cuckoo.core.plugins:Running signature "file_credential_store_write"
2023-10-18 07:00:41,090 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "file_credential_store_write"
DEBUG:lib.cuckoo.core.plugins:Running signature "registry_credential_dumping"
2023-10-18 07:00:41,091 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_dumping"
DEBUG:lib.cuckoo.core.plugins:Running signature "registry_credential_store_access"
2023-10-18 07:00:41,091 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_store_access"
DEBUG:lib.cuckoo.core.plugins:Running signature "registry_lsa_secrets_access"
2023-10-18 07:00:41,091 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_lsa_secrets_access"
DEBUG:lib.cuckoo.core.plugins:Running signature "cryptomining_stratum_command"
2023-10-18 07:00:41,092 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptomining_stratum_command"
DEBUG:lib.cuckoo.core.plugins:Running signature "cryptopool_domains"
2023-10-18 07:00:41,092 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptopool_domains"
DEBUG:lib.cuckoo.core.plugins:Running signature "cypherit_mutexes"
2023-10-18 07:00:41,092 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "cypherit_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "darkcomet_regkeys"
2023-10-18 07:00:41,093 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "darkcomet_regkeys"
DEBUG:lib.cuckoo.core.plugins:Running signature "datop_loader"
2023-10-18 07:00:41,094 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "datop_loader"
DEBUG:lib.cuckoo.core.plugins:Running signature "deepfreeze_mutex"
2023-10-18 07:00:41,094 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "deepfreeze_mutex"
DEBUG:lib.cuckoo.core.plugins:Running signature "deletes_executed_files"
2023-10-18 07:00:41,095 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_executed_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_app_launch"
2023-10-18 07:00:41,095 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_app_launch"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_auto_app_termination"
2023-10-18 07:00:41,095 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_auto_app_termination"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_appv_virtualization"
2023-10-18 07:00:41,096 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_appv_virtualization"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_backups"
2023-10-18 07:00:41,096 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_backups"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_browser_warn"
2023-10-18 07:00:41,098 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_browser_warn"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_context_menus"
2023-10-18 07:00:41,100 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_context_menus"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_cpl_disable"
2023-10-18 07:00:41,101 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_cpl_disable"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_crashdumps"
2023-10-18 07:00:41,102 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_crashdumps"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_event_logging"
2023-10-18 07:00:41,102 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_event_logging"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_folder_options"
2023-10-18 07:00:41,103 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_folder_options"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_notificationcenter"
2023-10-18 07:00:41,103 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_notificationcenter"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_power_options"
2023-10-18 07:00:41,104 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_power_options"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_restore_default_state"
2023-10-18 07:00:41,105 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_restore_default_state"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_run_command"
2023-10-18 07:00:41,106 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_run_command"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_security"
2023-10-18 07:00:41,106 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_security"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_smartscreen"
2023-10-18 07:00:41,106 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_smartscreen"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_startmenu_search"
2023-10-18 07:00:41,107 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_startmenu_search"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_system_restore"
2023-10-18 07:00:41,108 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_system_restore"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_uac"
2023-10-18 07:00:41,109 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_uac"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_wer"
2023-10-18 07:00:41,110 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wer"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_windows_defender"
2023-10-18 07:00:41,110 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_windows_defender_logging"
2023-10-18 07:00:41,111 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender_logging"
DEBUG:lib.cuckoo.core.plugins:Running signature "removes_windows_defender_contextmenu"
2023-10-18 07:00:41,112 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_windows_defender_contextmenu"
DEBUG:lib.cuckoo.core.plugins:Running signature "windows_defender_powershell"
2023-10-18 07:00:41,112 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "windows_defender_powershell"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_windows_file_protection"
2023-10-18 07:00:41,113 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_file_protection"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_windowsupdate"
2023-10-18 07:00:41,113 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windowsupdate"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_winfirewall"
2023-10-18 07:00:41,114 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_winfirewall"
DEBUG:lib.cuckoo.core.plugins:Running signature "andromut_mutexes"
2023-10-18 07:00:41,115 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "andromut_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "downloader_cabby"
2023-10-18 07:00:41,115 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "downloader_cabby"
DEBUG:lib.cuckoo.core.plugins:Running signature "phorpiex_mutexes"
2023-10-18 07:00:41,115 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "phorpiex_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "protonbot_mutexes"
2023-10-18 07:00:41,116 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "protonbot_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "driver_filtermanager"
2023-10-18 07:00:41,116 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "driver_filtermanager"
DEBUG:lib.cuckoo.core.plugins:Running signature "dropper"
2023-10-18 07:00:41,117 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "dropper"
DEBUG:lib.cuckoo.core.plugins:Running signature "excel4_macro_urls"
2023-10-18 07:00:41,117 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "excel4_macro_urls"
DEBUG:lib.cuckoo.core.plugins:Running signature "spooler_access"
2023-10-18 07:00:41,117 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "spooler_access"
DEBUG:lib.cuckoo.core.plugins:Running signature "spooler_svc_start"
2023-10-18 07:00:41,118 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "spooler_svc_start"
DEBUG:lib.cuckoo.core.plugins:Running signature "family_proxyback"
2023-10-18 07:00:41,118 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "family_proxyback"
DEBUG:lib.cuckoo.core.plugins:Running signature "mapped_drives_uac"
2023-10-18 07:00:41,118 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "mapped_drives_uac"
DEBUG:lib.cuckoo.core.plugins:Running signature "hides_recycle_bin_icon"
2023-10-18 07:00:41,119 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "hides_recycle_bin_icon"
DEBUG:lib.cuckoo.core.plugins:Running signature "apocalypse_stealer_file_behavior"
2023-10-18 07:00:41,120 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "apocalypse_stealer_file_behavior"
DEBUG:lib.cuckoo.core.plugins:Running signature "arkei_files"
2023-10-18 07:00:41,121 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "arkei_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "azorult_mutexes"
2023-10-18 07:00:41,121 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "azorult_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "infostealer_bitcoin"
2023-10-18 07:00:41,123 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_bitcoin"
DEBUG:lib.cuckoo.core.plugins:Running signature "infostealer_cookies"
2023-10-18 07:00:41,128 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_cookies"
DEBUG:lib.cuckoo.core.plugins:Running signature "cryptbot_files"
2023-10-18 07:00:41,130 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptbot_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "echelon_files"
2023-10-18 07:00:41,131 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "echelon_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "infostealer_ftp"
2023-10-18 07:00:41,132 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_ftp"
DEBUG:lib.cuckoo.core.plugins:Running signature "infostealer_im"
2023-10-18 07:00:41,139 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_im"
DEBUG:lib.cuckoo.core.plugins:Running signature "infostealer_mail"
2023-10-18 07:00:41,143 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_mail"
DEBUG:lib.cuckoo.core.plugins:Running signature "masslogger_files"
2023-10-18 07:00:41,147 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "masslogger_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "poullight_files"
2023-10-18 07:00:41,147 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "poullight_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "purplewave_mutexes"
2023-10-18 07:00:41,151 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "purplewave_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "quilclipper_mutexes"
2023-10-18 07:00:41,151 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "quilclipper_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "qulab_files"
2023-10-18 07:00:41,152 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "qulab_mutexes"
2023-10-18 07:00:41,153 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "ie_martian_children"
2023-10-18 07:00:41,153 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "ie_martian_children"
DEBUG:lib.cuckoo.core.plugins:Running signature "office_martian_children"
2023-10-18 07:00:41,154 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_martian_children"
DEBUG:lib.cuckoo.core.plugins:Running signature "mimics_extension"
2023-10-18 07:00:41,154 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_extension"
DEBUG:lib.cuckoo.core.plugins:Running signature "mimics_icon"
2023-10-18 07:00:41,154 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_icon"
DEBUG:lib.cuckoo.core.plugins:Running signature "masquerade_process_name"
2023-10-18 07:00:41,154 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "masquerade_process_name"
DEBUG:lib.cuckoo.core.plugins:Running signature "mimikatz_modules"
2023-10-18 07:00:41,159 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "mimikatz_modules"
DEBUG:lib.cuckoo.core.plugins:Running signature "dotnet_clr_usagelog_regkeys"
2023-10-18 07:00:41,159 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_clr_usagelog_regkeys"
DEBUG:lib.cuckoo.core.plugins:Running signature "modify_hostfile"
2023-10-18 07:00:41,160 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_hostfile"
DEBUG:lib.cuckoo.core.plugins:Running signature "modify_oem_information"
2023-10-18 07:00:41,160 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_oem_information"
DEBUG:lib.cuckoo.core.plugins:Running signature "modify_security_center_warnings"
2023-10-18 07:00:41,161 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_security_center_warnings"
DEBUG:lib.cuckoo.core.plugins:Running signature "modify_uac_prompt"
2023-10-18 07:00:41,162 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_uac_prompt"
DEBUG:lib.cuckoo.core.plugins:Running signature "network_ip_exe"
2023-10-18 07:00:41,163 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_ip_exe"
DEBUG:lib.cuckoo.core.plugins:Running signature "network_dga"
2023-10-18 07:00:41,163 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga"
DEBUG:lib.cuckoo.core.plugins:Running signature "network_dga_fraunhofer"
2023-10-18 07:00:41,164 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga_fraunhofer"
DEBUG:lib.cuckoo.core.plugins:Running signature "network_dns_blockchain"
2023-10-18 07:00:41,164 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_blockchain"
DEBUG:lib.cuckoo.core.plugins:Running signature "network_dns_opennic"
2023-10-18 07:00:41,164 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_opennic"
DEBUG:lib.cuckoo.core.plugins:Running signature "network_dns_paste_site"
2023-10-18 07:00:41,164 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_paste_site"
DEBUG:lib.cuckoo.core.plugins:Running signature "network_dns_reverse_proxy"
2023-10-18 07:00:41,165 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_reverse_proxy"
DEBUG:lib.cuckoo.core.plugins:Running signature "network_dns_temp_file_storage"
2023-10-18 07:00:41,165 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_temp_file_storage"
DEBUG:lib.cuckoo.core.plugins:Running signature "network_dns_temp_urldns"
2023-10-18 07:00:41,165 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_temp_urldns"
DEBUG:lib.cuckoo.core.plugins:Running signature "network_dns_url_shortener"
2023-10-18 07:00:41,165 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_url_shortener"
DEBUG:lib.cuckoo.core.plugins:Running signature "network_dns_doh_tls"
2023-10-18 07:00:41,166 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_doh_tls"
DEBUG:lib.cuckoo.core.plugins:Running signature "suspicious_tld"
2023-10-18 07:00:41,166 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_tld"
DEBUG:lib.cuckoo.core.plugins:Running signature "network_dyndns"
2023-10-18 07:00:41,166 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dyndns"
DEBUG:lib.cuckoo.core.plugins:Running signature "network_icmp"
2023-10-18 07:00:41,166 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_icmp"
DEBUG:lib.cuckoo.core.plugins:Running signature "network_irc"
2023-10-18 07:00:41,167 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_irc"
DEBUG:lib.cuckoo.core.plugins:Running signature "network_open_proxy"
2023-10-18 07:00:41,167 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_open_proxy"
DEBUG:lib.cuckoo.core.plugins:Running signature "network_smtp"
2023-10-18 07:00:41,167 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_smtp"
DEBUG:lib.cuckoo.core.plugins:Running signature "network_tor_service"
2023-10-18 07:00:41,167 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor_service"
DEBUG:lib.cuckoo.core.plugins:Running signature "network_torgateway"
2023-10-18 07:00:41,168 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_torgateway"
DEBUG:lib.cuckoo.core.plugins:Running signature "office_code_page"
2023-10-18 07:00:41,168 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_code_page"
DEBUG:lib.cuckoo.core.plugins:Running signature "office_addinloading"
2023-10-18 07:00:41,168 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_addinloading"
DEBUG:lib.cuckoo.core.plugins:Running signature "office_perfkey"
2023-10-18 07:00:41,169 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_perfkey"
DEBUG:lib.cuckoo.core.plugins:Running signature "office_macro"
2023-10-18 07:00:41,169 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro"
DEBUG:lib.cuckoo.core.plugins:Running signature "changes_trust_center_settings"
2023-10-18 07:00:41,169 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "changes_trust_center_settings"
DEBUG:lib.cuckoo.core.plugins:Running signature "disables_vba_trust_access"
2023-10-18 07:00:41,170 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_vba_trust_access"
DEBUG:lib.cuckoo.core.plugins:Running signature "office_macro_autoexecution"
2023-10-18 07:00:41,170 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_autoexecution"
DEBUG:lib.cuckoo.core.plugins:Running signature "office_macro_ioc"
2023-10-18 07:00:41,171 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_ioc"
DEBUG:lib.cuckoo.core.plugins:Running signature "office_macro_malicious_prediction"
2023-10-18 07:00:41,171 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_malicious_prediction"
DEBUG:lib.cuckoo.core.plugins:Running signature "office_macro_suspicious"
2023-10-18 07:00:41,171 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_suspicious"
DEBUG:lib.cuckoo.core.plugins:Running signature "rtf_aslr_bypass"
2023-10-18 07:00:41,171 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_aslr_bypass"
DEBUG:lib.cuckoo.core.plugins:Running signature "rtf_anomaly_characterset"
2023-10-18 07:00:41,172 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_characterset"
DEBUG:lib.cuckoo.core.plugins:Running signature "rtf_anomaly_version"
2023-10-18 07:00:41,172 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_version"
DEBUG:lib.cuckoo.core.plugins:Running signature "rtf_embedded_content"
2023-10-18 07:00:41,172 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_content"
DEBUG:lib.cuckoo.core.plugins:Running signature "rtf_embedded_office_file"
2023-10-18 07:00:41,172 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_office_file"
DEBUG:lib.cuckoo.core.plugins:Running signature "rtf_exploit_static"
2023-10-18 07:00:41,172 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_exploit_static"
DEBUG:lib.cuckoo.core.plugins:Running signature "office_security"
2023-10-18 07:00:41,173 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_security"
DEBUG:lib.cuckoo.core.plugins:Running signature "office_anomalous_feature"
2023-10-18 07:00:41,173 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_anomalous_feature"
DEBUG:lib.cuckoo.core.plugins:Running signature "office_dde_command"
2023-10-18 07:00:41,174 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_dde_command"
DEBUG:lib.cuckoo.core.plugins:Running signature "origin_langid"
2023-10-18 07:00:41,174 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_langid"
DEBUG:lib.cuckoo.core.plugins:Running signature "origin_resource_langid"
2023-10-18 07:00:41,174 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_resource_langid"
DEBUG:lib.cuckoo.core.plugins:Running signature "overlay"
2023-10-18 07:00:41,174 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "overlay"
DEBUG:lib.cuckoo.core.plugins:Running signature "packer_unknown_pe_section_name"
2023-10-18 07:00:41,175 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_unknown_pe_section_name"
DEBUG:lib.cuckoo.core.plugins:Running signature "packer_armadillo_mutex"
2023-10-18 07:00:41,175 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_mutex"
DEBUG:lib.cuckoo.core.plugins:Running signature "packer_armadillo_regkey"
2023-10-18 07:00:41,175 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_regkey"
DEBUG:lib.cuckoo.core.plugins:Running signature "packer_aspack"
2023-10-18 07:00:41,176 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspack"
DEBUG:lib.cuckoo.core.plugins:Running signature "packer_aspirecrypt"
2023-10-18 07:00:41,176 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspirecrypt"
DEBUG:lib.cuckoo.core.plugins:Running signature "packer_bedsprotector"
2023-10-18 07:00:41,176 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_bedsprotector"
DEBUG:lib.cuckoo.core.plugins:Running signature "packer_confuser"
2023-10-18 07:00:41,176 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_confuser"
DEBUG:lib.cuckoo.core.plugins:Running signature "packer_enigma"
2023-10-18 07:00:41,177 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_enigma"
DEBUG:lib.cuckoo.core.plugins:Running signature "packer_entropy"
2023-10-18 07:00:41,177 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_entropy"
DEBUG:lib.cuckoo.core.plugins:Running signature "packer_mpress"
2023-10-18 07:00:41,177 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_mpress"
DEBUG:lib.cuckoo.core.plugins:Running signature "packer_nate"
2023-10-18 07:00:41,177 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nate"
DEBUG:lib.cuckoo.core.plugins:Running signature "packer_nspack"
2023-10-18 07:00:41,178 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nspack"
DEBUG:lib.cuckoo.core.plugins:Running signature "packer_smartassembly"
2023-10-18 07:00:41,178 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_smartassembly"
DEBUG:lib.cuckoo.core.plugins:Running signature "packer_spices"
2023-10-18 07:00:41,178 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_spices"
DEBUG:lib.cuckoo.core.plugins:Running signature "packer_themida"
2023-10-18 07:00:41,178 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_themida"
DEBUG:lib.cuckoo.core.plugins:Running signature "packer_titan"
2023-10-18 07:00:41,178 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_titan"
DEBUG:lib.cuckoo.core.plugins:Running signature "packer_upx"
2023-10-18 07:00:41,179 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_upx"
DEBUG:lib.cuckoo.core.plugins:Running signature "packer_vmprotect"
2023-10-18 07:00:41,179 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_vmprotect"
DEBUG:lib.cuckoo.core.plugins:Running signature "packer_yoda"
2023-10-18 07:00:41,179 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_yoda"
DEBUG:lib.cuckoo.core.plugins:Running signature "persistence_ads"
2023-10-18 07:00:41,179 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ads"
DEBUG:lib.cuckoo.core.plugins:Running signature "persistence_safeboot"
2023-10-18 07:00:41,180 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_safeboot"
DEBUG:lib.cuckoo.core.plugins:Running signature "persistence_ifeo"
2023-10-18 07:00:41,180 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ifeo"
DEBUG:lib.cuckoo.core.plugins:Running signature "persistence_slient_process_exit"
2023-10-18 07:00:41,181 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_slient_process_exit"
DEBUG:lib.cuckoo.core.plugins:Running signature "persistence_rdp_registry"
2023-10-18 07:00:41,181 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_rdp_registry"
DEBUG:lib.cuckoo.core.plugins:Running signature "persistence_rdp_shadowing"
2023-10-18 07:00:41,182 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_rdp_shadowing"
DEBUG:lib.cuckoo.core.plugins:Running signature "persistence_service"
2023-10-18 07:00:41,182 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_service"
DEBUG:lib.cuckoo.core.plugins:Running signature "persistence_shim_database"
2023-10-18 07:00:41,183 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_shim_database"
DEBUG:lib.cuckoo.core.plugins:Running signature "powerpool_mutexes"
2023-10-18 07:00:41,184 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "powerpool_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "powershell_scriptblock_logging"
2023-10-18 07:00:41,184 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_scriptblock_logging"
DEBUG:lib.cuckoo.core.plugins:Running signature "powershell_command_suspicious"
2023-10-18 07:00:41,184 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_command_suspicious"
DEBUG:lib.cuckoo.core.plugins:Running signature "powershell_renamed"
2023-10-18 07:00:41,185 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed"
DEBUG:lib.cuckoo.core.plugins:Running signature "powershell_reversed"
2023-10-18 07:00:41,185 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_reversed"
DEBUG:lib.cuckoo.core.plugins:Running signature "powershell_variable_obfuscation"
2023-10-18 07:00:41,185 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_variable_obfuscation"
DEBUG:lib.cuckoo.core.plugins:Running signature "punch_plus_plus_pcres"
2023-10-18 07:00:41,185 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "punch_plus_plus_pcres"
DEBUG:lib.cuckoo.core.plugins:Running signature "prevents_safeboot"
2023-10-18 07:00:41,185 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "prevents_safeboot"
DEBUG:lib.cuckoo.core.plugins:Running signature "cmdline_process_discovery"
2023-10-18 07:00:41,186 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_process_discovery"
DEBUG:lib.cuckoo.core.plugins:Running signature "procmem_yara"
2023-10-18 07:00:41,186 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "procmem_yara"
DEBUG:lib.cuckoo.core.plugins:Running signature "cryptomix_mutexes"
2023-10-18 07:00:41,186 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptomix_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "dharma_mutexes"
2023-10-18 07:00:41,187 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "dharma_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "ransomware_extensions"
2023-10-18 07:00:41,187 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_extensions"
/opt/CAPEv2/utils/../lib/cuckoo/common/abstracts.py:991: FutureWarning: Possible nested set at position 5
exp = re.compile(pattern, re.IGNORECASE)
DEBUG:lib.cuckoo.core.plugins:Running signature "ransomware_files"
2023-10-18 07:00:41,196 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "fonix_mutexes"
2023-10-18 07:00:41,208 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "fonix_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "gandcrab_mutexes"
2023-10-18 07:00:41,209 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "gandcrab_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "germanwiper_mutexes"
2023-10-18 07:00:41,209 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "germanwiper_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "medusalocker_mutexes"
2023-10-18 07:00:41,210 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "medusalocker_regkeys"
2023-10-18 07:00:41,210 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_regkeys"
DEBUG:lib.cuckoo.core.plugins:Running signature "nemty_mutexes"
2023-10-18 07:00:41,211 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "nemty_regkeys"
2023-10-18 07:00:41,212 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_regkeys"
DEBUG:lib.cuckoo.core.plugins:Running signature "pysa_mutexes"
2023-10-18 07:00:41,212 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "pysa_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "ransomware_radamant"
2023-10-18 07:00:41,212 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_radamant"
DEBUG:lib.cuckoo.core.plugins:Running signature "ransomware_recyclebin"
2023-10-18 07:00:41,213 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_recyclebin"
DEBUG:lib.cuckoo.core.plugins:Running signature "revil_mutexes"
2023-10-18 07:00:41,213 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "revil_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "ransomware_revil_regkey"
2023-10-18 07:00:41,216 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_revil_regkey"
DEBUG:lib.cuckoo.core.plugins:Running signature "satan_mutexes"
2023-10-18 07:00:41,216 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "satan_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "snake_ransom_mutexes"
2023-10-18 07:00:41,217 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "snake_ransom_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "stop_ransom_mutexes"
2023-10-18 07:00:41,217 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransom_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "stop_ransomware_cmd"
2023-10-18 07:00:41,218 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransomware_cmd"
DEBUG:lib.cuckoo.core.plugins:Running signature "rat_beebus_mutexes"
2023-10-18 07:00:41,219 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_beebus_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "blacknet_mutexes"
2023-10-18 07:00:41,219 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "blacknet_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "blackrat_mutexes"
2023-10-18 07:00:41,220 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "crat_mutexes"
2023-10-18 07:00:41,220 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "crat_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "dcrat_files"
2023-10-18 07:00:41,221 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "dcrat_mutexes"
2023-10-18 07:00:41,222 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "rat_fynloski_mutexes"
2023-10-18 07:00:41,222 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_fynloski_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "karagany_files"
2023-10-18 07:00:41,222 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "karagany_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "limerat_mutexes"
2023-10-18 07:00:41,223 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "limerat_regkeys"
2023-10-18 07:00:41,223 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_regkeys"
DEBUG:lib.cuckoo.core.plugins:Running signature "lodarat_file_behavior"
2023-10-18 07:00:41,224 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "lodarat_file_behavior"
DEBUG:lib.cuckoo.core.plugins:Running signature "modirat_behavior"
2023-10-18 07:00:41,225 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "modirat_behavior"
DEBUG:lib.cuckoo.core.plugins:Running signature "njrat_regkeys"
2023-10-18 07:00:41,227 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "njrat_regkeys"
DEBUG:lib.cuckoo.core.plugins:Running signature "obliquerat_files"
2023-10-18 07:00:41,227 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "obliquerat_mutexes"
2023-10-18 07:00:41,228 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "parallax_mutexes"
2023-10-18 07:00:41,228 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "parallax_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "rat_pcclient"
2023-10-18 07:00:41,229 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_pcclient"
DEBUG:lib.cuckoo.core.plugins:Running signature "rat_plugx_mutexes"
2023-10-18 07:00:41,230 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_plugx_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "rat_poisonivy_mutexes"
2023-10-18 07:00:41,231 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_poisonivy_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "rat_quasar_mutexes"
2023-10-18 07:00:41,231 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_quasar_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "ratsnif_mutexes"
2023-10-18 07:00:41,231 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "ratsnif_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "rat_senna_mutexes"
2023-10-18 07:00:41,231 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_senna_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "rat_spynet"
2023-10-18 07:00:41,232 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_spynet"
DEBUG:lib.cuckoo.core.plugins:Running signature "venomrat_mutexes"
2023-10-18 07:00:41,233 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "venomrat_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "warzonerat_files"
2023-10-18 07:00:41,233 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "warzonerat_regkeys"
2023-10-18 07:00:41,234 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_regkeys"
DEBUG:lib.cuckoo.core.plugins:Running signature "xpertrat_files"
2023-10-18 07:00:41,235 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "xpertrat_mutexes"
2023-10-18 07:00:41,235 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "rat_xtreme_mutexes"
2023-10-18 07:00:41,236 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_xtreme_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "recon_checkip"
2023-10-18 07:00:41,236 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_checkip"
DEBUG:lib.cuckoo.core.plugins:Running signature "recon_fingerprint"
2023-10-18 07:00:41,237 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_fingerprint"
DEBUG:lib.cuckoo.core.plugins:Running signature "remcos_files"
2023-10-18 07:00:41,238 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "remcos_mutexes"
2023-10-18 07:00:41,239 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "remcos_regkeys"
2023-10-18 07:00:41,240 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_regkeys"
DEBUG:lib.cuckoo.core.plugins:Running signature "rdptcp_key"
2023-10-18 07:00:41,240 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "rdptcp_key"
DEBUG:lib.cuckoo.core.plugins:Running signature "uses_rdp_clip"
2023-10-18 07:00:41,241 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_rdp_clip"
DEBUG:lib.cuckoo.core.plugins:Running signature "uses_remote_desktop_session"
2023-10-18 07:00:41,241 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_remote_desktop_session"
DEBUG:lib.cuckoo.core.plugins:Running signature "removes_networking_icon"
2023-10-18 07:00:41,242 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_networking_icon"
DEBUG:lib.cuckoo.core.plugins:Running signature "removes_pinned_programs"
2023-10-18 07:00:41,242 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_pinned_programs"
DEBUG:lib.cuckoo.core.plugins:Running signature "removes_security_maintenance_icon"
2023-10-18 07:00:41,243 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_security_maintenance_icon"
DEBUG:lib.cuckoo.core.plugins:Running signature "removes_startmenu_defaults"
2023-10-18 07:00:41,243 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_startmenu_defaults"
DEBUG:lib.cuckoo.core.plugins:Running signature "removes_username_startmenu"
2023-10-18 07:00:41,244 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_username_startmenu"
DEBUG:lib.cuckoo.core.plugins:Running signature "spicyhotpot_behavior"
2023-10-18 07:00:41,245 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "spicyhotpot_behavior"
DEBUG:lib.cuckoo.core.plugins:Running signature "sniffer_winpcap"
2023-10-18 07:00:41,246 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "sniffer_winpcap"
DEBUG:lib.cuckoo.core.plugins:Running signature "spreading_autoruninf"
2023-10-18 07:00:41,246 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "spreading_autoruninf"
DEBUG:lib.cuckoo.core.plugins:Running signature "static_authenticode"
2023-10-18 07:00:41,247 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_authenticode"
DEBUG:lib.cuckoo.core.plugins:Running signature "invalid_authenticode_signature"
2023-10-18 07:00:41,247 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "invalid_authenticode_signature"
DEBUG:lib.cuckoo.core.plugins:Running signature "static_dotnet_anomaly"
2023-10-18 07:00:41,247 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_dotnet_anomaly"
DEBUG:lib.cuckoo.core.plugins:Running signature "static_java"
2023-10-18 07:00:41,247 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_java"
DEBUG:lib.cuckoo.core.plugins:Running signature "static_pdf"
2023-10-18 07:00:41,248 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pdf"
DEBUG:lib.cuckoo.core.plugins:Running signature "static_pe_anomaly"
2023-10-18 07:00:41,248 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_anomaly"
DEBUG:lib.cuckoo.core.plugins:Running signature "pe_compile_timestomping"
2023-10-18 07:00:41,248 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "pe_compile_timestomping"
DEBUG:lib.cuckoo.core.plugins:Running signature "static_pe_pdbpath"
2023-10-18 07:00:41,248 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_pdbpath"
DEBUG:lib.cuckoo.core.plugins:Running signature "static_rat_config"
2023-10-18 07:00:41,249 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_rat_config"
DEBUG:lib.cuckoo.core.plugins:Running signature "static_versioninfo_anomaly"
2023-10-18 07:00:41,249 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_versioninfo_anomaly"
DEBUG:lib.cuckoo.core.plugins:Running signature "stealth_hidden_extension"
2023-10-18 07:00:41,249 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hidden_extension"
DEBUG:lib.cuckoo.core.plugins:Running signature "stealth_hiddenreg"
2023-10-18 07:00:41,250 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hiddenreg"
DEBUG:lib.cuckoo.core.plugins:Running signature "stealth_hide_notifications"
2023-10-18 07:00:41,251 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hide_notifications"
DEBUG:lib.cuckoo.core.plugins:Running signature "stealth_webhistory"
2023-10-18 07:00:41,251 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_webhistory"
DEBUG:lib.cuckoo.core.plugins:Running signature "suricata_alert"
2023-10-18 07:00:41,252 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "suricata_alert"
DEBUG:lib.cuckoo.core.plugins:Running signature "sysinternals_psexec"
2023-10-18 07:00:41,252 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_psexec"
DEBUG:lib.cuckoo.core.plugins:Running signature "sysinternals_tools"
2023-10-18 07:00:41,253 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_tools"
DEBUG:lib.cuckoo.core.plugins:Running signature "tampers_etw"
2023-10-18 07:00:41,253 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_etw"
DEBUG:lib.cuckoo.core.plugins:Running signature "lsa_tampering"
2023-10-18 07:00:41,254 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "lsa_tampering"
DEBUG:lib.cuckoo.core.plugins:Running signature "tampers_powershell_logging"
2023-10-18 07:00:41,255 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_powershell_logging"
DEBUG:lib.cuckoo.core.plugins:Running signature "targeted_flame"
2023-10-18 07:00:41,255 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "targeted_flame"
DEBUG:lib.cuckoo.core.plugins:Running signature "territorial_disputes_sigs"
2023-10-18 07:00:41,256 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "territorial_disputes_sigs"
DEBUG:lib.cuckoo.core.plugins:Running signature "trickbot_mutex"
2023-10-18 07:00:41,263 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "trickbot_mutex"
DEBUG:lib.cuckoo.core.plugins:Running signature "fleercivet_mutex"
2023-10-18 07:00:41,263 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "fleercivet_mutex"
DEBUG:lib.cuckoo.core.plugins:Running signature "lokibot_mutexes"
2023-10-18 07:00:41,263 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "lokibot_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "ursnif_behavior"
2023-10-18 07:00:41,265 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "ursnif_behavior"
DEBUG:lib.cuckoo.core.plugins:Running signature "upatre_files"
2023-10-18 07:00:41,270 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "upatre_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "upatre_files"
2023-10-18 07:00:41,270 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "upatre_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "uses_adfind"
2023-10-18 07:00:41,270 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_adfind"
DEBUG:lib.cuckoo.core.plugins:Running signature "uses_ms_protocol"
2023-10-18 07:00:41,270 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_ms_protocol"
DEBUG:lib.cuckoo.core.plugins:Running signature "neshta_mutexes"
2023-10-18 07:00:41,271 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "neshta_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "renamer_mutexes"
2023-10-18 07:00:41,271 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "renamer_mutexes"
DEBUG:lib.cuckoo.core.plugins:Running signature "volatility_devicetree_1"
2023-10-18 07:00:41,271 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_devicetree_1"
DEBUG:lib.cuckoo.core.plugins:Running signature "volatility_handles_1"
2023-10-18 07:00:41,272 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_handles_1"
DEBUG:lib.cuckoo.core.plugins:Running signature "volatility_ldrmodules_1"
2023-10-18 07:00:41,272 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_1"
DEBUG:lib.cuckoo.core.plugins:Running signature "volatility_ldrmodules_2"
2023-10-18 07:00:41,272 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_2"
DEBUG:lib.cuckoo.core.plugins:Running signature "volatility_malfind_1"
2023-10-18 07:00:41,272 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_1"
DEBUG:lib.cuckoo.core.plugins:Running signature "volatility_malfind_2"
2023-10-18 07:00:41,273 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_2"
DEBUG:lib.cuckoo.core.plugins:Running signature "volatility_modscan_1"
2023-10-18 07:00:41,273 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_modscan_1"
DEBUG:lib.cuckoo.core.plugins:Running signature "volatility_svcscan_1"
2023-10-18 07:00:41,273 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_1"
DEBUG:lib.cuckoo.core.plugins:Running signature "volatility_svcscan_2"
2023-10-18 07:00:41,273 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_2"
DEBUG:lib.cuckoo.core.plugins:Running signature "volatility_svcscan_3"
2023-10-18 07:00:41,273 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_3"
DEBUG:lib.cuckoo.core.plugins:Running signature "owa_web_shell_files"
2023-10-18 07:00:41,274 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "owa_web_shell_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "web_shell_files"
2023-10-18 07:00:41,274 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_files"
DEBUG:lib.cuckoo.core.plugins:Running signature "web_shell_processes"
2023-10-18 07:00:41,275 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_processes"
DEBUG:lib.cuckoo.core.plugins:Running signature "whois_create"
2023-10-18 07:00:41,275 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "whois_create"
DEBUG:lib.cuckoo.core.plugins:Running signature "dotnet_csc_build"
2023-10-18 07:00:41,275 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_csc_build"
DEBUG:lib.cuckoo.core.plugins:Running signature "multiple_explorer_instances"
2023-10-18 07:00:41,275 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "multiple_explorer_instances"
DEBUG:lib.cuckoo.core.plugins:Running signature "script_tool_executed"
2023-10-18 07:00:41,276 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "script_tool_executed"
DEBUG:lib.cuckoo.core.plugins:Running signature "suspicious_certutil_use"
2023-10-18 07:00:41,276 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_certutil_use"
DEBUG:lib.cuckoo.core.plugins:Running signature "suspicious_command_tools"
2023-10-18 07:00:41,276 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_command_tools"
DEBUG:lib.cuckoo.core.plugins:Running signature "suspicious_mpcmdrun_use"
2023-10-18 07:00:41,276 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_mpcmdrun_use"
DEBUG:lib.cuckoo.core.plugins:Running signature "suspicious_ping_use"
2023-10-18 07:00:41,277 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_ping_use"
DEBUG:lib.cuckoo.core.plugins:Running signature "uses_powershell_copyitem"
2023-10-18 07:00:41,277 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_powershell_copyitem"
DEBUG:lib.cuckoo.core.plugins:Running signature "uses_windows_utilities"
2023-10-18 07:00:41,277 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities"
DEBUG:lib.cuckoo.core.plugins:Running signature "uses_windows_utilities_appcmd"
2023-10-18 07:00:41,278 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_appcmd"
DEBUG:lib.cuckoo.core.plugins:Running signature "uses_windows_utilities_csvde_ldifde"
2023-10-18 07:00:41,278 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_csvde_ldifde"
DEBUG:lib.cuckoo.core.plugins:Running signature "uses_windows_utilities_cipher"
2023-10-18 07:00:41,278 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_cipher"
DEBUG:lib.cuckoo.core.plugins:Running signature "uses_windows_utilities_clickonce"
2023-10-18 07:00:41,278 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_clickonce"
DEBUG:lib.cuckoo.core.plugins:Running signature "uses_windows_utilities_dsquery"
2023-10-18 07:00:41,279 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_dsquery"
DEBUG:lib.cuckoo.core.plugins:Running signature "uses_windows_utilities_esentutl"
2023-10-18 07:00:41,279 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_esentutl"
DEBUG:lib.cuckoo.core.plugins:Running signature "uses_windows_utilities_finger"
2023-10-18 07:00:41,279 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_finger"
DEBUG:lib.cuckoo.core.plugins:Running signature "uses_windows_utilities_mode"
2023-10-18 07:00:41,279 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_mode"
DEBUG:lib.cuckoo.core.plugins:Running signature "uses_windows_utilities_ntdsutil"
2023-10-18 07:00:41,280 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_ntdsutil"
DEBUG:lib.cuckoo.core.plugins:Running signature "uses_windows_utilities_nltest"
2023-10-18 07:00:41,280 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_nltest"
DEBUG:lib.cuckoo.core.plugins:Running signature "uses_windows_utilities_to_create_scheduled_task"
2023-10-18 07:00:41,280 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_to_create_scheduled_task"
DEBUG:lib.cuckoo.core.plugins:Running signature "uses_windows_utilities_xcopy"
2023-10-18 07:00:41,280 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_xcopy"
DEBUG:lib.cuckoo.core.plugins:Running signature "wmic_command_suspicious"
2023-10-18 07:00:41,280 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "wmic_command_suspicious"
DEBUG:lib.cuckoo.core.plugins:Running signature "scrcons_wmi_script_consumer"
2023-10-18 07:00:41,281 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "scrcons_wmi_script_consumer"
DEBUG:lib.cuckoo.core.plugins:Running signature "allaple_mutexes"
2023-10-18 07:00:41,281 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Running signature "allaple_mutexes"
DEBUG:lib.cuckoo.core.plugins:Analysis matched signature "antidebug_setunhandledexceptionfilter"
2023-10-18 07:00:41,281 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "antidebug_setunhandledexceptionfilter"
DEBUG:lib.cuckoo.core.plugins:Analysis matched signature "exec_crash"
2023-10-18 07:00:41,282 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "exec_crash"
DEBUG:lib.cuckoo.core.plugins:Executing reporting module "BinGraph"
2023-10-18 07:00:41,518 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "BinGraph"
DEBUG:lib.cuckoo.core.plugins:Executing reporting module "MITRE_TTPS"
2023-10-18 07:00:41,518 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MITRE_TTPS"
DEBUG:Base.Attck:Calling MITRE Enterprise ATT&CK Framework
2023-10-18 07:00:42,176 [Task 260] [Base.Attck] DEBUG: Calling MITRE Enterprise ATT&CK Framework
DEBUG:lib.cuckoo.core.plugins:Executing reporting module "PCAP2CERT"
2023-10-18 07:00:58,368 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "PCAP2CERT"
DEBUG:lib.cuckoo.core.plugins:Executing reporting module "ReportHTMLSummary"
2023-10-18 07:00:58,369 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTMLSummary"
WARNING:lib.cuckoo.core.plugins:The reporting module "ReportHTMLSummary" returned the following error: Failed to generate summary HTML report: 'dict object' has no attribute 'CAPE'
2023-10-18 07:00:58,402 [Task 260] [lib.cuckoo.core.plugins] WARNING: The reporting module "ReportHTMLSummary" returned the following error: Failed to generate summary HTML report: 'dict object' has no attribute 'CAPE'
DEBUG:lib.cuckoo.core.plugins:Executing reporting module "JsonDump"
2023-10-18 07:00:58,402 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "JsonDump"
DEBUG:lib.cuckoo.core.plugins:Executing reporting module "ReportPDF"
2023-10-18 07:00:58,413 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportPDF"
WARNING:lib.cuckoo.core.plugins:The reporting module "ReportPDF" returned the following error: Unable to open summary HTML report to convert to PDF: Ensure reporthtmlsummary is enabled in reporting.conf
2023-10-18 07:00:58,414 [Task 260] [lib.cuckoo.core.plugins] WARNING: The reporting module "ReportPDF" returned the following error: Unable to open summary HTML report to convert to PDF: Ensure reporthtmlsummary is enabled in reporting.conf
DEBUG:lib.cuckoo.core.plugins:Executing reporting module "MongoDB"
2023-10-18 07:00:58,414 [Task 260] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MongoDB"
DEBUG:modules.reporting.mongodb:Deleted previous MongoDB data for Task 260
2023-10-18 07:00:58,464 [Task 260] [modules.reporting.mongodb] DEBUG: Deleted previous MongoDB data for Task 260
DEBUG:root:Finished processing task
I see error related to CAPE module but I am not sure if it's related to "File Details" information. Couldn't it be related with installed "djangoframework"? Some version issues? Thanks in advance.
djangoframework is just rest api, is not related i would say your permission error is more related here, try to do this
sudo chown cape:cape /opt/CAPEv2/data/trid -R
and then rerun analysis as you just did and reload after that web report to see if fixed
Hmm.. nothing changes. I still get the same permission error:
2023-10-18 07:28:35,035 [Task 260] [lib.cuckoo.common.integrations.parse_pdf] DEBUG: Starting to load PDF ERROR:lib.cuckoo.core.plugins:Failed to run the processing module "CAPE": [Errno 13] Permission denied: '/opt/CAPEv2/data/trid/trid' Traceback (most recent call last): File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 243, in process data = current.run() File "/opt/CAPEv2/utils/../modules/processing/CAPE.py", line 352, in run self.process_file( File "/opt/CAPEv2/utils/../modules/processing/CAPE.py", line 192, in process_file static_file_info( File "/opt/CAPEv2/utils/../lib/cuckoo/common/integrations/file_extra_info.py", line 232, in static_file_info data_dictionary["trid"] = trid_info(file_path) File "/opt/CAPEv2/utils/../lib/cuckoo/common/integrations/file_extra_info.py", line 289, in trid_info output = subprocess.check_output( File "/usr/lib/python3.10/subprocess.py", line 420, in check_output return run(popenargs, stdout=PIPE, timeout=timeout, check=True, File "/usr/lib/python3.10/subprocess.py", line 501, in run with Popen(popenargs, kwargs) as process: File "/usr/lib/python3.10/subprocess.py", line 969, in init self._execute_child(args, executable, preexec_fn, close_fds, File "/usr/lib/python3.10/subprocess.py", line 1845, in _execute_child raise child_exception_type(errno_num, err_msg, err_filename) PermissionError: [Errno 13] Permission denied: '/opt/CAPEv2/data/trid/trid' 2023-10-18 07:28:50,875 [Task 260] [lib.cuckoo.core.plugins] ERROR: Failed to run the processing module "CAPE": [Errno 13] Permission denied: '/opt/CAPEv2/data/trid/trid' Traceback (most recent call last): File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 243, in process data = current.run() File "/opt/CAPEv2/utils/../modules/processing/CAPE.py", line 352, in run self.process_file( File "/opt/CAPEv2/utils/../modules/processing/CAPE.py", line 192, in process_file static_file_info( File "/opt/CAPEv2/utils/../lib/cuckoo/common/integrations/file_extra_info.py", line 232, in static_file_info data_dictionary["trid"] = trid_info(file_path) File "/opt/CAPEv2/utils/../lib/cuckoo/common/integrations/file_extra_info.py", line 289, in trid_info output = subprocess.check_output( File "/usr/lib/python3.10/subprocess.py", line 420, in check_output return run(popenargs, stdout=PIPE, timeout=timeout, check=True, File "/usr/lib/python3.10/subprocess.py", line 501, in run with Popen(popenargs, kwargs) as process: File "/usr/lib/python3.10/subprocess.py", line 969, in init self._execute_child(args, executable, preexec_fn, close_fds, File "/usr/lib/python3.10/subprocess.py", line 1845, in _execute_child raise child_exception_type(errno_num, err_msg, err_filename) PermissionError: [Errno 13] Permission denied: '/opt/CAPEv2/data/trid/trid'
Just for my own understanding: is CAPE module in charge of "File Details" box and "Payloads" page? And what is interesting, I haven't changed any permissions since I installed CAPE. Everything was working flawlessly.
Update: Did chmod +x * for files in "triad" directory. Now "File Details" shows. AND - "Payloads" and "Compare this analysis to..." also shows.
Unfortunately the PDF score is still 1.9, but previously it was 5.7. I understand that those are community signatures for malscore, but still I would like to have some consistency.
EDIT: Something is not working with PDF analysis. I checked previous reports on analysis and I could get for example JSON with /JavaScript and /OpenAction entries which I am not mistaken I would get from pdfid or peepdf.
well about score you need to see matches where it was highest and now, but that is crap feature.
about pdf the same, idk you need to see what changed on your side
Just for my own understanding: is CAPE module in charge of "File Details" box and "Payloads" page?
yes
And what is interesting, I haven't changed any permissions since I installed CAPE. Everything was working flawlessly.
do you have put/run trid update maybe idk, is your system you must know what accessed trid, i don't use trid, im using detect it easy
Seems like the issue is solved. Basically changed perms on trid and updated FLARE capa rules. Now I have all the views and PDF parsing is also working since I checked JSON export and I could search for "/JavaScript" and other related keywords. I am sorry if my questions were trivial and have a great day! :)
np, 3rd part software dependencies are always the most problematic as we don't have control over them
Sorry to bother. I noticed that the same issue persists. When I use command line in server and run sudo -u cape poetry run python utils/process.py -r 27 -d
I get File Details view, Payload pane etc. I also added virustotal module and everything works just fine.
But, when I submit the same sample from web interface results are different.
This is analysis log when ran from web interface:
2023-10-19 06:48:30,374 [root] INFO: Date set to: 20231019T11:51:05, timeout set to: 200 2023-10-19 11:51:05,031 [root] DEBUG: Starting analyzer from: C:\tmpz162qo78 2023-10-19 11:51:05,031 [root] DEBUG: Storing results at: C:\mUVXgKYC 2023-10-19 11:51:05,031 [root] DEBUG: Pipe server name: \.\PIPE\DzVUmO 2023-10-19 11:51:05,031 [root] DEBUG: Python path: C:\Users\win7\AppData\Local\Programs\Python\Python36-32 2023-10-19 11:51:05,031 [root] INFO: Analysis package "exe" has been specified 2023-10-19 11:51:05,031 [root] DEBUG: Importing analysis package "exe"... 2023-10-19 11:51:05,046 [root] DEBUG: Initializing analysis package "exe"... 2023-10-19 11:51:05,046 [root] DEBUG: New location of moved file: C:\Users\win7\AppData\Local\Temp\malicious_file_blad.exe 2023-10-19 11:51:05,046 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option 2023-10-19 11:51:05,046 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option 2023-10-19 11:51:05,046 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option 2023-10-19 11:51:05,046 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option 2023-10-19 11:51:05,140 [root] DEBUG: Importing auxiliary module "modules.auxiliary.browser"... 2023-10-19 11:51:05,140 [root] DEBUG: Importing auxiliary module "modules.auxiliary.curtain"... 2023-10-19 11:51:05,140 [root] DEBUG: Importing auxiliary module "modules.auxiliary.digisig"... 2023-10-19 11:51:05,156 [root] DEBUG: Importing auxiliary module "modules.auxiliary.disguise"... 2023-10-19 11:51:05,171 [root] DEBUG: Importing auxiliary module "modules.auxiliary.during_script"... 2023-10-19 11:51:05,171 [root] DEBUG: Importing auxiliary module "modules.auxiliary.evtx"... 2023-10-19 11:51:05,171 [root] DEBUG: Importing auxiliary module "modules.auxiliary.filepickup"... 2023-10-19 11:51:05,187 [root] DEBUG: Importing auxiliary module "modules.auxiliary.human"... 2023-10-19 11:51:05,187 [root] DEBUG: Importing auxiliary module "modules.auxiliary.permissions"... 2023-10-19 11:51:05,187 [root] DEBUG: Importing auxiliary module "modules.auxiliary.pre_script"... 2023-10-19 11:51:05,187 [root] DEBUG: Importing auxiliary module "modules.auxiliary.procmon"... 2023-10-19 11:51:05,203 [root] DEBUG: Importing auxiliary module "modules.auxiliary.screenshots"... 2023-10-19 11:51:05,203 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops' 2023-10-19 11:51:05,203 [lib.api.screenshot] ERROR: No module named 'PIL' 2023-10-19 11:51:05,203 [root] DEBUG: Importing auxiliary module "modules.auxiliary.sysmon"... 2023-10-19 11:51:05,203 [root] DEBUG: Importing auxiliary module "modules.auxiliary.tlsdump"... 2023-10-19 11:51:05,218 [root] DEBUG: Importing auxiliary module "modules.auxiliary.usage"... 2023-10-19 11:51:05,218 [root] DEBUG: Initialized auxiliary module "Browser" 2023-10-19 11:51:05,218 [root] DEBUG: Trying to start auxiliary module "Browser"... 2023-10-19 11:51:05,218 [root] DEBUG: Started auxiliary module "Browser" 2023-10-19 11:51:05,218 [root] DEBUG: Started auxiliary module Browser 2023-10-19 11:51:05,218 [root] DEBUG: Initialized auxiliary module "Curtain" 2023-10-19 11:51:05,218 [root] DEBUG: Trying to start auxiliary module "Curtain"... 2023-10-19 11:51:05,218 [root] DEBUG: Started auxiliary module "Curtain" 2023-10-19 11:51:05,218 [root] DEBUG: Started auxiliary module Curtain 2023-10-19 11:51:05,218 [root] DEBUG: Initialized auxiliary module "DigiSig" 2023-10-19 11:51:05,218 [root] DEBUG: Trying to start auxiliary module "DigiSig"... 2023-10-19 11:51:05,218 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature 2023-10-19 11:51:05,390 [modules.auxiliary.digisig] DEBUG: File is not signed 2023-10-19 11:51:05,390 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json 2023-10-19 11:51:05,390 [root] DEBUG: Started auxiliary module "DigiSig" 2023-10-19 11:51:05,390 [root] DEBUG: Started auxiliary module DigiSig 2023-10-19 11:51:05,390 [root] DEBUG: Initialized auxiliary module "Disguise" 2023-10-19 11:51:05,390 [root] DEBUG: Trying to start auxiliary module "Disguise"... 2023-10-19 11:51:05,406 [modules.auxiliary.disguise] INFO: Disguising GUID to 0eb78908-5770-4a32-9914-64198877fd6e 2023-10-19 11:51:05,406 [root] DEBUG: Started auxiliary module "Disguise" 2023-10-19 11:51:05,406 [root] DEBUG: Started auxiliary module Disguise 2023-10-19 11:51:05,406 [root] DEBUG: Initialized auxiliary module "Evtx" 2023-10-19 11:51:05,406 [root] DEBUG: Trying to start auxiliary module "Evtx"... 2023-10-19 11:51:05,406 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Security State Change" /success:enable /failure:enable 2023-10-19 11:51:05,406 [root] DEBUG: Started auxiliary module "Evtx" 2023-10-19 11:51:05,406 [root] DEBUG: Started auxiliary module Evtx 2023-10-19 11:51:05,406 [root] DEBUG: Initialized auxiliary module "FilePickup" 2023-10-19 11:51:05,406 [root] DEBUG: Trying to start auxiliary module "FilePickup"... 2023-10-19 11:51:05,406 [root] DEBUG: Started auxiliary module "FilePickup" 2023-10-19 11:51:05,406 [root] DEBUG: Started auxiliary module FilePickup 2023-10-19 11:51:05,406 [root] DEBUG: Initialized auxiliary module "Human" 2023-10-19 11:51:05,406 [root] DEBUG: Trying to start auxiliary module "Human"... 2023-10-19 11:51:05,406 [root] DEBUG: Started auxiliary module "Human" 2023-10-19 11:51:05,406 [root] DEBUG: Started auxiliary module Human 2023-10-19 11:51:05,406 [root] DEBUG: Initialized auxiliary module "Permissions" 2023-10-19 11:51:05,406 [root] DEBUG: Trying to start auxiliary module "Permissions"... 2023-10-19 11:51:05,406 [root] DEBUG: Started auxiliary module "Permissions" 2023-10-19 11:51:05,406 [root] DEBUG: Started auxiliary module Permissions 2023-10-19 11:51:05,421 [root] DEBUG: Initialized auxiliary module "Pre_script" 2023-10-19 11:51:05,421 [root] DEBUG: Trying to start auxiliary module "Pre_script"... 2023-10-19 11:51:05,421 [root] DEBUG: Started auxiliary module "Pre_script" 2023-10-19 11:51:05,421 [root] DEBUG: Started auxiliary module Pre_script 2023-10-19 11:51:05,421 [root] DEBUG: Initialized auxiliary module "Procmon" 2023-10-19 11:51:05,421 [root] DEBUG: Trying to start auxiliary module "Procmon"... 2023-10-19 11:51:05,421 [root] DEBUG: Started auxiliary module "Procmon" 2023-10-19 11:51:05,421 [root] DEBUG: Started auxiliary module Procmon 2023-10-19 11:51:05,421 [root] DEBUG: Initialized auxiliary module "Screenshots" 2023-10-19 11:51:05,421 [root] DEBUG: Trying to start auxiliary module "Screenshots"... 2023-10-19 11:51:05,421 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled 2023-10-19 11:51:05,421 [root] DEBUG: Started auxiliary module "Screenshots" 2023-10-19 11:51:05,421 [root] DEBUG: Started auxiliary module Screenshots 2023-10-19 11:51:05,421 [root] DEBUG: Initialized auxiliary module "Sysmon" 2023-10-19 11:51:05,421 [root] DEBUG: Trying to start auxiliary module "Sysmon"... 2023-10-19 11:51:05,484 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Security System Extension" /success:enable /failure:enable 2023-10-19 11:51:05,500 [root] WARNING: Cannot execute auxiliary module Sysmon: In order to use the Sysmon functionality, it is required to have the SMaster(64|32).exe file and sysmonconfig-export.xml file in the bin path. Note that the SMaster(64|32).exe files are just the standard Sysmon binaries renamed to avoid anti-analysis detection techniques. 2023-10-19 11:51:05,500 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets" 2023-10-19 11:51:05,500 [root] DEBUG: Trying to start auxiliary module "TLSDumpMasterSecrets"... 2023-10-19 11:51:05,500 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 480 2023-10-19 11:51:05,500 [lib.api.process] INFO: Monitor config for process 480: C:\tmpz162qo78\dll\480.ini 2023-10-19 11:51:05,500 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor 2023-10-19 11:51:05,500 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpz162qo78\dll\ELgSwhu.dll, loader C:\tmpz162qo78\bin\ybaDovEn.exe 2023-10-19 11:51:05,531 [root] DEBUG: Loader: Injecting process 480 with C:\tmpz162qo78\dll\ELgSwhu.dll. 2023-10-19 11:51:05,531 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"System Integrity" /success:enable /failure:enable 2023-10-19 11:51:05,546 [root] DEBUG: Python path set to 'C:\Users\win7\AppData\Local\Programs\Python\Python36-32'. 2023-10-19 11:51:05,546 [root] DEBUG: TLS secret dump mode enabled. 2023-10-19 11:51:05,562 [root] INFO: Disabling sleep skipping. 2023-10-19 11:51:05,562 [root] DEBUG: Monitor initialised: 64-bit capemon loaded in process 480 at 0x000007FEF2020000, thread 1208, image base 0x00000000FFA30000, stack from 0x00000000018D4000-0x00000000018E0000 2023-10-19 11:51:05,562 [root] DEBUG: Commandline: C:\Windows\system32\lsass.exe 2023-10-19 11:51:05,562 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread. 2023-10-19 11:51:05,562 [root] DEBUG: Successfully injected DLL C:\tmpz162qo78\dll\ELgSwhu.dll. 2023-10-19 11:51:05,562 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 480 2023-10-19 11:51:05,578 [root] DEBUG: Started auxiliary module "TLSDumpMasterSecrets" 2023-10-19 11:51:05,578 [root] DEBUG: Started auxiliary module TLSDumpMasterSecrets 2023-10-19 11:51:05,578 [root] DEBUG: Initialized auxiliary module "Usage" 2023-10-19 11:51:05,578 [root] DEBUG: Trying to start auxiliary module "Usage"... 2023-10-19 11:51:05,578 [root] DEBUG: Started auxiliary module "Usage" 2023-10-19 11:51:05,578 [root] DEBUG: Started auxiliary module Usage 2023-10-19 11:51:05,578 [root] DEBUG: Initialized auxiliary module "During_script" 2023-10-19 11:51:05,578 [root] DEBUG: Trying to start auxiliary module "During_script"... 2023-10-19 11:51:05,578 [root] DEBUG: Started auxiliary module "During_script" 2023-10-19 11:51:05,578 [root] DEBUG: Started auxiliary module During_script 2023-10-19 11:51:05,609 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Driver" /success:disable /failure:disable 2023-10-19 11:51:05,718 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other System Events" /success:disable /failure:enable 2023-10-19 11:51:05,781 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Logon" /success:enable /failure:enable 2023-10-19 11:51:05,828 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Logoff" /success:enable /failure:enable 2023-10-19 11:51:05,875 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Account Lockout" /success:enable /failure:enable 2023-10-19 11:51:05,921 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Main Mode" /success:disable /failure:disable 2023-10-19 11:51:05,984 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Quick Mode" /success:disable /failure:disable 2023-10-19 11:51:06,031 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Extended Mode" /success:disable /failure:disable 2023-10-19 11:51:06,093 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Logon/Logoff Events" /success:enable /failure:enable 2023-10-19 11:51:06,156 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable 2023-10-19 11:51:06,218 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Special Logon" /success:enable /failure:enable 2023-10-19 11:51:06,296 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"File System" /success:enable /failure:enable 2023-10-19 11:51:06,359 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Registry" /success:enable /failure:enable 2023-10-19 11:51:06,421 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Kernel Object" /success:enable /failure:enable 2023-10-19 11:51:06,500 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"SAM" /success:disable /failure:disable 2023-10-19 11:51:06,562 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Certification Services" /success:enable /failure:enable 2023-10-19 11:51:06,625 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Handle Manipulation" /success:disable /failure:disable 2023-10-19 11:51:06,703 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Application Generated" /success:enable /failure:enable 2023-10-19 11:51:06,765 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"File Share" /success:enable /failure:enable 2023-10-19 11:51:06,828 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:disable /failure:disable 2023-10-19 11:51:06,890 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Filtering Platform Connection" /success:disable /failure:disable 2023-10-19 11:51:06,953 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Object Access Events" /success:disable /failure:disable 2023-10-19 11:51:07,015 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Sensitive Privilege Use" /success:disable /failure:disable 2023-10-19 11:51:07,062 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Non Sensitive Privilege Use" /success:disable /failure:disable 2023-10-19 11:51:07,125 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Privilege Use Events" /success:disable /failure:disable 2023-10-19 11:51:07,218 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"RPC Events" /success:enable /failure:enable 2023-10-19 11:51:07,296 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Audit Policy Change" /success:enable /failure:enable 2023-10-19 11:51:07,359 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Authentication Policy Change" /success:enable /failure:enable 2023-10-19 11:51:07,406 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"MPSSVC Rule-Level Policy Change" /success:disable /failure:disable 2023-10-19 11:51:07,468 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Filtering Platform Policy Change" /success:disable /failure:disable 2023-10-19 11:51:07,531 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Policy Change Events" /success:disable /failure:enable 2023-10-19 11:51:07,593 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"User Account Management" /success:enable /failure:enable 2023-10-19 11:51:07,656 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Computer Account Management" /success:enable /failure:enable 2023-10-19 11:51:07,718 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Security Group Management" /success:enable /failure:enable 2023-10-19 11:51:07,765 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Distribution Group Management" /success:enable /failure:enable 2023-10-19 11:51:07,828 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Application Group Management" /success:enable /failure:enable 2023-10-19 11:51:07,890 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Account Management Events" /success:enable /failure:enable 2023-10-19 11:51:07,953 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Directory Service Access" /success:enable /failure:enable 2023-10-19 11:51:08,015 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Directory Service Changes" /success:enable /failure:enable 2023-10-19 11:51:08,078 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Directory Service Replication" /success:disable /failure:enable 2023-10-19 11:51:08,140 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Detailed Directory Service Replication" /success:disable /failure:disable 2023-10-19 11:51:08,187 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Credential Validation" /success:enable /failure:enable 2023-10-19 11:51:08,249 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Kerberos Service Ticket Operations" /success:enable /failure:enable 2023-10-19 11:51:08,312 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Account Logon Events" /success:enable /failure:enable 2023-10-19 11:51:08,375 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Kerberos Authentication Service" /success:enable /failure:enable 2023-10-19 11:51:08,437 [modules.auxiliary.evtx] DEBUG: Wiping Application 2023-10-19 11:51:08,500 [modules.auxiliary.evtx] DEBUG: Wiping HardwareEvents 2023-10-19 11:51:08,546 [modules.auxiliary.evtx] DEBUG: Wiping Internet Explorer 2023-10-19 11:51:08,593 [modules.auxiliary.evtx] DEBUG: Wiping Key Management Service 2023-10-19 11:51:08,640 [modules.auxiliary.evtx] DEBUG: Wiping OAlerts 2023-10-19 11:51:08,687 [modules.auxiliary.evtx] DEBUG: Wiping Security 2023-10-19 11:51:08,734 [modules.auxiliary.evtx] DEBUG: Wiping Setup 2023-10-19 11:51:08,781 [modules.auxiliary.evtx] DEBUG: Wiping System 2023-10-19 11:51:08,843 [modules.auxiliary.evtx] DEBUG: Wiping Windows PowerShell 2023-10-19 11:51:08,890 [modules.auxiliary.evtx] DEBUG: Wiping Microsoft-Windows-Sysmon/Operational 2023-10-19 11:51:13,328 [root] INFO: Restarting WMI Service 2023-10-19 11:51:15,406 [lib.core.compound] INFO: C:\Users\win7\AppData\Local\Temp already exists, skipping creation 2023-10-19 11:51:15,421 [lib.api.process] INFO: Successfully executed process from path "C:\Users\win7\AppData\Local\Temp\malicious_file_blad.exe" with arguments "" with pid 2304 2023-10-19 11:51:15,421 [lib.api.process] INFO: Monitor config for process 2304: C:\tmpz162qo78\dll\2304.ini 2023-10-19 11:51:15,437 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpz162qo78\dll\kCCCVFS.dll, loader C:\tmpz162qo78\bin\WzjAugi.exe 2023-10-19 11:51:15,468 [root] DEBUG: Loader: Injecting process 2304 (thread 2732) with C:\tmpz162qo78\dll\kCCCVFS.dll. 2023-10-19 11:51:15,468 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT. 2023-10-19 11:51:15,468 [root] DEBUG: Successfully injected DLL C:\tmpz162qo78\dll\kCCCVFS.dll. 2023-10-19 11:51:15,468 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2304 2023-10-19 11:51:17,468 [lib.api.process] INFO: Successfully resumed process with pid 2304 2023-10-19 11:51:17,515 [root] DEBUG: Python path set to 'C:\Users\win7\AppData\Local\Programs\Python\Python36-32'. 2023-10-19 11:51:17,515 [root] DEBUG: Dropped file limit defaulting to 100. 2023-10-19 11:51:17,515 [root] DEBUG: Initialising Yara... 2023-10-19 11:51:17,531 [root] DEBUG: YaraInit: Compiled 24 rule files 2023-10-19 11:51:17,531 [root] DEBUG: YaraInit: Compiled rules saved to file C:\tmpz162qo78\data\yara\capemon.yac 2023-10-19 11:51:17,531 [root] DEBUG: Monitor initialised: 32-bit capemon loaded in process 2304 at 0x74ba0000, thread 2732, image base 0x400000, stack from 0x186000-0x190000 2023-10-19 11:51:17,531 [root] DEBUG: Commandline: "C:\Users\win7\AppData\Local\Temp\malicious_file_blad.exe" 2023-10-19 11:51:17,562 [root] DEBUG: WoW64 detected: 64-bit ntdll base: 0x772e0000, KiUserExceptionDispatcher: 0x0, NtSetContextThread: 0x7733124a, Wow64PrepareForException: 0x0 2023-10-19 11:51:17,562 [root] DEBUG: WoW64 workaround: KiUserExceptionDispatcher hook installed at: 0x340000 2023-10-19 11:51:17,578 [root] DEBUG: api-rate-cap: NtDelayExecution hook disabled due to rate 2023-10-19 11:51:17,578 [root] DEBUG: api-rate-cap: NtDelayExecution hook disabled due to rate 2023-10-19 11:51:17,578 [root] DEBUG: RestoreHeaders: Restored original import table. 2023-10-19 11:51:17,578 [root] DEBUG: api-rate-cap: NtDelayExecution hook disabled due to rate 2023-10-19 11:51:17,593 [root] DEBUG: api-rate-cap: NtDelayExecution hook disabled due to rate 2023-10-19 11:51:17,593 [root] INFO: Loaded monitor into process with pid 2304 2023-10-19 11:51:17,593 [root] DEBUG: caller_dispatch: Added region at 0x00400000 to tracked regions list (kernel32::FindResourceExW returns to 0x00401585, thread 2732). 2023-10-19 11:51:17,593 [root] DEBUG: YaraScan: Scanning 0x00400000, size 0x22613 2023-10-19 11:51:17,593 [root] DEBUG: AllocationHandler: Adding allocation to tracked region list: 0x00350000, size: 0x18000. 2023-10-19 11:51:17,609 [root] DEBUG: AllocationHandler: Adding allocation to tracked region list: 0x003F0000, size: 0x1000. 2023-10-19 11:51:17,609 [root] DEBUG: AllocationHandler: Processing previous tracked region at: 0x00350000. 2023-10-19 11:51:17,609 [root] DEBUG: YaraScan: Scanning 0x00350000, size 0x17b04 2023-10-19 11:51:17,609 [root] DEBUG: DumpPEsInRange: Scanning range 0x00350000 - 0x00367B04. 2023-10-19 11:51:17,609 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x00350000-0x00367B04. 2023-10-19 11:51:17,640 [lib.common.results] INFO: Uploading file C:\mUVXgKYC\CAPE\2304_1481875017518194102023 to CAPE\ca25aa5d88c4b4529c4f3f878999b18a88d5f7683a8ff0cf3c90a1f47231c03c; Size is 97028; Max size: 10000000000 2023-10-19 11:51:17,656 [root] DEBUG: DumpMemory: Payload successfully created: C:\mUVXgKYC\CAPE\2304_1481875017518194102023 (size 97028 bytes) 2023-10-19 11:51:17,656 [root] DEBUG: DumpRegion: Dumped entire allocation from 0x00350000, size 98304 bytes. 2023-10-19 11:51:17,656 [root] DEBUG: ProcessTrackedRegion: Dumped region at 0x00350000. 2023-10-19 11:51:17,671 [root] DEBUG: AllocationHandler: Adding allocation to tracked region list: 0x00470000, size: 0x1b000. 2023-10-19 11:51:17,671 [root] DEBUG: AllocationHandler: Processing previous tracked region at: 0x003F0000. 2023-10-19 11:51:17,671 [root] DEBUG: YaraScan: Scanning 0x003F0000, size 0xee 2023-10-19 11:51:17,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x003F0000 - 0x003F00EE. 2023-10-19 11:51:17,671 [root] DEBUG: ScanForDisguisedPE: Size too small. 2023-10-19 11:51:17,671 [lib.common.results] INFO: Uploading file C:\mUVXgKYC\CAPE\2304_1995956617518194102023 to CAPE\47cc8d939f0138854bf1017d1dacda1cc7aa81d821c41bb726e10220263cac5f; Size is 238; Max size: 10000000000 2023-10-19 11:51:17,687 [root] DEBUG: DumpMemory: Payload successfully created: C:\mUVXgKYC\CAPE\2304_1995956617518194102023 (size 238 bytes) 2023-10-19 11:51:17,687 [root] DEBUG: DumpRegion: Dumped entire allocation from 0x003F0000, size 4096 bytes. 2023-10-19 11:51:17,687 [root] DEBUG: ProcessTrackedRegion: Dumped region at 0x003F0000. 2023-10-19 11:51:17,687 [root] DEBUG: YaraScan: Scanning 0x00470000, size 0x17d40 2023-10-19 11:51:17,687 [root] DEBUG: DumpPEsInRange: Scanning range 0x00470000 - 0x00487D40. 2023-10-19 11:51:17,687 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x00470000-0x00487D40. 2023-10-19 11:51:17,703 [lib.common.results] INFO: Uploading file C:\mUVXgKYC\CAPE\2304_7585158255114194102023 to CAPE\7c8a5de386104c54868d8c0573ef139c338febbb61b27666785888e1f73c60a2; Size is 97600; Max size: 10000000000 2023-10-19 11:51:17,718 [root] DEBUG: DumpMemory: Payload successfully created: C:\mUVXgKYC\CAPE\2304_7585158255114194102023 (size 97600 bytes) 2023-10-19 11:51:17,718 [root] DEBUG: DumpRegion: Dumped entire allocation from 0x00470000, size 110592 bytes. 2023-10-19 11:51:17,718 [root] DEBUG: ProcessTrackedRegion: Dumped region at 0x00470000. 2023-10-19 11:51:17,734 [root] DEBUG: api-rate-cap: LdrGetDllHandle hook disabled due to rate 2023-10-19 11:51:17,750 [root] DEBUG: api-rate-cap: LdrGetProcedureAddress hook disabled due to rate 2023-10-19 11:51:17,750 [root] DEBUG: api-rate-cap: memcpy hook disabled due to rate 2023-10-19 11:51:17,750 [root] DEBUG: api-rate-cap: memcpy hook disabled due to rate 2023-10-19 11:51:17,750 [root] DEBUG: AllocationHandler: Adding allocation to tracked region list: 0x00490000, size: 0x1a000. 2023-10-19 11:51:17,750 [root] DEBUG: AllocationHandler: Processing previous tracked region at: 0x00470000. 2023-10-19 11:51:17,750 [root] DEBUG: DLL loaded at 0x75760000: C:\Windows\syswow64\shell32 (0xc4a000 bytes). 2023-10-19 11:51:17,765 [root] DEBUG: DLL loaded at 0x752E0000: C:\Windows\syswow64\wininet (0xf5000 bytes). 2023-10-19 11:51:17,765 [root] DEBUG: DLL loaded at 0x75550000: C:\Windows\syswow64\urlmon (0x136000 bytes). 2023-10-19 11:51:17,765 [root] DEBUG: DLL loaded at 0x76F80000: C:\Windows\syswow64\OLEAUT32 (0x8f000 bytes). 2023-10-19 11:51:17,765 [root] DEBUG: DLL loaded at 0x750E0000: C:\Windows\syswow64\iertutil (0x1fb000 bytes). 2023-10-19 11:51:17,765 [root] DEBUG: DLL loaded at 0x74B70000: C:\Windows\system32\wsock32 (0x7000 bytes). 2023-10-19 11:51:17,765 [root] DEBUG: DLL loaded at 0x74A50000: C:\Windows\system32\userenv (0x17000 bytes). 2023-10-19 11:51:17,765 [root] DEBUG: DLL loaded at 0x74B60000: C:\Windows\system32\profapi (0xb000 bytes). 2023-10-19 11:51:17,765 [root] DEBUG: AllocationHandler: Previously reserved region at 0x00400000, committing at: 0x00400000. 2023-10-19 11:51:17,765 [root] DEBUG: AllocationHandler: Processing previous tracked region at: 0x00490000. 2023-10-19 11:51:17,765 [root] DEBUG: YaraScan: Scanning 0x00490000, size 0x18ae1 2023-10-19 11:51:17,781 [root] DEBUG: DumpPEsInRange: Scanning range 0x00490000 - 0x004A8AE1. 2023-10-19 11:51:17,781 [root] DEBUG: ScanForDisguisedPE: PE image located at: 0x00490000 2023-10-19 11:51:17,781 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image. 2023-10-19 11:51:17,781 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00490000. 2023-10-19 11:51:17,781 [root] DEBUG: DumpProcess: Module entry point VA is 0x0001072C. 2023-10-19 11:51:17,781 [root] DEBUG: readPeSectionsFromProcess: Failed to relocate image back to header image base 0x00400000. 2023-10-19 11:51:17,796 [lib.common.results] INFO: Uploading file C:\mUVXgKYC\CAPE\2304_1604252117518194102023 to CAPE\9b2da4cf1d974669b8804012fe91a55a5b3b1d733d1129c468944a9413387227; Size is 93696; Max size: 10000000000 2023-10-19 11:51:17,812 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x16e00. 2023-10-19 11:51:17,812 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x00491000-0x004A8AE1. 2023-10-19 11:51:17,812 [root] DEBUG: DumpRegion: Dumped PE image(s) from base address 0x00490000, size 106496 bytes. 2023-10-19 11:51:17,812 [root] DEBUG: ProcessTrackedRegion: Dumped region at 0x00490000. 2023-10-19 11:51:17,812 [root] DEBUG: DLL loaded at 0x74E40000: C:\Windows\system32\uxtheme (0x80000 bytes). 2023-10-19 11:51:17,828 [root] DEBUG: DLL unloaded from 0x74E40000. 2023-10-19 11:51:17,828 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x12c and local view 0x044C0000 to global list. 2023-10-19 11:51:17,828 [root] DEBUG: DLL loaded at 0x74A20000: C:\Windows\system32\SAMCLI (0xf000 bytes). 2023-10-19 11:51:17,828 [root] DEBUG: hook_api: Warning - NetUserGetInfo export address 0x74A3528E differs from GetProcAddress -> 0x74A21BE2 2023-10-19 11:51:17,828 [root] DEBUG: DLL loaded at 0x74A10000: C:\Windows\system32\WKSCLI (0xf000 bytes). 2023-10-19 11:51:17,828 [root] DEBUG: hook_api: Warning - NetGetJoinInformation export address 0x74A34AD2 differs from GetProcAddress -> 0x74A12C3F 2023-10-19 11:51:17,828 [root] DEBUG: hook_api: Warning - NetUserGetLocalGroups export address 0x74A352A4 differs from GetProcAddress -> 0x74A228AA 2023-10-19 11:51:17,843 [root] DEBUG: DLL loaded at 0x749E0000: C:\Windows\system32\LOGONCLI (0x22000 bytes). 2023-10-19 11:51:17,843 [root] DEBUG: hook_api: Warning - DsEnumerateDomainTrustsW export address 0x74A33C9E differs from GetProcAddress -> 0x749EB1FA 2023-10-19 11:51:17,843 [root] DEBUG: DLL loaded at 0x74A30000: C:\Windows\system32\netapi32 (0x11000 bytes). 2023-10-19 11:51:17,843 [root] DEBUG: DLL loaded at 0x749D0000: C:\Windows\system32\netutils (0x9000 bytes). 2023-10-19 11:51:17,843 [root] DEBUG: DLL loaded at 0x749B0000: C:\Windows\system32\srvcli (0x19000 bytes). 2023-10-19 11:51:17,843 [root] DEBUG: DLL loaded at 0x74770000: C:\Windows\system32\msi (0x240000 bytes). 2023-10-19 11:51:17,859 [root] DEBUG: DLL loaded at 0x74760000: C:\Windows\system32\pstorec (0xd000 bytes). 2023-10-19 11:51:17,859 [root] DEBUG: DLL loaded at 0x74740000: C:\Windows\system32\ATL (0x14000 bytes). 2023-10-19 11:51:18,968 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x18c and local view 0x047A0000 to global list. 2023-10-19 11:51:20,156 [root] DEBUG: DLL loaded at 0x000007FEFAF00000: C:\Windows\system32\pstorsvc (0xd000 bytes). 2023-10-19 11:51:20,156 [root] DEBUG: DLL loaded at 0x000007FEF93F0000: C:\Windows\system32\psbase (0x11000 bytes). 2023-10-19 11:51:25,140 [root] INFO: Disabling sleep skipping. 2023-10-19 11:51:25,140 [root] DEBUG: DLL loaded at 0x76B50000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes). 2023-10-19 11:51:25,156 [root] DEBUG: DLL loaded at 0x72790000: C:\Windows\SysWOW64\ieframe (0xa80000 bytes). 2023-10-19 11:51:25,156 [root] DEBUG: DLL loaded at 0x76500000: C:\Windows\syswow64\PSAPI (0x5000 bytes). 2023-10-19 11:51:25,156 [root] DEBUG: DLL loaded at 0x74700000: C:\Windows\SysWOW64\OLEACC (0x3c000 bytes). 2023-10-19 11:51:25,156 [root] DEBUG: DLL loaded at 0x74560000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes). 2023-10-19 11:51:25,171 [root] DEBUG: DLL loaded at 0x74530000: C:\Windows\system32\MLANG (0x2e000 bytes). 2023-10-19 11:51:25,187 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x214 and local view 0x00730000 to global list. 2023-10-19 11:51:25,203 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x220 and local view 0x03710000 to global list. 2023-10-19 11:51:25,203 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x22c and local view 0x03720000 to global list. 2023-10-19 11:51:25,234 [root] DEBUG: DLL loaded at 0x74500000: C:\Windows\system32\ntmarta (0x21000 bytes). 2023-10-19 11:51:25,234 [root] DEBUG: DLL loaded at 0x76D00000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes). 2023-10-19 11:51:25,234 [root] DEBUG: DLL loaded at 0x73BC0000: C:\Windows\system32\VERSION (0x9000 bytes). 2023-10-19 11:51:25,234 [root] DEBUG: DLL unloaded from 0x75550000. 2023-10-19 11:51:25,328 [root] DEBUG: DLL loaded at 0x744B0000: C:\Windows\system32\dnsapi (0x44000 bytes). 2023-10-19 11:51:25,328 [root] DEBUG: DLL loaded at 0x74490000: C:\Windows\system32\iphlpapi (0x1c000 bytes). 2023-10-19 11:51:25,328 [root] DEBUG: DLL loaded at 0x74480000: C:\Windows\system32\WINNSI (0x7000 bytes). 2023-10-19 11:51:25,343 [root] DEBUG: DLL loaded at 0x73220000: C:\Windows\system32\mswsock (0x3c000 bytes). 2023-10-19 11:51:25,343 [root] DEBUG: DLL loaded at 0x73210000: C:\Windows\System32\wshtcpip (0x5000 bytes). 2023-10-19 11:51:25,343 [root] DEBUG: DLL loaded at 0x74470000: C:\Windows\system32\NLAapi (0x10000 bytes). 2023-10-19 11:51:25,343 [root] DEBUG: DLL loaded at 0x74460000: C:\Windows\system32\napinsp (0x10000 bytes). 2023-10-19 11:51:25,343 [root] DEBUG: DLL loaded at 0x74440000: C:\Windows\system32\pnrpnsp (0x12000 bytes). 2023-10-19 11:51:25,359 [root] DEBUG: DLL loaded at 0x74430000: C:\Windows\System32\winrnr (0x8000 bytes). 2023-10-19 11:51:37,359 [root] DEBUG: DLL loaded at 0x74420000: C:\Windows\system32\rasadhlp (0x6000 bytes). 2023-10-19 11:54:38,468 [root] INFO: Analysis timeout hit, terminating analysis 2023-10-19 11:54:38,468 [lib.api.process] INFO: Terminate event set for process 2304 2023-10-19 11:54:38,468 [root] DEBUG: Terminate Event: Attempting to dump process 2304 2023-10-19 11:54:38,468 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x00400000. 2023-10-19 11:54:38,468 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image. 2023-10-19 11:54:38,468 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00400000. 2023-10-19 11:54:38,468 [root] DEBUG: DumpProcess: Module entry point VA is 0x0001072C. 2023-10-19 11:54:38,484 [lib.common.results] INFO: Uploading file C:\mUVXgKYC\CAPE\2304_1918838548194102023 to procdump\66ef8132e519913c291c3ca1112dd083552e92612ead22f83e70be72eaad3b2d; Size is 94720; Max size: 10000000000 2023-10-19 11:54:38,500 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x17200. 2023-10-19 11:54:38,500 [root] INFO: Added new file to list with pid None and path C:\Users\win7\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2023-10-19 11:54:38,500 [root] INFO: Added new file to list with pid None and path C:\Users\win7\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2023-10-19 11:54:38,515 [root] INFO: Added new file to list with pid None and path C:\Users\win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2023-10-19 11:54:38,515 [lib.api.process] INFO: Termination confirmed for process 2304 2023-10-19 11:54:38,515 [root] INFO: Terminate event set for process 2304 2023-10-19 11:54:38,515 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 2304 2023-10-19 11:54:38,515 [root] INFO: Created shutdown mutex 2023-10-19 11:54:39,515 [root] INFO: Shutting down package 2023-10-19 11:54:39,515 [root] INFO: Stopping auxiliary modules 2023-10-19 11:54:39,515 [root] INFO: Stopping auxiliary module: Browser 2023-10-19 11:54:39,515 [root] INFO: Stopping auxiliary module: Curtain 2023-10-19 11:54:39,578 [lib.common.results] INFO: Uploading file C:\curtain.log to curtain/1697705679.578125.curtain.log; Size is 36; Max size: 10000000000 2023-10-19 11:54:39,593 [root] INFO: Stopping auxiliary module: Evtx 2023-10-19 11:54:39,593 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\Application.evtx to zip dump 2023-10-19 11:54:39,593 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\HardwareEvents.evtx to zip dump 2023-10-19 11:54:39,609 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\Internet Explorer.evtx to zip dump 2023-10-19 11:54:39,609 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\Key Management Service.evtx to zip dump 2023-10-19 11:54:39,609 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\Security.evtx to zip dump 2023-10-19 11:54:39,609 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\Setup.evtx to zip dump 2023-10-19 11:54:39,609 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\System.evtx to zip dump 2023-10-19 11:54:39,625 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\Windows PowerShell.evtx to zip dump 2023-10-19 11:54:39,625 [modules.auxiliary.evtx] DEBUG: Uploading evtx.zip to host 2023-10-19 11:54:39,625 [lib.common.results] INFO: Uploading file evtx.zip to evtx/evtx.zip; Size is 32672; Max size: 10000000000 2023-10-19 11:54:39,640 [root] INFO: Stopping auxiliary module: FilePickup 2023-10-19 11:54:39,640 [root] INFO: Stopping auxiliary module: Human 2023-10-19 11:54:39,640 [root] INFO: Stopping auxiliary module: Pre_script 2023-10-19 11:54:39,640 [root] INFO: Stopping auxiliary module: Procmon 2023-10-19 11:54:39,718 [lib.common.results] WARNING: File C:\mUVXgKYC\bin\procmon.xml doesn't exist anymore 2023-10-19 11:54:39,718 [root] INFO: Stopping auxiliary module: Screenshots 2023-10-19 11:54:39,734 [root] INFO: Stopping auxiliary module: Usage 2023-10-19 11:54:39,734 [root] INFO: Stopping auxiliary module: During_script 2023-10-19 11:54:39,734 [root] INFO: Finishing auxiliary modules 2023-10-19 11:54:39,734 [root] INFO: Shutting down pipe server and dumping dropped files 2023-10-19 11:54:39,734 [lib.common.results] INFO: Uploading file C:\Users\win7\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat to files\cf6dfb6e7ac48cb9d7a22dc09c070c177e13d7a9d43e15727a0b34ee6991805c; Size is 32768; Max size: 10000000000 2023-10-19 11:54:39,750 [lib.common.results] INFO: Uploading file C:\Users\win7\AppData\Roaming\Microsoft\Windows\Cookies\index.dat to files\75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a; Size is 16384; Max size: 10000000000 2023-10-19 11:54:39,765 [lib.common.results] INFO: Uploading file C:\Users\win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat to files\f29f8fd58b8e4845331ebb8887f3223b02c0c33fb60651d24586fcf21221fb18; Size is 32768; Max size: 10000000000 2023-10-19 11:54:39,781 [root] WARNING: Folder at path "C:\mUVXgKYC\debugger" does not exist, skipping 2023-10-19 11:54:39,781 [root] WARNING: Folder at path "C:\mUVXgKYC\tlsdump" does not exist, skipping 2023-10-19 11:54:39,781 [root] INFO: Analysis completed
Web is run with cape user. Also checked modules directory everything is chown by cape user. Any thoughts what could be the problem? Thank you in advance.
Problem solved again. I added cape user to www-data group. Reloaded daemons and restarted nginx service. Everything works now.
Dear @meldzhaLV,
I also encounter the following errors:
feb 22 18:26:52 capev2sandbox python3[32074]: 2024-02-22 18:26:52,007 [Task 6] [lib.cuckoo.common.integrations.file_extra_info] ERROR: You have permission error. FIX IT! sudo chown cape:cape /opt/CAPEv2/data/trid -R feb 22 18:26:53 capev2sandbox python3[32074]: 2024-02-22 18:26:53,050 [Task 6] [lib.cuckoo.common.integrations.file_extra_info] ERROR: You have permission error. FIX IT! sudo chown cape:cape /opt/CAPEv2/data/trid -R feb 22 18:26:53 capev2sandbox python3[32074]: 2024-02-22 18:26:53,742 [Task 6] [lib.cuckoo.common.integrations.file_extra_info] ERROR: You have permission error. FIX IT! sudo chown cape:cape /opt/CAPEv2/data/trid -R feb 22 18:26:54 capev2sandbox python3[32074]: 2024-02-22 18:26:54,774 [Task 6] [lib.cuckoo.common.integrations.file_extra_info] ERROR: You have permission error. FIX IT! sudo chown cape:cape /opt/CAPEv2/data/trid -R feb 22 18:26:55 capev2sandbox python3[32074]: 2024-02-22 18:26:55,423 [Task 6] [lib.cuckoo.common.integrations.file_extra_info] ERROR: You have permission error. FIX IT! sudo chown cape:cape /opt/CAPEv2/data/trid -R feb 22 18:26:56 capev2sandbox python3[32074]: 2024-02-22 18:26:56,174 [Task 6] [lib.cuckoo.common.integrations.file_extra_info] ERROR: You have permission error. FIX IT! sudo chown cape:cape /opt/CAPEv2/data/trid -R feb 22 18:26:56 capev2sandbox python3[32074]: 2024-02-22 18:26:56,888 [Task 6] [lib.cuckoo.common.integrations.file_extra_info] ERROR: You have permission error. FIX IT! sudo chown cape:cape /opt/CAPEv2/data/trid -R feb 22 18:26:57 capev2sandbox python3[32074]: 2024-02-22 18:26:57,658 [Task 6] [lib.cuckoo.common.integrations.file_extra_info] ERROR: You have permission error. FIX IT! sudo chown cape:cape /opt/CAPEv2/data/trid -R feb 22 18:26:58 capev2sandbox python3[32074]: 2024-02-22 18:26:58,437 [Task 6] [lib.cuckoo.common.integrations.file_extra_info] ERROR: You have permission error. FIX IT! sudo chown cape:cape /opt/CAPEv2/data/trid -R
can you help me understand how you solved it? I gave the command but it keeps coming out. :(
Regards Engel
@eingel86 https://linux.die.net/man/8/usermod
Dear @doomedraven , I know it is an open product and the support you provide is free of charge, for which I thank you and apologise for the inconvenience. But could you point me to the specific command to give since the one indicated in cli (sudo chown cape:cape /opt/CAPEv2/data/trid -R) does not solve the problem? I would be very grateful, thank you.
before ask for help provide useful details for faster help, to save you and me time. i have feeling that you running cape wtih non cape user right?
I installed cape following the guide 'https://capev2.readthedocs.io/en/latest/index.html'. I use a different user to connect in ssh or via desktop on Ubuntu. I don't know the password of the cape user that was created when I ran the command: "sudo ./cape2.sh all cape | tee cape.log" but I don't think I should use it to log in in ssh or via desktop. When I run the commands: journalctl -u SERVICE --follow I do it with the no cape user, but only that. The analysis is performed from the web page and not from the cli. Below are the active processes:
userssh@capev2sandbox:~$ top | grep cape 42601 cape 20 0 897088 276968 41724 R 82,4 0,8 260:41.23 python 47624 userssh 20 0 13636 4416 3264 R 11,8 0,0 0:00.05 top 42601 cape 20 0 897088 276968 41724 R 78,9 0,8 260:43.62 python 42630 cape 20 0 1321868 294504 47232 S 21,8 0,9 59:09.59 python 1538 cape 20 0 475416 3284 2688 S 0,7 0,0 4:06.78 Suricata-Main 47624 userssh 20 0 13636 4416 3264 R 0,7 0,0 0:00.07 top 4257 userssh 20 0 2385620 182456 51520 S 0,3 0,6 7:33.55 virt-manager 42601 cape 20 0 897088 276968 41724 S 79,9 0,8 260:46.04 python 42630 cape 20 0 1321868 294504 47232 S 14,5 0,9 59:10.03 python 47624 userssh 20 0 13636 4416 3264 R 1,3 0,0 0:00.11 top 42599 cape 20 0 666492 83004 40320 S 0,7 0,3 0:30.83 /home/cape/.cac
I noticed that while having the error: [lib.cuckoo.common.integrations.file_extra_info] ERROR: You have permission error. FIX IT! sudo chown cape:cape /opt/CAPEv2/data/trid -R
The analysis is performed and the report is generated.
well a bit better but still has lack of details. what about? post outpt of next commands(when posting output use code escape block by using ```output here```):
ls -lah /opt/CAPEv2/data/trid
ls -lah /opt/CAPEv2
so your UNIQUE problem is that output about permission? do you know what is trid?
Looking at the logs in realtime, I found the trid permission error. No I don't know what trid is, I apologise for my ignorance.
userssh@capev2sandbox:~$ ls -lah /opt/CAPEv2/data/trid total 5,9M drwxr-xr-x 2 cape cape 4,0K feb 21 00:19 . drwxr-xr-x 13 cape cape 4,0K feb 23 00:05 .. -rw-r--r-- 1 cape cape 755K feb 23 00:05 trid -rw-r--r-- 1 cape cape 5,1M feb 23 00:05 triddefs.trd -rw-r--r-- 1 cape cape 3,1K feb 23 00:05 tridupdate.py userssh@capev2sandbox:~$ ls -lah /opt/CAPEv2 total 740K drwxr-xr-x 25 cape cape 4,0K feb 22 09:24 . drwxr-xr-x 3 root root 4,0K feb 21 00:15 .. -rw-r--r-- 1 cape cape 1,7K feb 21 00:16 acknowledgment.md drwxr-xr-x 2 cape cape 4,0K feb 21 00:16 admin drwxr-xr-x 2 cape cape 4,0K feb 21 00:16 agent drwxr-xr-x 4 cape cape 4,0K feb 21 00:16 analyzer drwxr-xr-x 3 root root 4,0K feb 21 00:26 .cache -rw-r--r-- 1 cape cape 50K feb 21 00:16 changelog.md -rw-r--r-- 1 cape cape 605 feb 21 00:16 CITATION.cff drwxr-xr-x 2 cape cape 4,0K feb 23 10:55 conf -rw-r--r-- 1 cape cape 4,5K feb 21 00:16 cuckoo.py drwxr-xr-x 5 cape cape 4,0K feb 21 00:16 custom drwxr-xr-x 13 cape cape 4,0K feb 23 00:05 data drwxr-xr-x 3 cape cape 4,0K feb 21 00:26 dev_utils drwxr-xr-x 3 cape cape 4,0K feb 21 00:16 docs drwxr-xr-x 5 cape cape 4,0K feb 21 00:16 extra drwxr-xr-x 8 cape cape 4,0K feb 21 00:16 .git drwxr-xr-x 4 cape cape 4,0K feb 21 00:16 .github -rw-r--r-- 1 cape cape 252 feb 21 00:16 .gitignore -rw-r--r-- 1 cape cape 101 feb 21 00:16 .gitmodules drwxr-xr-x 2 cape cape 4,0K feb 21 00:16 installer drwxr-xr-x 4 cape cape 4,0K feb 21 00:19 lib -rw-r--r-- 1 cape cape 34K feb 21 00:16 LICENSE drwxr-xr-x 2 cape cape 4,0K feb 23 10:29 log drwxr-xr-x 9 cape cape 4,0K feb 21 00:26 modules -rw-r--r-- 1 cape cape 338K feb 21 00:16 poetry.lock -rw-r--r-- 1 cape cape 677 feb 21 00:16 .pre-commit-config.yaml -rw-r--r-- 1 cape cape 3,5K feb 21 00:16 pyproject.toml -rw-r--r-- 1 cape cape 11K feb 21 00:16 README.md -rw-r--r-- 1 cape cape 757 feb 21 00:16 .readthedocs.yaml -rw-r--r-- 1 cape cape 155K feb 21 00:16 requirements.txt -rw-r--r-- 1 cape cape 483 feb 21 00:16 SECURITY.md drwxr-xr-x 5 cape cape 4,0K feb 22 09:24 storage drwxr-xr-x 2 cape cape 4,0K feb 21 00:16 systemd drwxr-xr-x 6 cape cape 4,0K feb 21 00:16 tests drwxr-xr-x 2 cape cape 4,0K feb 21 00:16 tests_parsers drwxr-xr-x 5 cape cape 4,0K feb 21 00:19 utils drwxr-xr-x 2 cape cape 4,0K feb 21 00:16 uwsgi drwxr-xr-x 13 cape cape 4,0K feb 22 08:47 web -rw-r--r-- 1 cape cape 205 feb 21 00:16 .yara-ci.yml
I have noticed other errors, but I don't think it is correct to include them here, or perhaps they are related to the lack of trid permission.
please start using the code block for formatting output. so i don't see any issue here. i guess your problem is that trid is not executable. sudo chmod a+x /opt/CAPEv2/data/trid/trid
. Is hard to help you if you describe the problem, i have guess all the time, that is not how i will follow
Dear @doomedraven , thanks for the command: sudo chmod a+x /opt/CAPEv2/data/trid/trid
solved the problem.
small advice, do no activate parts that you don't have no idea what they are. Google them first otherwise with limited experience you might get into bigger problems
About accounts on capesandbox.com
This is open source and you are getting free support so be friendly!
Prerequisites
Please answer the following questions for yourself before submitting an issue.
Expected Behavior
File Details can be seen in Quick Overview.
Current Behavior
In Recent -> Filename -> Quick Overview I am not seeing File Details view. I used to see it when analysing PDF files. I rebooted server and did migrations with migrate.py in web folder. Also now I don't see "Payloads" and "Compare this analysis to..." panes anymore.
What I did previously: I tweaked config files. Was searching which module does what, enabled / disabled them. Now I have changed everything to defaults in config files. But File Details are still not showing.
I ran this command aswell since I wanted to play with REST API: poetry run pip install djangorestframework
Also - previously my PDF malscores were constantly 5.7 - 5.9 which were false positives, but now I results are 1.9 - 2.2. Really hope that someone can help with this issue. Thank you.