Closed powerade661 closed 4 years ago
hello, thanks, execute community module, there was fixes those days for that Signature and other bugs, macro folder created in repo, do git pull
So I did git pull and executed the community module and I am still seeing the error message. Commit log Error message
lool that is github if folder is empty it removes it :D so i left empty file inside
LOL alright so that fixed that, but this is still there. Does this affect the functionality at all? I would assume so since signature is not defined, some things might not be parsed? I haven't looked at the code apart from the analyzer.py and made a modification to add pythonw.exe and pyw.exe so it was viewed as a protected process. (maybe a pull request? not asking just suggesting)
Lastly, does CAPE have the ability to parse emails and extract files from it? I can't seem to figure out what I am doing wrong; I even select the detect automatically package as well as the eml package and it still doesn't extract it. Any ideas?
Thank you for your help and quick responses.
that doesn't affect functionality, that just are community
modules and community sometime does errors ;) did you exec community.py
?
about emails, no there nothing right now for that, but you can easilly extend eml/msg package for that ;) or even better sflock https://github.com/doomedraven/sflock
I did execute community.py -waf to no avail. I will check out sflock, I saw it on a Twitter post. It integrates with CAPE I take it?
for sflock yes, reexec community i just fixed
ok now they really fixed, i will enforce flake8 checks on PRs, thanks for reporting
I executed community.py again or redownload sflock? It still looks like it's not working.
community, well without output of your execution of coommunity i can't say nthing + you need to restart process.py after community
Output from community
Also restarted process.py
Downloading modules from https://github.com/kevoreilly/community/archive/master.tar.gz
Installing FEEDS File "/opt/CAPEv2/modules/feeds/init.py" installed File "/opt/CAPEv2/modules/feeds/bad_ssl_certs.py" installed
Installing PROCESSING File "/opt/CAPEv2/modules/processing/init.py" installed File "/opt/CAPEv2/modules/processing/cif.py" installed
Installing SIGNATURES File "/opt/CAPEv2/modules/signatures/init.py" installed File "/opt/CAPEv2/modules/signatures/accesses_netlogon.py" installed File "/opt/CAPEv2/modules/signatures/accesses_sysvol.py" installed File "/opt/CAPEv2/modules/signatures/alphacrypt_apis.py" installed File "/opt/CAPEv2/modules/signatures/andromeda_apis.py" installed File "/opt/CAPEv2/modules/signatures/anomalous_deletefile.py" installed File "/opt/CAPEv2/modules/signatures/antianalysis_detectfile.py" installed File "/opt/CAPEv2/modules/signatures/antianalysis_detectreg.py" installed File "/opt/CAPEv2/modules/signatures/antiav_360_libs.py" installed File "/opt/CAPEv2/modules/signatures/antiav_ahnlab_libs.py" installed File "/opt/CAPEv2/modules/signatures/antiav_avast_libs.py" installed File "/opt/CAPEv2/modules/signatures/antiav_bitdefender_libs.py" installed File "/opt/CAPEv2/modules/signatures/antiav_bullgaurd_libs.py" installed File "/opt/CAPEv2/modules/signatures/antiav_bypass.py" installed File "/opt/CAPEv2/modules/signatures/antiav_detectfile.py" installed File "/opt/CAPEv2/modules/signatures/antiav_detectreg.py" installed File "/opt/CAPEv2/modules/signatures/antiav_emsisoft_libs.py" installed File "/opt/CAPEv2/modules/signatures/antiav_qurb_libs.py" installed File "/opt/CAPEv2/modules/signatures/antiav_servicestop.py" installed File "/opt/CAPEv2/modules/signatures/antiav_srp.py" installed File "/opt/CAPEv2/modules/signatures/antidbg_devices.py" installed File "/opt/CAPEv2/modules/signatures/antidbg_windows.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_addvectoredexceptionhandler.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_apioverride_libs.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_checkremotedebuggerpresent.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_debugactiveprocess.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_gettickcount.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_guardpages.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_ntcreatethreadex.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_nthookengine_libs.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_ntsetinformationthread.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_outputdebugstring.py" installed File "/opt/CAPEv2/modules/signatures/antidebug_setunhandledexceptionfilter.py" installed File "/opt/CAPEv2/modules/signatures/antiemu_wine.py" installed File "/opt/CAPEv2/modules/signatures/antiemu_wine_func.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_check_userdomain.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_cuckoo.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_cuckoo_files.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_cuckoocrash.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_fortinet_files.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_joe_anubis_files.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_mouse_hook.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_restart.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_sboxie_libs.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_sboxie_mutex.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_sboxie_objects.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_scripttimer.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_sleep.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_sunbelt_files.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_sunbelt_libs.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_suspend.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_threattrack_files.py" installed File "/opt/CAPEv2/modules/signatures/antisandbox_unhook.py" installed File "/opt/CAPEv2/modules/signatures/antivirus_virustotal.py" installed File "/opt/CAPEv2/modules/signatures/antivm_bochs_keys.py" installed File "/opt/CAPEv2/modules/signatures/antivm_dirobjects.py" installed File "/opt/CAPEv2/modules/signatures/antivm_generic_bios.py" installed File "/opt/CAPEv2/modules/signatures/antivm_generic_cpu.py" installed File "/opt/CAPEv2/modules/signatures/antivm_generic_disk.py" installed File "/opt/CAPEv2/modules/signatures/antivm_generic_disk_setupapi.py" installed File "/opt/CAPEv2/modules/signatures/antivm_generic_diskreg.py" installed File "/opt/CAPEv2/modules/signatures/antivm_generic_scsi.py" installed File "/opt/CAPEv2/modules/signatures/antivm_generic_services.py" installed File "/opt/CAPEv2/modules/signatures/antivm_generic_system.py" installed File "/opt/CAPEv2/modules/signatures/antivm_hyperv_keys.py" installed File "/opt/CAPEv2/modules/signatures/antivm_parallels_keys.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vbox_devices.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vbox_files.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vbox_keys.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vbox_libs.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vbox_provname.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vbox_window.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vmware_devices.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vmware_events.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vmware_files.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vmware_keys.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vmware_libs.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vmware_mutexes.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vpc_files.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vpc_keys.py" installed File "/opt/CAPEv2/modules/signatures/antivm_vpc_mutex.py" installed File "/opt/CAPEv2/modules/signatures/antivm_xen_keys.py" installed File "/opt/CAPEv2/modules/signatures/api_spamming.py" installed File "/opt/CAPEv2/modules/signatures/backdoor_ketrican_regkeys.py" installed File "/opt/CAPEv2/modules/signatures/backdoor_okrum_mutex.py" installed File "/opt/CAPEv2/modules/signatures/bad_certs.py" installed File "/opt/CAPEv2/modules/signatures/bad_ssl_certs.py" installed File "/opt/CAPEv2/modules/signatures/banker_cridex.py" installed File "/opt/CAPEv2/modules/signatures/banker_geodo.py" installed File "/opt/CAPEv2/modules/signatures/banker_prinimalka.py" installed File "/opt/CAPEv2/modules/signatures/banker_spyeye_mutex.py" installed File "/opt/CAPEv2/modules/signatures/banker_zeus_mutex.py" installed File "/opt/CAPEv2/modules/signatures/banker_zeus_p2p.py" installed File "/opt/CAPEv2/modules/signatures/banker_zeus_url.py" installed File "/opt/CAPEv2/modules/signatures/bcdedit_command.py" installed File "/opt/CAPEv2/modules/signatures/betabot_apis.py" installed File "/opt/CAPEv2/modules/signatures/bitcoin_opencl.py" installed File "/opt/CAPEv2/modules/signatures/bootkit.py" installed File "/opt/CAPEv2/modules/signatures/bot_athenahttp.py" installed File "/opt/CAPEv2/modules/signatures/bot_dirtjumper.py" installed File "/opt/CAPEv2/modules/signatures/bot_drive.py" installed File "/opt/CAPEv2/modules/signatures/bot_drive2.py" installed File "/opt/CAPEv2/modules/signatures/bot_madness.py" installed File "/opt/CAPEv2/modules/signatures/bot_russkill.py" installed File "/opt/CAPEv2/modules/signatures/browser_addon.py" installed File "/opt/CAPEv2/modules/signatures/browser_bho.py" installed File "/opt/CAPEv2/modules/signatures/browser_needed.py" installed File "/opt/CAPEv2/modules/signatures/browser_proxy.py" installed File "/opt/CAPEv2/modules/signatures/browser_scanbox.py" installed File "/opt/CAPEv2/modules/signatures/browser_security.py" installed File "/opt/CAPEv2/modules/signatures/browser_startpage.py" installed File "/opt/CAPEv2/modules/signatures/bypass_applocker.py" installed File "/opt/CAPEv2/modules/signatures/bypass_firewall.py" installed File "/opt/CAPEv2/modules/signatures/bypass_uac.py" installed File "/opt/CAPEv2/modules/signatures/carberp_mutex.py" installed File "/opt/CAPEv2/modules/signatures/cerber_apis.py" installed File "/opt/CAPEv2/modules/signatures/chimera_apis.py" installed File "/opt/CAPEv2/modules/signatures/clamav.py" installed File "/opt/CAPEv2/modules/signatures/clears_logs.py" installed File "/opt/CAPEv2/modules/signatures/clickfraud_cookies.py" installed File "/opt/CAPEv2/modules/signatures/clickfraud_volume.py" installed File "/opt/CAPEv2/modules/signatures/cmdline_anomaly.py" installed File "/opt/CAPEv2/modules/signatures/codelux_apis.py" installed File "/opt/CAPEv2/modules/signatures/collects_systeminfo_cmd.py" installed File "/opt/CAPEv2/modules/signatures/compile_dotnet_code.py" installed File "/opt/CAPEv2/modules/signatures/copies_self.py" installed File "/opt/CAPEv2/modules/signatures/creates_exe.py" installed File "/opt/CAPEv2/modules/signatures/creates_largekey.py" installed File "/opt/CAPEv2/modules/signatures/creates_nullvalue.py" installed File "/opt/CAPEv2/modules/signatures/credential_access.py" installed File "/opt/CAPEv2/modules/signatures/credential_dumping.py" installed File "/opt/CAPEv2/modules/signatures/critical_process.py" installed File "/opt/CAPEv2/modules/signatures/cryptomining.py" installed File "/opt/CAPEv2/modules/signatures/cryptopools.py" installed File "/opt/CAPEv2/modules/signatures/cryptowall_apis.py" installed File "/opt/CAPEv2/modules/signatures/cve_2014_6332.py" installed File "/opt/CAPEv2/modules/signatures/cve_2015_2419.py" installed File "/opt/CAPEv2/modules/signatures/cve_2016-0189.py" installed File "/opt/CAPEv2/modules/signatures/cve_2016_7200.py" installed File "/opt/CAPEv2/modules/signatures/cypherit_mutex.py" installed File "/opt/CAPEv2/modules/signatures/darkcomet_regkeys.py" installed File "/opt/CAPEv2/modules/signatures/dead_connect.py" installed File "/opt/CAPEv2/modules/signatures/dead_link.py" installed File "/opt/CAPEv2/modules/signatures/debugs_self.py" installed File "/opt/CAPEv2/modules/signatures/decoy_doc.py" installed File "/opt/CAPEv2/modules/signatures/decoy_image.py" installed File "/opt/CAPEv2/modules/signatures/deepfreeze_mutex.py" installed File "/opt/CAPEv2/modules/signatures/deletes_self.py" installed File "/opt/CAPEv2/modules/signatures/deletes_shadowcopies.py" installed File "/opt/CAPEv2/modules/signatures/deletes_system_backup.py" installed File "/opt/CAPEv2/modules/signatures/dep_bypass.py" installed File "/opt/CAPEv2/modules/signatures/dep_disable.py" installed File "/opt/CAPEv2/modules/signatures/disables_app.py" installed File "/opt/CAPEv2/modules/signatures/disables_backups.py" installed File "/opt/CAPEv2/modules/signatures/disables_browserwarn.py" installed File "/opt/CAPEv2/modules/signatures/disables_drives_autodisconnect.py" installed File "/opt/CAPEv2/modules/signatures/disables_event_logging.py" installed File "/opt/CAPEv2/modules/signatures/disables_folder_options.py" installed File "/opt/CAPEv2/modules/signatures/disables_notificationcenter.py" installed File "/opt/CAPEv2/modules/signatures/disables_run_command.py" installed File "/opt/CAPEv2/modules/signatures/disables_smartscreen.py" installed File "/opt/CAPEv2/modules/signatures/disables_spdy.py" installed File "/opt/CAPEv2/modules/signatures/disables_sysrestore.py" installed File "/opt/CAPEv2/modules/signatures/disables_uac.py" installed File "/opt/CAPEv2/modules/signatures/disables_wer.py" installed File "/opt/CAPEv2/modules/signatures/disables_wfp.py" installed File "/opt/CAPEv2/modules/signatures/disables_windefender.py" installed File "/opt/CAPEv2/modules/signatures/disables_windowsupdate.py" installed File "/opt/CAPEv2/modules/signatures/disables_winfirewall.py" installed File "/opt/CAPEv2/modules/signatures/downloader_andromut_mutex.py" installed File "/opt/CAPEv2/modules/signatures/downloader_cabby.py" installed File "/opt/CAPEv2/modules/signatures/downloader_guloader.py" installed File "/opt/CAPEv2/modules/signatures/downloader_phorpiex_mutex.py" installed File "/opt/CAPEv2/modules/signatures/downloader_protonbot_mutex.py" installed File "/opt/CAPEv2/modules/signatures/dridex_apis.py" installed File "/opt/CAPEv2/modules/signatures/driver_load.py" installed File "/opt/CAPEv2/modules/signatures/dropper.py" installed File "/opt/CAPEv2/modules/signatures/dropper_js.py" installed File "/opt/CAPEv2/modules/signatures/dynamic_function_loading.py" installed File "/opt/CAPEv2/modules/signatures/dyre_apis.py" installed File "/opt/CAPEv2/modules/signatures/ek_angler.py" installed File "/opt/CAPEv2/modules/signatures/ek_gondad.py" installed File "/opt/CAPEv2/modules/signatures/ek_heapsray.py" installed File "/opt/CAPEv2/modules/signatures/ek_javaapplet.py" installed File "/opt/CAPEv2/modules/signatures/ek_neutrino.py" installed File "/opt/CAPEv2/modules/signatures/ek_nuclear.py" installed File "/opt/CAPEv2/modules/signatures/ek_rig.py" installed File "/opt/CAPEv2/modules/signatures/ek_silverlight.py" installed File "/opt/CAPEv2/modules/signatures/ek_sundown.py" installed File "/opt/CAPEv2/modules/signatures/ek_virtualcheck.py" installed File "/opt/CAPEv2/modules/signatures/encrypted_ioc.py" installed File "/opt/CAPEv2/modules/signatures/excel4_macro_urls.py" installed File "/opt/CAPEv2/modules/signatures/exec_crash.py" installed File "/opt/CAPEv2/modules/signatures/execution_suspicious.py" installed File "/opt/CAPEv2/modules/signatures/exploit_getbasekerneladdress.py" installed File "/opt/CAPEv2/modules/signatures/exploit_gethaldispatchtable.py" installed File "/opt/CAPEv2/modules/signatures/exploit_heapspray.py" installed File "/opt/CAPEv2/modules/signatures/exploitation_framework_koadic.py" installed File "/opt/CAPEv2/modules/signatures/family_proxyback.py" installed File "/opt/CAPEv2/modules/signatures/forces_mappeddrives_uac.py" installed File "/opt/CAPEv2/modules/signatures/generic_metrics.py" installed File "/opt/CAPEv2/modules/signatures/generic_phish.py" installed File "/opt/CAPEv2/modules/signatures/gootkit_apis.py" installed File "/opt/CAPEv2/modules/signatures/h1n1_apis.py" installed File "/opt/CAPEv2/modules/signatures/hancitor_apis.py" installed File "/opt/CAPEv2/modules/signatures/hawkeye_apis.py" installed File "/opt/CAPEv2/modules/signatures/http_request.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_arkei.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_azorult_mutex.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_bitcoin.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_browser.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_browser_password.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_ftp.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_im.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_keylog.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_mail.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_masslogger.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_purplewave.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_qulab.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_raccoon.py" installed File "/opt/CAPEv2/modules/signatures/infostealer_vidar.py" installed File "/opt/CAPEv2/modules/signatures/injection_createremotethread.py" installed File "/opt/CAPEv2/modules/signatures/injection_explorer.py" installed File "/opt/CAPEv2/modules/signatures/injection_needextension.py" installed File "/opt/CAPEv2/modules/signatures/injection_network.py" installed File "/opt/CAPEv2/modules/signatures/injection_runpe.py" installed File "/opt/CAPEv2/modules/signatures/injection_rwx.py" installed File "/opt/CAPEv2/modules/signatures/injection_themeinitapihook.py" installed File "/opt/CAPEv2/modules/signatures/internet_dropper.py" installed File "/opt/CAPEv2/modules/signatures/ipc_namedpipe.py" installed File "/opt/CAPEv2/modules/signatures/ispy_apis.py" installed File "/opt/CAPEv2/modules/signatures/js_phish.py" installed File "/opt/CAPEv2/modules/signatures/js_suspicious_redirect.py" installed File "/opt/CAPEv2/modules/signatures/kazybot_apis.py" installed File "/opt/CAPEv2/modules/signatures/kelihos_apis.py" installed File "/opt/CAPEv2/modules/signatures/kibex_apis.py" installed File "/opt/CAPEv2/modules/signatures/kovter_apis.py" installed File "/opt/CAPEv2/modules/signatures/kraken_mutex.py" installed File "/opt/CAPEv2/modules/signatures/locker_regedit.py" installed File "/opt/CAPEv2/modules/signatures/locker_taskmgr.py" installed File "/opt/CAPEv2/modules/signatures/locky_apis.py" installed File "/opt/CAPEv2/modules/signatures/malicious_dynamic_function_loading.py" installed File "/opt/CAPEv2/modules/signatures/malware_data_encryption.py" installed File "/opt/CAPEv2/modules/signatures/martians_ie.py" installed File "/opt/CAPEv2/modules/signatures/martians_office.py" installed File "/opt/CAPEv2/modules/signatures/mimics_agent.py" installed File "/opt/CAPEv2/modules/signatures/mimics_filename.py" installed File "/opt/CAPEv2/modules/signatures/mimics_filetime.py" installed File "/opt/CAPEv2/modules/signatures/mimics_icon.py" installed File "/opt/CAPEv2/modules/signatures/mimics_processname.py" installed File "/opt/CAPEv2/modules/signatures/mimikatz_modules.py" installed File "/opt/CAPEv2/modules/signatures/modifies_certs.py" installed File "/opt/CAPEv2/modules/signatures/modifies_hostsfile.py" installed File "/opt/CAPEv2/modules/signatures/modifies_seccenter.py" installed File "/opt/CAPEv2/modules/signatures/modifies_uac_notify.py" installed File "/opt/CAPEv2/modules/signatures/modifies_wallpaper.py" installed File "/opt/CAPEv2/modules/signatures/move_file_on_reboot.py" installed File "/opt/CAPEv2/modules/signatures/multiple_ua.py" installed File "/opt/CAPEv2/modules/signatures/network_anomaly.py" installed File "/opt/CAPEv2/modules/signatures/network_bind.py" installed File "/opt/CAPEv2/modules/signatures/network_cnc_generic.py" installed File "/opt/CAPEv2/modules/signatures/network_cnc_http.py" installed File "/opt/CAPEv2/modules/signatures/network_dga.py" installed File "/opt/CAPEv2/modules/signatures/network_dns_suspicious.py" installed File "/opt/CAPEv2/modules/signatures/network_docfile_http.py" installed File "/opt/CAPEv2/modules/signatures/network_encrypts_single_packet.py" installed File "/opt/CAPEv2/modules/signatures/network_excessive_udp.py" installed File "/opt/CAPEv2/modules/signatures/network_explorer.py" installed File "/opt/CAPEv2/modules/signatures/network_http.py" installed File "/opt/CAPEv2/modules/signatures/network_icmp.py" installed File "/opt/CAPEv2/modules/signatures/network_irc.py" installed File "/opt/CAPEv2/modules/signatures/network_smtp.py" installed File "/opt/CAPEv2/modules/signatures/network_temp_file_storage.py" installed File "/opt/CAPEv2/modules/signatures/network_tor.py" installed File "/opt/CAPEv2/modules/signatures/network_tor_service.py" installed File "/opt/CAPEv2/modules/signatures/network_torgateway.py" installed File "/opt/CAPEv2/modules/signatures/nymaim_apis.py" installed File "/opt/CAPEv2/modules/signatures/office_codepage.py" installed File "/opt/CAPEv2/modules/signatures/office_dll_loading.py" installed File "/opt/CAPEv2/modules/signatures/office_exploit.py" installed File "/opt/CAPEv2/modules/signatures/office_macro.py" installed File "/opt/CAPEv2/modules/signatures/office_macro_suspicious.py" installed File "/opt/CAPEv2/modules/signatures/office_rtf.py" installed File "/opt/CAPEv2/modules/signatures/office_security.py" installed File "/opt/CAPEv2/modules/signatures/office_suspicious.py" installed File "/opt/CAPEv2/modules/signatures/office_suspicious_process.py" installed File "/opt/CAPEv2/modules/signatures/office_write_exe.py" installed File "/opt/CAPEv2/modules/signatures/origin_langid.py" installed File "/opt/CAPEv2/modules/signatures/origin_resource_langid.py" installed File "/opt/CAPEv2/modules/signatures/packer_anomaly.py" installed File "/opt/CAPEv2/modules/signatures/packer_armadillo_mutex.py" installed File "/opt/CAPEv2/modules/signatures/packer_armadillo_regkey.py" installed File "/opt/CAPEv2/modules/signatures/packer_aspack.py" installed File "/opt/CAPEv2/modules/signatures/packer_aspirecrypt.py" installed File "/opt/CAPEv2/modules/signatures/packer_bedsprotector.py" installed File "/opt/CAPEv2/modules/signatures/packer_confuser.py" installed File "/opt/CAPEv2/modules/signatures/packer_enigma.py" installed File "/opt/CAPEv2/modules/signatures/packer_entropy.py" installed File "/opt/CAPEv2/modules/signatures/packer_mpress.py" installed File "/opt/CAPEv2/modules/signatures/packer_nate.py" installed File "/opt/CAPEv2/modules/signatures/packer_nspack.py" installed File "/opt/CAPEv2/modules/signatures/packer_smartassembly.py" installed File "/opt/CAPEv2/modules/signatures/packer_spices.py" installed File "/opt/CAPEv2/modules/signatures/packer_themida.py" installed File "/opt/CAPEv2/modules/signatures/packer_titan.py" installed File "/opt/CAPEv2/modules/signatures/packer_upx.py" installed File "/opt/CAPEv2/modules/signatures/packer_vmprotect.py" installed File "/opt/CAPEv2/modules/signatures/packer_yoda.py" installed File "/opt/CAPEv2/modules/signatures/pdf_annot_urls.py" installed File "/opt/CAPEv2/modules/signatures/persistence_ads.py" installed File "/opt/CAPEv2/modules/signatures/persistence_autorun.py" installed File "/opt/CAPEv2/modules/signatures/persistence_bootexecute.py" installed File "/opt/CAPEv2/modules/signatures/persistence_fileless.py" installed File "/opt/CAPEv2/modules/signatures/persistence_ifeo.py" installed File "/opt/CAPEv2/modules/signatures/persistence_remotedesktop.py" installed File "/opt/CAPEv2/modules/signatures/persistence_service.py" installed File "/opt/CAPEv2/modules/signatures/persistence_shim.py" installed File "/opt/CAPEv2/modules/signatures/polymorphic.py" installed File "/opt/CAPEv2/modules/signatures/pony_apis.py" installed File "/opt/CAPEv2/modules/signatures/powerpool_mutex.py" installed File "/opt/CAPEv2/modules/signatures/powershell_command.py" installed File "/opt/CAPEv2/modules/signatures/ppp_pcre.py" installed File "/opt/CAPEv2/modules/signatures/prevents_safeboot.py" installed File "/opt/CAPEv2/modules/signatures/process_interest.py" installed File "/opt/CAPEv2/modules/signatures/process_needed.py" installed File "/opt/CAPEv2/modules/signatures/procmem_yara.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_crypto.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_cryptomix.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_dharma.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_dmalocker.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_fileextensions.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_filemodifications.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_files.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_fonix_mutex.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_gandcrab.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_germanwiper.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_medusalocker.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_message.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_nemty.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_radamant.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_recyclebin.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_revil_mutex.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_satan_mutex.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_snake_mutex.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_sodinokibi.py" installed File "/opt/CAPEv2/modules/signatures/ransomware_stop.py" installed File "/opt/CAPEv2/modules/signatures/rat_beebus_mutex.py" installed File "/opt/CAPEv2/modules/signatures/rat_blackremote.py" installed File "/opt/CAPEv2/modules/signatures/rat_dcrat.py" installed File "/opt/CAPEv2/modules/signatures/rat_fynloski_mutex.py" installed File "/opt/CAPEv2/modules/signatures/rat_karagany.py" installed File "/opt/CAPEv2/modules/signatures/rat_limerat.py" installed File "/opt/CAPEv2/modules/signatures/rat_luminosity.py" installed File "/opt/CAPEv2/modules/signatures/rat_modi.py" installed File "/opt/CAPEv2/modules/signatures/rat_nanocore.py" installed File "/opt/CAPEv2/modules/signatures/rat_netwire.py" installed File "/opt/CAPEv2/modules/signatures/rat_njrat_regkeys.py" installed File "/opt/CAPEv2/modules/signatures/rat_oblique.py" installed File "/opt/CAPEv2/modules/signatures/rat_orcus.py" installed File "/opt/CAPEv2/modules/signatures/rat_parallax_mutex.py" installed File "/opt/CAPEv2/modules/signatures/rat_pcclient.py" installed File "/opt/CAPEv2/modules/signatures/rat_plugx_mutex.py" installed File "/opt/CAPEv2/modules/signatures/rat_poisonivy.py" installed File "/opt/CAPEv2/modules/signatures/rat_quasar.py" installed File "/opt/CAPEv2/modules/signatures/rat_ratsnif_mutex.py" installed File "/opt/CAPEv2/modules/signatures/rat_spynet.py" installed File "/opt/CAPEv2/modules/signatures/rat_trochilus.py" installed File "/opt/CAPEv2/modules/signatures/rat_venom.py" installed File "/opt/CAPEv2/modules/signatures/rat_warzone.py" installed File "/opt/CAPEv2/modules/signatures/rat_xpert.py" installed File "/opt/CAPEv2/modules/signatures/rat_xtreme_mutex.py" installed File "/opt/CAPEv2/modules/signatures/reads_self.py" installed File "/opt/CAPEv2/modules/signatures/recon_beacon.py" installed File "/opt/CAPEv2/modules/signatures/recon_checkip.py" installed File "/opt/CAPEv2/modules/signatures/recon_fingerprint.py" installed File "/opt/CAPEv2/modules/signatures/recon_programs.py" installed File "/opt/CAPEv2/modules/signatures/recon_systeminfo.py" installed File "/opt/CAPEv2/modules/signatures/recyclebin_access.py" installed File "/opt/CAPEv2/modules/signatures/remcos.py" installed File "/opt/CAPEv2/modules/signatures/remote_desktop.py" installed File "/opt/CAPEv2/modules/signatures/removes_zoneid_ads.py" installed File "/opt/CAPEv2/modules/signatures/script_downloader.py" installed File "/opt/CAPEv2/modules/signatures/secure_login_phish.py" installed File "/opt/CAPEv2/modules/signatures/securityxploded_modules.py" installed File "/opt/CAPEv2/modules/signatures/setsautoconfigurl.py" installed File "/opt/CAPEv2/modules/signatures/shifu_apis.py" installed File "/opt/CAPEv2/modules/signatures/sniffer_winpcap.py" installed File "/opt/CAPEv2/modules/signatures/spoofs_procname.py" installed File "/opt/CAPEv2/modules/signatures/spreading_autoruninf.py" installed File "/opt/CAPEv2/modules/signatures/stack_pivot.py" installed File "/opt/CAPEv2/modules/signatures/static_authenticode.py" installed File "/opt/CAPEv2/modules/signatures/static_dotnet_anomaly.py" installed File "/opt/CAPEv2/modules/signatures/static_java.py" installed File "/opt/CAPEv2/modules/signatures/static_pdf.py" installed File "/opt/CAPEv2/modules/signatures/static_pe_anomaly.py" installed File "/opt/CAPEv2/modules/signatures/static_rat_config.py" installed File "/opt/CAPEv2/modules/signatures/static_versioninfo_anomaly.py" installed File "/opt/CAPEv2/modules/signatures/stealth_childproc.py" installed File "/opt/CAPEv2/modules/signatures/stealth_file.py" installed File "/opt/CAPEv2/modules/signatures/stealth_hiddenextension.py" installed File "/opt/CAPEv2/modules/signatures/stealth_hiddenreg.py" installed File "/opt/CAPEv2/modules/signatures/stealth_hidenotifications.py" installed File "/opt/CAPEv2/modules/signatures/stealth_network.py" installed File "/opt/CAPEv2/modules/signatures/stealth_timelimit.py" installed File "/opt/CAPEv2/modules/signatures/stealth_webhistory.py" installed File "/opt/CAPEv2/modules/signatures/stealth_window.py" installed File "/opt/CAPEv2/modules/signatures/suricata_alert.py" installed File "/opt/CAPEv2/modules/signatures/sysinternals.py" installed File "/opt/CAPEv2/modules/signatures/tampers_etw.py" installed File "/opt/CAPEv2/modules/signatures/tampers_powershell_logging.py" installed File "/opt/CAPEv2/modules/signatures/targeted_flame.py" installed File "/opt/CAPEv2/modules/signatures/territorial_disputes_sigs.py" installed File "/opt/CAPEv2/modules/signatures/tinba_apis.py" installed File "/opt/CAPEv2/modules/signatures/trickbot_files.py" installed File "/opt/CAPEv2/modules/signatures/trickbot_mutex.py" installed File "/opt/CAPEv2/modules/signatures/trojan_fleercivet_mutex.py" installed File "/opt/CAPEv2/modules/signatures/trojan_lokibot_mutex.py" installed File "/opt/CAPEv2/modules/signatures/troldesh_apis.py" installed File "/opt/CAPEv2/modules/signatures/upatre_apis.py" installed File "/opt/CAPEv2/modules/signatures/ursnif_apis.py" installed File "/opt/CAPEv2/modules/signatures/user_enum.py" installed File "/opt/CAPEv2/modules/signatures/uses_adfind.py" installed File "/opt/CAPEv2/modules/signatures/vawtrak_apis.py" installed File "/opt/CAPEv2/modules/signatures/vawtrak_dll_apis.py" installed File "/opt/CAPEv2/modules/signatures/virus.py" installed File "/opt/CAPEv2/modules/signatures/virus_neshta.py" installed File "/opt/CAPEv2/modules/signatures/virus_renamer_mutex.py" installed File "/opt/CAPEv2/modules/signatures/volatility_sig.py" installed File "/opt/CAPEv2/modules/signatures/webmail_phish.py" installed File "/opt/CAPEv2/modules/signatures/webshell.py" installed File "/opt/CAPEv2/modules/signatures/whitelisting_bypass_dev_utils.py" installed File "/opt/CAPEv2/modules/signatures/whois_create.py" installed File "/opt/CAPEv2/modules/signatures/windows_utilities.py" installed File "/opt/CAPEv2/modules/signatures/wmi.py" installed File "/opt/CAPEv2/modules/signatures/worm_allaple_mutex.py" installed
Installing REPORTING File "/opt/CAPEv2/modules/reporting/init.py" installed File "/opt/CAPEv2/modules/reporting/elasticsearchdb.py" installed File "/opt/CAPEv2/modules/reporting/malheur.py" installed File "/opt/CAPEv2/modules/reporting/moloch.py" installed File "/opt/CAPEv2/modules/reporting/pcap2cert.py" installed
Installing MACHINERY File "/opt/CAPEv2/modules/machinery/init.py" installed File "/opt/CAPEv2/modules/machinery/aws.py" installed File "/opt/CAPEv2/modules/machinery/kvmremote.py" installed File "/opt/CAPEv2/modules/machinery/physical.py" installed
Installing ANALYZER File "/opt/CAPEv2/analyzer/windows/bin/Procmon.exe" installed File "/opt/CAPEv2/analyzer/windows/bin/procmon.pmc" installed File "/opt/CAPEv2/analyzer/windows/modules/auxiliary/procmon.py" installed File "/opt/CAPEv2/analyzer/windows/modules/auxiliary/sysmon.py" installed
Installing DATA File "/opt/CAPEv2/data/malpedia.json" installed File "/opt/CAPEv2/data/malpedia.py" installed File "/opt/CAPEv2/data/mitre_attack.json" installed File "/opt/CAPEv2/data/peutils/UserDB.TXT" installed File "/opt/CAPEv2/data/procyon.jar" installed File "/opt/CAPEv2/data/readme.md" installed File "/opt/CAPEv2/data/trid/trid" installed File "/opt/CAPEv2/data/trid/triddefs.trd" installed File "/opt/CAPEv2/data/trid/tridupdate.py" installed File "/opt/CAPEv2/data/yara/CAPE/AAR.yar" installed File "/opt/CAPEv2/data/yara/CAPE/AcidRain.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Adfind.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Adzok.yar" installed File "/opt/CAPEv2/data/yara/CAPE/AgentTeslaV2.yar" installed File "/opt/CAPEv2/data/yara/CAPE/AlienSpy.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Amadey.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Ap0calypse.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Arcom.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Aspire.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Aurora.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Avaddon.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Avalon.yar" installed File "/opt/CAPEv2/data/yara/CAPE/BACKSPACE.yar" installed File "/opt/CAPEv2/data/yara/CAPE/BackNet.yar" installed File "/opt/CAPEv2/data/yara/CAPE/BackOffLoader.yar" installed File "/opt/CAPEv2/data/yara/CAPE/BackOffPOS.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Baldr.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Bandook.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Bazar.yar" installed File "/opt/CAPEv2/data/yara/CAPE/BitterRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/BlackNix.yar" installed File "/opt/CAPEv2/data/yara/CAPE/BlackShades.yar" installed File "/opt/CAPEv2/data/yara/CAPE/BlackshadesRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/BlueBanana.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Bozok.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Buran.yar" installed File "/opt/CAPEv2/data/yara/CAPE/ChChes.yar" installed File "/opt/CAPEv2/data/yara/CAPE/ChaChaDDoS.yar" installed File "/opt/CAPEv2/data/yara/CAPE/ClientMesh.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Confucius_B.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Cotx_RAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/CryptoStealerGo.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Cutlet.yar" installed File "/opt/CAPEv2/data/yara/CAPE/CyberGate.yar" installed File "/opt/CAPEv2/data/yara/CAPE/DCRat.yar" installed File "/opt/CAPEv2/data/yara/CAPE/DTstealer.yar" installed File "/opt/CAPEv2/data/yara/CAPE/DarkComet.yar" installed File "/opt/CAPEv2/data/yara/CAPE/DarkRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Dridex.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Echelon.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Ekans.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Enfal.yar" installed File "/opt/CAPEv2/data/yara/CAPE/EnigmaStub.yar" installed File "/opt/CAPEv2/data/yara/CAPE/EvilGrab.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Exaramel.yar" installed File "/opt/CAPEv2/data/yara/CAPE/FakeWMI.yar" installed File "/opt/CAPEv2/data/yara/CAPE/FirebirdRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Formbook.yar" installed File "/opt/CAPEv2/data/yara/CAPE/GetCrypt.yar" installed File "/opt/CAPEv2/data/yara/CAPE/GoldenAxe.yar" installed File "/opt/CAPEv2/data/yara/CAPE/GoldenSpy.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Greame.yar" installed File "/opt/CAPEv2/data/yara/CAPE/GuLoader.yar" installed File "/opt/CAPEv2/data/yara/CAPE/HawkEye.yar" installed File "/opt/CAPEv2/data/yara/CAPE/HawkEyev9.yar" installed File "/opt/CAPEv2/data/yara/CAPE/HiddenVNC.yar" installed File "/opt/CAPEv2/data/yara/CAPE/HiddenWasp.yar" installed File "/opt/CAPEv2/data/yara/CAPE/HttpBrowser.yar" installed File "/opt/CAPEv2/data/yara/CAPE/ISRStealer.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Impacket.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Infinity.yar" installed File "/opt/CAPEv2/data/yara/CAPE/JavaDropper.yar" installed File "/opt/CAPEv2/data/yara/CAPE/JoeGo.yar" installed File "/opt/CAPEv2/data/yara/CAPE/KPortScan.yar" installed File "/opt/CAPEv2/data/yara/CAPE/KeyBase.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Kinsing.yar" installed File "/opt/CAPEv2/data/yara/CAPE/KoadicBAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/KoadicDOC.yar" installed File "/opt/CAPEv2/data/yara/CAPE/KoadicJS.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Konni.yar" installed File "/opt/CAPEv2/data/yara/CAPE/LaZagne.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Laturo.yar" installed File "/opt/CAPEv2/data/yara/CAPE/LimeRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/LostDoor.yar" installed File "/opt/CAPEv2/data/yara/CAPE/LuminosityLink.yar" installed File "/opt/CAPEv2/data/yara/CAPE/LuxNet.yar" installed File "/opt/CAPEv2/data/yara/CAPE/M00nD3v.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Mangzamel.yar" installed File "/opt/CAPEv2/data/yara/CAPE/MassLogger.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Maze.yar" installed File "/opt/CAPEv2/data/yara/CAPE/MedusaLocker.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Megumin.yar" installed File "/opt/CAPEv2/data/yara/CAPE/MoDiRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/NETEAGLE.yar" installed File "/opt/CAPEv2/data/yara/CAPE/NLBrute.yar" installed File "/opt/CAPEv2/data/yara/CAPE/NanoCore.yar" installed File "/opt/CAPEv2/data/yara/CAPE/NetWire.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Netwalker.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Nymaim.yar" installed File "/opt/CAPEv2/data/yara/CAPE/ObliqueRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Orion.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Pandora.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Paradox.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Parallax.yar" installed File "/opt/CAPEv2/data/yara/CAPE/PatchWork.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Phoenix.yar" installed File "/opt/CAPEv2/data/yara/CAPE/PillowMint.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Plasma.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Plurox.yar" installed File "/opt/CAPEv2/data/yara/CAPE/PoisonIvy.yar" installed File "/opt/CAPEv2/data/yara/CAPE/PowerPool.yar" installed File "/opt/CAPEv2/data/yara/CAPE/PredatorPain.yar" installed File "/opt/CAPEv2/data/yara/CAPE/ProLock.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Punisher.yar" installed File "/opt/CAPEv2/data/yara/CAPE/PurpleWave.yar" installed File "/opt/CAPEv2/data/yara/CAPE/PyInstaller.yar" installed File "/opt/CAPEv2/data/yara/CAPE/PythoRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/QRat.yar" installed File "/opt/CAPEv2/data/yara/CAPE/QuasarRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Qulab.yar" installed File "/opt/CAPEv2/data/yara/CAPE/RDPWrap.yar" installed File "/opt/CAPEv2/data/yara/CAPE/REvil.yar" installed File "/opt/CAPEv2/data/yara/CAPE/RHttpCtrl.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Racoon.yar" installed File "/opt/CAPEv2/data/yara/CAPE/RagnarLocker.yar" installed File "/opt/CAPEv2/data/yara/CAPE/RedLeaf.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Redsip.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Responder.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Retefe.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Rietspoof.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Robbinhood.yar" installed File "/opt/CAPEv2/data/yara/CAPE/S05Kitty.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Sakula.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Sfile.yar" installed File "/opt/CAPEv2/data/yara/CAPE/ShadowTech.yar" installed File "/opt/CAPEv2/data/yara/CAPE/SmallNet.yar" installed File "/opt/CAPEv2/data/yara/CAPE/SmokeLoader.yar" installed File "/opt/CAPEv2/data/yara/CAPE/SpyGate.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Sub7Nation.yar" installed File "/opt/CAPEv2/data/yara/CAPE/T5000.yar" installed File "/opt/CAPEv2/data/yara/CAPE/TAIDOOR.yar" installed File "/opt/CAPEv2/data/yara/CAPE/TJKeylogger.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Tefosteal.yar" installed File "/opt/CAPEv2/data/yara/CAPE/TreasureHunter.yar" installed File "/opt/CAPEv2/data/yara/CAPE/UPX.yar" installed File "/opt/CAPEv2/data/yara/CAPE/VMProtectStub.yar" installed File "/opt/CAPEv2/data/yara/CAPE/VSSDestroy.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Vertex.yar" installed File "/opt/CAPEv2/data/yara/CAPE/VirusRat.yar" installed File "/opt/CAPEv2/data/yara/CAPE/W1RAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/WarzoneRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/WellMess.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Windows_Credentials_Editor.yar" installed File "/opt/CAPEv2/data/yara/CAPE/XiaoBa.yar" installed File "/opt/CAPEv2/data/yara/CAPE/XpertRAT.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Xtreme.yar" installed File "/opt/CAPEv2/data/yara/CAPE/Zeppelin.yar" installed File "/opt/CAPEv2/data/yara/CAPE/adWind.yar" installed File "/opt/CAPEv2/data/yara/CAPE/jRat.yar" installed File "/opt/CAPEv2/data/yara/CAPE/kiwi_passwords.yar" installed File "/opt/CAPEv2/data/yara/CAPE/njRat.yar" installed File "/opt/CAPEv2/data/yara/CAPE/unrecom.yar" installed File "/opt/CAPEv2/data/yara/CAPE/xRAT.yar" installed File "/opt/CAPEv2/data/yara/binaries/Generic_Phishing_PDF.yar" installed File "/opt/CAPEv2/data/yara/binaries/HeavensGate.yar" installed File "/opt/CAPEv2/data/yara/binaries/LNK_Ruleset.yar" installed File "/opt/CAPEv2/data/yara/binaries/OLEfile_in_CAD_FAS_LSP.yar" installed File "/opt/CAPEv2/data/yara/binaries/Webshell_in_image.yar" installed File "/opt/CAPEv2/data/yara/binaries/embedded.yar" installed File "/opt/CAPEv2/data/yara/binaries/shellcodes.yar" installed File "/opt/CAPEv2/data/yara/binaries/vmdetect.yar" installed File "/opt/CAPEv2/data/yara/memory/Exploit_HT_Flash_Vars.yar" installed File "/opt/CAPEv2/data/yara/memory/Exploit_HT_VRename.yar" installed File "/opt/CAPEv2/data/yara/memory/adgholas.yar" installed File "/opt/CAPEv2/data/yara/memory/angler.yar" installed File "/opt/CAPEv2/data/yara/memory/astrum.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2013_2551.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2014_0515.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2014_0569.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2014_6332.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2015_0016.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2015_2419.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2015_2545.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2015_5122.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2016_0189.yar" installed File "/opt/CAPEv2/data/yara/memory/cve_2016_3298.yar" installed File "/opt/CAPEv2/data/yara/memory/darkcomet.yar" installed File "/opt/CAPEv2/data/yara/memory/dridex.yar" installed File "/opt/CAPEv2/data/yara/memory/dyre.yar" installed File "/opt/CAPEv2/data/yara/memory/eitest.yar" installed File "/opt/CAPEv2/data/yara/memory/flash_exploits.yar" installed File "/opt/CAPEv2/data/yara/memory/kazybot.yar" installed File "/opt/CAPEv2/data/yara/memory/neutrino.yar" installed File "/opt/CAPEv2/data/yara/memory/nuclear.yar" installed File "/opt/CAPEv2/data/yara/memory/rig.yar" installed File "/opt/CAPEv2/data/yara/memory/shellcodes.yar" installed File "/opt/CAPEv2/data/yara/memory/sundown.yar" installed
so just restart process to pick the changes, and you can reprocess the job with python3 process.py -r ID_HERE
So I tried that it and it doesn't restart the report, this is what happens. Tried with different switches as well.
try -r 4 -d
Output for that, I copy and pasted as HTML for easy reading
pywin32 is not installed (only is required if you want to use MS Excel) 2020-09-11 14:07:47,951 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "CAPE" on analysis at "/opt/CAPEv2/storage/analyses/4" 2020-09-11 14:07:47,988 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "AnalysisInfo" on analysis at "/opt/CAPEv2/storage/analyses/4" 2020-09-11 14:07:48,003 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "BehaviorAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/4" 2020-09-11 14:07:48,003 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Curtain" on analysis at "/opt/CAPEv2/storage/analyses/4" 2020-09-11 14:07:48,004 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Debug" on analysis at "/opt/CAPEv2/storage/analyses/4" 2020-09-11 14:07:48,005 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Deduplicate" on analysis at "/opt/CAPEv2/storage/analyses/4" 2020-09-11 14:07:48,129 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Dropped" on analysis at "/opt/CAPEv2/storage/analyses/4" 2020-09-11 14:07:48,130 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "NetworkAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/4" 2020-09-11 14:07:48,275 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "ProcDump" on analysis at "/opt/CAPEv2/storage/analyses/4" 2020-09-11 14:07:48,276 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Static" on analysis at "/opt/CAPEv2/storage/analyses/4" 2020-09-11 14:07:48,284 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Strings" on analysis at "/opt/CAPEv2/storage/analyses/4" 2020-09-11 14:07:48,306 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Suricata" on analysis at "/opt/CAPEv2/storage/analyses/4" 2020-09-11 14:07:48,326 [modules.processing.suricata] DEBUG: pcapfile list: {'message': {'count': 0, 'files': []}, 'return': 'OK'} current pcap: {'message': '/opt/CAPEv2/storage/analyses/4/dump.pcap', 'return': 'OK'} 2020-09-11 14:07:53,327 [modules.processing.suricata] DEBUG: pcapfile list: {'message': {'count': 0, 'files': []}, 'return': 'OK'} current pcap: {'message': 'None', 'return': 'OK'} 2020-09-11 14:07:53,327 [modules.processing.suricata] DEBUG: Pcap not in list and not current pcap lets assume it's processed 2020-09-11 14:07:53,330 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "TargetInfo" on analysis at "/opt/CAPEv2/storage/analyses/4" 2020-09-11 14:07:53,368 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "VirusTotal" on analysis at "/opt/CAPEv2/storage/analyses/4" 2020-09-11 14:07:53,603 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "ProcessMemory" on analysis at "/opt/CAPEv2/storage/analyses/4" 2020-09-11 14:07:53,611 [lib.cuckoo.core.plugins] DEBUG: Applying signature overlays for signatures: creates_exe 2020-09-11 14:07:53,612 [lib.cuckoo.core.plugins] DEBUG: Running 340 evented signatures 2020-09-11 14:07:53,612 [lib.cuckoo.core.plugins] DEBUG: |-- cape_detected_threat 2020-09-11 14:07:53,612 [lib.cuckoo.core.plugins] DEBUG: |-- Compression 2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- Decryption 2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- Doppelganging 2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- EvilGrab 2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionInterProcess 2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionCreateRemoteThread 2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionProcessHollowing 2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionSetWindowLong 2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- PlugX 2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- RegBinary 2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- TransactedHollowing 2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- Unpacker 2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_mailslot 2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_netlogon_regkey 2020-09-11 14:07:53,613 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_sysvol 2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- alphacrypt_behavior 2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- andromeda_behavior 2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- anomalous_deletefile 2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_360_libs 2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_ahnlab_libs 2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_avast_libs 2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_bitdefender_libs 2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_bullgaurd_libs 2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_emsisoft_libs 2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_qurb_libs 2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_servicestop 2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antidbg_windows 2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_addvectoredexceptionhandler 2020-09-11 14:07:53,614 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_apioverride_libs 2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_checkremotedebuggerpresent 2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_debugactiveprocess 2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_gettickcount 2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_guardpages 2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_ntcreatethreadex 2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_nthookengine_libs 2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_ntsetinformationthread 2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_outputdebugstring 2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_setunhandledexceptionfilter 2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antiemu_wine_func 2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_check_userdomain 2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_cuckoo 2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_cuckoocrash 2020-09-11 14:07:53,615 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_mouse_hook 2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_restart 2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sboxie_libs 2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sboxie_objects 2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_script_timer 2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sleep 2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sunbelt_libs 2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_suspend 2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_unhook 2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_directory_objects 2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_disk 2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_disk_setupapi 2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_scsi 2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_services 2020-09-11 14:07:53,616 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_libs 2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_provname 2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_window 2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vmware_events 2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vmware_libs 2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- api_spamming 2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- banker_prinimalka 2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- bcdedit_command 2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- betabot_behavior 2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_primary_patition 2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- bootkit 2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- direct_hdd_access 2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- physical_drive_access 2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- browser_needed 2020-09-11 14:07:53,617 [lib.cuckoo.core.plugins] DEBUG: |-- browser_scanbox 2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- odbcconf_bypass 2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- regsvr32_squiblydoo_dll_load 2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- squiblydoo_bypass 2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- squiblytwo_bypass 2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- uac_bypass_cmstp 2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- uac_bypass_delegateexecute_sdclt 2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- uac_bypass_eventvwr 2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- uac_bypass_fodhelper 2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- cape_extracted_content 2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- cerber_behavior 2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- chimera_behavior 2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- clears_logs 2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- clickfraud_cookies 2020-09-11 14:07:53,618 [lib.cuckoo.core.plugins] DEBUG: |-- clickfraud_volume 2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_obfuscation 2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_switches 2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_terminate 2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- commandline_forfiles_wildcard 2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_http_link 2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- commandline_long_string 2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_reversed_http_link 2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- long_commandline 2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_renamed_commandline 2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- system_account_disovery_cmd 2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- system_info_disovery_cmd 2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- system_info_disovery_pwsh 2020-09-11 14:07:53,619 [lib.cuckoo.core.plugins] DEBUG: |-- system_network_discovery_cmd 2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- system_network_discovery_pwsh 2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- system_user_disovery_cmd 2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- dotnet_code_compile 2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- creates_largekey 2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- creates_nullvalue 2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- file_credential_store_access 2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- lsass_credential_dumping 2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- registry_credential_dumping 2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- registry_credential_store_access 2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- registry_lsa_secrets_access 2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- critical_process 2020-09-11 14:07:53,620 [lib.cuckoo.core.plugins] DEBUG: |-- cyrptomining_stratum_command 2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- cryptowall_behavior 2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2014_6332 2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2015_2419_js 2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2016-0189 2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2016_7200 2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- dead_connect 2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- dead_link 2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- debugs_self 2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- decoy_document 2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- decoy_image 2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- deletes_self 2020-09-11 14:07:53,621 [lib.cuckoo.core.plugins] DEBUG: |-- deletes_shadow_copies 2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- deletes_system_state_backup 2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- dep_bypass 2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- dep_disable 2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- disables_backups 2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- disables_mappeddrives_autodisconnect 2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- disables_event_logging 2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- disables_spdy 2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- disables_wfp 2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- guloader_apis 2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- dridex_behavior 2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- driver_load 2020-09-11 14:07:53,622 [lib.cuckoo.core.plugins] DEBUG: |-- exe_dropper_js 2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- dynamic_function_loading 2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- dyre_behavior 2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- angler_js 2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- gondad_js 2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- heapspray_js 2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- java_js 2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- Neutrino_js 2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- nuclear_js 2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- rig_js 2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- silverlight_js 2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- sundown_js 2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- virtualcheck_js 2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- encrypted_ioc 2020-09-11 14:07:53,623 [lib.cuckoo.core.plugins] DEBUG: |-- exec_crash 2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- process_creation_suspicious_location 2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- exploit_getbasekerneladdress 2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- exploit_gethaldispatchtable 2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- exploit_heapspray 2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- koadic_apis 2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- koadic_network_activity 2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- generic_phish 2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- gootkit_behavior 2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- h1n1_behavior 2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- hancitor_behavior 2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- hawkeye_behavior 2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- http_request 2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- https_urls 2020-09-11 14:07:53,624 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_browser 2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_browser_password 2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_keylog 2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- masslogger_artifacts 2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- masslogger_files 2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- masslogger_version 2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- purplewave_mutexes 2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- purplewave_network_activity 2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- Raccoon Behavior 2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- Vidar Behavior 2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- injection_createremotethread 2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- injection_explorer 2020-09-11 14:07:53,625 [lib.cuckoo.core.plugins] DEBUG: |-- injection_needextension 2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- injection_network_traffic 2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- injection_runpe 2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- injection_rwx 2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- injection_themeinitapihook 2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- internet_dropper 2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- ipc_namedpipe 2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- ispy_behavior 2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- js_phish 2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- js_suspicious_redirect 2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- kazybot_behavior 2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- kelihos_behavior 2020-09-11 14:07:53,626 [lib.cuckoo.core.plugins] DEBUG: |-- kibex_behavior 2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- kovter_behavior 2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- Locky_behavior 2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- malicious_dynamic_function_loading 2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- encrypt_data_agenttesla_http 2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- encrypt_data_agentteslat2_http 2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- encrypt_data_nanocore 2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- mimics_agent 2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- mimics_filetime 2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- masquerade_process_name 2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- mimikatz_modules 2020-09-11 14:07:53,627 [lib.cuckoo.core.plugins] DEBUG: |-- modifies_desktop_wallpaper 2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- move_file_on_reboot 2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- multiple_useragents 2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- network_anomaly 2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- network_bind 2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_blockchain 2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_idn 2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_opennic 2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_suspicious_querytype 2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_tunneling_request 2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_doh_tls 2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- network_document_http 2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- encrypt_single_http_packet 2020-09-11 14:07:53,628 [lib.cuckoo.core.plugins] DEBUG: |-- explorer_http 2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- network_tor 2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- nymaim_behavior 2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- office_addinloading 2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- office_com_load 2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- office_dotnet_load 2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- office_vb_load 2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- office_wmi_load 2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- office_cve2017_11882 2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- office_cve2017_11882_network 2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- office_flash_load 2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- office_postscript 2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_aslr_bypass 2020-09-11 14:07:53,629 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_anomaly_characterset 2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_anomaly_version 2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_embedded_content 2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_embedded_office_file 2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_exploit_static 2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- office_dde_command 2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- office_suspicious_processes 2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- office_write_exe 2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- packer_themida 2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_autorun 2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_autorun_tasks 2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_safeboot 2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_bootexecute 2020-09-11 14:07:53,630 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_registry_script 2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_ifeo 2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_slient_process_exit 2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_rdp_registry 2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_shim_database 2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- pony_behavior 2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_network_connection 2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_scriptblock_logging 2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_command_suspicious 2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_renamed 2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_reversed 2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_variable_obfuscation 2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- process_interest 2020-09-11 14:07:53,631 [lib.cuckoo.core.plugins] DEBUG: |-- process_needed 2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- mass_data_encryption 2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- dharma_mutexes 2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_dmalocker 2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_file_modifications 2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- fonix_mutexes 2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_message 2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_message_multiple_locations 2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- nemty_network_activity 2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- nemty_note 2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- satan_mutexes 2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- snake_ransom_mutexes 2020-09-11 14:07:53,632 [lib.cuckoo.core.plugins] DEBUG: |-- Sodinokibi Behavior 2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- stop_ransom_mutexes 2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- blackrat_apis 2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- blackrat_network_activity 2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- blackrat_registry_keys 2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- dcrat_behavior 2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- rat_luminosity 2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- rat_nanocore 2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- NewtWire Behavior 2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- obliquerat_network_activity 2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- OrcusRAT Behavior 2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- trochilusrat_APIs 2020-09-11 14:07:53,633 [lib.cuckoo.core.plugins] DEBUG: |-- xpertrat_files 2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- xpertrat_mutexes 2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- reads_self 2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- recon_beacon 2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- recon_programs 2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- recon_systeminfo 2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_recyclebin 2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- uses_rdp_clip 2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- uses_remote_desktop_session 2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- removes_zoneid_ads 2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- script_created_process 2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- script_network_activity 2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_js_script 2020-09-11 14:07:53,634 [lib.cuckoo.core.plugins] DEBUG: |-- secure_login_phish 2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- securityxploded_modules 2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- sets_autoconfig_url 2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- shifu_behavior 2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- spoofs_procname 2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- stack_pivot 2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- stack_pivot_file_created 2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- stack_pivot_process_create 2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_childproc 2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_file 2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_network 2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_timeout 2020-09-11 14:07:53,635 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_window 2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- sysinternals_psexec 2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- sysinternals_tools 2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- territorial_disputes_sigs 2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- tinba_behavior 2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- TrickBotTaskDelete 2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- upatre_behavior 2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- ursnif_behavior 2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- user_enum 2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- uses_adfind 2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- vawtrak_behavior 2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- vawtrak_behavior 2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- virus 2020-09-11 14:07:53,636 [lib.cuckoo.core.plugins] DEBUG: |-- neshta_files 2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- neshta_regkeys 2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- webmail_phish 2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- web_shell_processes 2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- persists_dev_util 2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- spawns_dev_util 2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- alters_windows_utility 2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- dotnet_csc_build 2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- multiple_explorer_instances 2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- overwrites_accessibility_utility 2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- script_tool_executed 2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_certutil_use 2020-09-11 14:07:53,637 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_command_tools 2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_mpcmdrun_use 2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_ping_use 2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities 2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_appcmd 2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_csvde_ldifde 2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_cipher 2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_clickonce 2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_dsquery 2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_mode 2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_ntdsutil 2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_nltest 2020-09-11 14:07:53,638 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_to_create_scheduled_task 2020-09-11 14:07:53,639 [lib.cuckoo.core.plugins] DEBUG: |-- wmic_command_suspicious 2020-09-11 14:07:53,639 [lib.cuckoo.core.plugins] DEBUG: |-- scrcons_wmi_script_consumer 2020-09-11 14:07:53,639 [lib.cuckoo.core.plugins] DEBUG: |-- wmi_create_process 2020-09-11 14:07:53,639 [lib.cuckoo.core.plugins] DEBUG: `-- wmi_script_process [] 2020-09-11 14:07:53,648 [lib.cuckoo.core.plugins] DEBUG: Running non-evented signatures 2020-09-11 14:07:53,648 [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_detected_threat" 2020-09-11 14:07:53,648 [lib.cuckoo.core.plugins] DEBUG: Running signature "Compression" 2020-09-11 14:07:53,648 [lib.cuckoo.core.plugins] DEBUG: Running signature "Decryption" 2020-09-11 14:07:53,648 [lib.cuckoo.core.plugins] DEBUG: Running signature "Doppelganging" 2020-09-11 14:07:53,649 [lib.cuckoo.core.plugins] DEBUG: Running signature "EvilGrab" 2020-09-11 14:07:53,649 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionInterProcess" 2020-09-11 14:07:53,649 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionCreateRemoteThread" 2020-09-11 14:07:53,649 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionProcessHollowing" 2020-09-11 14:07:53,649 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionSetWindowLong" 2020-09-11 14:07:53,649 [lib.cuckoo.core.plugins] DEBUG: Running signature "PlugX" 2020-09-11 14:07:53,649 [lib.cuckoo.core.plugins] DEBUG: Running signature "RegBinary" 2020-09-11 14:07:53,649 [lib.cuckoo.core.plugins] DEBUG: Running signature "TransactedHollowing" 2020-09-11 14:07:53,649 [lib.cuckoo.core.plugins] DEBUG: Running signature "Unpacker" 2020-09-11 14:07:53,650 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_mailslot" 2020-09-11 14:07:53,650 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_netlogon_regkey" 2020-09-11 14:07:53,650 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_sysvol" 2020-09-11 14:07:53,650 [lib.cuckoo.core.plugins] DEBUG: Running signature "alphacrypt_behavior" 2020-09-11 14:07:53,650 [lib.cuckoo.core.plugins] DEBUG: Running signature "andromeda_behavior" 2020-09-11 14:07:53,650 [lib.cuckoo.core.plugins] DEBUG: Running signature "anomalous_deletefile" 2020-09-11 14:07:53,650 [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectfile" 2020-09-11 14:07:53,652 [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectreg" 2020-09-11 14:07:53,653 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_360_libs" 2020-09-11 14:07:53,653 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_ahnlab_libs" 2020-09-11 14:07:53,653 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_avast_libs" 2020-09-11 14:07:53,653 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_bitdefender_libs" 2020-09-11 14:07:53,654 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_bullgaurd_libs" 2020-09-11 14:07:53,654 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_attachment_manager" 2020-09-11 14:07:53,654 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectfile" 2020-09-11 14:07:53,656 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectreg" 2020-09-11 14:07:53,660 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_emsisoft_libs" 2020-09-11 14:07:53,660 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_qurb_libs" 2020-09-11 14:07:53,660 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_servicestop" 2020-09-11 14:07:53,660 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_srp" 2020-09-11 14:07:53,660 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidbg_devices" 2020-09-11 14:07:53,661 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidbg_windows" 2020-09-11 14:07:53,661 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_addvectoredexceptionhandler" 2020-09-11 14:07:53,661 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_apioverride_libs" 2020-09-11 14:07:53,661 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_checkremotedebuggerpresent" 2020-09-11 14:07:53,661 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_debugactiveprocess" 2020-09-11 14:07:53,661 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_gettickcount" 2020-09-11 14:07:53,661 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_guardpages" 2020-09-11 14:07:53,661 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_ntcreatethreadex" 2020-09-11 14:07:53,662 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_nthookengine_libs" 2020-09-11 14:07:53,662 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_ntsetinformationthread" 2020-09-11 14:07:53,662 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_outputdebugstring" 2020-09-11 14:07:53,662 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_setunhandledexceptionfilter" 2020-09-11 14:07:53,662 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_reg" 2020-09-11 14:07:53,662 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_func" 2020-09-11 14:07:53,662 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_check_userdomain" 2020-09-11 14:07:53,662 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoo" 2020-09-11 14:07:53,662 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoo_files" 2020-09-11 14:07:53,663 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoocrash" 2020-09-11 14:07:53,663 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_fortinet_files" 2020-09-11 14:07:53,663 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_joe_anubis_files" 2020-09-11 14:07:53,663 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_mouse_hook" 2020-09-11 14:07:53,663 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_restart" 2020-09-11 14:07:53,663 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_libs" 2020-09-11 14:07:53,663 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_mutex" 2020-09-11 14:07:53,663 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_objects" 2020-09-11 14:07:53,664 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_script_timer" 2020-09-11 14:07:53,664 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sleep" 2020-09-11 14:07:53,664 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_files" 2020-09-11 14:07:53,664 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_libs" 2020-09-11 14:07:53,664 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_suspend" 2020-09-11 14:07:53,664 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_threattrack_files" 2020-09-11 14:07:53,664 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_unhook" 2020-09-11 14:07:53,665 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivirus_virustotal" 2020-09-11 14:07:53,665 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_xen_keys" 2020-09-11 14:07:53,665 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_directory_objects" 2020-09-11 14:07:53,665 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_bios" 2020-09-11 14:07:53,665 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_cpu" 2020-09-11 14:07:53,665 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_disk" 2020-09-11 14:07:53,666 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_disk_setupapi" 2020-09-11 14:07:53,666 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_diskreg" 2020-09-11 14:07:53,666 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_scsi" 2020-09-11 14:07:53,666 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_services" 2020-09-11 14:07:53,666 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_system" 2020-09-11 14:07:53,666 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_hyperv_keys" 2020-09-11 14:07:53,667 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_parallels_keys" 2020-09-11 14:07:53,667 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_devices" 2020-09-11 14:07:53,667 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_files" 2020-09-11 14:07:53,668 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_keys" 2020-09-11 14:07:53,669 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_libs" 2020-09-11 14:07:53,669 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_provname" 2020-09-11 14:07:53,669 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_window" 2020-09-11 14:07:53,669 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_devices" 2020-09-11 14:07:53,669 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_events" 2020-09-11 14:07:53,670 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_files" 2020-09-11 14:07:53,670 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_keys" 2020-09-11 14:07:53,670 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_libs" 2020-09-11 14:07:53,671 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_mutexes" 2020-09-11 14:07:53,671 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_files" 2020-09-11 14:07:53,671 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_keys" 2020-09-11 14:07:53,671 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_mutex" 2020-09-11 14:07:53,672 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_xen_keys" 2020-09-11 14:07:53,672 [lib.cuckoo.core.plugins] DEBUG: Running signature "api_spamming" 2020-09-11 14:07:53,672 [lib.cuckoo.core.plugins] DEBUG: Running signature "ketrican_regkeys" 2020-09-11 14:07:53,672 [lib.cuckoo.core.plugins] DEBUG: Running signature "okrum_mutexes" 2020-09-11 14:07:53,673 [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_certs" 2020-09-11 14:07:53,673 [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_ssl_certs" 2020-09-11 14:07:53,673 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_cridex" 2020-09-11 14:07:53,673 [lib.cuckoo.core.plugins] DEBUG: Running signature "geodo_banking_trojan" 2020-09-11 14:07:53,674 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_prinimalka" 2020-09-11 14:07:53,675 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_spyeye_mutexes" 2020-09-11 14:07:53,675 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_mutex" 2020-09-11 14:07:53,675 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_p2p" 2020-09-11 14:07:53,676 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_url" 2020-09-11 14:07:53,676 [lib.cuckoo.core.plugins] DEBUG: Running signature "bcdedit_command" 2020-09-11 14:07:53,676 [lib.cuckoo.core.plugins] DEBUG: Running signature "betabot_behavior" 2020-09-11 14:07:53,676 [lib.cuckoo.core.plugins] DEBUG: Running signature "bitcoin_opencl" 2020-09-11 14:07:53,676 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_primary_patition" 2020-09-11 14:07:53,676 [lib.cuckoo.core.plugins] DEBUG: Running signature "bootkit" 2020-09-11 14:07:53,677 [lib.cuckoo.core.plugins] DEBUG: Running signature "direct_hdd_access" 2020-09-11 14:07:53,677 [lib.cuckoo.core.plugins] DEBUG: Running signature "physical_drive_access" 2020-09-11 14:07:53,677 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_athenahttp" 2020-09-11 14:07:53,677 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_dirtjumper" 2020-09-11 14:07:53,677 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive" 2020-09-11 14:07:53,678 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive2" 2020-09-11 14:07:53,678 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_madness" 2020-09-11 14:07:53,678 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_russkill" 2020-09-11 14:07:53,678 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_addon" 2020-09-11 14:07:53,679 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_helper_object" 2020-09-11 14:07:53,679 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_needed" 2020-09-11 14:07:53,679 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_proxy" 2020-09-11 14:07:53,680 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_scanbox" 2020-09-11 14:07:53,680 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_security" 2020-09-11 14:07:53,681 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_startpage" 2020-09-11 14:07:53,681 [lib.cuckoo.core.plugins] DEBUG: Running signature "odbcconf_bypass" 2020-09-11 14:07:53,681 [lib.cuckoo.core.plugins] DEBUG: Running signature "regsvr32_squiblydoo_dll_load" 2020-09-11 14:07:53,681 [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblydoo_bypass" 2020-09-11 14:07:53,682 [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblytwo_bypass" 2020-09-11 14:07:53,682 [lib.cuckoo.core.plugins] DEBUG: Running signature "bypass_firewall" 2020-09-11 14:07:53,682 [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_cmstp" 2020-09-11 14:07:53,682 [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_delegateexecute_sdclt" 2020-09-11 14:07:53,682 [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_eventvwr" 2020-09-11 14:07:53,682 [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_fodhelper" 2020-09-11 14:07:53,683 [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_extracted_content" 2020-09-11 14:07:53,683 [lib.cuckoo.core.plugins] DEBUG: Running signature "carberp_mutex" 2020-09-11 14:07:53,683 [lib.cuckoo.core.plugins] DEBUG: Running signature "cerber_behavior" 2020-09-11 14:07:53,683 [lib.cuckoo.core.plugins] DEBUG: Running signature "chimera_behavior" 2020-09-11 14:07:53,683 [lib.cuckoo.core.plugins] DEBUG: Running signature "clamav" 2020-09-11 14:07:53,683 [lib.cuckoo.core.plugins] DEBUG: Running signature "clears_logs" 2020-09-11 14:07:53,684 [lib.cuckoo.core.plugins] DEBUG: Running signature "clickfraud_cookies" 2020-09-11 14:07:53,684 [lib.cuckoo.core.plugins] DEBUG: Running signature "clickfraud_volume" 2020-09-11 14:07:53,684 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_obfuscation" 2020-09-11 14:07:53,684 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_switches" 2020-09-11 14:07:53,684 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_terminate" 2020-09-11 14:07:53,684 [lib.cuckoo.core.plugins] DEBUG: Running signature "commandline_forfiles_wildcard" 2020-09-11 14:07:53,684 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_http_link" 2020-09-11 14:07:53,684 [lib.cuckoo.core.plugins] DEBUG: Running signature "commandline_long_string" 2020-09-11 14:07:53,684 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_reversed_http_link" 2020-09-11 14:07:53,685 [lib.cuckoo.core.plugins] DEBUG: Running signature "long_commandline" 2020-09-11 14:07:53,685 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed_commandline" 2020-09-11 14:07:53,685 [lib.cuckoo.core.plugins] DEBUG: Running signature "codelux_behavior" 2020-09-11 14:07:53,685 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_account_disovery_cmd" 2020-09-11 14:07:53,685 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_disovery_cmd" 2020-09-11 14:07:53,685 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_disovery_pwsh" 2020-09-11 14:07:53,686 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_cmd" 2020-09-11 14:07:53,686 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_pwsh" 2020-09-11 14:07:53,686 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_user_disovery_cmd" 2020-09-11 14:07:53,686 [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_code_compile" 2020-09-11 14:07:53,686 [lib.cuckoo.core.plugins] DEBUG: Running signature "copies_self" 2020-09-11 14:07:53,686 [lib.cuckoo.core.plugins] DEBUG: Running signature "creates_largekey" 2020-09-11 14:07:53,686 [lib.cuckoo.core.plugins] DEBUG: Running signature "creates_nullvalue" 2020-09-11 14:07:53,686 [lib.cuckoo.core.plugins] DEBUG: Running signature "enables_wdigest" 2020-09-11 14:07:53,686 [lib.cuckoo.core.plugins] DEBUG: Running signature "file_credential_store_access" 2020-09-11 14:07:53,687 [lib.cuckoo.core.plugins] DEBUG: Running signature "lsass_credential_dumping" 2020-09-11 14:07:53,687 [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_dumping" 2020-09-11 14:07:53,687 [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_store_access" 2020-09-11 14:07:53,687 [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_lsa_secrets_access" 2020-09-11 14:07:53,687 [lib.cuckoo.core.plugins] DEBUG: Running signature "critical_process" 2020-09-11 14:07:53,687 [lib.cuckoo.core.plugins] DEBUG: Running signature "cyrptomining_stratum_command" 2020-09-11 14:07:53,688 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptopool_domains" 2020-09-11 14:07:53,688 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptowall_behavior" 2020-09-11 14:07:53,688 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2014_6332" 2020-09-11 14:07:53,688 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2015_2419_js" 2020-09-11 14:07:53,688 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2016-0189" 2020-09-11 14:07:53,688 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2016_7200" 2020-09-11 14:07:53,688 [lib.cuckoo.core.plugins] DEBUG: Running signature "cypherit_mutexes" 2020-09-11 14:07:53,688 [lib.cuckoo.core.plugins] DEBUG: Running signature "darkcomet_regkeys" 2020-09-11 14:07:53,689 [lib.cuckoo.core.plugins] DEBUG: Running signature "dead_connect" 2020-09-11 14:07:53,689 [lib.cuckoo.core.plugins] DEBUG: Running signature "dead_link" 2020-09-11 14:07:53,689 [lib.cuckoo.core.plugins] DEBUG: Running signature "debugs_self" 2020-09-11 14:07:53,689 [lib.cuckoo.core.plugins] DEBUG: Running signature "decoy_document" 2020-09-11 14:07:53,689 [lib.cuckoo.core.plugins] DEBUG: Running signature "decoy_image" 2020-09-11 14:07:53,689 [lib.cuckoo.core.plugins] DEBUG: Running signature "deepfreeze_mutex" 2020-09-11 14:07:53,689 [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_self" 2020-09-11 14:07:53,690 [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_shadow_copies" 2020-09-11 14:07:53,690 [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_system_state_backup" 2020-09-11 14:07:53,690 [lib.cuckoo.core.plugins] DEBUG: Running signature "dep_bypass" 2020-09-11 14:07:53,690 [lib.cuckoo.core.plugins] DEBUG: Running signature "dep_disable" 2020-09-11 14:07:53,690 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_app_launch" 2020-09-11 14:07:53,690 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_backups" 2020-09-11 14:07:53,691 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_browser_warn" 2020-09-11 14:07:53,692 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_mappeddrives_autodisconnect" 2020-09-11 14:07:53,692 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_event_logging" 2020-09-11 14:07:53,692 [lib.cuckoo.core.plugins] DEBUG: Running signature "disable_folder_options" 2020-09-11 14:07:53,693 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_notificationcenter" 2020-09-11 14:07:53,693 [lib.cuckoo.core.plugins] DEBUG: Running signature "disable_run_command" 2020-09-11 14:07:53,693 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_smartscreen" 2020-09-11 14:07:53,693 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_spdy" 2020-09-11 14:07:53,694 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_system_restore" 2020-09-11 14:07:53,694 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_uac" 2020-09-11 14:07:53,694 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wer" 2020-09-11 14:07:53,694 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wfp" 2020-09-11 14:07:53,694 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender" 2020-09-11 14:07:53,695 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender_logging" 2020-09-11 14:07:53,695 [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_windows_defender_contextmenu" 2020-09-11 14:07:53,696 [lib.cuckoo.core.plugins] DEBUG: Running signature "windows_defender_powershell" 2020-09-11 14:07:53,696 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windowsupdate" 2020-09-11 14:07:53,696 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_winfirewall" 2020-09-11 14:07:53,696 [lib.cuckoo.core.plugins] DEBUG: Running signature "andromut_mutexes" 2020-09-11 14:07:53,697 [lib.cuckoo.core.plugins] DEBUG: Running signature "downloader_cabby" 2020-09-11 14:07:53,697 [lib.cuckoo.core.plugins] DEBUG: Running signature "guloader_apis" 2020-09-11 14:07:53,697 [lib.cuckoo.core.plugins] DEBUG: Running signature "phorpiex_mutexes" 2020-09-11 14:07:53,697 [lib.cuckoo.core.plugins] DEBUG: Running signature "protonbot_mutexes" 2020-09-11 14:07:53,697 [lib.cuckoo.core.plugins] DEBUG: Running signature "dridex_behavior" 2020-09-11 14:07:53,697 [lib.cuckoo.core.plugins] DEBUG: Running signature "driver_load" 2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "dropper" 2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "exe_dropper_js" 2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "dynamic_function_loading" 2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "dyre_behavior" 2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "angler_js" 2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "gondad_js" 2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "heapspray_js" 2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "java_js" 2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "Neutrino_js" 2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "nuclear_js" 2020-09-11 14:07:53,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "rig_js" 2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "silverlight_js" 2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "sundown_js" 2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "virtualcheck_js" 2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypted_ioc" 2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "excel4_macro_urls" 2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "exec_crash" 2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "process_creation_suspicious_location" 2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "exploit_getbasekerneladdress" 2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "exploit_gethaldispatchtable" 2020-09-11 14:07:53,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "exploit_heapspray" 2020-09-11 14:07:53,700 [lib.cuckoo.core.plugins] DEBUG: Running signature "koadic_apis" 2020-09-11 14:07:53,700 [lib.cuckoo.core.plugins] DEBUG: Running signature "koadic_network_activity" 2020-09-11 14:07:53,701 [lib.cuckoo.core.plugins] DEBUG: Running signature "family_proxyback" 2020-09-11 14:07:53,701 [lib.cuckoo.core.plugins] DEBUG: Running signature "mapped_drives_uac" 2020-09-11 14:07:53,701 [lib.cuckoo.core.plugins] DEBUG: Running signature "generic_phish" 2020-09-11 14:07:53,702 [lib.cuckoo.core.plugins] DEBUG: Running signature "gootkit_behavior" 2020-09-11 14:07:53,702 [lib.cuckoo.core.plugins] DEBUG: Running signature "h1n1_behavior" 2020-09-11 14:07:53,702 [lib.cuckoo.core.plugins] DEBUG: Running signature "hancitor_behavior" 2020-09-11 14:07:53,702 [lib.cuckoo.core.plugins] DEBUG: Running signature "hawkeye_behavior" 2020-09-11 14:07:53,702 [lib.cuckoo.core.plugins] DEBUG: Running signature "http_request" 2020-09-11 14:07:53,702 [lib.cuckoo.core.plugins] DEBUG: Running signature "https_urls" 2020-09-11 14:07:53,702 [lib.cuckoo.core.plugins] DEBUG: Running signature "arkei_files" 2020-09-11 14:07:53,702 [lib.cuckoo.core.plugins] DEBUG: Running signature "azorult_mutexes" 2020-09-11 14:07:53,703 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_bitcoin" 2020-09-11 14:07:53,704 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_browser" 2020-09-11 14:07:53,705 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_browser_password" 2020-09-11 14:07:53,705 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_ftp" 2020-09-11 14:07:53,707 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_im" 2020-09-11 14:07:53,708 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_keylog" 2020-09-11 14:07:53,708 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_mail" 2020-09-11 14:07:53,708 [lib.cuckoo.core.plugins] DEBUG: Running signature "masslogger_artifacts" 2020-09-11 14:07:53,708 [lib.cuckoo.core.plugins] DEBUG: Running signature "masslogger_files" 2020-09-11 14:07:53,708 [lib.cuckoo.core.plugins] DEBUG: Running signature "masslogger_version" 2020-09-11 14:07:53,709 [lib.cuckoo.core.plugins] DEBUG: Running signature "purplewave_mutexes" 2020-09-11 14:07:53,709 [lib.cuckoo.core.plugins] DEBUG: Running signature "purplewave_network_activity" 2020-09-11 14:07:53,709 [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_files" 2020-09-11 14:07:53,709 [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_mutexes" 2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "Raccoon Behavior" 2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "Vidar Behavior" 2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_createremotethread" 2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_explorer" 2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_needextension" 2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_network_traffic" 2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_runpe" 2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_rwx" 2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_themeinitapihook" 2020-09-11 14:07:53,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "internet_dropper" 2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "ipc_namedpipe" 2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "ispy_behavior" 2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "js_phish" 2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "js_suspicious_redirect" 2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "kazybot_behavior" 2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "kelihos_behavior" 2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "kibex_behavior" 2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "kovter_behavior" 2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_kraken_mutexes" 2020-09-11 14:07:53,711 [lib.cuckoo.core.plugins] DEBUG: Running signature "locker_regedit" 2020-09-11 14:07:53,712 [lib.cuckoo.core.plugins] DEBUG: Running signature "locker_taskmgr" 2020-09-11 14:07:53,712 [lib.cuckoo.core.plugins] DEBUG: Running signature "Locky_behavior" 2020-09-11 14:07:53,712 [lib.cuckoo.core.plugins] DEBUG: Running signature "malicious_dynamic_function_loading" 2020-09-11 14:07:53,712 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypt_data_agenttesla_http" 2020-09-11 14:07:53,712 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypt_data_agentteslat2_http" 2020-09-11 14:07:53,712 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypt_data_nanocore" 2020-09-11 14:07:53,712 [lib.cuckoo.core.plugins] DEBUG: Running signature "ie_martian_children" 2020-09-11 14:07:53,713 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_martian_children" 2020-09-11 14:07:53,714 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_agent" 2020-09-11 14:07:53,714 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_extension" 2020-09-11 14:07:53,714 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_filetime" 2020-09-11 14:07:53,714 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_icon" 2020-09-11 14:07:53,715 [lib.cuckoo.core.plugins] DEBUG: Running signature "masquerade_process_name" 2020-09-11 14:07:53,715 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimikatz_modules" 2020-09-11 14:07:53,715 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_certs" 2020-09-11 14:07:53,716 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_hostfile" 2020-09-11 14:07:53,716 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_security_center_warnings" 2020-09-11 14:07:53,716 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_uac_prompt" 2020-09-11 14:07:53,717 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_desktop_wallpaper" 2020-09-11 14:07:53,717 [lib.cuckoo.core.plugins] DEBUG: Running signature "move_file_on_reboot" 2020-09-11 14:07:53,717 [lib.cuckoo.core.plugins] DEBUG: Running signature "multiple_useragents" 2020-09-11 14:07:53,717 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_anomaly" 2020-09-11 14:07:53,717 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_bind" 2020-09-11 14:07:53,717 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_country_distribution" 2020-09-11 14:07:53,717 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_multiple_direct_ip_connections" 2020-09-11 14:07:53,718 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_http" 2020-09-11 14:07:53,718 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga" 2020-09-11 14:07:53,718 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_blockchain" 2020-09-11 14:07:53,718 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_idn" 2020-09-11 14:07:53,718 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_opennic" 2020-09-11 14:07:53,718 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_suspicious_querytype" 2020-09-11 14:07:53,718 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_tunneling_request" 2020-09-11 14:07:53,718 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_doh_tls" 2020-09-11 14:07:53,719 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_document_http" 2020-09-11 14:07:53,719 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypt_single_http_packet" 2020-09-11 14:07:53,719 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_excessive_udp" 2020-09-11 14:07:53,719 [lib.cuckoo.core.plugins] DEBUG: Running signature "explorer_http" 2020-09-11 14:07:53,719 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_http" 2020-09-11 14:07:53,719 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_icmp" 2020-09-11 14:07:53,719 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_irc" 2020-09-11 14:07:53,719 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_smtp" 2020-09-11 14:07:53,720 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_temp_file_storage" 2020-09-11 14:07:53,720 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor" 2020-09-11 14:07:53,720 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor_service" 2020-09-11 14:07:53,720 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_torgateway" 2020-09-11 14:07:53,720 [lib.cuckoo.core.plugins] DEBUG: Running signature "nymaim_behavior" 2020-09-11 14:07:53,720 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_code_page" 2020-09-11 14:07:53,720 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_addinloading" 2020-09-11 14:07:53,720 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_com_load" 2020-09-11 14:07:53,721 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_dotnet_load" 2020-09-11 14:07:53,721 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_perfkey" 2020-09-11 14:07:53,721 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_vb_load" 2020-09-11 14:07:53,721 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_wmi_load" 2020-09-11 14:07:53,721 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_cve2017_11882" 2020-09-11 14:07:53,721 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_cve2017_11882_network" 2020-09-11 14:07:53,721 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_flash_load" 2020-09-11 14:07:53,721 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_postscript" 2020-09-11 14:07:53,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro" 2020-09-11 14:07:53,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_autoexecution" 2020-09-11 14:07:53,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_ioc" 2020-09-11 14:07:53,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_malicious_prediction" 2020-09-11 14:07:53,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_suspicious" 2020-09-11 14:07:53,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_aslr_bypass" 2020-09-11 14:07:53,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_characterset" 2020-09-11 14:07:53,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_version" 2020-09-11 14:07:53,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_content" 2020-09-11 14:07:53,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_office_file" 2020-09-11 14:07:53,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_exploit_static" 2020-09-11 14:07:53,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_security" 2020-09-11 14:07:53,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_anomalous_feature" 2020-09-11 14:07:53,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_dde_command" 2020-09-11 14:07:53,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_suspicious_processes" 2020-09-11 14:07:53,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_write_exe" 2020-09-11 14:07:53,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_langid" 2020-09-11 14:07:53,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_resource_langid" 2020-09-11 14:07:53,724 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_unknown_pe_section_name" 2020-09-11 14:07:53,724 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_mutex" 2020-09-11 14:07:53,724 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_regkey" 2020-09-11 14:07:53,724 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspack" 2020-09-11 14:07:53,724 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspirecrypt" 2020-09-11 14:07:53,724 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_bedsprotector" 2020-09-11 14:07:53,724 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_confuser" 2020-09-11 14:07:53,724 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_enigma" 2020-09-11 14:07:53,724 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_entropy" 2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_mpress" 2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nate" 2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nspack" 2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_smartassembly" 2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_spices" 2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_themida" 2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_themida" 2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_titan" 2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_upx" 2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_vmprotect" 2020-09-11 14:07:53,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_yoda" 2020-09-11 14:07:53,726 [lib.cuckoo.core.plugins] DEBUG: Running signature "pdf_annot_urls" 2020-09-11 14:07:53,726 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ads" 2020-09-11 14:07:53,726 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_autorun" 2020-09-11 14:07:53,726 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_autorun_tasks" 2020-09-11 14:07:53,726 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_safeboot" 2020-09-11 14:07:53,726 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_bootexecute" 2020-09-11 14:07:53,726 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_registry_script" 2020-09-11 14:07:53,726 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ifeo" 2020-09-11 14:07:53,727 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_slient_process_exit" 2020-09-11 14:07:53,727 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_rdp_registry" 2020-09-11 14:07:53,727 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_service" 2020-09-11 14:07:53,727 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_shim_database" 2020-09-11 14:07:53,728 [lib.cuckoo.core.plugins] DEBUG: Running signature "polymorphic" 2020-09-11 14:07:53,728 [lib.cuckoo.core.plugins] DEBUG: Running signature "pony_behavior" 2020-09-11 14:07:53,728 [lib.cuckoo.core.plugins] DEBUG: Running signature "powerpool_mutexes" 2020-09-11 14:07:53,728 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_network_connection" 2020-09-11 14:07:53,728 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_scriptblock_logging" 2020-09-11 14:07:53,728 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_command_suspicious" 2020-09-11 14:07:53,728 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed" 2020-09-11 14:07:53,729 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_reversed" 2020-09-11 14:07:53,729 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_variable_obfuscation" 2020-09-11 14:07:53,729 [lib.cuckoo.core.plugins] DEBUG: Running signature "punch_plus_plus_pcres" 2020-09-11 14:07:53,729 [lib.cuckoo.core.plugins] DEBUG: Running signature "prevents_safeboot" 2020-09-11 14:07:53,729 [lib.cuckoo.core.plugins] DEBUG: Running signature "process_interest" 2020-09-11 14:07:53,729 [lib.cuckoo.core.plugins] DEBUG: Running signature "process_needed" 2020-09-11 14:07:53,729 [lib.cuckoo.core.plugins] DEBUG: Running signature "procmem_yara" 2020-09-11 14:07:53,729 [lib.cuckoo.core.plugins] DEBUG: Running signature "mass_data_encryption" 2020-09-11 14:07:53,730 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptomix_mutexes" 2020-09-11 14:07:53,730 [lib.cuckoo.core.plugins] DEBUG: Running signature "dharma_mutexes" 2020-09-11 14:07:53,730 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_dmalocker" 2020-09-11 14:07:53,730 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_extensions" 2020-09-11 14:07:53,734 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_file_modifications" 2020-09-11 14:07:53,734 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_files" 2020-09-11 14:07:53,739 [lib.cuckoo.core.plugins] DEBUG: Running signature "fonix_mutexes" 2020-09-11 14:07:53,740 [lib.cuckoo.core.plugins] DEBUG: Running signature "gandcrab_mutexes" 2020-09-11 14:07:53,740 [lib.cuckoo.core.plugins] DEBUG: Running signature "germanwiper_mutexes" 2020-09-11 14:07:53,740 [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_mutexes" 2020-09-11 14:07:53,740 [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_regkeys" 2020-09-11 14:07:53,741 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_message" 2020-09-11 14:07:53,741 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_message_multiple_locations" 2020-09-11 14:07:53,741 [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_mutexes" 2020-09-11 14:07:53,741 [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_network_activity" 2020-09-11 14:07:53,741 [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_note" 2020-09-11 14:07:53,741 [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_regkeys" 2020-09-11 14:07:53,742 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_radamant" 2020-09-11 14:07:53,742 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_recyclebin" 2020-09-11 14:07:53,742 [lib.cuckoo.core.plugins] DEBUG: Running signature "revil_mutexes" 2020-09-11 14:07:53,743 [lib.cuckoo.core.plugins] DEBUG: Running signature "satan_mutexes" 2020-09-11 14:07:53,743 [lib.cuckoo.core.plugins] DEBUG: Running signature "snake_ransom_mutexes" 2020-09-11 14:07:53,744 [lib.cuckoo.core.plugins] DEBUG: Running signature "Sodinokibi Behavior" 2020-09-11 14:07:53,744 [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransom_mutexes" 2020-09-11 14:07:53,744 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_beebus_mutexes" 2020-09-11 14:07:53,744 [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_apis" 2020-09-11 14:07:53,744 [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_mutexes" 2020-09-11 14:07:53,745 [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_network_activity" 2020-09-11 14:07:53,746 [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_registry_keys" 2020-09-11 14:07:53,746 [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_behavior" 2020-09-11 14:07:53,746 [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_files" 2020-09-11 14:07:53,746 [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_mutexes" 2020-09-11 14:07:53,747 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_fynloski_mutexes" 2020-09-11 14:07:53,747 [lib.cuckoo.core.plugins] DEBUG: Running signature "karagany_system_event_objects" 2020-09-11 14:07:53,747 [lib.cuckoo.core.plugins] DEBUG: Running signature "karagany_files" 2020-09-11 14:07:53,747 [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_mutexes" 2020-09-11 14:07:53,747 [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_regkeys" 2020-09-11 14:07:53,747 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_luminosity" 2020-09-11 14:07:53,748 [lib.cuckoo.core.plugins] DEBUG: Running signature "modirat_bheavior" 2020-09-11 14:07:53,752 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_nanocore" 2020-09-11 14:07:53,752 [lib.cuckoo.core.plugins] DEBUG: Running signature "NewtWire Behavior" 2020-09-11 14:07:53,752 [lib.cuckoo.core.plugins] DEBUG: Running signature "njrat_regkeys" 2020-09-11 14:07:53,752 [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_files" 2020-09-11 14:07:53,752 [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_mutexes" 2020-09-11 14:07:53,753 [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_network_activity" 2020-09-11 14:07:53,753 [lib.cuckoo.core.plugins] DEBUG: Running signature "OrcusRAT Behavior" 2020-09-11 14:07:53,753 [lib.cuckoo.core.plugins] DEBUG: Running signature "parallax_mutexes" 2020-09-11 14:07:53,753 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_pcclient" 2020-09-11 14:07:53,753 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_plugx_mutexes" 2020-09-11 14:07:53,753 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_poisonivy_mutexes" 2020-09-11 14:07:53,754 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_quasar_mutexes" 2020-09-11 14:07:53,754 [lib.cuckoo.core.plugins] DEBUG: Running signature "ratsnif_mutexes" 2020-09-11 14:07:53,754 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_spynet" 2020-09-11 14:07:53,754 [lib.cuckoo.core.plugins] DEBUG: Running signature "trochilusrat_APIs" 2020-09-11 14:07:53,754 [lib.cuckoo.core.plugins] DEBUG: Running signature "venomrat_mutexes" 2020-09-11 14:07:53,755 [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_files" 2020-09-11 14:07:53,755 [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_regkeys" 2020-09-11 14:07:53,755 [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_files" 2020-09-11 14:07:53,755 [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_mutexes" 2020-09-11 14:07:53,756 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_xtreme_mutexes" 2020-09-11 14:07:53,756 [lib.cuckoo.core.plugins] DEBUG: Running signature "reads_self" 2020-09-11 14:07:53,756 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_beacon" 2020-09-11 14:07:53,756 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_checkip" 2020-09-11 14:07:53,756 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_fingerprint" 2020-09-11 14:07:53,757 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_programs" 2020-09-11 14:07:53,757 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_systeminfo" 2020-09-11 14:07:53,757 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_recyclebin" 2020-09-11 14:07:53,757 [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_files" 2020-09-11 14:07:53,757 [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_mutexes" 2020-09-11 14:07:53,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_regkeys" 2020-09-11 14:07:53,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_rdp_clip" 2020-09-11 14:07:53,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_remote_desktop_session" 2020-09-11 14:07:53,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_zoneid_ads" 2020-09-11 14:07:53,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "script_created_process" 2020-09-11 14:07:53,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "script_network_activity" 2020-09-11 14:07:53,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_js_script" 2020-09-11 14:07:53,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "secure_login_phish" 2020-09-11 14:07:53,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "securityxploded_modules" 2020-09-11 14:07:53,759 [lib.cuckoo.core.plugins] DEBUG: Running signature "sets_autoconfig_url" 2020-09-11 14:07:53,759 [lib.cuckoo.core.plugins] DEBUG: Running signature "shifu_behavior" 2020-09-11 14:07:53,759 [lib.cuckoo.core.plugins] DEBUG: Running signature "sniffer_winpcap" 2020-09-11 14:07:53,759 [lib.cuckoo.core.plugins] DEBUG: Running signature "spoofs_procname" 2020-09-11 14:07:53,759 [lib.cuckoo.core.plugins] DEBUG: Running signature "spreading_autoruninf" 2020-09-11 14:07:53,759 [lib.cuckoo.core.plugins] DEBUG: Running signature "stack_pivot" 2020-09-11 14:07:53,759 [lib.cuckoo.core.plugins] DEBUG: Running signature "stack_pivot_file_created" 2020-09-11 14:07:53,759 [lib.cuckoo.core.plugins] DEBUG: Running signature "stack_pivot_process_create" 2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_authenticode" 2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "invalid_authenticode_signature" 2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_dotnet_anomaly" 2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_java" 2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pdf" 2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_anomaly" 2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "pe_compile_timestomping" 2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_pdbpath" 2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_rat_config" 2020-09-11 14:07:53,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_versioninfo_anomaly" 2020-09-11 14:07:53,761 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_childproc" 2020-09-11 14:07:53,761 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_file" 2020-09-11 14:07:53,761 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hidden_extension" 2020-09-11 14:07:53,761 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hiddenreg" 2020-09-11 14:07:53,761 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hide_notifications" 2020-09-11 14:07:53,762 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_network" 2020-09-11 14:07:53,762 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_timeout" 2020-09-11 14:07:53,762 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_webhistory" 2020-09-11 14:07:53,762 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_window" 2020-09-11 14:07:53,762 [lib.cuckoo.core.plugins] DEBUG: Running signature "suricata_alert" 2020-09-11 14:07:53,762 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "suricata_alert" 2020-09-11 14:07:53,763 [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_psexec" 2020-09-11 14:07:53,763 [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_tools" 2020-09-11 14:07:53,763 [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_etw" 2020-09-11 14:07:53,763 [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_powershell_logging" 2020-09-11 14:07:53,764 [lib.cuckoo.core.plugins] DEBUG: Running signature "targeted_flame" 2020-09-11 14:07:53,764 [lib.cuckoo.core.plugins] DEBUG: Running signature "territorial_disputes_sigs" 2020-09-11 14:07:53,766 [lib.cuckoo.core.plugins] DEBUG: Running signature "tinba_behavior" 2020-09-11 14:07:53,766 [lib.cuckoo.core.plugins] DEBUG: Running signature "TrickBotTaskDelete" 2020-09-11 14:07:53,766 [lib.cuckoo.core.plugins] DEBUG: Running signature "trickbot_mutex" 2020-09-11 14:07:53,766 [lib.cuckoo.core.plugins] DEBUG: Running signature "fleercivet_mutex" 2020-09-11 14:07:53,766 [lib.cuckoo.core.plugins] DEBUG: Running signature "lokibot_mutexes" 2020-09-11 14:07:53,767 [lib.cuckoo.core.plugins] DEBUG: Running signature "troldesh_behavior" 2020-09-11 14:07:53,767 [lib.cuckoo.core.plugins] DEBUG: Running signature "upatre_behavior" 2020-09-11 14:07:53,767 [lib.cuckoo.core.plugins] DEBUG: Running signature "ursnif_behavior" 2020-09-11 14:07:53,767 [lib.cuckoo.core.plugins] DEBUG: Running signature "user_enum" 2020-09-11 14:07:53,767 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_adfind" 2020-09-11 14:07:53,768 [lib.cuckoo.core.plugins] DEBUG: Running signature "vawtrak_behavior" 2020-09-11 14:07:53,768 [lib.cuckoo.core.plugins] DEBUG: Running signature "vawtrak_behavior" 2020-09-11 14:07:53,768 [lib.cuckoo.core.plugins] DEBUG: Running signature "virus" 2020-09-11 14:07:53,768 [lib.cuckoo.core.plugins] DEBUG: Running signature "neshta_files" 2020-09-11 14:07:53,768 [lib.cuckoo.core.plugins] DEBUG: Running signature "neshta_mutexes" 2020-09-11 14:07:53,768 [lib.cuckoo.core.plugins] DEBUG: Running signature "neshta_regkeys" 2020-09-11 14:07:53,768 [lib.cuckoo.core.plugins] DEBUG: Running signature "renamer_mutexes" 2020-09-11 14:07:53,768 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_devicetree_1" 2020-09-11 14:07:53,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_handles_1" 2020-09-11 14:07:53,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_1" 2020-09-11 14:07:53,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_2" 2020-09-11 14:07:53,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_1" 2020-09-11 14:07:53,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_2" 2020-09-11 14:07:53,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_modscan_1" 2020-09-11 14:07:53,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_1" 2020-09-11 14:07:53,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_2" 2020-09-11 14:07:53,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_3" 2020-09-11 14:07:53,770 [lib.cuckoo.core.plugins] DEBUG: Running signature "webmail_phish" 2020-09-11 14:07:53,770 [lib.cuckoo.core.plugins] DEBUG: Running signature "owa_web_shell_files" 2020-09-11 14:07:53,770 [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_files" 2020-09-11 14:07:53,770 [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_processes" 2020-09-11 14:07:53,770 [lib.cuckoo.core.plugins] DEBUG: Running signature "persists_dev_util" 2020-09-11 14:07:53,771 [lib.cuckoo.core.plugins] DEBUG: Running signature "spawns_dev_util" 2020-09-11 14:07:53,771 [lib.cuckoo.core.plugins] DEBUG: Running signature "whois_create" 2020-09-11 14:07:53,771 [lib.cuckoo.core.plugins] DEBUG: Running signature "alters_windows_utility" 2020-09-11 14:07:53,771 [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_csc_build" 2020-09-11 14:07:53,772 [lib.cuckoo.core.plugins] DEBUG: Running signature "multiple_explorer_instances" 2020-09-11 14:07:53,772 [lib.cuckoo.core.plugins] DEBUG: Running signature "overwrites_accessibility_utility" 2020-09-11 14:07:53,772 [lib.cuckoo.core.plugins] DEBUG: Running signature "script_tool_executed" 2020-09-11 14:07:53,772 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_certutil_use" 2020-09-11 14:07:53,772 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_command_tools" 2020-09-11 14:07:53,772 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_mpcmdrun_use" 2020-09-11 14:07:53,772 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_ping_use" 2020-09-11 14:07:53,772 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities" 2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_appcmd" 2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_csvde_ldifde" 2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_cipher" 2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_clickonce" 2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_dsquery" 2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_mode" 2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_ntdsutil" 2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_nltest" 2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_to_create_scheduled_task" 2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "wmic_command_suspicious" 2020-09-11 14:07:53,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "scrcons_wmi_script_consumer" 2020-09-11 14:07:53,774 [lib.cuckoo.core.plugins] DEBUG: Running signature "wmi_create_process" 2020-09-11 14:07:53,774 [lib.cuckoo.core.plugins] DEBUG: Running signature "wmi_script_process" 2020-09-11 14:07:53,774 [lib.cuckoo.core.plugins] DEBUG: Running signature "allaple_mutexes" 2020-09-11 14:07:53,777 [root] DEBUG: Deleting analysis data for Task 4 2020-09-11 14:07:53,783 [root] DEBUG: Deleted previous MongoDB data for Task 4 2020-09-11 14:07:53,788 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "BinGraph" 2020-09-11 14:07:53,788 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "Compression" 2020-09-11 14:07:53,789 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "JsonDump" 2020-09-11 14:07:53,871 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MITRE_TTPS" 2020-09-11 14:07:53,871 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "PCAP2CERT" 2020-09-11 14:07:53,885 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTML" 2020-09-11 14:07:54,233 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "SubmitCAPE" 2020-09-11 14:07:54,237 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MongoDB"
so as you can see you have all 340 signatures, that it doesn't match your stuff, means tht it didn't executed correctly or we don't have siganture for your need, you need to write it by yourself?
That's my issue, it doesn't extract the file from the .eml. I keep having to extract it from the email myself and then throw it into CAPE because otherwise it won't execute. It only executes the .eml and not the attachment within it.
Could it be that the file is a zip or rar inside of the email?
yep, then everything works as expected, it can be any type of archive inside, sflock will handle that, but we don't extract it for you, you are welcome to codoe that part of code ;)
So just so I am clear on this, sflock will extract the zip from the email, but won't send it to CAPE?
no, sflock extract files froom zip or other archives, but you need to extract it, you can extend sflock to add support for emails
Extend it as in add code to do that?
exactly
So let's say hypothetically I come up with a script to do this, how would I incorporate this into CAPE to run when a .eml file is detected? And also how would I share it with the community for people to use assuming it worked flawlessly?
Integrate it to sflock, is super easy, the rest would b3 almost done, you have code how to parse eml/msg in my vt repo
El vie., 11 sept. 2020 16:46, powerade661 notifications@github.com escribió:
So let's say hypothetically I come up with a script to do this, how would I incorporate this into CAPE to run when a .eml file is detected? And also how would I share it with the community for people to use assuming it worked flawlessly?
— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/kevoreilly/CAPEv2/issues/266#issuecomment-691139204, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAOFH37AIBTJUDKCHCJSHWLSFIZ5JANCNFSM4RHLMRWQ .
This is opensource and you getting free support so be friendly!
Prerequisites
Please answer the following questions for yourself before submitting an issue.
Expected Behavior
Please describe the behavior you are expecting
It shows no warning
Current Behavior
What is the current behavior?
It shows a warning message saying WARNING: Missing Yara Directory: /opt/CAPEv2/data/yara/macro?
Steps to Reproduce
Please provide detailed steps for reproducing the issue.
Context
Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.
Failure Logs
Please include any relevant log snippets or files here.
Not really related, but thought I would ask about this too.
This is really what I am concerned about