doomedraven
commented
2 years ago read readme how to debug the problem, no logs is useless
Closed mwatermolen closed 2 years ago
doomedraven
commented
2 years ago read readme how to debug the problem, no logs is useless
kevoreilly
commented
2 years ago It works on public: https://www.capesandbox.com/analysis/199099/ so it must be specific to your setup
mwatermolen
commented
2 years ago @doomedraven Im having a bit of trouble finding that article, is that in the Readme? Is this the one? Im assuming that is launching both the process and cuckoo.py with the -d flag?
@kevoreilly Is this likely due to a dependency issue or a config issue?
doomedraven
commented
2 years ago docs != readme https://github.com/kevoreilly/CAPEv2#installation-recommendations-and-scripts-for-optimal-performance at the bottom you have the answer there. that are not realted to configs at all
doomedraven
commented
2 years ago and you provided extremely poor details, like win version, office version etc, how do you expect to know what is wrong?
kevoreilly
commented
2 years ago I would try reprocess with debugging to see the output:
cd /opt/CAPEv2 sudo su cape python3 utils/process/py -d -r {id}
mwatermolen
commented
2 years ago @doomedraven I apologize, I was not sure that was entirely relevant as it wasn't in the template (Just trying to follow the format)
@kevoreilly Thank you for the suggestion!
Software:
Guests:
Other Notes:
Seem to have a high rate of failed processing tasks, though the XLS is consistently failing
Running in debug mode outside systemd it proccesed fine oddly with this as the only error
2021-10-21 14:46:25,062 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ReSubmitExtractedEXE":
Traceback (most recent call last):
File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 817, in process
current.run(self.results)
File "/opt/CAPEv2/utils/../modules/reporting/resubmitexe.py", line 445, in run
self.results["resubs"].append(task_id)
KeyError: 'resubs'Running in debug mode outside systemd it re-proccesed fine oddly
mwatermolen@ubuntu:/opt/CAPEv2/utils$ sudo -u cape /usr/bin/python3 process.py -d -r 167
XLMMacroDeobfuscator: pywin32 is not installed (only is required if you want to use MS Excel)
2021-10-21 14:52:10,246 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Decompression" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:10,250 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "CAPE" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:12,518 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "AnalysisInfo" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:12,551 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "BehaviorAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:13,922 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Curtain" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:13,925 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Debug" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:13,929 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Deduplicate" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:14,908 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Dropped" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:14,991 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Memory" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:14,992 [root] ERROR: Memory dump not found: to run volatility you have to enable memory_dump
2021-10-21 14:52:14,993 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "NetworkAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:15,256 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "ProcDump" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:16,800 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Procmon" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:16,801 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Static" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:16,804 [msodde] DEBUG: Is OLE. Checking streams to see whether this is xls
2021-10-21 14:52:16,805 [root] DEBUG: Finding streams in ole file
2021-10-21 14:52:16,805 [root] DEBUG: direntry 0 Root Entry: no stream (root)
2021-10-21 14:52:16,805 [root] DEBUG: direntry 1 Workbook: is stream of size 236346
2021-10-21 14:52:16,807 [msodde] DEBUG: Process file as excel 2003 (xls)
2021-10-21 14:52:16,808 [root] DEBUG: Finding streams in ole file
2021-10-21 14:52:16,808 [root] DEBUG: direntry 0 Root Entry: no stream (root)
2021-10-21 14:52:16,808 [root] DEBUG: direntry 1 Workbook: is stream of size 236346
2021-10-21 14:52:16,813 [root] DEBUG: direntry 2 SummaryInformation: is stream of size 4096
2021-10-21 14:52:16,813 [root] DEBUG: direntry 3 DocumentSummaryInformation: is stream of size 4096
2021-10-21 14:52:16,897 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Strings" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:16,902 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Suricata" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:16,968 [modules.processing.suricata] DEBUG: pcapfile list: {'message': {'count': 0, 'files': []}, 'return': 'OK'} current pcap: {'message': '/opt/CAPEv2/storage/analyses/167/dump.pcap', 'return': 'OK'}
2021-10-21 14:52:21,975 [modules.processing.suricata] DEBUG: pcapfile list: {'message': {'count': 0, 'files': []}, 'return': 'OK'} current pcap: {'message': 'None', 'return': 'OK'}
2021-10-21 14:52:21,976 [modules.processing.suricata] DEBUG: Pcap not in list and not current pcap lets assume it's processed
2021-10-21 14:52:21,984 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "TargetInfo" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:22,025 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "TrID" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:22,434 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Usage" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:22,576 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "VirusTotal" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:23,102 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "TLSMasterSecrets" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:23,104 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "ProcessMemory" on analysis at "/opt/CAPEv2/storage/analyses/167"
2021-10-21 14:52:23,155 [lib.cuckoo.core.plugins] DEBUG: Applying signature overlays for signatures: creates_exe
2021-10-21 14:52:23,157 [lib.cuckoo.core.plugins] DEBUG: Running 409 evented signatures
2021-10-21 14:52:23,158 [lib.cuckoo.core.plugins] DEBUG: |-- cape_detected_threat
2021-10-21 14:52:23,158 [lib.cuckoo.core.plugins] DEBUG: |-- Compression
2021-10-21 14:52:23,159 [lib.cuckoo.core.plugins] DEBUG: |-- Decryption
2021-10-21 14:52:23,159 [lib.cuckoo.core.plugins] DEBUG: |-- Doppelganging
2021-10-21 14:52:23,159 [lib.cuckoo.core.plugins] DEBUG: |-- EvilGrab
2021-10-21 14:52:23,160 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionInterProcess
2021-10-21 14:52:23,160 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionCreateRemoteThread
2021-10-21 14:52:23,161 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionProcessHollowing
2021-10-21 14:52:23,161 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionSetWindowLong
2021-10-21 14:52:23,162 [lib.cuckoo.core.plugins] DEBUG: |-- PlugX
2021-10-21 14:52:23,162 [lib.cuckoo.core.plugins] DEBUG: |-- RegBinary
2021-10-21 14:52:23,162 [lib.cuckoo.core.plugins] DEBUG: |-- TransactedHollowing
2021-10-21 14:52:23,163 [lib.cuckoo.core.plugins] DEBUG: |-- Unpacker
2021-10-21 14:52:23,163 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_mailslot
2021-10-21 14:52:23,164 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_netlogon_regkey
2021-10-21 14:52:23,164 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_sysvol
2021-10-21 14:52:23,165 [lib.cuckoo.core.plugins] DEBUG: |-- writes_sysvol
2021-10-21 14:52:23,165 [lib.cuckoo.core.plugins] DEBUG: |-- adds_admin_user
2021-10-21 14:52:23,165 [lib.cuckoo.core.plugins] DEBUG: |-- adds_user
2021-10-21 14:52:23,166 [lib.cuckoo.core.plugins] DEBUG: |-- overwites_admin_password
2021-10-21 14:52:23,166 [lib.cuckoo.core.plugins] DEBUG: |-- alphacrypt_behavior
2021-10-21 14:52:23,167 [lib.cuckoo.core.plugins] DEBUG: |-- andromeda_behavior
2021-10-21 14:52:23,167 [lib.cuckoo.core.plugins] DEBUG: |-- anomalous_deletefile
2021-10-21 14:52:23,167 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_360_libs
2021-10-21 14:52:23,168 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_ahnlab_libs
2021-10-21 14:52:23,168 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_avast_libs
2021-10-21 14:52:23,169 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_bitdefender_libs
2021-10-21 14:52:23,169 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_bullgaurd_libs
2021-10-21 14:52:23,170 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_emsisoft_libs
2021-10-21 14:52:23,170 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_qurb_libs
2021-10-21 14:52:23,170 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_servicestop
2021-10-21 14:52:23,171 [lib.cuckoo.core.plugins] DEBUG: |-- antidbg_windows
2021-10-21 14:52:23,171 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_addvectoredexceptionhandler
2021-10-21 14:52:23,172 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_apioverride_libs
2021-10-21 14:52:23,172 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_checkremotedebuggerpresent
2021-10-21 14:52:23,172 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_debugactiveprocess
2021-10-21 14:52:23,173 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_gettickcount
2021-10-21 14:52:23,173 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_guardpages
2021-10-21 14:52:23,174 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_ntcreatethreadex
2021-10-21 14:52:23,174 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_nthookengine_libs
2021-10-21 14:52:23,174 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_ntsetinformationthread
2021-10-21 14:52:23,175 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_outputdebugstring
2021-10-21 14:52:23,175 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_setunhandledexceptionfilter
2021-10-21 14:52:23,176 [lib.cuckoo.core.plugins] DEBUG: |-- antiemu_wine_func
2021-10-21 14:52:23,176 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_check_userdomain
2021-10-21 14:52:23,177 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_cuckoo
2021-10-21 14:52:23,177 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_cuckoocrash
2021-10-21 14:52:23,177 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_mouse_hook
2021-10-21 14:52:23,178 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_restart
2021-10-21 14:52:23,178 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sboxie_libs
2021-10-21 14:52:23,178 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sboxie_objects
2021-10-21 14:52:23,179 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_script_timer
2021-10-21 14:52:23,179 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sleep
2021-10-21 14:52:23,180 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sunbelt_libs
2021-10-21 14:52:23,180 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_suspend
2021-10-21 14:52:23,180 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_unhook
2021-10-21 14:52:23,181 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_directory_objects
2021-10-21 14:52:23,181 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_disk
2021-10-21 14:52:23,181 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_disk_setupapi
2021-10-21 14:52:23,182 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_scsi
2021-10-21 14:52:23,182 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_services
2021-10-21 14:52:23,182 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_libs
2021-10-21 14:52:23,183 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_provname
2021-10-21 14:52:23,183 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_window
2021-10-21 14:52:23,184 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vmware_events
2021-10-21 14:52:23,184 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vmware_libs
2021-10-21 14:52:23,184 [lib.cuckoo.core.plugins] DEBUG: |-- api_spamming
2021-10-21 14:52:23,185 [lib.cuckoo.core.plugins] DEBUG: |-- gulpix_behavior
2021-10-21 14:52:23,185 [lib.cuckoo.core.plugins] DEBUG: |-- banker_prinimalka
2021-10-21 14:52:23,186 [lib.cuckoo.core.plugins] DEBUG: |-- bcdedit_command
2021-10-21 14:52:23,186 [lib.cuckoo.core.plugins] DEBUG: |-- betabot_behavior
2021-10-21 14:52:23,187 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_primary_patition
2021-10-21 14:52:23,187 [lib.cuckoo.core.plugins] DEBUG: |-- bootkit
2021-10-21 14:52:23,187 [lib.cuckoo.core.plugins] DEBUG: |-- direct_hdd_access
2021-10-21 14:52:23,188 [lib.cuckoo.core.plugins] DEBUG: |-- physical_drive_access
2021-10-21 14:52:23,188 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_ioctl_scsipassthough
2021-10-21 14:52:23,188 [lib.cuckoo.core.plugins] DEBUG: |-- browser_needed
2021-10-21 14:52:23,189 [lib.cuckoo.core.plugins] DEBUG: |-- browser_scanbox
2021-10-21 14:52:23,189 [lib.cuckoo.core.plugins] DEBUG: |-- odbcconf_bypass
2021-10-21 14:52:23,190 [lib.cuckoo.core.plugins] DEBUG: |-- regsvr32_squiblydoo_dll_load
2021-10-21 14:52:23,190 [lib.cuckoo.core.plugins] DEBUG: |-- squiblydoo_bypass
2021-10-21 14:52:23,191 [lib.cuckoo.core.plugins] DEBUG: |-- squiblytwo_bypass
2021-10-21 14:52:23,191 [lib.cuckoo.core.plugins] DEBUG: |-- uac_bypass_cmstp
2021-10-21 14:52:23,191 [lib.cuckoo.core.plugins] DEBUG: |-- uac_bypass_delegateexecute_sdclt
2021-10-21 14:52:23,192 [lib.cuckoo.core.plugins] DEBUG: |-- uac_bypass_eventvwr
2021-10-21 14:52:23,192 [lib.cuckoo.core.plugins] DEBUG: |-- uac_bypass_fodhelper
2021-10-21 14:52:23,193 [lib.cuckoo.core.plugins] DEBUG: |-- cape_extracted_config
2021-10-21 14:52:23,193 [lib.cuckoo.core.plugins] DEBUG: |-- cape_extracted_content
2021-10-21 14:52:23,193 [lib.cuckoo.core.plugins] DEBUG: |-- cerber_behavior
2021-10-21 14:52:23,194 [lib.cuckoo.core.plugins] DEBUG: |-- chimera_behavior
2021-10-21 14:52:23,194 [lib.cuckoo.core.plugins] DEBUG: |-- clears_logs
2021-10-21 14:52:23,195 [lib.cuckoo.core.plugins] DEBUG: |-- clickfraud_cookies
2021-10-21 14:52:23,195 [lib.cuckoo.core.plugins] DEBUG: |-- clickfraud_volume
2021-10-21 14:52:23,195 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_obfuscation
2021-10-21 14:52:23,196 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_switches
2021-10-21 14:52:23,196 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_terminate
2021-10-21 14:52:23,197 [lib.cuckoo.core.plugins] DEBUG: |-- commandline_forfiles_wildcard
2021-10-21 14:52:23,197 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_http_link
2021-10-21 14:52:23,197 [lib.cuckoo.core.plugins] DEBUG: |-- commandline_long_string
2021-10-21 14:52:23,198 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_reversed_http_link
2021-10-21 14:52:23,198 [lib.cuckoo.core.plugins] DEBUG: |-- long_commandline
2021-10-21 14:52:23,199 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_renamed_commandline
2021-10-21 14:52:23,199 [lib.cuckoo.core.plugins] DEBUG: |-- system_account_disovery_cmd
2021-10-21 14:52:23,200 [lib.cuckoo.core.plugins] DEBUG: |-- system_info_disovery_cmd
2021-10-21 14:52:23,200 [lib.cuckoo.core.plugins] DEBUG: |-- system_info_disovery_pwsh
2021-10-21 14:52:23,200 [lib.cuckoo.core.plugins] DEBUG: |-- system_network_discovery_cmd
2021-10-21 14:52:23,201 [lib.cuckoo.core.plugins] DEBUG: |-- system_network_discovery_pwsh
2021-10-21 14:52:23,201 [lib.cuckoo.core.plugins] DEBUG: |-- system_user_disovery_cmd
2021-10-21 14:52:23,202 [lib.cuckoo.core.plugins] DEBUG: |-- dotnet_code_compile
2021-10-21 14:52:23,202 [lib.cuckoo.core.plugins] DEBUG: |-- creates_largekey
2021-10-21 14:52:23,202 [lib.cuckoo.core.plugins] DEBUG: |-- creates_nullvalue
2021-10-21 14:52:23,203 [lib.cuckoo.core.plugins] DEBUG: |-- file_credential_store_access
2021-10-21 14:52:23,203 [lib.cuckoo.core.plugins] DEBUG: |-- file_credential_store_write
2021-10-21 14:52:23,204 [lib.cuckoo.core.plugins] DEBUG: |-- lsass_credential_dumping
2021-10-21 14:52:23,204 [lib.cuckoo.core.plugins] DEBUG: |-- registry_credential_dumping
2021-10-21 14:52:23,204 [lib.cuckoo.core.plugins] DEBUG: |-- registry_credential_store_access
2021-10-21 14:52:23,205 [lib.cuckoo.core.plugins] DEBUG: |-- registry_lsa_secrets_access
2021-10-21 14:52:23,205 [lib.cuckoo.core.plugins] DEBUG: |-- critical_process
2021-10-21 14:52:23,206 [lib.cuckoo.core.plugins] DEBUG: |-- cyrptomining_stratum_command
2021-10-21 14:52:23,206 [lib.cuckoo.core.plugins] DEBUG: |-- cryptowall_behavior
2021-10-21 14:52:23,207 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2014_6332
2021-10-21 14:52:23,207 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2015_2419_js
2021-10-21 14:52:23,207 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2016-0189
2021-10-21 14:52:23,208 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2016_7200
2021-10-21 14:52:23,208 [lib.cuckoo.core.plugins] DEBUG: |-- dead_connect
2021-10-21 14:52:23,209 [lib.cuckoo.core.plugins] DEBUG: |-- dead_link
2021-10-21 14:52:23,209 [lib.cuckoo.core.plugins] DEBUG: |-- debugs_self
2021-10-21 14:52:23,210 [lib.cuckoo.core.plugins] DEBUG: |-- decoy_document
2021-10-21 14:52:23,210 [lib.cuckoo.core.plugins] DEBUG: |-- decoy_image
2021-10-21 14:52:23,210 [lib.cuckoo.core.plugins] DEBUG: |-- deletes_self
2021-10-21 14:52:23,211 [lib.cuckoo.core.plugins] DEBUG: |-- deletes_shadow_copies
2021-10-21 14:52:23,211 [lib.cuckoo.core.plugins] DEBUG: |-- deletes_system_state_backup
2021-10-21 14:52:23,212 [lib.cuckoo.core.plugins] DEBUG: |-- dep_bypass
2021-10-21 14:52:23,212 [lib.cuckoo.core.plugins] DEBUG: |-- dep_disable
2021-10-21 14:52:23,212 [lib.cuckoo.core.plugins] DEBUG: |-- disables_appv_virtualization
2021-10-21 14:52:23,213 [lib.cuckoo.core.plugins] DEBUG: |-- disables_auto_app_termination
2021-10-21 14:52:23,213 [lib.cuckoo.core.plugins] DEBUG: |-- disables_backups
2021-10-21 14:52:23,214 [lib.cuckoo.core.plugins] DEBUG: |-- disables_context_menus
2021-10-21 14:52:23,214 [lib.cuckoo.core.plugins] DEBUG: |-- disables_cpl_disable
2021-10-21 14:52:23,215 [lib.cuckoo.core.plugins] DEBUG: |-- disables_mappeddrives_autodisconnect
2021-10-21 14:52:23,215 [lib.cuckoo.core.plugins] DEBUG: |-- disables_event_logging
2021-10-21 14:52:23,215 [lib.cuckoo.core.plugins] DEBUG: |-- disables_power_options
2021-10-21 14:52:23,216 [lib.cuckoo.core.plugins] DEBUG: |-- disables_restore_default_state
2021-10-21 14:52:23,216 [lib.cuckoo.core.plugins] DEBUG: |-- disables_spdy
2021-10-21 14:52:23,217 [lib.cuckoo.core.plugins] DEBUG: |-- disables_startmenu_search
2021-10-21 14:52:23,217 [lib.cuckoo.core.plugins] DEBUG: |-- disables_wfp
2021-10-21 14:52:23,218 [lib.cuckoo.core.plugins] DEBUG: |-- document_script_exe_drop
2021-10-21 14:52:23,218 [lib.cuckoo.core.plugins] DEBUG: |-- guloader_apis
2021-10-21 14:52:23,218 [lib.cuckoo.core.plugins] DEBUG: |-- dridex_behavior
2021-10-21 14:52:23,219 [lib.cuckoo.core.plugins] DEBUG: |-- driver_load
2021-10-21 14:52:23,219 [lib.cuckoo.core.plugins] DEBUG: |-- exe_dropper_js
2021-10-21 14:52:23,220 [lib.cuckoo.core.plugins] DEBUG: |-- dynamic_function_loading
2021-10-21 14:52:23,220 [lib.cuckoo.core.plugins] DEBUG: |-- dyre_behavior
2021-10-21 14:52:23,220 [lib.cuckoo.core.plugins] DEBUG: |-- angler_js
2021-10-21 14:52:23,221 [lib.cuckoo.core.plugins] DEBUG: |-- gondad_js
2021-10-21 14:52:23,221 [lib.cuckoo.core.plugins] DEBUG: |-- heapspray_js
2021-10-21 14:52:23,222 [lib.cuckoo.core.plugins] DEBUG: |-- java_js
2021-10-21 14:52:23,222 [lib.cuckoo.core.plugins] DEBUG: |-- Neutrino_js
2021-10-21 14:52:23,223 [lib.cuckoo.core.plugins] DEBUG: |-- nuclear_js
2021-10-21 14:52:23,223 [lib.cuckoo.core.plugins] DEBUG: |-- rig_js
2021-10-21 14:52:23,223 [lib.cuckoo.core.plugins] DEBUG: |-- silverlight_js
2021-10-21 14:52:23,224 [lib.cuckoo.core.plugins] DEBUG: |-- sundown_js
2021-10-21 14:52:23,224 [lib.cuckoo.core.plugins] DEBUG: |-- virtualcheck_js
2021-10-21 14:52:23,225 [lib.cuckoo.core.plugins] DEBUG: |-- encrypted_ioc
2021-10-21 14:52:23,225 [lib.cuckoo.core.plugins] DEBUG: |-- exec_crash
2021-10-21 14:52:23,225 [lib.cuckoo.core.plugins] DEBUG: |-- process_creation_suspicious_location
2021-10-21 14:52:23,226 [lib.cuckoo.core.plugins] DEBUG: |-- exploit_getbasekerneladdress
2021-10-21 14:52:23,226 [lib.cuckoo.core.plugins] DEBUG: |-- exploit_gethaldispatchtable
2021-10-21 14:52:23,227 [lib.cuckoo.core.plugins] DEBUG: |-- exploit_heapspray
2021-10-21 14:52:23,227 [lib.cuckoo.core.plugins] DEBUG: |-- spooler_svc_start
2021-10-21 14:52:23,228 [lib.cuckoo.core.plugins] DEBUG: |-- koadic_apis
2021-10-21 14:52:23,228 [lib.cuckoo.core.plugins] DEBUG: |-- koadic_network_activity
2021-10-21 14:52:23,228 [lib.cuckoo.core.plugins] DEBUG: |-- downloads_from_filehosting
2021-10-21 14:52:23,229 [lib.cuckoo.core.plugins] DEBUG: |-- generic_phish
2021-10-21 14:52:23,229 [lib.cuckoo.core.plugins] DEBUG: |-- gootkit_behavior
2021-10-21 14:52:23,230 [lib.cuckoo.core.plugins] DEBUG: |-- h1n1_behavior
2021-10-21 14:52:23,230 [lib.cuckoo.core.plugins] DEBUG: |-- hancitor_behavior
2021-10-21 14:52:23,230 [lib.cuckoo.core.plugins] DEBUG: |-- hawkeye_behavior
2021-10-21 14:52:23,231 [lib.cuckoo.core.plugins] DEBUG: |-- hides_recycle_bin_icon
2021-10-21 14:52:23,231 [lib.cuckoo.core.plugins] DEBUG: |-- http_request
2021-10-21 14:52:23,232 [lib.cuckoo.core.plugins] DEBUG: |-- https_urls
2021-10-21 14:52:23,232 [lib.cuckoo.core.plugins] DEBUG: |-- apocalypse_stealer_file_behavior
2021-10-21 14:52:23,232 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_browser
2021-10-21 14:52:23,233 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_browser_password
2021-10-21 14:52:23,233 [lib.cuckoo.core.plugins] DEBUG: |-- cryptbot_files
2021-10-21 14:52:23,234 [lib.cuckoo.core.plugins] DEBUG: |-- cryptbot_network
2021-10-21 14:52:23,234 [lib.cuckoo.core.plugins] DEBUG: |-- echelon_files
2021-10-21 14:52:23,234 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_keylog
2021-10-21 14:52:23,235 [lib.cuckoo.core.plugins] DEBUG: |-- masslogger_artifacts
2021-10-21 14:52:23,235 [lib.cuckoo.core.plugins] DEBUG: |-- masslogger_files
2021-10-21 14:52:23,236 [lib.cuckoo.core.plugins] DEBUG: |-- masslogger_version
2021-10-21 14:52:23,236 [lib.cuckoo.core.plugins] DEBUG: |-- poullight_files
2021-10-21 14:52:23,237 [lib.cuckoo.core.plugins] DEBUG: |-- purplewave_mutexes
2021-10-21 14:52:23,237 [lib.cuckoo.core.plugins] DEBUG: |-- purplewave_network_activity
2021-10-21 14:52:23,237 [lib.cuckoo.core.plugins] DEBUG: |-- quilclipper_mutexes
2021-10-21 14:52:23,238 [lib.cuckoo.core.plugins] DEBUG: |-- quilclipper_behavior
2021-10-21 14:52:23,238 [lib.cuckoo.core.plugins] DEBUG: |-- Raccoon Behavior
2021-10-21 14:52:23,239 [lib.cuckoo.core.plugins] DEBUG: |-- captures_screenshot
2021-10-21 14:52:23,239 [lib.cuckoo.core.plugins] DEBUG: |-- Vidar Behavior
2021-10-21 14:52:23,239 [lib.cuckoo.core.plugins] DEBUG: |-- injection_createremotethread
2021-10-21 14:52:23,240 [lib.cuckoo.core.plugins] DEBUG: |-- injection_explorer
2021-10-21 14:52:23,240 [lib.cuckoo.core.plugins] DEBUG: |-- injection_needextension
2021-10-21 14:52:23,241 [lib.cuckoo.core.plugins] DEBUG: |-- injection_network_traffic
2021-10-21 14:52:23,241 [lib.cuckoo.core.plugins] DEBUG: |-- injection_runpe
2021-10-21 14:52:23,241 [lib.cuckoo.core.plugins] DEBUG: |-- injection_rwx
2021-10-21 14:52:23,242 [lib.cuckoo.core.plugins] DEBUG: |-- injection_themeinitapihook
2021-10-21 14:52:23,242 [lib.cuckoo.core.plugins] DEBUG: |-- internet_dropper
2021-10-21 14:52:23,243 [lib.cuckoo.core.plugins] DEBUG: |-- ipc_namedpipe
2021-10-21 14:52:23,243 [lib.cuckoo.core.plugins] DEBUG: |-- js_phish
2021-10-21 14:52:23,244 [lib.cuckoo.core.plugins] DEBUG: |-- js_suspicious_redirect
2021-10-21 14:52:23,244 [lib.cuckoo.core.plugins] DEBUG: |-- kazybot_behavior
2021-10-21 14:52:23,244 [lib.cuckoo.core.plugins] DEBUG: |-- kelihos_behavior
2021-10-21 14:52:23,245 [lib.cuckoo.core.plugins] DEBUG: |-- kibex_behavior
2021-10-21 14:52:23,245 [lib.cuckoo.core.plugins] DEBUG: |-- kovter_behavior
2021-10-21 14:52:23,246 [lib.cuckoo.core.plugins] DEBUG: |-- Locky_behavior
2021-10-21 14:52:23,246 [lib.cuckoo.core.plugins] DEBUG: |-- malicious_dynamic_function_loading
2021-10-21 14:52:23,246 [lib.cuckoo.core.plugins] DEBUG: |-- encrypts_pcinfo
2021-10-21 14:52:23,247 [lib.cuckoo.core.plugins] DEBUG: |-- encrypt_data_agenttesla_http
2021-10-21 14:52:23,247 [lib.cuckoo.core.plugins] DEBUG: |-- encrypt_data_agentteslat2_http
2021-10-21 14:52:23,248 [lib.cuckoo.core.plugins] DEBUG: |-- encrypt_data_nanocore
2021-10-21 14:52:23,248 [lib.cuckoo.core.plugins] DEBUG: |-- mimics_agent
2021-10-21 14:52:23,248 [lib.cuckoo.core.plugins] DEBUG: |-- mimics_filetime
2021-10-21 14:52:23,249 [lib.cuckoo.core.plugins] DEBUG: |-- masquerade_process_name
2021-10-21 14:52:23,249 [lib.cuckoo.core.plugins] DEBUG: |-- mimikatz_modules
2021-10-21 14:52:23,250 [lib.cuckoo.core.plugins] DEBUG: |-- quilclipper_behavior
2021-10-21 14:52:23,250 [lib.cuckoo.core.plugins] DEBUG: |-- dotnet_clr_usagelog_regkeys
2021-10-21 14:52:23,250 [lib.cuckoo.core.plugins] DEBUG: |-- modifies_oem_information
2021-10-21 14:52:23,251 [lib.cuckoo.core.plugins] DEBUG: |-- modifies_desktop_wallpaper
2021-10-21 14:52:23,251 [lib.cuckoo.core.plugins] DEBUG: |-- move_file_on_reboot
2021-10-21 14:52:23,252 [lib.cuckoo.core.plugins] DEBUG: |-- multiple_useragents
2021-10-21 14:52:23,252 [lib.cuckoo.core.plugins] DEBUG: |-- network_anomaly
2021-10-21 14:52:23,253 [lib.cuckoo.core.plugins] DEBUG: |-- network_bind
2021-10-21 14:52:23,253 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_archive
2021-10-21 14:52:23,253 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_free_webshoting
2021-10-21 14:52:23,254 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_generic
2021-10-21 14:52:23,254 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_temp_urldns
2021-10-21 14:52:23,255 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_pastesite
2021-10-21 14:52:23,255 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_payload
2021-10-21 14:52:23,255 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_socialmedia
2021-10-21 14:52:23,256 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_telegram
2021-10-21 14:52:23,256 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_tempstorage
2021-10-21 14:52:23,257 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_temp_urldns
2021-10-21 14:52:23,257 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_urlshortener
2021-10-21 14:52:23,258 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_useragent
2021-10-21 14:52:23,258 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_smtps_exfil
2021-10-21 14:52:23,258 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_smtps_generic
2021-10-21 14:52:23,259 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_blockchain
2021-10-21 14:52:23,259 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_idn
2021-10-21 14:52:23,260 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_opennic
2021-10-21 14:52:23,260 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_reverse_proxy
2021-10-21 14:52:23,260 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_suspicious_querytype
2021-10-21 14:52:23,261 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_tunneling_request
2021-10-21 14:52:23,261 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_doh_tls
2021-10-21 14:52:23,262 [lib.cuckoo.core.plugins] DEBUG: |-- network_document_http
2021-10-21 14:52:23,262 [lib.cuckoo.core.plugins] DEBUG: |-- explorer_http
2021-10-21 14:52:23,263 [lib.cuckoo.core.plugins] DEBUG: |-- network_fake_useragent
2021-10-21 14:52:23,263 [lib.cuckoo.core.plugins] DEBUG: |-- network_open_proxy
2021-10-21 14:52:23,263 [lib.cuckoo.core.plugins] DEBUG: |-- network_tor
2021-10-21 14:52:23,264 [lib.cuckoo.core.plugins] DEBUG: |-- nymaim_behavior
2021-10-21 14:52:23,264 [lib.cuckoo.core.plugins] DEBUG: |-- office_addinloading
2021-10-21 14:52:23,265 [lib.cuckoo.core.plugins] DEBUG: |-- office_com_load
2021-10-21 14:52:23,265 [lib.cuckoo.core.plugins] DEBUG: |-- office_dotnet_load
2021-10-21 14:52:23,265 [lib.cuckoo.core.plugins] DEBUG: |-- office_mshtml_load
2021-10-21 14:52:23,266 [lib.cuckoo.core.plugins] DEBUG: |-- office_vb_load
2021-10-21 14:52:23,266 [lib.cuckoo.core.plugins] DEBUG: |-- office_wmi_load
2021-10-21 14:52:23,266 [lib.cuckoo.core.plugins] DEBUG: |-- office_cve2017_11882
2021-10-21 14:52:23,267 [lib.cuckoo.core.plugins] DEBUG: |-- office_cve2017_11882_network
2021-10-21 14:52:23,267 [lib.cuckoo.core.plugins] DEBUG: |-- office_cve_2021_40444
2021-10-21 14:52:23,268 [lib.cuckoo.core.plugins] DEBUG: |-- office_cve_2021_40444_m2
2021-10-21 14:52:23,268 [lib.cuckoo.core.plugins] DEBUG: |-- office_flash_load
2021-10-21 14:52:23,269 [lib.cuckoo.core.plugins] DEBUG: |-- office_postscript
2021-10-21 14:52:23,269 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_aslr_bypass
2021-10-21 14:52:23,269 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_anomaly_characterset
2021-10-21 14:52:23,270 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_anomaly_version
2021-10-21 14:52:23,270 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_embedded_content
2021-10-21 14:52:23,270 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_embedded_office_file
2021-10-21 14:52:23,271 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_exploit_static
2021-10-21 14:52:23,271 [lib.cuckoo.core.plugins] DEBUG: |-- office_dde_command
2021-10-21 14:52:23,272 [lib.cuckoo.core.plugins] DEBUG: |-- office_suspicious_processes
2021-10-21 14:52:23,272 [lib.cuckoo.core.plugins] DEBUG: |-- office_write_exe
2021-10-21 14:52:23,273 [lib.cuckoo.core.plugins] DEBUG: |-- packer_themida
2021-10-21 14:52:23,273 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_autorun
2021-10-21 14:52:23,274 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_autorun_tasks
2021-10-21 14:52:23,274 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_safeboot
2021-10-21 14:52:23,274 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_bootexecute
2021-10-21 14:52:23,275 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_registry_script
2021-10-21 14:52:23,275 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_ifeo
2021-10-21 14:52:23,276 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_slient_process_exit
2021-10-21 14:52:23,276 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_rdp_registry
2021-10-21 14:52:23,276 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_rdp_shadowing
2021-10-21 14:52:23,277 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_shim_database
2021-10-21 14:52:23,277 [lib.cuckoo.core.plugins] DEBUG: |-- pony_behavior
2021-10-21 14:52:23,278 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_network_connection
2021-10-21 14:52:23,278 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_scriptblock_logging
2021-10-21 14:52:23,278 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_command_suspicious
2021-10-21 14:52:23,279 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_renamed
2021-10-21 14:52:23,279 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_reversed
2021-10-21 14:52:23,280 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_variable_obfuscation
2021-10-21 14:52:23,280 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_process_discovery
2021-10-21 14:52:23,280 [lib.cuckoo.core.plugins] DEBUG: |-- createtoolhelp32snapshot_module_enumeration
2021-10-21 14:52:23,281 [lib.cuckoo.core.plugins] DEBUG: |-- enumerates_running_processes
2021-10-21 14:52:23,281 [lib.cuckoo.core.plugins] DEBUG: |-- process_interest
2021-10-21 14:52:23,282 [lib.cuckoo.core.plugins] DEBUG: |-- process_needed
2021-10-21 14:52:23,282 [lib.cuckoo.core.plugins] DEBUG: |-- mass_data_encryption
2021-10-21 14:52:23,283 [lib.cuckoo.core.plugins] DEBUG: |-- dharma_mutexes
2021-10-21 14:52:23,283 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_dmalocker
2021-10-21 14:52:23,283 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_file_modifications
2021-10-21 14:52:23,284 [lib.cuckoo.core.plugins] DEBUG: |-- fonix_mutexes
2021-10-21 14:52:23,284 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_message
2021-10-21 14:52:23,285 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_message_multiple_locations
2021-10-21 14:52:23,285 [lib.cuckoo.core.plugins] DEBUG: |-- nemty_network_activity
2021-10-21 14:52:23,285 [lib.cuckoo.core.plugins] DEBUG: |-- nemty_note
2021-10-21 14:52:23,286 [lib.cuckoo.core.plugins] DEBUG: |-- pysa_mutexes
2021-10-21 14:52:23,286 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_revil_regkey
2021-10-21 14:52:23,287 [lib.cuckoo.core.plugins] DEBUG: |-- satan_mutexes
2021-10-21 14:52:23,287 [lib.cuckoo.core.plugins] DEBUG: |-- snake_ransom_mutexes
2021-10-21 14:52:23,287 [lib.cuckoo.core.plugins] DEBUG: |-- Sodinokibi Behavior
2021-10-21 14:52:23,288 [lib.cuckoo.core.plugins] DEBUG: |-- stop_ransom_mutexes
2021-10-21 14:52:23,288 [lib.cuckoo.core.plugins] DEBUG: |-- stop_ransomware_cmd
2021-10-21 14:52:23,289 [lib.cuckoo.core.plugins] DEBUG: |-- stop_ransomware_registry
2021-10-21 14:52:23,289 [lib.cuckoo.core.plugins] DEBUG: |-- blackrat_apis
2021-10-21 14:52:23,289 [lib.cuckoo.core.plugins] DEBUG: |-- blackrat_network_activity
2021-10-21 14:52:23,290 [lib.cuckoo.core.plugins] DEBUG: |-- blackrat_registry_keys
2021-10-21 14:52:23,290 [lib.cuckoo.core.plugins] DEBUG: |-- dcrat_behavior
2021-10-21 14:52:23,291 [lib.cuckoo.core.plugins] DEBUG: |-- lodarat_file_behavior
2021-10-21 14:52:23,291 [lib.cuckoo.core.plugins] DEBUG: |-- rat_luminosity
2021-10-21 14:52:23,292 [lib.cuckoo.core.plugins] DEBUG: |-- rat_nanocore
2021-10-21 14:52:23,292 [lib.cuckoo.core.plugins] DEBUG: |-- NewtWire Behavior
2021-10-21 14:52:23,292 [lib.cuckoo.core.plugins] DEBUG: |-- obliquerat_network_activity
2021-10-21 14:52:23,293 [lib.cuckoo.core.plugins] DEBUG: |-- OrcusRAT Behavior
2021-10-21 14:52:23,293 [lib.cuckoo.core.plugins] DEBUG: |-- trochilusrat_APIs
2021-10-21 14:52:23,294 [lib.cuckoo.core.plugins] DEBUG: |-- xpertrat_files
2021-10-21 14:52:23,294 [lib.cuckoo.core.plugins] DEBUG: |-- xpertrat_mutexes
2021-10-21 14:52:23,295 [lib.cuckoo.core.plugins] DEBUG: |-- reads_self
2021-10-21 14:52:23,295 [lib.cuckoo.core.plugins] DEBUG: |-- recon_beacon
2021-10-21 14:52:23,295 [lib.cuckoo.core.plugins] DEBUG: |-- recon_programs
2021-10-21 14:52:23,296 [lib.cuckoo.core.plugins] DEBUG: |-- recon_systeminfo
2021-10-21 14:52:23,296 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_recyclebin
2021-10-21 14:52:23,297 [lib.cuckoo.core.plugins] DEBUG: |-- uses_rdp_clip
2021-10-21 14:52:23,297 [lib.cuckoo.core.plugins] DEBUG: |-- uses_remote_desktop_session
2021-10-21 14:52:23,297 [lib.cuckoo.core.plugins] DEBUG: |-- removes_networking_icon
2021-10-21 14:52:23,298 [lib.cuckoo.core.plugins] DEBUG: |-- removes_pinned_programs
2021-10-21 14:52:23,298 [lib.cuckoo.core.plugins] DEBUG: |-- removes_security_maintenance_icon
2021-10-21 14:52:23,299 [lib.cuckoo.core.plugins] DEBUG: |-- Removes_startmenu_defaults
2021-10-21 14:52:23,299 [lib.cuckoo.core.plugins] DEBUG: |-- removes_username_startmenu
2021-10-21 14:52:23,299 [lib.cuckoo.core.plugins] DEBUG: |-- removes_zoneid_ads
2021-10-21 14:52:23,300 [lib.cuckoo.core.plugins] DEBUG: |-- spicyhotpot_behavior
2021-10-21 14:52:23,300 [lib.cuckoo.core.plugins] DEBUG: |-- script_created_process
2021-10-21 14:52:23,301 [lib.cuckoo.core.plugins] DEBUG: |-- script_network_activity
2021-10-21 14:52:23,301 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_js_script
2021-10-21 14:52:23,301 [lib.cuckoo.core.plugins] DEBUG: |-- secure_login_phishing
2021-10-21 14:52:23,302 [lib.cuckoo.core.plugins] DEBUG: |-- securityxploded_modules
2021-10-21 14:52:23,302 [lib.cuckoo.core.plugins] DEBUG: |-- sets_autoconfig_url
2021-10-21 14:52:23,303 [lib.cuckoo.core.plugins] DEBUG: |-- shifu_behavior
2021-10-21 14:52:23,303 [lib.cuckoo.core.plugins] DEBUG: |-- spoofs_procname
2021-10-21 14:52:23,304 [lib.cuckoo.core.plugins] DEBUG: |-- stack_pivot
2021-10-21 14:52:23,304 [lib.cuckoo.core.plugins] DEBUG: |-- stack_pivot_file_created
2021-10-21 14:52:23,304 [lib.cuckoo.core.plugins] DEBUG: |-- stack_pivot_process_create
2021-10-21 14:52:23,305 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_childproc
2021-10-21 14:52:23,305 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_file
2021-10-21 14:52:23,306 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_network
2021-10-21 14:52:23,306 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_timeout
2021-10-21 14:52:23,306 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_window
2021-10-21 14:52:23,307 [lib.cuckoo.core.plugins] DEBUG: |-- sysinternals_psexec
2021-10-21 14:52:23,307 [lib.cuckoo.core.plugins] DEBUG: |-- sysinternals_tools
2021-10-21 14:52:23,308 [lib.cuckoo.core.plugins] DEBUG: |-- territorial_disputes_sigs
2021-10-21 14:52:23,308 [lib.cuckoo.core.plugins] DEBUG: |-- tinba_behavior
2021-10-21 14:52:23,308 [lib.cuckoo.core.plugins] DEBUG: |-- TrickBotTaskDelete
2021-10-21 14:52:23,309 [lib.cuckoo.core.plugins] DEBUG: |-- ursnif_behavior
2021-10-21 14:52:23,309 [lib.cuckoo.core.plugins] DEBUG: |-- upatre_behavior
2021-10-21 14:52:23,310 [lib.cuckoo.core.plugins] DEBUG: |-- ursnif_behavior
2021-10-21 14:52:23,310 [lib.cuckoo.core.plugins] DEBUG: |-- user_enum
2021-10-21 14:52:23,310 [lib.cuckoo.core.plugins] DEBUG: |-- uses_adfind
2021-10-21 14:52:23,311 [lib.cuckoo.core.plugins] DEBUG: |-- vawtrak_behavior
2021-10-21 14:52:23,311 [lib.cuckoo.core.plugins] DEBUG: |-- vawtrak_behavior
2021-10-21 14:52:23,312 [lib.cuckoo.core.plugins] DEBUG: |-- virus
2021-10-21 14:52:23,312 [lib.cuckoo.core.plugins] DEBUG: |-- neshta_files
2021-10-21 14:52:23,312 [lib.cuckoo.core.plugins] DEBUG: |-- neshta_regkeys
2021-10-21 14:52:23,313 [lib.cuckoo.core.plugins] DEBUG: |-- webmail_phish
2021-10-21 14:52:23,313 [lib.cuckoo.core.plugins] DEBUG: |-- web_shell_processes
2021-10-21 14:52:23,314 [lib.cuckoo.core.plugins] DEBUG: |-- persists_dev_util
2021-10-21 14:52:23,314 [lib.cuckoo.core.plugins] DEBUG: |-- spawns_dev_util
2021-10-21 14:52:23,314 [lib.cuckoo.core.plugins] DEBUG: |-- alters_windows_utility
2021-10-21 14:52:23,315 [lib.cuckoo.core.plugins] DEBUG: |-- dotnet_csc_build
2021-10-21 14:52:23,315 [lib.cuckoo.core.plugins] DEBUG: |-- multiple_explorer_instances
2021-10-21 14:52:23,316 [lib.cuckoo.core.plugins] DEBUG: |-- overwrites_accessibility_utility
2021-10-21 14:52:23,316 [lib.cuckoo.core.plugins] DEBUG: |-- script_tool_executed
2021-10-21 14:52:23,316 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_certutil_use
2021-10-21 14:52:23,317 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_command_tools
2021-10-21 14:52:23,317 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_mpcmdrun_use
2021-10-21 14:52:23,318 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_ping_use
2021-10-21 14:52:23,318 [lib.cuckoo.core.plugins] DEBUG: |-- uses_powershell_copyitem
2021-10-21 14:52:23,318 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities
2021-10-21 14:52:23,319 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_appcmd
2021-10-21 14:52:23,319 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_csvde_ldifde
2021-10-21 14:52:23,320 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_cipher
2021-10-21 14:52:23,320 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_clickonce
2021-10-21 14:52:23,320 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_dsquery
2021-10-21 14:52:23,321 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_esentutl
2021-10-21 14:52:23,321 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_finger
2021-10-21 14:52:23,322 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_mode
2021-10-21 14:52:23,322 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_ntdsutil
2021-10-21 14:52:23,323 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_nltest
2021-10-21 14:52:23,323 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_to_create_scheduled_task
2021-10-21 14:52:23,323 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_xcopy
2021-10-21 14:52:23,324 [lib.cuckoo.core.plugins] DEBUG: |-- wmic_command_suspicious
2021-10-21 14:52:23,324 [lib.cuckoo.core.plugins] DEBUG: |-- scrcons_wmi_script_consumer
2021-10-21 14:52:23,325 [lib.cuckoo.core.plugins] DEBUG: |-- wmi_create_process
2021-10-21 14:52:23,325 [lib.cuckoo.core.plugins] DEBUG: `-- wmi_script_process
2021-10-21 14:52:25,278 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "antidebug_setunhandledexceptionfilter"
2021-10-21 14:52:25,675 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "antisandbox_sleep"
2021-10-21 14:52:25,679 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "dead_connect"
2021-10-21 14:52:25,680 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "dynamic_function_loading"
[]
2021-10-21 14:52:25,685 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "network_document_http"
2021-10-21 14:52:25,696 [lib.cuckoo.core.plugins] DEBUG: Running non-evented signatures
2021-10-21 14:52:25,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_detected_threat"
2021-10-21 14:52:25,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "Compression"
2021-10-21 14:52:25,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "Decryption"
2021-10-21 14:52:25,700 [lib.cuckoo.core.plugins] DEBUG: Running signature "Doppelganging"
2021-10-21 14:52:25,700 [lib.cuckoo.core.plugins] DEBUG: Running signature "EvilGrab"
2021-10-21 14:52:25,700 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionInterProcess"
2021-10-21 14:52:25,701 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionCreateRemoteThread"
2021-10-21 14:52:25,701 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionProcessHollowing"
2021-10-21 14:52:25,701 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionSetWindowLong"
2021-10-21 14:52:25,702 [lib.cuckoo.core.plugins] DEBUG: Running signature "PlugX"
2021-10-21 14:52:25,702 [lib.cuckoo.core.plugins] DEBUG: Running signature "RegBinary"
2021-10-21 14:52:25,703 [lib.cuckoo.core.plugins] DEBUG: Running signature "TransactedHollowing"
2021-10-21 14:52:25,703 [lib.cuckoo.core.plugins] DEBUG: Running signature "Unpacker"
2021-10-21 14:52:25,703 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_mailslot"
2021-10-21 14:52:25,704 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_netlogon_regkey"
2021-10-21 14:52:25,705 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_sysvol"
2021-10-21 14:52:25,706 [lib.cuckoo.core.plugins] DEBUG: Running signature "writes_sysvol"
2021-10-21 14:52:25,706 [lib.cuckoo.core.plugins] DEBUG: Running signature "adds_admin_user"
2021-10-21 14:52:25,707 [lib.cuckoo.core.plugins] DEBUG: Running signature "adds_user"
2021-10-21 14:52:25,707 [lib.cuckoo.core.plugins] DEBUG: Running signature "overwites_admin_password"
2021-10-21 14:52:25,708 [lib.cuckoo.core.plugins] DEBUG: Running signature "alphacrypt_behavior"
2021-10-21 14:52:25,708 [lib.cuckoo.core.plugins] DEBUG: Running signature "andromeda_behavior"
2021-10-21 14:52:25,709 [lib.cuckoo.core.plugins] DEBUG: Running signature "anomalous_deletefile"
2021-10-21 14:52:25,709 [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectfile"
2021-10-21 14:52:25,714 [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectreg"
2021-10-21 14:52:25,734 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_360_libs"
2021-10-21 14:52:25,734 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_ahnlab_libs"
2021-10-21 14:52:25,735 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_avast_libs"
2021-10-21 14:52:25,735 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_bitdefender_libs"
2021-10-21 14:52:25,735 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_bullgaurd_libs"
2021-10-21 14:52:25,736 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_attachment_manager"
2021-10-21 14:52:25,736 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectfile"
2021-10-21 14:52:25,743 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectreg"
2021-10-21 14:52:25,838 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_emsisoft_libs"
2021-10-21 14:52:25,839 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_qurb_libs"
2021-10-21 14:52:25,839 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_servicestop"
2021-10-21 14:52:25,839 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_srp"
2021-10-21 14:52:25,840 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidbg_devices"
2021-10-21 14:52:25,841 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidbg_windows"
2021-10-21 14:52:25,842 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_addvectoredexceptionhandler"
2021-10-21 14:52:25,842 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_apioverride_libs"
2021-10-21 14:52:25,843 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_checkremotedebuggerpresent"
2021-10-21 14:52:25,843 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_debugactiveprocess"
2021-10-21 14:52:25,843 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_gettickcount"
2021-10-21 14:52:25,844 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_guardpages"
2021-10-21 14:52:25,844 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_ntcreatethreadex"
2021-10-21 14:52:25,844 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_nthookengine_libs"
2021-10-21 14:52:25,845 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_ntsetinformationthread"
2021-10-21 14:52:25,845 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_outputdebugstring"
2021-10-21 14:52:25,846 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_setunhandledexceptionfilter"
2021-10-21 14:52:25,846 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_windefend"
2021-10-21 14:52:25,847 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_reg"
2021-10-21 14:52:25,847 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_func"
2021-10-21 14:52:25,848 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_check_userdomain"
2021-10-21 14:52:25,848 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoo"
2021-10-21 14:52:25,848 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoo_files"
2021-10-21 14:52:25,849 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoocrash"
2021-10-21 14:52:25,849 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_fortinet_files"
2021-10-21 14:52:25,850 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_joe_anubis_files"
2021-10-21 14:52:25,851 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_mouse_hook"
2021-10-21 14:52:25,851 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_restart"
2021-10-21 14:52:25,851 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_libs"
2021-10-21 14:52:25,852 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_mutex"
2021-10-21 14:52:25,852 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_objects"
2021-10-21 14:52:25,853 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_script_timer"
2021-10-21 14:52:25,853 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sleep"
2021-10-21 14:52:25,853 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_files"
2021-10-21 14:52:25,854 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_libs"
2021-10-21 14:52:25,854 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_suspend"
2021-10-21 14:52:25,855 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_threattrack_files"
2021-10-21 14:52:25,855 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_unhook"
2021-10-21 14:52:25,856 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivirus_virustotal"
2021-10-21 14:52:25,856 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_xen_keys"
2021-10-21 14:52:25,858 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_directory_objects"
2021-10-21 14:52:25,859 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_bios"
2021-10-21 14:52:25,859 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_cpu"
2021-10-21 14:52:25,860 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_disk"
2021-10-21 14:52:25,860 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_disk_setupapi"
2021-10-21 14:52:25,861 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_diskreg"
2021-10-21 14:52:25,865 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_scsi"
2021-10-21 14:52:25,865 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_services"
2021-10-21 14:52:25,865 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_system"
2021-10-21 14:52:25,866 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_hyperv_keys"
2021-10-21 14:52:25,868 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_parallels_keys"
2021-10-21 14:52:25,875 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_devices"
2021-10-21 14:52:25,876 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_files"
2021-10-21 14:52:25,878 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_keys"
2021-10-21 14:52:25,889 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_libs"
2021-10-21 14:52:25,890 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_provname"
2021-10-21 14:52:25,890 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_window"
2021-10-21 14:52:25,890 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_devices"
2021-10-21 14:52:25,891 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_events"
2021-10-21 14:52:25,891 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_files"
2021-10-21 14:52:25,892 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_keys"
2021-10-21 14:52:25,900 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_libs"
2021-10-21 14:52:25,901 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_mutexes"
2021-10-21 14:52:25,902 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_files"
2021-10-21 14:52:25,902 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_keys"
2021-10-21 14:52:25,907 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_mutex"
2021-10-21 14:52:25,907 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_xen_keys"
2021-10-21 14:52:25,914 [lib.cuckoo.core.plugins] DEBUG: Running signature "api_spamming"
2021-10-21 14:52:25,914 [lib.cuckoo.core.plugins] DEBUG: Running signature "gulpix_behavior"
2021-10-21 14:52:25,915 [lib.cuckoo.core.plugins] DEBUG: Running signature "ketrican_regkeys"
2021-10-21 14:52:25,918 [lib.cuckoo.core.plugins] DEBUG: Running signature "okrum_mutexes"
2021-10-21 14:52:25,919 [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_certs"
2021-10-21 14:52:25,919 [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_ssl_certs"
2021-10-21 14:52:25,919 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_cridex"
2021-10-21 14:52:25,920 [lib.cuckoo.core.plugins] DEBUG: Running signature "geodo_banking_trojan"
2021-10-21 14:52:25,925 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_prinimalka"
2021-10-21 14:52:25,925 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_spyeye_mutexes"
2021-10-21 14:52:25,926 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_mutex"
2021-10-21 14:52:25,927 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_p2p"
2021-10-21 14:52:25,928 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_url"
2021-10-21 14:52:25,928 [lib.cuckoo.core.plugins] DEBUG: Running signature "bcdedit_command"
2021-10-21 14:52:25,928 [lib.cuckoo.core.plugins] DEBUG: Running signature "betabot_behavior"
2021-10-21 14:52:25,929 [lib.cuckoo.core.plugins] DEBUG: Running signature "bitcoin_opencl"
2021-10-21 14:52:25,929 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_primary_patition"
2021-10-21 14:52:25,930 [lib.cuckoo.core.plugins] DEBUG: Running signature "bootkit"
2021-10-21 14:52:25,930 [lib.cuckoo.core.plugins] DEBUG: Running signature "direct_hdd_access"
2021-10-21 14:52:25,931 [lib.cuckoo.core.plugins] DEBUG: Running signature "physical_drive_access"
2021-10-21 14:52:25,931 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_ioctl_scsipassthough"
2021-10-21 14:52:25,931 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_athenahttp"
2021-10-21 14:52:25,932 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_dirtjumper"
2021-10-21 14:52:25,933 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive"
2021-10-21 14:52:25,933 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive2"
2021-10-21 14:52:25,934 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_madness"
2021-10-21 14:52:25,935 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_russkill"
2021-10-21 14:52:25,935 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_addon"
2021-10-21 14:52:25,936 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_helper_object"
2021-10-21 14:52:25,937 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_needed"
2021-10-21 14:52:25,937 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_proxy"
2021-10-21 14:52:25,939 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_scanbox"
2021-10-21 14:52:25,940 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_security"
2021-10-21 14:52:25,942 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_startpage"
2021-10-21 14:52:25,943 [lib.cuckoo.core.plugins] DEBUG: Running signature "odbcconf_bypass"
2021-10-21 14:52:25,943 [lib.cuckoo.core.plugins] DEBUG: Running signature "regsvr32_squiblydoo_dll_load"
2021-10-21 14:52:25,944 [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblydoo_bypass"
2021-10-21 14:52:25,944 [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblytwo_bypass"
2021-10-21 14:52:25,944 [lib.cuckoo.core.plugins] DEBUG: Running signature "bypass_firewall"
2021-10-21 14:52:25,947 [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_cmstp"
2021-10-21 14:52:25,947 [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_cmstpcom"
2021-10-21 14:52:25,948 [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_delegateexecute_sdclt"
2021-10-21 14:52:25,949 [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_eventvwr"
2021-10-21 14:52:25,949 [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_fodhelper"
2021-10-21 14:52:25,950 [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_extracted_config"
2021-10-21 14:52:25,950 [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_extracted_content"
2021-10-21 14:52:25,950 [lib.cuckoo.core.plugins] DEBUG: Running signature "carberp_mutex"
2021-10-21 14:52:25,951 [lib.cuckoo.core.plugins] DEBUG: Running signature "cerber_behavior"
2021-10-21 14:52:25,952 [lib.cuckoo.core.plugins] DEBUG: Running signature "chimera_behavior"
2021-10-21 14:52:25,952 [lib.cuckoo.core.plugins] DEBUG: Running signature "clamav"
2021-10-21 14:52:25,952 [lib.cuckoo.core.plugins] DEBUG: Running signature "clears_logs"
2021-10-21 14:52:25,953 [lib.cuckoo.core.plugins] DEBUG: Running signature "clickfraud_cookies"
2021-10-21 14:52:25,954 [lib.cuckoo.core.plugins] DEBUG: Running signature "clickfraud_volume"
2021-10-21 14:52:25,954 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_obfuscation"
2021-10-21 14:52:25,954 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_switches"
2021-10-21 14:52:25,955 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_terminate"
2021-10-21 14:52:25,955 [lib.cuckoo.core.plugins] DEBUG: Running signature "commandline_forfiles_wildcard"
2021-10-21 14:52:25,956 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_http_link"
2021-10-21 14:52:25,956 [lib.cuckoo.core.plugins] DEBUG: Running signature "commandline_long_string"
2021-10-21 14:52:25,956 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_reversed_http_link"
2021-10-21 14:52:25,957 [lib.cuckoo.core.plugins] DEBUG: Running signature "long_commandline"
2021-10-21 14:52:25,957 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed_commandline"
2021-10-21 14:52:25,957 [lib.cuckoo.core.plugins] DEBUG: Running signature "codelux_behavior"
2021-10-21 14:52:25,958 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_account_disovery_cmd"
2021-10-21 14:52:25,959 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_disovery_cmd"
2021-10-21 14:52:25,959 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_disovery_pwsh"
2021-10-21 14:52:25,960 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_cmd"
2021-10-21 14:52:25,960 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_pwsh"
2021-10-21 14:52:25,960 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_user_disovery_cmd"
2021-10-21 14:52:25,961 [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_code_compile"
2021-10-21 14:52:25,961 [lib.cuckoo.core.plugins] DEBUG: Running signature "copies_self"
2021-10-21 14:52:25,961 [lib.cuckoo.core.plugins] DEBUG: Running signature "creates_largekey"
2021-10-21 14:52:25,962 [lib.cuckoo.core.plugins] DEBUG: Running signature "creates_nullvalue"
2021-10-21 14:52:25,962 [lib.cuckoo.core.plugins] DEBUG: Running signature "enables_wdigest"
2021-10-21 14:52:25,963 [lib.cuckoo.core.plugins] DEBUG: Running signature "file_credential_store_access"
2021-10-21 14:52:25,964 [lib.cuckoo.core.plugins] DEBUG: Running signature "file_credential_store_write"
2021-10-21 14:52:25,964 [lib.cuckoo.core.plugins] DEBUG: Running signature "lsass_credential_dumping"
2021-10-21 14:52:25,965 [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_dumping"
2021-10-21 14:52:25,965 [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_store_access"
2021-10-21 14:52:25,967 [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_lsa_secrets_access"
2021-10-21 14:52:25,968 [lib.cuckoo.core.plugins] DEBUG: Running signature "critical_process"
2021-10-21 14:52:25,968 [lib.cuckoo.core.plugins] DEBUG: Running signature "cyrptomining_stratum_command"
2021-10-21 14:52:25,969 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptopool_domains"
2021-10-21 14:52:25,970 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptowall_behavior"
2021-10-21 14:52:25,970 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2014_6332"
2021-10-21 14:52:25,971 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2015_2419_js"
2021-10-21 14:52:25,971 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2016-0189"
2021-10-21 14:52:25,971 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2016_7200"
2021-10-21 14:52:25,972 [lib.cuckoo.core.plugins] DEBUG: Running signature "cypherit_mutexes"
2021-10-21 14:52:25,972 [lib.cuckoo.core.plugins] DEBUG: Running signature "darkcomet_regkeys"
2021-10-21 14:52:25,975 [lib.cuckoo.core.plugins] DEBUG: Running signature "dead_connect"
2021-10-21 14:52:25,976 [lib.cuckoo.core.plugins] DEBUG: Running signature "dead_link"
2021-10-21 14:52:25,976 [lib.cuckoo.core.plugins] DEBUG: Running signature "debugs_self"
2021-10-21 14:52:25,977 [lib.cuckoo.core.plugins] DEBUG: Running signature "decoy_document"
2021-10-21 14:52:25,977 [lib.cuckoo.core.plugins] DEBUG: Running signature "decoy_image"
2021-10-21 14:52:25,977 [lib.cuckoo.core.plugins] DEBUG: Running signature "deepfreeze_mutex"
2021-10-21 14:52:25,978 [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_self"
2021-10-21 14:52:25,978 [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_shadow_copies"
2021-10-21 14:52:25,978 [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_system_state_backup"
2021-10-21 14:52:25,979 [lib.cuckoo.core.plugins] DEBUG: Running signature "dep_bypass"
2021-10-21 14:52:25,979 [lib.cuckoo.core.plugins] DEBUG: Running signature "dep_disable"
2021-10-21 14:52:25,980 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_appv_virtualization"
2021-10-21 14:52:25,980 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_app_launch"
2021-10-21 14:52:25,981 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_auto_app_termination"
2021-10-21 14:52:25,982 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_backups"
2021-10-21 14:52:25,984 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_browser_warn"
2021-10-21 14:52:25,986 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_context_menus"
2021-10-21 14:52:25,987 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_cpl_disable"
2021-10-21 14:52:25,987 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_mappeddrives_autodisconnect"
2021-10-21 14:52:25,988 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_event_logging"
2021-10-21 14:52:25,988 [lib.cuckoo.core.plugins] DEBUG: Running signature "disable_folder_options"
2021-10-21 14:52:25,989 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_notificationcenter"
2021-10-21 14:52:25,990 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_power_options"
2021-10-21 14:52:25,991 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_restore_default_state"
2021-10-21 14:52:25,992 [lib.cuckoo.core.plugins] DEBUG: Running signature "disable_run_command"
2021-10-21 14:52:25,993 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_smartscreen"
2021-10-21 14:52:25,994 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_spdy"
2021-10-21 14:52:25,994 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_startmenu_search"
2021-10-21 14:52:25,995 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_system_restore"
2021-10-21 14:52:25,996 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_uac"
2021-10-21 14:52:25,997 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wer"
2021-10-21 14:52:25,997 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wfp"
2021-10-21 14:52:25,998 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender"
2021-10-21 14:52:25,999 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender_logging"
2021-10-21 14:52:26,000 [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_windows_defender_contextmenu"
2021-10-21 14:52:26,001 [lib.cuckoo.core.plugins] DEBUG: Running signature "windows_defender_powershell"
2021-10-21 14:52:26,001 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_file_protection"
2021-10-21 14:52:26,002 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windowsupdate"
2021-10-21 14:52:26,002 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_winfirewall"
2021-10-21 14:52:26,003 [lib.cuckoo.core.plugins] DEBUG: Running signature "document_script_exe_drop"
2021-10-21 14:52:26,003 [lib.cuckoo.core.plugins] DEBUG: Running signature "andromut_mutexes"
2021-10-21 14:52:26,004 [lib.cuckoo.core.plugins] DEBUG: Running signature "downloader_cabby"
2021-10-21 14:52:26,005 [lib.cuckoo.core.plugins] DEBUG: Running signature "guloader_apis"
2021-10-21 14:52:26,005 [lib.cuckoo.core.plugins] DEBUG: Running signature "phorpiex_mutexes"
2021-10-21 14:52:26,005 [lib.cuckoo.core.plugins] DEBUG: Running signature "protonbot_mutexes"
2021-10-21 14:52:26,006 [lib.cuckoo.core.plugins] DEBUG: Running signature "dridex_behavior"
2021-10-21 14:52:26,006 [lib.cuckoo.core.plugins] DEBUG: Running signature "driver_filtermanager"
2021-10-21 14:52:26,007 [lib.cuckoo.core.plugins] DEBUG: Running signature "driver_load"
2021-10-21 14:52:26,007 [lib.cuckoo.core.plugins] DEBUG: Running signature "dropper"
2021-10-21 14:52:26,008 [lib.cuckoo.core.plugins] DEBUG: Running signature "exe_dropper_js"
2021-10-21 14:52:26,008 [lib.cuckoo.core.plugins] DEBUG: Running signature "dynamic_function_loading"
2021-10-21 14:52:26,008 [lib.cuckoo.core.plugins] DEBUG: Running signature "dyre_behavior"
2021-10-21 14:52:26,009 [lib.cuckoo.core.plugins] DEBUG: Running signature "angler_js"
2021-10-21 14:52:26,009 [lib.cuckoo.core.plugins] DEBUG: Running signature "gondad_js"
2021-10-21 14:52:26,009 [lib.cuckoo.core.plugins] DEBUG: Running signature "heapspray_js"
2021-10-21 14:52:26,010 [lib.cuckoo.core.plugins] DEBUG: Running signature "java_js"
2021-10-21 14:52:26,010 [lib.cuckoo.core.plugins] DEBUG: Running signature "Neutrino_js"
2021-10-21 14:52:26,011 [lib.cuckoo.core.plugins] DEBUG: Running signature "nuclear_js"
2021-10-21 14:52:26,011 [lib.cuckoo.core.plugins] DEBUG: Running signature "rig_js"
2021-10-21 14:52:26,011 [lib.cuckoo.core.plugins] DEBUG: Running signature "silverlight_js"
2021-10-21 14:52:26,012 [lib.cuckoo.core.plugins] DEBUG: Running signature "sundown_js"
2021-10-21 14:52:26,012 [lib.cuckoo.core.plugins] DEBUG: Running signature "virtualcheck_js"
2021-10-21 14:52:26,012 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypted_ioc"
2021-10-21 14:52:26,013 [lib.cuckoo.core.plugins] DEBUG: Running signature "excel4_macro_urls"
2021-10-21 14:52:26,013 [lib.cuckoo.core.plugins] DEBUG: Running signature "exec_crash"
2021-10-21 14:52:26,014 [lib.cuckoo.core.plugins] DEBUG: Running signature "process_creation_suspicious_location"
2021-10-21 14:52:26,014 [lib.cuckoo.core.plugins] DEBUG: Running signature "exploit_getbasekerneladdress"
2021-10-21 14:52:26,014 [lib.cuckoo.core.plugins] DEBUG: Running signature "exploit_gethaldispatchtable"
2021-10-21 14:52:26,015 [lib.cuckoo.core.plugins] DEBUG: Running signature "exploit_heapspray"
2021-10-21 14:52:26,015 [lib.cuckoo.core.plugins] DEBUG: Running signature "spooler_access"
2021-10-21 14:52:26,016 [lib.cuckoo.core.plugins] DEBUG: Running signature "spooler_svc_start"
2021-10-21 14:52:26,017 [lib.cuckoo.core.plugins] DEBUG: Running signature "koadic_apis"
2021-10-21 14:52:26,017 [lib.cuckoo.core.plugins] DEBUG: Running signature "koadic_network_activity"
2021-10-21 14:52:26,018 [lib.cuckoo.core.plugins] DEBUG: Running signature "family_proxyback"
2021-10-21 14:52:26,018 [lib.cuckoo.core.plugins] DEBUG: Running signature "downloads_from_filehosting"
2021-10-21 14:52:26,019 [lib.cuckoo.core.plugins] DEBUG: Running signature "mapped_drives_uac"
2021-10-21 14:52:26,020 [lib.cuckoo.core.plugins] DEBUG: Running signature "generic_phish"
2021-10-21 14:52:26,020 [lib.cuckoo.core.plugins] DEBUG: Running signature "gootkit_behavior"
2021-10-21 14:52:26,021 [lib.cuckoo.core.plugins] DEBUG: Running signature "h1n1_behavior"
2021-10-21 14:52:26,021 [lib.cuckoo.core.plugins] DEBUG: Running signature "hancitor_behavior"
2021-10-21 14:52:26,022 [lib.cuckoo.core.plugins] DEBUG: Running signature "hawkeye_behavior"
2021-10-21 14:52:26,022 [lib.cuckoo.core.plugins] DEBUG: Running signature "hides_recycle_bin_icon"
2021-10-21 14:52:26,023 [lib.cuckoo.core.plugins] DEBUG: Running signature "http_request"
2021-10-21 14:52:26,023 [lib.cuckoo.core.plugins] DEBUG: Running signature "https_urls"
2021-10-21 14:52:26,023 [lib.cuckoo.core.plugins] DEBUG: Running signature "apocalypse_stealer_file_behavior"
2021-10-21 14:52:26,024 [lib.cuckoo.core.plugins] DEBUG: Running signature "arkei_files"
2021-10-21 14:52:26,025 [lib.cuckoo.core.plugins] DEBUG: Running signature "azorult_mutexes"
2021-10-21 14:52:26,026 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_bitcoin"
2021-10-21 14:52:26,030 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_browser"
2021-10-21 14:52:26,031 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_browser_password"
2021-10-21 14:52:26,031 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_cookies"
2021-10-21 14:52:26,033 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptbot_files"
2021-10-21 14:52:26,034 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptbot_network"
2021-10-21 14:52:26,035 [lib.cuckoo.core.plugins] DEBUG: Running signature "echelon_files"
2021-10-21 14:52:26,036 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_ftp"
2021-10-21 14:52:26,072 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_im"
2021-10-21 14:52:26,092 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_keylog"
2021-10-21 14:52:26,093 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_mail"
2021-10-21 14:52:26,093 [lib.cuckoo.core.plugins] DEBUG: Running signature "masslogger_artifacts"
2021-10-21 14:52:26,094 [lib.cuckoo.core.plugins] DEBUG: Running signature "masslogger_files"
2021-10-21 14:52:26,094 [lib.cuckoo.core.plugins] DEBUG: Running signature "masslogger_version"
2021-10-21 14:52:26,094 [lib.cuckoo.core.plugins] DEBUG: Running signature "poullight_files"
2021-10-21 14:52:26,097 [lib.cuckoo.core.plugins] DEBUG: Running signature "purplewave_mutexes"
2021-10-21 14:52:26,098 [lib.cuckoo.core.plugins] DEBUG: Running signature "purplewave_network_activity"
2021-10-21 14:52:26,098 [lib.cuckoo.core.plugins] DEBUG: Running signature "quilclipper_mutexes"
2021-10-21 14:52:26,098 [lib.cuckoo.core.plugins] DEBUG: Running signature "quilclipper_behavior"
2021-10-21 14:52:26,099 [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_files"
2021-10-21 14:52:26,100 [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_mutexes"
2021-10-21 14:52:26,101 [lib.cuckoo.core.plugins] DEBUG: Running signature "Raccoon Behavior"
2021-10-21 14:52:26,101 [lib.cuckoo.core.plugins] DEBUG: Running signature "captures_screenshot"
2021-10-21 14:52:26,101 [lib.cuckoo.core.plugins] DEBUG: Running signature "Vidar Behavior"
2021-10-21 14:52:26,102 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_createremotethread"
2021-10-21 14:52:26,102 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_explorer"
2021-10-21 14:52:26,103 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_needextension"
2021-10-21 14:52:26,103 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_network_traffic"
2021-10-21 14:52:26,103 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_runpe"
2021-10-21 14:52:26,104 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_rwx"
2021-10-21 14:52:26,104 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_themeinitapihook"
2021-10-21 14:52:26,104 [lib.cuckoo.core.plugins] DEBUG: Running signature "internet_dropper"
2021-10-21 14:52:26,105 [lib.cuckoo.core.plugins] DEBUG: Running signature "ipc_namedpipe"
2021-10-21 14:52:26,105 [lib.cuckoo.core.plugins] DEBUG: Running signature "js_phish"
2021-10-21 14:52:26,106 [lib.cuckoo.core.plugins] DEBUG: Running signature "js_suspicious_redirect"
2021-10-21 14:52:26,106 [lib.cuckoo.core.plugins] DEBUG: Running signature "kazybot_behavior"
2021-10-21 14:52:26,106 [lib.cuckoo.core.plugins] DEBUG: Running signature "kelihos_behavior"
2021-10-21 14:52:26,107 [lib.cuckoo.core.plugins] DEBUG: Running signature "kibex_behavior"
2021-10-21 14:52:26,107 [lib.cuckoo.core.plugins] DEBUG: Running signature "kovter_behavior"
2021-10-21 14:52:26,107 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_kraken_mutexes"
2021-10-21 14:52:26,108 [lib.cuckoo.core.plugins] DEBUG: Running signature "locker_regedit"
2021-10-21 14:52:26,108 [lib.cuckoo.core.plugins] DEBUG: Running signature "locker_taskmgr"
2021-10-21 14:52:26,109 [lib.cuckoo.core.plugins] DEBUG: Running signature "Locky_behavior"
2021-10-21 14:52:26,109 [lib.cuckoo.core.plugins] DEBUG: Running signature "malicious_dynamic_function_loading"
2021-10-21 14:52:26,110 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypts_pcinfo"
2021-10-21 14:52:26,110 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypt_data_agenttesla_http"
2021-10-21 14:52:26,110 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypt_data_agentteslat2_http"
2021-10-21 14:52:26,111 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypt_data_nanocore"
2021-10-21 14:52:26,111 [lib.cuckoo.core.plugins] DEBUG: Running signature "ie_martian_children"
2021-10-21 14:52:26,111 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_martian_children"
2021-10-21 14:52:26,114 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "office_martian_children"
2021-10-21 14:52:26,115 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_agent"
2021-10-21 14:52:26,115 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_extension"
2021-10-21 14:52:26,115 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_filetime"
2021-10-21 14:52:26,116 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_icon"
2021-10-21 14:52:26,116 [lib.cuckoo.core.plugins] DEBUG: Running signature "masquerade_process_name"
2021-10-21 14:52:26,120 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimikatz_modules"
2021-10-21 14:52:26,121 [lib.cuckoo.core.plugins] DEBUG: Running signature "quilclipper_behavior"
2021-10-21 14:52:26,121 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_certs"
2021-10-21 14:52:26,122 [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_clr_usagelog_regkeys"
2021-10-21 14:52:26,122 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_hostfile"
2021-10-21 14:52:26,123 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_oem_information"
2021-10-21 14:52:26,124 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_security_center_warnings"
2021-10-21 14:52:26,125 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_uac_prompt"
2021-10-21 14:52:26,126 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_desktop_wallpaper"
2021-10-21 14:52:26,126 [lib.cuckoo.core.plugins] DEBUG: Running signature "move_file_on_reboot"
2021-10-21 14:52:26,126 [lib.cuckoo.core.plugins] DEBUG: Running signature "multiple_useragents"
2021-10-21 14:52:26,127 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_anomaly"
2021-10-21 14:52:26,127 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_bind"
2021-10-21 14:52:26,128 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_archive"
2021-10-21 14:52:26,128 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_free_webshoting"
2021-10-21 14:52:26,128 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_generic"
2021-10-21 14:52:26,129 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_temp_urldns"
2021-10-21 14:52:26,129 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_pastesite"
2021-10-21 14:52:26,129 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_payload"
2021-10-21 14:52:26,130 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_socialmedia"
2021-10-21 14:52:26,130 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_telegram"
2021-10-21 14:52:26,130 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_tempstorage"
2021-10-21 14:52:26,131 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_temp_urldns"
2021-10-21 14:52:26,131 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_urlshortener"
2021-10-21 14:52:26,131 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_useragent"
2021-10-21 14:52:26,132 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_smtps_exfil"
2021-10-21 14:52:26,132 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_smtps_generic"
2021-10-21 14:52:26,133 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_country_distribution"
2021-10-21 14:52:26,133 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_multiple_direct_ip_connections"
2021-10-21 14:52:26,133 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_http"
2021-10-21 14:52:26,134 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga"
2021-10-21 14:52:26,142 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga_fraunhofer"
2021-10-21 14:52:26,143 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_blockchain"
2021-10-21 14:52:26,144 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_idn"
2021-10-21 14:52:26,144 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_opennic"
2021-10-21 14:52:26,146 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_paste_site"
2021-10-21 14:52:26,147 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_reverse_proxy"
2021-10-21 14:52:26,148 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_suspicious_querytype"
2021-10-21 14:52:26,148 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_temp_file_storage"
2021-10-21 14:52:26,150 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_temp_urldns"
2021-10-21 14:52:26,151 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_tunneling_request"
2021-10-21 14:52:26,151 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_url_shortener"
2021-10-21 14:52:26,153 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_doh_tls"
2021-10-21 14:52:26,153 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_document_http"
2021-10-21 14:52:26,154 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_excessive_udp"
2021-10-21 14:52:26,154 [lib.cuckoo.core.plugins] DEBUG: Running signature "explorer_http"
2021-10-21 14:52:26,155 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_fake_useragent"
2021-10-21 14:52:26,155 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_http"
2021-10-21 14:52:26,155 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_icmp"
2021-10-21 14:52:26,156 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_irc"
2021-10-21 14:52:26,156 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_open_proxy"
2021-10-21 14:52:26,157 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_smtp"
2021-10-21 14:52:26,157 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor"
2021-10-21 14:52:26,157 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor_service"
2021-10-21 14:52:26,158 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_torgateway"
2021-10-21 14:52:26,160 [lib.cuckoo.core.plugins] DEBUG: Running signature "nymaim_behavior"
2021-10-21 14:52:26,161 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_code_page"
2021-10-21 14:52:26,161 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "office_code_page"
2021-10-21 14:52:26,161 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_addinloading"
2021-10-21 14:52:26,161 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_com_load"
2021-10-21 14:52:26,162 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_dotnet_load"
2021-10-21 14:52:26,162 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_mshtml_load"
2021-10-21 14:52:26,163 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_perfkey"
2021-10-21 14:52:26,163 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_vb_load"
2021-10-21 14:52:26,164 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_wmi_load"
2021-10-21 14:52:26,164 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_cve2017_11882"
2021-10-21 14:52:26,164 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_cve2017_11882_network"
2021-10-21 14:52:26,165 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_cve_2021_40444"
2021-10-21 14:52:26,165 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_cve_2021_40444_m2"
2021-10-21 14:52:26,165 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_flash_load"
2021-10-21 14:52:26,166 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_postscript"
2021-10-21 14:52:26,166 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro"
2021-10-21 14:52:26,167 [lib.cuckoo.core.plugins] DEBUG: Running signature "changes_trust_center_settings"
2021-10-21 14:52:26,168 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_vba_trust_access"
2021-10-21 14:52:26,169 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_autoexecution"
2021-10-21 14:52:26,169 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_ioc"
2021-10-21 14:52:26,169 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_malicious_prediction"
2021-10-21 14:52:26,170 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_suspicious"
2021-10-21 14:52:26,170 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_aslr_bypass"
2021-10-21 14:52:26,170 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_characterset"
2021-10-21 14:52:26,171 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_version"
2021-10-21 14:52:26,171 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_content"
2021-10-21 14:52:26,172 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_office_file"
2021-10-21 14:52:26,172 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_exploit_static"
2021-10-21 14:52:26,172 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_security"
2021-10-21 14:52:26,173 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_anomalous_feature"
2021-10-21 14:52:26,173 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_dde_command"
2021-10-21 14:52:26,173 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_suspicious_processes"
2021-10-21 14:52:26,174 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_write_exe"
2021-10-21 14:52:26,174 [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_langid"
2021-10-21 14:52:26,175 [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_resource_langid"
2021-10-21 14:52:26,175 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_unknown_pe_section_name"
2021-10-21 14:52:26,175 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_mutex"
2021-10-21 14:52:26,176 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_regkey"
2021-10-21 14:52:26,177 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspack"
2021-10-21 14:52:26,178 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspirecrypt"
2021-10-21 14:52:26,178 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_bedsprotector"
2021-10-21 14:52:26,178 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_confuser"
2021-10-21 14:52:26,179 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_enigma"
2021-10-21 14:52:26,179 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_entropy"
2021-10-21 14:52:26,180 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_mpress"
2021-10-21 14:52:26,180 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nate"
2021-10-21 14:52:26,180 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nspack"
2021-10-21 14:52:26,181 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_smartassembly"
2021-10-21 14:52:26,181 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_spices"
2021-10-21 14:52:26,181 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_themida"
2021-10-21 14:52:26,182 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_themida"
2021-10-21 14:52:26,182 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_titan"
2021-10-21 14:52:26,183 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_upx"
2021-10-21 14:52:26,183 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_vmprotect"
2021-10-21 14:52:26,183 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_yoda"
2021-10-21 14:52:26,184 [lib.cuckoo.core.plugins] DEBUG: Running signature "pdf_annot_urls"
2021-10-21 14:52:26,184 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ads"
2021-10-21 14:52:26,184 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_autorun"
2021-10-21 14:52:26,185 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_autorun_tasks"
2021-10-21 14:52:26,185 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_safeboot"
2021-10-21 14:52:26,186 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_bootexecute"
2021-10-21 14:52:26,186 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_registry_script"
2021-10-21 14:52:26,187 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ifeo"
2021-10-21 14:52:26,187 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_slient_process_exit"
2021-10-21 14:52:26,188 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_rdp_registry"
2021-10-21 14:52:26,189 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_rdp_shadowing"
2021-10-21 14:52:26,189 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_service"
2021-10-21 14:52:26,190 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_shim_database"
2021-10-21 14:52:26,190 [lib.cuckoo.core.plugins] DEBUG: Running signature "polymorphic"
2021-10-21 14:52:26,191 [lib.cuckoo.core.plugins] DEBUG: Running signature "pony_behavior"
2021-10-21 14:52:26,191 [lib.cuckoo.core.plugins] DEBUG: Running signature "powerpool_mutexes"
2021-10-21 14:52:26,192 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_network_connection"
2021-10-21 14:52:26,192 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_scriptblock_logging"
2021-10-21 14:52:26,193 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_command_suspicious"
2021-10-21 14:52:26,193 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed"
2021-10-21 14:52:26,193 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_reversed"
2021-10-21 14:52:26,194 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_variable_obfuscation"
2021-10-21 14:52:26,194 [lib.cuckoo.core.plugins] DEBUG: Running signature "punch_plus_plus_pcres"
2021-10-21 14:52:26,195 [lib.cuckoo.core.plugins] DEBUG: Running signature "prevents_safeboot"
2021-10-21 14:52:26,195 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_process_discovery"
2021-10-21 14:52:26,196 [lib.cuckoo.core.plugins] DEBUG: Running signature "createtoolhelp32snapshot_module_enumeration"
2021-10-21 14:52:26,196 [lib.cuckoo.core.plugins] DEBUG: Running signature "enumerates_running_processes"
2021-10-21 14:52:26,196 [lib.cuckoo.core.plugins] DEBUG: Running signature "process_interest"
2021-10-21 14:52:26,197 [lib.cuckoo.core.plugins] DEBUG: Running signature "process_needed"
2021-10-21 14:52:26,197 [lib.cuckoo.core.plugins] DEBUG: Running signature "procmem_yara"
2021-10-21 14:52:26,197 [lib.cuckoo.core.plugins] DEBUG: Running signature "mass_data_encryption"
2021-10-21 14:52:26,198 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptomix_mutexes"
2021-10-21 14:52:26,198 [lib.cuckoo.core.plugins] DEBUG: Running signature "dharma_mutexes"
2021-10-21 14:52:26,199 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_dmalocker"
2021-10-21 14:52:26,199 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_extensions"
2021-10-21 14:52:26,206 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_file_modifications"
2021-10-21 14:52:26,207 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_files"
2021-10-21 14:52:26,217 [lib.cuckoo.core.plugins] DEBUG: Running signature "fonix_mutexes"
2021-10-21 14:52:26,217 [lib.cuckoo.core.plugins] DEBUG: Running signature "gandcrab_mutexes"
2021-10-21 14:52:26,218 [lib.cuckoo.core.plugins] DEBUG: Running signature "germanwiper_mutexes"
2021-10-21 14:52:26,218 [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_mutexes"
2021-10-21 14:52:26,219 [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_regkeys"
2021-10-21 14:52:26,221 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_message"
2021-10-21 14:52:26,221 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_message_multiple_locations"
2021-10-21 14:52:26,222 [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_mutexes"
2021-10-21 14:52:26,222 [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_network_activity"
2021-10-21 14:52:26,223 [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_note"
2021-10-21 14:52:26,223 [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_regkeys"
2021-10-21 14:52:26,224 [lib.cuckoo.core.plugins] DEBUG: Running signature "pysa_mutexes"
2021-10-21 14:52:26,224 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_radamant"
2021-10-21 14:52:26,225 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_recyclebin"
2021-10-21 14:52:26,226 [lib.cuckoo.core.plugins] DEBUG: Running signature "revil_mutexes"
2021-10-21 14:52:26,227 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_revil_regkey"
2021-10-21 14:52:26,228 [lib.cuckoo.core.plugins] DEBUG: Running signature "satan_mutexes"
2021-10-21 14:52:26,229 [lib.cuckoo.core.plugins] DEBUG: Running signature "snake_ransom_mutexes"
2021-10-21 14:52:26,229 [lib.cuckoo.core.plugins] DEBUG: Running signature "Sodinokibi Behavior"
2021-10-21 14:52:26,230 [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransom_mutexes"
2021-10-21 14:52:26,230 [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransomware_cmd"
2021-10-21 14:52:26,231 [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransomware_registry"
2021-10-21 14:52:26,231 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_beebus_mutexes"
2021-10-21 14:52:26,232 [lib.cuckoo.core.plugins] DEBUG: Running signature "blacknet_mutexes"
2021-10-21 14:52:26,232 [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_apis"
2021-10-21 14:52:26,233 [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_mutexes"
2021-10-21 14:52:26,233 [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_network_activity"
2021-10-21 14:52:26,235 [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_registry_keys"
2021-10-21 14:52:26,236 [lib.cuckoo.core.plugins] DEBUG: Running signature "crat_mutexes"
2021-10-21 14:52:26,237 [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_behavior"
2021-10-21 14:52:26,237 [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_files"
2021-10-21 14:52:26,238 [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_mutexes"
2021-10-21 14:52:26,238 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_fynloski_mutexes"
2021-10-21 14:52:26,239 [lib.cuckoo.core.plugins] DEBUG: Running signature "karagany_system_event_objects"
2021-10-21 14:52:26,239 [lib.cuckoo.core.plugins] DEBUG: Running signature "karagany_files"
2021-10-21 14:52:26,240 [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_mutexes"
2021-10-21 14:52:26,240 [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_regkeys"
2021-10-21 14:52:26,243 [lib.cuckoo.core.plugins] DEBUG: Running signature "lodarat_file_behavior"
2021-10-21 14:52:26,244 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_luminosity"
2021-10-21 14:52:26,244 [lib.cuckoo.core.plugins] DEBUG: Running signature "modirat_behavior"
2021-10-21 14:52:26,245 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_nanocore"
2021-10-21 14:52:26,246 [lib.cuckoo.core.plugins] DEBUG: Running signature "NewtWire Behavior"
2021-10-21 14:52:26,246 [lib.cuckoo.core.plugins] DEBUG: Running signature "njrat_regkeys"
2021-10-21 14:52:26,247 [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_files"
2021-10-21 14:52:26,248 [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_mutexes"
2021-10-21 14:52:26,248 [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_network_activity"
2021-10-21 14:52:26,248 [lib.cuckoo.core.plugins] DEBUG: Running signature "OrcusRAT Behavior"
2021-10-21 14:52:26,249 [lib.cuckoo.core.plugins] DEBUG: Running signature "parallax_mutexes"
2021-10-21 14:52:26,249 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_pcclient"
2021-10-21 14:52:26,250 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_plugx_mutexes"
2021-10-21 14:52:26,251 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_poisonivy_mutexes"
2021-10-21 14:52:26,251 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_quasar_mutexes"
2021-10-21 14:52:26,252 [lib.cuckoo.core.plugins] DEBUG: Running signature "ratsnif_mutexes"
2021-10-21 14:52:26,252 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_spynet"
2021-10-21 14:52:26,253 [lib.cuckoo.core.plugins] DEBUG: Running signature "trochilusrat_APIs"
2021-10-21 14:52:26,253 [lib.cuckoo.core.plugins] DEBUG: Running signature "venomrat_mutexes"
2021-10-21 14:52:26,254 [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_files"
2021-10-21 14:52:26,255 [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_regkeys"
2021-10-21 14:52:26,257 [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_files"
2021-10-21 14:52:26,257 [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_mutexes"
2021-10-21 14:52:26,258 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_xtreme_mutexes"
2021-10-21 14:52:26,258 [lib.cuckoo.core.plugins] DEBUG: Running signature "reads_self"
2021-10-21 14:52:26,259 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_beacon"
2021-10-21 14:52:26,259 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_checkip"
2021-10-21 14:52:26,260 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_fingerprint"
2021-10-21 14:52:26,261 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_programs"
2021-10-21 14:52:26,262 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_systeminfo"
2021-10-21 14:52:26,262 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_recyclebin"
2021-10-21 14:52:26,263 [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_files"
2021-10-21 14:52:26,263 [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_mutexes"
2021-10-21 14:52:26,264 [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_regkeys"
2021-10-21 14:52:26,266 [lib.cuckoo.core.plugins] DEBUG: Running signature "rdptcp_key"
2021-10-21 14:52:26,267 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_rdp_clip"
2021-10-21 14:52:26,267 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_remote_desktop_session"
2021-10-21 14:52:26,267 [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_networking_icon"
2021-10-21 14:52:26,268 [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_pinned_programs"
2021-10-21 14:52:26,269 [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_security_maintenance_icon"
2021-10-21 14:52:26,269 [lib.cuckoo.core.plugins] DEBUG: Running signature "Removes_startmenu_defaults"
2021-10-21 14:52:26,271 [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_username_startmenu"
2021-10-21 14:52:26,271 [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_zoneid_ads"
2021-10-21 14:52:26,272 [lib.cuckoo.core.plugins] DEBUG: Running signature "spicyhotpot_behavior"
2021-10-21 14:52:26,272 [lib.cuckoo.core.plugins] DEBUG: Running signature "script_created_process"
2021-10-21 14:52:26,273 [lib.cuckoo.core.plugins] DEBUG: Running signature "script_network_activity"
2021-10-21 14:52:26,273 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_js_script"
2021-10-21 14:52:26,274 [lib.cuckoo.core.plugins] DEBUG: Running signature "secure_login_phishing"
2021-10-21 14:52:26,274 [lib.cuckoo.core.plugins] DEBUG: Running signature "securityxploded_modules"
2021-10-21 14:52:26,274 [lib.cuckoo.core.plugins] DEBUG: Running signature "sets_autoconfig_url"
2021-10-21 14:52:26,275 [lib.cuckoo.core.plugins] DEBUG: Running signature "shifu_behavior"
2021-10-21 14:52:26,275 [lib.cuckoo.core.plugins] DEBUG: Running signature "sniffer_winpcap"
2021-10-21 14:52:26,276 [lib.cuckoo.core.plugins] DEBUG: Running signature "spoofs_procname"
2021-10-21 14:52:26,276 [lib.cuckoo.core.plugins] DEBUG: Running signature "spreading_autoruninf"
2021-10-21 14:52:26,277 [lib.cuckoo.core.plugins] DEBUG: Running signature "stack_pivot"
2021-10-21 14:52:26,277 [lib.cuckoo.core.plugins] DEBUG: Running signature "stack_pivot_file_created"
2021-10-21 14:52:26,277 [lib.cuckoo.core.plugins] DEBUG: Running signature "stack_pivot_process_create"
2021-10-21 14:52:26,278 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_authenticode"
2021-10-21 14:52:26,278 [lib.cuckoo.core.plugins] DEBUG: Running signature "invalid_authenticode_signature"
2021-10-21 14:52:26,279 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_dotnet_anomaly"
2021-10-21 14:52:26,279 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_java"
2021-10-21 14:52:26,279 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pdf"
2021-10-21 14:52:26,280 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_anomaly"
2021-10-21 14:52:26,280 [lib.cuckoo.core.plugins] DEBUG: Running signature "pe_compile_timestomping"
2021-10-21 14:52:26,280 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_pdbpath"
2021-10-21 14:52:26,281 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_rat_config"
2021-10-21 14:52:26,281 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_versioninfo_anomaly"
2021-10-21 14:52:26,282 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_childproc"
2021-10-21 14:52:26,282 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_file"
2021-10-21 14:52:26,282 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hidden_extension"
2021-10-21 14:52:26,283 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hiddenreg"
2021-10-21 14:52:26,284 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hide_notifications"
2021-10-21 14:52:26,285 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_network"
2021-10-21 14:52:26,285 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_timeout"
2021-10-21 14:52:26,285 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_webhistory"
2021-10-21 14:52:26,286 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_window"
2021-10-21 14:52:26,286 [lib.cuckoo.core.plugins] DEBUG: Running signature "suricata_alert"
2021-10-21 14:52:26,287 [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_psexec"
2021-10-21 14:52:26,287 [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_tools"
2021-10-21 14:52:26,288 [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_etw"
2021-10-21 14:52:26,289 [lib.cuckoo.core.plugins] DEBUG: Running signature "lsa_tampering"
2021-10-21 14:52:26,290 [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_powershell_logging"
2021-10-21 14:52:26,290 [lib.cuckoo.core.plugins] DEBUG: Running signature "targeted_flame"
2021-10-21 14:52:26,291 [lib.cuckoo.core.plugins] DEBUG: Running signature "territorial_disputes_sigs"
2021-10-21 14:52:26,329 [lib.cuckoo.core.plugins] DEBUG: Running signature "tinba_behavior"
2021-10-21 14:52:26,330 [lib.cuckoo.core.plugins] DEBUG: Running signature "TrickBotTaskDelete"
2021-10-21 14:52:26,330 [lib.cuckoo.core.plugins] DEBUG: Running signature "trickbot_mutex"
2021-10-21 14:52:26,331 [lib.cuckoo.core.plugins] DEBUG: Running signature "fleercivet_mutex"
2021-10-21 14:52:26,331 [lib.cuckoo.core.plugins] DEBUG: Running signature "lokibot_mutexes"
2021-10-21 14:52:26,332 [lib.cuckoo.core.plugins] DEBUG: Running signature "ursnif_behavior"
2021-10-21 14:52:26,334 [lib.cuckoo.core.plugins] DEBUG: Running signature "troldesh_behavior"
2021-10-21 14:52:26,335 [lib.cuckoo.core.plugins] DEBUG: Running signature "upatre_behavior"
2021-10-21 14:52:26,335 [lib.cuckoo.core.plugins] DEBUG: Running signature "ursnif_behavior"
2021-10-21 14:52:26,335 [lib.cuckoo.core.plugins] DEBUG: Running signature "user_enum"
2021-10-21 14:52:26,336 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_adfind"
2021-10-21 14:52:26,336 [lib.cuckoo.core.plugins] DEBUG: Running signature "vawtrak_behavior"
2021-10-21 14:52:26,336 [lib.cuckoo.core.plugins] DEBUG: Running signature "vawtrak_behavior"
2021-10-21 14:52:26,337 [lib.cuckoo.core.plugins] DEBUG: Running signature "virus"
2021-10-21 14:52:26,337 [lib.cuckoo.core.plugins] DEBUG: Running signature "neshta_files"
2021-10-21 14:52:26,337 [lib.cuckoo.core.plugins] DEBUG: Running signature "neshta_mutexes"
2021-10-21 14:52:26,338 [lib.cuckoo.core.plugins] DEBUG: Running signature "neshta_regkeys"
2021-10-21 14:52:26,338 [lib.cuckoo.core.plugins] DEBUG: Running signature "renamer_mutexes"
2021-10-21 14:52:26,339 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_devicetree_1"
2021-10-21 14:52:26,339 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_handles_1"
2021-10-21 14:52:26,340 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_1"
2021-10-21 14:52:26,340 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_2"
2021-10-21 14:52:26,340 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_1"
2021-10-21 14:52:26,341 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_2"
2021-10-21 14:52:26,341 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_modscan_1"
2021-10-21 14:52:26,341 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_1"
2021-10-21 14:52:26,342 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_2"
2021-10-21 14:52:26,342 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_3"
2021-10-21 14:52:26,342 [lib.cuckoo.core.plugins] DEBUG: Running signature "webmail_phish"
2021-10-21 14:52:26,343 [lib.cuckoo.core.plugins] DEBUG: Running signature "owa_web_shell_files"
2021-10-21 14:52:26,343 [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_files"
2021-10-21 14:52:26,344 [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_processes"
2021-10-21 14:52:26,345 [lib.cuckoo.core.plugins] DEBUG: Running signature "persists_dev_util"
2021-10-21 14:52:26,346 [lib.cuckoo.core.plugins] DEBUG: Running signature "spawns_dev_util"
2021-10-21 14:52:26,346 [lib.cuckoo.core.plugins] DEBUG: Running signature "whois_create"
2021-10-21 14:52:26,347 [lib.cuckoo.core.plugins] DEBUG: Running signature "alters_windows_utility"
2021-10-21 14:52:26,347 [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_csc_build"
2021-10-21 14:52:26,347 [lib.cuckoo.core.plugins] DEBUG: Running signature "multiple_explorer_instances"
2021-10-21 14:52:26,348 [lib.cuckoo.core.plugins] DEBUG: Running signature "overwrites_accessibility_utility"
2021-10-21 14:52:26,348 [lib.cuckoo.core.plugins] DEBUG: Running signature "script_tool_executed"
2021-10-21 14:52:26,348 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_certutil_use"
2021-10-21 14:52:26,349 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_command_tools"
2021-10-21 14:52:26,349 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_mpcmdrun_use"
2021-10-21 14:52:26,350 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_ping_use"
2021-10-21 14:52:26,350 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_powershell_copyitem"
2021-10-21 14:52:26,350 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities"
2021-10-21 14:52:26,351 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_appcmd"
2021-10-21 14:52:26,351 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_csvde_ldifde"
2021-10-21 14:52:26,352 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_cipher"
2021-10-21 14:52:26,352 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_clickonce"
2021-10-21 14:52:26,352 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_dsquery"
2021-10-21 14:52:26,353 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_esentutl"
2021-10-21 14:52:26,353 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_finger"
2021-10-21 14:52:26,353 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_mode"
2021-10-21 14:52:26,354 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_ntdsutil"
2021-10-21 14:52:26,354 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_nltest"
2021-10-21 14:52:26,355 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_to_create_scheduled_task"
2021-10-21 14:52:26,355 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_xcopy"
2021-10-21 14:52:26,355 [lib.cuckoo.core.plugins] DEBUG: Running signature "wmic_command_suspicious"
2021-10-21 14:52:26,356 [lib.cuckoo.core.plugins] DEBUG: Running signature "scrcons_wmi_script_consumer"
2021-10-21 14:52:26,356 [lib.cuckoo.core.plugins] DEBUG: Running signature "wmi_create_process"
2021-10-21 14:52:26,356 [lib.cuckoo.core.plugins] DEBUG: Running signature "wmi_script_process"
2021-10-21 14:52:26,357 [lib.cuckoo.core.plugins] DEBUG: Running signature "allaple_mutexes"
2021-10-21 14:52:26,361 [root] DEBUG: Deleting analysis data for Task 167
2021-10-21 14:52:26,366 [root] DEBUG: Deleted previous MongoDB data for Task 167
2021-10-21 14:52:27,611 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "BinGraph"
2021-10-21 14:52:27,612 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "JsonDump"
2021-10-21 14:52:27,971 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "LiteReport"
2021-10-21 14:52:28,065 [lib.cuckoo.core.plugins] INFO: Reporting module malheur not found in configuration file
2021-10-21 14:52:28,066 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MITRE_TTPS"
2021-10-21 14:52:30,529 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "PCAP2CERT"
2021-10-21 14:52:30,551 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTML"
2021-10-21 14:52:32,579 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTMLSummary"
2021-10-21 14:52:34,092 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReSubmitExtractedEXE"
2021-10-21 14:52:34,209 [modules.reporting.resubmitexe] INFO: Resubmitexe file "/opt/CAPEv2/storage/analyses/167/files/a96d5aee1f4ccef23be0e363d779d305a2502e6b09a39cbb633bbe011f434eeb_link/a9411c606c7e88468252.xls" added as task with ID [178] resub count 0
2021-10-21 14:52:34,210 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ReSubmitExtractedEXE":
Traceback (most recent call last):
File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 817, in process
current.run(self.results)
File "/opt/CAPEv2/utils/../modules/reporting/resubmitexe.py", line 445, in run
self.results["resubs"].append(task_id)
KeyError: 'resubs'
2021-10-21 14:52:34,212 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "SubmitCAPE"
2021-10-21 14:52:34,227 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportPDF"
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-cape'
2021-10-21 14:52:37,770 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MongoDB"
2021-10-21 14:52:38,087 [modules.reporting.mongodb] DEBUG: Deleting analysis data for Task 167
2021-10-21 14:52:38,088 [modules.reporting.mongodb] DEBUG: Deleted previous MongoDB data for Task 1672021-10-21 14:46:07,886 [root] INFO: Processing analysis data for Task #176
2021-10-21 14:46:07,919 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Decompression" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:07,923 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "CAPE" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:09,811 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "AnalysisInfo" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:09,854 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "BehaviorAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:10,907 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Curtain" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:10,909 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Debug" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:10,914 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Deduplicate" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:11,553 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Dropped" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:11,591 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Memory" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:11,592 [root] ERROR: Memory dump not found: to run volatility you have to enable memory_dump
2021-10-21 14:46:11,592 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "NetworkAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:11,665 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "ProcDump" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:12,656 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Procmon" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:12,657 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Static" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:12,662 [msodde] DEBUG: Is OLE. Checking streams to see whether this is xls
2021-10-21 14:46:12,662 [root] DEBUG: Finding streams in ole file
2021-10-21 14:46:12,662 [root] DEBUG: direntry 0 Root Entry: no stream (root)
2021-10-21 14:46:12,663 [root] DEBUG: direntry 1 Workbook: is stream of size 236346
2021-10-21 14:46:12,665 [msodde] DEBUG: Process file as excel 2003 (xls)
2021-10-21 14:46:12,665 [root] DEBUG: Finding streams in ole file
2021-10-21 14:46:12,665 [root] DEBUG: direntry 0 Root Entry: no stream (root)
2021-10-21 14:46:12,665 [root] DEBUG: direntry 1 Workbook: is stream of size 236346
2021-10-21 14:46:12,670 [root] DEBUG: direntry 2 SummaryInformation: is stream of size 4096
2021-10-21 14:46:12,670 [root] DEBUG: direntry 3 DocumentSummaryInformation: is stream of size 4096
2021-10-21 14:46:12,766 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Strings" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:12,771 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Suricata" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:12,826 [modules.processing.suricata] DEBUG: pcapfile list: {'message': {'count': 0, 'files': []}, 'return': 'OK'} current pcap: {'message': '/opt/CAPEv2/storage/analyses/176/dump.pcap', 'return': 'OK'}
2021-10-21 14:46:17,833 [modules.processing.suricata] DEBUG: pcapfile list: {'message': {'count': 0, 'files': []}, 'return': 'OK'} current pcap: {'message': 'None', 'return': 'OK'}
2021-10-21 14:46:17,833 [modules.processing.suricata] DEBUG: Pcap not in list and not current pcap lets assume it's processed
2021-10-21 14:46:17,840 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "TargetInfo" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:17,880 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "TrID" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:18,368 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Usage" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:18,488 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "VirusTotal" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:18,973 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "TLSMasterSecrets" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:18,974 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "ProcessMemory" on analysis at "/opt/CAPEv2/storage/analyses/176"
2021-10-21 14:46:19,011 [lib.cuckoo.core.plugins] DEBUG: Applying signature overlays for signatures: creates_exe
2021-10-21 14:46:19,013 [lib.cuckoo.core.plugins] DEBUG: Running 409 evented signatures
2021-10-21 14:46:19,014 [lib.cuckoo.core.plugins] DEBUG: |-- cape_detected_threat
2021-10-21 14:46:19,014 [lib.cuckoo.core.plugins] DEBUG: |-- Compression
2021-10-21 14:46:19,014 [lib.cuckoo.core.plugins] DEBUG: |-- Decryption
2021-10-21 14:46:19,015 [lib.cuckoo.core.plugins] DEBUG: |-- Doppelganging
2021-10-21 14:46:19,015 [lib.cuckoo.core.plugins] DEBUG: |-- EvilGrab
2021-10-21 14:46:19,016 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionInterProcess
2021-10-21 14:46:19,016 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionCreateRemoteThread
2021-10-21 14:46:19,016 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionProcessHollowing
2021-10-21 14:46:19,017 [lib.cuckoo.core.plugins] DEBUG: |-- InjectionSetWindowLong
2021-10-21 14:46:19,017 [lib.cuckoo.core.plugins] DEBUG: |-- PlugX
2021-10-21 14:46:19,018 [lib.cuckoo.core.plugins] DEBUG: |-- RegBinary
2021-10-21 14:46:19,018 [lib.cuckoo.core.plugins] DEBUG: |-- TransactedHollowing
2021-10-21 14:46:19,018 [lib.cuckoo.core.plugins] DEBUG: |-- Unpacker
2021-10-21 14:46:19,019 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_mailslot
2021-10-21 14:46:19,019 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_netlogon_regkey
2021-10-21 14:46:19,020 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_sysvol
2021-10-21 14:46:19,020 [lib.cuckoo.core.plugins] DEBUG: |-- writes_sysvol
2021-10-21 14:46:19,020 [lib.cuckoo.core.plugins] DEBUG: |-- adds_admin_user
2021-10-21 14:46:19,021 [lib.cuckoo.core.plugins] DEBUG: |-- adds_user
2021-10-21 14:46:19,021 [lib.cuckoo.core.plugins] DEBUG: |-- overwites_admin_password
2021-10-21 14:46:19,022 [lib.cuckoo.core.plugins] DEBUG: |-- alphacrypt_behavior
2021-10-21 14:46:19,022 [lib.cuckoo.core.plugins] DEBUG: |-- andromeda_behavior
2021-10-21 14:46:19,022 [lib.cuckoo.core.plugins] DEBUG: |-- anomalous_deletefile
2021-10-21 14:46:19,023 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_360_libs
2021-10-21 14:46:19,023 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_ahnlab_libs
2021-10-21 14:46:19,024 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_avast_libs
2021-10-21 14:46:19,024 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_bitdefender_libs
2021-10-21 14:46:19,024 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_bullgaurd_libs
2021-10-21 14:46:19,025 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_emsisoft_libs
2021-10-21 14:46:19,025 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_qurb_libs
2021-10-21 14:46:19,025 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_servicestop
2021-10-21 14:46:19,026 [lib.cuckoo.core.plugins] DEBUG: |-- antidbg_windows
2021-10-21 14:46:19,026 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_addvectoredexceptionhandler
2021-10-21 14:46:19,027 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_apioverride_libs
2021-10-21 14:46:19,027 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_checkremotedebuggerpresent
2021-10-21 14:46:19,027 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_debugactiveprocess
2021-10-21 14:46:19,028 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_gettickcount
2021-10-21 14:46:19,028 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_guardpages
2021-10-21 14:46:19,028 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_ntcreatethreadex
2021-10-21 14:46:19,029 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_nthookengine_libs
2021-10-21 14:46:19,029 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_ntsetinformationthread
2021-10-21 14:46:19,030 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_outputdebugstring
2021-10-21 14:46:19,030 [lib.cuckoo.core.plugins] DEBUG: |-- antidebug_setunhandledexceptionfilter
2021-10-21 14:46:19,030 [lib.cuckoo.core.plugins] DEBUG: |-- antiemu_wine_func
2021-10-21 14:46:19,031 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_check_userdomain
2021-10-21 14:46:19,031 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_cuckoo
2021-10-21 14:46:19,032 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_cuckoocrash
2021-10-21 14:46:19,032 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_mouse_hook
2021-10-21 14:46:19,033 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_restart
2021-10-21 14:46:19,033 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sboxie_libs
2021-10-21 14:46:19,033 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sboxie_objects
2021-10-21 14:46:19,034 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_script_timer
2021-10-21 14:46:19,034 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sleep
2021-10-21 14:46:19,034 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sunbelt_libs
2021-10-21 14:46:19,035 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_suspend
2021-10-21 14:46:19,035 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_unhook
2021-10-21 14:46:19,036 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_directory_objects
2021-10-21 14:46:19,036 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_disk
2021-10-21 14:46:19,036 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_disk_setupapi
2021-10-21 14:46:19,037 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_scsi
2021-10-21 14:46:19,037 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_services
2021-10-21 14:46:19,037 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_libs
2021-10-21 14:46:19,038 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_provname
2021-10-21 14:46:19,038 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_window
2021-10-21 14:46:19,039 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vmware_events
2021-10-21 14:46:19,039 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vmware_libs
2021-10-21 14:46:19,039 [lib.cuckoo.core.plugins] DEBUG: |-- api_spamming
2021-10-21 14:46:19,040 [lib.cuckoo.core.plugins] DEBUG: |-- gulpix_behavior
2021-10-21 14:46:19,040 [lib.cuckoo.core.plugins] DEBUG: |-- banker_prinimalka
2021-10-21 14:46:19,041 [lib.cuckoo.core.plugins] DEBUG: |-- bcdedit_command
2021-10-21 14:46:19,041 [lib.cuckoo.core.plugins] DEBUG: |-- betabot_behavior
2021-10-21 14:46:19,041 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_primary_patition
2021-10-21 14:46:19,042 [lib.cuckoo.core.plugins] DEBUG: |-- bootkit
2021-10-21 14:46:19,042 [lib.cuckoo.core.plugins] DEBUG: |-- direct_hdd_access
2021-10-21 14:46:19,043 [lib.cuckoo.core.plugins] DEBUG: |-- physical_drive_access
2021-10-21 14:46:19,043 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_ioctl_scsipassthough
2021-10-21 14:46:19,043 [lib.cuckoo.core.plugins] DEBUG: |-- browser_needed
2021-10-21 14:46:19,044 [lib.cuckoo.core.plugins] DEBUG: |-- browser_scanbox
2021-10-21 14:46:19,044 [lib.cuckoo.core.plugins] DEBUG: |-- odbcconf_bypass
2021-10-21 14:46:19,044 [lib.cuckoo.core.plugins] DEBUG: |-- regsvr32_squiblydoo_dll_load
2021-10-21 14:46:19,045 [lib.cuckoo.core.plugins] DEBUG: |-- squiblydoo_bypass
2021-10-21 14:46:19,045 [lib.cuckoo.core.plugins] DEBUG: |-- squiblytwo_bypass
2021-10-21 14:46:19,046 [lib.cuckoo.core.plugins] DEBUG: |-- uac_bypass_cmstp
2021-10-21 14:46:19,046 [lib.cuckoo.core.plugins] DEBUG: |-- uac_bypass_delegateexecute_sdclt
2021-10-21 14:46:19,046 [lib.cuckoo.core.plugins] DEBUG: |-- uac_bypass_eventvwr
2021-10-21 14:46:19,047 [lib.cuckoo.core.plugins] DEBUG: |-- uac_bypass_fodhelper
2021-10-21 14:46:19,047 [lib.cuckoo.core.plugins] DEBUG: |-- cape_extracted_config
2021-10-21 14:46:19,048 [lib.cuckoo.core.plugins] DEBUG: |-- cape_extracted_content
2021-10-21 14:46:19,048 [lib.cuckoo.core.plugins] DEBUG: |-- cerber_behavior
2021-10-21 14:46:19,048 [lib.cuckoo.core.plugins] DEBUG: |-- chimera_behavior
2021-10-21 14:46:19,049 [lib.cuckoo.core.plugins] DEBUG: |-- clears_logs
2021-10-21 14:46:19,049 [lib.cuckoo.core.plugins] DEBUG: |-- clickfraud_cookies
2021-10-21 14:46:19,049 [lib.cuckoo.core.plugins] DEBUG: |-- clickfraud_volume
2021-10-21 14:46:19,050 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_obfuscation
2021-10-21 14:46:19,050 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_switches
2021-10-21 14:46:19,051 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_terminate
2021-10-21 14:46:19,051 [lib.cuckoo.core.plugins] DEBUG: |-- commandline_forfiles_wildcard
2021-10-21 14:46:19,051 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_http_link
2021-10-21 14:46:19,052 [lib.cuckoo.core.plugins] DEBUG: |-- commandline_long_string
2021-10-21 14:46:19,052 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_reversed_http_link
2021-10-21 14:46:19,053 [lib.cuckoo.core.plugins] DEBUG: |-- long_commandline
2021-10-21 14:46:19,053 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_renamed_commandline
2021-10-21 14:46:19,053 [lib.cuckoo.core.plugins] DEBUG: |-- system_account_disovery_cmd
2021-10-21 14:46:19,054 [lib.cuckoo.core.plugins] DEBUG: |-- system_info_disovery_cmd
2021-10-21 14:46:19,054 [lib.cuckoo.core.plugins] DEBUG: |-- system_info_disovery_pwsh
2021-10-21 14:46:19,054 [lib.cuckoo.core.plugins] DEBUG: |-- system_network_discovery_cmd
2021-10-21 14:46:19,055 [lib.cuckoo.core.plugins] DEBUG: |-- system_network_discovery_pwsh
2021-10-21 14:46:19,055 [lib.cuckoo.core.plugins] DEBUG: |-- system_user_disovery_cmd
2021-10-21 14:46:19,056 [lib.cuckoo.core.plugins] DEBUG: |-- dotnet_code_compile
2021-10-21 14:46:19,056 [lib.cuckoo.core.plugins] DEBUG: |-- creates_largekey
2021-10-21 14:46:19,056 [lib.cuckoo.core.plugins] DEBUG: |-- creates_nullvalue
2021-10-21 14:46:19,057 [lib.cuckoo.core.plugins] DEBUG: |-- file_credential_store_access
2021-10-21 14:46:19,057 [lib.cuckoo.core.plugins] DEBUG: |-- file_credential_store_write
2021-10-21 14:46:19,058 [lib.cuckoo.core.plugins] DEBUG: |-- lsass_credential_dumping
2021-10-21 14:46:19,058 [lib.cuckoo.core.plugins] DEBUG: |-- registry_credential_dumping
2021-10-21 14:46:19,058 [lib.cuckoo.core.plugins] DEBUG: |-- registry_credential_store_access
2021-10-21 14:46:19,059 [lib.cuckoo.core.plugins] DEBUG: |-- registry_lsa_secrets_access
2021-10-21 14:46:19,059 [lib.cuckoo.core.plugins] DEBUG: |-- critical_process
2021-10-21 14:46:19,060 [lib.cuckoo.core.plugins] DEBUG: |-- cyrptomining_stratum_command
2021-10-21 14:46:19,060 [lib.cuckoo.core.plugins] DEBUG: |-- cryptowall_behavior
2021-10-21 14:46:19,060 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2014_6332
2021-10-21 14:46:19,061 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2015_2419_js
2021-10-21 14:46:19,061 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2016-0189
2021-10-21 14:46:19,061 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2016_7200
2021-10-21 14:46:19,062 [lib.cuckoo.core.plugins] DEBUG: |-- dead_connect
2021-10-21 14:46:19,062 [lib.cuckoo.core.plugins] DEBUG: |-- dead_link
2021-10-21 14:46:19,063 [lib.cuckoo.core.plugins] DEBUG: |-- debugs_self
2021-10-21 14:46:19,063 [lib.cuckoo.core.plugins] DEBUG: |-- decoy_document
2021-10-21 14:46:19,063 [lib.cuckoo.core.plugins] DEBUG: |-- decoy_image
2021-10-21 14:46:19,064 [lib.cuckoo.core.plugins] DEBUG: |-- deletes_self
2021-10-21 14:46:19,064 [lib.cuckoo.core.plugins] DEBUG: |-- deletes_shadow_copies
2021-10-21 14:46:19,064 [lib.cuckoo.core.plugins] DEBUG: |-- deletes_system_state_backup
2021-10-21 14:46:19,065 [lib.cuckoo.core.plugins] DEBUG: |-- dep_bypass
2021-10-21 14:46:19,065 [lib.cuckoo.core.plugins] DEBUG: |-- dep_disable
2021-10-21 14:46:19,066 [lib.cuckoo.core.plugins] DEBUG: |-- disables_appv_virtualization
2021-10-21 14:46:19,066 [lib.cuckoo.core.plugins] DEBUG: |-- disables_auto_app_termination
2021-10-21 14:46:19,066 [lib.cuckoo.core.plugins] DEBUG: |-- disables_backups
2021-10-21 14:46:19,067 [lib.cuckoo.core.plugins] DEBUG: |-- disables_context_menus
2021-10-21 14:46:19,067 [lib.cuckoo.core.plugins] DEBUG: |-- disables_cpl_disable
2021-10-21 14:46:19,068 [lib.cuckoo.core.plugins] DEBUG: |-- disables_mappeddrives_autodisconnect
2021-10-21 14:46:19,068 [lib.cuckoo.core.plugins] DEBUG: |-- disables_event_logging
2021-10-21 14:46:19,069 [lib.cuckoo.core.plugins] DEBUG: |-- disables_power_options
2021-10-21 14:46:19,069 [lib.cuckoo.core.plugins] DEBUG: |-- disables_restore_default_state
2021-10-21 14:46:19,069 [lib.cuckoo.core.plugins] DEBUG: |-- disables_spdy
2021-10-21 14:46:19,070 [lib.cuckoo.core.plugins] DEBUG: |-- disables_startmenu_search
2021-10-21 14:46:19,070 [lib.cuckoo.core.plugins] DEBUG: |-- disables_wfp
2021-10-21 14:46:19,071 [lib.cuckoo.core.plugins] DEBUG: |-- document_script_exe_drop
2021-10-21 14:46:19,071 [lib.cuckoo.core.plugins] DEBUG: |-- guloader_apis
2021-10-21 14:46:19,071 [lib.cuckoo.core.plugins] DEBUG: |-- dridex_behavior
2021-10-21 14:46:19,072 [lib.cuckoo.core.plugins] DEBUG: |-- driver_load
2021-10-21 14:46:19,072 [lib.cuckoo.core.plugins] DEBUG: |-- exe_dropper_js
2021-10-21 14:46:19,073 [lib.cuckoo.core.plugins] DEBUG: |-- dynamic_function_loading
2021-10-21 14:46:19,073 [lib.cuckoo.core.plugins] DEBUG: |-- dyre_behavior
2021-10-21 14:46:19,073 [lib.cuckoo.core.plugins] DEBUG: |-- angler_js
2021-10-21 14:46:19,074 [lib.cuckoo.core.plugins] DEBUG: |-- gondad_js
2021-10-21 14:46:19,074 [lib.cuckoo.core.plugins] DEBUG: |-- heapspray_js
2021-10-21 14:46:19,074 [lib.cuckoo.core.plugins] DEBUG: |-- java_js
2021-10-21 14:46:19,075 [lib.cuckoo.core.plugins] DEBUG: |-- Neutrino_js
2021-10-21 14:46:19,075 [lib.cuckoo.core.plugins] DEBUG: |-- nuclear_js
2021-10-21 14:46:19,076 [lib.cuckoo.core.plugins] DEBUG: |-- rig_js
2021-10-21 14:46:19,076 [lib.cuckoo.core.plugins] DEBUG: |-- silverlight_js
2021-10-21 14:46:19,076 [lib.cuckoo.core.plugins] DEBUG: |-- sundown_js
2021-10-21 14:46:19,077 [lib.cuckoo.core.plugins] DEBUG: |-- virtualcheck_js
2021-10-21 14:46:19,077 [lib.cuckoo.core.plugins] DEBUG: |-- encrypted_ioc
2021-10-21 14:46:19,078 [lib.cuckoo.core.plugins] DEBUG: |-- exec_crash
2021-10-21 14:46:19,078 [lib.cuckoo.core.plugins] DEBUG: |-- process_creation_suspicious_location
2021-10-21 14:46:19,078 [lib.cuckoo.core.plugins] DEBUG: |-- exploit_getbasekerneladdress
2021-10-21 14:46:19,079 [lib.cuckoo.core.plugins] DEBUG: |-- exploit_gethaldispatchtable
2021-10-21 14:46:19,079 [lib.cuckoo.core.plugins] DEBUG: |-- exploit_heapspray
2021-10-21 14:46:19,080 [lib.cuckoo.core.plugins] DEBUG: |-- spooler_svc_start
2021-10-21 14:46:19,080 [lib.cuckoo.core.plugins] DEBUG: |-- koadic_apis
2021-10-21 14:46:19,080 [lib.cuckoo.core.plugins] DEBUG: |-- koadic_network_activity
2021-10-21 14:46:19,081 [lib.cuckoo.core.plugins] DEBUG: |-- downloads_from_filehosting
2021-10-21 14:46:19,081 [lib.cuckoo.core.plugins] DEBUG: |-- generic_phish
2021-10-21 14:46:19,082 [lib.cuckoo.core.plugins] DEBUG: |-- gootkit_behavior
2021-10-21 14:46:19,082 [lib.cuckoo.core.plugins] DEBUG: |-- h1n1_behavior
2021-10-21 14:46:19,082 [lib.cuckoo.core.plugins] DEBUG: |-- hancitor_behavior
2021-10-21 14:46:19,083 [lib.cuckoo.core.plugins] DEBUG: |-- hawkeye_behavior
2021-10-21 14:46:19,083 [lib.cuckoo.core.plugins] DEBUG: |-- hides_recycle_bin_icon
2021-10-21 14:46:19,084 [lib.cuckoo.core.plugins] DEBUG: |-- http_request
2021-10-21 14:46:19,084 [lib.cuckoo.core.plugins] DEBUG: |-- https_urls
2021-10-21 14:46:19,084 [lib.cuckoo.core.plugins] DEBUG: |-- apocalypse_stealer_file_behavior
2021-10-21 14:46:19,085 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_browser
2021-10-21 14:46:19,085 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_browser_password
2021-10-21 14:46:19,085 [lib.cuckoo.core.plugins] DEBUG: |-- cryptbot_files
2021-10-21 14:46:19,086 [lib.cuckoo.core.plugins] DEBUG: |-- cryptbot_network
2021-10-21 14:46:19,086 [lib.cuckoo.core.plugins] DEBUG: |-- echelon_files
2021-10-21 14:46:19,087 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_keylog
2021-10-21 14:46:19,087 [lib.cuckoo.core.plugins] DEBUG: |-- masslogger_artifacts
2021-10-21 14:46:19,087 [lib.cuckoo.core.plugins] DEBUG: |-- masslogger_files
2021-10-21 14:46:19,088 [lib.cuckoo.core.plugins] DEBUG: |-- masslogger_version
2021-10-21 14:46:19,088 [lib.cuckoo.core.plugins] DEBUG: |-- poullight_files
2021-10-21 14:46:19,089 [lib.cuckoo.core.plugins] DEBUG: |-- purplewave_mutexes
2021-10-21 14:46:19,089 [lib.cuckoo.core.plugins] DEBUG: |-- purplewave_network_activity
2021-10-21 14:46:19,089 [lib.cuckoo.core.plugins] DEBUG: |-- quilclipper_mutexes
2021-10-21 14:46:19,090 [lib.cuckoo.core.plugins] DEBUG: |-- quilclipper_behavior
2021-10-21 14:46:19,090 [lib.cuckoo.core.plugins] DEBUG: |-- Raccoon Behavior
2021-10-21 14:46:19,090 [lib.cuckoo.core.plugins] DEBUG: |-- captures_screenshot
2021-10-21 14:46:19,091 [lib.cuckoo.core.plugins] DEBUG: |-- Vidar Behavior
2021-10-21 14:46:19,091 [lib.cuckoo.core.plugins] DEBUG: |-- injection_createremotethread
2021-10-21 14:46:19,092 [lib.cuckoo.core.plugins] DEBUG: |-- injection_explorer
2021-10-21 14:46:19,092 [lib.cuckoo.core.plugins] DEBUG: |-- injection_needextension
2021-10-21 14:46:19,092 [lib.cuckoo.core.plugins] DEBUG: |-- injection_network_traffic
2021-10-21 14:46:19,093 [lib.cuckoo.core.plugins] DEBUG: |-- injection_runpe
2021-10-21 14:46:19,093 [lib.cuckoo.core.plugins] DEBUG: |-- injection_rwx
2021-10-21 14:46:19,093 [lib.cuckoo.core.plugins] DEBUG: |-- injection_themeinitapihook
2021-10-21 14:46:19,094 [lib.cuckoo.core.plugins] DEBUG: |-- internet_dropper
2021-10-21 14:46:19,094 [lib.cuckoo.core.plugins] DEBUG: |-- ipc_namedpipe
2021-10-21 14:46:19,095 [lib.cuckoo.core.plugins] DEBUG: |-- js_phish
2021-10-21 14:46:19,095 [lib.cuckoo.core.plugins] DEBUG: |-- js_suspicious_redirect
2021-10-21 14:46:19,096 [lib.cuckoo.core.plugins] DEBUG: |-- kazybot_behavior
2021-10-21 14:46:19,096 [lib.cuckoo.core.plugins] DEBUG: |-- kelihos_behavior
2021-10-21 14:46:19,096 [lib.cuckoo.core.plugins] DEBUG: |-- kibex_behavior
2021-10-21 14:46:19,097 [lib.cuckoo.core.plugins] DEBUG: |-- kovter_behavior
2021-10-21 14:46:19,097 [lib.cuckoo.core.plugins] DEBUG: |-- Locky_behavior
2021-10-21 14:46:19,097 [lib.cuckoo.core.plugins] DEBUG: |-- malicious_dynamic_function_loading
2021-10-21 14:46:19,098 [lib.cuckoo.core.plugins] DEBUG: |-- encrypts_pcinfo
2021-10-21 14:46:19,098 [lib.cuckoo.core.plugins] DEBUG: |-- encrypt_data_agenttesla_http
2021-10-21 14:46:19,099 [lib.cuckoo.core.plugins] DEBUG: |-- encrypt_data_agentteslat2_http
2021-10-21 14:46:19,099 [lib.cuckoo.core.plugins] DEBUG: |-- encrypt_data_nanocore
2021-10-21 14:46:19,099 [lib.cuckoo.core.plugins] DEBUG: |-- mimics_agent
2021-10-21 14:46:19,100 [lib.cuckoo.core.plugins] DEBUG: |-- mimics_filetime
2021-10-21 14:46:19,100 [lib.cuckoo.core.plugins] DEBUG: |-- masquerade_process_name
2021-10-21 14:46:19,101 [lib.cuckoo.core.plugins] DEBUG: |-- mimikatz_modules
2021-10-21 14:46:19,101 [lib.cuckoo.core.plugins] DEBUG: |-- quilclipper_behavior
2021-10-21 14:46:19,101 [lib.cuckoo.core.plugins] DEBUG: |-- dotnet_clr_usagelog_regkeys
2021-10-21 14:46:19,102 [lib.cuckoo.core.plugins] DEBUG: |-- modifies_oem_information
2021-10-21 14:46:19,102 [lib.cuckoo.core.plugins] DEBUG: |-- modifies_desktop_wallpaper
2021-10-21 14:46:19,102 [lib.cuckoo.core.plugins] DEBUG: |-- move_file_on_reboot
2021-10-21 14:46:19,103 [lib.cuckoo.core.plugins] DEBUG: |-- multiple_useragents
2021-10-21 14:46:19,103 [lib.cuckoo.core.plugins] DEBUG: |-- network_anomaly
2021-10-21 14:46:19,104 [lib.cuckoo.core.plugins] DEBUG: |-- network_bind
2021-10-21 14:46:19,104 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_archive
2021-10-21 14:46:19,105 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_free_webshoting
2021-10-21 14:46:19,105 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_generic
2021-10-21 14:46:19,105 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_temp_urldns
2021-10-21 14:46:19,106 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_pastesite
2021-10-21 14:46:19,106 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_payload
2021-10-21 14:46:19,106 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_socialmedia
2021-10-21 14:46:19,107 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_telegram
2021-10-21 14:46:19,107 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_tempstorage
2021-10-21 14:46:19,108 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_temp_urldns
2021-10-21 14:46:19,108 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_urlshortener
2021-10-21 14:46:19,108 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_https_useragent
2021-10-21 14:46:19,109 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_smtps_exfil
2021-10-21 14:46:19,109 [lib.cuckoo.core.plugins] DEBUG: |-- network_cnc_smtps_generic
2021-10-21 14:46:19,109 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_blockchain
2021-10-21 14:46:19,110 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_idn
2021-10-21 14:46:19,110 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_opennic
2021-10-21 14:46:19,111 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_reverse_proxy
2021-10-21 14:46:19,111 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_suspicious_querytype
2021-10-21 14:46:19,111 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_tunneling_request
2021-10-21 14:46:19,112 [lib.cuckoo.core.plugins] DEBUG: |-- network_dns_doh_tls
2021-10-21 14:46:19,112 [lib.cuckoo.core.plugins] DEBUG: |-- network_document_http
2021-10-21 14:46:19,112 [lib.cuckoo.core.plugins] DEBUG: |-- explorer_http
2021-10-21 14:46:19,113 [lib.cuckoo.core.plugins] DEBUG: |-- network_fake_useragent
2021-10-21 14:46:19,113 [lib.cuckoo.core.plugins] DEBUG: |-- network_open_proxy
2021-10-21 14:46:19,114 [lib.cuckoo.core.plugins] DEBUG: |-- network_tor
2021-10-21 14:46:19,114 [lib.cuckoo.core.plugins] DEBUG: |-- nymaim_behavior
2021-10-21 14:46:19,114 [lib.cuckoo.core.plugins] DEBUG: |-- office_addinloading
2021-10-21 14:46:19,115 [lib.cuckoo.core.plugins] DEBUG: |-- office_com_load
2021-10-21 14:46:19,115 [lib.cuckoo.core.plugins] DEBUG: |-- office_dotnet_load
2021-10-21 14:46:19,116 [lib.cuckoo.core.plugins] DEBUG: |-- office_mshtml_load
2021-10-21 14:46:19,116 [lib.cuckoo.core.plugins] DEBUG: |-- office_vb_load
2021-10-21 14:46:19,116 [lib.cuckoo.core.plugins] DEBUG: |-- office_wmi_load
2021-10-21 14:46:19,117 [lib.cuckoo.core.plugins] DEBUG: |-- office_cve2017_11882
2021-10-21 14:46:19,117 [lib.cuckoo.core.plugins] DEBUG: |-- office_cve2017_11882_network
2021-10-21 14:46:19,117 [lib.cuckoo.core.plugins] DEBUG: |-- office_cve_2021_40444
2021-10-21 14:46:19,118 [lib.cuckoo.core.plugins] DEBUG: |-- office_cve_2021_40444_m2
2021-10-21 14:46:19,118 [lib.cuckoo.core.plugins] DEBUG: |-- office_flash_load
2021-10-21 14:46:19,119 [lib.cuckoo.core.plugins] DEBUG: |-- office_postscript
2021-10-21 14:46:19,119 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_aslr_bypass
2021-10-21 14:46:19,119 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_anomaly_characterset
2021-10-21 14:46:19,120 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_anomaly_version
2021-10-21 14:46:19,120 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_embedded_content
2021-10-21 14:46:19,120 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_embedded_office_file
2021-10-21 14:46:19,121 [lib.cuckoo.core.plugins] DEBUG: |-- rtf_exploit_static
2021-10-21 14:46:19,121 [lib.cuckoo.core.plugins] DEBUG: |-- office_dde_command
2021-10-21 14:46:19,122 [lib.cuckoo.core.plugins] DEBUG: |-- office_suspicious_processes
2021-10-21 14:46:19,122 [lib.cuckoo.core.plugins] DEBUG: |-- office_write_exe
2021-10-21 14:46:19,122 [lib.cuckoo.core.plugins] DEBUG: |-- packer_themida
2021-10-21 14:46:19,123 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_autorun
2021-10-21 14:46:19,123 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_autorun_tasks
2021-10-21 14:46:19,123 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_safeboot
2021-10-21 14:46:19,124 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_bootexecute
2021-10-21 14:46:19,124 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_registry_script
2021-10-21 14:46:19,125 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_ifeo
2021-10-21 14:46:19,125 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_slient_process_exit
2021-10-21 14:46:19,125 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_rdp_registry
2021-10-21 14:46:19,126 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_rdp_shadowing
2021-10-21 14:46:19,126 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_shim_database
2021-10-21 14:46:19,126 [lib.cuckoo.core.plugins] DEBUG: |-- pony_behavior
2021-10-21 14:46:19,127 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_network_connection
2021-10-21 14:46:19,127 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_scriptblock_logging
2021-10-21 14:46:19,128 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_command_suspicious
2021-10-21 14:46:19,128 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_renamed
2021-10-21 14:46:19,128 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_reversed
2021-10-21 14:46:19,129 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_variable_obfuscation
2021-10-21 14:46:19,129 [lib.cuckoo.core.plugins] DEBUG: |-- cmdline_process_discovery
2021-10-21 14:46:19,129 [lib.cuckoo.core.plugins] DEBUG: |-- createtoolhelp32snapshot_module_enumeration
2021-10-21 14:46:19,130 [lib.cuckoo.core.plugins] DEBUG: |-- enumerates_running_processes
2021-10-21 14:46:19,130 [lib.cuckoo.core.plugins] DEBUG: |-- process_interest
2021-10-21 14:46:19,131 [lib.cuckoo.core.plugins] DEBUG: |-- process_needed
2021-10-21 14:46:19,131 [lib.cuckoo.core.plugins] DEBUG: |-- mass_data_encryption
2021-10-21 14:46:19,131 [lib.cuckoo.core.plugins] DEBUG: |-- dharma_mutexes
2021-10-21 14:46:19,132 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_dmalocker
2021-10-21 14:46:19,132 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_file_modifications
2021-10-21 14:46:19,133 [lib.cuckoo.core.plugins] DEBUG: |-- fonix_mutexes
2021-10-21 14:46:19,133 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_message
2021-10-21 14:46:19,133 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_message_multiple_locations
2021-10-21 14:46:19,134 [lib.cuckoo.core.plugins] DEBUG: |-- nemty_network_activity
2021-10-21 14:46:19,134 [lib.cuckoo.core.plugins] DEBUG: |-- nemty_note
2021-10-21 14:46:19,134 [lib.cuckoo.core.plugins] DEBUG: |-- pysa_mutexes
2021-10-21 14:46:19,135 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_revil_regkey
2021-10-21 14:46:19,135 [lib.cuckoo.core.plugins] DEBUG: |-- satan_mutexes
2021-10-21 14:46:19,136 [lib.cuckoo.core.plugins] DEBUG: |-- snake_ransom_mutexes
2021-10-21 14:46:19,136 [lib.cuckoo.core.plugins] DEBUG: |-- Sodinokibi Behavior
2021-10-21 14:46:19,136 [lib.cuckoo.core.plugins] DEBUG: |-- stop_ransom_mutexes
2021-10-21 14:46:19,137 [lib.cuckoo.core.plugins] DEBUG: |-- stop_ransomware_cmd
2021-10-21 14:46:19,137 [lib.cuckoo.core.plugins] DEBUG: |-- stop_ransomware_registry
2021-10-21 14:46:19,138 [lib.cuckoo.core.plugins] DEBUG: |-- blackrat_apis
2021-10-21 14:46:19,138 [lib.cuckoo.core.plugins] DEBUG: |-- blackrat_network_activity
2021-10-21 14:46:19,138 [lib.cuckoo.core.plugins] DEBUG: |-- blackrat_registry_keys
2021-10-21 14:46:19,139 [lib.cuckoo.core.plugins] DEBUG: |-- dcrat_behavior
2021-10-21 14:46:19,139 [lib.cuckoo.core.plugins] DEBUG: |-- lodarat_file_behavior
2021-10-21 14:46:19,139 [lib.cuckoo.core.plugins] DEBUG: |-- rat_luminosity
2021-10-21 14:46:19,140 [lib.cuckoo.core.plugins] DEBUG: |-- rat_nanocore
2021-10-21 14:46:19,140 [lib.cuckoo.core.plugins] DEBUG: |-- NewtWire Behavior
2021-10-21 14:46:19,141 [lib.cuckoo.core.plugins] DEBUG: |-- obliquerat_network_activity
2021-10-21 14:46:19,141 [lib.cuckoo.core.plugins] DEBUG: |-- OrcusRAT Behavior
2021-10-21 14:46:19,141 [lib.cuckoo.core.plugins] DEBUG: |-- trochilusrat_APIs
2021-10-21 14:46:19,142 [lib.cuckoo.core.plugins] DEBUG: |-- xpertrat_files
2021-10-21 14:46:19,142 [lib.cuckoo.core.plugins] DEBUG: |-- xpertrat_mutexes
2021-10-21 14:46:19,142 [lib.cuckoo.core.plugins] DEBUG: |-- reads_self
2021-10-21 14:46:19,143 [lib.cuckoo.core.plugins] DEBUG: |-- recon_beacon
2021-10-21 14:46:19,143 [lib.cuckoo.core.plugins] DEBUG: |-- recon_programs
2021-10-21 14:46:19,144 [lib.cuckoo.core.plugins] DEBUG: |-- recon_systeminfo
2021-10-21 14:46:19,144 [lib.cuckoo.core.plugins] DEBUG: |-- accesses_recyclebin
2021-10-21 14:46:19,144 [lib.cuckoo.core.plugins] DEBUG: |-- uses_rdp_clip
2021-10-21 14:46:19,145 [lib.cuckoo.core.plugins] DEBUG: |-- uses_remote_desktop_session
2021-10-21 14:46:19,145 [lib.cuckoo.core.plugins] DEBUG: |-- removes_networking_icon
2021-10-21 14:46:19,145 [lib.cuckoo.core.plugins] DEBUG: |-- removes_pinned_programs
2021-10-21 14:46:19,146 [lib.cuckoo.core.plugins] DEBUG: |-- removes_security_maintenance_icon
2021-10-21 14:46:19,146 [lib.cuckoo.core.plugins] DEBUG: |-- Removes_startmenu_defaults
2021-10-21 14:46:19,147 [lib.cuckoo.core.plugins] DEBUG: |-- removes_username_startmenu
2021-10-21 14:46:19,147 [lib.cuckoo.core.plugins] DEBUG: |-- removes_zoneid_ads
2021-10-21 14:46:19,147 [lib.cuckoo.core.plugins] DEBUG: |-- spicyhotpot_behavior
2021-10-21 14:46:19,148 [lib.cuckoo.core.plugins] DEBUG: |-- script_created_process
2021-10-21 14:46:19,148 [lib.cuckoo.core.plugins] DEBUG: |-- script_network_activity
2021-10-21 14:46:19,149 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_js_script
2021-10-21 14:46:19,149 [lib.cuckoo.core.plugins] DEBUG: |-- secure_login_phishing
2021-10-21 14:46:19,149 [lib.cuckoo.core.plugins] DEBUG: |-- securityxploded_modules
2021-10-21 14:46:19,150 [lib.cuckoo.core.plugins] DEBUG: |-- sets_autoconfig_url
2021-10-21 14:46:19,150 [lib.cuckoo.core.plugins] DEBUG: |-- shifu_behavior
2021-10-21 14:46:19,150 [lib.cuckoo.core.plugins] DEBUG: |-- spoofs_procname
2021-10-21 14:46:19,151 [lib.cuckoo.core.plugins] DEBUG: |-- stack_pivot
2021-10-21 14:46:19,151 [lib.cuckoo.core.plugins] DEBUG: |-- stack_pivot_file_created
2021-10-21 14:46:19,152 [lib.cuckoo.core.plugins] DEBUG: |-- stack_pivot_process_create
2021-10-21 14:46:19,152 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_childproc
2021-10-21 14:46:19,152 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_file
2021-10-21 14:46:19,153 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_network
2021-10-21 14:46:19,153 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_timeout
2021-10-21 14:46:19,153 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_window
2021-10-21 14:46:19,154 [lib.cuckoo.core.plugins] DEBUG: |-- sysinternals_psexec
2021-10-21 14:46:19,154 [lib.cuckoo.core.plugins] DEBUG: |-- sysinternals_tools
2021-10-21 14:46:19,155 [lib.cuckoo.core.plugins] DEBUG: |-- territorial_disputes_sigs
2021-10-21 14:46:19,155 [lib.cuckoo.core.plugins] DEBUG: |-- tinba_behavior
2021-10-21 14:46:19,155 [lib.cuckoo.core.plugins] DEBUG: |-- TrickBotTaskDelete
2021-10-21 14:46:19,156 [lib.cuckoo.core.plugins] DEBUG: |-- ursnif_behavior
2021-10-21 14:46:19,156 [lib.cuckoo.core.plugins] DEBUG: |-- upatre_behavior
2021-10-21 14:46:19,157 [lib.cuckoo.core.plugins] DEBUG: |-- ursnif_behavior
2021-10-21 14:46:19,157 [lib.cuckoo.core.plugins] DEBUG: |-- user_enum
2021-10-21 14:46:19,157 [lib.cuckoo.core.plugins] DEBUG: |-- uses_adfind
2021-10-21 14:46:19,158 [lib.cuckoo.core.plugins] DEBUG: |-- vawtrak_behavior
2021-10-21 14:46:19,158 [lib.cuckoo.core.plugins] DEBUG: |-- vawtrak_behavior
2021-10-21 14:46:19,158 [lib.cuckoo.core.plugins] DEBUG: |-- virus
2021-10-21 14:46:19,159 [lib.cuckoo.core.plugins] DEBUG: |-- neshta_files
2021-10-21 14:46:19,159 [lib.cuckoo.core.plugins] DEBUG: |-- neshta_regkeys
2021-10-21 14:46:19,160 [lib.cuckoo.core.plugins] DEBUG: |-- webmail_phish
2021-10-21 14:46:19,160 [lib.cuckoo.core.plugins] DEBUG: |-- web_shell_processes
2021-10-21 14:46:19,160 [lib.cuckoo.core.plugins] DEBUG: |-- persists_dev_util
2021-10-21 14:46:19,161 [lib.cuckoo.core.plugins] DEBUG: |-- spawns_dev_util
2021-10-21 14:46:19,161 [lib.cuckoo.core.plugins] DEBUG: |-- alters_windows_utility
2021-10-21 14:46:19,161 [lib.cuckoo.core.plugins] DEBUG: |-- dotnet_csc_build
2021-10-21 14:46:19,162 [lib.cuckoo.core.plugins] DEBUG: |-- multiple_explorer_instances
2021-10-21 14:46:19,162 [lib.cuckoo.core.plugins] DEBUG: |-- overwrites_accessibility_utility
2021-10-21 14:46:19,163 [lib.cuckoo.core.plugins] DEBUG: |-- script_tool_executed
2021-10-21 14:46:19,163 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_certutil_use
2021-10-21 14:46:19,163 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_command_tools
2021-10-21 14:46:19,164 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_mpcmdrun_use
2021-10-21 14:46:19,164 [lib.cuckoo.core.plugins] DEBUG: |-- suspicious_ping_use
2021-10-21 14:46:19,165 [lib.cuckoo.core.plugins] DEBUG: |-- uses_powershell_copyitem
2021-10-21 14:46:19,165 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities
2021-10-21 14:46:19,165 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_appcmd
2021-10-21 14:46:19,166 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_csvde_ldifde
2021-10-21 14:46:19,166 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_cipher
2021-10-21 14:46:19,167 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_clickonce
2021-10-21 14:46:19,167 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_dsquery
2021-10-21 14:46:19,167 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_esentutl
2021-10-21 14:46:19,168 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_finger
2021-10-21 14:46:19,168 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_mode
2021-10-21 14:46:19,168 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_ntdsutil
2021-10-21 14:46:19,169 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_nltest
2021-10-21 14:46:19,169 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_to_create_scheduled_task
2021-10-21 14:46:19,170 [lib.cuckoo.core.plugins] DEBUG: |-- uses_windows_utilities_xcopy
2021-10-21 14:46:19,170 [lib.cuckoo.core.plugins] DEBUG: |-- wmic_command_suspicious
2021-10-21 14:46:19,170 [lib.cuckoo.core.plugins] DEBUG: |-- scrcons_wmi_script_consumer
2021-10-21 14:46:19,171 [lib.cuckoo.core.plugins] DEBUG: |-- wmi_create_process
2021-10-21 14:46:19,171 [lib.cuckoo.core.plugins] DEBUG: `-- wmi_script_process
2021-10-21 14:46:20,586 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "dynamic_function_loading"
[]
2021-10-21 14:46:20,597 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "stealth_network"
2021-10-21 14:46:20,600 [lib.cuckoo.core.plugins] DEBUG: Running non-evented signatures
2021-10-21 14:46:20,602 [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_detected_threat"
2021-10-21 14:46:20,602 [lib.cuckoo.core.plugins] DEBUG: Running signature "Compression"
2021-10-21 14:46:20,603 [lib.cuckoo.core.plugins] DEBUG: Running signature "Decryption"
2021-10-21 14:46:20,603 [lib.cuckoo.core.plugins] DEBUG: Running signature "Doppelganging"
2021-10-21 14:46:20,604 [lib.cuckoo.core.plugins] DEBUG: Running signature "EvilGrab"
2021-10-21 14:46:20,604 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionInterProcess"
2021-10-21 14:46:20,604 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionCreateRemoteThread"
2021-10-21 14:46:20,605 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionProcessHollowing"
2021-10-21 14:46:20,605 [lib.cuckoo.core.plugins] DEBUG: Running signature "InjectionSetWindowLong"
2021-10-21 14:46:20,605 [lib.cuckoo.core.plugins] DEBUG: Running signature "PlugX"
2021-10-21 14:46:20,606 [lib.cuckoo.core.plugins] DEBUG: Running signature "RegBinary"
2021-10-21 14:46:20,606 [lib.cuckoo.core.plugins] DEBUG: Running signature "TransactedHollowing"
2021-10-21 14:46:20,606 [lib.cuckoo.core.plugins] DEBUG: Running signature "Unpacker"
2021-10-21 14:46:20,607 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_mailslot"
2021-10-21 14:46:20,607 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_netlogon_regkey"
2021-10-21 14:46:20,608 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_sysvol"
2021-10-21 14:46:20,609 [lib.cuckoo.core.plugins] DEBUG: Running signature "writes_sysvol"
2021-10-21 14:46:20,609 [lib.cuckoo.core.plugins] DEBUG: Running signature "adds_admin_user"
2021-10-21 14:46:20,610 [lib.cuckoo.core.plugins] DEBUG: Running signature "adds_user"
2021-10-21 14:46:20,611 [lib.cuckoo.core.plugins] DEBUG: Running signature "overwites_admin_password"
2021-10-21 14:46:20,611 [lib.cuckoo.core.plugins] DEBUG: Running signature "alphacrypt_behavior"
2021-10-21 14:46:20,611 [lib.cuckoo.core.plugins] DEBUG: Running signature "andromeda_behavior"
2021-10-21 14:46:20,612 [lib.cuckoo.core.plugins] DEBUG: Running signature "anomalous_deletefile"
2021-10-21 14:46:20,612 [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectfile"
2021-10-21 14:46:20,616 [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectreg"
2021-10-21 14:46:20,627 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_360_libs"
2021-10-21 14:46:20,627 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_ahnlab_libs"
2021-10-21 14:46:20,628 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_avast_libs"
2021-10-21 14:46:20,628 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_bitdefender_libs"
2021-10-21 14:46:20,628 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_bullgaurd_libs"
2021-10-21 14:46:20,629 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_attachment_manager"
2021-10-21 14:46:20,629 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectfile"
2021-10-21 14:46:20,634 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectreg"
2021-10-21 14:46:20,684 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_emsisoft_libs"
2021-10-21 14:46:20,685 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_qurb_libs"
2021-10-21 14:46:20,685 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_servicestop"
2021-10-21 14:46:20,685 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_srp"
2021-10-21 14:46:20,686 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidbg_devices"
2021-10-21 14:46:20,687 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidbg_windows"
2021-10-21 14:46:20,688 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_addvectoredexceptionhandler"
2021-10-21 14:46:20,688 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_apioverride_libs"
2021-10-21 14:46:20,688 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_checkremotedebuggerpresent"
2021-10-21 14:46:20,689 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_debugactiveprocess"
2021-10-21 14:46:20,689 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_gettickcount"
2021-10-21 14:46:20,689 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_guardpages"
2021-10-21 14:46:20,690 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_ntcreatethreadex"
2021-10-21 14:46:20,690 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_nthookengine_libs"
2021-10-21 14:46:20,691 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_ntsetinformationthread"
2021-10-21 14:46:20,691 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_outputdebugstring"
2021-10-21 14:46:20,691 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_setunhandledexceptionfilter"
2021-10-21 14:46:20,692 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_windefend"
2021-10-21 14:46:20,692 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_reg"
2021-10-21 14:46:20,693 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_func"
2021-10-21 14:46:20,693 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_check_userdomain"
2021-10-21 14:46:20,694 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoo"
2021-10-21 14:46:20,694 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoo_files"
2021-10-21 14:46:20,694 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoocrash"
2021-10-21 14:46:20,695 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_fortinet_files"
2021-10-21 14:46:20,695 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_joe_anubis_files"
2021-10-21 14:46:20,696 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_mouse_hook"
2021-10-21 14:46:20,696 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_restart"
2021-10-21 14:46:20,697 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_libs"
2021-10-21 14:46:20,697 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_mutex"
2021-10-21 14:46:20,697 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_objects"
2021-10-21 14:46:20,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_script_timer"
2021-10-21 14:46:20,698 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sleep"
2021-10-21 14:46:20,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_files"
2021-10-21 14:46:20,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_libs"
2021-10-21 14:46:20,699 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_suspend"
2021-10-21 14:46:20,700 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_threattrack_files"
2021-10-21 14:46:20,700 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_unhook"
2021-10-21 14:46:20,701 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivirus_virustotal"
2021-10-21 14:46:20,701 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_xen_keys"
2021-10-21 14:46:20,702 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_directory_objects"
2021-10-21 14:46:20,703 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_bios"
2021-10-21 14:46:20,703 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_cpu"
2021-10-21 14:46:20,704 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_disk"
2021-10-21 14:46:20,704 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_disk_setupapi"
2021-10-21 14:46:20,705 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_diskreg"
2021-10-21 14:46:20,707 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_scsi"
2021-10-21 14:46:20,707 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_services"
2021-10-21 14:46:20,708 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_system"
2021-10-21 14:46:20,708 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_hyperv_keys"
2021-10-21 14:46:20,710 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_parallels_keys"
2021-10-21 14:46:20,713 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_devices"
2021-10-21 14:46:20,714 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_files"
2021-10-21 14:46:20,716 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_keys"
2021-10-21 14:46:20,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_libs"
2021-10-21 14:46:20,722 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_provname"
2021-10-21 14:46:20,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_window"
2021-10-21 14:46:20,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_devices"
2021-10-21 14:46:20,723 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_events"
2021-10-21 14:46:20,724 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_files"
2021-10-21 14:46:20,725 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_keys"
2021-10-21 14:46:20,729 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_libs"
2021-10-21 14:46:20,729 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_mutexes"
2021-10-21 14:46:20,730 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_files"
2021-10-21 14:46:20,731 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_keys"
2021-10-21 14:46:20,733 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_mutex"
2021-10-21 14:46:20,733 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_xen_keys"
2021-10-21 14:46:20,736 [lib.cuckoo.core.plugins] DEBUG: Running signature "api_spamming"
2021-10-21 14:46:20,737 [lib.cuckoo.core.plugins] DEBUG: Running signature "gulpix_behavior"
2021-10-21 14:46:20,737 [lib.cuckoo.core.plugins] DEBUG: Running signature "ketrican_regkeys"
2021-10-21 14:46:20,739 [lib.cuckoo.core.plugins] DEBUG: Running signature "okrum_mutexes"
2021-10-21 14:46:20,740 [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_certs"
2021-10-21 14:46:20,740 [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_ssl_certs"
2021-10-21 14:46:20,741 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_cridex"
2021-10-21 14:46:20,741 [lib.cuckoo.core.plugins] DEBUG: Running signature "geodo_banking_trojan"
2021-10-21 14:46:20,744 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_prinimalka"
2021-10-21 14:46:20,745 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_spyeye_mutexes"
2021-10-21 14:46:20,745 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_mutex"
2021-10-21 14:46:20,746 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_p2p"
2021-10-21 14:46:20,747 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_url"
2021-10-21 14:46:20,747 [lib.cuckoo.core.plugins] DEBUG: Running signature "bcdedit_command"
2021-10-21 14:46:20,748 [lib.cuckoo.core.plugins] DEBUG: Running signature "betabot_behavior"
2021-10-21 14:46:20,748 [lib.cuckoo.core.plugins] DEBUG: Running signature "bitcoin_opencl"
2021-10-21 14:46:20,749 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_primary_patition"
2021-10-21 14:46:20,749 [lib.cuckoo.core.plugins] DEBUG: Running signature "bootkit"
2021-10-21 14:46:20,749 [lib.cuckoo.core.plugins] DEBUG: Running signature "direct_hdd_access"
2021-10-21 14:46:20,750 [lib.cuckoo.core.plugins] DEBUG: Running signature "physical_drive_access"
2021-10-21 14:46:20,750 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_ioctl_scsipassthough"
2021-10-21 14:46:20,751 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_athenahttp"
2021-10-21 14:46:20,751 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_dirtjumper"
2021-10-21 14:46:20,752 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive"
2021-10-21 14:46:20,753 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive2"
2021-10-21 14:46:20,754 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_madness"
2021-10-21 14:46:20,754 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_russkill"
2021-10-21 14:46:20,754 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_addon"
2021-10-21 14:46:20,755 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_helper_object"
2021-10-21 14:46:20,756 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_needed"
2021-10-21 14:46:20,756 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_proxy"
2021-10-21 14:46:20,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_scanbox"
2021-10-21 14:46:20,758 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_security"
2021-10-21 14:46:20,760 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_startpage"
2021-10-21 14:46:20,761 [lib.cuckoo.core.plugins] DEBUG: Running signature "odbcconf_bypass"
2021-10-21 14:46:20,761 [lib.cuckoo.core.plugins] DEBUG: Running signature "regsvr32_squiblydoo_dll_load"
2021-10-21 14:46:20,762 [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblydoo_bypass"
2021-10-21 14:46:20,762 [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblytwo_bypass"
2021-10-21 14:46:20,763 [lib.cuckoo.core.plugins] DEBUG: Running signature "bypass_firewall"
2021-10-21 14:46:20,764 [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_cmstp"
2021-10-21 14:46:20,764 [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_cmstpcom"
2021-10-21 14:46:20,765 [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_delegateexecute_sdclt"
2021-10-21 14:46:20,766 [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_eventvwr"
2021-10-21 14:46:20,766 [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_fodhelper"
2021-10-21 14:46:20,767 [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_extracted_config"
2021-10-21 14:46:20,767 [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_extracted_content"
2021-10-21 14:46:20,768 [lib.cuckoo.core.plugins] DEBUG: Running signature "carberp_mutex"
2021-10-21 14:46:20,768 [lib.cuckoo.core.plugins] DEBUG: Running signature "cerber_behavior"
2021-10-21 14:46:20,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "chimera_behavior"
2021-10-21 14:46:20,769 [lib.cuckoo.core.plugins] DEBUG: Running signature "clamav"
2021-10-21 14:46:20,770 [lib.cuckoo.core.plugins] DEBUG: Running signature "clears_logs"
2021-10-21 14:46:20,770 [lib.cuckoo.core.plugins] DEBUG: Running signature "clickfraud_cookies"
2021-10-21 14:46:20,771 [lib.cuckoo.core.plugins] DEBUG: Running signature "clickfraud_volume"
2021-10-21 14:46:20,771 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_obfuscation"
2021-10-21 14:46:20,772 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_switches"
2021-10-21 14:46:20,772 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_terminate"
2021-10-21 14:46:20,772 [lib.cuckoo.core.plugins] DEBUG: Running signature "commandline_forfiles_wildcard"
2021-10-21 14:46:20,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_http_link"
2021-10-21 14:46:20,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "commandline_long_string"
2021-10-21 14:46:20,773 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_reversed_http_link"
2021-10-21 14:46:20,774 [lib.cuckoo.core.plugins] DEBUG: Running signature "long_commandline"
2021-10-21 14:46:20,774 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed_commandline"
2021-10-21 14:46:20,775 [lib.cuckoo.core.plugins] DEBUG: Running signature "codelux_behavior"
2021-10-21 14:46:20,775 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_account_disovery_cmd"
2021-10-21 14:46:20,776 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_disovery_cmd"
2021-10-21 14:46:20,776 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_disovery_pwsh"
2021-10-21 14:46:20,777 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_cmd"
2021-10-21 14:46:20,777 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_pwsh"
2021-10-21 14:46:20,777 [lib.cuckoo.core.plugins] DEBUG: Running signature "system_user_disovery_cmd"
2021-10-21 14:46:20,778 [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_code_compile"
2021-10-21 14:46:20,778 [lib.cuckoo.core.plugins] DEBUG: Running signature "copies_self"
2021-10-21 14:46:20,778 [lib.cuckoo.core.plugins] DEBUG: Running signature "creates_largekey"
2021-10-21 14:46:20,779 [lib.cuckoo.core.plugins] DEBUG: Running signature "creates_nullvalue"
2021-10-21 14:46:20,779 [lib.cuckoo.core.plugins] DEBUG: Running signature "enables_wdigest"
2021-10-21 14:46:20,780 [lib.cuckoo.core.plugins] DEBUG: Running signature "file_credential_store_access"
2021-10-21 14:46:20,780 [lib.cuckoo.core.plugins] DEBUG: Running signature "file_credential_store_write"
2021-10-21 14:46:20,781 [lib.cuckoo.core.plugins] DEBUG: Running signature "lsass_credential_dumping"
2021-10-21 14:46:20,781 [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_dumping"
2021-10-21 14:46:20,782 [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_store_access"
2021-10-21 14:46:20,783 [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_lsa_secrets_access"
2021-10-21 14:46:20,784 [lib.cuckoo.core.plugins] DEBUG: Running signature "critical_process"
2021-10-21 14:46:20,784 [lib.cuckoo.core.plugins] DEBUG: Running signature "cyrptomining_stratum_command"
2021-10-21 14:46:20,784 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptopool_domains"
2021-10-21 14:46:20,785 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptowall_behavior"
2021-10-21 14:46:20,785 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2014_6332"
2021-10-21 14:46:20,786 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2015_2419_js"
2021-10-21 14:46:20,786 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2016-0189"
2021-10-21 14:46:20,786 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2016_7200"
2021-10-21 14:46:20,787 [lib.cuckoo.core.plugins] DEBUG: Running signature "cypherit_mutexes"
2021-10-21 14:46:20,788 [lib.cuckoo.core.plugins] DEBUG: Running signature "darkcomet_regkeys"
2021-10-21 14:46:20,789 [lib.cuckoo.core.plugins] DEBUG: Running signature "dead_connect"
2021-10-21 14:46:20,790 [lib.cuckoo.core.plugins] DEBUG: Running signature "dead_link"
2021-10-21 14:46:20,790 [lib.cuckoo.core.plugins] DEBUG: Running signature "debugs_self"
2021-10-21 14:46:20,790 [lib.cuckoo.core.plugins] DEBUG: Running signature "decoy_document"
2021-10-21 14:46:20,791 [lib.cuckoo.core.plugins] DEBUG: Running signature "decoy_image"
2021-10-21 14:46:20,791 [lib.cuckoo.core.plugins] DEBUG: Running signature "deepfreeze_mutex"
2021-10-21 14:46:20,792 [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_self"
2021-10-21 14:46:20,792 [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_shadow_copies"
2021-10-21 14:46:20,792 [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_system_state_backup"
2021-10-21 14:46:20,793 [lib.cuckoo.core.plugins] DEBUG: Running signature "dep_bypass"
2021-10-21 14:46:20,793 [lib.cuckoo.core.plugins] DEBUG: Running signature "dep_disable"
2021-10-21 14:46:20,793 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_appv_virtualization"
2021-10-21 14:46:20,794 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_app_launch"
2021-10-21 14:46:20,795 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_auto_app_termination"
2021-10-21 14:46:20,795 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_backups"
2021-10-21 14:46:20,797 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_browser_warn"
2021-10-21 14:46:20,799 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_context_menus"
2021-10-21 14:46:20,800 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_cpl_disable"
2021-10-21 14:46:20,801 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_mappeddrives_autodisconnect"
2021-10-21 14:46:20,801 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_event_logging"
2021-10-21 14:46:20,801 [lib.cuckoo.core.plugins] DEBUG: Running signature "disable_folder_options"
2021-10-21 14:46:20,802 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_notificationcenter"
2021-10-21 14:46:20,803 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_power_options"
2021-10-21 14:46:20,804 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_restore_default_state"
2021-10-21 14:46:20,805 [lib.cuckoo.core.plugins] DEBUG: Running signature "disable_run_command"
2021-10-21 14:46:20,806 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_smartscreen"
2021-10-21 14:46:20,806 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_spdy"
2021-10-21 14:46:20,807 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_startmenu_search"
2021-10-21 14:46:20,808 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_system_restore"
2021-10-21 14:46:20,809 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_uac"
2021-10-21 14:46:20,809 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wer"
2021-10-21 14:46:20,810 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wfp"
2021-10-21 14:46:20,810 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender"
2021-10-21 14:46:20,811 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender_logging"
2021-10-21 14:46:20,812 [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_windows_defender_contextmenu"
2021-10-21 14:46:20,813 [lib.cuckoo.core.plugins] DEBUG: Running signature "windows_defender_powershell"
2021-10-21 14:46:20,813 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_file_protection"
2021-10-21 14:46:20,814 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windowsupdate"
2021-10-21 14:46:20,814 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_winfirewall"
2021-10-21 14:46:20,815 [lib.cuckoo.core.plugins] DEBUG: Running signature "document_script_exe_drop"
2021-10-21 14:46:20,815 [lib.cuckoo.core.plugins] DEBUG: Running signature "andromut_mutexes"
2021-10-21 14:46:20,816 [lib.cuckoo.core.plugins] DEBUG: Running signature "downloader_cabby"
2021-10-21 14:46:20,817 [lib.cuckoo.core.plugins] DEBUG: Running signature "guloader_apis"
2021-10-21 14:46:20,817 [lib.cuckoo.core.plugins] DEBUG: Running signature "phorpiex_mutexes"
2021-10-21 14:46:20,817 [lib.cuckoo.core.plugins] DEBUG: Running signature "protonbot_mutexes"
2021-10-21 14:46:20,818 [lib.cuckoo.core.plugins] DEBUG: Running signature "dridex_behavior"
2021-10-21 14:46:20,818 [lib.cuckoo.core.plugins] DEBUG: Running signature "driver_filtermanager"
2021-10-21 14:46:20,819 [lib.cuckoo.core.plugins] DEBUG: Running signature "driver_load"
2021-10-21 14:46:20,819 [lib.cuckoo.core.plugins] DEBUG: Running signature "dropper"
2021-10-21 14:46:20,820 [lib.cuckoo.core.plugins] DEBUG: Running signature "exe_dropper_js"
2021-10-21 14:46:20,820 [lib.cuckoo.core.plugins] DEBUG: Running signature "dynamic_function_loading"
2021-10-21 14:46:20,821 [lib.cuckoo.core.plugins] DEBUG: Running signature "dyre_behavior"
2021-10-21 14:46:20,821 [lib.cuckoo.core.plugins] DEBUG: Running signature "angler_js"
2021-10-21 14:46:20,821 [lib.cuckoo.core.plugins] DEBUG: Running signature "gondad_js"
2021-10-21 14:46:20,822 [lib.cuckoo.core.plugins] DEBUG: Running signature "heapspray_js"
2021-10-21 14:46:20,822 [lib.cuckoo.core.plugins] DEBUG: Running signature "java_js"
2021-10-21 14:46:20,822 [lib.cuckoo.core.plugins] DEBUG: Running signature "Neutrino_js"
2021-10-21 14:46:20,823 [lib.cuckoo.core.plugins] DEBUG: Running signature "nuclear_js"
2021-10-21 14:46:20,823 [lib.cuckoo.core.plugins] DEBUG: Running signature "rig_js"
2021-10-21 14:46:20,823 [lib.cuckoo.core.plugins] DEBUG: Running signature "silverlight_js"
2021-10-21 14:46:20,824 [lib.cuckoo.core.plugins] DEBUG: Running signature "sundown_js"
2021-10-21 14:46:20,824 [lib.cuckoo.core.plugins] DEBUG: Running signature "virtualcheck_js"
2021-10-21 14:46:20,825 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypted_ioc"
2021-10-21 14:46:20,825 [lib.cuckoo.core.plugins] DEBUG: Running signature "excel4_macro_urls"
2021-10-21 14:46:20,825 [lib.cuckoo.core.plugins] DEBUG: Running signature "exec_crash"
2021-10-21 14:46:20,826 [lib.cuckoo.core.plugins] DEBUG: Running signature "process_creation_suspicious_location"
2021-10-21 14:46:20,826 [lib.cuckoo.core.plugins] DEBUG: Running signature "exploit_getbasekerneladdress"
2021-10-21 14:46:20,826 [lib.cuckoo.core.plugins] DEBUG: Running signature "exploit_gethaldispatchtable"
2021-10-21 14:46:20,827 [lib.cuckoo.core.plugins] DEBUG: Running signature "exploit_heapspray"
2021-10-21 14:46:20,827 [lib.cuckoo.core.plugins] DEBUG: Running signature "spooler_access"
2021-10-21 14:46:20,828 [lib.cuckoo.core.plugins] DEBUG: Running signature "spooler_svc_start"
2021-10-21 14:46:20,828 [lib.cuckoo.core.plugins] DEBUG: Running signature "koadic_apis"
2021-10-21 14:46:20,828 [lib.cuckoo.core.plugins] DEBUG: Running signature "koadic_network_activity"
2021-10-21 14:46:20,829 [lib.cuckoo.core.plugins] DEBUG: Running signature "family_proxyback"
2021-10-21 14:46:20,829 [lib.cuckoo.core.plugins] DEBUG: Running signature "downloads_from_filehosting"
2021-10-21 14:46:20,830 [lib.cuckoo.core.plugins] DEBUG: Running signature "mapped_drives_uac"
2021-10-21 14:46:20,830 [lib.cuckoo.core.plugins] DEBUG: Running signature "generic_phish"
2021-10-21 14:46:20,831 [lib.cuckoo.core.plugins] DEBUG: Running signature "gootkit_behavior"
2021-10-21 14:46:20,831 [lib.cuckoo.core.plugins] DEBUG: Running signature "h1n1_behavior"
2021-10-21 14:46:20,831 [lib.cuckoo.core.plugins] DEBUG: Running signature "hancitor_behavior"
2021-10-21 14:46:20,832 [lib.cuckoo.core.plugins] DEBUG: Running signature "hawkeye_behavior"
2021-10-21 14:46:20,832 [lib.cuckoo.core.plugins] DEBUG: Running signature "hides_recycle_bin_icon"
2021-10-21 14:46:20,833 [lib.cuckoo.core.plugins] DEBUG: Running signature "http_request"
2021-10-21 14:46:20,833 [lib.cuckoo.core.plugins] DEBUG: Running signature "https_urls"
2021-10-21 14:46:20,834 [lib.cuckoo.core.plugins] DEBUG: Running signature "apocalypse_stealer_file_behavior"
2021-10-21 14:46:20,834 [lib.cuckoo.core.plugins] DEBUG: Running signature "arkei_files"
2021-10-21 14:46:20,835 [lib.cuckoo.core.plugins] DEBUG: Running signature "azorult_mutexes"
2021-10-21 14:46:20,836 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_bitcoin"
2021-10-21 14:46:20,839 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_browser"
2021-10-21 14:46:20,840 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_browser_password"
2021-10-21 14:46:20,840 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_cookies"
2021-10-21 14:46:20,842 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptbot_files"
2021-10-21 14:46:20,843 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptbot_network"
2021-10-21 14:46:20,843 [lib.cuckoo.core.plugins] DEBUG: Running signature "echelon_files"
2021-10-21 14:46:20,845 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_ftp"
2021-10-21 14:46:20,863 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_im"
2021-10-21 14:46:20,874 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_keylog"
2021-10-21 14:46:20,874 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_mail"
2021-10-21 14:46:20,875 [lib.cuckoo.core.plugins] DEBUG: Running signature "masslogger_artifacts"
2021-10-21 14:46:20,875 [lib.cuckoo.core.plugins] DEBUG: Running signature "masslogger_files"
2021-10-21 14:46:20,876 [lib.cuckoo.core.plugins] DEBUG: Running signature "masslogger_version"
2021-10-21 14:46:20,876 [lib.cuckoo.core.plugins] DEBUG: Running signature "poullight_files"
2021-10-21 14:46:20,878 [lib.cuckoo.core.plugins] DEBUG: Running signature "purplewave_mutexes"
2021-10-21 14:46:20,879 [lib.cuckoo.core.plugins] DEBUG: Running signature "purplewave_network_activity"
2021-10-21 14:46:20,879 [lib.cuckoo.core.plugins] DEBUG: Running signature "quilclipper_mutexes"
2021-10-21 14:46:20,880 [lib.cuckoo.core.plugins] DEBUG: Running signature "quilclipper_behavior"
2021-10-21 14:46:20,880 [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_files"
2021-10-21 14:46:20,881 [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_mutexes"
2021-10-21 14:46:20,882 [lib.cuckoo.core.plugins] DEBUG: Running signature "Raccoon Behavior"
2021-10-21 14:46:20,882 [lib.cuckoo.core.plugins] DEBUG: Running signature "captures_screenshot"
2021-10-21 14:46:20,882 [lib.cuckoo.core.plugins] DEBUG: Running signature "Vidar Behavior"
2021-10-21 14:46:20,883 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_createremotethread"
2021-10-21 14:46:20,883 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_explorer"
2021-10-21 14:46:20,884 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_needextension"
2021-10-21 14:46:20,884 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_network_traffic"
2021-10-21 14:46:20,884 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_runpe"
2021-10-21 14:46:20,885 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_rwx"
2021-10-21 14:46:20,885 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_themeinitapihook"
2021-10-21 14:46:20,885 [lib.cuckoo.core.plugins] DEBUG: Running signature "internet_dropper"
2021-10-21 14:46:20,886 [lib.cuckoo.core.plugins] DEBUG: Running signature "ipc_namedpipe"
2021-10-21 14:46:20,886 [lib.cuckoo.core.plugins] DEBUG: Running signature "js_phish"
2021-10-21 14:46:20,886 [lib.cuckoo.core.plugins] DEBUG: Running signature "js_suspicious_redirect"
2021-10-21 14:46:20,887 [lib.cuckoo.core.plugins] DEBUG: Running signature "kazybot_behavior"
2021-10-21 14:46:20,887 [lib.cuckoo.core.plugins] DEBUG: Running signature "kelihos_behavior"
2021-10-21 14:46:20,888 [lib.cuckoo.core.plugins] DEBUG: Running signature "kibex_behavior"
2021-10-21 14:46:20,888 [lib.cuckoo.core.plugins] DEBUG: Running signature "kovter_behavior"
2021-10-21 14:46:20,888 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_kraken_mutexes"
2021-10-21 14:46:20,889 [lib.cuckoo.core.plugins] DEBUG: Running signature "locker_regedit"
2021-10-21 14:46:20,889 [lib.cuckoo.core.plugins] DEBUG: Running signature "locker_taskmgr"
2021-10-21 14:46:20,890 [lib.cuckoo.core.plugins] DEBUG: Running signature "Locky_behavior"
2021-10-21 14:46:20,890 [lib.cuckoo.core.plugins] DEBUG: Running signature "malicious_dynamic_function_loading"
2021-10-21 14:46:20,891 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypts_pcinfo"
2021-10-21 14:46:20,891 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypt_data_agenttesla_http"
2021-10-21 14:46:20,891 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypt_data_agentteslat2_http"
2021-10-21 14:46:20,892 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypt_data_nanocore"
2021-10-21 14:46:20,892 [lib.cuckoo.core.plugins] DEBUG: Running signature "ie_martian_children"
2021-10-21 14:46:20,892 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_martian_children"
2021-10-21 14:46:20,895 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_agent"
2021-10-21 14:46:20,895 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_extension"
2021-10-21 14:46:20,896 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_filetime"
2021-10-21 14:46:20,896 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_icon"
2021-10-21 14:46:20,897 [lib.cuckoo.core.plugins] DEBUG: Running signature "masquerade_process_name"
2021-10-21 14:46:20,899 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimikatz_modules"
2021-10-21 14:46:20,900 [lib.cuckoo.core.plugins] DEBUG: Running signature "quilclipper_behavior"
2021-10-21 14:46:20,900 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_certs"
2021-10-21 14:46:20,901 [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_clr_usagelog_regkeys"
2021-10-21 14:46:20,901 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_hostfile"
2021-10-21 14:46:20,902 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_oem_information"
2021-10-21 14:46:20,903 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_security_center_warnings"
2021-10-21 14:46:20,904 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_uac_prompt"
2021-10-21 14:46:20,904 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_desktop_wallpaper"
2021-10-21 14:46:20,905 [lib.cuckoo.core.plugins] DEBUG: Running signature "move_file_on_reboot"
2021-10-21 14:46:20,905 [lib.cuckoo.core.plugins] DEBUG: Running signature "multiple_useragents"
2021-10-21 14:46:20,906 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_anomaly"
2021-10-21 14:46:20,906 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_bind"
2021-10-21 14:46:20,906 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_archive"
2021-10-21 14:46:20,907 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_free_webshoting"
2021-10-21 14:46:20,907 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_generic"
2021-10-21 14:46:20,907 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_temp_urldns"
2021-10-21 14:46:20,908 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_pastesite"
2021-10-21 14:46:20,908 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_payload"
2021-10-21 14:46:20,909 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_socialmedia"
2021-10-21 14:46:20,909 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_telegram"
2021-10-21 14:46:20,909 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_tempstorage"
2021-10-21 14:46:20,910 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_temp_urldns"
2021-10-21 14:46:20,910 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_urlshortener"
2021-10-21 14:46:20,910 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_https_useragent"
2021-10-21 14:46:20,911 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_smtps_exfil"
2021-10-21 14:46:20,911 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_smtps_generic"
2021-10-21 14:46:20,911 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_country_distribution"
2021-10-21 14:46:20,912 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_multiple_direct_ip_connections"
2021-10-21 14:46:20,912 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_http"
2021-10-21 14:46:20,913 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga"
2021-10-21 14:46:20,930 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga_fraunhofer"
2021-10-21 14:46:20,930 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_blockchain"
2021-10-21 14:46:20,931 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_idn"
2021-10-21 14:46:20,931 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_opennic"
2021-10-21 14:46:20,933 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_paste_site"
2021-10-21 14:46:20,934 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_reverse_proxy"
2021-10-21 14:46:20,935 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_suspicious_querytype"
2021-10-21 14:46:20,935 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_temp_file_storage"
2021-10-21 14:46:20,937 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_temp_urldns"
2021-10-21 14:46:20,937 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_tunneling_request"
2021-10-21 14:46:20,938 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_url_shortener"
2021-10-21 14:46:20,939 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_doh_tls"
2021-10-21 14:46:20,940 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_document_http"
2021-10-21 14:46:20,940 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_excessive_udp"
2021-10-21 14:46:20,940 [lib.cuckoo.core.plugins] DEBUG: Running signature "explorer_http"
2021-10-21 14:46:20,941 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_fake_useragent"
2021-10-21 14:46:20,941 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_http"
2021-10-21 14:46:20,941 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_icmp"
2021-10-21 14:46:20,942 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_irc"
2021-10-21 14:46:20,942 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_open_proxy"
2021-10-21 14:46:20,943 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_smtp"
2021-10-21 14:46:20,943 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor"
2021-10-21 14:46:20,943 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor_service"
2021-10-21 14:46:20,944 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_torgateway"
2021-10-21 14:46:20,946 [lib.cuckoo.core.plugins] DEBUG: Running signature "nymaim_behavior"
2021-10-21 14:46:20,946 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_code_page"
2021-10-21 14:46:20,946 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "office_code_page"
2021-10-21 14:46:20,947 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_addinloading"
2021-10-21 14:46:20,947 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_com_load"
2021-10-21 14:46:20,948 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_dotnet_load"
2021-10-21 14:46:20,948 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_mshtml_load"
2021-10-21 14:46:20,948 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_perfkey"
2021-10-21 14:46:20,949 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_vb_load"
2021-10-21 14:46:20,949 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_wmi_load"
2021-10-21 14:46:20,950 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_cve2017_11882"
2021-10-21 14:46:20,950 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_cve2017_11882_network"
2021-10-21 14:46:20,950 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_cve_2021_40444"
2021-10-21 14:46:20,951 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_cve_2021_40444_m2"
2021-10-21 14:46:20,951 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_flash_load"
2021-10-21 14:46:20,951 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_postscript"
2021-10-21 14:46:20,952 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro"
2021-10-21 14:46:20,952 [lib.cuckoo.core.plugins] DEBUG: Running signature "changes_trust_center_settings"
2021-10-21 14:46:20,953 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_vba_trust_access"
2021-10-21 14:46:20,953 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_autoexecution"
2021-10-21 14:46:20,954 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_ioc"
2021-10-21 14:46:20,954 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_malicious_prediction"
2021-10-21 14:46:20,954 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_suspicious"
2021-10-21 14:46:20,955 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_aslr_bypass"
2021-10-21 14:46:20,955 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_characterset"
2021-10-21 14:46:20,956 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_version"
2021-10-21 14:46:20,956 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_content"
2021-10-21 14:46:20,956 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_office_file"
2021-10-21 14:46:20,957 [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_exploit_static"
2021-10-21 14:46:20,957 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_security"
2021-10-21 14:46:20,957 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_anomalous_feature"
2021-10-21 14:46:20,958 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_dde_command"
2021-10-21 14:46:20,958 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_suspicious_processes"
2021-10-21 14:46:20,958 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_write_exe"
2021-10-21 14:46:20,959 [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_langid"
2021-10-21 14:46:20,959 [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_resource_langid"
2021-10-21 14:46:20,960 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_unknown_pe_section_name"
2021-10-21 14:46:20,960 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_mutex"
2021-10-21 14:46:20,960 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_regkey"
2021-10-21 14:46:20,961 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspack"
2021-10-21 14:46:20,962 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspirecrypt"
2021-10-21 14:46:20,962 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_bedsprotector"
2021-10-21 14:46:20,962 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_confuser"
2021-10-21 14:46:20,963 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_enigma"
2021-10-21 14:46:20,963 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_entropy"
2021-10-21 14:46:20,963 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_mpress"
2021-10-21 14:46:20,964 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nate"
2021-10-21 14:46:20,964 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nspack"
2021-10-21 14:46:20,965 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_smartassembly"
2021-10-21 14:46:20,965 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_spices"
2021-10-21 14:46:20,965 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_themida"
2021-10-21 14:46:20,966 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_themida"
2021-10-21 14:46:20,966 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_titan"
2021-10-21 14:46:20,966 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_upx"
2021-10-21 14:46:20,967 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_vmprotect"
2021-10-21 14:46:20,967 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_yoda"
2021-10-21 14:46:20,967 [lib.cuckoo.core.plugins] DEBUG: Running signature "pdf_annot_urls"
2021-10-21 14:46:20,968 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ads"
2021-10-21 14:46:20,968 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_autorun"
2021-10-21 14:46:20,969 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_autorun_tasks"
2021-10-21 14:46:20,969 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_safeboot"
2021-10-21 14:46:20,970 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_bootexecute"
2021-10-21 14:46:20,970 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_registry_script"
2021-10-21 14:46:20,970 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ifeo"
2021-10-21 14:46:20,971 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_slient_process_exit"
2021-10-21 14:46:20,972 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_rdp_registry"
2021-10-21 14:46:20,972 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_rdp_shadowing"
2021-10-21 14:46:20,973 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_service"
2021-10-21 14:46:20,973 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_shim_database"
2021-10-21 14:46:20,974 [lib.cuckoo.core.plugins] DEBUG: Running signature "polymorphic"
2021-10-21 14:46:20,975 [lib.cuckoo.core.plugins] DEBUG: Running signature "pony_behavior"
2021-10-21 14:46:20,975 [lib.cuckoo.core.plugins] DEBUG: Running signature "powerpool_mutexes"
2021-10-21 14:46:20,976 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_network_connection"
2021-10-21 14:46:20,976 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_scriptblock_logging"
2021-10-21 14:46:20,976 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_command_suspicious"
2021-10-21 14:46:20,977 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed"
2021-10-21 14:46:20,977 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_reversed"
2021-10-21 14:46:20,977 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_variable_obfuscation"
2021-10-21 14:46:20,978 [lib.cuckoo.core.plugins] DEBUG: Running signature "punch_plus_plus_pcres"
2021-10-21 14:46:20,978 [lib.cuckoo.core.plugins] DEBUG: Running signature "prevents_safeboot"
2021-10-21 14:46:20,979 [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_process_discovery"
2021-10-21 14:46:20,979 [lib.cuckoo.core.plugins] DEBUG: Running signature "createtoolhelp32snapshot_module_enumeration"
2021-10-21 14:46:20,980 [lib.cuckoo.core.plugins] DEBUG: Running signature "enumerates_running_processes"
2021-10-21 14:46:20,980 [lib.cuckoo.core.plugins] DEBUG: Running signature "process_interest"
2021-10-21 14:46:20,980 [lib.cuckoo.core.plugins] DEBUG: Running signature "process_needed"
2021-10-21 14:46:20,981 [lib.cuckoo.core.plugins] DEBUG: Running signature "procmem_yara"
2021-10-21 14:46:20,981 [lib.cuckoo.core.plugins] DEBUG: Running signature "mass_data_encryption"
2021-10-21 14:46:20,981 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptomix_mutexes"
2021-10-21 14:46:20,982 [lib.cuckoo.core.plugins] DEBUG: Running signature "dharma_mutexes"
2021-10-21 14:46:20,982 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_dmalocker"
2021-10-21 14:46:20,983 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_extensions"
2021-10-21 14:46:20,990 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_file_modifications"
2021-10-21 14:46:20,991 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_files"
2021-10-21 14:46:21,000 [lib.cuckoo.core.plugins] DEBUG: Running signature "fonix_mutexes"
2021-10-21 14:46:21,001 [lib.cuckoo.core.plugins] DEBUG: Running signature "gandcrab_mutexes"
2021-10-21 14:46:21,001 [lib.cuckoo.core.plugins] DEBUG: Running signature "germanwiper_mutexes"
2021-10-21 14:46:21,002 [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_mutexes"
2021-10-21 14:46:21,003 [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_regkeys"
2021-10-21 14:46:21,004 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_message"
2021-10-21 14:46:21,004 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_message_multiple_locations"
2021-10-21 14:46:21,004 [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_mutexes"
2021-10-21 14:46:21,005 [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_network_activity"
2021-10-21 14:46:21,005 [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_note"
2021-10-21 14:46:21,006 [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_regkeys"
2021-10-21 14:46:21,007 [lib.cuckoo.core.plugins] DEBUG: Running signature "pysa_mutexes"
2021-10-21 14:46:21,007 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_radamant"
2021-10-21 14:46:21,008 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_recyclebin"
2021-10-21 14:46:21,008 [lib.cuckoo.core.plugins] DEBUG: Running signature "revil_mutexes"
2021-10-21 14:46:21,010 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_revil_regkey"
2021-10-21 14:46:21,010 [lib.cuckoo.core.plugins] DEBUG: Running signature "satan_mutexes"
2021-10-21 14:46:21,011 [lib.cuckoo.core.plugins] DEBUG: Running signature "snake_ransom_mutexes"
2021-10-21 14:46:21,012 [lib.cuckoo.core.plugins] DEBUG: Running signature "Sodinokibi Behavior"
2021-10-21 14:46:21,012 [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransom_mutexes"
2021-10-21 14:46:21,013 [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransomware_cmd"
2021-10-21 14:46:21,013 [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransomware_registry"
2021-10-21 14:46:21,013 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_beebus_mutexes"
2021-10-21 14:46:21,014 [lib.cuckoo.core.plugins] DEBUG: Running signature "blacknet_mutexes"
2021-10-21 14:46:21,015 [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_apis"
2021-10-21 14:46:21,015 [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_mutexes"
2021-10-21 14:46:21,015 [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_network_activity"
2021-10-21 14:46:21,016 [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_registry_keys"
2021-10-21 14:46:21,016 [lib.cuckoo.core.plugins] DEBUG: Running signature "crat_mutexes"
2021-10-21 14:46:21,017 [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_behavior"
2021-10-21 14:46:21,018 [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_files"
2021-10-21 14:46:21,018 [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_mutexes"
2021-10-21 14:46:21,019 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_fynloski_mutexes"
2021-10-21 14:46:21,019 [lib.cuckoo.core.plugins] DEBUG: Running signature "karagany_system_event_objects"
2021-10-21 14:46:21,019 [lib.cuckoo.core.plugins] DEBUG: Running signature "karagany_files"
2021-10-21 14:46:21,020 [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_mutexes"
2021-10-21 14:46:21,020 [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_regkeys"
2021-10-21 14:46:21,022 [lib.cuckoo.core.plugins] DEBUG: Running signature "lodarat_file_behavior"
2021-10-21 14:46:21,023 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_luminosity"
2021-10-21 14:46:21,023 [lib.cuckoo.core.plugins] DEBUG: Running signature "modirat_behavior"
2021-10-21 14:46:21,024 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_nanocore"
2021-10-21 14:46:21,025 [lib.cuckoo.core.plugins] DEBUG: Running signature "NewtWire Behavior"
2021-10-21 14:46:21,025 [lib.cuckoo.core.plugins] DEBUG: Running signature "njrat_regkeys"
2021-10-21 14:46:21,026 [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_files"
2021-10-21 14:46:21,026 [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_mutexes"
2021-10-21 14:46:21,027 [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_network_activity"
2021-10-21 14:46:21,027 [lib.cuckoo.core.plugins] DEBUG: Running signature "OrcusRAT Behavior"
2021-10-21 14:46:21,028 [lib.cuckoo.core.plugins] DEBUG: Running signature "parallax_mutexes"
2021-10-21 14:46:21,028 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_pcclient"
2021-10-21 14:46:21,029 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_plugx_mutexes"
2021-10-21 14:46:21,029 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_poisonivy_mutexes"
2021-10-21 14:46:21,030 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_quasar_mutexes"
2021-10-21 14:46:21,030 [lib.cuckoo.core.plugins] DEBUG: Running signature "ratsnif_mutexes"
2021-10-21 14:46:21,031 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_spynet"
2021-10-21 14:46:21,032 [lib.cuckoo.core.plugins] DEBUG: Running signature "trochilusrat_APIs"
2021-10-21 14:46:21,032 [lib.cuckoo.core.plugins] DEBUG: Running signature "venomrat_mutexes"
2021-10-21 14:46:21,032 [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_files"
2021-10-21 14:46:21,033 [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_regkeys"
2021-10-21 14:46:21,034 [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_files"
2021-10-21 14:46:21,035 [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_mutexes"
2021-10-21 14:46:21,036 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_xtreme_mutexes"
2021-10-21 14:46:21,036 [lib.cuckoo.core.plugins] DEBUG: Running signature "reads_self"
2021-10-21 14:46:21,036 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_beacon"
2021-10-21 14:46:21,037 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_checkip"
2021-10-21 14:46:21,037 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_fingerprint"
2021-10-21 14:46:21,038 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_programs"
2021-10-21 14:46:21,039 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_systeminfo"
2021-10-21 14:46:21,039 [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_recyclebin"
2021-10-21 14:46:21,040 [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_files"
2021-10-21 14:46:21,040 [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_mutexes"
2021-10-21 14:46:21,041 [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_regkeys"
2021-10-21 14:46:21,042 [lib.cuckoo.core.plugins] DEBUG: Running signature "rdptcp_key"
2021-10-21 14:46:21,043 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_rdp_clip"
2021-10-21 14:46:21,043 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_remote_desktop_session"
2021-10-21 14:46:21,043 [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_networking_icon"
2021-10-21 14:46:21,044 [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_pinned_programs"
2021-10-21 14:46:21,045 [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_security_maintenance_icon"
2021-10-21 14:46:21,045 [lib.cuckoo.core.plugins] DEBUG: Running signature "Removes_startmenu_defaults"
2021-10-21 14:46:21,047 [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_username_startmenu"
2021-10-21 14:46:21,047 [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_zoneid_ads"
2021-10-21 14:46:21,048 [lib.cuckoo.core.plugins] DEBUG: Running signature "spicyhotpot_behavior"
2021-10-21 14:46:21,048 [lib.cuckoo.core.plugins] DEBUG: Running signature "script_created_process"
2021-10-21 14:46:21,049 [lib.cuckoo.core.plugins] DEBUG: Running signature "script_network_activity"
2021-10-21 14:46:21,049 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_js_script"
2021-10-21 14:46:21,049 [lib.cuckoo.core.plugins] DEBUG: Running signature "secure_login_phishing"
2021-10-21 14:46:21,050 [lib.cuckoo.core.plugins] DEBUG: Running signature "securityxploded_modules"
2021-10-21 14:46:21,050 [lib.cuckoo.core.plugins] DEBUG: Running signature "sets_autoconfig_url"
2021-10-21 14:46:21,051 [lib.cuckoo.core.plugins] DEBUG: Running signature "shifu_behavior"
2021-10-21 14:46:21,051 [lib.cuckoo.core.plugins] DEBUG: Running signature "sniffer_winpcap"
2021-10-21 14:46:21,052 [lib.cuckoo.core.plugins] DEBUG: Running signature "spoofs_procname"
2021-10-21 14:46:21,052 [lib.cuckoo.core.plugins] DEBUG: Running signature "spreading_autoruninf"
2021-10-21 14:46:21,052 [lib.cuckoo.core.plugins] DEBUG: Running signature "stack_pivot"
2021-10-21 14:46:21,053 [lib.cuckoo.core.plugins] DEBUG: Running signature "stack_pivot_file_created"
2021-10-21 14:46:21,053 [lib.cuckoo.core.plugins] DEBUG: Running signature "stack_pivot_process_create"
2021-10-21 14:46:21,053 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_authenticode"
2021-10-21 14:46:21,054 [lib.cuckoo.core.plugins] DEBUG: Running signature "invalid_authenticode_signature"
2021-10-21 14:46:21,054 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_dotnet_anomaly"
2021-10-21 14:46:21,055 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_java"
2021-10-21 14:46:21,055 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pdf"
2021-10-21 14:46:21,055 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_anomaly"
2021-10-21 14:46:21,056 [lib.cuckoo.core.plugins] DEBUG: Running signature "pe_compile_timestomping"
2021-10-21 14:46:21,056 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_pdbpath"
2021-10-21 14:46:21,056 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_rat_config"
2021-10-21 14:46:21,057 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_versioninfo_anomaly"
2021-10-21 14:46:21,057 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_childproc"
2021-10-21 14:46:21,057 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_file"
2021-10-21 14:46:21,058 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hidden_extension"
2021-10-21 14:46:21,058 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hiddenreg"
2021-10-21 14:46:21,059 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hide_notifications"
2021-10-21 14:46:21,060 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_network"
2021-10-21 14:46:21,060 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_timeout"
2021-10-21 14:46:21,061 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_webhistory"
2021-10-21 14:46:21,061 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_window"
2021-10-21 14:46:21,062 [lib.cuckoo.core.plugins] DEBUG: Running signature "suricata_alert"
2021-10-21 14:46:21,062 [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_psexec"
2021-10-21 14:46:21,063 [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_tools"
2021-10-21 14:46:21,063 [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_etw"
2021-10-21 14:46:21,064 [lib.cuckoo.core.plugins] DEBUG: Running signature "lsa_tampering"
2021-10-21 14:46:21,065 [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_powershell_logging"
2021-10-21 14:46:21,065 [lib.cuckoo.core.plugins] DEBUG: Running signature "targeted_flame"
2021-10-21 14:46:21,066 [lib.cuckoo.core.plugins] DEBUG: Running signature "territorial_disputes_sigs"
2021-10-21 14:46:21,086 [lib.cuckoo.core.plugins] DEBUG: Running signature "tinba_behavior"
2021-10-21 14:46:21,086 [lib.cuckoo.core.plugins] DEBUG: Running signature "TrickBotTaskDelete"
2021-10-21 14:46:21,087 [lib.cuckoo.core.plugins] DEBUG: Running signature "trickbot_mutex"
2021-10-21 14:46:21,087 [lib.cuckoo.core.plugins] DEBUG: Running signature "fleercivet_mutex"
2021-10-21 14:46:21,087 [lib.cuckoo.core.plugins] DEBUG: Running signature "lokibot_mutexes"
2021-10-21 14:46:21,088 [lib.cuckoo.core.plugins] DEBUG: Running signature "ursnif_behavior"
2021-10-21 14:46:21,090 [lib.cuckoo.core.plugins] DEBUG: Running signature "troldesh_behavior"
2021-10-21 14:46:21,091 [lib.cuckoo.core.plugins] DEBUG: Running signature "upatre_behavior"
2021-10-21 14:46:21,091 [lib.cuckoo.core.plugins] DEBUG: Running signature "ursnif_behavior"
2021-10-21 14:46:21,092 [lib.cuckoo.core.plugins] DEBUG: Running signature "user_enum"
2021-10-21 14:46:21,092 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_adfind"
2021-10-21 14:46:21,092 [lib.cuckoo.core.plugins] DEBUG: Running signature "vawtrak_behavior"
2021-10-21 14:46:21,093 [lib.cuckoo.core.plugins] DEBUG: Running signature "vawtrak_behavior"
2021-10-21 14:46:21,093 [lib.cuckoo.core.plugins] DEBUG: Running signature "virus"
2021-10-21 14:46:21,094 [lib.cuckoo.core.plugins] DEBUG: Running signature "neshta_files"
2021-10-21 14:46:21,094 [lib.cuckoo.core.plugins] DEBUG: Running signature "neshta_mutexes"
2021-10-21 14:46:21,094 [lib.cuckoo.core.plugins] DEBUG: Running signature "neshta_regkeys"
2021-10-21 14:46:21,095 [lib.cuckoo.core.plugins] DEBUG: Running signature "renamer_mutexes"
2021-10-21 14:46:21,095 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_devicetree_1"
2021-10-21 14:46:21,096 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_handles_1"
2021-10-21 14:46:21,096 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_1"
2021-10-21 14:46:21,096 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_2"
2021-10-21 14:46:21,097 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_1"
2021-10-21 14:46:21,097 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_2"
2021-10-21 14:46:21,097 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_modscan_1"
2021-10-21 14:46:21,098 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_1"
2021-10-21 14:46:21,098 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_2"
2021-10-21 14:46:21,098 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_3"
2021-10-21 14:46:21,099 [lib.cuckoo.core.plugins] DEBUG: Running signature "webmail_phish"
2021-10-21 14:46:21,099 [lib.cuckoo.core.plugins] DEBUG: Running signature "owa_web_shell_files"
2021-10-21 14:46:21,100 [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_files"
2021-10-21 14:46:21,100 [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_processes"
2021-10-21 14:46:21,101 [lib.cuckoo.core.plugins] DEBUG: Running signature "persists_dev_util"
2021-10-21 14:46:21,101 [lib.cuckoo.core.plugins] DEBUG: Running signature "spawns_dev_util"
2021-10-21 14:46:21,101 [lib.cuckoo.core.plugins] DEBUG: Running signature "whois_create"
2021-10-21 14:46:21,102 [lib.cuckoo.core.plugins] DEBUG: Running signature "alters_windows_utility"
2021-10-21 14:46:21,102 [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_csc_build"
2021-10-21 14:46:21,102 [lib.cuckoo.core.plugins] DEBUG: Running signature "multiple_explorer_instances"
2021-10-21 14:46:21,103 [lib.cuckoo.core.plugins] DEBUG: Running signature "overwrites_accessibility_utility"
2021-10-21 14:46:21,103 [lib.cuckoo.core.plugins] DEBUG: Running signature "script_tool_executed"
2021-10-21 14:46:21,103 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_certutil_use"
2021-10-21 14:46:21,104 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_command_tools"
2021-10-21 14:46:21,104 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_mpcmdrun_use"
2021-10-21 14:46:21,105 [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_ping_use"
2021-10-21 14:46:21,105 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_powershell_copyitem"
2021-10-21 14:46:21,105 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities"
2021-10-21 14:46:21,106 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_appcmd"
2021-10-21 14:46:21,106 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_csvde_ldifde"
2021-10-21 14:46:21,107 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_cipher"
2021-10-21 14:46:21,107 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_clickonce"
2021-10-21 14:46:21,107 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_dsquery"
2021-10-21 14:46:21,108 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_esentutl"
2021-10-21 14:46:21,108 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_finger"
2021-10-21 14:46:21,108 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_mode"
2021-10-21 14:46:21,109 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_ntdsutil"
2021-10-21 14:46:21,109 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_nltest"
2021-10-21 14:46:21,109 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_to_create_scheduled_task"
2021-10-21 14:46:21,110 [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_xcopy"
2021-10-21 14:46:21,110 [lib.cuckoo.core.plugins] DEBUG: Running signature "wmic_command_suspicious"
2021-10-21 14:46:21,110 [lib.cuckoo.core.plugins] DEBUG: Running signature "scrcons_wmi_script_consumer"
2021-10-21 14:46:21,111 [lib.cuckoo.core.plugins] DEBUG: Running signature "wmi_create_process"
2021-10-21 14:46:21,111 [lib.cuckoo.core.plugins] DEBUG: Running signature "wmi_script_process"
2021-10-21 14:46:21,112 [lib.cuckoo.core.plugins] DEBUG: Running signature "allaple_mutexes"
2021-10-21 14:46:21,115 [root] DEBUG: Deleting analysis data for Task 176
2021-10-21 14:46:21,119 [root] DEBUG: Deleted previous MongoDB data for Task 176
2021-10-21 14:46:21,524 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "BinGraph"
2021-10-21 14:46:21,525 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "JsonDump"
2021-10-21 14:46:21,747 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "LiteReport"
2021-10-21 14:46:21,784 [lib.cuckoo.core.plugins] INFO: Reporting module malheur not found in configuration file
2021-10-21 14:46:21,786 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MITRE_TTPS"
2021-10-21 14:46:21,787 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "PCAP2CERT"
2021-10-21 14:46:21,797 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTML"
2021-10-21 14:46:23,330 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTMLSummary"
2021-10-21 14:46:24,953 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReSubmitExtractedEXE"
2021-10-21 14:46:25,062 [modules.reporting.resubmitexe] INFO: Resubmitexe file "/opt/CAPEv2/storage/analyses/176/files/2ecad096b01acab19bebc0a8b96b5d79848e58d79f93dfe92e0b0ee7c01886fc_link/a9411c606c7e88468252.xls" added as task with ID [177] resub count 0
2021-10-21 14:46:25,062 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ReSubmitExtractedEXE":
Traceback (most recent call last):
File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 817, in process
current.run(self.results)
File "/opt/CAPEv2/utils/../modules/reporting/resubmitexe.py", line 445, in run
self.results["resubs"].append(task_id)
KeyError: 'resubs'
2021-10-21 14:46:25,063 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "SubmitCAPE"
2021-10-21 14:46:25,064 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportPDF"
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-cape'
2021-10-21 14:46:27,625 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MongoDB"
2021-10-21 14:46:28,031 [modules.reporting.mongodb] DEBUG: Deleting analysis data for Task 176
2021-10-21 14:46:28,033 [modules.reporting.mongodb] DEBUG: Deleted previous MongoDB data for Task 176
2021-10-21 14:46:28,847 [root] INFO: Task #176: reports generation completedi don't see anything that could be related to failed analysis. the resubs i have fixed not sure who wrote that code, but that not affecting reporting. so i guess you need to investigate your enveroment
mwatermolen
commented
2 years ago @doomedraven Thanks for the response! Is there anything or any library in specific I should focus on?
Here is the build script if it helps
PROMISC_INT="ens224"
# Apply updates and cleanup Apt cache
# packer build --var-file=variables.json ubuntu-2004.json
apt-get update ; apt-get -y dist-upgrade
apt-get -y autoremove
apt-get -y clean
apt-get install docker.io docker-compose open-iscsi git curl net-tools nfs-common nfs-kernel-server python-tk -y
# Disable swap - generally recommended for K8s, but otherwise enable it for other workloads
echo "Disabling Swap"
swapoff -a
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
# Reset the machine-id value. This has known to cause issues with DHCP
echo "Reset Machine-ID"
truncate -s 0 /etc/machine-id
rm /var/lib/dbus/machine-id
ln -s /etc/machine-id /var/lib/dbus/machine-id
# Reset any existing cloud-init state
echo "Reset Cloud-Init"
rm /etc/cloud/cloud.cfg.d/*.cfg
cloud-init clean -s -l
# Prevent cloud-init from setting IP
echo "Disabling cloud-init networking"
bash -c "echo 'network: {config: disabled}' > /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg"
################################################
#DOCKER STUFFZ
################################################
# Fix docker groups
useradd -g docker -m docker
# Set docker net as 172.220.0.0./16
cat <<'EOF' >>/etc/docker/daemon.json
{
"default-address-pools":
[
{"base":"172.220.0.0/16","size":24}
]
}
EOF
################################################
# GIT STUFFZ
################################################
# Add our ssh key for git access
mkdir -p /home/admin/.ssh/
cat <<'EOF' >>/home/admin/.ssh/id_ed25519
EOF
# Import GH's SSH keys
ssh-keyscan gitlab.com | sudo tee /etc/ssh/ssh_known_hosts
ssh-keyscan gitlab.com >> /home/admin/.ssh/known_hosts
ssh-keyscan gitlab.com >> .ssh/known_hosts
# Fix key perms
chmod 600 /home/admin/.ssh/id_ed25519
# Fixes Elastic Serach
echo "vm.max_map_count = 262144" | sudo tee -a /etc/sysctl.conf
# Puts interface in promisc
echo "/usr/sbin/ifconfig $PROMISC_INT promisc" | sudo tee -a /etc/rc.local
################################################
# NGINX STUFFZ
################################################
#install nginx
sudo apt -y install nginx
# Remove Nginx Default config
sudo rm /etc/nginx/sites-available/default
sudo rm /etc/nginx/sites-enabled/default
# Add nginx reverse proxy config
mkdir -p /etc/nginx/tls
cat <<'EOF' >>/etc/nginx/tls/cert.key
EOF
cat <<'EOF' >>/etc/nginx/tls/cert.crt
-----BEGIN CERTIFICATE-----
MIIGQTCCBSmgAwIBAgIJALwGPoyVJA75MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa
MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0
cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj
dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTIxMDEyMTIyMTgxN1oX
DTIyMDIyMjIyMTgxN1owPzEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRh
dGVkMRowGAYDVQQDDBEqLmluZm9zZWMtb3BzLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBANtr4IqU0p9qgdkNBvkx/eEmbQJS8rc1UF52AdlTyWcR
TK1WiHKFXZ03QSN42CD8EpPeQQLQ/Ch5aSZIOEV8I6P+7QwqQT+htTMQiHZM02Sj
BDpvRtjAWAgl5kt++CX2Rc1belNA8VCk/4ow57rrDr0oldOAUnPX4xlLyfEHzlv3
hlZ8uUhZkRndVjz2CZ9Y/oa7MZ9Ky2wNuYm3voxtYoXUEN43Ne9N7WbuBSPyFdtx
N+jiQzJo86QeCIAtViQSfH2laYE1alN6a8Saxt/+QyZ5PEC1RPgg/9+D1KTfcg2g
x9A76gZ2/mjVoaMG4vW6WRB5FKQGyywLT/eDu66wS0UCAwEAAaOCAsgwggLEMAwG
A1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1Ud
DwEB/wQEAwIFoDA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLmdvZGFkZHku
Y29tL2dkaWcyczEtMjYzNi5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5
MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3Jl
cG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGG
GGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2Nl
cnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNV
HSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAtBgNVHREEJjAkghEqLmluZm9z
ZWMtb3BzLmNvbYIPaW5mb3NlYy1vcHMuY29tMB0GA1UdDgQWBBS6CeA5IVxAojPR
HBuJzPhEkbe/sDCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1ACl5vvCeOTkh8FZz
n2Old+W+V32cYAr4+U1dJlwlXceEAAABdycG4xEAAAQDAEYwRAIgU2O7zTk6+dmy
galOQ5Y76Dp1BQHfR91SxncP0TuagP0CIBjgBdIuorH709vh4khDLmn/B7mFTqJI
34muKGN5JDjJAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt/XcaDXG7iDwIAAAF3
JwbkRwAABAMARzBFAiACKQb62BnD0LzncgOpWWpc73Fd7W24xL6HuDGAXMKcuwIh
AIii4+kj/tHU+PKrtGvpSi3tDD7w2bNNw96kcseEaUt+MA0GCSqGSIb3DQEBCwUA
A4IBAQCdrHBsufz7rhQ42f3c37bfOd4BaSjr0ODIB1V3xP19E1hvkHfr/g31m1FI
WjIk3OK2D2GyR5+C91aII2HqDFJHyiPSwYB+FVFZkCmulwkFsw/rAIbcxSsSYE3R
9G035nb+9cTSSmFnn8oqqra6HU/5IeyUrirsP6SKTilV3utVaFIKeBAQ9Mt5z/rq
A9TrB0jA+4mJAKg1qcO1fyBuCgVJOqFfN/hQLjvRiryA8rgLsdC0TJsJb/Cpk0cN
jLOoKu93GAlCvqADhCBJaiSjqQPy7dZEODjsovSoduLUh/O8yvi8sei4Bgpx5HCe
gDQb/zZ7OSmfbqeEiRWOt49nJqGV
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp
ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAwMFoXDTMxMDUwMzA3
MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UE
CxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQD
EypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzD
BNliF44v/z5lz4/OYuY8UhzaFkVLVat4a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOv
K/6AYZ15V8TPLvQ/MDxdR/yaFrzDN5ZBUY4RS1T4KL7QjL7wMDge87Am+GZHY23e
cSZHjzhHU9FGHbTj3ADqRay9vHHZqm8A29vNMDp5T19MR/gd71vCxJ1gO7GyQ5HY
pDNO6rPWJ0+tJYqlxvTV0KaudAVkV4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7n
eTOvDCAHf+jfBDnCaQJsY1L6d8EbyHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMB
AAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV
HQ4EFgQUQMK9J47MNIMwojPX+2yz8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv
9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
b2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5n
b2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ/MD0wOwYEVR0gADAzMDEG
CCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv/oV9PBO9sPpyIBslQj6Zz
91cxG7685C/b+LrTW+C05+Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2
RJ17LJ3lXubvDGGqv+QqG+6EnriDfcFDzkSnE3ANkR/0yBOtg2DZ2HKocyQetawi
DsoXiWJYRBuriSUBAA/NxBti21G00w9RKpv0vHP8ds42pM3Z2Czqrpv1KrKQ0U11
GIo/ikGQI31bS/6kA1ibRrLDYGCD+H1QQc7CoZDDu+8CL9IVVO5EFdkKrqeKM+2x
LXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEfTCCA2WgAwIBAgIDG+cVMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYTAlVT
MSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdv
IERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMTAx
MDcwMDAwWhcNMzEwNTMwMDcwMDAwWjCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHku
Y29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1
dGhvcml0eSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3Fi
CPH6WTT3G8kYo/eASVjpIoMTpsUgQwE7hPHmhUmfJ+r2hBtOoLTbcJjHMgGxBT4H
Tu70+k8vWTAi56sZVmvigAf88xZ1gDlRe+X5NbZ0TqmNghPktj+pA4P6or6KFWp/
3gvDthkUBcrqw6gElDtGfDIN8wBmIsiNaW02jBEYt9OyHGC0OPoCjM7T3UYH3go+
6118yHz7sCtTpJJiaVElBWEaRIGMLKlDliPfrDqBmg4pxRyp6V0etp6eMAo5zvGI
gPtLXcwy7IViQyU0AlYnAZG0O3AqP26x6JyIAX2f1PnbU21gnb8s51iruF9G/M7E
GwM8CetJMVxpRrPgRwIDAQABo4IBFzCCARMwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9BUFuIMGU2g/eMB8GA1Ud
IwQYMBaAFNLEsNKR1EwRcbNhyz2h/t2oatTjMDQGCCsGAQUFBwEBBCgwJjAkBggr
BgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMDIGA1UdHwQrMCkwJ6Al
oCOGIWh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2Ryb290LmNybDBGBgNVHSAEPzA9
MDsGBFUdIAAwMzAxBggrBgEFBQcCARYlaHR0cHM6Ly9jZXJ0cy5nb2RhZGR5LmNv
bS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAWQtTvZKGEacke+1bMc8d
H2xwxbhuvk679r6XUOEwf7ooXGKUwuN+M/f7QnaF25UcjCJYdQkMiGVnOQoWCcWg
OJekxSOTP7QYpgEGRJHjp2kntFolfzq3Ms3dhP8qOCkzpN1nsoX+oYggHFCJyNwq
9kIDN0zmiN/VryTyscPfzLXs4Jlet0lUIDyUGAzHHFIYSaRt4bNYC8nY7NmuHDKO
KHAN4v6mF56ED71XcLNa6R+ghlO773z/aQvgSMO3kwvIClTErF0UZzdsyqUvMQg3
qm5vjLyb4lddJIGvl5echK1srDdMZvNhkREg5L4wn3qkKQmw4TRfZHcYQFHfjDCm
rw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh
MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE
YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3
MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo
ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg
MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN
ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA
PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w
wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi
EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY
avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+
YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE
sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h
/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5
IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy
OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P
TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER
dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf
ReYNnyicsbkqWletNw+vHX/bvZ8=
-----END CERTIFICATE-----
EOF
cat <<'EOF' >>/etc/nginx/sites-available/cuckoo
server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/nginx/tls/cert.crt;
ssl_certificate_key /etc/nginx/tls/cert.key;
client_max_body_size 1024M;
server_name proxmox.<REMOVED>.com;
location / {
proxy_pass https://100.64.42.2:8006;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_buffering off;
client_max_body_size 0;
proxy_connect_timeout 3600s;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
send_timeout 3600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
}
server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/nginx/tls/cert.crt;
ssl_certificate_key /etc/nginx/tls/cert.key;
client_max_body_size 1024M;
server_name sandboxintel.<REMOVED>.com;
location / {
proxy_pass https://100.64.42.6;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_buffering off;
client_max_body_size 0;
proxy_connect_timeout 3600s;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
send_timeout 3600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
}
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/nginx/tls/cert.crt;
ssl_certificate_key /etc/nginx/tls/cert.key;
client_max_body_size 1024M;
server_name sandbox.<REMOVED>.com;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
}
EOF
sudo ln -s /etc/nginx/sites-available/cuckoo /etc/nginx/sites-enabled/
sudo nginx -t
echo "[+] Setting NIC SETTINGS"
cat <<'EOF' >>/etc/netplan/01-netcfg.yaml
network:
version: 2
renderer: networkd
ethernets:
ens192:
addresses:
- 100.64.42.10/24
gateway4: 100.64.42.1
nameservers:
addresses: [100.64.42.1, 1.1.1.1]
ens224:
addresses:
- 100.64.82.10/24
EOF
sudo mkdir -p /mnt/malshare/
echo "[+] Mounting Malshare"
sudo mount -t nfs 100.64.42.100:/malshare /mnt/malshare/
echo "100.64.42.100:/malshare /mnt/malshare/ nfs auto,rw,hard,intr,nofail 0 0 " | sudo tee -a /etc/fstab
echo "[+] Making Malshare DIRs"
sudo mkdir -p /mnt/malshare/cape/
sudo mkdir -p /mnt/malshare/cape/storage/
sudo mkdir -p /mnt/malshare/cape/mongo/
sudo mkdir -p /mnt/malshare/cape/postgres/
echo "[+] Installing CAPE"
wget https://raw.githubusercontent.com/mwatermolen/Tools/master/Sandbox/cape2.sh
chmod a+x cape2.sh
sudo ./cape2.sh all ens224 100.64.42.10 eduhgkwehrgurhr89hy
echo "[+] Installing PIP packages"
sudo pip3 install -U imagehash proxmoxer
echo "[+] Making Symlinks to Malshare"
sudo rm -rf /opt/CAPEv2/storage
sudo ln -s /mnt/malshare/cape/storage/ /opt/CAPEv2/storage
echo "[+] Fixing Permissions"
sudo chown -R mwatermolen:cape /opt/CAPEv2
sudo chmod -R 774 /opt/CAPEv2
echo "[+] Fixing Linking to Postgres"
sudo systemctl stop postgresql
rm -rf /mnt/malshare/cape/postgres/* # !!!Initalize ONLY!!!
sudo rsync -av /var/lib/postgresql/12/main/* /mnt/malshare/cape/postgres/ # !!!Initalize ONLY!!!
rm -rf /var/lib/postgresql/12/main
sudo ln -s /mnt/malshare/cape/postgres/ /var/lib/postgresql/12/main
sudo systemctl start postgresql
echo "[+] Fixing Linking to MongoDB"
sudo systemctl stop mongodb
rm -rf /mnt/malshare/cape/mongo/* # !!!Initalize ONLY!!!
sudo rsync -av /data/* /mnt/malshare/cape/mongo/ # !!!Initalize ONLY!!!
rm -rf /data
sudo ln -s /mnt/malshare/cape/mongo/ /data
sudo systemctl start mongodb
echo "[+] Fixing Permissions"
sudo chown -R postgres:postgres /var/lib/postgresql/12/
sudo chmod -R 700 /var/lib/postgresql/12/
sudo chown -R mongodb:mongodb /data/
echo "[+] Installing CAPE Config"
cd /opt/CAPEv2
echo "$conf" | base64 -d > /tmp/conf.tgz
tar -xvzf /tmp/conf.tgz
echo "[+] Fixing PostgreSQL :| (THIS IS WHY MYSQL IS BETTER)"
sudo sed -i "s/After\=network\.target/After\=remote-fs\.target/gI" /lib/systemd/system/postgresql@.service
sudo sed -i '/^After\=remote-fs\.target/a RequiresMountsFor\=/mnt/malshare/cape/postgres/' /lib/systemd/system/postgresql@.service
sudo systemctl daemon-reload
echo "[+] Enableing boot start"
sudo systemctl enable postgresql
sudo systemctl enable mongodb
echo "[+] Migrating Tables"
cd /opt/CAPEv2/web
python3 manage.py check
python3 manage.py migrate
df -h
ls -lah /
ls -lah /opt/CAPEv2/
ls -lah /var/lib/postgresql/12/
read the logs, logs always have the answers whats going on
mwatermolen
commented
2 years ago @doomedraven not 100% sure this is from the same task, but I am seeing a lot if this error, I did increase memory to 16GB
memory allocation of 4427584 bytes failed
--- Logging error ---
Traceback (most recent call last):
File "process.py", line 196, in processing_finished
result = future.result()
File "/usr/lib/python3.8/concurrent/futures/_base.py", line 437, in result
return self.__get_result()
File "/usr/lib/python3.8/concurrent/futures/_base.py", line 389, in __get_result
raise self._exception
pebble.common.ProcessExpired: Abnormal termination
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.8/logging/__init__.py", line 1085, in emit
msg = self.format(record)
File "/usr/lib/python3.8/logging/__init__.py", line 929, in format
return fmt.format(record)
File "/usr/lib/python3.8/logging/__init__.py", line 668, in format
record.message = record.getMessage()
File "/usr/lib/python3.8/logging/__init__.py", line 373, in getMessage
msg = msg % self.args
TypeError: not enough arguments for format string
Call stack:
File "/usr/lib/python3.8/threading.py", line 890, in _bootstrap
self._bootstrap_inner()
File "/usr/lib/python3.8/threading.py", line 932, in _bootstrap_inner
self.run()
File "/usr/lib/python3.8/threading.py", line 870, in run
self._target(*self._args, **self._kwargs)
File "/usr/local/lib/python3.8/dist-packages/pebble/pool/process.py", line 179, in pool_manager_loop
pool_manager.update_status()
File "/usr/local/lib/python3.8/dist-packages/pebble/pool/process.py", line 234, in update_status
self.update_workers()
File "/usr/local/lib/python3.8/dist-packages/pebble/pool/process.py", line 251, in update_workers
self.handle_worker_expiration(expiration)
File "/usr/local/lib/python3.8/dist-packages/pebble/pool/process.py", line 264, in handle_worker_expiration
self.task_manager.task_done(task.id, error)
File "/usr/local/lib/python3.8/dist-packages/pebble/pool/process.py", line 306, in task_done
task.future.set_exception(result)
File "/usr/lib/python3.8/concurrent/futures/_base.py", line 553, in set_exception
self._invoke_callbacks()
File "/usr/lib/python3.8/concurrent/futures/_base.py", line 328, in _invoke_callbacks
callback(self)
File "process.py", line 202, in processing_finished
log.error("Exception when processing task %s: %s, Exitcode: %d", task_id, error)
File "/usr/lib/python3.8/logging/__init__.py", line 1475, in error
self._log(ERROR, msg, args, **kwargs)
File "/usr/lib/python3.8/logging/__init__.py", line 1589, in _log
self.handle(record)
File "/usr/lib/python3.8/logging/__init__.py", line 1599, in handle
self.callHandlers(record)
File "/usr/lib/python3.8/logging/__init__.py", line 1661, in callHandlers
hdlr.handle(record)
File "/usr/lib/python3.8/logging/__init__.py", line 954, in handle
self.emit(record)
File "/opt/CAPEv2/utils/../lib/cuckoo/core/startup.py", line 161, in emit
logging.StreamHandler.emit(self, colored)
Message: '\x1b[31mException when processing task %s: %s, Exitcode: %d\x1b[0m'
Arguments: (211, ProcessExpired('Abnormal termination'))
--- Logging error ---
Traceback (most recent call last):
File "process.py", line 196, in processing_finished
result = future.result()
File "/usr/lib/python3.8/concurrent/futures/_base.py", line 437, in result
return self.__get_result()
File "/usr/lib/python3.8/concurrent/futures/_base.py", line 389, in __get_result
raise self._exception
pebble.common.ProcessExpired: Abnormal termination
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.8/logging/__init__.py", line 1085, in emit
msg = self.format(record)
File "/usr/lib/python3.8/logging/__init__.py", line 929, in format
return fmt.format(record)
File "/usr/lib/python3.8/logging/__init__.py", line 668, in format
record.message = record.getMessage()
File "/usr/lib/python3.8/logging/__init__.py", line 373, in getMessage
msg = msg % self.args
TypeError: not enough arguments for format string
Call stack:
File "/usr/lib/python3.8/threading.py", line 890, in _bootstrap
self._bootstrap_inner()
File "/usr/lib/python3.8/threading.py", line 932, in _bootstrap_inner
self.run()
File "/usr/lib/python3.8/threading.py", line 870, in run
self._target(*self._args, **self._kwargs)
File "/usr/local/lib/python3.8/dist-packages/pebble/pool/process.py", line 179, in pool_manager_loop
pool_manager.update_status()
File "/usr/local/lib/python3.8/dist-packages/pebble/pool/process.py", line 234, in update_status
self.update_workers()
File "/usr/local/lib/python3.8/dist-packages/pebble/pool/process.py", line 251, in update_workers
self.handle_worker_expiration(expiration)
File "/usr/local/lib/python3.8/dist-packages/pebble/pool/process.py", line 264, in handle_worker_expiration
self.task_manager.task_done(task.id, error)
File "/usr/local/lib/python3.8/dist-packages/pebble/pool/process.py", line 306, in task_done
task.future.set_exception(result)
File "/usr/lib/python3.8/concurrent/futures/_base.py", line 553, in set_exception
self._invoke_callbacks()
File "/usr/lib/python3.8/concurrent/futures/_base.py", line 328, in _invoke_callbacks
callback(self)
File "process.py", line 202, in processing_finished
log.error("Exception when processing task %s: %s, Exitcode: %d", task_id, error)
Message: 'Exception when processing task %s: %s, Exitcode: %d'
Arguments: (211, ProcessExpired('Abnormal termination'))So on that last error, rescaled to 32 GB and switched to 6 threads and now it seems resolved... Could this have been purely a memory issue?
doomedraven
commented
2 years ago maybe, closed as fixed
doomedraven
commented
2 years ago about pebble, there is RAM usage limit in process.py
there is code in utils/process.py to kill if there is super little RAM left
# https://stackoverflow.com/questions/41105733/limit-ram-usage-to-python-program
def memory_limit(percentage: float = 0.8):
if platform.system() != "Linux":
print('Only works on linux!')
return
_, hard = resource.getrlimit(resource.RLIMIT_AS)
resource.setrlimit(resource.RLIMIT_AS, (int(get_memory() * 1024 * percentage), hard))
def get_memory():
with open('/proc/meminfo', 'r') as mem:
free_memory = 0
for i in mem:
sline = i.split()
if str(sline[0]) == 'MemAvailable:':
free_memory = int(sline[1])
break
return free_memoryso if you using all ram, that probably will need your mods
Howdy!
Prerequisites
Please answer the following questions for yourself before submitting an issue.
Expected Behavior
A successful processing run
Current Behavior
Receives failed_processing for XLS file
Failure Information (for bugs)
Seems to just present with a failed_processing error. No logs showing up in processing.log
Steps to Reproduce
Please provide detailed steps for reproducing the issue.
Context
Notes: VM built with packer
Linux ubuntu 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:50:10 UTC 2021 x86_64 x86_64 x86_64 GNU/LinuxFailure Logs
API Respone
Thanks!