doomedraven
commented
4 years ago hello, thanks, execute community module, there was fixes those days for that Signature and other bugs, macro folder created in repo, do git pull
Closed powerade661 closed 4 years ago
doomedraven
commented
4 years ago hello, thanks, execute community module, there was fixes those days for that Signature and other bugs, macro folder created in repo, do git pull
powerade661
commented
4 years ago So I did git pull and executed the community module and I am still seeing the error message.
Commit log
Error message
powerade661
commented
4 years ago 
doomedraven
commented
4 years ago lool that is github if folder is empty it removes it :D so i left empty file inside
powerade661
commented
4 years ago LOL alright so that fixed that, but this is still there. Does this affect the functionality at all? I would assume so since signature is not defined, some things might not be parsed? I haven't looked at the code apart from the analyzer.py and made a modification to add pythonw.exe and pyw.exe so it was viewed as a protected process. (maybe a pull request? not asking just suggesting)
Lastly, does CAPE have the ability to parse emails and extract files from it? I can't seem to figure out what I am doing wrong; I even select the detect automatically package as well as the eml package and it still doesn't extract it. Any ideas?
Thank you for your help and quick responses.
doomedraven
commented
4 years ago that doesn't affect functionality, that just are community modules and community sometime does errors ;) did you exec community.py?
about emails, no there nothing right now for that, but you can easilly extend eml/msg package for that ;) or even better sflock https://github.com/doomedraven/sflock
powerade661
commented
4 years ago I did execute community.py -waf to no avail. I will check out sflock, I saw it on a Twitter post. It integrates with CAPE I take it?
doomedraven
commented
4 years ago for sflock yes, reexec community i just fixed
doomedraven
commented
4 years ago ok now they really fixed, i will enforce flake8 checks on PRs, thanks for reporting
powerade661
commented
4 years ago I executed community.py again or redownload sflock? It still looks like it's not working.
doomedraven
commented
4 years ago community, well without output of your execution of coommunity i can't say nthing + you need to restart process.py after community
powerade661
commented
4 years ago Output from community
Also restarted process.py
Downloading modules from https://github.com/kevoreilly/community/archive/master.tar.gz
Installing FEEDS File "/opt/CAPEv2/modules/feeds/init.py" installed File "/opt/CAPEv2/modules/feeds/bad_ssl_certs.py" installed
Installing PROCESSING File "/opt/CAPEv2/modules/processing/init.py" installed File "/opt/CAPEv2/modules/processing/cif.py" installed
Installing SIGNATURES File "/opt/CAPEv2/modules/signatures/init.py" installed File "/opt/CAPEv2/modules/signatures/accesses_netlogon.py" installed File "/opt/CAPEv2/modules/signatures/accesses_sysvol.py" installed File "/opt/CAPEv2/modules/signatures/alphacrypt_apis.py" installed File "/opt/CAPEv2/modules/signatures/andromeda_apis.py" installed File "/opt/CAPEv2/modules/signatures/anomalous_deletefile.py" installed File "/opt/CAPEv2/modules/signatures/antianalysis_detectfile.py" installed File "/opt/CAPEv2/modules/signatures/antianalysis_detectreg.py" installed File "/opt/CAPEv2/modules/signatures/antiav_360_libs.py" installed File "/opt/CAPEv2/modules/signatures/antiav_ahnlab_libs.py" installed File "/opt/CAPEv2/modules/signatures/antiav_avast_libs.py" installed File "/opt/CAPEv2/modules/signatures/antiav_bitdefender_libs.py" installed File "/opt/CAPEv2/modules/signatures/antiav_bullgaurd_libs.py" installed File "/opt/CAPEv2/modules/signatures/antiav_bypass.py" installed File "/opt/CAPEv2/modules/signatures/antiav_detectfile.py" installed File "/opt/CAPEv2/modules/signatures/antiav_detectreg.py" installed File "/opt/CAPEv2/modules/signatures/antiav_emsisoft_libs.py" installed File "/opt/CAPEv2/modules/signatures/antiav_qurb_libs.py" installed File "/opt/CAPEv2/modules/signatures/antiav_servicestop.py" installed File "/opt/CAPEv2/modules/signatures/antiav_srp.py" installed File "/opt/CAPEv2/modules/signatures/antidbg_devices.py" installed File "/opt/CAPEv2/modules/signatures/antidbg_windows.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_addvectoredexceptionhandler.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_apioverride_libs.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_checkremotedebuggerpresent.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_debugactiveprocess.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_gettickcount.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_guardpages.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_ntcreatethreadex.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_nthookengine_libs.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_ntsetinformationthread.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_outputdebugstring.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_setunhandledexceptionfilter.py" installed File "/opt/CAPEv2/modules/signatures/antiemu_wine.py" installed File "/opt/CAPEv2/modules/signatures/antiemu_wine_func.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_check_userdomain.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_cuckoo.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_cuckoo_files.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_cuckoocrash.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_fortinet_files.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_joe_anubis_files.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_mouse_hook.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_restart.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_sboxie_libs.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_sboxie_mutex.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_sboxie_objects.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_scripttimer.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_sleep.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_sunbelt_files.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_sunbelt_libs.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_suspend.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_threattrack_files.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_unhook.py" installed File "/opt/CAPEv2/modules/signatures/antivirus_virustotal.py" installed File "/opt/CAPEv2/modules/signatures/antivm_bochs_keys.py" installed File "/opt/CAPEv2/modules/signatures/antivm_dirobjects.py" installed File "/opt/CAPEv2/modules/signatures/antivm_generic_bios.py" installed File "/opt/CAPEv2/modules/signatures/antivm_generic_cpu.py" installed File "/opt/CAPEv2/modules/signatures/antivm_generic_disk.py" installed File "/opt/CAPEv2/modules/signatures/antivm_generic_disk_setupapi.py" installed File "/opt/CAPEv2/modules/signatures/antivm_generic_diskreg.py" installed File "/opt/CAPEv2/modules/signatures/antivm_generic_scsi.py" installed File "/opt/CAPEv2/modules/signatures/antivm_generic_services.py" installed File "/opt/CAPEv2/modules/signatures/antivm_generic_system.py" installed File "/opt/CAPEv2/modules/signatures/antivm_hyperv_keys.py" installed File "/opt/CAPEv2/modules/signatures/antivm_parallels_keys.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vbox_devices.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vbox_files.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vbox_keys.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vbox_libs.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vbox_provname.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vbox_window.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vmware_devices.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vmware_events.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vmware_files.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vmware_keys.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vmware_libs.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vmware_mutexes.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vpc_files.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vpc_keys.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vpc_mutex.py" installed File "/opt/CAPEv2/modules/signatures/antivm_xen_keys.py" installed File "/opt/CAPEv2/modules/signatures/api_spamming.py" installed File "/opt/CAPEv2/modules/signatures/backdoor_ketrican_regkeys.py" installed File "/opt/CAPEv2/modules/signatures/backdoor_okrum_mutex.py" installed File "/opt/CAPEv2/modules/signatures/bad_certs.py" installed File "/opt/CAPEv2/modules/signatures/bad_ssl_certs.py" installed File "/opt/CAPEv2/modules/signatures/banker_cridex.py" installed File "/opt/CAPEv2/modules/signatures/banker_geodo.py" installed File "/opt/CAPEv2/modules/signatures/banker_prinimalka.py" installed File "/opt/CAPEv2/modules/signatures/banker_spyeye_mutex.py" installed File "/opt/CAPEv2/modules/signatures/banker_zeus_mutex.py" installed File "/opt/CAPEv2/modules/signatures/banker_zeus_p2p.py" installed File "/opt/CAPEv2/modules/signatures/banker_zeus_url.py" installed File "/opt/CAPEv2/modules/signatures/bcdedit_command.py" installed File "/opt/CAPEv2/modules/signatures/betabot_apis.py" installed File "/opt/CAPEv2/modules/signatures/bitcoin_opencl.py" installed File "/opt/CAPEv2/modules/signatures/bootkit.py" installed File "/opt/CAPEv2/modules/signatures/bot_athenahttp.py" installed File "/opt/CAPEv2/modules/signatures/bot_dirtjumper.py" installed File "/opt/CAPEv2/modules/signatures/bot_drive.py" installed File "/opt/CAPEv2/modules/signatures/bot_drive2.py" installed File "/opt/CAPEv2/modules/signatures/bot_madness.py" installed File "/opt/CAPEv2/modules/signatures/bot_russkill.py" installed File "/opt/CAPEv2/modules/signatures/browser_addon.py" installed File "/opt/CAPEv2/modules/signatures/browser_bho.py" installed File "/opt/CAPEv2/modules/signatures/browser_needed.py" installed File "/opt/CAPEv2/modules/signatures/browser_proxy.py" installed File "/opt/CAPEv2/modules/signatures/browser_scanbox.py" installed File "/opt/CAPEv2/modules/signatures/browser_security.py" installed File "/opt/CAPEv2/modules/signatures/browser_startpage.py" installed File "/opt/CAPEv2/modules/signatures/bypass_applocker.py" installed File "/opt/CAPEv2/modules/signatures/bypass_firewall.py" installed File "/opt/CAPEv2/modules/signatures/bypass_uac.py" installed File "/opt/CAPEv2/modules/signatures/carberp_mutex.py" installed File "/opt/CAPEv2/modules/signatures/cerber_apis.py" installed File "/opt/CAPEv2/modules/signatures/chimera_apis.py" installed File "/opt/CAPEv2/modules/signatures/clamav.py" installed File "/opt/CAPEv2/modules/signatures/clears_logs.py" installed File "/opt/CAPEv2/modules/signatures/clickfraud_cookies.py" installed File "/opt/CAPEv2/modules/signatures/clickfraud_volume.py" installed File "/opt/CAPEv2/modules/signatures/cmdline_anomaly.py" installed File "/opt/CAPEv2/modules/signatures/codelux_apis.py" installed File "/opt/CAPEv2/modules/signatures/collects_systeminfo_cmd.py" installed File "/opt/CAPEv2/modules/signatures/compile_dotnet_code.py" installed File "/opt/CAPEv2/modules/signatures/copies_self.py" installed File "/opt/CAPEv2/modules/signatures/creates_exe.py" installed File "/opt/CAPEv2/modules/signatures/creates_largekey.py" installed File "/opt/CAPEv2/modules/signatures/creates_nullvalue.py" installed File "/opt/CAPEv2/modules/signatures/credential_access.py" installed File "/opt/CAPEv2/modules/signatures/credential_dumping.py" installed File "/opt/CAPEv2/modules/signatures/critical_process.py" installed File "/opt/CAPEv2/modules/signatures/cryptomining.py" installed File "/opt/CAPEv2/modules/signatures/cryptopools.py" installed File "/opt/CAPEv2/modules/signatures/cryptowall_apis.py" installed File "/opt/CAPEv2/modules/signatures/cve_2014_6332.py" installed File "/opt/CAPEv2/modules/signatures/cve_2015_2419.py" installed File "/opt/CAPEv2/modules/signatures/cve_2016-0189.py" installed File "/opt/CAPEv2/modules/signatures/cve_2016_7200.py" installed File "/opt/CAPEv2/modules/signatures/cypherit_mutex.py" installed File "/opt/CAPEv2/modules/signatures/darkcomet_regkeys.py" installed File "/opt/CAPEv2/modules/signatures/dead_connect.py" installed File "/opt/CAPEv2/modules/signatures/dead_link.py" installed File "/opt/CAPEv2/modules/signatures/debugs_self.py" installed File "/opt/CAPEv2/modules/signatures/decoy_doc.py" installed File "/opt/CAPEv2/modules/signatures/decoy_image.py" installed File "/opt/CAPEv2/modules/signatures/deepfreeze_mutex.py" installed File "/opt/CAPEv2/modules/signatures/deletes_self.py" installed File "/opt/CAPEv2/modules/signatures/deletes_shadowcopies.py" installed File "/opt/CAPEv2/modules/signatures/deletes_system_backup.py" installed File "/opt/CAPEv2/modules/signatures/dep_bypass.py" installed File "/opt/CAPEv2/modules/signatures/dep_disable.py" installed File "/opt/CAPEv2/modules/signatures/disables_app.py" installed File "/opt/CAPEv2/modules/signatures/disables_backups.py" installed File "/opt/CAPEv2/modules/signatures/disables_browserwarn.py" installed File "/opt/CAPEv2/modules/signatures/disables_drives_autodisconnect.py" installed File "/opt/CAPEv2/modules/signatures/disables_event_logging.py" installed File "/opt/CAPEv2/modules/signatures/disables_folder_options.py" installed File "/opt/CAPEv2/modules/signatures/disables_notificationcenter.py" installed File "/opt/CAPEv2/modules/signatures/disables_run_command.py" installed File "/opt/CAPEv2/modules/signatures/disables_smartscreen.py" installed File "/opt/CAPEv2/modules/signatures/disables_spdy.py" installed File "/opt/CAPEv2/modules/signatures/disables_sysrestore.py" installed File "/opt/CAPEv2/modules/signatures/disables_uac.py" installed File "/opt/CAPEv2/modules/signatures/disables_wer.py" installed File "/opt/CAPEv2/modules/signatures/disables_wfp.py" installed File "/opt/CAPEv2/modules/signatures/disables_windefender.py" installed File "/opt/CAPEv2/modules/signatures/disables_windowsupdate.py" installed File "/opt/CAPEv2/modules/signatures/disables_winfirewall.py" installed File "/opt/CAPEv2/modules/signatures/downloader_andromut_mutex.py" installed File "/opt/CAPEv2/modules/signatures/downloader_cabby.py" installed File "/opt/CAPEv2/modules/signatures/downloader_guloader.py" installed File "/opt/CAPEv2/modules/signatures/downloader_phorpiex_mutex.py" installed File "/opt/CAPEv2/modules/signatures/downloader_protonbot_mutex.py" installed File "/opt/CAPEv2/modules/signatures/dridex_apis.py" installed File "/opt/CAPEv2/modules/signatures/driver_load.py" installed File "/opt/CAPEv2/modules/signatures/dropper.py" installed File "/opt/CAPEv2/modules/signatures/dropper_js.py" installed File "/opt/CAPEv2/modules/signatures/dynamic_function_loading.py" installed File "/opt/CAPEv2/modules/signatures/dyre_apis.py" installed File "/opt/CAPEv2/modules/signatures/ek_angler.py" installed File "/opt/CAPEv2/modules/signatures/ek_gondad.py" installed File "/opt/CAPEv2/modules/signatures/ek_heapsray.py" installed File "/opt/CAPEv2/modules/signatures/ek_javaapplet.py" installed File "/opt/CAPEv2/modules/signatures/ek_neutrino.py" installed File "/opt/CAPEv2/modules/signatures/ek_nuclear.py" installed File "/opt/CAPEv2/modules/signatures/ek_rig.py" installed File "/opt/CAPEv2/modules/signatures/ek_silverlight.py" installed File "/opt/CAPEv2/modules/signatures/ek_sundown.py" installed File "/opt/CAPEv2/modules/signatures/ek_virtualcheck.py" installed File "/opt/CAPEv2/modules/signatures/encrypted_ioc.py" installed File "/opt/CAPEv2/modules/signatures/excel4_macro_urls.py" installed File "/opt/CAPEv2/modules/signatures/exec_crash.py" installed File "/opt/CAPEv2/modules/signatures/execution_suspicious.py" installed File "/opt/CAPEv2/modules/signatures/exploit_getbasekerneladdress.py" installed File "/opt/CAPEv2/modules/signatures/exploit_gethaldispatchtable.py" installed File "/opt/CAPEv2/modules/signatures/exploit_heapspray.py" installed File "/opt/CAPEv2/modules/signatures/exploitation_framework_koadic.py" installed File "/opt/CAPEv2/modules/signatures/family_proxyback.py" installed File "/opt/CAPEv2/modules/signatures/forces_mappeddrives_uac.py" installed File "/opt/CAPEv2/modules/signatures/generic_metrics.py" installed File "/opt/CAPEv2/modules/signatures/generic_phish.py" installed File "/opt/CAPEv2/modules/signatures/gootkit_apis.py" installed File "/opt/CAPEv2/modules/signatures/h1n1_apis.py" installed File "/opt/CAPEv2/modules/signatures/hancitor_apis.py" installed File "/opt/CAPEv2/modules/signatures/hawkeye_apis.py" installed File "/opt/CAPEv2/modules/signatures/http_request.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_arkei.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_azorult_mutex.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_bitcoin.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_browser.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_browser_password.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_ftp.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_im.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_keylog.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_mail.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_masslogger.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_purplewave.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_qulab.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_raccoon.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_vidar.py" installed File "/opt/CAPEv2/modules/signatures/injection_createremotethread.py" installed File "/opt/CAPEv2/modules/signatures/injection_explorer.py" installed File "/opt/CAPEv2/modules/signatures/injection_needextension.py" installed File "/opt/CAPEv2/modules/signatures/injection_network.py" installed File "/opt/CAPEv2/modules/signatures/injection_runpe.py" installed File "/opt/CAPEv2/modules/signatures/injection_rwx.py" installed File "/opt/CAPEv2/modules/signatures/injection_themeinitapihook.py" installed File "/opt/CAPEv2/modules/signatures/internet_dropper.py" installed File "/opt/CAPEv2/modules/signatures/ipc_namedpipe.py" installed File "/opt/CAPEv2/modules/signatures/ispy_apis.py" installed File "/opt/CAPEv2/modules/signatures/js_phish.py" installed File "/opt/CAPEv2/modules/signatures/js_suspicious_redirect.py" installed File "/opt/CAPEv2/modules/signatures/kazybot_apis.py" installed File "/opt/CAPEv2/modules/signatures/kelihos_apis.py" installed File "/opt/CAPEv2/modules/signatures/kibex_apis.py" installed File "/opt/CAPEv2/modules/signatures/kovter_apis.py" installed File "/opt/CAPEv2/modules/signatures/kraken_mutex.py" installed File "/opt/CAPEv2/modules/signatures/locker_regedit.py" installed File "/opt/CAPEv2/modules/signatures/locker_taskmgr.py" installed File "/opt/CAPEv2/modules/signatures/locky_apis.py" installed File "/opt/CAPEv2/modules/signatures/malicious_dynamic_function_loading.py" installed File "/opt/CAPEv2/modules/signatures/malware_data_encryption.py" installed File "/opt/CAPEv2/modules/signatures/martians_ie.py" installed File "/opt/CAPEv2/modules/signatures/martians_office.py" installed File "/opt/CAPEv2/modules/signatures/mimics_agent.py" installed File "/opt/CAPEv2/modules/signatures/mimics_filename.py" installed File "/opt/CAPEv2/modules/signatures/mimics_filetime.py" installed File "/opt/CAPEv2/modules/signatures/mimics_icon.py" installed File "/opt/CAPEv2/modules/signatures/mimics_processname.py" installed File "/opt/CAPEv2/modules/signatures/mimikatz_modules.py" installed File "/opt/CAPEv2/modules/signatures/modifies_certs.py" installed File "/opt/CAPEv2/modules/signatures/modifies_hostsfile.py" installed File "/opt/CAPEv2/modules/signatures/modifies_seccenter.py" installed File "/opt/CAPEv2/modules/signatures/modifies_uac_notify.py" installed File "/opt/CAPEv2/modules/signatures/modifies_wallpaper.py" installed File "/opt/CAPEv2/modules/signatures/move_file_on_reboot.py" installed File "/opt/CAPEv2/modules/signatures/multiple_ua.py" installed File "/opt/CAPEv2/modules/signatures/network_anomaly.py" installed File "/opt/CAPEv2/modules/signatures/network_bind.py" installed File "/opt/CAPEv2/modules/signatures/network_cnc_generic.py" installed File "/opt/CAPEv2/modules/signatures/network_cnc_http.py" installed File "/opt/CAPEv2/modules/signatures/network_dga.py" installed File "/opt/CAPEv2/modules/signatures/network_dns_suspicious.py" installed File "/opt/CAPEv2/modules/signatures/network_docfile_http.py" installed File "/opt/CAPEv2/modules/signatures/network_encrypts_single_packet.py" installed File "/opt/CAPEv2/modules/signatures/network_excessive_udp.py" installed File "/opt/CAPEv2/modules/signatures/network_explorer.py" installed File "/opt/CAPEv2/modules/signatures/network_http.py" installed File "/opt/CAPEv2/modules/signatures/network_icmp.py" installed File "/opt/CAPEv2/modules/signatures/network_irc.py" installed File "/opt/CAPEv2/modules/signatures/network_smtp.py" installed File "/opt/CAPEv2/modules/signatures/network_temp_file_storage.py" installed File "/opt/CAPEv2/modules/signatures/network_tor.py" installed File "/opt/CAPEv2/modules/signatures/network_tor_service.py" installed File "/opt/CAPEv2/modules/signatures/network_torgateway.py" installed File "/opt/CAPEv2/modules/signatures/nymaim_apis.py" installed File "/opt/CAPEv2/modules/signatures/office_codepage.py" installed File "/opt/CAPEv2/modules/signatures/office_dll_loading.py" installed File "/opt/CAPEv2/modules/signatures/office_exploit.py" installed File "/opt/CAPEv2/modules/signatures/office_macro.py" installed File "/opt/CAPEv2/modules/signatures/office_macro_suspicious.py" installed File "/opt/CAPEv2/modules/signatures/office_rtf.py" installed File "/opt/CAPEv2/modules/signatures/office_security.py" installed File "/opt/CAPEv2/modules/signatures/office_suspicious.py" installed File "/opt/CAPEv2/modules/signatures/office_suspicious_process.py" installed File "/opt/CAPEv2/modules/signatures/office_write_exe.py" installed File "/opt/CAPEv2/modules/signatures/origin_langid.py" installed File "/opt/CAPEv2/modules/signatures/origin_resource_langid.py" installed File "/opt/CAPEv2/modules/signatures/packer_anomaly.py" installed File "/opt/CAPEv2/modules/signatures/packer_armadillo_mutex.py" installed File "/opt/CAPEv2/modules/signatures/packer_armadillo_regkey.py" installed File "/opt/CAPEv2/modules/signatures/packer_aspack.py" installed File "/opt/CAPEv2/modules/signatures/packer_aspirecrypt.py" installed File "/opt/CAPEv2/modules/signatures/packer_bedsprotector.py" installed File "/opt/CAPEv2/modules/signatures/packer_confuser.py" installed File "/opt/CAPEv2/modules/signatures/packer_enigma.py" installed File "/opt/CAPEv2/modules/signatures/packer_entropy.py" installed File "/opt/CAPEv2/modules/signatures/packer_mpress.py" installed File "/opt/CAPEv2/modules/signatures/packer_nate.py" installed File "/opt/CAPEv2/modules/signatures/packer_nspack.py" installed File "/opt/CAPEv2/modules/signatures/packer_smartassembly.py" installed File "/opt/CAPEv2/modules/signatures/packer_spices.py" installed File "/opt/CAPEv2/modules/signatures/packer_themida.py" installed File "/opt/CAPEv2/modules/signatures/packer_titan.py" installed File "/opt/CAPEv2/modules/signatures/packer_upx.py" installed File "/opt/CAPEv2/modules/signatures/packer_vmprotect.py" installed File "/opt/CAPEv2/modules/signatures/packer_yoda.py" installed File "/opt/CAPEv2/modules/signatures/pdf_annot_urls.py" installed File "/opt/CAPEv2/modules/signatures/persistence_ads.py" installed File "/opt/CAPEv2/modules/signatures/persistence_autorun.py" installed File "/opt/CAPEv2/modules/signatures/persistence_bootexecute.py" installed File "/opt/CAPEv2/modules/signatures/persistence_fileless.py" installed File "/opt/CAPEv2/modules/signatures/persistence_ifeo.py" installed File "/opt/CAPEv2/modules/signatures/persistence_remotedesktop.py" installed File "/opt/CAPEv2/modules/signatures/persistence_service.py" installed File "/opt/CAPEv2/modules/signatures/persistence_shim.py" installed File "/opt/CAPEv2/modules/signatures/polymorphic.py" installed File "/opt/CAPEv2/modules/signatures/pony_apis.py" installed File "/opt/CAPEv2/modules/signatures/powerpool_mutex.py" installed File "/opt/CAPEv2/modules/signatures/powershell_command.py" installed File "/opt/CAPEv2/modules/signatures/ppp_pcre.py" installed File "/opt/CAPEv2/modules/signatures/prevents_safeboot.py" installed File "/opt/CAPEv2/modules/signatures/process_interest.py" installed File "/opt/CAPEv2/modules/signatures/process_needed.py" installed File "/opt/CAPEv2/modules/signatures/procmem_yara.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_crypto.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_cryptomix.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_dharma.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_dmalocker.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_fileextensions.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_filemodifications.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_files.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_fonix_mutex.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_gandcrab.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_germanwiper.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_medusalocker.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_message.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_nemty.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_radamant.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_recyclebin.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_revil_mutex.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_satan_mutex.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_snake_mutex.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_sodinokibi.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_stop.py" installed File "/opt/CAPEv2/modules/signatures/rat_beebus_mutex.py" installed File "/opt/CAPEv2/modules/signatures/rat_blackremote.py" installed File "/opt/CAPEv2/modules/signatures/rat_dcrat.py" installed File "/opt/CAPEv2/modules/signatures/rat_fynloski_mutex.py" installed File "/opt/CAPEv2/modules/signatures/rat_karagany.py" installed File "/opt/CAPEv2/modules/signatures/rat_limerat.py" installed File "/opt/CAPEv2/modules/signatures/rat_luminosity.py" installed File "/opt/CAPEv2/modules/signatures/rat_modi.py" installed File "/opt/CAPEv2/modules/signatures/rat_nanocore.py" installed File "/opt/CAPEv2/modules/signatures/rat_netwire.py" installed File "/opt/CAPEv2/modules/signatures/rat_njrat_regkeys.py" installed File "/opt/CAPEv2/modules/signatures/rat_oblique.py" installed File "/opt/CAPEv2/modules/signatures/rat_orcus.py" installed File "/opt/CAPEv2/modules/signatures/rat_parallax_mutex.py" installed File "/opt/CAPEv2/modules/signatures/rat_pcclient.py" installed File "/opt/CAPEv2/modules/signatures/rat_plugx_mutex.py" installed File "/opt/CAPEv2/modules/signatures/rat_poisonivy.py" installed File "/opt/CAPEv2/modules/signatures/rat_quasar.py" installed File "/opt/CAPEv2/modules/signatures/rat_ratsnif_mutex.py" installed File "/opt/CAPEv2/modules/signatures/rat_spynet.py" installed File "/opt/CAPEv2/modules/signatures/rat_trochilus.py" installed File "/opt/CAPEv2/modules/signatures/rat_venom.py" installed File "/opt/CAPEv2/modules/signatures/rat_warzone.py" installed File "/opt/CAPEv2/modules/signatures/rat_xpert.py" installed File "/opt/CAPEv2/modules/signatures/rat_xtreme_mutex.py" installed File "/opt/CAPEv2/modules/signatures/reads_self.py" installed File "/opt/CAPEv2/modules/signatures/recon_beacon.py" installed File "/opt/CAPEv2/modules/signatures/recon_checkip.py" installed File "/opt/CAPEv2/modules/signatures/recon_fingerprint.py" installed File "/opt/CAPEv2/modules/signatures/recon_programs.py" installed File "/opt/CAPEv2/modules/signatures/recon_systeminfo.py" installed File "/opt/CAPEv2/modules/signatures/recyclebin_access.py" installed File "/opt/CAPEv2/modules/signatures/remcos.py" installed File "/opt/CAPEv2/modules/signatures/remote_desktop.py" installed File "/opt/CAPEv2/modules/signatures/removes_zoneid_ads.py" installed File "/opt/CAPEv2/modules/signatures/script_downloader.py" installed File "/opt/CAPEv2/modules/signatures/secure_login_phish.py" installed File "/opt/CAPEv2/modules/signatures/securityxploded_modules.py" installed File "/opt/CAPEv2/modules/signatures/setsautoconfigurl.py" installed File "/opt/CAPEv2/modules/signatures/shifu_apis.py" installed File "/opt/CAPEv2/modules/signatures/sniffer_winpcap.py" installed File "/opt/CAPEv2/modules/signatures/spoofs_procname.py" installed File "/opt/CAPEv2/modules/signatures/spreading_autoruninf.py" installed File "/opt/CAPEv2/modules/signatures/stack_pivot.py" installed File "/opt/CAPEv2/modules/signatures/static_authenticode.py" installed File "/opt/CAPEv2/modules/signatures/static_dotnet_anomaly.py" installed File "/opt/CAPEv2/modules/signatures/static_java.py" installed File "/opt/CAPEv2/modules/signatures/static_pdf.py" installed File "/opt/CAPEv2/modules/signatures/static_pe_anomaly.py" installed File "/opt/CAPEv2/modules/signatures/static_rat_config.py" installed File "/opt/CAPEv2/modules/signatures/static_versioninfo_anomaly.py" installed File "/opt/CAPEv2/modules/signatures/stealth_childproc.py" installed File "/opt/CAPEv2/modules/signatures/stealth_file.py" installed File "/opt/CAPEv2/modules/signatures/stealth_hiddenextension.py" installed File "/opt/CAPEv2/modules/signatures/stealth_hiddenreg.py" installed File "/opt/CAPEv2/modules/signatures/stealth_hidenotifications.py" installed File "/opt/CAPEv2/modules/signatures/stealth_network.py" installed File "/opt/CAPEv2/modules/signatures/stealth_timelimit.py" installed File "/opt/CAPEv2/modules/signatures/stealth_webhistory.py" installed File "/opt/CAPEv2/modules/signatures/stealth_window.py" installed File "/opt/CAPEv2/modules/signatures/suricata_alert.py" installed File "/opt/CAPEv2/modules/signatures/sysinternals.py" installed File "/opt/CAPEv2/modules/signatures/tampers_etw.py" installed File "/opt/CAPEv2/modules/signatures/tampers_powershell_logging.py" installed File "/opt/CAPEv2/modules/signatures/targeted_flame.py" installed File "/opt/CAPEv2/modules/signatures/territorial_disputes_sigs.py" installed File "/opt/CAPEv2/modules/signatures/tinba_apis.py" installed File "/opt/CAPEv2/modules/signatures/trickbot_files.py" installed File "/opt/CAPEv2/modules/signatures/trickbot_mutex.py" installed File "/opt/CAPEv2/modules/signatures/trojan_fleercivet_mutex.py" installed File "/opt/CAPEv2/modules/signatures/trojan_lokibot_mutex.py" installed File "/opt/CAPEv2/modules/signatures/troldesh_apis.py" installed File "/opt/CAPEv2/modules/signatures/upatre_apis.py" installed File "/opt/CAPEv2/modules/signatures/ursnif_apis.py" installed File "/opt/CAPEv2/modules/signatures/user_enum.py" installed File "/opt/CAPEv2/modules/signatures/uses_adfind.py" installed File "/opt/CAPEv2/modules/signatures/vawtrak_apis.py" installed File "/opt/CAPEv2/modules/signatures/vawtrak_dll_apis.py" installed File "/opt/CAPEv2/modules/signatures/virus.py" installed File "/opt/CAPEv2/modules/signatures/virus_neshta.py" installed File "/opt/CAPEv2/modules/signatures/virus_renamer_mutex.py" installed File "/opt/CAPEv2/modules/signatures/volatility_sig.py" installed File "/opt/CAPEv2/modules/signatures/webmail_phish.py" installed File "/opt/CAPEv2/modules/signatures/webshell.py" installed File "/opt/CAPEv2/modules/signatures/whitelisting_bypass_dev_utils.py" installed File "/opt/CAPEv2/modules/signatures/whois_create.py" installed File "/opt/CAPEv2/modules/signatures/windows_utilities.py" installed File "/opt/CAPEv2/modules/signatures/wmi.py" installed File "/opt/CAPEv2/modules/signatures/worm_allaple_mutex.py" installed
Installing REPORTING File "/opt/CAPEv2/modules/reporting/init.py" installed File "/opt/CAPEv2/modules/reporting/elasticsearchdb.py" installed File "/opt/CAPEv2/modules/reporting/malheur.py" installed File "/opt/CAPEv2/modules/reporting/moloch.py" installed File "/opt/CAPEv2/modules/reporting/pcap2cert.py" installed
Installing MACHINERY File "/opt/CAPEv2/modules/machinery/init.py" installed File "/opt/CAPEv2/modules/machinery/aws.py" installed File "/opt/CAPEv2/modules/machinery/kvmremote.py" installed File "/opt/CAPEv2/modules/machinery/physical.py" installed
Installing ANALYZER File "/opt/CAPEv2/analyzer/windows/bin/Procmon.exe" installed File "/opt/CAPEv2/analyzer/windows/bin/procmon.pmc" installed File "/opt/CAPEv2/analyzer/windows/modules/auxiliary/procmon.py" installed File "/opt/CAPEv2/analyzer/windows/modules/auxiliary/sysmon.py" installed
Installing DATA File "/opt/CAPEv2/data/malpedia.json" installed File "/opt/CAPEv2/data/malpedia.py" installed File "/opt/CAPEv2/data/mitre_attack.json" installed File "/opt/CAPEv2/data/peutils/UserDB.TXT" installed File "/opt/CAPEv2/data/procyon.jar" installed File "/opt/CAPEv2/data/readme.md" installed File "/opt/CAPEv2/data/trid/trid" installed File "/opt/CAPEv2/data/trid/triddefs.trd" installed File "/opt/CAPEv2/data/trid/tridupdate.py" installed File "/opt/CAPEv2/data/yara/CAPE/AAR.yar" installed File "/opt/CAPEv2/data/yara/CAPE/AcidRain.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Adfind.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Adzok.yar" installed File "/opt/CAPEv2/data/yara/CAPE/AgentTeslaV2.yar" installed File "/opt/CAPEv2/data/yara/CAPE/AlienSpy.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Amadey.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Ap0calypse.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Arcom.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Aspire.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Aurora.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Avaddon.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Avalon.yar" installed File "/opt/CAPEv2/data/yara/CAPE/BACKSPACE.yar" installed File "/opt/CAPEv2/data/yara/CAPE/BackNet.yar" installed File "/opt/CAPEv2/data/yara/CAPE/BackOffLoader.yar" installed File "/opt/CAPEv2/data/yara/CAPE/BackOffPOS.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Baldr.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Bandook.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Bazar.yar" installed File "/opt/CAPEv2/data/yara/CAPE/BitterRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/BlackNix.yar" installed File "/opt/CAPEv2/data/yara/CAPE/BlackShades.yar" installed File "/opt/CAPEv2/data/yara/CAPE/BlackshadesRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/BlueBanana.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Bozok.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Buran.yar" installed File "/opt/CAPEv2/data/yara/CAPE/ChChes.yar" installed File "/opt/CAPEv2/data/yara/CAPE/ChaChaDDoS.yar" installed File "/opt/CAPEv2/data/yara/CAPE/ClientMesh.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Confucius_B.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Cotx_RAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/CryptoStealerGo.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Cutlet.yar" installed File "/opt/CAPEv2/data/yara/CAPE/CyberGate.yar" installed File "/opt/CAPEv2/data/yara/CAPE/DCRat.yar" installed File "/opt/CAPEv2/data/yara/CAPE/DTstealer.yar" installed File "/opt/CAPEv2/data/yara/CAPE/DarkComet.yar" installed File "/opt/CAPEv2/data/yara/CAPE/DarkRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Dridex.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Echelon.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Ekans.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Enfal.yar" installed File "/opt/CAPEv2/data/yara/CAPE/EnigmaStub.yar" installed File "/opt/CAPEv2/data/yara/CAPE/EvilGrab.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Exaramel.yar" installed File "/opt/CAPEv2/data/yara/CAPE/FakeWMI.yar" installed File "/opt/CAPEv2/data/yara/CAPE/FirebirdRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Formbook.yar" installed File "/opt/CAPEv2/data/yara/CAPE/GetCrypt.yar" installed File "/opt/CAPEv2/data/yara/CAPE/GoldenAxe.yar" installed File "/opt/CAPEv2/data/yara/CAPE/GoldenSpy.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Greame.yar" installed File "/opt/CAPEv2/data/yara/CAPE/GuLoader.yar" installed File "/opt/CAPEv2/data/yara/CAPE/HawkEye.yar" installed File "/opt/CAPEv2/data/yara/CAPE/HawkEyev9.yar" installed File "/opt/CAPEv2/data/yara/CAPE/HiddenVNC.yar" installed File "/opt/CAPEv2/data/yara/CAPE/HiddenWasp.yar" installed File "/opt/CAPEv2/data/yara/CAPE/HttpBrowser.yar" installed File "/opt/CAPEv2/data/yara/CAPE/ISRStealer.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Impacket.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Infinity.yar" installed File "/opt/CAPEv2/data/yara/CAPE/JavaDropper.yar" installed File "/opt/CAPEv2/data/yara/CAPE/JoeGo.yar" installed File "/opt/CAPEv2/data/yara/CAPE/KPortScan.yar" installed File "/opt/CAPEv2/data/yara/CAPE/KeyBase.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Kinsing.yar" installed File "/opt/CAPEv2/data/yara/CAPE/KoadicBAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/KoadicDOC.yar" installed File "/opt/CAPEv2/data/yara/CAPE/KoadicJS.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Konni.yar" installed File "/opt/CAPEv2/data/yara/CAPE/LaZagne.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Laturo.yar" installed File "/opt/CAPEv2/data/yara/CAPE/LimeRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/LostDoor.yar" installed File "/opt/CAPEv2/data/yara/CAPE/LuminosityLink.yar" installed File "/opt/CAPEv2/data/yara/CAPE/LuxNet.yar" installed File "/opt/CAPEv2/data/yara/CAPE/M00nD3v.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Mangzamel.yar" installed File "/opt/CAPEv2/data/yara/CAPE/MassLogger.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Maze.yar" installed File "/opt/CAPEv2/data/yara/CAPE/MedusaLocker.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Megumin.yar" installed File "/opt/CAPEv2/data/yara/CAPE/MoDiRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/NETEAGLE.yar" installed File "/opt/CAPEv2/data/yara/CAPE/NLBrute.yar" installed File "/opt/CAPEv2/data/yara/CAPE/NanoCore.yar" installed File "/opt/CAPEv2/data/yara/CAPE/NetWire.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Netwalker.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Nymaim.yar" installed File "/opt/CAPEv2/data/yara/CAPE/ObliqueRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Orion.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Pandora.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Paradox.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Parallax.yar" installed File "/opt/CAPEv2/data/yara/CAPE/PatchWork.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Phoenix.yar" installed File "/opt/CAPEv2/data/yara/CAPE/PillowMint.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Plasma.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Plurox.yar" installed File "/opt/CAPEv2/data/yara/CAPE/PoisonIvy.yar" installed File "/opt/CAPEv2/data/yara/CAPE/PowerPool.yar" installed File "/opt/CAPEv2/data/yara/CAPE/PredatorPain.yar" installed File "/opt/CAPEv2/data/yara/CAPE/ProLock.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Punisher.yar" installed File "/opt/CAPEv2/data/yara/CAPE/PurpleWave.yar" installed File "/opt/CAPEv2/data/yara/CAPE/PyInstaller.yar" installed File "/opt/CAPEv2/data/yara/CAPE/PythoRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/QRat.yar" installed File "/opt/CAPEv2/data/yara/CAPE/QuasarRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Qulab.yar" installed File "/opt/CAPEv2/data/yara/CAPE/RDPWrap.yar" installed File "/opt/CAPEv2/data/yara/CAPE/REvil.yar" installed File "/opt/CAPEv2/data/yara/CAPE/RHttpCtrl.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Racoon.yar" installed File "/opt/CAPEv2/data/yara/CAPE/RagnarLocker.yar" installed File "/opt/CAPEv2/data/yara/CAPE/RedLeaf.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Redsip.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Responder.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Retefe.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Rietspoof.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Robbinhood.yar" installed File "/opt/CAPEv2/data/yara/CAPE/S05Kitty.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Sakula.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Sfile.yar" installed File "/opt/CAPEv2/data/yara/CAPE/ShadowTech.yar" installed File "/opt/CAPEv2/data/yara/CAPE/SmallNet.yar" installed File "/opt/CAPEv2/data/yara/CAPE/SmokeLoader.yar" installed File "/opt/CAPEv2/data/yara/CAPE/SpyGate.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Sub7Nation.yar" installed File "/opt/CAPEv2/data/yara/CAPE/T5000.yar" installed File "/opt/CAPEv2/data/yara/CAPE/TAIDOOR.yar" installed File "/opt/CAPEv2/data/yara/CAPE/TJKeylogger.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Tefosteal.yar" installed File "/opt/CAPEv2/data/yara/CAPE/TreasureHunter.yar" installed File "/opt/CAPEv2/data/yara/CAPE/UPX.yar" installed File "/opt/CAPEv2/data/yara/CAPE/VMProtectStub.yar" installed File "/opt/CAPEv2/data/yara/CAPE/VSSDestroy.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Vertex.yar" installed File "/opt/CAPEv2/data/yara/CAPE/VirusRat.yar" installed File "/opt/CAPEv2/data/yara/CAPE/W1RAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/WarzoneRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/WellMess.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Windows_Credentials_Editor.yar" installed File "/opt/CAPEv2/data/yara/CAPE/XiaoBa.yar" installed File "/opt/CAPEv2/data/yara/CAPE/XpertRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Xtreme.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Zeppelin.yar" installed File "/opt/CAPEv2/data/yara/CAPE/adWind.yar" installed File "/opt/CAPEv2/data/yara/CAPE/jRat.yar" installed File "/opt/CAPEv2/data/yara/CAPE/kiwi_passwords.yar" installed File "/opt/CAPEv2/data/yara/CAPE/njRat.yar" installed File "/opt/CAPEv2/data/yara/CAPE/unrecom.yar" installed File "/opt/CAPEv2/data/yara/CAPE/xRAT.yar" installed File "/opt/CAPEv2/data/yara/binaries/Generic_Phishing_PDF.yar" installed File "/opt/CAPEv2/data/yara/binaries/HeavensGate.yar" installed File "/opt/CAPEv2/data/yara/binaries/LNK_Ruleset.yar" installed File "/opt/CAPEv2/data/yara/binaries/OLEfile_in_CAD_FAS_LSP.yar" installed File "/opt/CAPEv2/data/yara/binaries/Webshell_in_image.yar" installed File "/opt/CAPEv2/data/yara/binaries/embedded.yar" installed File "/opt/CAPEv2/data/yara/binaries/shellcodes.yar" installed File "/opt/CAPEv2/data/yara/binaries/vmdetect.yar" installed File "/opt/CAPEv2/data/yara/memory/Exploit_HT_Flash_Vars.yar" installed File "/opt/CAPEv2/data/yara/memory/Exploit_HT_VRename.yar" installed File "/opt/CAPEv2/data/yara/memory/adgholas.yar" installed File "/opt/CAPEv2/data/yara/memory/angler.yar" installed File "/opt/CAPEv2/data/yara/memory/astrum.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2013_2551.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2014_0515.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2014_0569.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2014_6332.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2015_0016.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2015_2419.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2015_2545.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2015_5122.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2016_0189.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2016_3298.yar" installed File "/opt/CAPEv2/data/yara/memory/darkcomet.yar" installed File "/opt/CAPEv2/data/yara/memory/dridex.yar" installed File "/opt/CAPEv2/data/yara/memory/dyre.yar" installed File "/opt/CAPEv2/data/yara/memory/eitest.yar" installed File "/opt/CAPEv2/data/yara/memory/flash_exploits.yar" installed File "/opt/CAPEv2/data/yara/memory/kazybot.yar" installed File "/opt/CAPEv2/data/yara/memory/neutrino.yar" installed File "/opt/CAPEv2/data/yara/memory/nuclear.yar" installed File "/opt/CAPEv2/data/yara/memory/rig.yar" installed File "/opt/CAPEv2/data/yara/memory/shellcodes.yar" installed File "/opt/CAPEv2/data/yara/memory/sundown.yar" installed
doomedraven
commented
4 years ago so just restart process to pick the changes, and you can reprocess the job with python3 process.py -r ID_HERE
powerade661
commented
4 years ago So I tried that it and it doesn't restart the report, this is what happens. Tried with different switches as well.
doomedraven
commented
4 years ago try -r 4 -d
powerade661
commented
4 years ago Output for that, I copy and pasted as HTML for easy reading
pywin32 is not installed (only is required if you want to use MS Excel)
2020-09-11 14:07:47,951 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "CAPE" on analysis at "/opt/CAPEv2/storage/analyses/4"
2020-09-11 14:07:47,988 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "AnalysisInfo" on analysis at "/opt/CAPEv2/storage/analyses/4"
2020-09-11 14:07:48,003 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "BehaviorAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/4"
2020-09-11 14:07:48,003 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Curtain" on analysis at "/opt/CAPEv2/storage/analyses/4"
2020-09-11 14:07:48,004 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Debug" on analysis at "/opt/CAPEv2/storage/analyses/4"
2020-09-11 14:07:48,005 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Deduplicate" on analysis at "/opt/CAPEv2/storage/analyses/4"
2020-09-11 14:07:48,129 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Dropped" on analysis at "/opt/CAPEv2/storage/analyses/4"
2020-09-11 14:07:48,130 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "NetworkAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/4"
2020-09-11 14:07:48,275 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "ProcDump" on analysis at "/opt/CAPEv2/storage/analyses/4"
2020-09-11 14:07:48,276 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Static" on analysis at "/opt/CAPEv2/storage/analyses/4"
2020-09-11 14:07:48,284 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Strings" on analysis at "/opt/CAPEv2/storage/analyses/4"
2020-09-11 14:07:48,306 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Suricata" on analysis at "/opt/CAPEv2/storage/analyses/4"
2020-09-11 14:07:48,326 [modules.processing.suricata] DEBUG: pcapfile list: {'message': {'count': 0, 'files': []}, 'return': 'OK'} current pcap: {'message': '/opt/CAPEv2/storage/analyses/4/dump.pcap', 'return': 'OK'}
2020-09-11 14:07:53,327 [modules.processing.suricata] DEBUG: pcapfile list: {'message': {'count': 0, 'files': []}, 'return': 'OK'} current pcap: {'message': 'None', 'return': 'OK'}
2020-09-11 14:07:53,327 [modules.processing.suricata] DEBUG: Pcap not in list and not current pcap lets assume it's processed
2020-09-11 14:07:53,330 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "TargetInfo" on analysis at "/opt/CAPEv2/storage/analyses/4"
2020-09-11 14:07:53,368 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "VirusTotal" on analysis at "/opt/CAPEv2/storage/analyses/4"
2020-09-11 14:07:53,603 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "ProcessMemory" on analysis at "/opt/CAPEv2/storage/analyses/4"
2020-09-11 14:07:53,611 [lib.cuckoo.core.plugins] DEBUG: Applying signature overlays for signatures: creates_exe
2020-09-11 14:07:53,612 [lib.cuckoo.core.plugins] DEBUG: Running 340 evented signatures
2020-09-11 14:07:53,612 [lib.cuckoo.core.plugins] DEBUG: |-- cape_detected_threat
2020-09-11 14:07:53,612 [lib.cuckoo.core.plugins] DEBUG: |-- Compression
2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- Decryption
2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- Doppelganging
2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- EvilGrab
2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionInterProcess
2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionCreateRemoteThread
2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionProcessHollowing
2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionSetWindowLong
2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- PlugX
2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- RegBinary
2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- TransactedHollowing
2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- Unpacker
2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_mailslot
2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_netlogon_regkey
2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_sysvol
2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- alphacrypt_behavior
2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- andromeda_behavior
2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- anomalous_deletefile
2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_360_libs
2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_ahnlab_libs
2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_avast_libs
2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_bitdefender_libs
2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_bullgaurd_libs
2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_emsisoft_libs
2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_qurb_libs
2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_servicestop
2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antidbg_windows
2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_addvectoredexceptionhandler
2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_apioverride_libs
2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_checkremotedebuggerpresent
2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_debugactiveprocess
2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_gettickcount
2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_guardpages
2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_ntcreatethreadex
2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_nthookengine_libs
2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_ntsetinformationthread
2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_outputdebugstring
2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_setunhandledexceptionfilter
2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antiemu_wine_func
2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_check_userdomain
2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_cuckoo
2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_cuckoocrash
2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_mouse_hook
2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_restart
2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sboxie_libs
2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sboxie_objects
2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_script_timer
2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sleep
2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sunbelt_libs
2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_suspend
2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_unhook
2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_directory_objects
2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_disk
2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_disk_setupapi
2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_scsi
2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_services
2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_libs
2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_provname
2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_window
2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vmware_events
2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vmware_libs
2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- api_spamming
2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- banker_prinimalka
2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- bcdedit_command
2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- betabot_behavior
2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_primary_patition
2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- bootkit
2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- direct_hdd_access
2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- physical_drive_access
2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- browser_needed
2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- browser_scanbox
2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- odbcconf_bypass
2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- regsvr32_squiblydoo_dll_load
2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- squiblydoo_bypass
2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- squiblytwo_bypass
2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- uac_bypass_cmstp
2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- uac_bypass_delegateexecute_sdclt
2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- uac_bypass_eventvwr
2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- uac_bypass_fodhelper
2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- cape_extracted_content
2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- cerber_behavior
2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- chimera_behavior
2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- clears_logs
2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- clickfraud_cookies
2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- clickfraud_volume
2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_obfuscation
2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_switches
2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_terminate
2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- commandline_forfiles_wildcard
2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_http_link
2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- commandline_long_string
2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_reversed_http_link
2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- long_commandline
2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_renamed_commandline
2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- system_account_disovery_cmd
2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- system_info_disovery_cmd
2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- system_info_disovery_pwsh
2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- system_network_discovery_cmd
2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- system_network_discovery_pwsh
2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- system_user_disovery_cmd
2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- dotnet_code_compile
2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- creates_largekey
2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- creates_nullvalue
2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- file_credential_store_access
2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- lsass_credential_dumping
2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- registry_credential_dumping
2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- registry_credential_store_access
2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- registry_lsa_secrets_access
2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- critical_process
2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- cyrptomining_stratum_command
2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- cryptowall_behavior
2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2014_6332
2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2015_2419_js
2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2016-0189
2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2016_7200
2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- dead_connect
2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- dead_link
2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- debugs_self
2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- decoy_document
2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- decoy_image
2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- deletes_self
2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- deletes_shadow_copies
2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- deletes_system_state_backup
2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- dep_bypass
2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- dep_disable
2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- disables_backups
2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- disables_mappeddrives_autodisconnect
2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- disables_event_logging
2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- disables_spdy
2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- disables_wfp
2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- guloader_apis
2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- dridex_behavior
2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- driver_load
2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- exe_dropper_js
2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- dynamic_function_loading
2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- dyre_behavior
2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- angler_js
2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- gondad_js
2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- heapspray_js
2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- java_js
2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- Neutrino_js
2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- nuclear_js
2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- rig_js
2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- silverlight_js
2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- sundown_js
2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- virtualcheck_js
2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- encrypted_ioc
2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- exec_crash
2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- process_creation_suspicious_location
2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- exploit_getbasekerneladdress
2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- exploit_gethaldispatchtable
2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- exploit_heapspray
2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- koadic_apis
2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- koadic_network_activity
2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- generic_phish
2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- gootkit_behavior
2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- h1n1_behavior
2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- hancitor_behavior
2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- hawkeye_behavior
2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- http_request
2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- https_urls
2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_browser
2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_browser_password
2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_keylog
2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- masslogger_artifacts
2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- masslogger_files
2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- masslogger_version
2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- purplewave_mutexes
2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- purplewave_network_activity
2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- Raccoon Behavior
2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- Vidar Behavior
2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- injection_createremotethread
2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- injection_explorer
2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- injection_needextension
2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- injection_network_traffic
2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- injection_runpe
2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- injection_rwx
2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- injection_themeinitapihook
2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- internet_dropper
2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- ipc_namedpipe
2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- ispy_behavior
2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- js_phish
2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- js_suspicious_redirect
2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- kazybot_behavior
2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- kelihos_behavior
2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- kibex_behavior
2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- kovter_behavior
2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- Locky_behavior
2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- malicious_dynamic_function_loading
2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- encrypt_data_agenttesla_http
2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- encrypt_data_agentteslat2_http
2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- encrypt_data_nanocore
2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- mimics_agent
2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- mimics_filetime
2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- masquerade_process_name
2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- mimikatz_modules
2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- modifies_desktop_wallpaper
2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- move_file_on_reboot
2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- multiple_useragents
2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- network_anomaly
2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- network_bind
2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_blockchain
2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_idn
2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_opennic
2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_suspicious_querytype
2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_tunneling_request
2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_doh_tls
2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- network_document_http
2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- encrypt_single_http_packet
2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- explorer_http
2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- network_tor
2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- nymaim_behavior
2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- office_addinloading
2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- office_com_load
2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- office_dotnet_load
2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- office_vb_load
2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- office_wmi_load
2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- office_cve2017_11882
2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- office_cve2017_11882_network
2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- office_flash_load
2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- office_postscript
2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_aslr_bypass
2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_anomaly_characterset
2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_anomaly_version
2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_embedded_content
2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_embedded_office_file
2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_exploit_static
2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- office_dde_command
2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- office_suspicious_processes
2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- office_write_exe
2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- packer_themida
2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_autorun
2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_autorun_tasks
2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_safeboot
2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_bootexecute
2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_registry_script
2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_ifeo
2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_slient_process_exit
2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_rdp_registry
2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_shim_database
2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- pony_behavior
2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_network_connection
2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_scriptblock_logging
2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_command_suspicious
2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_renamed
2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_reversed
2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_variable_obfuscation
2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- process_interest
2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- process_needed
2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- mass_data_encryption
2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- dharma_mutexes
2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_dmalocker
2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_file_modifications
2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- fonix_mutexes
2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_message
2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_message_multiple_locations
2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- nemty_network_activity
2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- nemty_note
2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- satan_mutexes
2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- snake_ransom_mutexes
2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- Sodinokibi Behavior
2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- stop_ransom_mutexes
2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- blackrat_apis
2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- blackrat_network_activity
2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- blackrat_registry_keys
2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- dcrat_behavior
2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- rat_luminosity
2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- rat_nanocore
2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- NewtWire Behavior
2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- obliquerat_network_activity
2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- OrcusRAT Behavior
2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- trochilusrat_APIs
2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- xpertrat_files
2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- xpertrat_mutexes
2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- reads_self
2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- recon_beacon
2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- recon_programs
2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- recon_systeminfo
2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_recyclebin
2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- uses_rdp_clip
2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- uses_remote_desktop_session
2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- removes_zoneid_ads
2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- script_created_process
2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- script_network_activity
2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_js_script
2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- secure_login_phish
2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- securityxploded_modules
2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- sets_autoconfig_url
2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- shifu_behavior
2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- spoofs_procname
2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- stack_pivot
2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- stack_pivot_file_created
2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- stack_pivot_process_create
2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_childproc
2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_file
2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_network
2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_timeout
2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_window
2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- sysinternals_psexec
2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- sysinternals_tools
2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- territorial_disputes_sigs
2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- tinba_behavior
2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- TrickBotTaskDelete
2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- upatre_behavior
2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- ursnif_behavior
2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- user_enum
2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- uses_adfind
2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- vawtrak_behavior
2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- vawtrak_behavior
2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- virus
2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- neshta_files
2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- neshta_regkeys
2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- webmail_phish
2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- web_shell_processes
2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- persists_dev_util
2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- spawns_dev_util
2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- alters_windows_utility
2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- dotnet_csc_build
2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- multiple_explorer_instances
2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- overwrites_accessibility_utility
2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- script_tool_executed
2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_certutil_use
2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_command_tools
2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_mpcmdrun_use
2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_ping_use
2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities
2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_appcmd
2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_csvde_ldifde
2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_cipher
2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_clickonce
2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_dsquery
2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_mode
2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_ntdsutil
2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_nltest
2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_to_create_scheduled_task
2020-09-11 14:07:53,639 [lib.cuckoo.core.plugins] DEBUG: |-- wmic_command_suspicious
2020-09-11 14:07:53,639 [lib.cuckoo.core.plugins] DEBUG: |-- scrcons_wmi_script_consumer
2020-09-11 14:07:53,639 [lib.cuckoo.core.plugins] DEBUG: |-- wmi_create_process
2020-09-11 14:07:53,639 [lib.cuckoo.core.plugins] DEBUG: `-- wmi_script_process
[]
2020-09-11 14:07:53,648 [lib.cuckoo.core.plugins] DEBUG: Running non-evented signatures
2020-09-11 14:07:53,648 [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_detected_threat"
2020-09-11 14:07:53,648 [lib.cuckoo.core.plugins] DEBUG: Running signature "Compression"
2020-09-11 14:07:53,648 [lib.cuckoo.core.plugins] DEBUG: Running signature "Decryption"
2020-09-11 14:07:53,648 [lib.cuckoo.core.plugins] DEBUG: Running signature "Doppelganging"
2020-09-11 14:07:53,649 [lib.cuckoo.core.plugins] DEBUG: Running signature "EvilGrab"
2020-09-11 14:07:53,649 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionInterProcess"
2020-09-11 14:07:53,649 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionCreateRemoteThread"
2020-09-11 14:07:53,649 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionProcessHollowing"
2020-09-11 14:07:53,649 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionSetWindowLong"
2020-09-11 14:07:53,649 [lib.cuckoo.core.plugins] DEBUG: Running signature "PlugX"
2020-09-11 14:07:53,649 [lib.cuckoo.core.plugins] DEBUG: Running signature "RegBinary"
2020-09-11 14:07:53,649 [lib.cuckoo.core.plugins] DEBUG: Running signature "TransactedHollowing"
2020-09-11 14:07:53,649 [lib.cuckoo.core.plugins] DEBUG: Running signature "Unpacker"
2020-09-11 14:07:53,650 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_mailslot"
2020-09-11 14:07:53,650 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_netlogon_regkey"
2020-09-11 14:07:53,650 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_sysvol"
2020-09-11 14:07:53,650 [lib.cuckoo.core.plugins] DEBUG: Running signature "alphacrypt_behavior"
2020-09-11 14:07:53,650 [lib.cuckoo.core.plugins] DEBUG: Running signature "andromeda_behavior"
2020-09-11 14:07:53,650 [lib.cuckoo.core.plugins] DEBUG: Running signature "anomalous_deletefile"
2020-09-11 14:07:53,650 [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectfile"
2020-09-11 14:07:53,652 [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectreg"
2020-09-11 14:07:53,653 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_360_libs"
2020-09-11 14:07:53,653 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_ahnlab_libs"
2020-09-11 14:07:53,653 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_avast_libs"
2020-09-11 14:07:53,653 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_bitdefender_libs"
2020-09-11 14:07:53,654 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_bullgaurd_libs"
2020-09-11 14:07:53,654 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_attachment_manager"
2020-09-11 14:07:53,654 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectfile"
2020-09-11 14:07:53,656 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectreg"
2020-09-11 14:07:53,660 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_emsisoft_libs"
2020-09-11 14:07:53,660 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_qurb_libs"
2020-09-11 14:07:53,660 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_servicestop"
2020-09-11 14:07:53,660 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_srp"
2020-09-11 14:07:53,660 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidbg_devices"
2020-09-11 14:07:53,661 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidbg_windows"
2020-09-11 14:07:53,661 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_addvectoredexceptionhandler"
2020-09-11 14:07:53,661 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_apioverride_libs"
2020-09-11 14:07:53,661 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_checkremotedebuggerpresent"
2020-09-11 14:07:53,661 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_debugactiveprocess"
2020-09-11 14:07:53,661 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_gettickcount"
2020-09-11 14:07:53,661 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_guardpages"
2020-09-11 14:07:53,661 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_ntcreatethreadex"
2020-09-11 14:07:53,662 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_nthookengine_libs"
2020-09-11 14:07:53,662 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_ntsetinformationthread"
2020-09-11 14:07:53,662 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_outputdebugstring"
2020-09-11 14:07:53,662 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_setunhandledexceptionfilter"
2020-09-11 14:07:53,662 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_reg"
2020-09-11 14:07:53,662 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_func"
2020-09-11 14:07:53,662 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_check_userdomain"
2020-09-11 14:07:53,662 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoo"
2020-09-11 14:07:53,662 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoo_files"
2020-09-11 14:07:53,663 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoocrash"
2020-09-11 14:07:53,663 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_fortinet_files"
2020-09-11 14:07:53,663 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_joe_anubis_files"
2020-09-11 14:07:53,663 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_mouse_hook"
2020-09-11 14:07:53,663 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_restart"
2020-09-11 14:07:53,663 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_libs"
2020-09-11 14:07:53,663 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_mutex"
2020-09-11 14:07:53,663 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_objects"
2020-09-11 14:07:53,664 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_script_timer"
2020-09-11 14:07:53,664 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sleep"
2020-09-11 14:07:53,664 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_files"
2020-09-11 14:07:53,664 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_libs"
2020-09-11 14:07:53,664 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_suspend"
2020-09-11 14:07:53,664 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_threattrack_files"
2020-09-11 14:07:53,664 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_unhook"
2020-09-11 14:07:53,665 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivirus_virustotal"
2020-09-11 14:07:53,665 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_xen_keys"
2020-09-11 14:07:53,665 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_directory_objects"
2020-09-11 14:07:53,665 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_bios"
2020-09-11 14:07:53,665 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_cpu"
2020-09-11 14:07:53,665 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_disk"
2020-09-11 14:07:53,666 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_disk_setupapi"
2020-09-11 14:07:53,666 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_diskreg"
2020-09-11 14:07:53,666 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_scsi"
2020-09-11 14:07:53,666 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_services"
2020-09-11 14:07:53,666 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_system"
2020-09-11 14:07:53,666 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_hyperv_keys"
2020-09-11 14:07:53,667 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_parallels_keys"
2020-09-11 14:07:53,667 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_devices"
2020-09-11 14:07:53,667 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_files"
2020-09-11 14:07:53,668 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_keys"
2020-09-11 14:07:53,669 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_libs"
2020-09-11 14:07:53,669 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_provname"
2020-09-11 14:07:53,669 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_window"
2020-09-11 14:07:53,669 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_devices"
2020-09-11 14:07:53,669 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_events"
2020-09-11 14:07:53,670 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_files"
2020-09-11 14:07:53,670 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_keys"
2020-09-11 14:07:53,670 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_libs"
2020-09-11 14:07:53,671 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_mutexes"
2020-09-11 14:07:53,671 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_files"
2020-09-11 14:07:53,671 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_keys"
2020-09-11 14:07:53,671 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_mutex"
2020-09-11 14:07:53,672 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_xen_keys"
2020-09-11 14:07:53,672 [lib.cuckoo.core.plugins] DEBUG: Running signature "api_spamming"
2020-09-11 14:07:53,672 [lib.cuckoo.core.plugins] DEBUG: Running signature "ketrican_regkeys"
2020-09-11 14:07:53,672 [lib.cuckoo.core.plugins] DEBUG: Running signature "okrum_mutexes"
2020-09-11 14:07:53,673 [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_certs"
2020-09-11 14:07:53,673 [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_ssl_certs"
2020-09-11 14:07:53,673 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_cridex"
2020-09-11 14:07:53,673 [lib.cuckoo.core.plugins] DEBUG: Running signature "geodo_banking_trojan"
2020-09-11 14:07:53,674 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_prinimalka"
2020-09-11 14:07:53,675 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_spyeye_mutexes"
2020-09-11 14:07:53,675 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_mutex"
2020-09-11 14:07:53,675 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_p2p"
2020-09-11 14:07:53,676 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_url"
2020-09-11 14:07:53,676 [lib.cuckoo.core.plugins] DEBUG: Running signature "bcdedit_command"
2020-09-11 14:07:53,676 [lib.cuckoo.core.plugins] DEBUG: Running signature "betabot_behavior"
2020-09-11 14:07:53,676 [lib.cuckoo.core.plugins] DEBUG: Running signature "bitcoin_opencl"
2020-09-11 14:07:53,676 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_primary_patition"
2020-09-11 14:07:53,676 [lib.cuckoo.core.plugins] DEBUG: Running signature "bootkit"
2020-09-11 14:07:53,677 [lib.cuckoo.core.plugins] DEBUG: Running signature "direct_hdd_access"
2020-09-11 14:07:53,677 [lib.cuckoo.core.plugins] DEBUG: Running signature "physical_drive_access"
2020-09-11 14:07:53,677 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_athenahttp"
2020-09-11 14:07:53,677 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_dirtjumper"
2020-09-11 14:07:53,677 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive"
2020-09-11 14:07:53,678 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive2"
2020-09-11 14:07:53,678 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_madness"
2020-09-11 14:07:53,678 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_russkill"
2020-09-11 14:07:53,678 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_addon"
2020-09-11 14:07:53,679 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_helper_object"
2020-09-11 14:07:53,679 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_needed"
2020-09-11 14:07:53,679 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_proxy"
2020-09-11 14:07:53,680 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_scanbox"
2020-09-11 14:07:53,680 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_security"
2020-09-11 14:07:53,681 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_startpage"
2020-09-11 14:07:53,681 [lib.cuckoo.core.plugins] DEBUG: Running signature "odbcconf_bypass"
2020-09-11 14:07:53,681 [lib.cuckoo.core.plugins] DEBUG: Running signature "regsvr32_squiblydoo_dll_load"
2020-09-11 14:07:53,681 [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblydoo_bypass"
2020-09-11 14:07:53,682 [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblytwo_bypass"
2020-09-11 14:07:53,682 [lib.cuckoo.core.plugins] DEBUG: Running signature "bypass_firewall"
2020-09-11 14:07:53,682 [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_cmstp"
2020-09-11 14:07:53,682 [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_delegateexecute_sdclt"
2020-09-11 14:07:53,682 [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_eventvwr"
2020-09-11 14:07:53,682 [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_fodhelper"
2020-09-11 14:07:53,683 [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_extracted_content"
2020-09-11 14:07:53,683 [lib.cuckoo.core.plugins] DEBUG: Running signature "carberp_mutex"
2020-09-11 14:07:53,683 [lib.cuckoo.core.plugins] DEBUG: Running signature "cerber_behavior"
2020-09-11 14:07:53,683 [lib.cuckoo.core.plugins] DEBUG: Running signature "chimera_behavior"
2020-09-11 14:07:53,683 [lib.cuckoo.core.plugins] DEBUG: Running signature "clamav"
2020-09-11 14:07:53,683 [lib.cuckoo.core.plugins] DEBUG: Running signature "clears_logs"
2020-09-11 14:07:53,684 [lib.cuckoo.core.plugins] DEBUG: Running signature "clickfraud_cookies"
2020-09-11 14:07:53,684 [lib.cuckoo.core.plugins] DEBUG: Running signature "clickfraud_volume"
2020-09-11 14:07:53,684 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_obfuscation"
2020-09-11 14:07:53,684 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_switches"
2020-09-11 14:07:53,684 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_terminate"
2020-09-11 14:07:53,684 [lib.cuckoo.core.plugins] DEBUG: Running signature "commandline_forfiles_wildcard"
2020-09-11 14:07:53,684 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_http_link"
2020-09-11 14:07:53,684 [lib.cuckoo.core.plugins] DEBUG: Running signature "commandline_long_string"
2020-09-11 14:07:53,684 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_reversed_http_link"
2020-09-11 14:07:53,685 [lib.cuckoo.core.plugins] DEBUG: Running signature "long_commandline"
2020-09-11 14:07:53,685 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed_commandline"
2020-09-11 14:07:53,685 [lib.cuckoo.core.plugins] DEBUG: Running signature "codelux_behavior"
2020-09-11 14:07:53,685 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_account_disovery_cmd"
2020-09-11 14:07:53,685 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_disovery_cmd"
2020-09-11 14:07:53,685 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_disovery_pwsh"
2020-09-11 14:07:53,686 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_cmd"
2020-09-11 14:07:53,686 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_pwsh"
2020-09-11 14:07:53,686 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_user_disovery_cmd"
2020-09-11 14:07:53,686 [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_code_compile"
2020-09-11 14:07:53,686 [lib.cuckoo.core.plugins] DEBUG: Running signature "copies_self"
2020-09-11 14:07:53,686 [lib.cuckoo.core.plugins] DEBUG: Running signature "creates_largekey"
2020-09-11 14:07:53,686 [lib.cuckoo.core.plugins] DEBUG: Running signature "creates_nullvalue"
2020-09-11 14:07:53,686 [lib.cuckoo.core.plugins] DEBUG: Running signature "enables_wdigest"
2020-09-11 14:07:53,686 [lib.cuckoo.core.plugins] DEBUG: Running signature "file_credential_store_access"
2020-09-11 14:07:53,687 [lib.cuckoo.core.plugins] DEBUG: Running signature "lsass_credential_dumping"
2020-09-11 14:07:53,687 [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_dumping"
2020-09-11 14:07:53,687 [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_store_access"
2020-09-11 14:07:53,687 [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_lsa_secrets_access"
2020-09-11 14:07:53,687 [lib.cuckoo.core.plugins] DEBUG: Running signature "critical_process"
2020-09-11 14:07:53,687 [lib.cuckoo.core.plugins] DEBUG: Running signature "cyrptomining_stratum_command"
2020-09-11 14:07:53,688 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptopool_domains"
2020-09-11 14:07:53,688 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptowall_behavior"
2020-09-11 14:07:53,688 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2014_6332"
2020-09-11 14:07:53,688 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2015_2419_js"
2020-09-11 14:07:53,688 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2016-0189"
2020-09-11 14:07:53,688 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2016_7200"
2020-09-11 14:07:53,688 [lib.cuckoo.core.plugins] DEBUG: Running signature "cypherit_mutexes"
2020-09-11 14:07:53,688 [lib.cuckoo.core.plugins] DEBUG: Running signature "darkcomet_regkeys"
2020-09-11 14:07:53,689 [lib.cuckoo.core.plugins] DEBUG: Running signature "dead_connect"
2020-09-11 14:07:53,689 [lib.cuckoo.core.plugins] DEBUG: Running signature "dead_link"
2020-09-11 14:07:53,689 [lib.cuckoo.core.plugins] DEBUG: Running signature "debugs_self"
2020-09-11 14:07:53,689 [lib.cuckoo.core.plugins] DEBUG: Running signature "decoy_document"
2020-09-11 14:07:53,689 [lib.cuckoo.core.plugins] DEBUG: Running signature "decoy_image"
2020-09-11 14:07:53,689 [lib.cuckoo.core.plugins] DEBUG: Running signature "deepfreeze_mutex"
2020-09-11 14:07:53,689 [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_self"
2020-09-11 14:07:53,690 [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_shadow_copies"
2020-09-11 14:07:53,690 [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_system_state_backup"
2020-09-11 14:07:53,690 [lib.cuckoo.core.plugins] DEBUG: Running signature "dep_bypass"
2020-09-11 14:07:53,690 [lib.cuckoo.core.plugins] DEBUG: Running signature "dep_disable"
2020-09-11 14:07:53,690 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_app_launch"
2020-09-11 14:07:53,690 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_backups"
2020-09-11 14:07:53,691 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_browser_warn"
2020-09-11 14:07:53,692 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_mappeddrives_autodisconnect"
2020-09-11 14:07:53,692 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_event_logging"
2020-09-11 14:07:53,692 [lib.cuckoo.core.plugins] DEBUG: Running signature "disable_folder_options"
2020-09-11 14:07:53,693 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_notificationcenter"
2020-09-11 14:07:53,693 [lib.cuckoo.core.plugins] DEBUG: Running signature "disable_run_command"
2020-09-11 14:07:53,693 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_smartscreen"
2020-09-11 14:07:53,693 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_spdy"
2020-09-11 14:07:53,694 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_system_restore"
2020-09-11 14:07:53,694 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_uac"
2020-09-11 14:07:53,694 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wer"
2020-09-11 14:07:53,694 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wfp"
2020-09-11 14:07:53,694 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender"
2020-09-11 14:07:53,695 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender_logging"
2020-09-11 14:07:53,695 [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_windows_defender_contextmenu"
2020-09-11 14:07:53,696 [lib.cuckoo.core.plugins] DEBUG: Running signature "windows_defender_powershell"
2020-09-11 14:07:53,696 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windowsupdate"
2020-09-11 14:07:53,696 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_winfirewall"
2020-09-11 14:07:53,696 [lib.cuckoo.core.plugins] DEBUG: Running signature "andromut_mutexes"
2020-09-11 14:07:53,697 [lib.cuckoo.core.plugins] DEBUG: Running signature "downloader_cabby"
2020-09-11 14:07:53,697 [lib.cuckoo.core.plugins] DEBUG: Running signature "guloader_apis"
2020-09-11 14:07:53,697 [lib.cuckoo.core.plugins] DEBUG: Running signature "phorpiex_mutexes"
2020-09-11 14:07:53,697 [lib.cuckoo.core.plugins] DEBUG: Running signature "protonbot_mutexes"
2020-09-11 14:07:53,697 [lib.cuckoo.core.plugins] DEBUG: Running signature "dridex_behavior"
2020-09-11 14:07:53,697 [lib.cuckoo.core.plugins] DEBUG: Running signature "driver_load"
2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "dropper"
2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "exe_dropper_js"
2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "dynamic_function_loading"
2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "dyre_behavior"
2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "angler_js"
2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "gondad_js"
2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "heapspray_js"
2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "java_js"
2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "Neutrino_js"
2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "nuclear_js"
2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "rig_js"
2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "silverlight_js"
2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "sundown_js"
2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "virtualcheck_js"
2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypted_ioc"
2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "excel4_macro_urls"
2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "exec_crash"
2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "process_creation_suspicious_location"
2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "exploit_getbasekerneladdress"
2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "exploit_gethaldispatchtable"
2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "exploit_heapspray"
2020-09-11 14:07:53,700 [lib.cuckoo.core.plugins] DEBUG: Running signature "koadic_apis"
2020-09-11 14:07:53,700 [lib.cuckoo.core.plugins] DEBUG: Running signature "koadic_network_activity"
2020-09-11 14:07:53,701 [lib.cuckoo.core.plugins] DEBUG: Running signature "family_proxyback"
2020-09-11 14:07:53,701 [lib.cuckoo.core.plugins] DEBUG: Running signature "mapped_drives_uac"
2020-09-11 14:07:53,701 [lib.cuckoo.core.plugins] DEBUG: Running signature "generic_phish"
2020-09-11 14:07:53,702 [lib.cuckoo.core.plugins] DEBUG: Running signature "gootkit_behavior"
2020-09-11 14:07:53,702 [lib.cuckoo.core.plugins] DEBUG: Running signature "h1n1_behavior"
2020-09-11 14:07:53,702 [lib.cuckoo.core.plugins] DEBUG: Running signature "hancitor_behavior"
2020-09-11 14:07:53,702 [lib.cuckoo.core.plugins] DEBUG: Running signature "hawkeye_behavior"
2020-09-11 14:07:53,702 [lib.cuckoo.core.plugins] DEBUG: Running signature "http_request"
2020-09-11 14:07:53,702 [lib.cuckoo.core.plugins] DEBUG: Running signature "https_urls"
2020-09-11 14:07:53,702 [lib.cuckoo.core.plugins] DEBUG: Running signature "arkei_files"
2020-09-11 14:07:53,702 [lib.cuckoo.core.plugins] DEBUG: Running signature "azorult_mutexes"
2020-09-11 14:07:53,703 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_bitcoin"
2020-09-11 14:07:53,704 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_browser"
2020-09-11 14:07:53,705 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_browser_password"
2020-09-11 14:07:53,705 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_ftp"
2020-09-11 14:07:53,707 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_im"
2020-09-11 14:07:53,708 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_keylog"
2020-09-11 14:07:53,708 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_mail"
2020-09-11 14:07:53,708 [lib.cuckoo.core.plugins] DEBUG: Running signature "masslogger_artifacts"
2020-09-11 14:07:53,708 [lib.cuckoo.core.plugins] DEBUG: Running signature "masslogger_files"
2020-09-11 14:07:53,708 [lib.cuckoo.core.plugins] DEBUG: Running signature "masslogger_version"
2020-09-11 14:07:53,709 [lib.cuckoo.core.plugins] DEBUG: Running signature "purplewave_mutexes"
2020-09-11 14:07:53,709 [lib.cuckoo.core.plugins] DEBUG: Running signature "purplewave_network_activity"
2020-09-11 14:07:53,709 [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_files"
2020-09-11 14:07:53,709 [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_mutexes"
2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "Raccoon Behavior"
2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "Vidar Behavior"
2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_createremotethread"
2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_explorer"
2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_needextension"
2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_network_traffic"
2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_runpe"
2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_rwx"
2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_themeinitapihook"
2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "internet_dropper"
2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "ipc_namedpipe"
2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "ispy_behavior"
2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "js_phish"
2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "js_suspicious_redirect"
2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "kazybot_behavior"
2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "kelihos_behavior"
2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "kibex_behavior"
2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "kovter_behavior"
2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_kraken_mutexes"
2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "locker_regedit"
2020-09-11 14:07:53,712 [lib.cuckoo.core.plugins] DEBUG: Running signature "locker_taskmgr"
2020-09-11 14:07:53,712 [lib.cuckoo.core.plugins] DEBUG: Running signature "Locky_behavior"
2020-09-11 14:07:53,712 [lib.cuckoo.core.plugins] DEBUG: Running signature "malicious_dynamic_function_loading"
2020-09-11 14:07:53,712 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypt_data_agenttesla_http"
2020-09-11 14:07:53,712 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypt_data_agentteslat2_http"
2020-09-11 14:07:53,712 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypt_data_nanocore"
2020-09-11 14:07:53,712 [lib.cuckoo.core.plugins] DEBUG: Running signature "ie_martian_children"
2020-09-11 14:07:53,713 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_martian_children"
2020-09-11 14:07:53,714 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_agent"
2020-09-11 14:07:53,714 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_extension"
2020-09-11 14:07:53,714 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_filetime"
2020-09-11 14:07:53,714 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_icon"
2020-09-11 14:07:53,715 [lib.cuckoo.core.plugins] DEBUG: Running signature "masquerade_process_name"
2020-09-11 14:07:53,715 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimikatz_modules"
2020-09-11 14:07:53,715 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_certs"
2020-09-11 14:07:53,716 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_hostfile"
2020-09-11 14:07:53,716 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_security_center_warnings"
2020-09-11 14:07:53,716 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_uac_prompt"
2020-09-11 14:07:53,717 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_desktop_wallpaper"
2020-09-11 14:07:53,717 [lib.cuckoo.core.plugins] DEBUG: Running signature "move_file_on_reboot"
2020-09-11 14:07:53,717 [lib.cuckoo.core.plugins] DEBUG: Running signature "multiple_useragents"
2020-09-11 14:07:53,717 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_anomaly"
2020-09-11 14:07:53,717 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_bind"
2020-09-11 14:07:53,717 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_country_distribution"
2020-09-11 14:07:53,717 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_multiple_direct_ip_connections"
2020-09-11 14:07:53,718 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_http"
2020-09-11 14:07:53,718 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga"
2020-09-11 14:07:53,718 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_blockchain"
2020-09-11 14:07:53,718 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_idn"
2020-09-11 14:07:53,718 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_opennic"
2020-09-11 14:07:53,718 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_suspicious_querytype"
2020-09-11 14:07:53,718 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_tunneling_request"
2020-09-11 14:07:53,718 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_doh_tls"
2020-09-11 14:07:53,719 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_document_http"
2020-09-11 14:07:53,719 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypt_single_http_packet"
2020-09-11 14:07:53,719 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_excessive_udp"
2020-09-11 14:07:53,719 [lib.cuckoo.core.plugins] DEBUG: Running signature "explorer_http"
2020-09-11 14:07:53,719 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_http"
2020-09-11 14:07:53,719 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_icmp"
2020-09-11 14:07:53,719 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_irc"
2020-09-11 14:07:53,719 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_smtp"
2020-09-11 14:07:53,720 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_temp_file_storage"
2020-09-11 14:07:53,720 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor"
2020-09-11 14:07:53,720 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor_service"
2020-09-11 14:07:53,720 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_torgateway"
2020-09-11 14:07:53,720 [lib.cuckoo.core.plugins] DEBUG: Running signature "nymaim_behavior"
2020-09-11 14:07:53,720 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_code_page"
2020-09-11 14:07:53,720 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_addinloading"
2020-09-11 14:07:53,720 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_com_load"
2020-09-11 14:07:53,721 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_dotnet_load"
2020-09-11 14:07:53,721 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_perfkey"
2020-09-11 14:07:53,721 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_vb_load"
2020-09-11 14:07:53,721 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_wmi_load"
2020-09-11 14:07:53,721 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_cve2017_11882"
2020-09-11 14:07:53,721 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_cve2017_11882_network"
2020-09-11 14:07:53,721 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_flash_load"
2020-09-11 14:07:53,721 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_postscript"
2020-09-11 14:07:53,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro"
2020-09-11 14:07:53,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_autoexecution"
2020-09-11 14:07:53,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_ioc"
2020-09-11 14:07:53,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_malicious_prediction"
2020-09-11 14:07:53,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_suspicious"
2020-09-11 14:07:53,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_aslr_bypass"
2020-09-11 14:07:53,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_characterset"
2020-09-11 14:07:53,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_version"
2020-09-11 14:07:53,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_content"
2020-09-11 14:07:53,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_office_file"
2020-09-11 14:07:53,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_exploit_static"
2020-09-11 14:07:53,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_security"
2020-09-11 14:07:53,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_anomalous_feature"
2020-09-11 14:07:53,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_dde_command"
2020-09-11 14:07:53,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_suspicious_processes"
2020-09-11 14:07:53,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_write_exe"
2020-09-11 14:07:53,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_langid"
2020-09-11 14:07:53,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_resource_langid"
2020-09-11 14:07:53,724 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_unknown_pe_section_name"
2020-09-11 14:07:53,724 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_mutex"
2020-09-11 14:07:53,724 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_regkey"
2020-09-11 14:07:53,724 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspack"
2020-09-11 14:07:53,724 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspirecrypt"
2020-09-11 14:07:53,724 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_bedsprotector"
2020-09-11 14:07:53,724 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_confuser"
2020-09-11 14:07:53,724 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_enigma"
2020-09-11 14:07:53,724 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_entropy"
2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_mpress"
2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nate"
2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nspack"
2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_smartassembly"
2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_spices"
2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_themida"
2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_themida"
2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_titan"
2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_upx"
2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_vmprotect"
2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_yoda"
2020-09-11 14:07:53,726 [lib.cuckoo.core.plugins] DEBUG: Running signature "pdf_annot_urls"
2020-09-11 14:07:53,726 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ads"
2020-09-11 14:07:53,726 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_autorun"
2020-09-11 14:07:53,726 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_autorun_tasks"
2020-09-11 14:07:53,726 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_safeboot"
2020-09-11 14:07:53,726 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_bootexecute"
2020-09-11 14:07:53,726 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_registry_script"
2020-09-11 14:07:53,726 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ifeo"
2020-09-11 14:07:53,727 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_slient_process_exit"
2020-09-11 14:07:53,727 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_rdp_registry"
2020-09-11 14:07:53,727 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_service"
2020-09-11 14:07:53,727 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_shim_database"
2020-09-11 14:07:53,728 [lib.cuckoo.core.plugins] DEBUG: Running signature "polymorphic"
2020-09-11 14:07:53,728 [lib.cuckoo.core.plugins] DEBUG: Running signature "pony_behavior"
2020-09-11 14:07:53,728 [lib.cuckoo.core.plugins] DEBUG: Running signature "powerpool_mutexes"
2020-09-11 14:07:53,728 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_network_connection"
2020-09-11 14:07:53,728 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_scriptblock_logging"
2020-09-11 14:07:53,728 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_command_suspicious"
2020-09-11 14:07:53,728 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed"
2020-09-11 14:07:53,729 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_reversed"
2020-09-11 14:07:53,729 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_variable_obfuscation"
2020-09-11 14:07:53,729 [lib.cuckoo.core.plugins] DEBUG: Running signature "punch_plus_plus_pcres"
2020-09-11 14:07:53,729 [lib.cuckoo.core.plugins] DEBUG: Running signature "prevents_safeboot"
2020-09-11 14:07:53,729 [lib.cuckoo.core.plugins] DEBUG: Running signature "process_interest"
2020-09-11 14:07:53,729 [lib.cuckoo.core.plugins] DEBUG: Running signature "process_needed"
2020-09-11 14:07:53,729 [lib.cuckoo.core.plugins] DEBUG: Running signature "procmem_yara"
2020-09-11 14:07:53,729 [lib.cuckoo.core.plugins] DEBUG: Running signature "mass_data_encryption"
2020-09-11 14:07:53,730 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptomix_mutexes"
2020-09-11 14:07:53,730 [lib.cuckoo.core.plugins] DEBUG: Running signature "dharma_mutexes"
2020-09-11 14:07:53,730 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_dmalocker"
2020-09-11 14:07:53,730 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_extensions"
2020-09-11 14:07:53,734 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_file_modifications"
2020-09-11 14:07:53,734 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_files"
2020-09-11 14:07:53,739 [lib.cuckoo.core.plugins] DEBUG: Running signature "fonix_mutexes"
2020-09-11 14:07:53,740 [lib.cuckoo.core.plugins] DEBUG: Running signature "gandcrab_mutexes"
2020-09-11 14:07:53,740 [lib.cuckoo.core.plugins] DEBUG: Running signature "germanwiper_mutexes"
2020-09-11 14:07:53,740 [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_mutexes"
2020-09-11 14:07:53,740 [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_regkeys"
2020-09-11 14:07:53,741 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_message"
2020-09-11 14:07:53,741 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_message_multiple_locations"
2020-09-11 14:07:53,741 [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_mutexes"
2020-09-11 14:07:53,741 [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_network_activity"
2020-09-11 14:07:53,741 [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_note"
2020-09-11 14:07:53,741 [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_regkeys"
2020-09-11 14:07:53,742 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_radamant"
2020-09-11 14:07:53,742 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_recyclebin"
2020-09-11 14:07:53,742 [lib.cuckoo.core.plugins] DEBUG: Running signature "revil_mutexes"
2020-09-11 14:07:53,743 [lib.cuckoo.core.plugins] DEBUG: Running signature "satan_mutexes"
2020-09-11 14:07:53,743 [lib.cuckoo.core.plugins] DEBUG: Running signature "snake_ransom_mutexes"
2020-09-11 14:07:53,744 [lib.cuckoo.core.plugins] DEBUG: Running signature "Sodinokibi Behavior"
2020-09-11 14:07:53,744 [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransom_mutexes"
2020-09-11 14:07:53,744 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_beebus_mutexes"
2020-09-11 14:07:53,744 [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_apis"
2020-09-11 14:07:53,744 [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_mutexes"
2020-09-11 14:07:53,745 [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_network_activity"
2020-09-11 14:07:53,746 [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_registry_keys"
2020-09-11 14:07:53,746 [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_behavior"
2020-09-11 14:07:53,746 [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_files"
2020-09-11 14:07:53,746 [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_mutexes"
2020-09-11 14:07:53,747 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_fynloski_mutexes"
2020-09-11 14:07:53,747 [lib.cuckoo.core.plugins] DEBUG: Running signature "karagany_system_event_objects"
2020-09-11 14:07:53,747 [lib.cuckoo.core.plugins] DEBUG: Running signature "karagany_files"
2020-09-11 14:07:53,747 [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_mutexes"
2020-09-11 14:07:53,747 [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_regkeys"
2020-09-11 14:07:53,747 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_luminosity"
2020-09-11 14:07:53,748 [lib.cuckoo.core.plugins] DEBUG: Running signature "modirat_bheavior"
2020-09-11 14:07:53,752 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_nanocore"
2020-09-11 14:07:53,752 [lib.cuckoo.core.plugins] DEBUG: Running signature "NewtWire Behavior"
2020-09-11 14:07:53,752 [lib.cuckoo.core.plugins] DEBUG: Running signature "njrat_regkeys"
2020-09-11 14:07:53,752 [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_files"
2020-09-11 14:07:53,752 [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_mutexes"
2020-09-11 14:07:53,753 [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_network_activity"
2020-09-11 14:07:53,753 [lib.cuckoo.core.plugins] DEBUG: Running signature "OrcusRAT Behavior"
2020-09-11 14:07:53,753 [lib.cuckoo.core.plugins] DEBUG: Running signature "parallax_mutexes"
2020-09-11 14:07:53,753 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_pcclient"
2020-09-11 14:07:53,753 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_plugx_mutexes"
2020-09-11 14:07:53,753 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_poisonivy_mutexes"
2020-09-11 14:07:53,754 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_quasar_mutexes"
2020-09-11 14:07:53,754 [lib.cuckoo.core.plugins] DEBUG: Running signature "ratsnif_mutexes"
2020-09-11 14:07:53,754 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_spynet"
2020-09-11 14:07:53,754 [lib.cuckoo.core.plugins] DEBUG: Running signature "trochilusrat_APIs"
2020-09-11 14:07:53,754 [lib.cuckoo.core.plugins] DEBUG: Running signature "venomrat_mutexes"
2020-09-11 14:07:53,755 [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_files"
2020-09-11 14:07:53,755 [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_regkeys"
2020-09-11 14:07:53,755 [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_files"
2020-09-11 14:07:53,755 [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_mutexes"
2020-09-11 14:07:53,756 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_xtreme_mutexes"
2020-09-11 14:07:53,756 [lib.cuckoo.core.plugins] DEBUG: Running signature "reads_self"
2020-09-11 14:07:53,756 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_beacon"
2020-09-11 14:07:53,756 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_checkip"
2020-09-11 14:07:53,756 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_fingerprint"
2020-09-11 14:07:53,757 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_programs"
2020-09-11 14:07:53,757 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_systeminfo"
2020-09-11 14:07:53,757 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_recyclebin"
2020-09-11 14:07:53,757 [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_files"
2020-09-11 14:07:53,757 [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_mutexes"
2020-09-11 14:07:53,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_regkeys"
2020-09-11 14:07:53,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_rdp_clip"
2020-09-11 14:07:53,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_remote_desktop_session"
2020-09-11 14:07:53,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_zoneid_ads"
2020-09-11 14:07:53,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "script_created_process"
2020-09-11 14:07:53,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "script_network_activity"
2020-09-11 14:07:53,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_js_script"
2020-09-11 14:07:53,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "secure_login_phish"
2020-09-11 14:07:53,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "securityxploded_modules"
2020-09-11 14:07:53,759 [lib.cuckoo.core.plugins] DEBUG: Running signature "sets_autoconfig_url"
2020-09-11 14:07:53,759 [lib.cuckoo.core.plugins] DEBUG: Running signature "shifu_behavior"
2020-09-11 14:07:53,759 [lib.cuckoo.core.plugins] DEBUG: Running signature "sniffer_winpcap"
2020-09-11 14:07:53,759 [lib.cuckoo.core.plugins] DEBUG: Running signature "spoofs_procname"
2020-09-11 14:07:53,759 [lib.cuckoo.core.plugins] DEBUG: Running signature "spreading_autoruninf"
2020-09-11 14:07:53,759 [lib.cuckoo.core.plugins] DEBUG: Running signature "stack_pivot"
2020-09-11 14:07:53,759 [lib.cuckoo.core.plugins] DEBUG: Running signature "stack_pivot_file_created"
2020-09-11 14:07:53,759 [lib.cuckoo.core.plugins] DEBUG: Running signature "stack_pivot_process_create"
2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_authenticode"
2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "invalid_authenticode_signature"
2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_dotnet_anomaly"
2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_java"
2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pdf"
2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_anomaly"
2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "pe_compile_timestomping"
2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_pdbpath"
2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_rat_config"
2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_versioninfo_anomaly"
2020-09-11 14:07:53,761 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_childproc"
2020-09-11 14:07:53,761 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_file"
2020-09-11 14:07:53,761 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hidden_extension"
2020-09-11 14:07:53,761 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hiddenreg"
2020-09-11 14:07:53,761 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hide_notifications"
2020-09-11 14:07:53,762 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_network"
2020-09-11 14:07:53,762 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_timeout"
2020-09-11 14:07:53,762 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_webhistory"
2020-09-11 14:07:53,762 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_window"
2020-09-11 14:07:53,762 [lib.cuckoo.core.plugins] DEBUG: Running signature "suricata_alert"
2020-09-11 14:07:53,762 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "suricata_alert"
2020-09-11 14:07:53,763 [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_psexec"
2020-09-11 14:07:53,763 [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_tools"
2020-09-11 14:07:53,763 [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_etw"
2020-09-11 14:07:53,763 [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_powershell_logging"
2020-09-11 14:07:53,764 [lib.cuckoo.core.plugins] DEBUG: Running signature "targeted_flame"
2020-09-11 14:07:53,764 [lib.cuckoo.core.plugins] DEBUG: Running signature "territorial_disputes_sigs"
2020-09-11 14:07:53,766 [lib.cuckoo.core.plugins] DEBUG: Running signature "tinba_behavior"
2020-09-11 14:07:53,766 [lib.cuckoo.core.plugins] DEBUG: Running signature "TrickBotTaskDelete"
2020-09-11 14:07:53,766 [lib.cuckoo.core.plugins] DEBUG: Running signature "trickbot_mutex"
2020-09-11 14:07:53,766 [lib.cuckoo.core.plugins] DEBUG: Running signature "fleercivet_mutex"
2020-09-11 14:07:53,766 [lib.cuckoo.core.plugins] DEBUG: Running signature "lokibot_mutexes"
2020-09-11 14:07:53,767 [lib.cuckoo.core.plugins] DEBUG: Running signature "troldesh_behavior"
2020-09-11 14:07:53,767 [lib.cuckoo.core.plugins] DEBUG: Running signature "upatre_behavior"
2020-09-11 14:07:53,767 [lib.cuckoo.core.plugins] DEBUG: Running signature "ursnif_behavior"
2020-09-11 14:07:53,767 [lib.cuckoo.core.plugins] DEBUG: Running signature "user_enum"
2020-09-11 14:07:53,767 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_adfind"
2020-09-11 14:07:53,768 [lib.cuckoo.core.plugins] DEBUG: Running signature "vawtrak_behavior"
2020-09-11 14:07:53,768 [lib.cuckoo.core.plugins] DEBUG: Running signature "vawtrak_behavior"
2020-09-11 14:07:53,768 [lib.cuckoo.core.plugins] DEBUG: Running signature "virus"
2020-09-11 14:07:53,768 [lib.cuckoo.core.plugins] DEBUG: Running signature "neshta_files"
2020-09-11 14:07:53,768 [lib.cuckoo.core.plugins] DEBUG: Running signature "neshta_mutexes"
2020-09-11 14:07:53,768 [lib.cuckoo.core.plugins] DEBUG: Running signature "neshta_regkeys"
2020-09-11 14:07:53,768 [lib.cuckoo.core.plugins] DEBUG: Running signature "renamer_mutexes"
2020-09-11 14:07:53,768 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_devicetree_1"
2020-09-11 14:07:53,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_handles_1"
2020-09-11 14:07:53,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_1"
2020-09-11 14:07:53,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_2"
2020-09-11 14:07:53,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_1"
2020-09-11 14:07:53,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_2"
2020-09-11 14:07:53,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_modscan_1"
2020-09-11 14:07:53,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_1"
2020-09-11 14:07:53,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_2"
2020-09-11 14:07:53,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_3"
2020-09-11 14:07:53,770 [lib.cuckoo.core.plugins] DEBUG: Running signature "webmail_phish"
2020-09-11 14:07:53,770 [lib.cuckoo.core.plugins] DEBUG: Running signature "owa_web_shell_files"
2020-09-11 14:07:53,770 [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_files"
2020-09-11 14:07:53,770 [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_processes"
2020-09-11 14:07:53,770 [lib.cuckoo.core.plugins] DEBUG: Running signature "persists_dev_util"
2020-09-11 14:07:53,771 [lib.cuckoo.core.plugins] DEBUG: Running signature "spawns_dev_util"
2020-09-11 14:07:53,771 [lib.cuckoo.core.plugins] DEBUG: Running signature "whois_create"
2020-09-11 14:07:53,771 [lib.cuckoo.core.plugins] DEBUG: Running signature "alters_windows_utility"
2020-09-11 14:07:53,771 [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_csc_build"
2020-09-11 14:07:53,772 [lib.cuckoo.core.plugins] DEBUG: Running signature "multiple_explorer_instances"
2020-09-11 14:07:53,772 [lib.cuckoo.core.plugins] DEBUG: Running signature "overwrites_accessibility_utility"
2020-09-11 14:07:53,772 [lib.cuckoo.core.plugins] DEBUG: Running signature "script_tool_executed"
2020-09-11 14:07:53,772 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_certutil_use"
2020-09-11 14:07:53,772 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_command_tools"
2020-09-11 14:07:53,772 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_mpcmdrun_use"
2020-09-11 14:07:53,772 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_ping_use"
2020-09-11 14:07:53,772 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities"
2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_appcmd"
2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_csvde_ldifde"
2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_cipher"
2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_clickonce"
2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_dsquery"
2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_mode"
2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_ntdsutil"
2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_nltest"
2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_to_create_scheduled_task"
2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "wmic_command_suspicious"
2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "scrcons_wmi_script_consumer"
2020-09-11 14:07:53,774 [lib.cuckoo.core.plugins] DEBUG: Running signature "wmi_create_process"
2020-09-11 14:07:53,774 [lib.cuckoo.core.plugins] DEBUG: Running signature "wmi_script_process"
2020-09-11 14:07:53,774 [lib.cuckoo.core.plugins] DEBUG: Running signature "allaple_mutexes"
2020-09-11 14:07:53,777 [root] DEBUG: Deleting analysis data for Task 4
2020-09-11 14:07:53,783 [root] DEBUG: Deleted previous MongoDB data for Task 4
2020-09-11 14:07:53,788 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "BinGraph"
2020-09-11 14:07:53,788 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "Compression"
2020-09-11 14:07:53,789 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "JsonDump"
2020-09-11 14:07:53,871 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MITRE_TTPS"
2020-09-11 14:07:53,871 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "PCAP2CERT"
2020-09-11 14:07:53,885 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTML"
2020-09-11 14:07:54,233 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "SubmitCAPE"
2020-09-11 14:07:54,237 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MongoDB"
doomedraven
commented
4 years ago so as you can see you have all 340 signatures, that it doesn't match your stuff, means tht it didn't executed correctly or we don't have siganture for your need, you need to write it by yourself?
powerade661
commented
4 years ago That's my issue, it doesn't extract the file from the .eml. I keep having to extract it from the email myself and then throw it into CAPE because otherwise it won't execute. It only executes the .eml and not the attachment within it.
powerade661
commented
4 years ago Could it be that the file is a zip or rar inside of the email?
doomedraven
commented
4 years ago yep, then everything works as expected, it can be any type of archive inside, sflock will handle that, but we don't extract it for you, you are welcome to codoe that part of code ;)
powerade661
commented
4 years ago So just so I am clear on this, sflock will extract the zip from the email, but won't send it to CAPE?
doomedraven
commented
4 years ago no, sflock extract files froom zip or other archives, but you need to extract it, you can extend sflock to add support for emails
powerade661
commented
4 years ago Extend it as in add code to do that?
doomedraven
commented
4 years ago exactly
powerade661
commented
4 years ago So let's say hypothetically I come up with a script to do this, how would I incorporate this into CAPE to run when a .eml file is detected? And also how would I share it with the community for people to use assuming it worked flawlessly?
doomedraven
commented
4 years ago Integrate it to sflock, is super easy, the rest would b3 almost done, you have code how to parse eml/msg in my vt repo
El vie., 11 sept. 2020 16:46, powerade661 notifications@github.com escribió:
So let's say hypothetically I come up with a script to do this, how would I incorporate this into CAPE to run when a .eml file is detected? And also how would I share it with the community for people to use assuming it worked flawlessly?
— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/kevoreilly/CAPEv2/issues/266#issuecomment-691139204, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAOFH37AIBTJUDKCHCJSHWLSFIZ5JANCNFSM4RHLMRWQ .
This is opensource and you getting free support so be friendly!
Prerequisites
Please answer the following questions for yourself before submitting an issue.
Expected Behavior
Please describe the behavior you are expecting
It shows no warning
Current Behavior
What is the current behavior?
It shows a warning message saying WARNING: Missing Yara Directory: /opt/CAPEv2/data/yara/macro?
Steps to Reproduce
Please provide detailed steps for reproducing the issue.
Context
Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.
Failure Logs
Please include any relevant log snippets or files here.
Not really related, but thought I would ask about this too.
This is really what I am concerned about