Analysis fails with Ubuntu Python 3.8 crash

[ClaudioWayne]

This is opensource and you getting free support so be friendly!

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• [x] I am running the latest version
• [x] I checked the documentation and found no answer
• [x] I checked to make sure that this issue has not already been filed
• [x] I'm reporting the issue to the correct repository (for multi-repository projects)

Expected Behavior

Analysis finishes without error.

Current Behavior

Analysis fails with Ubuntu Python 3.8 crash. Cuckoo.py: stops with Segmentation fault (core dumped) Agent.py: Unhandled exception in NetlogConnection:', '[WinError 10054] An existing connection was forcibly closed by the remote host')

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. Fresh Ubuntu 20.04.1 LTS install
2. Updated Ubuntu
3. Installed Cape via sudo ./cape2.sh base cape
4. Installed Virtualbox 6.1.10 + VirtualBox Extension Pack
5. Created Virtualbox host only network (vboxnet0)
6. Created Win10 with Python 32-Bit 3.8.0
7. Configured Cape Config-Files
8. Started Analysis via Web-Interface

Context

Using machinery VirtualBox 6.1.10 Host machine: Ubuntu 20.04.1 LTS Guest machine: Windows 10 with Python 32-Bit 3.8.0

Failure Logs

cuckoo.py log:

> 
>                       __
>   .----..--.--..----.|  |--..-----..-----.
>   |  __||  |  ||  __||    < |  _  ||  _  |
>   |____||_____||____||__|__||_____||_____|
> 
>  Cuckoo Sandbox 2.1-CAPE
>  www.cuckoosandbox.org
>  Copyright (c) 2010-2015
> 
>  CAPE: Config and Payload Extraction
>  github.com/kevoreilly/CAPEv2
> 
> 2020-10-05 10:01:20,198 [root] DEBUG: Importing modules...
> 2020-10-05 10:01:20,279 [volatility.framework.interfaces.layers] DEBUG: Imported python-magic, autodetecting compressed files based on content
> pywin32 is not installed (only is required if you want to use MS Excel)
> 2020-10-05 10:01:21,271 [root] DEBUG: Imported "auxiliary" modules:
> 2020-10-05 10:01:21,271 [root] DEBUG:      `-- Sniffer
> 2020-10-05 10:01:21,272 [root] DEBUG: Imported "processing" modules:
> 2020-10-05 10:01:21,272 [root] DEBUG:      |-- CAPE
> 2020-10-05 10:01:21,272 [root] DEBUG:      |-- AnalysisInfo
> 2020-10-05 10:01:21,272 [root] DEBUG:      |-- BehaviorAnalysis
> 2020-10-05 10:01:21,272 [root] DEBUG:      |-- CIF
> 2020-10-05 10:01:21,272 [root] DEBUG:      |-- Curtain
> 2020-10-05 10:01:21,272 [root] DEBUG:      |-- Debug
> 2020-10-05 10:01:21,272 [root] DEBUG:      |-- Decompression
> 2020-10-05 10:01:21,272 [root] DEBUG:      |-- Deduplicate
> 2020-10-05 10:01:21,272 [root] DEBUG:      |-- Dropped
> 2020-10-05 10:01:21,272 [root] DEBUG:      |-- MMBot
> 2020-10-05 10:01:21,272 [root] DEBUG:      |-- Memory
> 2020-10-05 10:01:21,272 [root] DEBUG:      |-- NetworkAnalysis
> 2020-10-05 10:01:21,272 [root] DEBUG:      |-- ProcDump
> 2020-10-05 10:01:21,273 [root] DEBUG:      |-- ProcessMemory
> 2020-10-05 10:01:21,273 [root] DEBUG:      |-- Procmon
> 2020-10-05 10:01:21,273 [root] DEBUG:      |-- Static
> 2020-10-05 10:01:21,273 [root] DEBUG:      |-- Strings
> 2020-10-05 10:01:21,273 [root] DEBUG:      |-- Suricata
> 2020-10-05 10:01:21,273 [root] DEBUG:      |-- Sysmon
> 2020-10-05 10:01:21,273 [root] DEBUG:      |-- TargetInfo
> 2020-10-05 10:01:21,273 [root] DEBUG:      |-- TrID
> 2020-10-05 10:01:21,273 [root] DEBUG:      |-- Usage
> 2020-10-05 10:01:21,273 [root] DEBUG:      `-- VirusTotal
> 2020-10-05 10:01:21,273 [root] DEBUG: Imported "signatures" modules:
> 2020-10-05 10:01:21,273 [root] DEBUG:      |-- CAPEDetectedThreat
> 2020-10-05 10:01:21,273 [root] DEBUG:      |-- CAPE_Compression
> 2020-10-05 10:01:21,273 [root] DEBUG:      |-- CAPE_Decryption
> 2020-10-05 10:01:21,273 [root] DEBUG:      |-- CAPE_Doppelganging
> 2020-10-05 10:01:21,274 [root] DEBUG:      |-- CAPE_EvilGrab
> 2020-10-05 10:01:21,274 [root] DEBUG:      |-- CAPE_Injection
> 2020-10-05 10:01:21,274 [root] DEBUG:      |-- CAPE_InjectionCreateRemoteThread
> 2020-10-05 10:01:21,274 [root] DEBUG:      |-- CAPE_InjectionProcessHollowing
> 2020-10-05 10:01:21,274 [root] DEBUG:      |-- CAPE_InjectionSetWindowLong
> 2020-10-05 10:01:21,274 [root] DEBUG:      |-- CAPE_PlugX
> 2020-10-05 10:01:21,274 [root] DEBUG:      |-- CAPE_RegBinary
> 2020-10-05 10:01:21,274 [root] DEBUG:      |-- CAPE_TransactedHollowing
> 2020-10-05 10:01:21,274 [root] DEBUG:      |-- CAPE_Unpacker
> 2020-10-05 10:01:21,274 [root] DEBUG:      |-- AccessesMailslot
> 2020-10-05 10:01:21,274 [root] DEBUG:      |-- AccessesNetlogonRegkey
> 2020-10-05 10:01:21,274 [root] DEBUG:      |-- AccessesSysvol
> 2020-10-05 10:01:21,274 [root] DEBUG:      |-- Alphacrypt_APIs
> 2020-10-05 10:01:21,274 [root] DEBUG:      |-- Andromeda_APIs
> 2020-10-05 10:01:21,274 [root] DEBUG:      |-- anomalous_deletefile
> 2020-10-05 10:01:21,275 [root] DEBUG:      |-- AntiAnalysisDetectFile
> 2020-10-05 10:01:21,275 [root] DEBUG:      |-- AntiAnalysisDetectReg
> 2020-10-05 10:01:21,275 [root] DEBUG:      |-- QihooDetectLibs
> 2020-10-05 10:01:21,275 [root] DEBUG:      |-- AhnlabDetectLibs
> 2020-10-05 10:01:21,275 [root] DEBUG:      |-- AvastDetectLibs
> 2020-10-05 10:01:21,275 [root] DEBUG:      |-- BitdefenderDetectLibs
> 2020-10-05 10:01:21,275 [root] DEBUG:      |-- BullguardDetectLibs
> 2020-10-05 10:01:21,275 [root] DEBUG:      |-- ModifiesAttachmentManager
> 2020-10-05 10:01:21,275 [root] DEBUG:      |-- AntiAVDetectFile
> 2020-10-05 10:01:21,275 [root] DEBUG:      |-- AntiAVDetectReg
> 2020-10-05 10:01:21,275 [root] DEBUG:      |-- EmsisoftDetectLibs
> 2020-10-05 10:01:21,275 [root] DEBUG:      |-- QurbDetectLibs
> 2020-10-05 10:01:21,275 [root] DEBUG:      |-- AntiAVServiceStop
> 2020-10-05 10:01:21,275 [root] DEBUG:      |-- AntiAVSRP
> 2020-10-05 10:01:21,275 [root] DEBUG:      |-- AntiDBGDevices
> 2020-10-05 10:01:21,276 [root] DEBUG:      |-- AntiDBGWindows
> 2020-10-05 10:01:21,276 [root] DEBUG:      |-- antidebug_addvectoredexceptionhandler
> 2020-10-05 10:01:21,276 [root] DEBUG:      |-- APIOverrideDetectLibs
> 2020-10-05 10:01:21,276 [root] DEBUG:      |-- antidebug_checkremotedebuggerpresent
> 2020-10-05 10:01:21,276 [root] DEBUG:      |-- antidebug_debugactiveprocess
> 2020-10-05 10:01:21,276 [root] DEBUG:      |-- antidebug_gettickcount
> 2020-10-05 10:01:21,276 [root] DEBUG:      |-- antidebug_guardpages
> 2020-10-05 10:01:21,276 [root] DEBUG:      |-- antidebug_ntcreatethreadex
> 2020-10-05 10:01:21,276 [root] DEBUG:      |-- BullguardDetectLibs
> 2020-10-05 10:01:21,276 [root] DEBUG:      |-- antidebug_ntsetinformationthread
> 2020-10-05 10:01:21,276 [root] DEBUG:      |-- antidebug_outputdebugstring
> 2020-10-05 10:01:21,276 [root] DEBUG:      |-- antidebug_setunhandledexceptionfilter
> 2020-10-05 10:01:21,276 [root] DEBUG:      |-- WineDetectReg
> 2020-10-05 10:01:21,276 [root] DEBUG:      |-- WineDetectFunc
> 2020-10-05 10:01:21,276 [root] DEBUG:      |-- AntiSandboxCheckUserdomain
> 2020-10-05 10:01:21,277 [root] DEBUG:      |-- AntiCuckoo
> 2020-10-05 10:01:21,277 [root] DEBUG:      |-- CuckooDetectFiles
> 2020-10-05 10:01:21,277 [root] DEBUG:      |-- CuckooCrash
> 2020-10-05 10:01:21,277 [root] DEBUG:      |-- FortinetDetectFiles
> 2020-10-05 10:01:21,277 [root] DEBUG:      |-- SandboxJoeAnubisDetectFiles
> 2020-10-05 10:01:21,277 [root] DEBUG:      |-- HookMouse
> 2020-10-05 10:01:21,277 [root] DEBUG:      |-- AntiSandboxRestart
> 2020-10-05 10:01:21,277 [root] DEBUG:      |-- SandboxieDetectLibs
> 2020-10-05 10:01:21,277 [root] DEBUG:      |-- AntisandboxSboxieMutex
> 2020-10-05 10:01:21,277 [root] DEBUG:      |-- AntiSandboxSboxieObjects
> 2020-10-05 10:01:21,277 [root] DEBUG:      |-- AntiSandboxScriptTimer
> 2020-10-05 10:01:21,277 [root] DEBUG:      |-- AntiSandboxSleep
> 2020-10-05 10:01:21,277 [root] DEBUG:      |-- SunbeltDetectFiles
> 2020-10-05 10:01:21,277 [root] DEBUG:      |-- SunbeltDetectLibs
> 2020-10-05 10:01:21,277 [root] DEBUG:      |-- AntiSandboxSuspend
> 2020-10-05 10:01:21,278 [root] DEBUG:      |-- ThreatTrackDetectFiles
> 2020-10-05 10:01:21,278 [root] DEBUG:      |-- Unhook
> 2020-10-05 10:01:21,278 [root] DEBUG:      |-- KnownVirustotal
> 2020-10-05 10:01:21,278 [root] DEBUG:      |-- BochsDetectKeys
> 2020-10-05 10:01:21,278 [root] DEBUG:      |-- AntiVMDirectoryObjects
> 2020-10-05 10:01:21,278 [root] DEBUG:      |-- AntiVMBios
> 2020-10-05 10:01:21,278 [root] DEBUG:      |-- AntiVMCPU
> 2020-10-05 10:01:21,278 [root] DEBUG:      |-- DiskInformation
> 2020-10-05 10:01:21,278 [root] DEBUG:      |-- SetupAPIDiskInformation
> 2020-10-05 10:01:21,278 [root] DEBUG:      |-- AntiVMDiskReg
> 2020-10-05 10:01:21,278 [root] DEBUG:      |-- AntiVMSCSI
> 2020-10-05 10:01:21,278 [root] DEBUG:      |-- AntiVMServices
> 2020-10-05 10:01:21,278 [root] DEBUG:      |-- AntiVMSystem
> 2020-10-05 10:01:21,278 [root] DEBUG:      |-- HyperVDetectKeys
> 2020-10-05 10:01:21,278 [root] DEBUG:      |-- ParallelsDetectKeys
> 2020-10-05 10:01:21,279 [root] DEBUG:      |-- VBoxDetectDevices
> 2020-10-05 10:01:21,279 [root] DEBUG:      |-- VBoxDetectFiles
> 2020-10-05 10:01:21,279 [root] DEBUG:      |-- VBoxDetectKeys
> 2020-10-05 10:01:21,279 [root] DEBUG:      |-- VBoxDetectLibs
> 2020-10-05 10:01:21,279 [root] DEBUG:      |-- VBoxDetectProvname
> 2020-10-05 10:01:21,279 [root] DEBUG:      |-- VBoxDetectWindow
> 2020-10-05 10:01:21,279 [root] DEBUG:      |-- VMwareDetectDevices
> 2020-10-05 10:01:21,279 [root] DEBUG:      |-- VMwareDetectEvent
> 2020-10-05 10:01:21,279 [root] DEBUG:      |-- VMwareDetectFiles
> 2020-10-05 10:01:21,279 [root] DEBUG:      |-- VMwareDetectKeys
> 2020-10-05 10:01:21,279 [root] DEBUG:      |-- VMwareDetectLibs
> 2020-10-05 10:01:21,279 [root] DEBUG:      |-- VMwareDetectMutexes
> 2020-10-05 10:01:21,279 [root] DEBUG:      |-- VPCDetectFiles
> 2020-10-05 10:01:21,279 [root] DEBUG:      |-- VPCDetectKeys
> 2020-10-05 10:01:21,279 [root] DEBUG:      |-- VPCDetectMutex
> 2020-10-05 10:01:21,280 [root] DEBUG:      |-- XenDetectKeys
> 2020-10-05 10:01:21,280 [root] DEBUG:      |-- APISpamming
> 2020-10-05 10:01:21,280 [root] DEBUG:      |-- KetricanRegkeys
> 2020-10-05 10:01:21,280 [root] DEBUG:      |-- OkrumMutexes
> 2020-10-05 10:01:21,280 [root] DEBUG:      |-- BadCerts
> 2020-10-05 10:01:21,280 [root] DEBUG:      |-- BadSSLCerts
> 2020-10-05 10:01:21,280 [root] DEBUG:      |-- Cridex
> 2020-10-05 10:01:21,280 [root] DEBUG:      |-- Geodo
> 2020-10-05 10:01:21,280 [root] DEBUG:      |-- Prinimalka
> 2020-10-05 10:01:21,280 [root] DEBUG:      |-- SpyEyeMutexes
> 2020-10-05 10:01:21,280 [root] DEBUG:      |-- ZeusMutexes
> 2020-10-05 10:01:21,280 [root] DEBUG:      |-- ZeusP2P
> 2020-10-05 10:01:21,280 [root] DEBUG:      |-- ZeusURL
> 2020-10-05 10:01:21,280 [root] DEBUG:      |-- BCDEditCommand
> 2020-10-05 10:01:21,280 [root] DEBUG:      |-- BetaBot_APIs
> 2020-10-05 10:01:21,281 [root] DEBUG:      |-- BitcoinOpenCL
> 2020-10-05 10:01:21,281 [root] DEBUG:      |-- AccessesPrimaryPartition
> 2020-10-05 10:01:21,281 [root] DEBUG:      |-- Bootkit
> 2020-10-05 10:01:21,281 [root] DEBUG:      |-- DirectHDDAccess
> 2020-10-05 10:01:21,281 [root] DEBUG:      |-- PhysicalDriveAccess
> 2020-10-05 10:01:21,281 [root] DEBUG:      |-- SuspiciousIoctlSCSIPassthough
> 2020-10-05 10:01:21,281 [root] DEBUG:      |-- AthenaHttp
> 2020-10-05 10:01:21,281 [root] DEBUG:      |-- DirtJumper
> 2020-10-05 10:01:21,281 [root] DEBUG:      |-- Drive
> 2020-10-05 10:01:21,281 [root] DEBUG:      |-- Drive2
> 2020-10-05 10:01:21,281 [root] DEBUG:      |-- Madness
> 2020-10-05 10:01:21,281 [root] DEBUG:      |-- Ruskill
> 2020-10-05 10:01:21,281 [root] DEBUG:      |-- BrowserAddon
> 2020-10-05 10:01:21,281 [root] DEBUG:      |-- BrowserHelperObject
> 2020-10-05 10:01:21,281 [root] DEBUG:      |-- BrowserNeeded
> 2020-10-05 10:01:21,281 [root] DEBUG:      |-- ModifyProxy
> 2020-10-05 10:01:21,282 [root] DEBUG:      |-- BrowserScanbox
> 2020-10-05 10:01:21,282 [root] DEBUG:      |-- BrowserSecurity
> 2020-10-05 10:01:21,282 [root] DEBUG:      |-- browser_startpage
> 2020-10-05 10:01:21,282 [root] DEBUG:      |-- OdbcconfBypass
> 2020-10-05 10:01:21,282 [root] DEBUG:      |-- RegSrv32SquiblydooDLLLoad
> 2020-10-05 10:01:21,282 [root] DEBUG:      |-- SquiblydooBypass
> 2020-10-05 10:01:21,282 [root] DEBUG:      |-- SquiblytwoBypass
> 2020-10-05 10:01:21,282 [root] DEBUG:      |-- BypassFirewall
> 2020-10-05 10:01:21,282 [root] DEBUG:      |-- UACBypassCMSTP
> 2020-10-05 10:01:21,282 [root] DEBUG:      |-- UACBypassDelegateExecuteSdclt
> 2020-10-05 10:01:21,282 [root] DEBUG:      |-- UACBypassEventvwr
> 2020-10-05 10:01:21,282 [root] DEBUG:      |-- UACBypassFodhelper
> 2020-10-05 10:01:21,282 [root] DEBUG:      |-- CAPEExtractedConfig
> 2020-10-05 10:01:21,283 [root] DEBUG:      |-- CAPEExtractedContent
> 2020-10-05 10:01:21,283 [root] DEBUG:      |-- CarberpMutexes
> 2020-10-05 10:01:21,283 [root] DEBUG:      |-- Cerber_APIs
> 2020-10-05 10:01:21,283 [root] DEBUG:      |-- Chimera_APIs
> 2020-10-05 10:01:21,283 [root] DEBUG:      |-- ClamAV
> 2020-10-05 10:01:21,283 [root] DEBUG:      |-- ClearsLogs
> 2020-10-05 10:01:21,283 [root] DEBUG:      |-- ClickfraudCookies
> 2020-10-05 10:01:21,283 [root] DEBUG:      |-- ClickfraudVolume
> 2020-10-05 10:01:21,283 [root] DEBUG:      |-- CmdlineObfuscation
> 2020-10-05 10:01:21,283 [root] DEBUG:      |-- CmdlineSwitches
> 2020-10-05 10:01:21,283 [root] DEBUG:      |-- CmdlineTerminate
> 2020-10-05 10:01:21,283 [root] DEBUG:      |-- CommandLineForFilesWildCard
> 2020-10-05 10:01:21,283 [root] DEBUG:      |-- CommandLineHTTPLink
> 2020-10-05 10:01:21,284 [root] DEBUG:      |-- CommandLineLongString
> 2020-10-05 10:01:21,284 [root] DEBUG:      |-- CommandLineReversedHTTPLink
> 2020-10-05 10:01:21,284 [root] DEBUG:      |-- LongCommandline
> 2020-10-05 10:01:21,284 [root] DEBUG:      |-- PowershellRenamedCommandLine
> 2020-10-05 10:01:21,284 [root] DEBUG:      |-- CodeLux_APIs
> 2020-10-05 10:01:21,284 [root] DEBUG:      |-- SystemAccountDisoveryCMD
> 2020-10-05 10:01:21,284 [root] DEBUG:      |-- SystemInfoDiscoveryCMD
> 2020-10-05 10:01:21,284 [root] DEBUG:      |-- SystemInfoDiscoveryPWSH
> 2020-10-05 10:01:21,284 [root] DEBUG:      |-- SystemNetworkDiscoveryCMD
> 2020-10-05 10:01:21,284 [root] DEBUG:      |-- SystemNetworkDiscoveryPWSH
> 2020-10-05 10:01:21,284 [root] DEBUG:      |-- SystemUserDisoveryCMD
> 2020-10-05 10:01:21,284 [root] DEBUG:      |-- CompilesDotNetCode
> 2020-10-05 10:01:21,284 [root] DEBUG:      |-- CopiesSelf
> 2020-10-05 10:01:21,284 [root] DEBUG:      |-- CreatesExe
> 2020-10-05 10:01:21,285 [root] DEBUG:      |-- CreatesLargeKey
> 2020-10-05 10:01:21,285 [root] DEBUG:      |-- CreatesNullValue
> 2020-10-05 10:01:21,285 [root] DEBUG:      |-- EnablesWDigest
> 2020-10-05 10:01:21,285 [root] DEBUG:      |-- FileCredentialStoreAccess
> 2020-10-05 10:01:21,285 [root] DEBUG:      |-- LsassCredentialDumping
> 2020-10-05 10:01:21,285 [root] DEBUG:      |-- RegistryCredentialDumping
> 2020-10-05 10:01:21,285 [root] DEBUG:      |-- RegistryCredentialStoreAccess
> 2020-10-05 10:01:21,285 [root] DEBUG:      |-- RegistryLSASecretsAccess
> 2020-10-05 10:01:21,285 [root] DEBUG:      |-- CriticalProcess
> 2020-10-05 10:01:21,285 [root] DEBUG:      |-- CryptominingStratumCommand
> 2020-10-05 10:01:21,285 [root] DEBUG:      |-- MINERS
> 2020-10-05 10:01:21,285 [root] DEBUG:      |-- CryptoWall_APIs
> 2020-10-05 10:01:21,285 [root] DEBUG:      |-- CVE_2014_6332
> 2020-10-05 10:01:21,285 [root] DEBUG:      |-- CVE2015_2419_JS
> 2020-10-05 10:01:21,285 [root] DEBUG:      |-- CVE_2016_0189
> 2020-10-05 10:01:21,286 [root] DEBUG:      |-- CVE_2016_7200
> 2020-10-05 10:01:21,286 [root] DEBUG:      |-- CypherITMutexes
> 2020-10-05 10:01:21,286 [root] DEBUG:      |-- DarkCometRegkeys
> 2020-10-05 10:01:21,286 [root] DEBUG:      |-- DeadConnect
> 2020-10-05 10:01:21,286 [root] DEBUG:      |-- DeadLink
> 2020-10-05 10:01:21,286 [root] DEBUG:      |-- DebugsSelf
> 2020-10-05 10:01:21,286 [root] DEBUG:      |-- DecoyDocument
> 2020-10-05 10:01:21,286 [root] DEBUG:      |-- DecoyImage
> 2020-10-05 10:01:21,286 [root] DEBUG:      |-- DeepFreezeMutex
> 2020-10-05 10:01:21,286 [root] DEBUG:      |-- DeletesSelf
> 2020-10-05 10:01:21,286 [root] DEBUG:      |-- DeletesShadowCopies
> 2020-10-05 10:01:21,286 [root] DEBUG:      |-- DeletesSystemStateBackup
> 2020-10-05 10:01:21,286 [root] DEBUG:      |-- DEPBypass
> 2020-10-05 10:01:21,286 [root] DEBUG:      |-- DEPDisable
> 2020-10-05 10:01:21,286 [root] DEBUG:      |-- DisablesAppLaunch
> 2020-10-05 10:01:21,287 [root] DEBUG:      |-- DisablesBackups
> 2020-10-05 10:01:21,287 [root] DEBUG:      |-- DisablesBrowserWarn
> 2020-10-05 10:01:21,287 [root] DEBUG:      |-- DisablesMappedDrivesAutodisconnect
> 2020-10-05 10:01:21,287 [root] DEBUG:      |-- DisablesEventLogging
> 2020-10-05 10:01:21,287 [root] DEBUG:      |-- DisableFolderOptions
> 2020-10-05 10:01:21,287 [root] DEBUG:      |-- DisablesNotificationCenter
> 2020-10-05 10:01:21,287 [root] DEBUG:      |-- DisableRunCommand
> 2020-10-05 10:01:21,287 [root] DEBUG:      |-- DisablesSmartScreen
> 2020-10-05 10:01:21,287 [root] DEBUG:      |-- DisablesSPDY
> 2020-10-05 10:01:21,287 [root] DEBUG:      |-- DisablesSystemRestore
> 2020-10-05 10:01:21,287 [root] DEBUG:      |-- DisablesUAC
> 2020-10-05 10:01:21,287 [root] DEBUG:      |-- DisablesWER
> 2020-10-05 10:01:21,287 [root] DEBUG:      |-- DisablesWFP
> 2020-10-05 10:01:21,287 [root] DEBUG:      |-- DisablesWindowsDefender
> 2020-10-05 10:01:21,287 [root] DEBUG:      |-- DisablesWindowsDefenderLogging
> 2020-10-05 10:01:21,288 [root] DEBUG:      |-- RemovesWindowsDefenderContextMenu
> 2020-10-05 10:01:21,288 [root] DEBUG:      |-- WindowsDefenderPowerShell
> 2020-10-05 10:01:21,288 [root] DEBUG:      |-- DisablesWindowsUpdate
> 2020-10-05 10:01:21,288 [root] DEBUG:      |-- DisablesWindowsFirewall
> 2020-10-05 10:01:21,288 [root] DEBUG:      |-- AndromutMutexes
> 2020-10-05 10:01:21,288 [root] DEBUG:      |-- DownloaderCabby
> 2020-10-05 10:01:21,288 [root] DEBUG:      |-- GuLoaderAPIs
> 2020-10-05 10:01:21,288 [root] DEBUG:      |-- PhorpiexMutexes
> 2020-10-05 10:01:21,288 [root] DEBUG:      |-- ProtonBotMutexes
> 2020-10-05 10:01:21,288 [root] DEBUG:      |-- Dridex_APIs
> 2020-10-05 10:01:21,288 [root] DEBUG:      |-- DriverLoad
> 2020-10-05 10:01:21,288 [root] DEBUG:      |-- Dropper
> 2020-10-05 10:01:21,288 [root] DEBUG:      |-- EXEDropper_JS
> 2020-10-05 10:01:21,288 [root] DEBUG:      |-- dynamic_function_loading
> 2020-10-05 10:01:21,288 [root] DEBUG:      |-- Dyre_APIs
> 2020-10-05 10:01:21,288 [root] DEBUG:      |-- Angler_JS
> 2020-10-05 10:01:21,289 [root] DEBUG:      |-- Gondad_JS
> 2020-10-05 10:01:21,289 [root] DEBUG:      |-- HeapSpray_JS
> 2020-10-05 10:01:21,289 [root] DEBUG:      |-- Java_JS
> 2020-10-05 10:01:21,289 [root] DEBUG:      |-- Neutrino_JS
> 2020-10-05 10:01:21,289 [root] DEBUG:      |-- Nuclear_JS
> 2020-10-05 10:01:21,289 [root] DEBUG:      |-- RIG_JS
> 2020-10-05 10:01:21,289 [root] DEBUG:      |-- Silverlight_JS
> 2020-10-05 10:01:21,289 [root] DEBUG:      |-- Sundown_JS
> 2020-10-05 10:01:21,289 [root] DEBUG:      |-- Virtualcheck_JS
> 2020-10-05 10:01:21,289 [root] DEBUG:      |-- EncryptedIOC
> 2020-10-05 10:01:21,289 [root] DEBUG:      |-- Excel4MacroUrls
> 2020-10-05 10:01:21,289 [root] DEBUG:      |-- Crash
> 2020-10-05 10:01:21,289 [root] DEBUG:      |-- ProcessCreationSuspiciousLocation
> 2020-10-05 10:01:21,289 [root] DEBUG:      |-- exploit_getbasekerneladdress
> 2020-10-05 10:01:21,289 [root] DEBUG:      |-- exploit_gethaldispatchtable
> 2020-10-05 10:01:21,289 [root] DEBUG:      |-- ExploitHeapspray
> 2020-10-05 10:01:21,289 [root] DEBUG:      |-- KoadicAPIs
> 2020-10-05 10:01:21,290 [root] DEBUG:      |-- KoadicNetworkActivity
> 2020-10-05 10:01:21,290 [root] DEBUG:      |-- FamilyProxyBack
> 2020-10-05 10:01:21,290 [root] DEBUG:      |-- MappedDrivesUAC
> 2020-10-05 10:01:21,290 [root] DEBUG:      |-- SystemMetrics
> 2020-10-05 10:01:21,290 [root] DEBUG:      |-- Generic_Phish
> 2020-10-05 10:01:21,290 [root] DEBUG:      |-- Gootkit_APIs
> 2020-10-05 10:01:21,290 [root] DEBUG:      |-- H1N1_APIs
> 2020-10-05 10:01:21,290 [root] DEBUG:      |-- Hancitor_APIs
> 2020-10-05 10:01:21,290 [root] DEBUG:      |-- HawkEye_APIs
> 2020-10-05 10:01:21,290 [root] DEBUG:      |-- HTTP_Request
> 2020-10-05 10:01:21,290 [root] DEBUG:      |-- NetworkHTTPS
> 2020-10-05 10:01:21,290 [root] DEBUG:      |-- ArkeiFiles
> 2020-10-05 10:01:21,290 [root] DEBUG:      |-- AzorultMutexes
> 2020-10-05 10:01:21,291 [root] DEBUG:      |-- BitcoinWallet
> 2020-10-05 10:01:21,291 [root] DEBUG:      |-- BrowserStealer
> 2020-10-05 10:01:21,291 [root] DEBUG:      |-- InfostealerBrowserPassword
> 2020-10-05 10:01:21,291 [root] DEBUG:      |-- FTPStealer
> 2020-10-05 10:01:21,291 [root] DEBUG:      |-- IMStealer
> 2020-10-05 10:01:21,291 [root] DEBUG:      |-- KeyLogger
> 2020-10-05 10:01:21,291 [root] DEBUG:      |-- EmailStealer
> 2020-10-05 10:01:21,291 [root] DEBUG:      |-- MassLoggerArtifacts
> 2020-10-05 10:01:21,291 [root] DEBUG:      |-- MassLoggerFiles
> 2020-10-05 10:01:21,291 [root] DEBUG:      |-- MassLoggerVersion
> 2020-10-05 10:01:21,291 [root] DEBUG:      |-- PurpleWaveMutexes
> 2020-10-05 10:01:21,291 [root] DEBUG:      |-- PurpleWaveNetworkAcivity
> 2020-10-05 10:01:21,291 [root] DEBUG:      |-- QulabFiles
> 2020-10-05 10:01:21,291 [root] DEBUG:      |-- QulabMutexes
> 2020-10-05 10:01:21,291 [root] DEBUG:      |-- raccoon
> 2020-10-05 10:01:21,292 [root] DEBUG:      |-- vidar
> 2020-10-05 10:01:21,292 [root] DEBUG:      |-- InjectionCRT
> 2020-10-05 10:01:21,292 [root] DEBUG:      |-- InjectionExplorer
> 2020-10-05 10:01:21,292 [root] DEBUG:      |-- InjectionExtension
> 2020-10-05 10:01:21,292 [root] DEBUG:      |-- InjectionNetworkTraffic
> 2020-10-05 10:01:21,292 [root] DEBUG:      |-- InjectionRUNPE
> 2020-10-05 10:01:21,292 [root] DEBUG:      |-- InjectionRWX
> 2020-10-05 10:01:21,292 [root] DEBUG:      |-- injection_themeinitapihook
> 2020-10-05 10:01:21,292 [root] DEBUG:      |-- Internet_Dropper
> 2020-10-05 10:01:21,292 [root] DEBUG:      |-- IPC_NamedPipe
> 2020-10-05 10:01:21,292 [root] DEBUG:      |-- iSpyKeylogger_APIs
> 2020-10-05 10:01:21,292 [root] DEBUG:      |-- JS_Phish
> 2020-10-05 10:01:21,292 [root] DEBUG:      |-- JS_SuspiciousRedirect
> 2020-10-05 10:01:21,292 [root] DEBUG:      |-- KazyBot_APIs
> 2020-10-05 10:01:21,292 [root] DEBUG:      |-- Kelihos_APIs
> 2020-10-05 10:01:21,293 [root] DEBUG:      |-- Kibex_APIs
> 2020-10-05 10:01:21,293 [root] DEBUG:      |-- Kovter_APIs
> 2020-10-05 10:01:21,293 [root] DEBUG:      |-- KrakenMutexes
> 2020-10-05 10:01:21,293 [root] DEBUG:      |-- DisableRegedit
> 2020-10-05 10:01:21,293 [root] DEBUG:      |-- DisableTaskMgr
> 2020-10-05 10:01:21,293 [root] DEBUG:      |-- Locky_APIs
> 2020-10-05 10:01:21,293 [root] DEBUG:      |-- malicious_dynamic_function_loading
> 2020-10-05 10:01:21,293 [root] DEBUG:      |-- EncryptPCInfo
> 2020-10-05 10:01:21,293 [root] DEBUG:      |-- EnryptDataAgentTeslaHTTP
> 2020-10-05 10:01:21,293 [root] DEBUG:      |-- EnryptDataAgentTeslaHTTPT2
> 2020-10-05 10:01:21,293 [root] DEBUG:      |-- EnryptDataNanoCore
> 2020-10-05 10:01:21,293 [root] DEBUG:      |-- MartiansIE
> 2020-10-05 10:01:21,293 [root] DEBUG:      |-- MartiansOffice
> 2020-10-05 10:01:21,293 [root] DEBUG:      |-- MimicsAgent
> 2020-10-05 10:01:21,293 [root] DEBUG:      |-- MimicsExtension
> 2020-10-05 10:01:21,294 [root] DEBUG:      |-- MimicsFiletime
> 2020-10-05 10:01:21,294 [root] DEBUG:      |-- MimicsIcon
> 2020-10-05 10:01:21,294 [root] DEBUG:      |-- MasqueradesProcessName
> 2020-10-05 10:01:21,294 [root] DEBUG:      |-- MimikatzModules
> 2020-10-05 10:01:21,294 [root] DEBUG:      |-- ModifiesCerts
> 2020-10-05 10:01:21,294 [root] DEBUG:      |-- Modifies_HostFile
> 2020-10-05 10:01:21,294 [root] DEBUG:      |-- ModifySecurityCenterWarnings
> 2020-10-05 10:01:21,294 [root] DEBUG:      |-- ModifiesUACNotify
> 2020-10-05 10:01:21,294 [root] DEBUG:      |-- ModifiesDesktopWallpaper
> 2020-10-05 10:01:21,294 [root] DEBUG:      |-- move_file_on_reboot
> 2020-10-05 10:01:21,294 [root] DEBUG:      |-- Multiple_UA
> 2020-10-05 10:01:21,294 [root] DEBUG:      |-- NetworkAnomaly
> 2020-10-05 10:01:21,294 [root] DEBUG:      |-- NetworkBIND
> 2020-10-05 10:01:21,294 [root] DEBUG:      |-- NetworkCountryDistribution
> 2020-10-05 10:01:21,294 [root] DEBUG:      |-- NetworkMultipleDirectIPConnections
> 2020-10-05 10:01:21,295 [root] DEBUG:      |-- NetworkCnCHTTP
> 2020-10-05 10:01:21,295 [root] DEBUG:      |-- NetworkDGA
> 2020-10-05 10:01:21,295 [root] DEBUG:      |-- NetworkDNSBlockChain
> 2020-10-05 10:01:21,295 [root] DEBUG:      |-- NetworkDNSIDN
> 2020-10-05 10:01:21,295 [root] DEBUG:      |-- NetworkDNSOpenNIC
> 2020-10-05 10:01:21,295 [root] DEBUG:      |-- NetworkDNSSuspiciousQueryType
> 2020-10-05 10:01:21,295 [root] DEBUG:      |-- NetworkDNSTunnelingRequest
> 2020-10-05 10:01:21,295 [root] DEBUG:      |-- NetworkDOHTLS
> 2020-10-05 10:01:21,295 [root] DEBUG:      |-- NetworkDocumentHTTP
> 2020-10-05 10:01:21,295 [root] DEBUG:      |-- EncryptsSingleHTTPPacket
> 2020-10-05 10:01:21,295 [root] DEBUG:      |-- NetworkExcessiveUDP
> 2020-10-05 10:01:21,295 [root] DEBUG:      |-- ExplorerHTTP
> 2020-10-05 10:01:21,295 [root] DEBUG:      |-- NetworkHTTP
> 2020-10-05 10:01:21,295 [root] DEBUG:      |-- NetworkICMP
> 2020-10-05 10:01:21,295 [root] DEBUG:      |-- NetworkIRC
> 2020-10-05 10:01:21,296 [root] DEBUG:      |-- NetworkSMTP
> 2020-10-05 10:01:21,296 [root] DEBUG:      |-- NetworkTempFileService
> 2020-10-05 10:01:21,296 [root] DEBUG:      |-- Tor
> 2020-10-05 10:01:21,296 [root] DEBUG:      |-- TorHiddenService
> 2020-10-05 10:01:21,296 [root] DEBUG:      |-- TorGateway
> 2020-10-05 10:01:21,296 [root] DEBUG:      |-- Nymaim_APIs
> 2020-10-05 10:01:21,296 [root] DEBUG:      |-- Office_Code_Page
> 2020-10-05 10:01:21,296 [root] DEBUG:      |-- OfficeAddinLoading
> 2020-10-05 10:01:21,296 [root] DEBUG:      |-- OfficeCOMLoad
> 2020-10-05 10:01:21,296 [root] DEBUG:      |-- OfficeDotNetLoad
> 2020-10-05 10:01:21,296 [root] DEBUG:      |-- OfficePerfKey
> 2020-10-05 10:01:21,296 [root] DEBUG:      |-- OfficeVBLLoad
> 2020-10-05 10:01:21,296 [root] DEBUG:      |-- OfficeWMILoad
> 2020-10-05 10:01:21,296 [root] DEBUG:      |-- OfficeCVE201711882
> 2020-10-05 10:01:21,296 [root] DEBUG:      |-- OfficeCVE201711882Network
> 2020-10-05 10:01:21,297 [root] DEBUG:      |-- OfficeFlashLoad
> 2020-10-05 10:01:21,297 [root] DEBUG:      |-- OfficePostScript
> 2020-10-05 10:01:21,297 [root] DEBUG:      |-- Office_Macro
> 2020-10-05 10:01:21,297 [root] DEBUG:      |-- OfficeMacroAutoExecution
> 2020-10-05 10:01:21,297 [root] DEBUG:      |-- OfficeMacroIOC
> 2020-10-05 10:01:21,297 [root] DEBUG:      |-- OfficeMacroMaliciousPredition
> 2020-10-05 10:01:21,297 [root] DEBUG:      |-- OfficeMacroSuspicious
> 2020-10-05 10:01:21,297 [root] DEBUG:      |-- RTFASLRBypass
> 2020-10-05 10:01:21,297 [root] DEBUG:      |-- RTFAnomalyCharacterSet
> 2020-10-05 10:01:21,297 [root] DEBUG:      |-- RTFAnomalyVersion
> 2020-10-05 10:01:21,297 [root] DEBUG:      |-- RTFEmbeddedContent
> 2020-10-05 10:01:21,297 [root] DEBUG:      |-- RTFEmbeddedOfficeFile
> 2020-10-05 10:01:21,297 [root] DEBUG:      |-- RTFExploitStatic
> 2020-10-05 10:01:21,297 [root] DEBUG:      |-- OfficeSecurity
> 2020-10-05 10:01:21,297 [root] DEBUG:      |-- OfficeAnamalousFeature
> 2020-10-05 10:01:21,298 [root] DEBUG:      |-- OfficeDDECommand
> 2020-10-05 10:01:21,298 [root] DEBUG:      |-- OfficeSuspiciousProcesses
> 2020-10-05 10:01:21,298 [root] DEBUG:      |-- OfficeWriteEXE
> 2020-10-05 10:01:21,298 [root] DEBUG:      |-- BuildLangID
> 2020-10-05 10:01:21,298 [root] DEBUG:      |-- ResourceLangID
> 2020-10-05 10:01:21,298 [root] DEBUG:      |-- PackerUnknownPESectionName
> 2020-10-05 10:01:21,298 [root] DEBUG:      |-- ArmadilloMutex
> 2020-10-05 10:01:21,298 [root] DEBUG:      |-- ArmadilloRegKey
> 2020-10-05 10:01:21,298 [root] DEBUG:      |-- ASPackPacked
> 2020-10-05 10:01:21,298 [root] DEBUG:      |-- AspireCryptPacked
> 2020-10-05 10:01:21,298 [root] DEBUG:      |-- BedsProtectorPacked
> 2020-10-05 10:01:21,298 [root] DEBUG:      |-- ConfuserPacked
> 2020-10-05 10:01:21,298 [root] DEBUG:      |-- EnigmaPacked
> 2020-10-05 10:01:21,299 [root] DEBUG:      |-- PackerEntropy
> 2020-10-05 10:01:21,299 [root] DEBUG:      |-- MPressPacked
> 2020-10-05 10:01:21,299 [root] DEBUG:      |-- NatePacked
> 2020-10-05 10:01:21,299 [root] DEBUG:      |-- NsPacked
> 2020-10-05 10:01:21,299 [root] DEBUG:      |-- SmartAssemblyPacked
> 2020-10-05 10:01:21,299 [root] DEBUG:      |-- SpicesPacked
> 2020-10-05 10:01:21,299 [root] DEBUG:      |-- ThemidaPacked
> 2020-10-05 10:01:21,299 [root] DEBUG:      |-- ThemidaPackedSection
> 2020-10-05 10:01:21,299 [root] DEBUG:      |-- TitanPacked
> 2020-10-05 10:01:21,299 [root] DEBUG:      |-- UPXCompressed
> 2020-10-05 10:01:21,299 [root] DEBUG:      |-- VMPPacked
> 2020-10-05 10:01:21,299 [root] DEBUG:      |-- YodaPacked
> 2020-10-05 10:01:21,299 [root] DEBUG:      |-- PDF_Annot_URLs
> 2020-10-05 10:01:21,299 [root] DEBUG:      |-- ADS
> 2020-10-05 10:01:21,300 [root] DEBUG:      |-- Autorun
> 2020-10-05 10:01:21,300 [root] DEBUG:      |-- Autorun_scheduler
> 2020-10-05 10:01:21,300 [root] DEBUG:      |-- PersistenceSafeBoot
> 2020-10-05 10:01:21,300 [root] DEBUG:      |-- PersistenceBootexecute
> 2020-10-05 10:01:21,300 [root] DEBUG:      |-- PersistenceRegistryScript
> 2020-10-05 10:01:21,300 [root] DEBUG:      |-- PersistenceIFEO
> 2020-10-05 10:01:21,300 [root] DEBUG:      |-- PersistenceSilentProcessExit
> 2020-10-05 10:01:21,300 [root] DEBUG:      |-- PersistenceRDPRegistry
> 2020-10-05 10:01:21,300 [root] DEBUG:      |-- PersistenceService
> 2020-10-05 10:01:21,300 [root] DEBUG:      |-- PersistenceShimDatabase
> 2020-10-05 10:01:21,300 [root] DEBUG:      |-- Polymorphic
> 2020-10-05 10:01:21,300 [root] DEBUG:      |-- Pony_APIs
> 2020-10-05 10:01:21,300 [root] DEBUG:      |-- PowerpoolMutexes
> 2020-10-05 10:01:21,301 [root] DEBUG:      |-- PowerShellNetworkConnection
> 2020-10-05 10:01:21,301 [root] DEBUG:      |-- PowerShellScriptBlockLogging
> 2020-10-05 10:01:21,301 [root] DEBUG:      |-- PowershellCommandSuspicious
> 2020-10-05 10:01:21,301 [root] DEBUG:      |-- PowershellRenamed
> 2020-10-05 10:01:21,301 [root] DEBUG:      |-- PowershellReversed
> 2020-10-05 10:01:21,301 [root] DEBUG:      |-- PowershellVariableObfuscation
> 2020-10-05 10:01:21,301 [root] DEBUG:      |-- PunchPlusPlusPCREs
> 2020-10-05 10:01:21,301 [root] DEBUG:      |-- PreventsSafeboot
> 2020-10-05 10:01:21,301 [root] DEBUG:      |-- ProcessInterest
> 2020-10-05 10:01:21,301 [root] DEBUG:      |-- ProcessNeeded
> 2020-10-05 10:01:21,301 [root] DEBUG:      |-- Procmem_Yara
> 2020-10-05 10:01:21,301 [root] DEBUG:      |-- MassDataEncryption
> 2020-10-05 10:01:21,301 [root] DEBUG:      |-- CryptoMixMutexes
> 2020-10-05 10:01:21,301 [root] DEBUG:      |-- DharmaMutexes
> 2020-10-05 10:01:21,301 [root] DEBUG:      |-- RansomwareDMALocker
> 2020-10-05 10:01:21,302 [root] DEBUG:      |-- RansomwareExtensions
> 2020-10-05 10:01:21,302 [root] DEBUG:      |-- RansomwareFileModifications
> 2020-10-05 10:01:21,302 [root] DEBUG:      |-- RansomwareFiles
> 2020-10-05 10:01:21,302 [root] DEBUG:      |-- FonixMutexes
> 2020-10-05 10:01:21,302 [root] DEBUG:      |-- GandCrabMutexes
> 2020-10-05 10:01:21,302 [root] DEBUG:      |-- GermanWiperMutexes
> 2020-10-05 10:01:21,302 [root] DEBUG:      |-- MedusaLockerMutexes
> 2020-10-05 10:01:21,302 [root] DEBUG:      |-- MedusaLockerRegkeys
> 2020-10-05 10:01:21,302 [root] DEBUG:      |-- RansomwareMessage
> 2020-10-05 10:01:21,302 [root] DEBUG:      |-- RansomwareMessageMultipleLocations
> 2020-10-05 10:01:21,302 [root] DEBUG:      |-- NemtyMutexes
> 2020-10-05 10:01:21,302 [root] DEBUG:      |-- NemtyNetworkActivity
> 2020-10-05 10:01:21,302 [root] DEBUG:      |-- NemtyNote
> 2020-10-05 10:01:21,302 [root] DEBUG:      |-- NemtyRegkeys
> 2020-10-05 10:01:21,303 [root] DEBUG:      |-- RansomwareRadamant
> 2020-10-05 10:01:21,303 [root] DEBUG:      |-- RansomwareRecyclebin
> 2020-10-05 10:01:21,303 [root] DEBUG:      |-- RevilMutexes
> 2020-10-05 10:01:21,303 [root] DEBUG:      |-- SatanMutexes
> 2020-10-05 10:01:21,303 [root] DEBUG:      |-- SnakeRansomMutexes
> 2020-10-05 10:01:21,303 [root] DEBUG:      |-- sodinokibi
> 2020-10-05 10:01:21,303 [root] DEBUG:      |-- StopRansomMutexes
> 2020-10-05 10:01:21,303 [root] DEBUG:      |-- BeebusMutexes
> 2020-10-05 10:01:21,303 [root] DEBUG:      |-- BlackRATAPIs
> 2020-10-05 10:01:21,303 [root] DEBUG:      |-- BlackRATMutexes
> 2020-10-05 10:01:21,303 [root] DEBUG:      |-- BlackRATNetworkActivity
> 2020-10-05 10:01:21,303 [root] DEBUG:      |-- BlackRATRegistryKeys
> 2020-10-05 10:01:21,303 [root] DEBUG:      |-- DCRatAPIs
> 2020-10-05 10:01:21,303 [root] DEBUG:      |-- DCRatFiles
> 2020-10-05 10:01:21,304 [root] DEBUG:      |-- DCRatMutex
> 2020-10-05 10:01:21,304 [root] DEBUG:      |-- FynloskiMutexes
> 2020-10-05 10:01:21,304 [root] DEBUG:      |-- KaraganyEventObjects
> 2020-10-05 10:01:21,304 [root] DEBUG:      |-- KaraganyFiles
> 2020-10-05 10:01:21,304 [root] DEBUG:      |-- LimeRATMutexes
> 2020-10-05 10:01:21,304 [root] DEBUG:      |-- LimeRATRegkeys
> 2020-10-05 10:01:21,304 [root] DEBUG:      |-- LuminosityRAT
> 2020-10-05 10:01:21,304 [root] DEBUG:      |-- ModiRATBehavior
> 2020-10-05 10:01:21,304 [root] DEBUG:      |-- NanocoreRAT
> 2020-10-05 10:01:21,304 [root] DEBUG:      |-- netwire
> 2020-10-05 10:01:21,304 [root] DEBUG:      |-- NjratRegkeys
> 2020-10-05 10:01:21,304 [root] DEBUG:      |-- ObliquekRATFiles
> 2020-10-05 10:01:21,304 [root] DEBUG:      |-- ObliquekRATMutexes
> 2020-10-05 10:01:21,304 [root] DEBUG:      |-- ObliquekRATNetworkActivity
> 2020-10-05 10:01:21,304 [root] DEBUG:      |-- OrcusRAT
> 2020-10-05 10:01:21,305 [root] DEBUG:      |-- ParallaxMutexes
> 2020-10-05 10:01:21,305 [root] DEBUG:      |-- PcClientMutexes
> 2020-10-05 10:01:21,305 [root] DEBUG:      |-- PlugxMutexes
> 2020-10-05 10:01:21,305 [root] DEBUG:      |-- PoisonIvyMutexes
> 2020-10-05 10:01:21,305 [root] DEBUG:      |-- QuasarMutexes
> 2020-10-05 10:01:21,305 [root] DEBUG:      |-- RatsnifMutexes
> 2020-10-05 10:01:21,305 [root] DEBUG:      |-- SpynetRat
> 2020-10-05 10:01:21,305 [root] DEBUG:      |-- TrochilusRATAPIs
> 2020-10-05 10:01:21,305 [root] DEBUG:      |-- VenomRAT
> 2020-10-05 10:01:21,305 [root] DEBUG:      |-- WarzoneRATFiles
> 2020-10-05 10:01:21,305 [root] DEBUG:      |-- WarzoneRATRegkeys
> 2020-10-05 10:01:21,305 [root] DEBUG:      |-- XpertRATFiles
> 2020-10-05 10:01:21,305 [root] DEBUG:      |-- XpertRATMutexes
> 2020-10-05 10:01:21,305 [root] DEBUG:      |-- XtremeMutexes
> 2020-10-05 10:01:21,306 [root] DEBUG:      |-- ReadsSelf
> 2020-10-05 10:01:21,306 [root] DEBUG:      |-- Recon_Beacon
> 2020-10-05 10:01:21,306 [root] DEBUG:      |-- CheckIP
> 2020-10-05 10:01:21,306 [root] DEBUG:      |-- Fingerprint
> 2020-10-05 10:01:21,306 [root] DEBUG:      |-- InstalledApps
> 2020-10-05 10:01:21,306 [root] DEBUG:      |-- SystemInfo
> 2020-10-05 10:01:21,306 [root] DEBUG:      |-- Accesses_RecycleBin
> 2020-10-05 10:01:21,306 [root] DEBUG:      |-- RemcosFiles
> 2020-10-05 10:01:21,306 [root] DEBUG:      |-- RemcosMutexes
> 2020-10-05 10:01:21,306 [root] DEBUG:      |-- RemcosRegkeys
> 2020-10-05 10:01:21,306 [root] DEBUG:      |-- RDPTCPKey
> 2020-10-05 10:01:21,306 [root] DEBUG:      |-- UsesRDPClip
> 2020-10-05 10:01:21,307 [root] DEBUG:      |-- UsesRemoteDesktopSession
> 2020-10-05 10:01:21,307 [root] DEBUG:      |-- RemovesZoneIdADS
> 2020-10-05 10:01:21,307 [root] DEBUG:      |-- ScriptCreatedProcess
> 2020-10-05 10:01:21,307 [root] DEBUG:      |-- ScriptNetworkActvity
> 2020-10-05 10:01:21,307 [root] DEBUG:      |-- SuspiciousJSScript
> 2020-10-05 10:01:21,307 [root] DEBUG:      |-- Secure_Login_Phish
> 2020-10-05 10:01:21,307 [root] DEBUG:      |-- SecurityXploded_Modules
> 2020-10-05 10:01:21,307 [root] DEBUG:      |-- SetsAutoconfigURL
> 2020-10-05 10:01:21,307 [root] DEBUG:      |-- Shifu_APIs
> 2020-10-05 10:01:21,307 [root] DEBUG:      |-- InstallsWinpcap
> 2020-10-05 10:01:21,307 [root] DEBUG:      |-- SpoofsProcname
> 2020-10-05 10:01:21,307 [root] DEBUG:      |-- CreatesAutorunInf
> 2020-10-05 10:01:21,307 [root] DEBUG:      |-- StackPivot
> 2020-10-05 10:01:21,307 [root] DEBUG:      |-- StackPivotFileCreated
> 2020-10-05 10:01:21,308 [root] DEBUG:      |-- StackPivotProcessCreate
> 2020-10-05 10:01:21,308 [root] DEBUG:      |-- Authenticode
> 2020-10-05 10:01:21,308 [root] DEBUG:      |-- InvalidAuthenticodeSignature
> 2020-10-05 10:01:21,308 [root] DEBUG:      |-- DotNetAnomaly
> 2020-10-05 10:01:21,308 [root] DEBUG:      |-- Static_Java
> 2020-10-05 10:01:21,308 [root] DEBUG:      |-- Static_PDF
> 2020-10-05 10:01:21,308 [root] DEBUG:      |-- PEAnomaly
> 2020-10-05 10:01:21,308 [root] DEBUG:      |-- PECompileTimeStomping
> 2020-10-05 10:01:21,308 [root] DEBUG:      |-- StaticPEPDBPath
> 2020-10-05 10:01:21,308 [root] DEBUG:      |-- RATConfig
> 2020-10-05 10:01:21,308 [root] DEBUG:      |-- VersionInfoAnomaly
> 2020-10-05 10:01:21,309 [root] DEBUG:      |-- StealthChildProc
> 2020-10-05 10:01:21,309 [root] DEBUG:      |-- StealthFile
> 2020-10-05 10:01:21,309 [root] DEBUG:      |-- StealthHiddenExtension
> 2020-10-05 10:01:21,309 [root] DEBUG:      |-- StealthHiddenReg
> 2020-10-05 10:01:21,309 [root] DEBUG:      |-- StealthHideNotifications
> 2020-10-05 10:01:21,309 [root] DEBUG:      |-- StealthNetwork
> 2020-10-05 10:01:21,309 [root] DEBUG:      |-- StealthTimeout
> 2020-10-05 10:01:21,309 [root] DEBUG:      |-- StealthWebHistory
> 2020-10-05 10:01:21,309 [root] DEBUG:      |-- Hidden_Window
> 2020-10-05 10:01:21,309 [root] DEBUG:      |-- SuricataAlert
> 2020-10-05 10:01:21,309 [root] DEBUG:      |-- sysinternals_psexec
> 2020-10-05 10:01:21,309 [root] DEBUG:      |-- sysinternals_tools
> 2020-10-05 10:01:21,309 [root] DEBUG:      |-- TampersETW
> 2020-10-05 10:01:21,310 [root] DEBUG:      |-- TampersPowerShellLogging
> 2020-10-05 10:01:21,310 [root] DEBUG:      |-- Flame
> 2020-10-05 10:01:21,310 [root] DEBUG:      |-- TerritorialDisputeSIGs
> 2020-10-05 10:01:21,310 [root] DEBUG:      |-- Tinba_APIs
> 2020-10-05 10:01:21,310 [root] DEBUG:      |-- TrickBotTaskDelete
> 2020-10-05 10:01:21,310 [root] DEBUG:      |-- TrickBotMutexes
> 2020-10-05 10:01:21,310 [root] DEBUG:      |-- FleerCivetMutexes
> 2020-10-05 10:01:21,310 [root] DEBUG:      |-- LokibotMutexes
> 2020-10-05 10:01:21,310 [root] DEBUG:      |-- Troldesh_APIs
> 2020-10-05 10:01:21,310 [root] DEBUG:      |-- Upatre_APIs
> 2020-10-05 10:01:21,310 [root] DEBUG:      |-- Ursnif_APIs
> 2020-10-05 10:01:21,310 [root] DEBUG:      |-- UserEnum
> 2020-10-05 10:01:21,310 [root] DEBUG:      |-- ADFind
> 2020-10-05 10:01:21,310 [root] DEBUG:      |-- Vawtrak_APIs
> 2020-10-05 10:01:21,310 [root] DEBUG:      |-- Vawtrak_APIs
> 2020-10-05 10:01:21,311 [root] DEBUG:      |-- Virus
> 2020-10-05 10:01:21,311 [root] DEBUG:      |-- NeshtaFiles
> 2020-10-05 10:01:21,311 [root] DEBUG:      |-- NeshtaMutexes
> 2020-10-05 10:01:21,311 [root] DEBUG:      |-- NeshtaRegKeys
> 2020-10-05 10:01:21,311 [root] DEBUG:      |-- RenamerMutexes
> 2020-10-05 10:01:21,311 [root] DEBUG:      |-- VolDevicetree1
> 2020-10-05 10:01:21,311 [root] DEBUG:      |-- VolHandles1
> 2020-10-05 10:01:21,311 [root] DEBUG:      |-- VolLdrModules1
> 2020-10-05 10:01:21,311 [root] DEBUG:      |-- VolLdrModules2
> 2020-10-05 10:01:21,311 [root] DEBUG:      |-- VolMalfind1
> 2020-10-05 10:01:21,311 [root] DEBUG:      |-- VolMalfind2
> 2020-10-05 10:01:21,311 [root] DEBUG:      |-- VolModscan1
> 2020-10-05 10:01:21,311 [root] DEBUG:      |-- VolSvcscan1
> 2020-10-05 10:01:21,312 [root] DEBUG:      |-- VolSvcscan2
> 2020-10-05 10:01:21,312 [root] DEBUG:      |-- VolSvcscan3
> 2020-10-05 10:01:21,312 [root] DEBUG:      |-- Webmail_Phish
> 2020-10-05 10:01:21,312 [root] DEBUG:      |-- OWAWebShellFiles
> 2020-10-05 10:01:21,312 [root] DEBUG:      |-- WebShellFiles
> 2020-10-05 10:01:21,312 [root] DEBUG:      |-- WebShellProcesses
> 2020-10-05 10:01:21,312 [root] DEBUG:      |-- PersistsDotNetDevUtility
> 2020-10-05 10:01:21,312 [root] DEBUG:      |-- SpwansDotNetDevUtiliy
> 2020-10-05 10:01:21,312 [root] DEBUG:      |-- WHOIS_Create
> 2020-10-05 10:01:21,312 [root] DEBUG:      |-- AltersWindowsUtility
> 2020-10-05 10:01:21,312 [root] DEBUG:      |-- DotNETCSCBuild
> 2020-10-05 10:01:21,312 [root] DEBUG:      |-- MultipleExplorerInstances
> 2020-10-05 10:01:21,312 [root] DEBUG:      |-- OverwritesAccessibilityUtility
> 2020-10-05 10:01:21,312 [root] DEBUG:      |-- ScriptToolExecuted
> 2020-10-05 10:01:21,313 [root] DEBUG:      |-- SuspiciousCertutilUse
> 2020-10-05 10:01:21,313 [root] DEBUG:      |-- SuspiciousCommandTools
> 2020-10-05 10:01:21,313 [root] DEBUG:      |-- SuspiciousMpCmdRunUse
> 2020-10-05 10:01:21,313 [root] DEBUG:      |-- SuspiciousPingUse
> 2020-10-05 10:01:21,313 [root] DEBUG:      |-- UsesWindowsUtilities
> 2020-10-05 10:01:21,313 [root] DEBUG:      |-- UsesWindowsUtilitiesAppCmd
> 2020-10-05 10:01:21,313 [root] DEBUG:      |-- UsesWindowsUtilitiesCSVDELDFIDE
> 2020-10-05 10:01:21,313 [root] DEBUG:      |-- UsesWindowsUtilitiesCipher
> 2020-10-05 10:01:21,313 [root] DEBUG:      |-- UsesWindowsUtilitiesClickOnce
> 2020-10-05 10:01:21,313 [root] DEBUG:      |-- UsesWindowsUtilitiesDSQuery
> 2020-10-05 10:01:21,313 [root] DEBUG:      |-- UsesWindowsUtilitiesFinger
> 2020-10-05 10:01:21,313 [root] DEBUG:      |-- UsesWindowsUtilitiesMode
> 2020-10-05 10:01:21,313 [root] DEBUG:      |-- UsesWindowsUtilitiesNTDSutil
> 2020-10-05 10:01:21,313 [root] DEBUG:      |-- UsesWindowsUtilitiesNltest
> 2020-10-05 10:01:21,313 [root] DEBUG:      |-- UsesWindowsUtilitiesScheduler
> 2020-10-05 10:01:21,313 [root] DEBUG:      |-- WMICCommandSuspicious
> 2020-10-05 10:01:21,314 [root] DEBUG:      |-- ScrconsWMIScriptConsumer
> 2020-10-05 10:01:21,314 [root] DEBUG:      |-- WMICreateProcess
> 2020-10-05 10:01:21,314 [root] DEBUG:      |-- WMIScriptProcess
> 2020-10-05 10:01:21,314 [root] DEBUG:      `-- AllapleMutexes
> 2020-10-05 10:01:21,314 [root] DEBUG: Imported "reporting" modules:
> 2020-10-05 10:01:21,314 [root] DEBUG:      |-- BinGraph
> 2020-10-05 10:01:21,314 [root] DEBUG:      |-- CALLBACKHOME
> 2020-10-05 10:01:21,314 [root] DEBUG:      |-- Compression
> 2020-10-05 10:01:21,314 [root] DEBUG:      |-- CompressResults
> 2020-10-05 10:01:21,314 [root] DEBUG:      |-- ElasticsearchDB
> 2020-10-05 10:01:21,314 [root] DEBUG:      |-- JsonDump
> 2020-10-05 10:01:21,314 [root] DEBUG:      |-- MAEC41Report
> 2020-10-05 10:01:21,314 [root] DEBUG:      |-- MaecReport
> 2020-10-05 10:01:21,314 [root] DEBUG:      |-- Malheur
> 2020-10-05 10:01:21,314 [root] DEBUG:      |-- MISP
> 2020-10-05 10:01:21,315 [root] DEBUG:      |-- MITRE_TTPS
> 2020-10-05 10:01:21,315 [root] DEBUG:      |-- Moloch
> 2020-10-05 10:01:21,315 [root] DEBUG:      |-- MongoDB
> 2020-10-05 10:01:21,315 [root] DEBUG:      |-- PCAP2CERT
> 2020-10-05 10:01:21,315 [root] DEBUG:      |-- RAMFSCLEAN
> 2020-10-05 10:01:21,315 [root] DEBUG:      |-- ReportHTML
> 2020-10-05 10:01:21,315 [root] DEBUG:      |-- ReportHTMLSummary
> 2020-10-05 10:01:21,315 [root] DEBUG:      |-- ReportPDF
> 2020-10-05 10:01:21,315 [root] DEBUG:      |-- ReSubmitExtractedEXE
> 2020-10-05 10:01:21,315 [root] DEBUG:      |-- Retention
> 2020-10-05 10:01:21,315 [root] DEBUG:      |-- SubmitCAPE
> 2020-10-05 10:01:21,315 [root] DEBUG:      `-- Syslog
> 2020-10-05 10:01:21,315 [root] DEBUG: Imported "feeds" modules:
> 2020-10-05 10:01:21,315 [root] DEBUG:      `-- AbuseCH_SSL
> 2020-10-05 10:01:21,315 [root] DEBUG: Imported "machinery" modules:
> 2020-10-05 10:01:21,315 [root] DEBUG:      `-- VirtualBox
> 2020-10-05 10:01:21,316 [root] DEBUG: Checking for locked tasks...
> 2020-10-05 10:01:21,435 [root] DEBUG: Initializing Yara...
> 2020-10-05 10:01:21,453 [root] DEBUG:      |-- binaries Generic_Phishing_PDF.yar
> 2020-10-05 10:01:21,453 [root] DEBUG:      |-- binaries HeavensGate.yar
> 2020-10-05 10:01:21,453 [root] DEBUG:      |-- binaries LNK_Ruleset.yar
> 2020-10-05 10:01:21,453 [root] DEBUG:      |-- binaries OLEfile_in_CAD_FAS_LSP.yar
> 2020-10-05 10:01:21,453 [root] DEBUG:      |-- binaries Webshell_in_image.yar
> 2020-10-05 10:01:21,453 [root] DEBUG:      |-- binaries embedded.yar
> 2020-10-05 10:01:21,453 [root] DEBUG:      |-- binaries indicator_packed.yar
> 2020-10-05 10:01:21,453 [root] DEBUG:      |-- binaries indicator_tools.yar
> 2020-10-05 10:01:21,454 [root] DEBUG:      |-- binaries shellcodes.yar
> 2020-10-05 10:01:21,454 [root] DEBUG:      |-- binaries vmdetect.yar
> 2020-10-05 10:01:21,473 [root] DEBUG:      |-- memory Exploit_HT_Flash_Vars.yar
> 2020-10-05 10:01:21,473 [root] DEBUG:      |-- memory Exploit_HT_VRename.yar
> 2020-10-05 10:01:21,473 [root] DEBUG:      |-- memory adgholas.yar
> 2020-10-05 10:01:21,473 [root] DEBUG:      |-- memory angler.yar
> 2020-10-05 10:01:21,473 [root] DEBUG:      |-- memory astrum.yar
> 2020-10-05 10:01:21,473 [root] DEBUG:      |-- memory cve_2013_2551.yar
> 2020-10-05 10:01:21,473 [root] DEBUG:      |-- memory cve_2014_0515.yar
> 2020-10-05 10:01:21,473 [root] DEBUG:      |-- memory cve_2014_0569.yar
> 2020-10-05 10:01:21,473 [root] DEBUG:      |-- memory cve_2014_6332.yar
> 2020-10-05 10:01:21,473 [root] DEBUG:      |-- memory cve_2015_0016.yar
> 2020-10-05 10:01:21,473 [root] DEBUG:      |-- memory cve_2015_2419.yar
> 2020-10-05 10:01:21,473 [root] DEBUG:      |-- memory cve_2015_2545.yar
> 2020-10-05 10:01:21,473 [root] DEBUG:      |-- memory cve_2015_5122.yar
> 2020-10-05 10:01:21,473 [root] DEBUG:      |-- memory cve_2016_0189.yar
> 2020-10-05 10:01:21,474 [root] DEBUG:      |-- memory cve_2016_3298.yar
> 2020-10-05 10:01:21,474 [root] DEBUG:      |-- memory darkcomet.yar
> 2020-10-05 10:01:21,474 [root] DEBUG:      |-- memory dridex.yar
> 2020-10-05 10:01:21,474 [root] DEBUG:      |-- memory dyre.yar
> 2020-10-05 10:01:21,474 [root] DEBUG:      |-- memory eitest.yar
> 2020-10-05 10:01:21,474 [root] DEBUG:      |-- memory flash_exploits.yar
> 2020-10-05 10:01:21,474 [root] DEBUG:      |-- memory kazybot.yar
> 2020-10-05 10:01:21,474 [root] DEBUG:      |-- memory neutrino.yar
> 2020-10-05 10:01:21,474 [root] DEBUG:      |-- memory nuclear.yar
> 2020-10-05 10:01:21,474 [root] DEBUG:      |-- memory rig.yar
> 2020-10-05 10:01:21,474 [root] DEBUG:      |-- memory shellcodes.yar
> 2020-10-05 10:01:21,474 [root] DEBUG:      |-- memory sundown.yar
> 2020-10-05 10:01:21,503 [root] DEBUG:      |-- CAPE AAR.yar
> 2020-10-05 10:01:21,503 [root] DEBUG:      |-- CAPE AcidRain.yar
> 2020-10-05 10:01:21,503 [root] DEBUG:      |-- CAPE Adfind.yar
> 2020-10-05 10:01:21,503 [root] DEBUG:      |-- CAPE Adzok.yar
> 2020-10-05 10:01:21,503 [root] DEBUG:      |-- CAPE AgentTesla.yar
> 2020-10-05 10:01:21,503 [root] DEBUG:      |-- CAPE AgentTeslaV3.yar
> 2020-10-05 10:01:21,503 [root] DEBUG:      |-- CAPE AlienSpy.yar
> 2020-10-05 10:01:21,503 [root] DEBUG:      |-- CAPE Amadey.yar
> 2020-10-05 10:01:21,503 [root] DEBUG:      |-- CAPE Ap0calypse.yar
> 2020-10-05 10:01:21,504 [root] DEBUG:      |-- CAPE Arcom.yar
> 2020-10-05 10:01:21,504 [root] DEBUG:      |-- CAPE Arkei.yar
> 2020-10-05 10:01:21,504 [root] DEBUG:      |-- CAPE Aspire.yar
> 2020-10-05 10:01:21,504 [root] DEBUG:      |-- CAPE AsyncRat.yar
> 2020-10-05 10:01:21,504 [root] DEBUG:      |-- CAPE Atlas.yar
> 2020-10-05 10:01:21,504 [root] DEBUG:      |-- CAPE Aurora.yar
> 2020-10-05 10:01:21,504 [root] DEBUG:      |-- CAPE Avaddon.yar
> 2020-10-05 10:01:21,504 [root] DEBUG:      |-- CAPE Avalon.yar
> 2020-10-05 10:01:21,504 [root] DEBUG:      |-- CAPE Azer.yar
> 2020-10-05 10:01:21,504 [root] DEBUG:      |-- CAPE Azorult.yar
> 2020-10-05 10:01:21,504 [root] DEBUG:      |-- CAPE BACKSPACE.yar
> 2020-10-05 10:01:21,504 [root] DEBUG:      |-- CAPE BackNet.yar
> 2020-10-05 10:01:21,504 [root] DEBUG:      |-- CAPE BackOffLoader.yar
> 2020-10-05 10:01:21,504 [root] DEBUG:      |-- CAPE BackOffPOS.yar
> 2020-10-05 10:01:21,504 [root] DEBUG:      |-- CAPE BadRabbit.yar
> 2020-10-05 10:01:21,504 [root] DEBUG:      |-- CAPE Baldr.yar
> 2020-10-05 10:01:21,504 [root] DEBUG:      |-- CAPE Bandook.yar
> 2020-10-05 10:01:21,504 [root] DEBUG:      |-- CAPE Bazar.yar
> 2020-10-05 10:01:21,504 [root] DEBUG:      |-- CAPE BitPaymer.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE BitterRAT.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE BlackNix.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE BlackShades.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE BlackshadesRAT.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE BlueBanana.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE Bozok.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE Buran.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE Cerber.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE ChChes.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE ChaChaDDoS.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE ClientMesh.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE Clop.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE CobaltStrikeBeacon.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE Codoso.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE Confucius_B.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE Cotx_RAT.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE CryLock.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE CryptoStealerGo.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE Cryptoshield.yar
> 2020-10-05 10:01:21,505 [root] DEBUG:      |-- CAPE Cutlet.yar
> 2020-10-05 10:01:21,506 [root] DEBUG:      |-- CAPE CyberGate.yar
> 2020-10-05 10:01:21,506 [root] DEBUG:      |-- CAPE DCRat.yar
> 2020-10-05 10:01:21,506 [root] DEBUG:      |-- CAPE DTstealer.yar
> 2020-10-05 10:01:21,506 [root] DEBUG:      |-- CAPE DarkComet.yar
> 2020-10-05 10:01:21,506 [root] DEBUG:      |-- CAPE DarkRAT.yar
> 2020-10-05 10:01:21,506 [root] DEBUG:      |-- CAPE DoppelPaymer.yar
> 2020-10-05 10:01:21,506 [root] DEBUG:      |-- CAPE Dreambot.yar
> 2020-10-05 10:01:21,506 [root] DEBUG:      |-- CAPE Dridex.yar
> 2020-10-05 10:01:21,506 [root] DEBUG:      |-- CAPE DridexLoader.yar
> 2020-10-05 10:01:21,506 [root] DEBUG:      |-- CAPE DridexV4.yar
> 2020-10-05 10:01:21,506 [root] DEBUG:      |-- CAPE Echelon.yar
> 2020-10-05 10:01:21,506 [root] DEBUG:      |-- CAPE Ekans.yar
> 2020-10-05 10:01:21,506 [root] DEBUG:      |-- CAPE Emotet.yar
> 2020-10-05 10:01:21,506 [root] DEBUG:      |-- CAPE Emotet_Loader.yar
> 2020-10-05 10:01:21,506 [root] DEBUG:      |-- CAPE Enfal.yar
> 2020-10-05 10:01:21,506 [root] DEBUG:      |-- CAPE EnigmaStub.yar
> 2020-10-05 10:01:21,506 [root] DEBUG:      |-- CAPE EternalRomance.yar
> 2020-10-05 10:01:21,506 [root] DEBUG:      |-- CAPE EvilGrab.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE Exaramel.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE FakeWMI.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE Fareit.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE FirebirdRAT.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE Formbook.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE Gandcrab.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE GetCrypt.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE GoldenAxe.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE GoldenSpy.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE Gootkit.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE Greame.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE GuLoader.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE Hancitor.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE HawkEye.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE HawkEyev9.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE Hermes.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE HiddenVNC.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE HiddenWasp.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE HttpBrowser.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE ISRStealer.yar
> 2020-10-05 10:01:21,507 [root] DEBUG:      |-- CAPE IcedID.yar
> 2020-10-05 10:01:21,508 [root] DEBUG:      |-- CAPE Imminent.yar
> 2020-10-05 10:01:21,508 [root] DEBUG:      |-- CAPE Impacket.yar
> 2020-10-05 10:01:21,508 [root] DEBUG:      |-- CAPE Infinity.yar
> 2020-10-05 10:01:21,508 [root] DEBUG:      |-- CAPE Jaff.yar
> 2020-10-05 10:01:21,508 [root] DEBUG:      |-- CAPE JavaDropper.yar
> 2020-10-05 10:01:21,508 [root] DEBUG:      |-- CAPE JoeGo.yar
> 2020-10-05 10:01:21,508 [root] DEBUG:      |-- CAPE KPortScan.yar
> 2020-10-05 10:01:21,508 [root] DEBUG:      |-- CAPE KeyBase.yar
> 2020-10-05 10:01:21,508 [root] DEBUG:      |-- CAPE Kinsing.yar
> 2020-10-05 10:01:21,508 [root] DEBUG:      |-- CAPE KoadicBAT.yar
> 2020-10-05 10:01:21,508 [root] DEBUG:      |-- CAPE KoadicDOC.yar
> 2020-10-05 10:01:21,508 [root] DEBUG:      |-- CAPE KoadicJS.yar
> 2020-10-05 10:01:21,508 [root] DEBUG:      |-- CAPE Konni.yar
> 2020-10-05 10:01:21,508 [root] DEBUG:      |-- CAPE Kovter.yar
> 2020-10-05 10:01:21,508 [root] DEBUG:      |-- CAPE Kronos.yar
> 2020-10-05 10:01:21,508 [root] DEBUG:      |-- CAPE LaZagne.yar
> 2020-10-05 10:01:21,508 [root] DEBUG:      |-- CAPE Laturo.yar
> 2020-10-05 10:01:21,508 [root] DEBUG:      |-- CAPE LimeRAT.yar
> 2020-10-05 10:01:21,508 [root] DEBUG:      |-- CAPE Lockbit.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE Locky.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE Loki.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE LostDoor.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE LuminosityLink.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE LuxNet.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE M00nD3v.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE Magniber.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE Mangzamel.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE MassLogger.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE Maze.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE MedusaLocker.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE MegaCortex.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE Megumin.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE MoDiRAT.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE Mole.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE NETEAGLE.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE NLBrute.yar
> 2020-1
> 
> 0-05 10:01:21,509 [root] DEBUG:    |-- CAPE NanoCore.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE NanoLocker.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE Nemty.yar
> 2020-10-05 10:01:21,509 [root] DEBUG:      |-- CAPE NetTraveler.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE NetWire.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE Netwalker.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE Nymaim.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE ObliqueRAT.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE OlympicDestroyer.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE OrcusRAT.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE Orion.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE Pafish.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE Pandora.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE Paradox.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE Parallax.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE PatchWork.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE PetrWrap.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE Petya.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE Phoenix.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE Phorpiex.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE PillowMint.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE Plasma.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE Plurox.yar
> 2020-10-05 10:01:21,510 [root] DEBUG:      |-- CAPE PoisonIvy.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE PowerPool.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE PredatorPain.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE ProLock.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE Punisher.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE PurpleWave.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE PyInstaller.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE Pyrogenic.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE PythoRAT.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE QRat.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE QakBot.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE QuasarRAT.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE Qulab.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE RCSession.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE RDPWrap.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE REvil.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE RHttpCtrl.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE Racoon.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE RagnarLocker.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE Ramnit.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE RedLeaf.yar
> 2020-10-05 10:01:21,511 [root] DEBUG:      |-- CAPE Redsip.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE Remcos.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE RemoteUtilitiesRAT.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE Responder.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE Retefe.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE Rietspoof.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE Robbinhood.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE RokRat.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE Ryuk.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE S05Kitty.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE Sakula.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE Scarab.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE Sedreco.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE Seduploader.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE Sfile.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE ShadowTech.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE SlothfulMedia.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE SmallNet.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE SmokeLoader.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE SpyGate.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE Sub7Nation.yar
> 2020-10-05 10:01:21,512 [root] DEBUG:      |-- CAPE T5000.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE TAIDOOR.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE TClient.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE TJKeylogger.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE TSCookie.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE Taurus.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE Tefosteal.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE TreasureHunter.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE TrickBot.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE UPX.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE Ursnif.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE Ursnif3.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE VMProtectStub.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE VSSDestroy.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE Varenyky.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE Vertex.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE Vidar.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE VirusRat.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE W1RAT.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE WanaCry.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE WarzoneRAT.yar
> 2020-10-05 10:01:21,513 [root] DEBUG:      |-- CAPE WellMess.yar
> 2020-10-05 10:01:21,514 [root] DEBUG:      |-- CAPE Windows_Credentials_Editor.yar
> 2020-10-05 10:01:21,514 [root] DEBUG:      |-- CAPE XiaoBa.yar
> 2020-10-05 10:01:21,514 [root] DEBUG:      |-- CAPE XpertRAT.yar
> 2020-10-05 10:01:21,514 [root] DEBUG:      |-- CAPE Xtreme.yar
> 2020-10-05 10:01:21,514 [root] DEBUG:      |-- CAPE Zeppelin.yar
> 2020-10-05 10:01:21,514 [root] DEBUG:      |-- CAPE ZeroT.yar
> 2020-10-05 10:01:21,514 [root] DEBUG:      |-- CAPE ZeusPanda.yar
> 2020-10-05 10:01:21,514 [root] DEBUG:      |-- CAPE Zloader.yar
> 2020-10-05 10:01:21,514 [root] DEBUG:      |-- CAPE adWind.yar
> 2020-10-05 10:01:21,514 [root] DEBUG:      |-- CAPE jRat.yar
> 2020-10-05 10:01:21,514 [root] DEBUG:      |-- CAPE kiwi_passwords.yar
> 2020-10-05 10:01:21,514 [root] DEBUG:      |-- CAPE njRat.yar
> 2020-10-05 10:01:21,514 [root] DEBUG:      |-- CAPE tRat.yar
> 2020-10-05 10:01:21,514 [root] DEBUG:      |-- CAPE unrecom.yar
> 2020-10-05 10:01:21,514 [root] DEBUG:      |-- CAPE xRAT.yar
> 2020-10-05 10:01:21,518 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" machine manager with max_analysis_count=0, max_machines_count=10, and max_vmstartup_count=5
> 2020-10-05 10:01:21,591 [modules.machinery.virtualbox] DEBUG: Getting status for MSEdge
> 2020-10-05 10:01:21,677 [modules.machinery.virtualbox] DEBUG: Machine MSEdge status poweroff
> 2020-10-05 10:01:21,698 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s
> 2020-10-05 10:01:21,705 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks.
> 2020-10-05 10:03:42,928 [lib.cuckoo.core.scheduler] DEBUG: Task #1: Processing task
> 2020-10-05 10:03:42,931 [lib.cuckoo.core.scheduler] INFO: Task #1: Starting analysis of FILE '/tmp/cuckoo-tmp/upload_e6sttpg_/rufus-3.11.exe'
> 2020-10-05 10:03:42,976 [lib.cuckoo.core.scheduler] INFO: Task #1: acquired machine MSEdge (label=MSEdge, platform=windows)
> 2020-10-05 10:03:43,097 [root] DEBUG: Now tracking machine 192.168.56.101 for task #1
> 2020-10-05 10:03:43,118 [modules.machinery.virtualbox] DEBUG: Starting vm MSEdge
> 2020-10-05 10:03:43,118 [modules.machinery.virtualbox] DEBUG: Getting status for MSEdge
> 2020-10-05 10:03:43,211 [modules.machinery.virtualbox] DEBUG: Machine MSEdge status poweroff
> 2020-10-05 10:03:43,233 [modules.machinery.virtualbox] DEBUG: Using snapshot snapshot1 for virtual machine MSEdge
> 2020-10-05 10:03:43,348 [modules.machinery.virtualbox] DEBUG: Getting status for MSEdge
> 2020-10-05 10:03:43,448 [modules.machinery.virtualbox] DEBUG: Machine MSEdge status saved
> 2020-10-05 10:03:53,112 [modules.machinery.virtualbox] DEBUG: Getting status for MSEdge
> 2020-10-05 10:03:53,345 [modules.machinery.virtualbox] DEBUG: Machine MSEdge status running
> 2020-10-05 10:03:53,360 [lib.cuckoo.core.rooter] CRITICAL: Unable to passthrough root command (drop_enable) as the rooter unix socket doesn't exist.
> 2020-10-05 10:03:53,361 [lib.cuckoo.core.scheduler] INFO: Enabled route 'none'
> 2020-10-05 10:03:53,385 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 4317 (interface=vboxnet0, host=192.168.56.101, dump path=/opt/CAPEv2/storage/analyses/1/dump.pcap)
> 2020-10-05 10:03:53,385 [lib.cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer
> 2020-10-05 10:03:53,403 [lib.cuckoo.core.guest] INFO: Starting analysis #1 on guest (id=MSEdge, ip=192.168.56.101)
> 2020-10-05 10:03:54,406 [lib.cuckoo.core.guest] DEBUG: MSEdge: not ready yet
> 2020-10-05 10:03:55,412 [lib.cuckoo.core.guest] DEBUG: MSEdge: not ready yet
> 2020-10-05 10:03:56,127 [lib.cuckoo.core.guest] INFO: Guest is running CAPE Agent 0.11 (id=MSEdge, ip=192.168.56.101)
> 2020-10-05 10:03:56,241 [lib.cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=MSEdge, ip=192.168.56.101, size=19249988)
> 2020-10-05 10:03:56,972 [lib.cuckoo.core.guest] INFO: Uploading support files to guest (id=MSEdge, ip=192.168.56.101)
> Segmentation fault (core dumped)

Agent.py:

C:\Windows\system32>python C:\Users\IEUser\Desktop\agent.py
2020-10-05 02:54:50,819 [root] INFO: Date set to: 20201005T10:03:42, timeout set to: 200
2020-10-05 10:03:42,050 [root] DEBUG: Starting analyzer from: C:\tmp_j0ptbuy
2020-10-05 10:03:42,050 [root] DEBUG: Storing results at: C:\nQBeFlJBW
2020-10-05 10:03:42,050 [root] DEBUG: Pipe server name: \\.\PIPE\fhnzVfL
2020-10-05 10:03:42,072 [root] DEBUG: Python path: C:\Users\IEUser\AppData\Local\Programs\Python\Python38-32
2020-10-05 10:03:42,072 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-10-05 10:03:42,072 [root] INFO: Automatically selected analysis package "exe"
2020-10-05 10:03:42,072 [root] DEBUG: Trying to import analysis package "exe"...
2020-10-05 10:03:42,098 [root] DEBUG: Imported analysis package "exe".
2020-10-05 10:03:42,121 [root] DEBUG: Trying to initialize analysis package "exe"...
2020-10-05 10:03:42,121 [root] DEBUG: Initialized analysis package "exe".
2020-10-05 10:03:42,143 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.browser"...
2020-10-05 10:03:42,190 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser".
2020-10-05 10:03:42,210 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.curtain"...
2020-10-05 10:03:42,257 [root] DEBUG: Imported auxiliary module "modules.auxiliary.curtain".
2020-10-05 10:03:42,280 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.digisig"...
2020-10-05 10:03:42,301 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig".
2020-10-05 10:03:42,324 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.disguise"...
2020-10-05 10:03:42,372 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise".
2020-10-05 10:03:42,372 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.human"...
2020-10-05 10:03:42,439 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human".
2020-10-05 10:03:42,465 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.procmon"...
2020-10-05 10:03:42,465 [root] DEBUG: Imported auxiliary module "modules.auxiliary.procmon".
2020-10-05 10:03:42,485 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.screenshots"...
2020-10-05 10:03:42,509 [modules.auxiliary.screenshots] DEBUG: Importing 'time'
2020-10-05 10:03:42,531 [modules.auxiliary.screenshots] DEBUG: Importing 'StringIO'
2020-10-05 10:03:42,531 [modules.auxiliary.screenshots] DEBUG: Importing 'Thread'
2020-10-05 10:03:42,554 [modules.auxiliary.screenshots] DEBUG: Importing 'Auxiliary'
2020-10-05 10:03:42,554 [modules.auxiliary.screenshots] DEBUG: Importing 'NetlogFile'
2020-10-05 10:03:42,554 [modules.auxiliary.screenshots] DEBUG: Importing 'Screenshot'
2020-10-05 10:03:42,580 [lib.api.screenshot] DEBUG: Importing 'math'
2020-10-05 10:03:42,603 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2020-10-05 10:03:42,807 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2020-10-05 10:03:42,807 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2020-10-05 10:03:42,829 [modules.auxiliary.screenshots] DEBUG: Imports OK
2020-10-05 10:03:42,829 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots".
2020-10-05 10:03:42,855 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.sysmon"...
2020-10-05 10:03:42,855 [root] DEBUG: Imported auxiliary module "modules.auxiliary.sysmon".
2020-10-05 10:03:42,877 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.usage"...
2020-10-05 10:03:42,877 [root] DEBUG: Imported auxiliary module "modules.auxiliary.usage".
2020-10-05 10:03:42,877 [root] DEBUG: Trying to initialize auxiliary module "Browser"...
2020-10-05 10:03:42,877 [root] DEBUG: Initialized auxiliary module "Browser".
2020-10-05 10:03:42,877 [root] DEBUG: Trying to start auxiliary module "Browser"...
2020-10-05 10:03:42,923 [root] DEBUG: Started auxiliary module Browser
2020-10-05 10:03:42,923 [root] DEBUG: Trying to initialize auxiliary module "Curtain"...
2020-10-05 10:03:42,923 [root] DEBUG: Initialized auxiliary module "Curtain".
2020-10-05 10:03:42,923 [root] DEBUG: Trying to start auxiliary module "Curtain"...
2020-10-05 10:03:42,923 [root] DEBUG: Started auxiliary module Curtain
2020-10-05 10:03:42,923 [root] DEBUG: Trying to initialize auxiliary module "DigiSig"...
2020-10-05 10:03:42,923 [root] DEBUG: Initialized auxiliary module "DigiSig".
2020-10-05 10:03:42,923 [root] DEBUG: Trying to start auxiliary module "DigiSig"...
2020-10-05 10:03:42,923 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature.
2020-10-05 03:04:22,856 [modules.auxiliary.digisig] DEBUG: File has a valid signature.
('Unhandled exception in NetlogConnection:', '[WinError 10054] An existing connection was forcibly closed by the remote host')
2020-10-05 03:04:22,856 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
('Unhandled exception in NetlogConnection:', '[WinError 10054] An existing connection was forcibly closed by the remote host')

PythonCrashReport

PythonCrashReport.log

[doomedraven]

hello, no idea, never saw it before %) i would suggest you strace python cuckoo.py -d and search in your log the last msg that you see in console after that you should see the error odetails what it was trying to do

[ClaudioWayne]

cuckoo_strace.log

That is the strace-log. Maybe someone with more in-depth knowledge finds a quick solution. I will try to check the log again later this day. Thanks for your time.

FYI: Getting a 500 Server Error right now on https://capesandbox.com/submit/ if i try to submit a file.

[doomedraven]

fixd 500

[doomedraven]

i don't see nothing suspicious in strace log, you probably will need to attach with dbg and get stack once it crashes

[ClaudioWayne]

greenlet 0.4.17 caused the crash.

pip3 uninstall greenlet
pip3 install greenlet==0.4.16

solved the problem for me.

What a pain :dagger: What is the best way to find those "broken" python packages? Maybe add pip3 install greenlet==0.4.16 in capev2.sh.

feel free to close this issue

[doomedraven]

thanks a lot for reporting your finding, i will add, i will check changelog to see what. they have changed

[doomedraven]

added enforced version, also need to find which lib depends oon it to see, thanks again

[doomedraven]

here is why so is more need version of gevents to be fixed http://www.gevent.org/changelog.html#changelog

[doomedraven]

but we have hardcoded gevent version, strange, anyway hardcodd the greenlet version too

[ClaudioWayne]

thx for information

Sry for commenting that much but here is just another a quick info: If i try to submit a password protected .zip file via Web-interface and use the Password-Option i get:

ERROR :-( Error adding task to CAPE's database

i tried: password="virus" password='virus' password=virus

i can reproduce this behavior on capesandbox.com

But maybe I am using it wrong. Let me know.

Thx

[doomedraven]

thats fine, im notified about new comments so all bugs should die :) checking

[doomedraven]

can't reproduce it

68926 | /X/curtain_tester.exe | file     |     300 |        1 |        | win7_4  |         | password=virus,route=tor

correct format is password=virus, try again and if deosn't work, than share your file

[ClaudioWayne]

its working now. Don't know what went wrong. thx

[doomedraven]

I know what happened, in cuckoo.conf remove_archive = off, for some reason it breaks it I will investigare later, disabled at th moment

El 7 oct 2020, a las 14:26, ClaudioWayne notifications@github.com escribió:

its working now. Don't know what went wrong. thx

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/kevoreilly/CAPEv2/issues/313#issuecomment-704900377, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAOFH3ZY2IJUHI3QKYK4G43SJRNBBANCNFSM4SEW2XHA.