Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

capev2 physical machine sqlalchemy errors #2258

Closed
marsomx opened this issue Aug 2, 2024 · 29 comments
Closed

capev2 physical machine sqlalchemy errors #2258

marsomx opened this issue Aug 2, 2024 · 29 comments

Comments

@marsomx
Copy link

marsomx commented Aug 2, 2024
edited
Loading

  • [ X] I am running the latest version
  • [ X] I did read the README!
  • [ X] I checked the documentation and found no answer
  • [ X] I checked to make sure that this issue has not already been filed
  • [X ] I'm reporting the issue to the correct repository (for multi-repository projects)
  • [ X] I have read and checked all configs (with all optional parts)

Expected Behavior

lunch analysis to physical machine -> complete analysis -> reimage physical machine -> got result of analysis

Current Behavior

after i updated and upgraded my machine:
PRETTY_NAME="Ubuntu 22.04.4 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.4 LTS (Jammy Jellyfish)"

and updated Capev2 lo last version, i got some errors due to sqlalchemy, after the analysis is completed and the image is deployed on physical machine.

Failure Information (for bugs)

this'is the log:

2024-08-02 08:48:18,095 [lib.cuckoo.core.guest] INFO: Task #41: Guest is running CAPE Agent 0.17 (id=physical01, ip=192.168.1.11)
2024-08-02 08:48:20,402 [lib.cuckoo.core.guest] INFO: Task #41: Uploading script files to guest (id=physical01, ip=192.168.1.11)
2024-08-02 08:48:28,948 [lib.cuckoo.core.resultserver] INFO: Task 41: Process 4832 (parent 1324): download.exe, path C:\Users\sam\AppData\Local\Temp\download.exe
2024-08-02 08:48:30,131 [lib.cuckoo.core.resultserver] INFO: Task 41: Process 8996 (parent 4832): RegSvcs.exe, path C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
2024-08-02 08:51:56,073 [lib.cuckoo.core.guest] INFO: Task #41: Analysis completed successfully (id=physical01, ip=192.168.1.101)
2024-08-02 08:51:56,222 [lib.cuckoo.core.analysis_manager] INFO: Task #41: Disabled route 'internet'
2024-08-02 09:05:21,001 [lib.cuckoo.core.analysis_manager] ERROR: Task #41: failure in AnalysisManager.run
Traceback (most recent call last):
  File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 496, in run
    self.launch_analysis()
  File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 458, in launch_analysis
    success = self.perform_analysis()
  File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 442, in perform_analysis
    with self.machine_running(), self.result_server(), self.network_routing(), self.run_auxiliary():
  File "/usr/lib/python3.10/contextlib.py", line 142, in __exit__
    next(self.gen)
  File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 334, in machine_running
    self.machinery_manager.machinery.release(self.machine)
  File "/opt/CAPEv2/lib/cuckoo/common/abstracts.py", line 270, in release
    return self.db.unlock_machine(machine)
  File "/opt/CAPEv2/lib/cuckoo/core/database.py", line 978, in unlock_machine
    self.session.add(machine)
  File "<string>", line 2, in add
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/session.py", line 2648, in add
    self._save_or_update_state(state)
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/session.py", line 2672, in _save_or_update_state
    self._save_or_update_impl(state)
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/session.py", line 3289, in _save_or_update_impl
    self._update_impl(state)
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/session.py", line 3278, in _update_impl
    self.identity_map.add(state)
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/identity.py", line 151, in add
    raise sa_exc.InvalidRequestError(
sqlalchemy.exc.InvalidRequestError: Can't attach instance <Machine at 0x7617691b01f0>; another instance with key (<class 'lib.cuckoo.core.database.Machine'>, (89,), None) is already present in this session.

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

  1. update and upgrade Ubuntu 22.04.4 LTS
  2. update capev2 to last version
  3. lunch analysis on physical machine
  4. complete analysis and re-image physical machine (automatic task)
  5. error

Context

i noticed some issue due to sqlalchemy version. anyway i checked all packages are syncronized and sqlalchemy version is

name : sqlalchemy
version : 1.4.50
description : Database Abstraction Library

dependencies

  • greenlet !=0.4.17

required by

  • alembic >=1.3.0
  • sqlalchemy-utils >=1.3

thanks in advance for support
@marsomx
Copy link
Author

marsomx commented Aug 3, 2024
edited
Loading

also tried to clean all tasks and samples but got same errors

2024-08-03 12:14:19,171 [lib.cuckoo.core.analysis_manager] ERROR: Task #1: failure in AnalysisManager.run
Traceback (most recent call last):
  File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 496, in run
    self.launch_analysis()
  File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 458, in launch_analysis
    success = self.perform_analysis()
  File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 442, in perform_analysis
    with self.machine_running(), self.result_server(), self.network_routing(), self.run_auxiliary():
  File "/usr/lib/python3.10/contextlib.py", line 142, in __exit__
    next(self.gen)
  File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 334, in machine_running
    self.machinery_manager.machinery.release(self.machine)
  File "/opt/CAPEv2/lib/cuckoo/common/abstracts.py", line 270, in release
    return self.db.unlock_machine(machine)
  File "/opt/CAPEv2/lib/cuckoo/core/database.py", line 978, in unlock_machine
    self.session.add(machine)
  File "<string>", line 2, in add
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/session.py", line 2648, in add
    self._save_or_update_state(state)
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/session.py", line 2672, in _save_or_update_state
    self._save_or_update_impl(state)
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/session.py", line 3289, in _save_or_update_impl
    self._update_impl(state)
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/session.py", line 3278, in _update_impl
    self.identity_map.add(state)
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/identity.py", line 151, in add
    raise sa_exc.InvalidRequestError(
sqlalchemy.exc.InvalidRequestError: Can't attach instance <Machine at 0x77a5bc1c63e0>; another instance with key (<class 'lib.cuckoo.core.database.Machine'>, (3,), None) is already present in this session.

@doomedraven
Copy link
Collaborator

Enable SQL logging in cuckoo.conf, and rerun the command, post the output, but plz use markdown code escale for that blov

@marsomx
Copy link
Author

marsomx commented Aug 3, 2024
edited
Loading

Enable SQL logging in cuckoo.conf, and rerun the command, post the output, but plz use markdown code escale for that blov

thanks for reply.. here the log: capev2-sqldebug.txt
below last part of the log



2024-08-03 15:45:08,787 [sqlalchemy.engine.Engine] INFO: SELECT tasks.id AS tasks_id, tasks.target AS tasks_target, tasks.category AS tasks_category, tasks.cape AS tasks_cape, tasks.timeout AS tasks_timeout, tasks.priority AS tasks_priority, tasks.custom AS tasks_custom, tasks.machine AS tasks_machine, tasks.package AS tasks_package, tasks.route AS tasks_route, tasks.tags_tasks AS tasks_tags_tasks, tasks.options AS tasks_options, tasks.platform AS tasks_platform, tasks.memory AS tasks_memory, tasks.enforce_timeout AS tasks_enforce_timeout, tasks.clock AS tasks_clock, tasks.added_on AS tasks_added_on, tasks.started_on AS tasks_started_on, tasks.completed_on AS tasks_completed_on, tasks.status AS tasks_status, tasks.dropped_files AS tasks_dropped_files, tasks.running_processes AS tasks_running_processes, tasks.api_calls AS tasks_api_calls, tasks.domains AS tasks_domains, tasks.signatures_total AS tasks_signatures_total, tasks.signatures_alert AS tasks_signatures_alert, tasks.files_written AS tasks_files_written, tasks.registry_keys_modified AS tasks_registry_keys_modified, tasks.crash_issues AS tasks_crash_issues, tasks.anti_issues AS tasks_anti_issues, tasks.analysis_started_on AS tasks_analysis_started_on, tasks.analysis_finished_on AS tasks_analysis_finished_on, tasks.processing_started_on AS tasks_processing_started_on, tasks.processing_finished_on AS tasks_processing_finished_on, tasks.signatures_started_on AS tasks_signatures_started_on, tasks.signatures_finished_on AS tasks_signatures_finished_on, tasks.reporting_started_on AS tasks_reporting_started_on, tasks.reporting_finished_on AS tasks_reporting_finished_on, tasks.timedout AS tasks_timedout, tasks.sample_id AS tasks_sample_id, tasks.machine_id AS tasks_machine_id, tasks.shrike_url AS tasks_shrike_url, tasks.shrike_refer AS tasks_shrike_refer, tasks.shrike_msg AS tasks_shrike_msg, tasks.shrike_sid AS tasks_shrike_sid, tasks.parent_id AS tasks_parent_id, tasks.tlp AS tasks_tlp, tasks.user_id AS tasks_user_id, tasks.username AS tasks_username, tags_1.id AS tags_1_id, tags_1.name AS tags_1_name, guests_1.id AS guests_1_id, guests_1.status AS guests_1_status, guests_1.name AS guests_1_name, guests_1.label AS guests_1_label, guests_1.platform AS guests_1_platform, guests_1.manager AS guests_1_manager, guests_1.started_on AS guests_1_started_on, guests_1.shutdown_on AS guests_1_shutdown_on, guests_1.task_id AS guests_1_task_id, errors_1.id AS errors_1_id, errors_1.message AS errors_1_message, errors_1.task_id AS errors_1_task_id 
FROM tasks LEFT OUTER JOIN (tasks_tags AS tasks_tags_1 JOIN tags AS tags_1 ON tags_1.id = tasks_tags_1.tag_id) ON tasks.id = tasks_tags_1.task_id LEFT OUTER JOIN guests AS guests_1 ON tasks.id = guests_1.task_id LEFT OUTER JOIN errors AS errors_1 ON tasks.id = errors_1.task_id 
WHERE tasks.status = %(status_1)s AND tasks.options NOT LIKE %(options_1)s ORDER BY tasks.priority DESC, tasks.added_on FOR UPDATE OF tasks
2024-08-03 15:45:08,788 INFO sqlalchemy.engine.Engine [cached since 1057s ago] {'status_1': 'pending', 'options_1': '%node=%'}
2024-08-03 15:45:08,788 [sqlalchemy.engine.Engine] INFO: [cached since 1057s ago] {'status_1': 'pending', 'options_1': '%node=%'}
2024-08-03 15:45:08,795 INFO sqlalchemy.engine.Engine COMMIT
2024-08-03 15:45:08,795 [sqlalchemy.engine.Engine] INFO: COMMIT
{"message": "Analysis status", "status": "init", "description": ""}
2024-08-03 15:45:09,353 INFO sqlalchemy.engine.Engine COMMIT
2024-08-03 15:45:09,353 [sqlalchemy.engine.Engine] INFO: COMMIT
2024-08-03 15:45:09,356 [lib.cuckoo.core.analysis_manager] ERROR: Task #2: failure in AnalysisManager.run
Traceback (most recent call last):
  File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 496, in run
    self.launch_analysis()
  File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 458, in launch_analysis
    success = self.perform_analysis()
  File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 442, in perform_analysis
    with self.machine_running(), self.result_server(), self.network_routing(), self.run_auxiliary():
  File "/usr/lib/python3.10/contextlib.py", line 142, in __exit__
    next(self.gen)
  File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 334, in machine_running
    self.machinery_manager.machinery.release(self.machine)
  File "/opt/CAPEv2/lib/cuckoo/common/abstracts.py", line 270, in release
    return self.db.unlock_machine(machine)
  File "/opt/CAPEv2/lib/cuckoo/core/database.py", line 978, in unlock_machine
    self.session.add(machine)
  File "<string>", line 2, in add
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/session.py", line 2648, in add
    self._save_or_update_state(state)
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/session.py", line 2672, in _save_or_update_state
    self._save_or_update_impl(state)
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/session.py", line 3289, in _save_or_update_impl
    self._update_impl(state)
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/session.py", line 3278, in _update_impl
    self.identity_map.add(state)
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/identity.py", line 151, in add
    raise sa_exc.InvalidRequestError(
sqlalchemy.exc.InvalidRequestError: Can't attach instance <Machine at 0x71b1d40c2560>; another instance with key (<class 'lib.cuckoo.core.database.Machine'>, (5,), None) is already present in this session.
2024-08-03 15:45:09,799 INFO sqlalchemy.engine.Engine BEGIN (implicit)
2024-08-03 15:45:09,799 [sqlalchemy.engine.Engine] INFO: BEGIN (implicit)
2024-08-03 15:45:09,799 INFO sqlalchemy.engine.Engine SELECT count(*) AS count_1 
FROM (SELECT machines.id AS machines_id, machines.name AS machines_name, machines.label AS machines_label, machines.arch AS machines_arch, machines.ip AS machines_ip, machines.platform AS machines_platform, machines.interface AS machines_interface, machines.snapshot AS machines_snapshot, machines.locked AS machines_locked, machines.locked_changed_on AS machines_locked_changed_on, machines.status AS machines_status, machines.status_changed_on AS machines_status_changed_on, machines.resultserver_ip AS machines_resultserver_ip, machines.resultserver_port AS machines_resultserver_port, machines.reserved AS machines_reserved 
FROM machines 
WHERE machines.locked = true) AS anon_1
2024-08-03 15:45:09,799 [sqlalchemy.engine.Engine] INFO: SELECT count(*) AS count_1 
FROM (SELECT machines.id AS machines_id, machines.name AS machines_name, machines.label AS machines_label, machines.arch AS machines_arch, machines.ip AS machines_ip, machines.platform AS machines_platform, machines.interface AS machines_interface, machines.snapshot AS machines_snapshot, machines.locked AS machines_locked, machines.locked_changed_on AS machines_locked_changed_on, machines.status AS machines_status, machines.status_changed_on AS machines_status_changed_on, machines.resultserver_ip AS machines_resultserver_ip, machines.resultserver_port AS machines_resultserver_port, machines.reserved AS machines_reserved 
FROM machines 
WHERE machines.locked = true) AS anon_1
2024-08-03 15:45:09,800 INFO sqlalchemy.engine.Engine [cached since 1058s ago] {}
2024-08-03 15:45:09,800 [sqlalchemy.engine.Engine] INFO: [cached since 1058s ago] {}
2024-08-03 15:45:09,801 INFO sqlalchemy.engine.Engine SELECT tasks.id AS tasks_id, tasks.target AS tasks_target, tasks.category AS tasks_category, tasks.cape AS tasks_cape, tasks.timeout AS tasks_timeout, tasks.priority AS tasks_priority, tasks.custom AS tasks_custom, tasks.machine AS tasks_machine, tasks.package AS tasks_package, tasks.route AS tasks_route, tasks.tags_tasks AS tasks_tags_tasks, tasks.options AS tasks_options, tasks.platform AS tasks_platform, tasks.memory AS tasks_memory, tasks.enforce_timeout AS tasks_enforce_timeout, tasks.clock AS tasks_clock, tasks.added_on AS tasks_added_on, tasks.started_on AS tasks_started_on, tasks.completed_on AS tasks_completed_on, tasks.status AS tasks_status, tasks.dropped_files AS tasks_dropped_files, tasks.running_processes AS tasks_running_processes, tasks.api_calls AS tasks_api_calls, tasks.domains AS tasks_domains, tasks.signatures_total AS tasks_signatures_total, tasks.signatures_alert AS tasks_signatures_alert, tasks.files_written AS tasks_files_written, tasks.registry_keys_modified AS tasks_registry_keys_modified, tasks.crash_issues AS tasks_crash_issues, tasks.anti_issues AS tasks_anti_issues, tasks.analysis_started_on AS tasks_analysis_started_on, tasks.analysis_finished_on AS tasks_analysis_finished_on, tasks.processing_started_on AS tasks_processing_started_on, tasks.processing_finished_on AS tasks_processing_finished_on, tasks.signatures_started_on AS tasks_signatures_started_on, tasks.signatures_finished_on AS tasks_signatures_finished_on, tasks.reporting_started_on AS tasks_reporting_started_on, tasks.reporting_finished_on AS tasks_reporting_finished_on, tasks.timedout AS tasks_timedout, tasks.sample_id AS tasks_sample_id, tasks.machine_id AS tasks_machine_id, tasks.shrike_url AS tasks_shrike_url, tasks.shrike_refer AS tasks_shrike_refer, tasks.shrike_msg AS tasks_shrike_msg, tasks.shrike_sid AS tasks_shrike_sid, tasks.parent_id AS tasks_parent_id, tasks.tlp AS tasks_tlp, tasks.user_id AS tasks_user_id, tasks.username AS tasks_username, tags_1.id AS tags_1_id, tags_1.name AS tags_1_name, guests_1.id AS guests_1_id, guests_1.status AS guests_1_status, guests_1.name AS guests_1_name, guests_1.label AS guests_1_label, guests_1.platform AS guests_1_platform, guests_1.manager AS guests_1_manager, guests_1.started_on AS guests_1_started_on, guests_1.shutdown_on AS guests_1_shutdown_on, guests_1.task_id AS guests_1_task_id, errors_1.id AS errors_1_id, errors_1.message AS errors_1_message, errors_1.task_id AS errors_1_task_id 
FROM tasks LEFT OUTER JOIN (tasks_tags AS tasks_tags_1 JOIN tags AS tags_1 ON tags_1.id = tasks_tags_1.tag_id) ON tasks.id = tasks_tags_1.task_id LEFT OUTER JOIN guests AS guests_1 ON tasks.id = guests_1.task_id LEFT OUTER JOIN errors AS errors_1 ON tasks.id = errors_1.task_id 
WHERE tasks.status = %(status_1)s AND tasks.options NOT LIKE %(options_1)s ORDER BY tasks.priority DESC, tasks.added_on FOR UPDATE OF tasks
2024-08-03 15:45:09,801 [sqlalchemy.engine.Engine] INFO: SELECT tasks.id AS tasks_id, tasks.target AS tasks_target, tasks.category AS tasks_category, tasks.cape AS tasks_cape, tasks.timeout AS tasks_timeout, tasks.priority AS tasks_priority, tasks.custom AS tasks_custom, tasks.machine AS tasks_machine, tasks.package AS tasks_package, tasks.route AS tasks_route, tasks.tags_tasks AS tasks_tags_tasks, tasks.options AS tasks_options, tasks.platform AS tasks_platform, tasks.memory AS tasks_memory, tasks.enforce_timeout AS tasks_enforce_timeout, tasks.clock AS tasks_clock, tasks.added_on AS tasks_added_on, tasks.started_on AS tasks_started_on, tasks.completed_on AS tasks_completed_on, tasks.status AS tasks_status, tasks.dropped_files AS tasks_dropped_files, tasks.running_processes AS tasks_running_processes, tasks.api_calls AS tasks_api_calls, tasks.domains AS tasks_domains, tasks.signatures_total AS tasks_signatures_total, tasks.signatures_alert AS tasks_signatures_alert, tasks.files_written AS tasks_files_written, tasks.registry_keys_modified AS tasks_registry_keys_modified, tasks.crash_issues AS tasks_crash_issues, tasks.anti_issues AS tasks_anti_issues, tasks.analysis_started_on AS tasks_analysis_started_on, tasks.analysis_finished_on AS tasks_analysis_finished_on, tasks.processing_started_on AS tasks_processing_started_on, tasks.processing_finished_on AS tasks_processing_finished_on, tasks.signatures_started_on AS tasks_signatures_started_on, tasks.signatures_finished_on AS tasks_signatures_finished_on, tasks.reporting_started_on AS tasks_reporting_started_on, tasks.reporting_finished_on AS tasks_reporting_finished_on, tasks.timedout AS tasks_timedout, tasks.sample_id AS tasks_sample_id, tasks.machine_id AS tasks_machine_id, tasks.shrike_url AS tasks_shrike_url, tasks.shrike_refer AS tasks_shrike_refer, tasks.shrike_msg AS tasks_shrike_msg, tasks.shrike_sid AS tasks_shrike_sid, tasks.parent_id AS tasks_parent_id, tasks.tlp AS tasks_tlp, tasks.user_id AS tasks_user_id, tasks.username AS tasks_username, tags_1.id AS tags_1_id, tags_1.name AS tags_1_name, guests_1.id AS guests_1_id, guests_1.status AS guests_1_status, guests_1.name AS guests_1_name, guests_1.label AS guests_1_label, guests_1.platform AS guests_1_platform, guests_1.manager AS guests_1_manager, guests_1.started_on AS guests_1_started_on, guests_1.shutdown_on AS guests_1_shutdown_on, guests_1.task_id AS guests_1_task_id, errors_1.id AS errors_1_id, errors_1.message AS errors_1_message, errors_1.task_id AS errors_1_task_id 
FROM tasks LEFT OUTER JOIN (tasks_tags AS tasks_tags_1 JOIN tags AS tags_1 ON tags_1.id = tasks_tags_1.tag_id) ON tasks.id = tasks_tags_1.task_id LEFT OUTER JOIN guests AS guests_1 ON tasks.id = guests_1.task_id LEFT OUTER JOIN errors AS errors_1 ON tasks.id = errors_1.task_id 
WHERE tasks.status = %(status_1)s AND tasks.options NOT LIKE %(options_1)s ORDER BY tasks.priority DESC, tasks.added_on FOR UPDATE OF tasks
2024-08-03 15:45:09,801 INFO sqlalchemy.engine.Engine [cached since 1058s ago] {'status_1': 'pending', 'options_1': '%node=%'}
2024-08-03 15:45:09,801 [sqlalchemy.engine.Engine] INFO: [cached since 1058s ago] {'status_1': 'pending', 'options_1': '%node=%'}
2024-08-03 15:45:09,804 INFO sqlalchemy.engine.Engine COMMIT
2024-08-03 15:45:09,804 [sqlalchemy.engine.Engine] INFO: COMMIT
2024-08-03 15:45:10,806 INFO sqlalchemy.engine.Engine BEGIN (implicit)
2024-08-03 15:45:10,806 [sqlalchemy.engine.Engine] INFO: BEGIN (implicit)
2024-08-03 15:45:10,807 INFO sqlalchemy.engine.Engine SELECT count(*) AS count_1 
FROM (SELECT machines.id AS machines_id, machines.name AS machines_name, machines.label AS machines_label, machines.arch AS machines_arch, machines.ip AS machines_ip, machines.platform AS machines_platform, machines.interface AS machines_interface, machines.snapshot AS machines_snapshot, machines.locked AS machines_locked, machines.locked_changed_on AS machines_locked_changed_on, machines.status AS machines_status, machines.status_changed_on AS machines_status_changed_on, machines.resultserver_ip AS machines_resultserver_ip, machines.resultserver_port AS machines_resultserver_port, machines.reserved AS machines_reserved 
FROM machines 
WHERE machines.locked = true) AS anon_1
2024-08-03 15:45:10,807 [sqlalchemy.engine.Engine] INFO: SELECT count(*) AS count_1 
FROM (SELECT machines.id AS machines_id, machines.name AS machines_name, machines.label AS machines_label, machines.arch AS machines_arch, machines.ip AS machines_ip, machines.platform AS machines_platform, machines.interface AS machines_interface, machines.snapshot AS machines_snapshot, machines.locked AS machines_locked, machines.locked_changed_on AS machines_locked_changed_on, machines.status AS machines_status, machines.status_changed_on AS machines_status_changed_on, machines.resultserver_ip AS machines_resultserver_ip, machines.resultserver_port AS machines_resultserver_port, machines.reserved AS machines_reserved 
FROM machines 
WHERE machines.locked = true) AS anon_1
2024-08-03 15:45:10,807 INFO sqlalchemy.engine.Engine [cached since 1059s ago] {}
2024-08-03 15:45:10,807 [sqlalchemy.engine.Engine] INFO: [cached since 1059s ago] {}
2024-08-03 15:45:10,808 INFO sqlalchemy.engine.Engine SELECT tasks.id AS tasks_id, tasks.target AS tasks_target, tasks.category AS tasks_category, tasks.cape AS tasks_cape, tasks.timeout AS tasks_timeout, tasks.priority AS tasks_priority, tasks.custom AS tasks_custom, tasks.machine AS tasks_machine, tasks.package AS tasks_package, tasks.route AS tasks_route, tasks.tags_tasks AS tasks_tags_tasks, tasks.options AS tasks_options, tasks.platform AS tasks_platform, tasks.memory AS tasks_memory, tasks.enforce_timeout AS tasks_enforce_timeout, tasks.clock AS tasks_clock, tasks.added_on AS tasks_added_on, tasks.started_on AS tasks_started_on, tasks.completed_on AS tasks_completed_on, tasks.status AS tasks_status, tasks.dropped_files AS tasks_dropped_files, tasks.running_processes AS tasks_running_processes, tasks.api_calls AS tasks_api_calls, tasks.domains AS tasks_domains, tasks.signatures_total AS tasks_signatures_total, tasks.signatures_alert AS tasks_signatures_alert, tasks.files_written AS tasks_files_written, tasks.registry_keys_modified AS tasks_registry_keys_modified, tasks.crash_issues AS tasks_crash_issues, tasks.anti_issues AS tasks_anti_issues, tasks.analysis_started_on AS tasks_analysis_started_on, tasks.analysis_finished_on AS tasks_analysis_finished_on, tasks.processing_started_on AS tasks_processing_started_on, tasks.processing_finished_on AS tasks_processing_finished_on, tasks.signatures_started_on AS tasks_signatures_started_on, tasks.signatures_finished_on AS tasks_signatures_finished_on, tasks.reporting_started_on AS tasks_reporting_started_on, tasks.reporting_finished_on AS tasks_reporting_finished_on, tasks.timedout AS tasks_timedout, tasks.sample_id AS tasks_sample_id, tasks.machine_id AS tasks_machine_id, tasks.shrike_url AS tasks_shrike_url, tasks.shrike_refer AS tasks_shrike_refer, tasks.shrike_msg AS tasks_shrike_msg, tasks.shrike_sid AS tasks_shrike_sid, tasks.parent_id AS tasks_parent_id, tasks.tlp AS tasks_tlp, tasks.user_id AS tasks_user_id, tasks.username AS tasks_username, tags_1.id AS tags_1_id, tags_1.name AS tags_1_name, guests_1.id AS guests_1_id, guests_1.status AS guests_1_status, guests_1.name AS guests_1_name, guests_1.label AS guests_1_label, guests_1.platform AS guests_1_platform, guests_1.manager AS guests_1_manager, guests_1.started_on AS guests_1_started_on, guests_1.shutdown_on AS guests_1_shutdown_on, guests_1.task_id AS guests_1_task_id, errors_1.id AS errors_1_id, errors_1.message AS errors_1_message, errors_1.task_id AS errors_1_task_id 
FROM tasks LEFT OUTER JOIN (tasks_tags AS tasks_tags_1 JOIN tags AS tags_1 ON tags_1.id = tasks_tags_1.tag_id) ON tasks.id = tasks_tags_1.task_id LEFT OUTER JOIN guests AS guests_1 ON tasks.id = guests_1.task_id LEFT OUTER JOIN errors AS errors_1 ON tasks.id = errors_1.task_id 
WHERE tasks.status = %(status_1)s AND tasks.options NOT LIKE %(options_1)s ORDER BY tasks.priority DESC, tasks.added_on FOR UPDATE OF tasks
2024-08-03 15:45:10,808 [sqlalchemy.engine.Engine] INFO: SELECT tasks.id AS tasks_id, tasks.target AS tasks_target, tasks.category AS tasks_category, tasks.cape AS tasks_cape, tasks.timeout AS tasks_timeout, tasks.priority AS tasks_priority, tasks.custom AS tasks_custom, tasks.machine AS tasks_machine, tasks.package AS tasks_package, tasks.route AS tasks_route, tasks.tags_tasks AS tasks_tags_tasks, tasks.options AS tasks_options, tasks.platform AS tasks_platform, tasks.memory AS tasks_memory, tasks.enforce_timeout AS tasks_enforce_timeout, tasks.clock AS tasks_clock, tasks.added_on AS tasks_added_on, tasks.started_on AS tasks_started_on, tasks.completed_on AS tasks_completed_on, tasks.status AS tasks_status, tasks.dropped_files AS tasks_dropped_files, tasks.running_processes AS tasks_running_processes, tasks.api_calls AS tasks_api_calls, tasks.domains AS tasks_domains, tasks.signatures_total AS tasks_signatures_total, tasks.signatures_alert AS tasks_signatures_alert, tasks.files_written AS tasks_files_written, tasks.registry_keys_modified AS tasks_registry_keys_modified, tasks.crash_issues AS tasks_crash_issues, tasks.anti_issues AS tasks_anti_issues, tasks.analysis_started_on AS tasks_analysis_started_on, tasks.analysis_finished_on AS tasks_analysis_finished_on, tasks.processing_started_on AS tasks_processing_started_on, tasks.processing_finished_on AS tasks_processing_finished_on, tasks.signatures_started_on AS tasks_signatures_started_on, tasks.signatures_finished_on AS tasks_signatures_finished_on, tasks.reporting_started_on AS tasks_reporting_started_on, tasks.reporting_finished_on AS tasks_reporting_finished_on, tasks.timedout AS tasks_timedout, tasks.sample_id AS tasks_sample_id, tasks.machine_id AS tasks_machine_id, tasks.shrike_url AS tasks_shrike_url, tasks.shrike_refer AS tasks_shrike_refer, tasks.shrike_msg AS tasks_shrike_msg, tasks.shrike_sid AS tasks_shrike_sid, tasks.parent_id AS tasks_parent_id, tasks.tlp AS tasks_tlp, tasks.user_id AS tasks_user_id, tasks.username AS tasks_username, tags_1.id AS tags_1_id, tags_1.name AS tags_1_name, guests_1.id AS guests_1_id, guests_1.status AS guests_1_status, guests_1.name AS guests_1_name, guests_1.label AS guests_1_label, guests_1.platform AS guests_1_platform, guests_1.manager AS guests_1_manager, guests_1.started_on AS guests_1_started_on, guests_1.shutdown_on AS guests_1_shutdown_on, guests_1.task_id AS guests_1_task_id, errors_1.id AS errors_1_id, errors_1.message AS errors_1_message, errors_1.task_id AS errors_1_task_id 
FROM tasks LEFT OUTER JOIN (tasks_tags AS tasks_tags_1 JOIN tags AS tags_1 ON tags_1.id = tasks_tags_1.tag_id) ON tasks.id = tasks_tags_1.task_id LEFT OUTER JOIN guests AS guests_1 ON tasks.id = guests_1.task_id LEFT OUTER JOIN errors AS errors_1 ON tasks.id = errors_1.task_id 
WHERE tasks.status = %(status_1)s AND tasks.options NOT LIKE %(options_1)s ORDER BY tasks.priority DESC, tasks.added_on FOR UPDATE OF tasks
2024-08-03 15:45:10,808 INFO sqlalchemy.engine.Engine [cached since 1059s ago] {'status_1': 'pending', 'options_1': '%node=%'}
2024-08-03 15:45:10,808 [sqlalchemy.engine.Engine] INFO: [cached since 1059s ago] {'status_1': 'pending', 'options_1': '%node=%'}
2024-08-03 15:45:10,810 INFO sqlalchemy.engine.Engine COMMIT
2024-08-03 15:45:10,810 [sqlalchemy.engine.Engine] INFO: COMMIT
2024-08-03 15:45:11,812 INFO sqlalchemy.engine.Engine BEGIN (implicit)
2024-08-03 15:45:11,812 [sqlalchemy.engine.Engine] INFO: BEGIN (implicit)
2024-08-03 15:45:11,813 INFO sqlalchemy.engine.Engine SELECT count(*) AS count_1 
FROM (SELECT machines.id AS machines_id, machines.name AS machines_name, machines.label AS machines_label, machines.arch AS machines_arch, machines.ip AS machines_ip, machines.platform AS machines_platform, machines.interface AS machines_interface, machines.snapshot AS machines_snapshot, machines.locked AS machines_locked, machines.locked_changed_on AS machines_locked_changed_on, machines.status AS machines_status, machines.status_changed_on AS machines_status_changed_on, machines.resultserver_ip AS machines_resultserver_ip, machines.resultserver_port AS machines_resultserver_port, machines.reserved AS machines_reserved 
FROM machines 
WHERE machines.locked = true) AS anon_1
2024-08-03 15:45:11,813 [sqlalchemy.engine.Engine] INFO: SELECT count(*) AS count_1 
FROM (SELECT machines.id AS machines_id, machines.name AS machines_name, machines.label AS machines_label, machines.arch AS machines_arch, machines.ip AS machines_ip, machines.platform AS machines_platform, machines.interface AS machines_interface, machines.snapshot AS machines_snapshot, machines.locked AS machines_locked, machines.locked_changed_on AS machines_locked_changed_on, machines.status AS machines_status, machines.status_changed_on AS machines_status_changed_on, machines.resultserver_ip AS machines_resultserver_ip, machines.resultserver_port AS machines_resultserver_port, machines.reserved AS machines_reserved 
FROM machines 
WHERE machines.locked = true) AS anon_1

@marsomx
Copy link
Author

marsomx commented Aug 23, 2024
edited
Loading

@doomedraven i updated os and cape and errors due to sqlalchemy seem to be fixed. unfortunately i got another error, Basically the analysis started as expected but after few seconds, task turned in failed and physical machine was rebooted. This is the log of the analysis task on web gui:

2024-08-22 13:31:13,357 [root] INFO: Date set to: 20240822T13:31:14, timeout set to: 200
2024-08-22 13:31:14,000 [root] DEBUG: Starting analyzer from: C:\tmp8sz0jlcw
2024-08-22 13:31:14,000 [root] DEBUG: Storing results at: C:\EJVzYsIz
2024-08-22 13:31:14,000 [root] DEBUG: Pipe server name: \\.\PIPE\QNUdrqGaF
2024-08-22 13:31:14,000 [root] DEBUG: Python path: C:\Users\sam\AppData\Local\Programs\Python\Python310-32
2024-08-22 13:31:14,000 [root] INFO: analysis running as an admin
2024-08-22 13:31:14,000 [root] INFO: analysis package specified: "exe"
2024-08-22 13:31:14,000 [root] DEBUG: importing analysis package module: "modules.packages.exe"...
2024-08-22 13:31:14,010 [root] DEBUG: imported analysis package "exe"
2024-08-22 13:31:14,010 [root] DEBUG: initializing analysis package "exe"...
2024-08-22 13:31:14,010 [lib.common.common] INFO: wrapping
2024-08-22 13:31:14,010 [lib.core.compound] INFO: C:\Users\sam\AppData\Local\Temp already exists, skipping creation
2024-08-22 13:31:14,010 [root] DEBUG: New location of moved file: C:\Users\sam\AppData\Local\Temp\2cdf95d8ff803328ea77.exe
2024-08-22 13:31:14,010 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2024-08-22 13:31:14,010 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2024-08-22 13:31:14,010 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2024-08-22 13:31:14,010 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2024-08-22 13:31:14,010 [root] DEBUG: Importing auxiliary module "modules.auxiliary.DNS_ETW"...
2024-08-22 13:31:14,026 [modules.auxiliary.DNS_ETW] DEBUG: Could not load auxiliary module DNS_ETW due to 'No module named 'etw''
2024-08-22 13:31:14,026 [root] ERROR: Traceback (most recent call last):
  File "C:\tmp8sz0jlcw\modules\auxiliary\DNS_ETW.py", line 17, in <module>
    from etw import ETW, ProviderInfo
ModuleNotFoundError: No module named 'etw'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\tmp8sz0jlcw\analyzer.py", line 1524, in <module>
    success = analyzer.run()
  File "C:\tmp8sz0jlcw\analyzer.py", line 507, in run
    __import__(name, globals(), locals(), ["dummy"])
  File "C:\tmp8sz0jlcw\modules\auxiliary\DNS_ETW.py", line 22, in <module>
    raise CuckooPackageError("In order to use DNS_ETW functionality, it " "is required to have pywintrace setup in python.")
lib.common.exceptions.CuckooPackageError: In order to use DNS_ETW functionality, it is required to have pywintrace setup in python.
Traceback (most recent call last):
  File "C:\tmp8sz0jlcw\modules\auxiliary\DNS_ETW.py", line 17, in <module>
    from etw import ETW, ProviderInfo
ModuleNotFoundError: No module named 'etw'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\tmp8sz0jlcw\analyzer.py", line 1524, in <module>
    success = analyzer.run()
  File "C:\tmp8sz0jlcw\analyzer.py", line 507, in run
    __import__(name, globals(), locals(), ["dummy"])
  File "C:\tmp8sz0jlcw\modules\auxiliary\DNS_ETW.py", line 22, in <module>
    raise CuckooPackageError("In order to use DNS_ETW functionality, it " "is required to have pywintrace setup in python.")
lib.common.exceptions.CuckooPackageError: In order to use DNS_ETW functionality, it is required to have pywintrace setup in python.
2024-08-22 13:31:14,026 [root] WARNING: Folder at path "C:\EJVzYsIz\debugger" does not exist, skipping
2024-08-22 13:31:14,026 [root] WARNING: Folder at path "C:\EJVzYsIz\tlsdump" does not exist, skipping
2024-08-22 13:31:14,026 [root] INFO: Analysis completed

from the DNS_ETW module:

try:
    from etw import ETW, ProviderInfo
    from etw import evntrace as et
    from etw.GUID import GUID
except Exception as e:
    log.debug(f"Could not load auxiliary module DNS_ETW due to '{e}'")
    raise CuckooPackageError("In order to use DNS_ETW functionality, it " "is required to have pywintrace setup in python.")

I noticed that DNS_ETW was added only 3 days ago.. pywintrace is required on physical host?.
can you help me?

@doomedraven
Copy link
Collaborator

hey, sorry, for no responses, jumping between vacations and work. i have pushed fix, do git pull, you don't need to restart nothing at all

@marsomx
Copy link
Author

marsomx commented Aug 23, 2024
edited
Loading

@doomedraven thanks for reply ;-) .. as you wrote before (update) pywintrace is required on physical host?

@marsomx
Copy link
Author

marsomx commented Aug 23, 2024

@doomedraven the fix did not solve the problem ... perhaps the lack of pywintrace raises the exception

@doomedraven
Copy link
Collaborator

pywintrace is not required, is windows side dependency in case you want to get ETW events, well if it didn't fit it, then remove that file from you cape, i don't have time to dig into that right now

@doomedraven
Copy link
Collaborator

also as you say it didn't fix, show the error

@marsomx
Copy link
Author

marsomx commented Aug 23, 2024

yep.. think I will apply this workaround, also because it is not possible to disable the module from the auxiliary config file

@doomedraven
Copy link
Collaborator

saying that something doesn't work without error trace is not very useful

@doomedraven
Copy link
Collaborator

closing this as original issue doesn't exist anymore. and would appreciate the error msg after git pull as you say dns etw is not fixed

@marsomx
Copy link
Author

marsomx commented Sep 8, 2024
edited
Loading

the problem with sqlalchemy resurfaced after last update (machine and capev2). Capev2 was in 'clean' state.
this is the log:

2024-09-08 11:28:20,564 [modules.auxiliary.QemuScreenshots] ERROR: No module named 'libvirt'
2024-09-08 11:28:22,115 [lib.cuckoo.core.machinery_manager] INFO: Using MachineryManager[physical] with max_machines_count=10
2024-09-08 11:28:22,115 [lib.cuckoo.core.scheduler] INFO: Creating scheduler with max_analysis_count=unlimited
2024-09-08 11:28:25,559 [lib.cuckoo.core.machinery_manager] INFO: Loaded 1 machine
2024-09-08 11:28:25,590 [lib.cuckoo.core.machinery_manager] INFO: max_vmstartup_count for BoundedSemaphore = 5
2024-09-08 11:28:25,594 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks
2024-09-08 11:53:04,553 [lib.cuckoo.core.machinery_manager] INFO: Task #1: found useable machine physical01 (arch=x64, platform=windows)
2024-09-08 11:53:04,553 [lib.cuckoo.core.scheduler] INFO: Task #1: Processing task
2024-09-08 11:53:04,667 [lib.cuckoo.core.analysis_manager] INFO: Task #1: Starting analysis of FILE '/tmp/cuckoo-tmp/upload_3ez_u6wo/cs.dll'
2024-09-08 11:53:04,695 [lib.cuckoo.core.analysis_manager] INFO: Task #1: Enabled route 'internet'.
2024-09-08 11:53:04,700 [modules.auxiliary.QemuScreenshots] INFO: QEMU screenshots module loaded
2024-09-08 11:53:04,711 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 4345 (interface=enp2s0, host=192.168.1.101, dump path=/opt/CAPEv2/storage/analyses/1/dump.pcap)
2024-09-08 11:53:05,215 [lib.cuckoo.core.guest] INFO: Task #1: Starting analysis on guest (id=physical01, ip=192.168.1.101)
2024-09-08 11:53:05,231 [lib.cuckoo.core.guest] INFO: Task #1: Guest is running CAPE Agent 0.17 (id=physical01, ip=192.168.1.101)
2024-09-08 11:53:07,391 [lib.cuckoo.core.guest] INFO: Task #1: Uploading script files to guest (id=physical01, ip=192.168.1.101)
2024-09-08 11:57:27,655 [lib.cuckoo.core.guest] INFO: Task #1: End of analysis reached! (id=physical01, ip=192.168.1.101)
2024-09-08 11:57:27,768 [lib.cuckoo.core.analysis_manager] INFO: Task #1: Disabled route 'internet'
2024-09-08 12:13:22,128 [lib.cuckoo.core.analysis_manager] ERROR: Task #1: failure in AnalysisManager.run
Traceback (most recent call last):
  File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 497, in run
    self.launch_analysis()
  File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 459, in launch_analysis
    success = self.perform_analysis()
  File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 443, in perform_analysis
    with self.machine_running(), self.result_server(), self.network_routing(), self.run_auxiliary():
  File "/usr/lib/python3.10/contextlib.py", line 142, in __exit__
    next(self.gen)
  File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 335, in machine_running
    self.machinery_manager.machinery.release(self.machine)
  File "/opt/CAPEv2/lib/cuckoo/common/abstracts.py", line 270, in release
    return self.db.unlock_machine(machine)
  File "/opt/CAPEv2/lib/cuckoo/core/database.py", line 978, in unlock_machine
    self.session.add(machine)
  File "<string>", line 2, in add
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/session.py", line 2648, in add
    self._save_or_update_state(state)
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/session.py", line 2672, in _save_or_update_state
    self._save_or_update_impl(state)
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/session.py", line 3289, in _save_or_update_impl
    self._update_impl(state)
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/session.py", line 3278, in _update_impl
    self.identity_map.add(state)
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/sqlalchemy/orm/identity.py", line 151, in add
    raise sa_exc.InvalidRequestError(
sqlalchemy.exc.InvalidRequestError: Can't attach instance <Machine at 0x73b53a191300>; another instance with key (<class 'lib.cuckoo.core.database.Machine'>, (1,), None) is already present in this session.

can anyone help me solve it definitively? or is it better to reinstall cape?
@doomedraven please could you reopen the issue?

@doomedraven doomedraven reopened this Sep 8, 2024
@marsomx
Copy link
Author

marsomx commented Sep 10, 2024

I have investigated further and I have noticed a weird behaviour. if I restore the machine to the cleaned state and launch a normal exe with default options, the analysis works, it is completed correctly without errors.
instead in the previous analysis i ran a dll with dll analyzer and some options (dllloader and function) and it failed for some reason (may be for some wrong option value), getting the sqlalchemy error message. could this have been the cause?

@doomedraven please consider closing the case again. Thanks!!

@doomedraven
Copy link
Collaborator

doomedraven commented Sep 10, 2024 via email

@marsomx
Copy link
Author

marsomx commented Sep 10, 2024

Not directly, of course... I meant that if the analysis is not completed correctly it could cause a sqlalchemy session problem.

Sql errors are not related to cape options El mar, 10 sept 2024, 7:12, marsomx @.> escribió:

I have investigated further and I have noticed a weird behaviour. if I restore the machine to the cleaned state and launch a normal exe with default options, the analysis works, it is completed correctly without errors. instead in the previous analysis i ran a dll with dll analyzer and some options (dllloader and function) and it failed for some reason (may be for some wrong option value), getting the sqlalchemy error message. could this have been the cause? @doomedraven https://github.com/doomedraven please consider closing the case again. Thanks!! — Reply to this email directly, view it on GitHub <#2258 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAOFH36UU2JUR5QA62UAV63ZV2EVDAVCNFSM6AAAAABL4F3XMKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMZZG42TCMZYGM . You are receiving this because you were mentioned.Message ID: @.>

@boulwabd boulwabd mentioned this issue Oct 15, 2024
Closed
6 tasks
@marsomx
Copy link
Author

marsomx commented Dec 13, 2024

@doomedraven sorry if i ping you agains.. only one question.. after configuration parser modification (1 November) it seems my physical CAPE is not able to extract malware configuration anymore.. i've done required step with poetry install.. other action are required in files configuration? thanks in advance

@doomedraven
Copy link
Collaborator

np, strange, no you don't need to do nothing else, you just need to have installed cape-parsers which is part of pyproject.toml. did you restart processing? if yes, can you do next as cape user:

  • cd /opt/CAPEv2/utils && poetry run python process.py -r <task_id> -d so that should give us an clue

@marsomx
Copy link
Author

marsomx commented Dec 14, 2024

np, strange, no you don't need to do nothing else, you just need to have installed cape-parsers which is part of pyproject.toml. did you restart processing? if yes, can you do next as cape user:

  • cd /opt/CAPEv2/utils && poetry run python process.py -r <task_id> -d so that should give us an clue

i submitted a lumma payoad (dumped from previous analysis) and this is the result of mentioned command

2024-12-14 10:22:51,548 [root] DEBUG: Importing modules...
2024-12-14 10:22:51,550 [modules.auxiliary.QemuScreenshots] DEBUG: Importing 'PIL.ImageChops.difference'
2024-12-14 10:22:51,550 [modules.auxiliary.QemuScreenshots] DEBUG: Importing 'PIL.ImageDraw'
2024-12-14 10:22:51,551 [modules.auxiliary.QemuScreenshots] DEBUG: Importing 'PIL.Image'
2024-12-14 10:22:51,551 [modules.auxiliary.QemuScreenshots] ERROR: No module named 'libvirt'
OPTIONAL! Missed dependency: poetry run pip install peepdf-3
pip3 install certvalidator asn1crypto mscerts
OPTIONAL! Missed dependency: poetry run pip install -U git+https://github.com/DissectMalware/batch_deobfuscator
OPTIONAL! Missed dependency: poetry run pip install -U git+https://github.com/CAPESandbox/httpreplay
2024-12-14 10:22:52,202 [capa.rules] DEBUG: reading rules from directory /opt/CAPEv2/data/capa-rules
2024-12-14 10:22:52,228 [capa.rules.cache] DEBUG: loading rule set from cache: /home/cape/.cache/capa/capa-8c6bac93.cache
2024-12-14 10:22:52,333 [capa.loader] DEBUG: reading signatures from directory /opt/CAPEv2/data/flare-signatures
2024-12-14 10:22:52,333 [capa.loader] DEBUG: found signature file: /opt/CAPEv2/data/flare-signatures/1_flare_msvc_rtf_32_64.sig
2024-12-14 10:22:52,333 [capa.loader] DEBUG: found signature file: /opt/CAPEv2/data/flare-signatures/2_flare_msvc_atlmfc_32_64.sig
2024-12-14 10:22:52,333 [capa.loader] DEBUG: found signature file: /opt/CAPEv2/data/flare-signatures/3_flare_common_libs.sig
2024-12-14 10:22:52,335 [root] DEBUG: Imported "auxiliary" modules:
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- AzSniffer
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- Mitmdump
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- QEMUScreenshots
2024-12-14 10:22:52,336 [root] DEBUG: 	 `-- Sniffer
2024-12-14 10:22:52,336 [root] DEBUG: Imported "processing" modules:
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- CAPE
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- AnalysisInfo
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- Autoruns
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- BehaviorAnalysis
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- Debug
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- NetworkAnalysis
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- ProcessMemory
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- script_log_processing
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- Suricata
2024-12-14 10:22:52,336 [root] DEBUG: 	 `-- UrlAnalysis
2024-12-14 10:22:52,336 [root] DEBUG: Imported "signatures" modules:
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- ClamAV
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- KnownVirustotal
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- BadCerts
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- BadSSLCerts
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- ZeusP2P
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- ZeusURL
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- AthenaHttp
2024-12-14 10:22:52,336 [root] DEBUG: 	 |-- DirtJumper
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- Drive
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- Drive2
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- Madness
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- FamilyProxyBack
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- FlareCAPAAntiAnalysis
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- FlareCAPACollection
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- FlareCAPACompiler
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- FlareCAPADataManipulation
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- FlareCAPAExecutable
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- FlareCAPAHostInteration
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- FlareCAPAcommunication
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- FlareCAPALib
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- FlareCAPALinking
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- FlareCAPALoadCode
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- FlareCAPAMalwareFamily
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- FlareCAPANursery
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- FlareCAPAPersistence
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- FlareCAPARuntime
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- FlareCAPATargeting
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- Log4j
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- MimicsExtension
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- NetworkCountryDistribution
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- NetworkMultipleDirectIPConnections
2024-12-14 10:22:52,337 [root] DEBUG: 	 |-- NetworkCnCHTTP
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- NetworkHTTPPOST
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- NetworkIPEXE
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- NetworkDGA
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- NetworkDGAFraunhofer
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- NetworkDynDNS
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- NetworkExcessiveUDP
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- NetworkHTTP
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- NetworkICMP
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- NetworkIRC
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- NetworkOpenProxy
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- NetworkP2P
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- NetworkQuestionableHost
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- NetworkQuestionableHttpPath
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- NetworkQuestionableHttpsPath
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- NetworkSMTP
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- TorGateway
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- BuildLangID
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- ResourceLangID
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- overlay
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- PackerUnknownPESectionName
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- ASPackPacked
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- AspireCryptPacked
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- BedsProtectorPacked
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- ConfuserPacked
2024-12-14 10:22:52,338 [root] DEBUG: 	 |-- EnigmaPacked
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- PackerEntropy
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- MPressPacked
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- NatePacked
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- NsPacked
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- SmartAssemblyPacked
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- SpicesPacked
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- ThemidaPacked
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- ThemidaPackedSection
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- TitanPacked
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- UPXCompressed
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- VMPPacked
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- YodaPacked
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- PDF_Annot_URLs
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- Polymorphic
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- PunchPlusPlusPCREs
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- Procmem_Yara
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- CheckIP
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- Authenticode
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- InvalidAuthenticodeSignature
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- DotNetAnomaly
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- Static_Java
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- Static_PDF
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- PEAnomaly
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- PECompileTimeStomping
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- StaticPEPDBPath
2024-12-14 10:22:52,339 [root] DEBUG: 	 |-- RATConfig
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- VersionInfoAnomaly
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- StealthNetwork
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- SuricataAlert
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- VolDevicetree1
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- VolHandles1
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- VolLdrModules1
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- VolLdrModules2
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- VolMalfind1
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- VolMalfind2
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- VolModscan1
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- VolSvcscan1
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- VolSvcscan2
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- VolSvcscan3
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- WHOIS_Create
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- AccessesMailslot
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- AccessesNetlogonRegkey
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- AccessesPublicFolder
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- AccessesSysvol
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- WritesSysvol
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- AddsAdminUser
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- AddsUser
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- OverwritesAdminPassword
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- anomalous_deletefile
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- AntiAnalysisDetectFile
2024-12-14 10:22:52,340 [root] DEBUG: 	 |-- AntiAnalysisDetectReg
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- QihooDetectLibs
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- AhnlabDetectLibs
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- AvastDetectLibs
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- BitdefenderDetectLibs
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- BullguardDetectLibs
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- ModifiesAttachmentManager
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- AntiAVDetectFile
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- AntiAVDetectReg
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- EmsisoftDetectLibs
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- QurbDetectLibs
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- AntiAVServiceStop
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- AntiAVSRP
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- AntiAVWhitespace
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- antidebug_addvectoredexceptionhandler
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- APIOverrideDetectLibs
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- antidebug_checkremotedebuggerpresent
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- antidebug_debugactiveprocess
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- AntiDBGDevices
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- antidebug_gettickcount
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- antidebug_guardpages
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- antidebug_ntcreatethreadex
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- BullguardDetectLibs
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- antidebug_ntsetinformationthread
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- antidebug_outputdebugstring
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- antidebug_setunhandledexceptionfilter
2024-12-14 10:22:52,341 [root] DEBUG: 	 |-- AntiDBGWindows
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- AntiEmuWinDefend
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- WineDetectReg
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- WineDetectFunc
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- AntiSandboxCheckUserdomain
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- AntiCuckoo
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- CuckooDetectFiles
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- CuckooCrash
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- AntiSandboxForegroundWindow
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- FortinetDetectFiles
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- SandboxJoeAnubisDetectFiles
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- HookMouse
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- AntiSandboxRestart
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- SandboxieDetectLibs
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- AntisandboxSboxieMutex
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- AntiSandboxSboxieObjects
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- AntiSandboxScriptTimer
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- AntiSandboxSleep
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- SunbeltDetectFiles
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- SunbeltDetectLibs
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- AntiSandboxSuspend
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- ThreatTrackDetectFiles
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- Unhook
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- BochsDetectKeys
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- AntiVMDirectoryObjects
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- AntiVMBios
2024-12-14 10:22:52,342 [root] DEBUG: 	 |-- AntiVMCPU
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- DiskInformation
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- SetupAPIDiskInformation
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- AntiVMDiskReg
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- AntiVMSCSI
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- AntiVMServices
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- AntiVMSystem
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- HyperVDetectKeys
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- AntiVMChecksAvailableMemory
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- NetworkAdapters
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- ParallelsDetectKeys
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- VBoxDetectDevices
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- VBoxDetectFiles
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- VBoxDetectKeys
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- VBoxDetectLibs
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- VBoxDetectProvname
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- VBoxDetectWindow
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- VMwareDetectDevices
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- VMwareDetectEvent
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- VMwareDetectFiles
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- VMwareDetectKeys
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- VMwareDetectLibs
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- VMwareDetectMutexes
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- VPCDetectFiles
2024-12-14 10:22:52,343 [root] DEBUG: 	 |-- VPCDetectKeys
2024-12-14 10:22:52,344 [root] DEBUG: 	 |-- VPCDetectMutex
2024-12-14 10:22:52,344 [root] DEBUG: 	 |-- XenDetectKeys
2024-12-14 10:22:52,344 [root] DEBUG: 	 |-- APISpamming
2024-12-14 10:22:52,344 [root] DEBUG: 	 |-- api_uuidfromstringa
2024-12-14 10:22:52,344 [root] DEBUG: 	 |-- AsyncRatMutex
2024-12-14 10:22:52,344 [root] DEBUG: 	 |-- GulpixBehavior
2024-12-14 10:22:52,344 [root] DEBUG: 	 |-- KetricanRegkeys
2024-12-14 10:22:52,344 [root] DEBUG: 	 |-- OkrumMutexes
2024-12-14 10:22:52,344 [root] DEBUG: 	 |-- Cridex
2024-12-14 10:22:52,344 [root] DEBUG: 	 |-- Geodo
2024-12-14 10:22:52,345 [root] DEBUG: 	 |-- Prinimalka
2024-12-14 10:22:52,345 [root] DEBUG: 	 |-- SpyEyeMutexes
2024-12-14 10:22:52,345 [root] DEBUG: 	 |-- ZeusMutexes
2024-12-14 10:22:52,345 [root] DEBUG: 	 |-- BCDEditCommand
2024-12-14 10:22:52,345 [root] DEBUG: 	 |-- BitcoinOpenCL
2024-12-14 10:22:52,345 [root] DEBUG: 	 |-- AccessesPrimaryPartition
2024-12-14 10:22:52,345 [root] DEBUG: 	 |-- Bootkit
2024-12-14 10:22:52,345 [root] DEBUG: 	 |-- DirectHDDAccess
2024-12-14 10:22:52,345 [root] DEBUG: 	 |-- EnumeratesPhysicalDrives
2024-12-14 10:22:52,345 [root] DEBUG: 	 |-- PhysicalDriveAccess
2024-12-14 10:22:52,345 [root] DEBUG: 	 |-- PotentialOverWriteMBR
2024-12-14 10:22:52,345 [root] DEBUG: 	 |-- SuspiciousIoctlSCSIPassthough
2024-12-14 10:22:52,345 [root] DEBUG: 	 |-- Ruskill
2024-12-14 10:22:52,345 [root] DEBUG: 	 |-- BrowserAddon
2024-12-14 10:22:52,345 [root] DEBUG: 	 |-- ChromiumBrowserExtensionDirectory
2024-12-14 10:22:52,345 [root] DEBUG: 	 |-- BrowserHelperObject
2024-12-14 10:22:52,346 [root] DEBUG: 	 |-- BrowserNeeded
2024-12-14 10:22:52,346 [root] DEBUG: 	 |-- ModifyProxy
2024-12-14 10:22:52,346 [root] DEBUG: 	 |-- BrowserScanbox
2024-12-14 10:22:52,346 [root] DEBUG: 	 |-- BrowserSecurity
2024-12-14 10:22:52,346 [root] DEBUG: 	 |-- browser_startpage
2024-12-14 10:22:52,346 [root] DEBUG: 	 |-- FirefoxDisablesProcessPerTab
2024-12-14 10:22:52,346 [root] DEBUG: 	 |-- IEDisablesProcessPerTab
2024-12-14 10:22:52,346 [root] DEBUG: 	 |-- OdbcconfBypass
2024-12-14 10:22:52,346 [root] DEBUG: 	 |-- RegSrv32SquiblydooDLLLoad
2024-12-14 10:22:52,346 [root] DEBUG: 	 |-- SquiblydooBypass
2024-12-14 10:22:52,346 [root] DEBUG: 	 |-- SquiblytwoBypass
2024-12-14 10:22:52,347 [root] DEBUG: 	 |-- BypassFirewall
2024-12-14 10:22:52,347 [root] DEBUG: 	 |-- UACBypassCMSTP
2024-12-14 10:22:52,347 [root] DEBUG: 	 |-- UACBypassCMSTPCOM
2024-12-14 10:22:52,347 [root] DEBUG: 	 |-- UACBypassDelegateExecuteSdclt
2024-12-14 10:22:52,347 [root] DEBUG: 	 |-- UACBypassEventvwr
2024-12-14 10:22:52,347 [root] DEBUG: 	 |-- UACBypassFodhelper
2024-12-14 10:22:52,347 [root] DEBUG: 	 |-- CAPEExtractedContent
2024-12-14 10:22:52,347 [root] DEBUG: 	 |-- CarberpMutexes
2024-12-14 10:22:52,347 [root] DEBUG: 	 |-- ClearsLogs
2024-12-14 10:22:52,347 [root] DEBUG: 	 |-- ClickfraudCookies
2024-12-14 10:22:52,347 [root] DEBUG: 	 |-- ClickfraudVolume
2024-12-14 10:22:52,347 [root] DEBUG: 	 |-- CmdlineObfuscation
2024-12-14 10:22:52,347 [root] DEBUG: 	 |-- CmdlineSwitches
2024-12-14 10:22:52,347 [root] DEBUG: 	 |-- CmdlineTerminate
2024-12-14 10:22:52,347 [root] DEBUG: 	 |-- CommandLineForFilesWildCard
2024-12-14 10:22:52,347 [root] DEBUG: 	 |-- CommandLineHTTPLink
2024-12-14 10:22:52,347 [root] DEBUG: 	 |-- CommandLineLongString
2024-12-14 10:22:52,348 [root] DEBUG: 	 |-- CommandLineReversedHTTPLink
2024-12-14 10:22:52,348 [root] DEBUG: 	 |-- LongCommandline
2024-12-14 10:22:52,348 [root] DEBUG: 	 |-- PowershellRenamedCommandLine
2024-12-14 10:22:52,348 [root] DEBUG: 	 |-- SystemAccountDiscoveryCMD
2024-12-14 10:22:52,348 [root] DEBUG: 	 |-- SystemCurrentlyLoggedinUserCMD
2024-12-14 10:22:52,348 [root] DEBUG: 	 |-- SystemInfoDiscoveryCMD
2024-12-14 10:22:52,348 [root] DEBUG: 	 |-- SystemInfoDiscoveryPWSH
2024-12-14 10:22:52,348 [root] DEBUG: 	 |-- SystemNetworkDiscoveryCMD
2024-12-14 10:22:52,348 [root] DEBUG: 	 |-- SystemNetworkDiscoveryPWSH
2024-12-14 10:22:52,348 [root] DEBUG: 	 |-- SystemUserDiscoveryCMD
2024-12-14 10:22:52,348 [root] DEBUG: 	 |-- CompilesDotNetCode
2024-12-14 10:22:52,348 [root] DEBUG: 	 |-- CopiesSelf
2024-12-14 10:22:52,348 [root] DEBUG: 	 |-- CreatesExe
2024-12-14 10:22:52,348 [root] DEBUG: 	 |-- CreatesLargeKey
2024-12-14 10:22:52,348 [root] DEBUG: 	 |-- CreatesNullValue
2024-12-14 10:22:52,348 [root] DEBUG: 	 |-- CredWiz
2024-12-14 10:22:52,348 [root] DEBUG: 	 |-- EnablesWDigest
2024-12-14 10:22:52,349 [root] DEBUG: 	 |-- VaultCmd
2024-12-14 10:22:52,349 [root] DEBUG: 	 |-- FileCredentialStoreAccess
2024-12-14 10:22:52,349 [root] DEBUG: 	 |-- FileCredentialStoreWrite
2024-12-14 10:22:52,349 [root] DEBUG: 	 |-- LsassCredentialDumping
2024-12-14 10:22:52,349 [root] DEBUG: 	 |-- RegistryCredentialDumping
2024-12-14 10:22:52,349 [root] DEBUG: 	 |-- RegistryCredentialStoreAccess
2024-12-14 10:22:52,349 [root] DEBUG: 	 |-- RegistryLSASecretsAccess
2024-12-14 10:22:52,349 [root] DEBUG: 	 |-- ComsvcsCredentialDump
2024-12-14 10:22:52,349 [root] DEBUG: 	 |-- CriticalProcess
2024-12-14 10:22:52,349 [root] DEBUG: 	 |-- CryptGenKey
2024-12-14 10:22:52,349 [root] DEBUG: 	 |-- CryptominingStratumCommand
2024-12-14 10:22:52,349 [root] DEBUG: 	 |-- MINERS
2024-12-14 10:22:52,349 [root] DEBUG: 	 |-- CVE_2014_6332
2024-12-14 10:22:52,349 [root] DEBUG: 	 |-- CVE2015_2419_JS
2024-12-14 10:22:52,349 [root] DEBUG: 	 |-- CVE_2016_0189
2024-12-14 10:22:52,349 [root] DEBUG: 	 |-- CVE_2016_7200
2024-12-14 10:22:52,349 [root] DEBUG: 	 |-- CypherITMutexes
2024-12-14 10:22:52,350 [root] DEBUG: 	 |-- DarkCometRegkeys
2024-12-14 10:22:52,350 [root] DEBUG: 	 |-- DatopLoader
2024-12-14 10:22:52,350 [root] DEBUG: 	 |-- DeadConnect
2024-12-14 10:22:52,350 [root] DEBUG: 	 |-- DeadLink
2024-12-14 10:22:52,350 [root] DEBUG: 	 |-- DebugsSelf
2024-12-14 10:22:52,350 [root] DEBUG: 	 |-- DecoyDocument
2024-12-14 10:22:52,350 [root] DEBUG: 	 |-- DecoyImage
2024-12-14 10:22:52,350 [root] DEBUG: 	 |-- DeepFreezeMutex
2024-12-14 10:22:52,350 [root] DEBUG: 	 |-- DeletesExecutedFiles
2024-12-14 10:22:52,350 [root] DEBUG: 	 |-- DeletesSelf
2024-12-14 10:22:52,350 [root] DEBUG: 	 |-- DeletesShadowCopies
2024-12-14 10:22:52,350 [root] DEBUG: 	 |-- DeletesSystemStateBackup
2024-12-14 10:22:52,350 [root] DEBUG: 	 |-- DEPBypass
2024-12-14 10:22:52,350 [root] DEBUG: 	 |-- DEPDisable
2024-12-14 10:22:52,350 [root] DEBUG: 	 |-- DisablesAppLaunch
2024-12-14 10:22:52,350 [root] DEBUG: 	 |-- DisablesAutomaticAppTermination
2024-12-14 10:22:52,350 [root] DEBUG: 	 |-- DisablesAppVirtualiztion
2024-12-14 10:22:52,350 [root] DEBUG: 	 |-- DisablesBackups
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesBrowserWarn
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesContextMenus
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesCPLDisplay
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesCrashdumps
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesMappedDrivesAutodisconnect
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesEventLogging
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisableFolderOptions
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesNotificationCenter
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesPowerOptions
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesRestoreDefaultState
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisableRunCommand
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesSecurity
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesSmartScreen
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesSPDY
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesStartMenuSearch
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesSystemRestore
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesUAC
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesWER
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesWFP
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesWindowsDefender
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesWindowsDefenderDISM
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesWindowsDefenderLogging
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- RemovesWindowsDefenderContextMenu
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- WindowsDefenderPowerShell
2024-12-14 10:22:52,351 [root] DEBUG: 	 |-- DisablesWindowsFileProtection
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- DisablesWindowsUpdate
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- DisablesWindowsFirewall
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- DllLoadUncommonFileTypes
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- DocScriptEXEDrop
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- AdfindDomainEnumeration
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- DomainEnumerationCommands
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- AndromutMutexes
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- DownloaderCabby
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- GuLoaderAPIs
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- PhorpiexMutexes
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- ProtonBotMutexes
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- DriverFilterManager
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- DriverLoad
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- Dropper
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- EXEDropper_JS
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- dynamic_function_loading
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- DLLArchiveExecution
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- LNKArchiveExecution
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- ScriptArchiveExecution
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- EncryptedIOC
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- Excel4MacroUrls
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- Crash
2024-12-14 10:22:52,352 [root] DEBUG: 	 |-- ProcessCreationSuspiciousLocation
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- exploit_getbasekerneladdress
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- exploit_gethaldispatchtable
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- ExploitHeapspray
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- SpoolerAccess
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- SpoolerSvcStart
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- KoadicAPIs
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- KoadicNetworkActivity
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- Modiloader_APIs
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- MappedDrivesUAC
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- SystemMetrics
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- Generic_Phish
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- HidesRecycleBinIcon
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- HTTP_Request
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- ApocalypseStealerFileBehavior
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- ArkeiFiles
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- AzorultMutexes
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- BitcoinWallet
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- BrowserStealer
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- InfostealerBrowserPassword
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- CookiesStealer
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- CryptBotFiles
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- CryptBotNetwork
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- EchelonFiles
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- FTPStealer
2024-12-14 10:22:52,353 [root] DEBUG: 	 |-- IMStealer
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- KeyLogger
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- EmailStealer
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- MassLoggerArtifacts
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- MassLoggerFiles
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- MassLoggerVersion
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- PoullightFiles
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- PurpleWaveMutexes
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- PurpleWaveNetworkAcivity
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- QuilClipperMutexes
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- QuilClipperNetworkBehavior
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- QulabFiles
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- QulabMutexes
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- RaccoonInfoStealerMutex
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- raccoon
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- CapturesScreenshot
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- vidar
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- InjectionCRT
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- InjectionExplorer
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- InjectionExtension
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- InjectionNetworkTraffic
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- InjectionRUNPE
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- InjectionRWX
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- injection_themeinitapihook
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- Internet_Dropper
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- IPC_NamedPipe
2024-12-14 10:22:52,354 [root] DEBUG: 	 |-- JS_Phish
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- JS_SuspiciousRedirect
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- malicious_dynamic_function_loading
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- EncryptPCInfo
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- EnryptDataAgentTeslaHTTP
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- EnryptDataAgentTeslaHTTPT2
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- EnryptDataNanoCore
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- MartiansIE
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- MartiansOffice
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- MimicsAgent
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- MimicsFiletime
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- MimicsIcon
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- MasqueradesProcessName
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- MimikatzModules
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- QuilMinerNetworkBehavior
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- ModifiesCerts
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- DotNetCLRUsageLogKnob
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- Modifies_HostFile
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- ModifiesOEMInformation
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- ModifySecurityCenterWarnings
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- ModifiesUACNotify
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- ModifiesDesktopWallpaper
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- ZoneID
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- move_file_on_reboot
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- Multiple_UA
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- NetworkAnomaly
2024-12-14 10:22:52,355 [root] DEBUG: 	 |-- NetworkBIND
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkCnCHTTPSArchive
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkCnCHTTPSFreeWebHosting
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkCnCHTTPSGeneric
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkCnCHTTPSInteractsh
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkCnCHTTPSOpenSource
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkCnCHTTPSPasteSite
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkCnCHTTPSPayload
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkCnCHTTPSServiceInterface
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkCnCHTTPSSocialMedia
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkCnCHTTPSTelegram
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkCnCHTTPSTempStorageSite
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkCnCHTTPSTempURLDNS
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkCnCHTTPSURLShortenerSite
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkCnCHTTPSUserAgent
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkCnCSMTPSExfil
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkCnCSMTPSGeneric
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkDNSBlockChain
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkDNSIDN
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkDNSOpenNIC
2024-12-14 10:22:52,356 [root] DEBUG: 	 |-- NetworkDNSPasteSite
2024-12-14 10:22:52,357 [root] DEBUG: 	 |-- NetworkDNSReverseProxy
2024-12-14 10:22:52,357 [root] DEBUG: 	 |-- NetworkDNSSuspiciousQueryType
2024-12-14 10:22:52,357 [root] DEBUG: 	 |-- NetworkDNSTempFileService
2024-12-14 10:22:52,357 [root] DEBUG: 	 |-- NetworkDNSTempURLDNS
2024-12-14 10:22:52,357 [root] DEBUG: 	 |-- NetworkDNSTunnelingRequest
2024-12-14 10:22:52,357 [root] DEBUG: 	 |-- NetworkDNSURLShortener
2024-12-14 10:22:52,357 [root] DEBUG: 	 |-- NetworkDOHTLS
2024-12-14 10:22:52,357 [root] DEBUG: 	 |-- Suspicious_TLD
2024-12-14 10:22:52,357 [root] DEBUG: 	 |-- NetworkDocumentHTTP
2024-12-14 10:22:52,357 [root] DEBUG: 	 |-- ExplorerHTTP
2024-12-14 10:22:52,357 [root] DEBUG: 	 |-- NetworkFakeUserAgent
2024-12-14 10:22:52,357 [root] DEBUG: 	 |-- NetworkDocumentFile
2024-12-14 10:22:52,357 [root] DEBUG: 	 |-- NetworkEXE
2024-12-14 10:22:52,357 [root] DEBUG: 	 |-- Tor
2024-12-14 10:22:52,357 [root] DEBUG: 	 |-- TorHiddenService
2024-12-14 10:22:52,358 [root] DEBUG: 	 |-- Office_Code_Page
2024-12-14 10:22:52,358 [root] DEBUG: 	 |-- OfficeAddinLoading
2024-12-14 10:22:52,358 [root] DEBUG: 	 |-- OfficeCOMLoad
2024-12-14 10:22:52,358 [root] DEBUG: 	 |-- OfficeDotNetLoad
2024-12-14 10:22:52,358 [root] DEBUG: 	 |-- OfficeMSHTMLLoad
2024-12-14 10:22:52,358 [root] DEBUG: 	 |-- OfficePerfKey
2024-12-14 10:22:52,358 [root] DEBUG: 	 |-- OfficeVBLLoad
2024-12-14 10:22:52,358 [root] DEBUG: 	 |-- OfficeWMILoad
2024-12-14 10:22:52,358 [root] DEBUG: 	 |-- OfficeCVE201711882
2024-12-14 10:22:52,358 [root] DEBUG: 	 |-- OfficeCVE201711882Network
2024-12-14 10:22:52,358 [root] DEBUG: 	 |-- OfficeCVE202140444
2024-12-14 10:22:52,358 [root] DEBUG: 	 |-- OfficeCVE202140444M2
2024-12-14 10:22:52,358 [root] DEBUG: 	 |-- OfficeFlashLoad
2024-12-14 10:22:52,359 [root] DEBUG: 	 |-- OfficePostScript
2024-12-14 10:22:52,359 [root] DEBUG: 	 |-- Office_Macro
2024-12-14 10:22:52,359 [root] DEBUG: 	 |-- ChangesTrustCenter_settings
2024-12-14 10:22:52,359 [root] DEBUG: 	 |-- DisablesVBATrustAccess
2024-12-14 10:22:52,359 [root] DEBUG: 	 |-- OfficeMacroAutoExecution
2024-12-14 10:22:52,359 [root] DEBUG: 	 |-- OfficeMacroIOC
2024-12-14 10:22:52,359 [root] DEBUG: 	 |-- OfficeMacroMaliciousPredition
2024-12-14 10:22:52,359 [root] DEBUG: 	 |-- OfficeMacroSuspicious
2024-12-14 10:22:52,359 [root] DEBUG: 	 |-- RTFASLRBypass
2024-12-14 10:22:52,359 [root] DEBUG: 	 |-- RTFAnomalyCharacterSet
2024-12-14 10:22:52,359 [root] DEBUG: 	 |-- RTFAnomalyVersion
2024-12-14 10:22:52,359 [root] DEBUG: 	 |-- RTFEmbeddedContent
2024-12-14 10:22:52,359 [root] DEBUG: 	 |-- RTFEmbeddedOfficeFile
2024-12-14 10:22:52,359 [root] DEBUG: 	 |-- RTFExploitStatic
2024-12-14 10:22:52,359 [root] DEBUG: 	 |-- OfficeSecurity
2024-12-14 10:22:52,359 [root] DEBUG: 	 |-- OfficeAnamalousFeature
2024-12-14 10:22:52,359 [root] DEBUG: 	 |-- OfficeDDECommand
2024-12-14 10:22:52,360 [root] DEBUG: 	 |-- OfficeSuspiciousProcesses
2024-12-14 10:22:52,360 [root] DEBUG: 	 |-- OfficeWriteEXE
2024-12-14 10:22:52,360 [root] DEBUG: 	 |-- ArmadilloMutex
2024-12-14 10:22:52,360 [root] DEBUG: 	 |-- ArmadilloRegKey
2024-12-14 10:22:52,360 [root] DEBUG: 	 |-- ADS
2024-12-14 10:22:52,360 [root] DEBUG: 	 |-- Autorun
2024-12-14 10:22:52,360 [root] DEBUG: 	 |-- Autorun_scheduler
2024-12-14 10:22:52,360 [root] DEBUG: 	 |-- PersistenceSafeBoot
2024-12-14 10:22:52,360 [root] DEBUG: 	 |-- PersistenceBootexecute
2024-12-14 10:22:52,360 [root] DEBUG: 	 |-- PersistenceRegistryScript
2024-12-14 10:22:52,360 [root] DEBUG: 	 |-- PersistenceIFEO
2024-12-14 10:22:52,360 [root] DEBUG: 	 |-- PersistenceSilentProcessExit
2024-12-14 10:22:52,360 [root] DEBUG: 	 |-- PersistenceRDPRegistry
2024-12-14 10:22:52,360 [root] DEBUG: 	 |-- PersistenceRDPShadowing
2024-12-14 10:22:52,360 [root] DEBUG: 	 |-- PersistenceService
2024-12-14 10:22:52,360 [root] DEBUG: 	 |-- PersistenceShimDatabase
2024-12-14 10:22:52,360 [root] DEBUG: 	 |-- PowerpoolMutexes
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- PowerShellNetworkConnection
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- PowerShellScriptBlockLogging
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- PowershellCommandSuspicious
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- PowershellDownload
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- PowershellRenamed
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- PowershellRequest
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- PowershellReversed
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- PowershellVariableObfuscation
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- PreventsSafeboot
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- CmdlineProcessDiscovery
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- CreateToolhelp32SnapshotProcessModuleEnumeration
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- EnumeratesRunningProcesses
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- ProcessInterest
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- ProcessNeeded
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- MassDataEncryption
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- CryptoMixMutexes
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- DharmaMutexes
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- RansomwareDMALocker
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- RansomwareExtensions
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- RansomwareFileModifications
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- RansomwareFiles
2024-12-14 10:22:52,361 [root] DEBUG: 	 |-- FonixMutexes
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- GandCrabMutexes
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- GermanWiperMutexes
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- MedusaLockerMutexes
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- MedusaLockerRegkeys
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- RansomwareMessage
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- NemtyMutexes
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- NemtyNetworkActivity
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- NemtyNote
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- NemtyRegkeys
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- PYSAMutexes
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- RansomwareRadamant
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- RansomwareRecyclebin
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- RevilMutexes
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- RevilRegkey
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- SatanMutexes
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- SnakeRansomMutexes
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- sodinokibi
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- StopRansomMutexes
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- StopRansomwareCMD
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- StopRansomwareRegistry
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- BeebusMutexes
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- BlackNETMutexes
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- BlackRATAPIs
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- BlackRATMutexes
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- BlackRATNetworkActivity
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- BlackRATRegistryKeys
2024-12-14 10:22:52,362 [root] DEBUG: 	 |-- CRATMutexes
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- DCRatAPIs
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- DCRatFiles
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- DCRatMutex
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- FynloskiMutexes
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- KaraganyEventObjects
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- KaraganyFiles
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- LimeRATMutexes
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- LimeRATRegkeys
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- LodaRATFileBehavior
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- LuminosityRAT
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- ModiRATBehavior
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- NanocoreRAT
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- netwire
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- NjratRegkeys
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- ObliquekRATFiles
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- ObliquekRATMutexes
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- ObliquekRATNetworkActivity
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- OrcusRAT
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- ParallaxMutexes
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- PcClientMutexes
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- PlugxMutexes
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- PoisonIvyMutexes
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- QuasarMutexes
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- RatsnifMutexes
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- SennaMutexes
2024-12-14 10:22:52,363 [root] DEBUG: 	 |-- SpynetRat
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- TrochilusRATAPIs
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- VenomRAT
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- WarzoneRATFiles
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- WarzoneRATRegkeys
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- XpertRATFiles
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- XpertRATMutexes
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- XtremeMutexes
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- ReadsSelf
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- Recon_Beacon
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- Fingerprint
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- InstalledApps
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- SystemInfo
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- Accesses_RecycleBin
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- RemcosFiles
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- RemcosMutexes
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- RemcosRegkeys
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- RDPTCPKey
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- UsesRDPClip
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- UsesRemoteDesktopSession
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- RemovesNetworkingIcon
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- RemovesPinnedPrograms
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- RemovesSecurityAndMaintenanceIcon
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- RemovesStartMenuDefaults
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- RemovesUsernameStartMenu
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- RemovesZoneIdADS
2024-12-14 10:22:52,364 [root] DEBUG: 	 |-- SpicyHotPotBehavior
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- ScriptCreatedProcess
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- ScriptNetworkActvity
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- SuspiciousJSScript
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- JavaScriptTimer
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- Secure_Login_Phish
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- SecurityXploded_Modules
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- GetClipboardData
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- SetsAutoconfigURL
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- InstallsWinpcap
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- SpoofsProcname
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- CreatesAutorunInf
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- StackPivot
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- StackPivotFileCreated
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- StackPivotProcessCreate
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- StealingClipboardData
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- StealthChildProc
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- StealthFile
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- StealthHiddenExtension
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- StealthHiddenReg
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- StealthHideNotifications
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- StealthSystemProcName
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- StealthTimeout
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- StealthWebHistory
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- Hidden_Window
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- sysinternals_psexec
2024-12-14 10:22:52,365 [root] DEBUG: 	 |-- sysinternals_tools
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- QueriesKeyboardLayout
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- TampersETW
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- LSATampering
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- TampersPowerShellLogging
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- Flame
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- TerminatesRemoteProcess
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- TerritorialDisputeSIGs
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- TrickBotTaskDelete
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- TrickBotMutexes
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- FleerCivetMutexes
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- LokibotMutexes
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- UrsnifBehavior
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- UpatreFiles
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- UpatreMutexes
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- UserEnum
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- ADFind
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- UsesMSProtocol
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- Virus
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- NeshtaFiles
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- NeshtaMutexes
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- NeshtaRegKeys
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- RenamerMutexes
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- Webmail_Phish
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- OWAWebShellFiles
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- WebShellFiles
2024-12-14 10:22:52,366 [root] DEBUG: 	 |-- WebShellProcesses
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- PersistsDotNetDevUtility
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- SpwansDotNetDevUtiliy
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- AltersWindowsUtility
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- DotNETCSCBuild
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- MultipleExplorerInstances
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- OverwritesAccessibilityUtility
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- ScriptToolExecuted
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- SuspiciousCertutilUse
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- SuspiciousCommandTools
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- SuspiciousMpCmdRunUse
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- SuspiciousPingUse
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- UsesPowerShellCopyItem
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- UsesWindowsUtilities
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- UsesWindowsUtilitiesAppCmd
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- UsesWindowsUtilitiesCSVDELDFIDE
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- UsesWindowsUtilitiesCipher
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- UsesWindowsUtilitiesClickOnce
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- UsesWindowsUtilitiesCurl
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- UsesWindowsUtilitiesDSQuery
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- UsesWindowsUtilitiesEsentutl
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- UsesWindowsUtilitiesFinger
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- UsesWindowsUtilitiesMode
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- UsesWindowsUtilitiesNTDSutil
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- UsesWindowsUtilitiesNltest
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- UsesWindowsUtilitiesScheduler
2024-12-14 10:22:52,367 [root] DEBUG: 	 |-- UsesWindowsUtilitiesXcopy
2024-12-14 10:22:52,368 [root] DEBUG: 	 |-- WMICCommandSuspicious
2024-12-14 10:22:52,368 [root] DEBUG: 	 |-- WiperZeroedBytes
2024-12-14 10:22:52,368 [root] DEBUG: 	 |-- ScrconsWMIScriptConsumer
2024-12-14 10:22:52,368 [root] DEBUG: 	 |-- WMICreateProcess
2024-12-14 10:22:52,368 [root] DEBUG: 	 |-- WMIScriptProcess
2024-12-14 10:22:52,368 [root] DEBUG: 	 |-- Win32ProcessCreate
2024-12-14 10:22:52,368 [root] DEBUG: 	 |-- AllapleMutexes
2024-12-14 10:22:52,368 [root] DEBUG: 	 |-- LinuxDeletesFiles
2024-12-14 10:22:52,368 [root] DEBUG: 	 |-- LinuxDropsFiles
2024-12-14 10:22:52,368 [root] DEBUG: 	 |-- LinuxReadsFiles
2024-12-14 10:22:52,368 [root] DEBUG: 	 `-- LinuxWritesFiles
2024-12-14 10:22:52,368 [root] DEBUG: Imported "reporting" modules:
2024-12-14 10:22:52,368 [root] DEBUG: 	 |-- BinGraph
2024-12-14 10:22:52,368 [root] DEBUG: 	 |-- CAPASummary
2024-12-14 10:22:52,368 [root] DEBUG: 	 |-- JsonDump
2024-12-14 10:22:52,368 [root] DEBUG: 	 |-- MongoDB
2024-12-14 10:22:52,368 [root] DEBUG: 	 `-- PCAP2CERT
2024-12-14 10:22:52,368 [root] DEBUG: Imported "feeds" modules:
2024-12-14 10:22:52,368 [root] DEBUG: 	 `-- AbuseCH_SSL
2024-12-14 10:22:52,368 [root] DEBUG: Imported "machinery" modules:
2024-12-14 10:22:52,368 [root] DEBUG: 	 `-- Physical
2024-12-14 10:22:52,368 [Task 23] [root] DEBUG: Processing task
2024-12-14 10:22:52,378 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "CAPE" on analysis at "/opt/CAPEv2/storage/analyses/23"
2024-12-14 10:22:52,571 [Task 23] [lib.cuckoo.common.objects] DEBUG: file type set using basic heuristics for: /opt/CAPEv2/storage/binaries/33b4fd9d1dd032c56f0e2d74d609db74a04a3190eb45cd07f277f5efca7abe23
2024-12-14 10:22:52,571 [Task 23] [lib.cuckoo.common.objects] DEBUG: Initializing Yara...
2024-12-14 10:22:52,644 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries AutoIT.yar
2024-12-14 10:22:52,645 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries EcrimePackerStub.yar
2024-12-14 10:22:52,645 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries Generic_Phishing_PDF.yar
2024-12-14 10:22:52,645 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries HTMLPhisher_2023.yar
2024-12-14 10:22:52,645 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries HeavensGate.yar
2024-12-14 10:22:52,645 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries IEuser_author_doc.yar
2024-12-14 10:22:52,645 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries ISO_exec.yar
2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries LNK_Ruleset.yar
2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries MalScript_Tricks.yar
2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries Maldoc_PDF.yar
2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries OLEfile_in_CAD_FAS_LSP.yar
2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries OneNote.yar
2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries RoyalRoad_RTF.yar
2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries Themida.yar
2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries VMProtectStub.yar
2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries Webshell_in_image.yar
2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries embedded.yar
2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries indicator_packed.yar
2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries indicator_suspicious.yar
2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries indicator_tools.yar
2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries oAuth_Phishing_PDF.yar
2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries ole_vba.yar
2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries shellcodes.yar
2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries susp_obfuscated_JS.yar
2024-12-14 10:22:52,647 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- binaries vmdetect.yar
2024-12-14 10:22:52,672 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory Exploit_HT_Flash_Vars.yar
2024-12-14 10:22:52,672 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory Exploit_HT_VRename.yar
2024-12-14 10:22:52,672 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory adgholas.yar
2024-12-14 10:22:52,672 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory angler.yar
2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory astrum.yar
2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory cve_2013_2551.yar
2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory cve_2014_0515.yar
2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory cve_2014_0569.yar
2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory cve_2014_6332.yar
2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory cve_2015_0016.yar
2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory cve_2015_2419.yar
2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory cve_2015_2545.yar
2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory cve_2015_5122.yar
2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory cve_2016_0189.yar
2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory cve_2016_3298.yar
2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory darkcomet.yar
2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory eitest.yar
2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory flash_exploits.yar
2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory kazybot.yar
2024-12-14 10:22:52,674 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory neutrino.yar
2024-12-14 10:22:52,674 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory nuclear.yar
2024-12-14 10:22:52,674 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory rig.yar
2024-12-14 10:22:52,674 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory shellcodes.yar
2024-12-14 10:22:52,674 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- memory sundown.yar
2024-12-14 10:22:52,748 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE A310Logger.yar
2024-12-14 10:22:52,749 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE AAR.yar
2024-12-14 10:22:52,749 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE APT27.yar
2024-12-14 10:22:52,749 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ARCrypt.yar
2024-12-14 10:22:52,749 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE AbubasbanditBot.yar
2024-12-14 10:22:52,749 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE AcidRain.yar
2024-12-14 10:22:52,749 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ActionRAT.yar
2024-12-14 10:22:52,749 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Adfind.yar
2024-12-14 10:22:52,749 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Adzok.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE AgentRacoon.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE AgentTesla.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE AgnianeStealer.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Agrius.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Akira.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Alfonso.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE AlienCrypter.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE AlienSpy.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Alkhal.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE AllaKore.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Amadey.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Andromeda.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Ap0calypse.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Apocalypse.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Arcom.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Arechclient2.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Arkei.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ArrowRAT.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Aspire.yar
2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE AsyncRAT.yar
2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Atlas.yar
2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Aurora.yar
2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE AuroraStealer.yar
2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Avaddon.yar
2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Avalon.yar
2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE AvosLocker.yar
2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Azer.yar
2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Azorult.yar
2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BACKSPACE.yar
2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BHunt.yar
2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Babuk.yar
2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BackNet.yar
2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BackOffLoader.yar
2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BackOffPOS.yar
2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BadJoke.yar
2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BadRabbit.yar
2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Bagle.yar
2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Baldr.yar
2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Bandit.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Bandook.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Banload.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Bazar.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BazarLoader.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BazarLoaderNim.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Beastdoor.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BetaBot.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BioPass.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BitCoinGrabber.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BitPaymer.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BitRAT.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BitterRAT.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BlackByte.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BlackByteGo.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BlackCat.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BlackDropper.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BlackHunt.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BlackMatter.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BlackNET.yar
2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BlackNix.yar
2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BlackShades.yar
2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BlackshadesRAT.yar
2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BlankStealer.yar
2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Blister.yar
2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BlitzGrabber.yar
2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BlueBanana.yar
2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BlueBot.yar
2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Bobik.yar
2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BoxCaon.yar
2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Bozok.yar
2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BrbBot.yar
2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BreakStaf.yar
2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BreakWin.yar
2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BroEx.yar
2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BruteRatel.yar
2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BuerLoader.yar
2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE BumbleBee.yar
2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Buran.yar
2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ButeRAT.yar
2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE CRAT.yar
2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Caliber.yar
2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Carbanak.yar
2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE CargoBayLoader.yar
2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE CasperTroy.yar
2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Cerber.yar
2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ChChes.yar
2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ChaChaDDoS.yar
2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Chaos.yar
2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Chinotto.yar
2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Chuwi.yar
2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ClientMesh.yar
2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ClipBanker.yar
2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Clop.yar
2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE CobaltStrikeBeacon.yar
2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE CobaltStrikeStager.yar
2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE CobianRAT.yar
2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Codoso.yar
2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE CoinMiners.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE CoinMiningBot.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE CommonMagic.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Confucius_B.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Conti.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE CookieStealer.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE CoreBot.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Covenant.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE CrimsonRAT.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Crown.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE CryLock.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE CryptBot.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE CryptoLocker.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE CryptoStealerGo.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Cryptoshield.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Cuba.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Cutlet.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE CyberGate.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE CyberStealer.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DCRat.yar
2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DECAF.yar
2024-12-14 10:22:52,756 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DTstealer.yar
2024-12-14 10:22:52,756 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DanaBot.yar
2024-12-14 10:22:52,756 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DarkCloud.yar
2024-12-14 10:22:52,756 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DarkComet.yar
2024-12-14 10:22:52,756 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DarkEye.yar
2024-12-14 10:22:52,756 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DarkGate.yar
2024-12-14 10:22:52,756 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DarkRAT.yar
2024-12-14 10:22:52,756 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DarksideV1.yar
2024-12-14 10:22:52,756 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DeathRansom.yar
2024-12-14 10:22:52,756 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DecryptMyFiles.yar
2024-12-14 10:22:52,756 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DeepRats.yar
2024-12-14 10:22:52,756 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Dharma.yar
2024-12-14 10:22:52,756 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Diavol.yar
2024-12-14 10:22:52,756 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DiscoNightClub.yar
2024-12-14 10:22:52,756 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DoejoCrypt.yar
2024-12-14 10:22:52,756 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DoomedLoader.yar
2024-12-14 10:22:52,756 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DoppelPaymer.yar
2024-12-14 10:22:52,756 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Downloaders.yar
2024-12-14 10:22:52,756 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Dreambot.yar
2024-12-14 10:22:52,757 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Dridex.yar
2024-12-14 10:22:52,757 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DridexLoader.yar
2024-12-14 10:22:52,757 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DridexV4.yar
2024-12-14 10:22:52,757 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE DuckTail.yar
2024-12-14 10:22:52,757 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Duke.yar
2024-12-14 10:22:52,757 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Echelon.yar
2024-12-14 10:22:52,757 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Egregor.yar
2024-12-14 10:22:52,757 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Ekans.yar
2024-12-14 10:22:52,757 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Emotet.yar
2024-12-14 10:22:52,757 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE EmotetLoader.yar
2024-12-14 10:22:52,757 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Enfal.yar
2024-12-14 10:22:52,757 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE EnigmaStub.yar
2024-12-14 10:22:52,757 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE EpicenterRAT.yar
2024-12-14 10:22:52,757 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Epsilon.yar
2024-12-14 10:22:52,757 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE EspioLoader.yar
2024-12-14 10:22:52,757 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE EternalRomance.yar
2024-12-14 10:22:52,757 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE EvilGrab.yar
2024-12-14 10:22:52,757 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ExMatter.yar
2024-12-14 10:22:52,757 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Exaramel.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ExpressCMS.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE FYAnti.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Fabookie.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE FakeWMI.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Fareit.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Farfli.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE FatalRAT.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Fiber.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Ficker.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE FirebirdRAT.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Flagpro.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE FloodFix.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE FoggyWeb.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Fonix.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Formbook.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Foxgrabber.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE FujinamaRAT.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE G0Crypt.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE GDriveRAT.yar
2024-12-14 10:22:52,758 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Gandcrab.yar
2024-12-14 10:22:52,759 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE GarrantDecrypt.yar
2024-12-14 10:22:52,759 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Gasket.yar
2024-12-14 10:22:52,759 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Gaudox.yar
2024-12-14 10:22:52,759 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Gelsemium.yar
2024-12-14 10:22:52,759 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE GetCrypt.yar
2024-12-14 10:22:52,759 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE GhostEmperor.yar
2024-12-14 10:22:52,759 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE GloomaneStealer.yar
2024-12-14 10:22:52,759 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE GoBrut.yar
2024-12-14 10:22:52,759 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Godzilla.yar
2024-12-14 10:22:52,759 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE GoldenAxe.yar
2024-12-14 10:22:52,759 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE GoldenSpy.yar
2024-12-14 10:22:52,759 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Gootkit.yar
2024-12-14 10:22:52,759 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE GraphicalProton.yar
2024-12-14 10:22:52,759 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE GravityRAT.yar
2024-12-14 10:22:52,759 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Greame.yar
2024-12-14 10:22:52,759 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE GreetingGhoul.yar
2024-12-14 10:22:52,760 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Grum.yar
2024-12-14 10:22:52,760 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Guidlma.yar
2024-12-14 10:22:52,760 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Guloader.yar
2024-12-14 10:22:52,760 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Gulpix.yar
2024-12-14 10:22:52,760 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE HDLocker.yar
2024-12-14 10:22:52,760 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE HakunaMatata.yar
2024-12-14 10:22:52,760 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Hancitor.yar
2024-12-14 10:22:52,760 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE HawkEye.yar
2024-12-14 10:22:52,760 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE HawkEyeV9.yar
2024-12-14 10:22:52,760 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Hello.yar
2024-12-14 10:22:52,760 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Heracles.yar
2024-12-14 10:22:52,760 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Hermes.yar
2024-12-14 10:22:52,760 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE HiddenVNC.yar
2024-12-14 10:22:52,760 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE HiddenWasp.yar
2024-12-14 10:22:52,760 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Hive.yar
2024-12-14 10:22:52,760 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE HorusEyesRAT.yar
2024-12-14 10:22:52,760 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE HttpBrowser.yar
2024-12-14 10:22:52,760 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE HyperBro.yar
2024-12-14 10:22:52,760 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE IAmTheKing.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE IAmTheKingKeylogger.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE IAmTheKingKingOfHearts.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE IAmTheKingQueenOfClubs.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE IAmTheKingQueenOfHearts.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE IAmTheKingScrCap.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE IRCBot.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ISRStealer.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE IcedID.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE IcedIDLoader.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Imminent.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Impacket.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Infinity.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE InfinityLock.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE InvalidPrinter.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE JSSLoader.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Jaff.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE JanelaRAT.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE JavaDropper.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE JennLog.yar
2024-12-14 10:22:52,761 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE JesterStealer.yar
2024-12-14 10:22:52,762 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE JoeGo.yar
2024-12-14 10:22:52,762 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Jupyter.yar
2024-12-14 10:22:52,762 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE KPortScan.yar
2024-12-14 10:22:52,762 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Karagany.yar
2024-12-14 10:22:52,762 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Karkoff.yar
2024-12-14 10:22:52,762 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE KdcSponge.yar
2024-12-14 10:22:52,762 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE KeyBase.yar
2024-12-14 10:22:52,762 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Khonsari.yar
2024-12-14 10:22:52,762 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE KillMBR.yar
2024-12-14 10:22:52,762 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Kimsuky.yar
2024-12-14 10:22:52,762 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Kinsing.yar
2024-12-14 10:22:52,762 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Kitty.yar
2024-12-14 10:22:52,762 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE KlingonRAT.yar
2024-12-14 10:22:52,762 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE KoadicBAT.yar
2024-12-14 10:22:52,762 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE KoadicDOC.yar
2024-12-14 10:22:52,762 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE KoadicJS.yar
2024-12-14 10:22:52,762 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE KoiLoader.yar
2024-12-14 10:22:52,762 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Konni.yar
2024-12-14 10:22:52,762 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Kovter.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Koxic.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Kpot.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE KrakenStealer.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Kronos.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Kutaki.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE LCPDot.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE LOLKEK.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE LaZagne.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE LapLas.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE LastConn.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Latrodectus.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Laturo.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE LegionLocker.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Leivion.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE LilithRAT.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE LimeRAT.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE LockDown.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE LockFile.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Lockbit.yar
2024-12-14 10:22:52,763 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Locked.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Locky.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE LokiBot.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE LokiLocker.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Lorenz.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE LostDoor.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Lu0Bot.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE LuminosityLink.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Lumma.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE LuxNet.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE M00nD3v.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE MB150.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Macoute.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Magniber.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Maktub.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Mangzamel.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE MargulasRAT.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE MarkiRAT.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE MassLogger.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE MatanbuchusLoader.yar
2024-12-14 10:22:52,764 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Matiex.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Maze.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE MediaPI.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE MedusaLocker.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE MegaCortex.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Megumin.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Mercurial.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Meteorite.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Meterpreter.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Milan.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Mimikatz.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE MiniTor.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE MoDiRAT.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ModiLoader.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Mole.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Motocos.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE MountLocker.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Mystic.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE NGLite.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE NLBrute.yar
2024-12-14 10:22:52,765 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE NPPSpy.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE NWorm.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE NanoCore.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE NanoLocker.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Nefilim.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Nemty.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Neptune.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Nermer.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Neshta.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE NetSupport.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE NetTraveler.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE NetWire.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Neteagle.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Netwalker.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Nighthawk.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Niribu.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Nitol.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Nitro.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE NitrogenLoader.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Njrat.yar
2024-12-14 10:22:52,766 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Nodachi.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ObliqueRAT.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Octopus.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE OnlyLogger.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE OrcaRAT.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE OrcusRAT.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Origin.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Orion.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Osno.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Owowa.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Oyster.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE OzoneRAT.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PCRat.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PLEAD.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PWSHCUMII.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PYSA.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Pafish.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PandaStealer.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Pandora.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Paradox.yar
2024-12-14 10:22:52,767 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Parallax.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PatchWork.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PetrWrap.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Petya.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PhemedroneStealer.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Phobos.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Phoenix.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Phorpiex.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PikaBot.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PillowMint.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PingBack.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PirateStealer.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Plasma.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Plurox.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PoisonIvy.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Polar.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PoshKeylogger.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Poullight.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PovertyStealer.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PowerPool.yar
2024-12-14 10:22:52,768 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PredatorPain.yar
2024-12-14 10:22:52,769 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ProLock.yar
2024-12-14 10:22:52,769 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Prometei.yar
2024-12-14 10:22:52,769 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ProtonBot.yar
2024-12-14 10:22:52,769 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Prynt.yar
2024-12-14 10:22:52,769 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Punisher.yar
2024-12-14 10:22:52,769 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PureLoader.yar
2024-12-14 10:22:52,769 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Purge.yar
2024-12-14 10:22:52,769 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PurpleWave.yar
2024-12-14 10:22:52,769 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Pyrogenic.yar
2024-12-14 10:22:52,769 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE PythoRAT.yar
2024-12-14 10:22:52,769 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE QRat.yar
2024-12-14 10:22:52,769 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE QakBot.yar
2024-12-14 10:22:52,769 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE QiwxxRAT.yar
2024-12-14 10:22:52,769 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE QnapCrypt.yar
2024-12-14 10:22:52,769 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Quantum.yar
2024-12-14 10:22:52,769 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE QuasarRAT.yar
2024-12-14 10:22:52,769 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE QuasarStealer.yar
2024-12-14 10:22:52,769 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Quickbind.yar
2024-12-14 10:22:52,769 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE QuilClipper.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE QuiteRAT.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Qulab.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE R77.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RCSession.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RDPWrap.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE REvil.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RHttpCtrl.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Raccoon.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RageStealer.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RagnarLocker.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Ramnit.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RansomEXX.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RanumBot.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RanzyLocker.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Rapid.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Rasftuby.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Ratty.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RedLeaf.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RedLine.yar
2024-12-14 10:22:52,770 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Redsip.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Remcos.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RemoteUtilitiesRAT.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Renamer.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Responder.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Retefe.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RevCodeRAT.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RevengeRAT.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ReverseRAT.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Rhadamanthys.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Rhysida.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Rietspoof.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RisePro.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Robbinhood.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RokRat.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RomCom.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RootTeamStealer.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Rozena.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Rsjon.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RunningRAT.yar
2024-12-14 10:22:52,771 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RustyBuer.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE RustyStealer.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Ryuk.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE S05Kitty.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SNAKEImplant.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE STEALDEAL.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE STOP.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Salfram.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SapphireStealer.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Satan.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Satana.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Scarab.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SectopRAT.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Sedreco.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Seduploader.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Sfile.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ShadowTech.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SideWalk.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SilentMoon.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Simda.yar
2024-12-14 10:22:52,772 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SimplePacker.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SlackBot.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SlothfulMedia.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SmallNet.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SmokeLoader.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Sn0wLogger.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Snake.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Snatch.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Socks5Systemz.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SoftCNApp.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SolarMarker.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SoranoStealer.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Spacecolon.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SparkRAT.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Spectre.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SpyEye.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SpyGate.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Spyro.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SquirrelWaffle.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Stealc.yar
2024-12-14 10:22:52,773 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Stealerium.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SteamHook.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE StormKitty.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE StrelaStealer.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE StrifeWater.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE StrongPity.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Strrat.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Sub7Nation.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SunCrypt.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SunShuttle.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Surtr.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SweetyStealer.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE SystemBC.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE T5000.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE TClient.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE TJKeylogger.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE TManager.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE TOITOIN.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE TRAT.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE TSCookie.yar
2024-12-14 10:22:52,774 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE TWarBot.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE TYRAT.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Taidoor.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Tardigrade.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Taurus.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Tefosteal.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE TeslaRevenge.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Thanos.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE TigerRAT.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE TimeTime.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Tofsee.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Tomiris.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Torisma.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ToxicEye.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE TreasureHunter.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE TrickBot.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE TrickbotModule.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE TrueBot.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Turian.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE UDPRat.yar
2024-12-14 10:22:52,775 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE UNKInfostealer.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE UltraSurf.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE UmbralStealer.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Underground.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Unicorn.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE UnlockYourFiles.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Unrecom.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Ursnif.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE UrsnifV3.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE VSSDestroy.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE VanillaRAT.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Varenyky.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE VenomRAT.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Vertex.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Vidar.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE VirLock.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE VirusRat.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Vovalex.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Vulturi.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE W1RAT.yar
2024-12-14 10:22:52,776 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE WCE.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE WSHRAT.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE WanaCry.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Warezov.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE WarzoneRAT.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE WellMess.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE WhiffyRecon.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE WinDealer.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE WinGo.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE WobbyChipMBR.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE WorldWind.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE XFiles.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE XWorm.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE XenoRAT.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE XiaoBa.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE XorStringsNET.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Xorist.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE XpertRAT.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Xtreme.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ZXShell.yar
2024-12-14 10:22:52,777 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Zegost.yar
2024-12-14 10:22:52,778 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Zeoticus.yar
2024-12-14 10:22:52,778 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Zeppelin.yar
2024-12-14 10:22:52,778 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ZeroT.yar
2024-12-14 10:22:52,778 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ZeusPanda.yar
2024-12-14 10:22:52,778 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Ziggy.yar
2024-12-14 10:22:52,778 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE Zloader.yar
2024-12-14 10:22:52,778 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE ZombieBoy.yar
2024-12-14 10:22:52,778 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE adWind.yar
2024-12-14 10:22:52,778 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE iTranslator.yar
2024-12-14 10:22:52,778 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE jRat.yar
2024-12-14 10:22:52,778 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE xRAT.yar
2024-12-14 10:22:52,778 [Task 23] [lib.cuckoo.common.objects] DEBUG: 	 |-- CAPE zgRAT.yar
2024-12-14 10:22:54,971 [Task 23] [lib.cuckoo.common.integrations.virustotal] ERROR: VT: Request failed
2024-12-14 10:22:55,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "AnalysisInfo" on analysis at "/opt/CAPEv2/storage/analyses/23"
2024-12-14 10:22:55,270 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Processing module autoruns not found in configuration file
2024-12-14 10:22:55,270 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "BehaviorAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/23"
2024-12-14 10:22:55,273 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Debug" on analysis at "/opt/CAPEv2/storage/analyses/23"
2024-12-14 10:22:55,274 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "NetworkAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/23"
2024-12-14 10:22:55,307 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Suricata" on analysis at "/opt/CAPEv2/storage/analyses/23"
2024-12-14 10:22:55,358 [Task 23] [modules.processing.suricata] DEBUG: pcapfile list: {'message': {'count': 0, 'files': []}, 'return': 'OK'} current pcap: {'message': '/opt/CAPEv2/storage/analyses/23/dump.pcap', 'return': 'OK'}
2024-12-14 10:23:00,363 [Task 23] [modules.processing.suricata] DEBUG: pcapfile list: {'message': {'count': 0, 'files': []}, 'return': 'OK'} current pcap: {'message': 'None', 'return': 'OK'}
2024-12-14 10:23:00,363 [Task 23] [modules.processing.suricata] DEBUG: Pcap not in list and not current pcap lets assume it's processed
2024-12-14 10:23:00,365 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "UrlAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/23"
2024-12-14 10:23:00,366 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "script_log_processing" on analysis at "/opt/CAPEv2/storage/analyses/23"
2024-12-14 10:23:00,366 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "ProcessMemory" on analysis at "/opt/CAPEv2/storage/analyses/23"
2024-12-14 10:23:00,402 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Applying signature overlays for signatures: creates_exe
2024-12-14 10:23:00,406 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running 256 evented signatures
2024-12-14 10:23:00,407 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- packer_themida
2024-12-14 10:23:00,407 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- stealth_network
2024-12-14 10:23:00,407 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- anomalous_deletefile
2024-12-14 10:23:00,407 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antiav_360_libs
2024-12-14 10:23:00,407 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antiav_ahnlab_libs
2024-12-14 10:23:00,407 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antiav_avast_libs
2024-12-14 10:23:00,407 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antiav_bitdefender_libs
2024-12-14 10:23:00,408 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antiav_bullgaurd_libs
2024-12-14 10:23:00,408 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antiav_emsisoft_libs
2024-12-14 10:23:00,408 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antiav_qurb_libs
2024-12-14 10:23:00,408 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antiav_servicestop
2024-12-14 10:23:00,408 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antidebug_addvectoredexceptionhandler
2024-12-14 10:23:00,408 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antiav_apioverride_libs
2024-12-14 10:23:00,408 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antidebug_checkremotedebuggerpresent
2024-12-14 10:23:00,408 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antidebug_debugactiveprocess
2024-12-14 10:23:00,408 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antidebug_gettickcount
2024-12-14 10:23:00,408 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antidebug_guardpages
2024-12-14 10:23:00,409 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antidebug_ntcreatethreadex
2024-12-14 10:23:00,409 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antiav_nthookengine_libs
2024-12-14 10:23:00,409 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antidebug_ntsetinformationthread
2024-12-14 10:23:00,409 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antidebug_outputdebugstring
2024-12-14 10:23:00,409 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antidebug_setunhandledexceptionfilter
2024-12-14 10:23:00,409 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antidebug_windows
2024-12-14 10:23:00,409 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antiemu_wine_func
2024-12-14 10:23:00,409 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antisandbox_check_userdomain
2024-12-14 10:23:00,409 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antisandbox_cuckoo
2024-12-14 10:23:00,409 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antisandbox_cuckoocrash
2024-12-14 10:23:00,410 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antisandbox_foregroundwindows
2024-12-14 10:23:00,410 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antisandbox_mouse_hook
2024-12-14 10:23:00,410 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antisandbox_restart
2024-12-14 10:23:00,410 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antisandbox_sboxie_libs
2024-12-14 10:23:00,410 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antisandbox_sboxie_objects
2024-12-14 10:23:00,410 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antisandbox_script_timer
2024-12-14 10:23:00,410 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antisandbox_sleep
2024-12-14 10:23:00,410 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antisandbox_sunbelt_libs
2024-12-14 10:23:00,410 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antisandbox_suspend
2024-12-14 10:23:00,410 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antisandbox_unhook
2024-12-14 10:23:00,411 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antivm_directory_objects
2024-12-14 10:23:00,411 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antivm_generic_disk
2024-12-14 10:23:00,411 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antivm_generic_disk_setupapi
2024-12-14 10:23:00,411 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antivm_generic_scsi
2024-12-14 10:23:00,411 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antivm_generic_services
2024-12-14 10:23:00,411 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antivm_generic_system
2024-12-14 10:23:00,411 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antivm_checks_available_memory
2024-12-14 10:23:00,411 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antivm_network_adapters
2024-12-14 10:23:00,411 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antivm_vbox_libs
2024-12-14 10:23:00,411 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antivm_vbox_provname
2024-12-14 10:23:00,411 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antivm_vbox_window
2024-12-14 10:23:00,412 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antivm_vmware_events
2024-12-14 10:23:00,412 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- antivm_vmware_libs
2024-12-14 10:23:00,412 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- api_spamming
2024-12-14 10:23:00,412 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- api_uuidfromstringa
2024-12-14 10:23:00,412 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- banker_prinimalka
2024-12-14 10:23:00,412 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- bcdedit_command
2024-12-14 10:23:00,412 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- bootkit
2024-12-14 10:23:00,412 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- potential_overwrite_mbr
2024-12-14 10:23:00,412 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- suspicious_ioctl_scsipassthough
2024-12-14 10:23:00,412 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- browser_needed
2024-12-14 10:23:00,412 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- browser_scanbox
2024-12-14 10:23:00,413 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- firefox_disables_process_tab
2024-12-14 10:23:00,413 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- regsvr32_squiblydoo_dll_load
2024-12-14 10:23:00,413 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- uac_bypass_cmstp
2024-12-14 10:23:00,413 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- uac_bypass_eventvwr
2024-12-14 10:23:00,413 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- clickfraud_cookies
2024-12-14 10:23:00,413 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- clickfraud_volume
2024-12-14 10:23:00,413 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- dotnet_code_compile
2024-12-14 10:23:00,413 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- creates_largekey
2024-12-14 10:23:00,413 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- creates_nullvalue
2024-12-14 10:23:00,413 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- lsass_credential_dumping
2024-12-14 10:23:00,414 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- critical_process
2024-12-14 10:23:00,414 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- generates_crypto_key
2024-12-14 10:23:00,414 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- cryptopool_domains
2024-12-14 10:23:00,414 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- cve_2014_6332
2024-12-14 10:23:00,414 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- cve_2015_2419_js
2024-12-14 10:23:00,414 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- cve_2016-0189
2024-12-14 10:23:00,414 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- cve_2016_7200
2024-12-14 10:23:00,414 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- dead_connect
2024-12-14 10:23:00,414 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- dead_link
2024-12-14 10:23:00,414 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- debugs_self
2024-12-14 10:23:00,415 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- decoy_document
2024-12-14 10:23:00,415 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- decoy_image
2024-12-14 10:23:00,415 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- deletes_self
2024-12-14 10:23:00,415 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- deletes_shadow_copies
2024-12-14 10:23:00,415 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- deletes_system_state_backup
2024-12-14 10:23:00,415 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- dep_bypass
2024-12-14 10:23:00,415 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- dep_disable
2024-12-14 10:23:00,415 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- disables_mappeddrives_autodisconnect
2024-12-14 10:23:00,415 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- disables_spdy
2024-12-14 10:23:00,415 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- disables_wfp
2024-12-14 10:23:00,415 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- dll_load_uncommon_file_types
2024-12-14 10:23:00,416 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- document_script_exe_drop
2024-12-14 10:23:00,416 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- guloader_apis
2024-12-14 10:23:00,416 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- driver_load
2024-12-14 10:23:00,416 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- exe_dropper_js
2024-12-14 10:23:00,416 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- dynamic_function_loading
2024-12-14 10:23:00,416 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- encrypted_ioc
2024-12-14 10:23:00,416 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- exec_crash
2024-12-14 10:23:00,416 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- process_creation_suspicious_location
2024-12-14 10:23:00,416 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- exploit_getbasekerneladdress
2024-12-14 10:23:00,416 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- exploit_gethaldispatchtable
2024-12-14 10:23:00,416 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- exploit_heapspray
2024-12-14 10:23:00,417 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- koadic_apis
2024-12-14 10:23:00,417 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- koadic_network_activity
2024-12-14 10:23:00,417 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- downloads_from_filehosting
2024-12-14 10:23:00,417 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- generic_phish
2024-12-14 10:23:00,417 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- http_request
2024-12-14 10:23:00,417 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- infostealer_browser
2024-12-14 10:23:00,417 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- infostealer_browser_password
2024-12-14 10:23:00,417 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- infostealer_cookies
2024-12-14 10:23:00,417 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- cryptbot_network
2024-12-14 10:23:00,417 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- infostealer_keylog
2024-12-14 10:23:00,418 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- masslogger_artifacts
2024-12-14 10:23:00,418 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- masslogger_version
2024-12-14 10:23:00,418 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- purplewave_network_activity
2024-12-14 10:23:00,418 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- quilclipper_behavior
2024-12-14 10:23:00,418 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- raccoon_behavior
2024-12-14 10:23:00,418 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- captures_screenshot
2024-12-14 10:23:00,418 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- vidar_behavior
2024-12-14 10:23:00,418 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- injection_createremotethread
2024-12-14 10:23:00,418 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- injection_explorer
2024-12-14 10:23:00,418 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- injection_needextension
2024-12-14 10:23:00,419 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- injection_network_traffic
2024-12-14 10:23:00,419 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- injection_runpe
2024-12-14 10:23:00,419 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- injection_rwx
2024-12-14 10:23:00,419 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- injection_themeinitapihook
2024-12-14 10:23:00,419 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- internet_dropper
2024-12-14 10:23:00,419 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- ipc_namedpipe
2024-12-14 10:23:00,419 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- js_phish
2024-12-14 10:23:00,419 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- js_suspicious_redirect
2024-12-14 10:23:00,419 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- malicious_dynamic_function_loading
2024-12-14 10:23:00,419 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- encrypt_pcinfo
2024-12-14 10:23:00,420 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- encrypt_data_agenttesla_http
2024-12-14 10:23:00,420 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- encrypt_data_agentteslat2_http
2024-12-14 10:23:00,420 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- encrypt_data_nanocore
2024-12-14 10:23:00,420 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- mimics_agent
2024-12-14 10:23:00,420 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- mimics_filetime
2024-12-14 10:23:00,420 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- quilclipper_behavior
2024-12-14 10:23:00,420 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- modify_desktop_wallpaper
2024-12-14 10:23:00,420 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- modify_zoneid_ads
2024-12-14 10:23:00,420 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- move_file_on_reboot
2024-12-14 10:23:00,420 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- multiple_useragents
2024-12-14 10:23:00,420 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_anomaly
2024-12-14 10:23:00,421 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_bind
2024-12-14 10:23:00,421 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_cnc_https_archive
2024-12-14 10:23:00,421 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_cnc_https_free_webshoting
2024-12-14 10:23:00,421 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_cnc_https_generic
2024-12-14 10:23:00,421 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_cnc_https_temp_urldns
2024-12-14 10:23:00,421 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_cnc_https_opensource
2024-12-14 10:23:00,421 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_cnc_https_pastesite
2024-12-14 10:23:00,421 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_cnc_https_payload
2024-12-14 10:23:00,421 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_cnc_https_serviceinterface
2024-12-14 10:23:00,421 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_cnc_https_socialmedia
2024-12-14 10:23:00,421 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_cnc_https_telegram
2024-12-14 10:23:00,422 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_cnc_https_tempstorage
2024-12-14 10:23:00,422 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_cnc_https_temp_urldns
2024-12-14 10:23:00,422 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_cnc_https_urlshortener
2024-12-14 10:23:00,422 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_cnc_https_useragent
2024-12-14 10:23:00,422 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_cnc_smtps_exfil
2024-12-14 10:23:00,422 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_cnc_smtps_generic
2024-12-14 10:23:00,422 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_dns_idn
2024-12-14 10:23:00,422 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_dns_suspicious_querytype
2024-12-14 10:23:00,422 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_dns_tunneling_request
2024-12-14 10:23:00,422 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_document_http
2024-12-14 10:23:00,423 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- explorer_http
2024-12-14 10:23:00,423 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_fake_useragent
2024-12-14 10:23:00,423 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_document_file
2024-12-14 10:23:00,423 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_downloader_exe
2024-12-14 10:23:00,423 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- network_tor
2024-12-14 10:23:00,423 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- office_com_load
2024-12-14 10:23:00,423 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- office_dotnet_load
2024-12-14 10:23:00,423 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- office_mshtml_load
2024-12-14 10:23:00,423 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- office_vb_load
2024-12-14 10:23:00,424 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- office_wmi_load
2024-12-14 10:23:00,424 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- office_cve2017_11882
2024-12-14 10:23:00,424 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- office_cve2017_11882_network
2024-12-14 10:23:00,424 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- office_cve_2021_40444
2024-12-14 10:23:00,424 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- office_cve_2021_40444_m2
2024-12-14 10:23:00,424 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- office_flash_load
2024-12-14 10:23:00,424 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- office_postscript
2024-12-14 10:23:00,424 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- office_suspicious_processes
2024-12-14 10:23:00,424 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- office_write_exe
2024-12-14 10:23:00,424 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- persistence_autorun
2024-12-14 10:23:00,424 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- persistence_autorun_tasks
2024-12-14 10:23:00,425 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- persistence_bootexecute
2024-12-14 10:23:00,425 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- persistence_registry_script
2024-12-14 10:23:00,425 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- powershell_network_connection
2024-12-14 10:23:00,425 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- powershell_download
2024-12-14 10:23:00,425 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- powershell_request
2024-12-14 10:23:00,425 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- createtoolhelp32snapshot_module_enumeration
2024-12-14 10:23:00,425 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- enumerates_running_processes
2024-12-14 10:23:00,425 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- process_interest
2024-12-14 10:23:00,425 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- process_needed
2024-12-14 10:23:00,426 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- mass_data_encryption
2024-12-14 10:23:00,426 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- ransomware_dmalocker
2024-12-14 10:23:00,426 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- ransomware_file_modifications
2024-12-14 10:23:00,426 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- ransomware_message
2024-12-14 10:23:00,426 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- nemty_network_activity
2024-12-14 10:23:00,426 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- nemty_note
2024-12-14 10:23:00,426 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- sodinokibi_behavior
2024-12-14 10:23:00,426 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- stop_ransomware_registry
2024-12-14 10:23:00,426 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- blackrat_apis
2024-12-14 10:23:00,427 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- blackrat_network_activity
2024-12-14 10:23:00,427 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- blackrat_registry_keys
2024-12-14 10:23:00,427 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- dcrat_behavior
2024-12-14 10:23:00,427 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- karagany_system_event_objects
2024-12-14 10:23:00,427 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- rat_luminosity
2024-12-14 10:23:00,427 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- rat_nanocore
2024-12-14 10:23:00,427 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- netwire_behavior
2024-12-14 10:23:00,427 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- obliquerat_network_activity
2024-12-14 10:23:00,427 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- orcusrat_behavior
2024-12-14 10:23:00,427 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- trochilusrat_apis
2024-12-14 10:23:00,427 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- reads_self
2024-12-14 10:23:00,428 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- recon_beacon
2024-12-14 10:23:00,428 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- recon_programs
2024-12-14 10:23:00,428 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- recon_systeminfo
2024-12-14 10:23:00,428 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- accesses_recyclebin
2024-12-14 10:23:00,428 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- removes_zoneid_ads
2024-12-14 10:23:00,428 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- script_created_process
2024-12-14 10:23:00,428 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- script_network_activity
2024-12-14 10:23:00,428 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- suspicious_js_script
2024-12-14 10:23:00,428 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- javascript_timer
2024-12-14 10:23:00,428 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- secure_login_phishing
2024-12-14 10:23:00,428 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- securityxploded_modules
2024-12-14 10:23:00,429 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- get_clipboard_data
2024-12-14 10:23:00,429 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- sets_autoconfig_url
2024-12-14 10:23:00,429 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- spoofs_procname
2024-12-14 10:23:00,429 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- stack_pivot
2024-12-14 10:23:00,429 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- stack_pivot_file_created
2024-12-14 10:23:00,429 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- stack_pivot_process_create
2024-12-14 10:23:00,429 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- set_clipboard_data
2024-12-14 10:23:00,429 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- stealth_childproc
2024-12-14 10:23:00,429 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- stealth_file
2024-12-14 10:23:00,429 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- stealth_system_procname
2024-12-14 10:23:00,430 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- stealth_timeout
2024-12-14 10:23:00,430 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- stealth_window
2024-12-14 10:23:00,430 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- queries_keyboard_layout
2024-12-14 10:23:00,430 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- terminates_remote_process
2024-12-14 10:23:00,430 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- trickbot_task_delete
2024-12-14 10:23:00,430 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- user_enum
2024-12-14 10:23:00,430 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- virus
2024-12-14 10:23:00,430 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- neshta_files
2024-12-14 10:23:00,430 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- neshta_regkeys
2024-12-14 10:23:00,431 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- webmail_phish
2024-12-14 10:23:00,431 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- persists_dev_util
2024-12-14 10:23:00,431 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- spawns_dev_util
2024-12-14 10:23:00,431 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- alters_windows_utility
2024-12-14 10:23:00,431 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- overwrites_accessibility_utility
2024-12-14 10:23:00,431 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- uses_windows_utilities_to_create_scheduled_task
2024-12-14 10:23:00,431 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- wiper_zeroedbytes
2024-12-14 10:23:00,431 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- wmi_create_process
2024-12-14 10:23:00,431 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- wmi_script_process
2024-12-14 10:23:00,431 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- win32_process_create
2024-12-14 10:23:00,432 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- deletes_files
2024-12-14 10:23:00,432 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- drops_files
2024-12-14 10:23:00,432 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 |-- reads_files
2024-12-14 10:23:00,432 [Task 23] [lib.cuckoo.core.plugins] DEBUG: 	 `-- writes_files
2024-12-14 10:23:00,445 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running non-evented signatures
2024-12-14 10:23:00,446 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivirus_clamav"
2024-12-14 10:23:00,446 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivirus_virustotal"
2024-12-14 10:23:00,447 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_certs"
2024-12-14 10:23:00,447 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_ssl_certs"
2024-12-14 10:23:00,448 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_p2p"
2024-12-14 10:23:00,448 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_url"
2024-12-14 10:23:00,449 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_athenahttp"
2024-12-14 10:23:00,450 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_dirtjumper"
2024-12-14 10:23:00,450 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive"
2024-12-14 10:23:00,451 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive2"
2024-12-14 10:23:00,452 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_madness"
2024-12-14 10:23:00,453 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "family_proxyback"
2024-12-14 10:23:00,453 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_antianalysis"
2024-12-14 10:23:00,453 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_collection"
2024-12-14 10:23:00,454 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_compiler"
2024-12-14 10:23:00,454 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_datamanipulation"
2024-12-14 10:23:00,454 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_executable"
2024-12-14 10:23:00,454 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_hostinteraction"
2024-12-14 10:23:00,455 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_impact"
2024-12-14 10:23:00,455 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_lib"
2024-12-14 10:23:00,455 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_linking"
2024-12-14 10:23:00,455 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_loadcode"
2024-12-14 10:23:00,455 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_malwarefamily"
2024-12-14 10:23:00,456 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_nursery"
2024-12-14 10:23:00,456 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_persistence"
2024-12-14 10:23:00,456 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_runtime"
2024-12-14 10:23:00,456 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_targeting"
2024-12-14 10:23:00,456 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "log4shell"
2024-12-14 10:23:00,456 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_extension"
2024-12-14 10:23:00,457 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_country_distribution"
2024-12-14 10:23:00,457 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_multiple_direct_ip_connections"
2024-12-14 10:23:00,457 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_http"
2024-12-14 10:23:00,458 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_http_post"
2024-12-14 10:23:00,458 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_ip_exe"
2024-12-14 10:23:00,458 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga"
2024-12-14 10:23:00,458 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga_fraunhofer"
2024-12-14 10:23:00,458 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dyndns"
2024-12-14 10:23:00,459 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_excessive_udp"
2024-12-14 10:23:00,459 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_http"
2024-12-14 10:23:00,459 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_icmp"
2024-12-14 10:23:00,459 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_irc"
2024-12-14 10:23:00,460 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_open_proxy"
2024-12-14 10:23:00,460 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_p2p"
2024-12-14 10:23:00,460 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_questionable_http_path"
2024-12-14 10:23:00,460 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_questionable_https_path"
2024-12-14 10:23:00,460 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_smtp"
2024-12-14 10:23:00,460 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_torgateway"
2024-12-14 10:23:00,461 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_langid"
2024-12-14 10:23:00,461 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_resource_langid"
2024-12-14 10:23:00,461 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "overlay"
2024-12-14 10:23:00,461 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_unknown_pe_section_name"
2024-12-14 10:23:00,462 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspack"
2024-12-14 10:23:00,462 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspirecrypt"
2024-12-14 10:23:00,462 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_bedsprotector"
2024-12-14 10:23:00,462 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_confuser"
2024-12-14 10:23:00,462 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_enigma"
2024-12-14 10:23:00,462 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_entropy"
2024-12-14 10:23:00,463 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_mpress"
2024-12-14 10:23:00,463 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nate"
2024-12-14 10:23:00,463 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nspack"
2024-12-14 10:23:00,463 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_smartassembly"
2024-12-14 10:23:00,464 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_spices"
2024-12-14 10:23:00,464 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_themida"
2024-12-14 10:23:00,464 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_titan"
2024-12-14 10:23:00,464 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_upx"
2024-12-14 10:23:00,465 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_vmprotect"
2024-12-14 10:23:00,465 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_yoda"
2024-12-14 10:23:00,465 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "pdf_annot_urls"
2024-12-14 10:23:00,465 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "polymorphic"
2024-12-14 10:23:00,466 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "punch_plus_plus_pcres"
2024-12-14 10:23:00,466 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "procmem_yara"
2024-12-14 10:23:00,466 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_checkip"
2024-12-14 10:23:00,467 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_authenticode"
2024-12-14 10:23:00,467 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "invalid_authenticode_signature"
2024-12-14 10:23:00,467 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_dotnet_anomaly"
2024-12-14 10:23:00,467 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_java"
2024-12-14 10:23:00,467 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pdf"
2024-12-14 10:23:00,468 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_anomaly"
2024-12-14 10:23:00,468 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "pe_compile_timestomping"
2024-12-14 10:23:00,468 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_pdbpath"
2024-12-14 10:23:00,469 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_rat_config"
2024-12-14 10:23:00,469 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_versioninfo_anomaly"
2024-12-14 10:23:00,469 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suricata_alert"
2024-12-14 10:23:00,469 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_devicetree_1"
2024-12-14 10:23:00,469 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_handles_1"
2024-12-14 10:23:00,470 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_1"
2024-12-14 10:23:00,470 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_2"
2024-12-14 10:23:00,470 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_1"
2024-12-14 10:23:00,470 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_2"
2024-12-14 10:23:00,470 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_modscan_1"
2024-12-14 10:23:00,470 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_1"
2024-12-14 10:23:00,471 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_2"
2024-12-14 10:23:00,471 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_3"
2024-12-14 10:23:00,471 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "whois_create"
2024-12-14 10:23:00,471 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_mailslot"
2024-12-14 10:23:00,471 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_netlogon_regkey"
2024-12-14 10:23:00,472 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_public_folder"
2024-12-14 10:23:00,472 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_sysvol"
2024-12-14 10:23:00,473 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "writes_sysvol"
2024-12-14 10:23:00,473 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "adds_admin_user"
2024-12-14 10:23:00,473 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "adds_user"
2024-12-14 10:23:00,474 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "overwrites_admin_password"
2024-12-14 10:23:00,474 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectfile"
2024-12-14 10:23:00,481 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectreg"
2024-12-14 10:23:00,483 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_attachment_manager"
2024-12-14 10:23:00,484 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectfile"
2024-12-14 10:23:00,487 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectreg"
2024-12-14 10:23:00,495 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_srp"
2024-12-14 10:23:00,495 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_whitespace"
2024-12-14 10:23:00,495 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_devices"
2024-12-14 10:23:00,496 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_windefend"
2024-12-14 10:23:00,497 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_reg"
2024-12-14 10:23:00,497 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoo_files"
2024-12-14 10:23:00,497 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_fortinet_files"
2024-12-14 10:23:00,497 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_joe_anubis_files"
2024-12-14 10:23:00,498 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_mutex"
2024-12-14 10:23:00,498 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_files"
2024-12-14 10:23:00,498 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_threattrack_files"
2024-12-14 10:23:00,499 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_bochs_keys"
2024-12-14 10:23:00,499 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_bios"
2024-12-14 10:23:00,500 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_cpu"
2024-12-14 10:23:00,500 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_diskreg"
2024-12-14 10:23:00,501 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_hyperv_keys"
2024-12-14 10:23:00,501 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_parallels_keys"
2024-12-14 10:23:00,502 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_devices"
2024-12-14 10:23:00,502 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_files"
2024-12-14 10:23:00,504 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_keys"
2024-12-14 10:23:00,506 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_devices"
2024-12-14 10:23:00,506 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_files"
2024-12-14 10:23:00,507 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_keys"
2024-12-14 10:23:00,508 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_mutexes"
2024-12-14 10:23:00,508 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_files"
2024-12-14 10:23:00,508 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_keys"
2024-12-14 10:23:00,509 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_mutex"
2024-12-14 10:23:00,510 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_xen_keys"
2024-12-14 10:23:00,510 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "asyncrat_mutex"
2024-12-14 10:23:00,511 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "gulpix_behavior"
2024-12-14 10:23:00,511 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ketrican_regkeys"
2024-12-14 10:23:00,512 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "okrum_mutexes"
2024-12-14 10:23:00,513 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_cridex"
2024-12-14 10:23:00,513 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "geodo_banking_trojan"
2024-12-14 10:23:00,514 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_spyeye_mutexes"
2024-12-14 10:23:00,515 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_mutex"
2024-12-14 10:23:00,516 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bitcoin_opencl"
2024-12-14 10:23:00,516 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_primary_patition"
2024-12-14 10:23:00,516 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "direct_hdd_access"
2024-12-14 10:23:00,517 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "enumerates_physical_drives"
2024-12-14 10:23:00,517 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "physical_drive_access"
2024-12-14 10:23:00,517 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_russkill"
2024-12-14 10:23:00,517 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_addon"
2024-12-14 10:23:00,518 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "chromium_browser_extension_directory"
2024-12-14 10:23:00,518 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_helper_object"
2024-12-14 10:23:00,519 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_proxy"
2024-12-14 10:23:00,519 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_security"
2024-12-14 10:23:00,521 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_startpage"
2024-12-14 10:23:00,522 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ie_disables_process_tab"
2024-12-14 10:23:00,522 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "odbcconf_bypass"
2024-12-14 10:23:00,522 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblydoo_bypass"
2024-12-14 10:23:00,522 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblytwo_bypass"
2024-12-14 10:23:00,523 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bypass_firewall"
2024-12-14 10:23:00,523 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_cmstpcom"
2024-12-14 10:23:00,524 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_delegateexecute_sdclt"
2024-12-14 10:23:00,524 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_fodhelper"
2024-12-14 10:23:00,525 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_extracted_content"
2024-12-14 10:23:00,525 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "carberp_mutex"
2024-12-14 10:23:00,525 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "clears_logs"
2024-12-14 10:23:00,526 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_obfuscation"
2024-12-14 10:23:00,526 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_switches"
2024-12-14 10:23:00,526 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_terminate"
2024-12-14 10:23:00,527 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_forfiles_wildcard"
2024-12-14 10:23:00,527 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_http_link"
2024-12-14 10:23:00,527 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_long_string"
2024-12-14 10:23:00,527 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_reversed_http_link"
2024-12-14 10:23:00,528 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "long_commandline"
2024-12-14 10:23:00,528 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed_commandline"
2024-12-14 10:23:00,528 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_account_discovery_cmd"
2024-12-14 10:23:00,528 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_currently_loggedin_user_cmd"
2024-12-14 10:23:00,528 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_discovery_cmd"
2024-12-14 10:23:00,528 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_discovery_pwsh"
2024-12-14 10:23:00,529 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_cmd"
2024-12-14 10:23:00,529 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_pwsh"
2024-12-14 10:23:00,529 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_user_discovery_cmd"
2024-12-14 10:23:00,529 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "copies_self"
2024-12-14 10:23:00,529 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "credwiz_credentialaccess"
2024-12-14 10:23:00,530 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "enables_wdigest"
2024-12-14 10:23:00,530 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "vaultcmd_credentialaccess"
2024-12-14 10:23:00,530 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "file_credential_store_access"
2024-12-14 10:23:00,531 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "file_credential_store_write"
2024-12-14 10:23:00,531 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_dumping"
2024-12-14 10:23:00,531 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_store_access"
2024-12-14 10:23:00,532 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_lsa_secrets_access"
2024-12-14 10:23:00,532 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "comsvcs_credentialdump"
2024-12-14 10:23:00,532 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptomining_stratum_command"
2024-12-14 10:23:00,533 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cypherit_mutexes"
2024-12-14 10:23:00,533 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "darkcomet_regkeys"
2024-12-14 10:23:00,533 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "datop_loader"
2024-12-14 10:23:00,534 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "deepfreeze_mutex"
2024-12-14 10:23:00,534 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_executed_files"
2024-12-14 10:23:00,534 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_app_launch"
2024-12-14 10:23:00,535 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_auto_app_termination"
2024-12-14 10:23:00,535 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_appv_virtualization"
2024-12-14 10:23:00,536 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_backups"
2024-12-14 10:23:00,538 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_browser_warn"
2024-12-14 10:23:00,539 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_context_menus"
2024-12-14 10:23:00,540 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_cpl_disable"
2024-12-14 10:23:00,540 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_crashdumps"
2024-12-14 10:23:00,541 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_event_logging"
2024-12-14 10:23:00,541 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_folder_options"
2024-12-14 10:23:00,542 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_notificationcenter"
2024-12-14 10:23:00,542 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_power_options"
2024-12-14 10:23:00,543 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_restore_default_state"
2024-12-14 10:23:00,543 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_run_command"
2024-12-14 10:23:00,544 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_security"
2024-12-14 10:23:00,544 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_smartscreen"
2024-12-14 10:23:00,545 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_startmenu_search"
2024-12-14 10:23:00,545 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_system_restore"
2024-12-14 10:23:00,546 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_uac"
2024-12-14 10:23:00,547 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wer"
2024-12-14 10:23:00,547 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender"
2024-12-14 10:23:00,548 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender_dism"
2024-12-14 10:23:00,548 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender_logging"
2024-12-14 10:23:00,549 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_windows_defender_contextmenu"
2024-12-14 10:23:00,549 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "windows_defender_powershell"
2024-12-14 10:23:00,550 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_file_protection"
2024-12-14 10:23:00,550 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windowsupdate"
2024-12-14 10:23:00,551 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_winfirewall"
2024-12-14 10:23:00,551 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "adfind_domain_enumeration"
2024-12-14 10:23:00,551 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "domain_enumeration_commands"
2024-12-14 10:23:00,551 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "andromut_mutexes"
2024-12-14 10:23:00,552 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "downloader_cabby"
2024-12-14 10:23:00,552 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "phorpiex_mutexes"
2024-12-14 10:23:00,553 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "protonbot_mutexes"
2024-12-14 10:23:00,553 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "driver_filtermanager"
2024-12-14 10:23:00,553 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dropper"
2024-12-14 10:23:00,553 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dll_archive_execution"
2024-12-14 10:23:00,554 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "lnk_archive_execution"
2024-12-14 10:23:00,554 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "script_archive_execution"
2024-12-14 10:23:00,554 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "excel4_macro_urls"
2024-12-14 10:23:00,554 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "spooler_access"
2024-12-14 10:23:00,554 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "spooler_svc_start"
2024-12-14 10:23:00,555 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "mapped_drives_uac"
2024-12-14 10:23:00,555 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "hides_recycle_bin_icon"
2024-12-14 10:23:00,556 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "apocalypse_stealer_file_behavior"
2024-12-14 10:23:00,556 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "arkei_files"
2024-12-14 10:23:00,557 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "azorult_mutexes"
2024-12-14 10:23:00,559 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_bitcoin"
2024-12-14 10:23:00,561 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptbot_files"
2024-12-14 10:23:00,562 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "echelon_files"
2024-12-14 10:23:00,564 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_ftp"
2024-12-14 10:23:00,568 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_im"
2024-12-14 10:23:00,570 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_mail"
2024-12-14 10:23:00,572 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "masslogger_files"
2024-12-14 10:23:00,573 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "poullight_files"
2024-12-14 10:23:00,577 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "purplewave_mutexes"
2024-12-14 10:23:00,577 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "quilclipper_mutexes"
2024-12-14 10:23:00,577 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_files"
2024-12-14 10:23:00,578 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_mutexes"
2024-12-14 10:23:00,579 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "asyncrat_mutex"
2024-12-14 10:23:00,579 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ie_martian_children"
2024-12-14 10:23:00,579 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_martian_children"
2024-12-14 10:23:00,579 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_icon"
2024-12-14 10:23:00,580 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "masquerade_process_name"
2024-12-14 10:23:00,582 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "mimikatz_modules"
2024-12-14 10:23:00,582 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_certs"
2024-12-14 10:23:00,582 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_clr_usagelog_regkeys"
2024-12-14 10:23:00,583 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_hostfile"
2024-12-14 10:23:00,583 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_oem_information"
2024-12-14 10:23:00,584 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_security_center_warnings"
2024-12-14 10:23:00,585 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_uac_prompt"
2024-12-14 10:23:00,586 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_blockchain"
2024-12-14 10:23:00,586 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_opennic"
2024-12-14 10:23:00,586 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_paste_site"
2024-12-14 10:23:00,587 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_reverse_proxy"
2024-12-14 10:23:00,587 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_temp_file_storage"
2024-12-14 10:23:00,587 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_temp_urldns"
2024-12-14 10:23:00,587 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_url_shortener"
2024-12-14 10:23:00,587 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_doh_tls"
2024-12-14 10:23:00,588 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_tld"
2024-12-14 10:23:00,588 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor_service"
2024-12-14 10:23:00,588 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_code_page"
2024-12-14 10:23:00,589 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_addinloading"
2024-12-14 10:23:00,589 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_perfkey"
2024-12-14 10:23:00,589 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro"
2024-12-14 10:23:00,590 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "changes_trust_center_settings"
2024-12-14 10:23:00,590 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_vba_trust_access"
2024-12-14 10:23:00,591 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_autoexecution"
2024-12-14 10:23:00,591 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_ioc"
2024-12-14 10:23:00,591 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_malicious_prediction"
2024-12-14 10:23:00,591 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_suspicious"
2024-12-14 10:23:00,592 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_aslr_bypass"
2024-12-14 10:23:00,592 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_characterset"
2024-12-14 10:23:00,592 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_version"
2024-12-14 10:23:00,592 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_content"
2024-12-14 10:23:00,592 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_office_file"
2024-12-14 10:23:00,593 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_exploit_static"
2024-12-14 10:23:00,593 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_security"
2024-12-14 10:23:00,593 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_anomalous_feature"
2024-12-14 10:23:00,594 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_dde_command"
2024-12-14 10:23:00,594 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_mutex"
2024-12-14 10:23:00,594 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_regkey"
2024-12-14 10:23:00,594 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ads"
2024-12-14 10:23:00,595 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_safeboot"
2024-12-14 10:23:00,595 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ifeo"
2024-12-14 10:23:00,596 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_silent_process_exit"
2024-12-14 10:23:00,597 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_rdp_registry"
2024-12-14 10:23:00,597 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_rdp_shadowing"
2024-12-14 10:23:00,598 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_service"
2024-12-14 10:23:00,598 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_shim_database"
2024-12-14 10:23:00,599 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powerpool_mutexes"
2024-12-14 10:23:00,599 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_scriptblock_logging"
2024-12-14 10:23:00,599 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_command_suspicious"
2024-12-14 10:23:00,599 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed"
2024-12-14 10:23:00,599 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_reversed"
2024-12-14 10:23:00,600 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_variable_obfuscation"
2024-12-14 10:23:00,600 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "prevents_safeboot"
2024-12-14 10:23:00,600 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_process_discovery"
2024-12-14 10:23:00,600 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptomix_mutexes"
2024-12-14 10:23:00,601 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dharma_mutexes"
2024-12-14 10:23:00,601 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_extensions"
/opt/CAPEv2/utils/../lib/cuckoo/common/abstracts.py:1039: FutureWarning: Possible nested set at position 5
  exp = re.compile(pattern, re.IGNORECASE)
2024-12-14 10:23:00,609 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_files"
2024-12-14 10:23:00,621 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "fonix_mutexes"
2024-12-14 10:23:00,622 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "gandcrab_mutexes"
2024-12-14 10:23:00,622 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "germanwiper_mutexes"
2024-12-14 10:23:00,622 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_mutexes"
2024-12-14 10:23:00,623 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_regkeys"
2024-12-14 10:23:00,624 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_mutexes"
2024-12-14 10:23:00,624 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_regkeys"
2024-12-14 10:23:00,625 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "pysa_mutexes"
2024-12-14 10:23:00,625 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_radamant"
2024-12-14 10:23:00,626 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_recyclebin"
2024-12-14 10:23:00,626 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "revil_mutexes"
2024-12-14 10:23:00,629 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_revil_regkey"
2024-12-14 10:23:00,629 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "satan_mutexes"
2024-12-14 10:23:00,630 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "snake_ransom_mutexes"
2024-12-14 10:23:00,631 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransom_mutexes"
2024-12-14 10:23:00,632 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransomware_cmd"
2024-12-14 10:23:00,632 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_beebus_mutexes"
2024-12-14 10:23:00,633 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "blacknet_mutexes"
2024-12-14 10:23:00,633 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_mutexes"
2024-12-14 10:23:00,634 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "crat_mutexes"
2024-12-14 10:23:00,635 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_files"
2024-12-14 10:23:00,636 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_mutexes"
2024-12-14 10:23:00,636 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_fynloski_mutexes"
2024-12-14 10:23:00,636 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "karagany_files"
2024-12-14 10:23:00,637 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_mutexes"
2024-12-14 10:23:00,637 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_regkeys"
2024-12-14 10:23:00,638 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "lodarat_file_behavior"
2024-12-14 10:23:00,639 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modirat_behavior"
2024-12-14 10:23:00,642 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "njrat_regkeys"
2024-12-14 10:23:00,643 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_files"
2024-12-14 10:23:00,644 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_mutexes"
2024-12-14 10:23:00,644 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "parallax_mutexes"
2024-12-14 10:23:00,645 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_pcclient"
2024-12-14 10:23:00,646 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_plugx_mutexes"
2024-12-14 10:23:00,646 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_poisonivy_mutexes"
2024-12-14 10:23:00,647 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_quasar_mutexes"
2024-12-14 10:23:00,647 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ratsnif_mutexes"
2024-12-14 10:23:00,647 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_senna_mutexes"
2024-12-14 10:23:00,648 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_spynet"
2024-12-14 10:23:00,649 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "venomrat_mutexes"
2024-12-14 10:23:00,649 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_files"
2024-12-14 10:23:00,649 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_regkeys"
2024-12-14 10:23:00,650 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_files"
2024-12-14 10:23:00,651 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_mutexes"
2024-12-14 10:23:00,651 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_xtreme_mutexes"
2024-12-14 10:23:00,652 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_fingerprint"
2024-12-14 10:23:00,652 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_files"
2024-12-14 10:23:00,653 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_mutexes"
2024-12-14 10:23:00,654 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_regkeys"
2024-12-14 10:23:00,655 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rdptcp_key"
2024-12-14 10:23:00,655 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_rdp_clip"
2024-12-14 10:23:00,655 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_remote_desktop_session"
2024-12-14 10:23:00,656 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_networking_icon"
2024-12-14 10:23:00,656 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_pinned_programs"
2024-12-14 10:23:00,656 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_security_maintenance_icon"
2024-12-14 10:23:00,657 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_startmenu_defaults"
2024-12-14 10:23:00,657 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_username_startmenu"
2024-12-14 10:23:00,658 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "spicyhotpot_behavior"
2024-12-14 10:23:00,659 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "sniffer_winpcap"
2024-12-14 10:23:00,659 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "spreading_autoruninf"
2024-12-14 10:23:00,659 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hidden_extension"
2024-12-14 10:23:00,660 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hiddenreg"
2024-12-14 10:23:00,661 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hide_notifications"
2024-12-14 10:23:00,662 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_webhistory"
2024-12-14 10:23:00,662 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_psexec"
2024-12-14 10:23:00,663 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_tools"
2024-12-14 10:23:00,663 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_etw"
2024-12-14 10:23:00,664 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "lsa_tampering"
2024-12-14 10:23:00,664 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_powershell_logging"
2024-12-14 10:23:00,665 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "targeted_flame"
2024-12-14 10:23:00,665 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "territorial_disputes_sigs"
2024-12-14 10:23:00,669 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "trickbot_mutex"
2024-12-14 10:23:00,669 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "fleercivet_mutex"
2024-12-14 10:23:00,669 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "lokibot_mutexes"
2024-12-14 10:23:00,670 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ursnif_behavior"
2024-12-14 10:23:00,676 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "upatre_files"
2024-12-14 10:23:00,677 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "upatre_files"
2024-12-14 10:23:00,677 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_adfind"
2024-12-14 10:23:00,677 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_ms_protocol"
2024-12-14 10:23:00,677 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "neshta_mutexes"
2024-12-14 10:23:00,678 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "renamer_mutexes"
2024-12-14 10:23:00,678 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "owa_web_shell_files"
2024-12-14 10:23:00,679 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_files"
2024-12-14 10:23:00,679 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_processes"
2024-12-14 10:23:00,680 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_csc_build"
2024-12-14 10:23:00,680 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "multiple_explorer_instances"
2024-12-14 10:23:00,680 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "script_tool_executed"
2024-12-14 10:23:00,680 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_certutil_use"
2024-12-14 10:23:00,681 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_command_tools"
2024-12-14 10:23:00,681 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_mpcmdrun_use"
2024-12-14 10:23:00,681 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_ping_use"
2024-12-14 10:23:00,681 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_powershell_copyitem"
2024-12-14 10:23:00,682 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities"
2024-12-14 10:23:00,682 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_appcmd"
2024-12-14 10:23:00,682 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_csvde_ldifde"
2024-12-14 10:23:00,683 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_cipher"
2024-12-14 10:23:00,683 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_clickonce"
2024-12-14 10:23:00,683 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_curl"
2024-12-14 10:23:00,683 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_dsquery"
2024-12-14 10:23:00,684 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_esentutl"
2024-12-14 10:23:00,684 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_finger"
2024-12-14 10:23:00,684 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_mode"
2024-12-14 10:23:00,684 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_ntdsutil"
2024-12-14 10:23:00,685 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_nltest"
2024-12-14 10:23:00,685 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_xcopy"
2024-12-14 10:23:00,685 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "wmic_command_suspicious"
2024-12-14 10:23:00,685 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "scrcons_wmi_script_consumer"
2024-12-14 10:23:00,686 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "allaple_mutexes"
2024-12-14 10:23:00,686 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "exec_crash"
2024-12-14 10:23:00,689 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "BinGraph"
2024-12-14 10:23:00,690 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "CAPASummary"
2024-12-14 10:23:00,691 [Task 23] [lib.cuckoo.common.integrations.capa] ERROR: CAPA ValidationError 1 validation error for CapeReport
behavior.processes.0.file_activities
  Extra inputs are not permitted [type=extra_forbidden, input_value={'read_files': [], 'write... [], 'delete_files': []}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.4/v/extra_forbidden
2024-12-14 10:23:00,692 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "PCAP2CERT"
2024-12-14 10:23:00,696 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "JsonDump"
2024-12-14 10:23:00,698 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MongoDB"
2024-12-14 10:23:00,720 [Task 23] [modules.reporting.mongodb] DEBUG: Deleted previous MongoDB data for Task 23
2024-12-14 10:23:00,813 [Task 23] [root] DEBUG: Finished processing task

i verified that Lumma.py works correctly and it is able to extract config for the sample

@doomedraven
Copy link
Collaborator

doomedraven commented Dec 14, 2024 via email

@marsomx
Copy link
Author

marsomx commented Dec 14, 2024

Does it has lumma Yara detection? I don't see any error there El sáb, 14 dic 2024, 10:32, marsomx @.***> escribió:

np, strange, no you don't need to do nothing else, you just need to have installed cape-parsers which is part of pyproject.toml. did you restart processing? if yes, can you do next as cape user: - cd /opt/CAPEv2/utils && poetry run python process.py -r <task_id> -d so that should give us an clue i submitted a lumma payoad (dumped from previous analysis) and this is the result of mentioned command 2024-12-14 10:22:51,548 [root] DEBUG: Importing modules... 2024-12-14 10:22:51,550 [modules.auxiliary.QemuScreenshots] DEBUG: Importing 'PIL.ImageChops.difference' 2024-12-14 10:22:51,550 [modules.auxiliary.QemuScreenshots] DEBUG: Importing 'PIL.ImageDraw' 2024-12-14 10:22:51,551 [modules.auxiliary.QemuScreenshots] DEBUG: Importing 'PIL.Image' 2024-12-14 10:22:51,551 [modules.auxiliary.QemuScreenshots] ERROR: No module named 'libvirt' OPTIONAL! Missed dependency: poetry run pip install peepdf-3 pip3 install certvalidator asn1crypto mscerts OPTIONAL! Missed dependency: poetry run pip install -U git+https://github.com/DissectMalware/batch_deobfuscator OPTIONAL! Missed dependency: poetry run pip install -U git+https://github.com/CAPESandbox/httpreplay 2024-12-14 https://github.com/CAPESandbox/httpreplay2024-12-14 10:22:52,202 [capa.rules] DEBUG: reading rules from directory /opt/CAPEv2/data/capa-rules 2024-12-14 10:22:52,228 [capa.rules.cache] DEBUG: loading rule set from cache: /home/cape/.cache/capa/capa-8c6bac93.cache 2024-12-14 10:22:52,333 [capa.loader] DEBUG: reading signatures from directory /opt/CAPEv2/data/flare-signatures 2024-12-14 10:22:52,333 [capa.loader] DEBUG: found signature file: /opt/CAPEv2/data/flare-signatures/1_flare_msvc_rtf_32_64.sig 2024-12-14 10:22:52,333 [capa.loader] DEBUG: found signature file: /opt/CAPEv2/data/flare-signatures/2_flare_msvc_atlmfc_32_64.sig 2024-12-14 10:22:52,333 [capa.loader] DEBUG: found signature file: /opt/CAPEv2/data/flare-signatures/3_flare_common_libs.sig 2024-12-14 10:22:52,335 [root] DEBUG: Imported "auxiliary" modules: 2024-12-14 10:22:52,336 [root] DEBUG: |-- AzSniffer 2024-12-14 10:22:52,336 [root] DEBUG: |-- Mitmdump 2024-12-14 10:22:52,336 [root] DEBUG: |-- QEMUScreenshots 2024-12-14 10:22:52,336 [root] DEBUG: -- Sniffer 2024-12-14 10:22:52,336 [root] DEBUG: Imported "processing" modules: 2024-12-14 10:22:52,336 [root] DEBUG: |-- CAPE 2024-12-14 10:22:52,336 [root] DEBUG: |-- AnalysisInfo 2024-12-14 10:22:52,336 [root] DEBUG: |-- Autoruns 2024-12-14 10:22:52,336 [root] DEBUG: |-- BehaviorAnalysis 2024-12-14 10:22:52,336 [root] DEBUG: |-- Debug 2024-12-14 10:22:52,336 [root] DEBUG: |-- NetworkAnalysis 2024-12-14 10:22:52,336 [root] DEBUG: |-- ProcessMemory 2024-12-14 10:22:52,336 [root] DEBUG: |-- script_log_processing 2024-12-14 10:22:52,336 [root] DEBUG: |-- Suricata 2024-12-14 10:22:52,336 [root] DEBUG: -- UrlAnalysis 2024-12-14 10:22:52,336 [root] DEBUG: Imported "signatures" modules: 2024-12-14 10:22:52,336 [root] DEBUG: |-- ClamAV 2024-12-14 10:22:52,336 [root] DEBUG: |-- KnownVirustotal 2024-12-14 10:22:52,336 [root] DEBUG: |-- BadCerts 2024-12-14 10:22:52,336 [root] DEBUG: |-- BadSSLCerts 2024-12-14 10:22:52,336 [root] DEBUG: |-- ZeusP2P 2024-12-14 10:22:52,336 [root] DEBUG: |-- ZeusURL 2024-12-14 10:22:52,336 [root] DEBUG: |-- AthenaHttp 2024-12-14 10:22:52,336 [root] DEBUG: |-- DirtJumper 2024-12-14 10:22:52,337 [root] DEBUG: |-- Drive 2024-12-14 10:22:52,337 [root] DEBUG: |-- Drive2 2024-12-14 10:22:52,337 [root] DEBUG: |-- Madness 2024-12-14 10:22:52,337 [root] DEBUG: |-- FamilyProxyBack 2024-12-14 10:22:52,337 [root] DEBUG: |-- FlareCAPAAntiAnalysis 2024-12-14 10:22:52,337 [root] DEBUG: |-- FlareCAPACollection 2024-12-14 10:22:52,337 [root] DEBUG: |-- FlareCAPACompiler 2024-12-14 10:22:52,337 [root] DEBUG: |-- FlareCAPADataManipulation 2024-12-14 10:22:52,337 [root] DEBUG: |-- FlareCAPAExecutable 2024-12-14 10:22:52,337 [root] DEBUG: |-- FlareCAPAHostInteration 2024-12-14 10:22:52,337 [root] DEBUG: |-- FlareCAPAcommunication 2024-12-14 10:22:52,337 [root] DEBUG: |-- FlareCAPALib 2024-12-14 10:22:52,337 [root] DEBUG: |-- FlareCAPALinking 2024-12-14 10:22:52,337 [root] DEBUG: |-- FlareCAPALoadCode 2024-12-14 10:22:52,337 [root] DEBUG: |-- FlareCAPAMalwareFamily 2024-12-14 10:22:52,337 [root] DEBUG: |-- FlareCAPANursery 2024-12-14 10:22:52,337 [root] DEBUG: |-- FlareCAPAPersistence 2024-12-14 10:22:52,337 [root] DEBUG: |-- FlareCAPARuntime 2024-12-14 10:22:52,337 [root] DEBUG: |-- FlareCAPATargeting 2024-12-14 10:22:52,337 [root] DEBUG: |-- Log4j 2024-12-14 10:22:52,337 [root] DEBUG: |-- MimicsExtension 2024-12-14 10:22:52,337 [root] DEBUG: |-- NetworkCountryDistribution 2024-12-14 10:22:52,337 [root] DEBUG: |-- NetworkMultipleDirectIPConnections 2024-12-14 10:22:52,337 [root] DEBUG: |-- NetworkCnCHTTP 2024-12-14 10:22:52,338 [root] DEBUG: |-- NetworkHTTPPOST 2024-12-14 10:22:52,338 [root] DEBUG: |-- NetworkIPEXE 2024-12-14 10:22:52,338 [root] DEBUG: |-- NetworkDGA 2024-12-14 10:22:52,338 [root] DEBUG: |-- NetworkDGAFraunhofer 2024-12-14 10:22:52,338 [root] DEBUG: |-- NetworkDynDNS 2024-12-14 10:22:52,338 [root] DEBUG: |-- NetworkExcessiveUDP 2024-12-14 10:22:52,338 [root] DEBUG: |-- NetworkHTTP 2024-12-14 10:22:52,338 [root] DEBUG: |-- NetworkICMP 2024-12-14 10:22:52,338 [root] DEBUG: |-- NetworkIRC 2024-12-14 10:22:52,338 [root] DEBUG: |-- NetworkOpenProxy 2024-12-14 10:22:52,338 [root] DEBUG: |-- NetworkP2P 2024-12-14 10:22:52,338 [root] DEBUG: |-- NetworkQuestionableHost 2024-12-14 10:22:52,338 [root] DEBUG: |-- NetworkQuestionableHttpPath 2024-12-14 10:22:52,338 [root] DEBUG: |-- NetworkQuestionableHttpsPath 2024-12-14 10:22:52,338 [root] DEBUG: |-- NetworkSMTP 2024-12-14 10:22:52,338 [root] DEBUG: |-- TorGateway 2024-12-14 10:22:52,338 [root] DEBUG: |-- BuildLangID 2024-12-14 10:22:52,338 [root] DEBUG: |-- ResourceLangID 2024-12-14 10:22:52,338 [root] DEBUG: |-- overlay 2024-12-14 10:22:52,338 [root] DEBUG: |-- PackerUnknownPESectionName 2024-12-14 10:22:52,338 [root] DEBUG: |-- ASPackPacked 2024-12-14 10:22:52,338 [root] DEBUG: |-- AspireCryptPacked 2024-12-14 10:22:52,338 [root] DEBUG: |-- BedsProtectorPacked 2024-12-14 10:22:52,338 [root] DEBUG: |-- ConfuserPacked 2024-12-14 10:22:52,338 [root] DEBUG: |-- EnigmaPacked 2024-12-14 10:22:52,339 [root] DEBUG: |-- PackerEntropy 2024-12-14 10:22:52,339 [root] DEBUG: |-- MPressPacked 2024-12-14 10:22:52,339 [root] DEBUG: |-- NatePacked 2024-12-14 10:22:52,339 [root] DEBUG: |-- NsPacked 2024-12-14 10:22:52,339 [root] DEBUG: |-- SmartAssemblyPacked 2024-12-14 10:22:52,339 [root] DEBUG: |-- SpicesPacked 2024-12-14 10:22:52,339 [root] DEBUG: |-- ThemidaPacked 2024-12-14 10:22:52,339 [root] DEBUG: |-- ThemidaPackedSection 2024-12-14 10:22:52,339 [root] DEBUG: |-- TitanPacked 2024-12-14 10:22:52,339 [root] DEBUG: |-- UPXCompressed 2024-12-14 10:22:52,339 [root] DEBUG: |-- VMPPacked 2024-12-14 10:22:52,339 [root] DEBUG: |-- YodaPacked 2024-12-14 10:22:52,339 [root] DEBUG: |-- PDF_Annot_URLs 2024-12-14 10:22:52,339 [root] DEBUG: |-- Polymorphic 2024-12-14 10:22:52,339 [root] DEBUG: |-- PunchPlusPlusPCREs 2024-12-14 10:22:52,339 [root] DEBUG: |-- Procmem_Yara 2024-12-14 10:22:52,339 [root] DEBUG: |-- CheckIP 2024-12-14 10:22:52,339 [root] DEBUG: |-- Authenticode 2024-12-14 10:22:52,339 [root] DEBUG: |-- InvalidAuthenticodeSignature 2024-12-14 10:22:52,339 [root] DEBUG: |-- DotNetAnomaly 2024-12-14 10:22:52,339 [root] DEBUG: |-- Static_Java 2024-12-14 10:22:52,339 [root] DEBUG: |-- Static_PDF 2024-12-14 10:22:52,339 [root] DEBUG: |-- PEAnomaly 2024-12-14 10:22:52,339 [root] DEBUG: |-- PECompileTimeStomping 2024-12-14 10:22:52,339 [root] DEBUG: |-- StaticPEPDBPath 2024-12-14 10:22:52,339 [root] DEBUG: |-- RATConfig 2024-12-14 10:22:52,340 [root] DEBUG: |-- VersionInfoAnomaly 2024-12-14 10:22:52,340 [root] DEBUG: |-- StealthNetwork 2024-12-14 10:22:52,340 [root] DEBUG: |-- SuricataAlert 2024-12-14 10:22:52,340 [root] DEBUG: |-- VolDevicetree1 2024-12-14 10:22:52,340 [root] DEBUG: |-- VolHandles1 2024-12-14 10:22:52,340 [root] DEBUG: |-- VolLdrModules1 2024-12-14 10:22:52,340 [root] DEBUG: |-- VolLdrModules2 2024-12-14 10:22:52,340 [root] DEBUG: |-- VolMalfind1 2024-12-14 10:22:52,340 [root] DEBUG: |-- VolMalfind2 2024-12-14 10:22:52,340 [root] DEBUG: |-- VolModscan1 2024-12-14 10:22:52,340 [root] DEBUG: |-- VolSvcscan1 2024-12-14 10:22:52,340 [root] DEBUG: |-- VolSvcscan2 2024-12-14 10:22:52,340 [root] DEBUG: |-- VolSvcscan3 2024-12-14 10:22:52,340 [root] DEBUG: |-- WHOIS_Create 2024-12-14 10:22:52,340 [root] DEBUG: |-- AccessesMailslot 2024-12-14 10:22:52,340 [root] DEBUG: |-- AccessesNetlogonRegkey 2024-12-14 10:22:52,340 [root] DEBUG: |-- AccessesPublicFolder 2024-12-14 10:22:52,340 [root] DEBUG: |-- AccessesSysvol 2024-12-14 10:22:52,340 [root] DEBUG: |-- WritesSysvol 2024-12-14 10:22:52,340 [root] DEBUG: |-- AddsAdminUser 2024-12-14 10:22:52,340 [root] DEBUG: |-- AddsUser 2024-12-14 10:22:52,340 [root] DEBUG: |-- OverwritesAdminPassword 2024-12-14 10:22:52,340 [root] DEBUG: |-- anomalous_deletefile 2024-12-14 10:22:52,340 [root] DEBUG: |-- AntiAnalysisDetectFile 2024-12-14 10:22:52,340 [root] DEBUG: |-- AntiAnalysisDetectReg 2024-12-14 10:22:52,341 [root] DEBUG: |-- QihooDetectLibs 2024-12-14 10:22:52,341 [root] DEBUG: |-- AhnlabDetectLibs 2024-12-14 10:22:52,341 [root] DEBUG: |-- AvastDetectLibs 2024-12-14 10:22:52,341 [root] DEBUG: |-- BitdefenderDetectLibs 2024-12-14 10:22:52,341 [root] DEBUG: |-- BullguardDetectLibs 2024-12-14 10:22:52,341 [root] DEBUG: |-- ModifiesAttachmentManager 2024-12-14 10:22:52,341 [root] DEBUG: |-- AntiAVDetectFile 2024-12-14 10:22:52,341 [root] DEBUG: |-- AntiAVDetectReg 2024-12-14 10:22:52,341 [root] DEBUG: |-- EmsisoftDetectLibs 2024-12-14 10:22:52,341 [root] DEBUG: |-- QurbDetectLibs 2024-12-14 10:22:52,341 [root] DEBUG: |-- AntiAVServiceStop 2024-12-14 10:22:52,341 [root] DEBUG: |-- AntiAVSRP 2024-12-14 10:22:52,341 [root] DEBUG: |-- AntiAVWhitespace 2024-12-14 10:22:52,341 [root] DEBUG: |-- antidebug_addvectoredexceptionhandler 2024-12-14 10:22:52,341 [root] DEBUG: |-- APIOverrideDetectLibs 2024-12-14 10:22:52,341 [root] DEBUG: |-- antidebug_checkremotedebuggerpresent 2024-12-14 10:22:52,341 [root] DEBUG: |-- antidebug_debugactiveprocess 2024-12-14 10:22:52,341 [root] DEBUG: |-- AntiDBGDevices 2024-12-14 10:22:52,341 [root] DEBUG: |-- antidebug_gettickcount 2024-12-14 10:22:52,341 [root] DEBUG: |-- antidebug_guardpages 2024-12-14 10:22:52,341 [root] DEBUG: |-- antidebug_ntcreatethreadex 2024-12-14 10:22:52,341 [root] DEBUG: |-- BullguardDetectLibs 2024-12-14 10:22:52,341 [root] DEBUG: |-- antidebug_ntsetinformationthread 2024-12-14 10:22:52,341 [root] DEBUG: |-- antidebug_outputdebugstring 2024-12-14 10:22:52,341 [root] DEBUG: |-- antidebug_setunhandledexceptionfilter 2024-12-14 10:22:52,341 [root] DEBUG: |-- AntiDBGWindows 2024-12-14 10:22:52,342 [root] DEBUG: |-- AntiEmuWinDefend 2024-12-14 10:22:52,342 [root] DEBUG: |-- WineDetectReg 2024-12-14 10:22:52,342 [root] DEBUG: |-- WineDetectFunc 2024-12-14 10:22:52,342 [root] DEBUG: |-- AntiSandboxCheckUserdomain 2024-12-14 10:22:52,342 [root] DEBUG: |-- AntiCuckoo 2024-12-14 10:22:52,342 [root] DEBUG: |-- CuckooDetectFiles 2024-12-14 10:22:52,342 [root] DEBUG: |-- CuckooCrash 2024-12-14 10:22:52,342 [root] DEBUG: |-- AntiSandboxForegroundWindow 2024-12-14 10:22:52,342 [root] DEBUG: |-- FortinetDetectFiles 2024-12-14 10:22:52,342 [root] DEBUG: |-- SandboxJoeAnubisDetectFiles 2024-12-14 10:22:52,342 [root] DEBUG: |-- HookMouse 2024-12-14 10:22:52,342 [root] DEBUG: |-- AntiSandboxRestart 2024-12-14 10:22:52,342 [root] DEBUG: |-- SandboxieDetectLibs 2024-12-14 10:22:52,342 [root] DEBUG: |-- AntisandboxSboxieMutex 2024-12-14 10:22:52,342 [root] DEBUG: |-- AntiSandboxSboxieObjects 2024-12-14 10:22:52,342 [root] DEBUG: |-- AntiSandboxScriptTimer 2024-12-14 10:22:52,342 [root] DEBUG: |-- AntiSandboxSleep 2024-12-14 10:22:52,342 [root] DEBUG: |-- SunbeltDetectFiles 2024-12-14 10:22:52,342 [root] DEBUG: |-- SunbeltDetectLibs 2024-12-14 10:22:52,342 [root] DEBUG: |-- AntiSandboxSuspend 2024-12-14 10:22:52,342 [root] DEBUG: |-- ThreatTrackDetectFiles 2024-12-14 10:22:52,342 [root] DEBUG: |-- Unhook 2024-12-14 10:22:52,342 [root] DEBUG: |-- BochsDetectKeys 2024-12-14 10:22:52,342 [root] DEBUG: |-- AntiVMDirectoryObjects 2024-12-14 10:22:52,342 [root] DEBUG: |-- AntiVMBios 2024-12-14 10:22:52,342 [root] DEBUG: |-- AntiVMCPU 2024-12-14 10:22:52,343 [root] DEBUG: |-- DiskInformation 2024-12-14 10:22:52,343 [root] DEBUG: |-- SetupAPIDiskInformation 2024-12-14 10:22:52,343 [root] DEBUG: |-- AntiVMDiskReg 2024-12-14 10:22:52,343 [root] DEBUG: |-- AntiVMSCSI 2024-12-14 10:22:52,343 [root] DEBUG: |-- AntiVMServices 2024-12-14 10:22:52,343 [root] DEBUG: |-- AntiVMSystem 2024-12-14 10:22:52,343 [root] DEBUG: |-- HyperVDetectKeys 2024-12-14 10:22:52,343 [root] DEBUG: |-- AntiVMChecksAvailableMemory 2024-12-14 10:22:52,343 [root] DEBUG: |-- NetworkAdapters 2024-12-14 10:22:52,343 [root] DEBUG: |-- ParallelsDetectKeys 2024-12-14 10:22:52,343 [root] DEBUG: |-- VBoxDetectDevices 2024-12-14 10:22:52,343 [root] DEBUG: |-- VBoxDetectFiles 2024-12-14 10:22:52,343 [root] DEBUG: |-- VBoxDetectKeys 2024-12-14 10:22:52,343 [root] DEBUG: |-- VBoxDetectLibs 2024-12-14 10:22:52,343 [root] DEBUG: |-- VBoxDetectProvname 2024-12-14 10:22:52,343 [root] DEBUG: |-- VBoxDetectWindow 2024-12-14 10:22:52,343 [root] DEBUG: |-- VMwareDetectDevices 2024-12-14 10:22:52,343 [root] DEBUG: |-- VMwareDetectEvent 2024-12-14 10:22:52,343 [root] DEBUG: |-- VMwareDetectFiles 2024-12-14 10:22:52,343 [root] DEBUG: |-- VMwareDetectKeys 2024-12-14 10:22:52,343 [root] DEBUG: |-- VMwareDetectLibs 2024-12-14 10:22:52,343 [root] DEBUG: |-- VMwareDetectMutexes 2024-12-14 10:22:52,343 [root] DEBUG: |-- VPCDetectFiles 2024-12-14 10:22:52,343 [root] DEBUG: |-- VPCDetectKeys 2024-12-14 10:22:52,344 [root] DEBUG: |-- VPCDetectMutex 2024-12-14 10:22:52,344 [root] DEBUG: |-- XenDetectKeys 2024-12-14 10:22:52,344 [root] DEBUG: |-- APISpamming 2024-12-14 10:22:52,344 [root] DEBUG: |-- api_uuidfromstringa 2024-12-14 10:22:52,344 [root] DEBUG: |-- AsyncRatMutex 2024-12-14 10:22:52,344 [root] DEBUG: |-- GulpixBehavior 2024-12-14 10:22:52,344 [root] DEBUG: |-- KetricanRegkeys 2024-12-14 10:22:52,344 [root] DEBUG: |-- OkrumMutexes 2024-12-14 10:22:52,344 [root] DEBUG: |-- Cridex 2024-12-14 10:22:52,344 [root] DEBUG: |-- Geodo 2024-12-14 10:22:52,345 [root] DEBUG: |-- Prinimalka 2024-12-14 10:22:52,345 [root] DEBUG: |-- SpyEyeMutexes 2024-12-14 10:22:52,345 [root] DEBUG: |-- ZeusMutexes 2024-12-14 10:22:52,345 [root] DEBUG: |-- BCDEditCommand 2024-12-14 10:22:52,345 [root] DEBUG: |-- BitcoinOpenCL 2024-12-14 10:22:52,345 [root] DEBUG: |-- AccessesPrimaryPartition 2024-12-14 10:22:52,345 [root] DEBUG: |-- Bootkit 2024-12-14 10:22:52,345 [root] DEBUG: |-- DirectHDDAccess 2024-12-14 10:22:52,345 [root] DEBUG: |-- EnumeratesPhysicalDrives 2024-12-14 10:22:52,345 [root] DEBUG: |-- PhysicalDriveAccess 2024-12-14 10:22:52,345 [root] DEBUG: |-- PotentialOverWriteMBR 2024-12-14 10:22:52,345 [root] DEBUG: |-- SuspiciousIoctlSCSIPassthough 2024-12-14 10:22:52,345 [root] DEBUG: |-- Ruskill 2024-12-14 10:22:52,345 [root] DEBUG: |-- BrowserAddon 2024-12-14 10:22:52,345 [root] DEBUG: |-- ChromiumBrowserExtensionDirectory 2024-12-14 10:22:52,345 [root] DEBUG: |-- BrowserHelperObject 2024-12-14 10:22:52,346 [root] DEBUG: |-- BrowserNeeded 2024-12-14 10:22:52,346 [root] DEBUG: |-- ModifyProxy 2024-12-14 10:22:52,346 [root] DEBUG: |-- BrowserScanbox 2024-12-14 10:22:52,346 [root] DEBUG: |-- BrowserSecurity 2024-12-14 10:22:52,346 [root] DEBUG: |-- browser_startpage 2024-12-14 10:22:52,346 [root] DEBUG: |-- FirefoxDisablesProcessPerTab 2024-12-14 10:22:52,346 [root] DEBUG: |-- IEDisablesProcessPerTab 2024-12-14 10:22:52,346 [root] DEBUG: |-- OdbcconfBypass 2024-12-14 10:22:52,346 [root] DEBUG: |-- RegSrv32SquiblydooDLLLoad 2024-12-14 10:22:52,346 [root] DEBUG: |-- SquiblydooBypass 2024-12-14 10:22:52,346 [root] DEBUG: |-- SquiblytwoBypass 2024-12-14 10:22:52,347 [root] DEBUG: |-- BypassFirewall 2024-12-14 10:22:52,347 [root] DEBUG: |-- UACBypassCMSTP 2024-12-14 10:22:52,347 [root] DEBUG: |-- UACBypassCMSTPCOM 2024-12-14 10:22:52,347 [root] DEBUG: |-- UACBypassDelegateExecuteSdclt 2024-12-14 10:22:52,347 [root] DEBUG: |-- UACBypassEventvwr 2024-12-14 10:22:52,347 [root] DEBUG: |-- UACBypassFodhelper 2024-12-14 10:22:52,347 [root] DEBUG: |-- CAPEExtractedContent 2024-12-14 10:22:52,347 [root] DEBUG: |-- CarberpMutexes 2024-12-14 10:22:52,347 [root] DEBUG: |-- ClearsLogs 2024-12-14 10:22:52,347 [root] DEBUG: |-- ClickfraudCookies 2024-12-14 10:22:52,347 [root] DEBUG: |-- ClickfraudVolume 2024-12-14 10:22:52,347 [root] DEBUG: |-- CmdlineObfuscation 2024-12-14 10:22:52,347 [root] DEBUG: |-- CmdlineSwitches 2024-12-14 10:22:52,347 [root] DEBUG: |-- CmdlineTerminate 2024-12-14 10:22:52,347 [root] DEBUG: |-- CommandLineForFilesWildCard 2024-12-14 10:22:52,347 [root] DEBUG: |-- CommandLineHTTPLink 2024-12-14 10:22:52,347 [root] DEBUG: |-- CommandLineLongString 2024-12-14 10:22:52,348 [root] DEBUG: |-- CommandLineReversedHTTPLink 2024-12-14 10:22:52,348 [root] DEBUG: |-- LongCommandline 2024-12-14 10:22:52,348 [root] DEBUG: |-- PowershellRenamedCommandLine 2024-12-14 10:22:52,348 [root] DEBUG: |-- SystemAccountDiscoveryCMD 2024-12-14 10:22:52,348 [root] DEBUG: |-- SystemCurrentlyLoggedinUserCMD 2024-12-14 10:22:52,348 [root] DEBUG: |-- SystemInfoDiscoveryCMD 2024-12-14 10:22:52,348 [root] DEBUG: |-- SystemInfoDiscoveryPWSH 2024-12-14 10:22:52,348 [root] DEBUG: |-- SystemNetworkDiscoveryCMD 2024-12-14 10:22:52,348 [root] DEBUG: |-- SystemNetworkDiscoveryPWSH 2024-12-14 10:22:52,348 [root] DEBUG: |-- SystemUserDiscoveryCMD 2024-12-14 10:22:52,348 [root] DEBUG: |-- CompilesDotNetCode 2024-12-14 10:22:52,348 [root] DEBUG: |-- CopiesSelf 2024-12-14 10:22:52,348 [root] DEBUG: |-- CreatesExe 2024-12-14 10:22:52,348 [root] DEBUG: |-- CreatesLargeKey 2024-12-14 10:22:52,348 [root] DEBUG: |-- CreatesNullValue 2024-12-14 10:22:52,348 [root] DEBUG: |-- CredWiz 2024-12-14 10:22:52,348 [root] DEBUG: |-- EnablesWDigest 2024-12-14 10:22:52,349 [root] DEBUG: |-- VaultCmd 2024-12-14 10:22:52,349 [root] DEBUG: |-- FileCredentialStoreAccess 2024-12-14 10:22:52,349 [root] DEBUG: |-- FileCredentialStoreWrite 2024-12-14 10:22:52,349 [root] DEBUG: |-- LsassCredentialDumping 2024-12-14 10:22:52,349 [root] DEBUG: |-- RegistryCredentialDumping 2024-12-14 10:22:52,349 [root] DEBUG: |-- RegistryCredentialStoreAccess 2024-12-14 10:22:52,349 [root] DEBUG: |-- RegistryLSASecretsAccess 2024-12-14 10:22:52,349 [root] DEBUG: |-- ComsvcsCredentialDump 2024-12-14 10:22:52,349 [root] DEBUG: |-- CriticalProcess 2024-12-14 10:22:52,349 [root] DEBUG: |-- CryptGenKey 2024-12-14 10:22:52,349 [root] DEBUG: |-- CryptominingStratumCommand 2024-12-14 10:22:52,349 [root] DEBUG: |-- MINERS 2024-12-14 10:22:52,349 [root] DEBUG: |-- CVE_2014_6332 2024-12-14 10:22:52,349 [root] DEBUG: |-- CVE2015_2419_JS 2024-12-14 10:22:52,349 [root] DEBUG: |-- CVE_2016_0189 2024-12-14 10:22:52,349 [root] DEBUG: |-- CVE_2016_7200 2024-12-14 10:22:52,349 [root] DEBUG: |-- CypherITMutexes 2024-12-14 10:22:52,350 [root] DEBUG: |-- DarkCometRegkeys 2024-12-14 10:22:52,350 [root] DEBUG: |-- DatopLoader 2024-12-14 10:22:52,350 [root] DEBUG: |-- DeadConnect 2024-12-14 10:22:52,350 [root] DEBUG: |-- DeadLink 2024-12-14 10:22:52,350 [root] DEBUG: |-- DebugsSelf 2024-12-14 10:22:52,350 [root] DEBUG: |-- DecoyDocument 2024-12-14 10:22:52,350 [root] DEBUG: |-- DecoyImage 2024-12-14 10:22:52,350 [root] DEBUG: |-- DeepFreezeMutex 2024-12-14 10:22:52,350 [root] DEBUG: |-- DeletesExecutedFiles 2024-12-14 10:22:52,350 [root] DEBUG: |-- DeletesSelf 2024-12-14 10:22:52,350 [root] DEBUG: |-- DeletesShadowCopies 2024-12-14 10:22:52,350 [root] DEBUG: |-- DeletesSystemStateBackup 2024-12-14 10:22:52,350 [root] DEBUG: |-- DEPBypass 2024-12-14 10:22:52,350 [root] DEBUG: |-- DEPDisable 2024-12-14 10:22:52,350 [root] DEBUG: |-- DisablesAppLaunch 2024-12-14 10:22:52,350 [root] DEBUG: |-- DisablesAutomaticAppTermination 2024-12-14 10:22:52,350 [root] DEBUG: |-- DisablesAppVirtualiztion 2024-12-14 10:22:52,350 [root] DEBUG: |-- DisablesBackups 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesBrowserWarn 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesContextMenus 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesCPLDisplay 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesCrashdumps 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesMappedDrivesAutodisconnect 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesEventLogging 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisableFolderOptions 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesNotificationCenter 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesPowerOptions 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesRestoreDefaultState 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisableRunCommand 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesSecurity 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesSmartScreen 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesSPDY 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesStartMenuSearch 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesSystemRestore 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesUAC 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesWER 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesWFP 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesWindowsDefender 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesWindowsDefenderDISM 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesWindowsDefenderLogging 2024-12-14 10:22:52,351 [root] DEBUG: |-- RemovesWindowsDefenderContextMenu 2024-12-14 10:22:52,351 [root] DEBUG: |-- WindowsDefenderPowerShell 2024-12-14 10:22:52,351 [root] DEBUG: |-- DisablesWindowsFileProtection 2024-12-14 10:22:52,352 [root] DEBUG: |-- DisablesWindowsUpdate 2024-12-14 10:22:52,352 [root] DEBUG: |-- DisablesWindowsFirewall 2024-12-14 10:22:52,352 [root] DEBUG: |-- DllLoadUncommonFileTypes 2024-12-14 10:22:52,352 [root] DEBUG: |-- DocScriptEXEDrop 2024-12-14 10:22:52,352 [root] DEBUG: |-- AdfindDomainEnumeration 2024-12-14 10:22:52,352 [root] DEBUG: |-- DomainEnumerationCommands 2024-12-14 10:22:52,352 [root] DEBUG: |-- AndromutMutexes 2024-12-14 10:22:52,352 [root] DEBUG: |-- DownloaderCabby 2024-12-14 10:22:52,352 [root] DEBUG: |-- GuLoaderAPIs 2024-12-14 10:22:52,352 [root] DEBUG: |-- PhorpiexMutexes 2024-12-14 10:22:52,352 [root] DEBUG: |-- ProtonBotMutexes 2024-12-14 10:22:52,352 [root] DEBUG: |-- DriverFilterManager 2024-12-14 10:22:52,352 [root] DEBUG: |-- DriverLoad 2024-12-14 10:22:52,352 [root] DEBUG: |-- Dropper 2024-12-14 10:22:52,352 [root] DEBUG: |-- EXEDropper_JS 2024-12-14 10:22:52,352 [root] DEBUG: |-- dynamic_function_loading 2024-12-14 10:22:52,352 [root] DEBUG: |-- DLLArchiveExecution 2024-12-14 10:22:52,352 [root] DEBUG: |-- LNKArchiveExecution 2024-12-14 10:22:52,352 [root] DEBUG: |-- ScriptArchiveExecution 2024-12-14 10:22:52,352 [root] DEBUG: |-- EncryptedIOC 2024-12-14 10:22:52,352 [root] DEBUG: |-- Excel4MacroUrls 2024-12-14 10:22:52,352 [root] DEBUG: |-- Crash 2024-12-14 10:22:52,352 [root] DEBUG: |-- ProcessCreationSuspiciousLocation 2024-12-14 10:22:52,353 [root] DEBUG: |-- exploit_getbasekerneladdress 2024-12-14 10:22:52,353 [root] DEBUG: |-- exploit_gethaldispatchtable 2024-12-14 10:22:52,353 [root] DEBUG: |-- ExploitHeapspray 2024-12-14 10:22:52,353 [root] DEBUG: |-- SpoolerAccess 2024-12-14 10:22:52,353 [root] DEBUG: |-- SpoolerSvcStart 2024-12-14 10:22:52,353 [root] DEBUG: |-- KoadicAPIs 2024-12-14 10:22:52,353 [root] DEBUG: |-- KoadicNetworkActivity 2024-12-14 10:22:52,353 [root] DEBUG: |-- Modiloader_APIs 2024-12-14 10:22:52,353 [root] DEBUG: |-- MappedDrivesUAC 2024-12-14 10:22:52,353 [root] DEBUG: |-- SystemMetrics 2024-12-14 10:22:52,353 [root] DEBUG: |-- Generic_Phish 2024-12-14 10:22:52,353 [root] DEBUG: |-- HidesRecycleBinIcon 2024-12-14 10:22:52,353 [root] DEBUG: |-- HTTP_Request 2024-12-14 10:22:52,353 [root] DEBUG: |-- ApocalypseStealerFileBehavior 2024-12-14 10:22:52,353 [root] DEBUG: |-- ArkeiFiles 2024-12-14 10:22:52,353 [root] DEBUG: |-- AzorultMutexes 2024-12-14 10:22:52,353 [root] DEBUG: |-- BitcoinWallet 2024-12-14 10:22:52,353 [root] DEBUG: |-- BrowserStealer 2024-12-14 10:22:52,353 [root] DEBUG: |-- InfostealerBrowserPassword 2024-12-14 10:22:52,353 [root] DEBUG: |-- CookiesStealer 2024-12-14 10:22:52,353 [root] DEBUG: |-- CryptBotFiles 2024-12-14 10:22:52,353 [root] DEBUG: |-- CryptBotNetwork 2024-12-14 10:22:52,353 [root] DEBUG: |-- EchelonFiles 2024-12-14 10:22:52,353 [root] DEBUG: |-- FTPStealer 2024-12-14 10:22:52,353 [root] DEBUG: |-- IMStealer 2024-12-14 10:22:52,354 [root] DEBUG: |-- KeyLogger 2024-12-14 10:22:52,354 [root] DEBUG: |-- EmailStealer 2024-12-14 10:22:52,354 [root] DEBUG: |-- MassLoggerArtifacts 2024-12-14 10:22:52,354 [root] DEBUG: |-- MassLoggerFiles 2024-12-14 10:22:52,354 [root] DEBUG: |-- MassLoggerVersion 2024-12-14 10:22:52,354 [root] DEBUG: |-- PoullightFiles 2024-12-14 10:22:52,354 [root] DEBUG: |-- PurpleWaveMutexes 2024-12-14 10:22:52,354 [root] DEBUG: |-- PurpleWaveNetworkAcivity 2024-12-14 10:22:52,354 [root] DEBUG: |-- QuilClipperMutexes 2024-12-14 10:22:52,354 [root] DEBUG: |-- QuilClipperNetworkBehavior 2024-12-14 10:22:52,354 [root] DEBUG: |-- QulabFiles 2024-12-14 10:22:52,354 [root] DEBUG: |-- QulabMutexes 2024-12-14 10:22:52,354 [root] DEBUG: |-- RaccoonInfoStealerMutex 2024-12-14 10:22:52,354 [root] DEBUG: |-- raccoon 2024-12-14 10:22:52,354 [root] DEBUG: |-- CapturesScreenshot 2024-12-14 10:22:52,354 [root] DEBUG: |-- vidar 2024-12-14 10:22:52,354 [root] DEBUG: |-- InjectionCRT 2024-12-14 10:22:52,354 [root] DEBUG: |-- InjectionExplorer 2024-12-14 10:22:52,354 [root] DEBUG: |-- InjectionExtension 2024-12-14 10:22:52,354 [root] DEBUG: |-- InjectionNetworkTraffic 2024-12-14 10:22:52,354 [root] DEBUG: |-- InjectionRUNPE 2024-12-14 10:22:52,354 [root] DEBUG: |-- InjectionRWX 2024-12-14 10:22:52,354 [root] DEBUG: |-- injection_themeinitapihook 2024-12-14 10:22:52,354 [root] DEBUG: |-- Internet_Dropper 2024-12-14 10:22:52,354 [root] DEBUG: |-- IPC_NamedPipe 2024-12-14 10:22:52,354 [root] DEBUG: |-- JS_Phish 2024-12-14 10:22:52,355 [root] DEBUG: |-- JS_SuspiciousRedirect 2024-12-14 10:22:52,355 [root] DEBUG: |-- malicious_dynamic_function_loading 2024-12-14 10:22:52,355 [root] DEBUG: |-- EncryptPCInfo 2024-12-14 10:22:52,355 [root] DEBUG: |-- EnryptDataAgentTeslaHTTP 2024-12-14 10:22:52,355 [root] DEBUG: |-- EnryptDataAgentTeslaHTTPT2 2024-12-14 10:22:52,355 [root] DEBUG: |-- EnryptDataNanoCore 2024-12-14 10:22:52,355 [root] DEBUG: |-- MartiansIE 2024-12-14 10:22:52,355 [root] DEBUG: |-- MartiansOffice 2024-12-14 10:22:52,355 [root] DEBUG: |-- MimicsAgent 2024-12-14 10:22:52,355 [root] DEBUG: |-- MimicsFiletime 2024-12-14 10:22:52,355 [root] DEBUG: |-- MimicsIcon 2024-12-14 10:22:52,355 [root] DEBUG: |-- MasqueradesProcessName 2024-12-14 10:22:52,355 [root] DEBUG: |-- MimikatzModules 2024-12-14 10:22:52,355 [root] DEBUG: |-- QuilMinerNetworkBehavior 2024-12-14 10:22:52,355 [root] DEBUG: |-- ModifiesCerts 2024-12-14 10:22:52,355 [root] DEBUG: |-- DotNetCLRUsageLogKnob 2024-12-14 10:22:52,355 [root] DEBUG: |-- Modifies_HostFile 2024-12-14 10:22:52,355 [root] DEBUG: |-- ModifiesOEMInformation 2024-12-14 10:22:52,355 [root] DEBUG: |-- ModifySecurityCenterWarnings 2024-12-14 10:22:52,355 [root] DEBUG: |-- ModifiesUACNotify 2024-12-14 10:22:52,355 [root] DEBUG: |-- ModifiesDesktopWallpaper 2024-12-14 10:22:52,355 [root] DEBUG: |-- ZoneID 2024-12-14 10:22:52,355 [root] DEBUG: |-- move_file_on_reboot 2024-12-14 10:22:52,355 [root] DEBUG: |-- Multiple_UA 2024-12-14 10:22:52,355 [root] DEBUG: |-- NetworkAnomaly 2024-12-14 10:22:52,355 [root] DEBUG: |-- NetworkBIND 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkCnCHTTPSArchive 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkCnCHTTPSFreeWebHosting 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkCnCHTTPSGeneric 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkCnCHTTPSInteractsh 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkCnCHTTPSOpenSource 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkCnCHTTPSPasteSite 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkCnCHTTPSPayload 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkCnCHTTPSServiceInterface 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkCnCHTTPSSocialMedia 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkCnCHTTPSTelegram 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkCnCHTTPSTempStorageSite 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkCnCHTTPSTempURLDNS 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkCnCHTTPSURLShortenerSite 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkCnCHTTPSUserAgent 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkCnCSMTPSExfil 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkCnCSMTPSGeneric 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkDNSBlockChain 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkDNSIDN 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkDNSOpenNIC 2024-12-14 10:22:52,356 [root] DEBUG: |-- NetworkDNSPasteSite 2024-12-14 10:22:52,357 [root] DEBUG: |-- NetworkDNSReverseProxy 2024-12-14 10:22:52,357 [root] DEBUG: |-- NetworkDNSSuspiciousQueryType 2024-12-14 10:22:52,357 [root] DEBUG: |-- NetworkDNSTempFileService 2024-12-14 10:22:52,357 [root] DEBUG: |-- NetworkDNSTempURLDNS 2024-12-14 10:22:52,357 [root] DEBUG: |-- NetworkDNSTunnelingRequest 2024-12-14 10:22:52,357 [root] DEBUG: |-- NetworkDNSURLShortener 2024-12-14 10:22:52,357 [root] DEBUG: |-- NetworkDOHTLS 2024-12-14 10:22:52,357 [root] DEBUG: |-- Suspicious_TLD 2024-12-14 10:22:52,357 [root] DEBUG: |-- NetworkDocumentHTTP 2024-12-14 10:22:52,357 [root] DEBUG: |-- ExplorerHTTP 2024-12-14 10:22:52,357 [root] DEBUG: |-- NetworkFakeUserAgent 2024-12-14 10:22:52,357 [root] DEBUG: |-- NetworkDocumentFile 2024-12-14 10:22:52,357 [root] DEBUG: |-- NetworkEXE 2024-12-14 10:22:52,357 [root] DEBUG: |-- Tor 2024-12-14 10:22:52,357 [root] DEBUG: |-- TorHiddenService 2024-12-14 10:22:52,358 [root] DEBUG: |-- Office_Code_Page 2024-12-14 10:22:52,358 [root] DEBUG: |-- OfficeAddinLoading 2024-12-14 10:22:52,358 [root] DEBUG: |-- OfficeCOMLoad 2024-12-14 10:22:52,358 [root] DEBUG: |-- OfficeDotNetLoad 2024-12-14 10:22:52,358 [root] DEBUG: |-- OfficeMSHTMLLoad 2024-12-14 10:22:52,358 [root] DEBUG: |-- OfficePerfKey 2024-12-14 10:22:52,358 [root] DEBUG: |-- OfficeVBLLoad 2024-12-14 10:22:52,358 [root] DEBUG: |-- OfficeWMILoad 2024-12-14 10:22:52,358 [root] DEBUG: |-- OfficeCVE201711882 2024-12-14 10:22:52,358 [root] DEBUG: |-- OfficeCVE201711882Network 2024-12-14 10:22:52,358 [root] DEBUG: |-- OfficeCVE202140444 2024-12-14 10:22:52,358 [root] DEBUG: |-- OfficeCVE202140444M2 2024-12-14 10:22:52,358 [root] DEBUG: |-- OfficeFlashLoad 2024-12-14 10:22:52,359 [root] DEBUG: |-- OfficePostScript 2024-12-14 10:22:52,359 [root] DEBUG: |-- Office_Macro 2024-12-14 10:22:52,359 [root] DEBUG: |-- ChangesTrustCenter_settings 2024-12-14 10:22:52,359 [root] DEBUG: |-- DisablesVBATrustAccess 2024-12-14 10:22:52,359 [root] DEBUG: |-- OfficeMacroAutoExecution 2024-12-14 10:22:52,359 [root] DEBUG: |-- OfficeMacroIOC 2024-12-14 10:22:52,359 [root] DEBUG: |-- OfficeMacroMaliciousPredition 2024-12-14 10:22:52,359 [root] DEBUG: |-- OfficeMacroSuspicious 2024-12-14 10:22:52,359 [root] DEBUG: |-- RTFASLRBypass 2024-12-14 10:22:52,359 [root] DEBUG: |-- RTFAnomalyCharacterSet 2024-12-14 10:22:52,359 [root] DEBUG: |-- RTFAnomalyVersion 2024-12-14 10:22:52,359 [root] DEBUG: |-- RTFEmbeddedContent 2024-12-14 10:22:52,359 [root] DEBUG: |-- RTFEmbeddedOfficeFile 2024-12-14 10:22:52,359 [root] DEBUG: |-- RTFExploitStatic 2024-12-14 10:22:52,359 [root] DEBUG: |-- OfficeSecurity 2024-12-14 10:22:52,359 [root] DEBUG: |-- OfficeAnamalousFeature 2024-12-14 10:22:52,359 [root] DEBUG: |-- OfficeDDECommand 2024-12-14 10:22:52,360 [root] DEBUG: |-- OfficeSuspiciousProcesses 2024-12-14 10:22:52,360 [root] DEBUG: |-- OfficeWriteEXE 2024-12-14 10:22:52,360 [root] DEBUG: |-- ArmadilloMutex 2024-12-14 10:22:52,360 [root] DEBUG: |-- ArmadilloRegKey 2024-12-14 10:22:52,360 [root] DEBUG: |-- ADS 2024-12-14 10:22:52,360 [root] DEBUG: |-- Autorun 2024-12-14 10:22:52,360 [root] DEBUG: |-- Autorun_scheduler 2024-12-14 10:22:52,360 [root] DEBUG: |-- PersistenceSafeBoot 2024-12-14 10:22:52,360 [root] DEBUG: |-- PersistenceBootexecute 2024-12-14 10:22:52,360 [root] DEBUG: |-- PersistenceRegistryScript 2024-12-14 10:22:52,360 [root] DEBUG: |-- PersistenceIFEO 2024-12-14 10:22:52,360 [root] DEBUG: |-- PersistenceSilentProcessExit 2024-12-14 10:22:52,360 [root] DEBUG: |-- PersistenceRDPRegistry 2024-12-14 10:22:52,360 [root] DEBUG: |-- PersistenceRDPShadowing 2024-12-14 10:22:52,360 [root] DEBUG: |-- PersistenceService 2024-12-14 10:22:52,360 [root] DEBUG: |-- PersistenceShimDatabase 2024-12-14 10:22:52,360 [root] DEBUG: |-- PowerpoolMutexes 2024-12-14 10:22:52,361 [root] DEBUG: |-- PowerShellNetworkConnection 2024-12-14 10:22:52,361 [root] DEBUG: |-- PowerShellScriptBlockLogging 2024-12-14 10:22:52,361 [root] DEBUG: |-- PowershellCommandSuspicious 2024-12-14 10:22:52,361 [root] DEBUG: |-- PowershellDownload 2024-12-14 10:22:52,361 [root] DEBUG: |-- PowershellRenamed 2024-12-14 10:22:52,361 [root] DEBUG: |-- PowershellRequest 2024-12-14 10:22:52,361 [root] DEBUG: |-- PowershellReversed 2024-12-14 10:22:52,361 [root] DEBUG: |-- PowershellVariableObfuscation 2024-12-14 10:22:52,361 [root] DEBUG: |-- PreventsSafeboot 2024-12-14 10:22:52,361 [root] DEBUG: |-- CmdlineProcessDiscovery 2024-12-14 10:22:52,361 [root] DEBUG: |-- CreateToolhelp32SnapshotProcessModuleEnumeration 2024-12-14 10:22:52,361 [root] DEBUG: |-- EnumeratesRunningProcesses 2024-12-14 10:22:52,361 [root] DEBUG: |-- ProcessInterest 2024-12-14 10:22:52,361 [root] DEBUG: |-- ProcessNeeded 2024-12-14 10:22:52,361 [root] DEBUG: |-- MassDataEncryption 2024-12-14 10:22:52,361 [root] DEBUG: |-- CryptoMixMutexes 2024-12-14 10:22:52,361 [root] DEBUG: |-- DharmaMutexes 2024-12-14 10:22:52,361 [root] DEBUG: |-- RansomwareDMALocker 2024-12-14 10:22:52,361 [root] DEBUG: |-- RansomwareExtensions 2024-12-14 10:22:52,361 [root] DEBUG: |-- RansomwareFileModifications 2024-12-14 10:22:52,361 [root] DEBUG: |-- RansomwareFiles 2024-12-14 10:22:52,361 [root] DEBUG: |-- FonixMutexes 2024-12-14 10:22:52,362 [root] DEBUG: |-- GandCrabMutexes 2024-12-14 10:22:52,362 [root] DEBUG: |-- GermanWiperMutexes 2024-12-14 10:22:52,362 [root] DEBUG: |-- MedusaLockerMutexes 2024-12-14 10:22:52,362 [root] DEBUG: |-- MedusaLockerRegkeys 2024-12-14 10:22:52,362 [root] DEBUG: |-- RansomwareMessage 2024-12-14 10:22:52,362 [root] DEBUG: |-- NemtyMutexes 2024-12-14 10:22:52,362 [root] DEBUG: |-- NemtyNetworkActivity 2024-12-14 10:22:52,362 [root] DEBUG: |-- NemtyNote 2024-12-14 10:22:52,362 [root] DEBUG: |-- NemtyRegkeys 2024-12-14 10:22:52,362 [root] DEBUG: |-- PYSAMutexes 2024-12-14 10:22:52,362 [root] DEBUG: |-- RansomwareRadamant 2024-12-14 10:22:52,362 [root] DEBUG: |-- RansomwareRecyclebin 2024-12-14 10:22:52,362 [root] DEBUG: |-- RevilMutexes 2024-12-14 10:22:52,362 [root] DEBUG: |-- RevilRegkey 2024-12-14 10:22:52,362 [root] DEBUG: |-- SatanMutexes 2024-12-14 10:22:52,362 [root] DEBUG: |-- SnakeRansomMutexes 2024-12-14 10:22:52,362 [root] DEBUG: |-- sodinokibi 2024-12-14 10:22:52,362 [root] DEBUG: |-- StopRansomMutexes 2024-12-14 10:22:52,362 [root] DEBUG: |-- StopRansomwareCMD 2024-12-14 10:22:52,362 [root] DEBUG: |-- StopRansomwareRegistry 2024-12-14 10:22:52,362 [root] DEBUG: |-- BeebusMutexes 2024-12-14 10:22:52,362 [root] DEBUG: |-- BlackNETMutexes 2024-12-14 10:22:52,362 [root] DEBUG: |-- BlackRATAPIs 2024-12-14 10:22:52,362 [root] DEBUG: |-- BlackRATMutexes 2024-12-14 10:22:52,362 [root] DEBUG: |-- BlackRATNetworkActivity 2024-12-14 10:22:52,362 [root] DEBUG: |-- BlackRATRegistryKeys 2024-12-14 10:22:52,362 [root] DEBUG: |-- CRATMutexes 2024-12-14 10:22:52,363 [root] DEBUG: |-- DCRatAPIs 2024-12-14 10:22:52,363 [root] DEBUG: |-- DCRatFiles 2024-12-14 10:22:52,363 [root] DEBUG: |-- DCRatMutex 2024-12-14 10:22:52,363 [root] DEBUG: |-- FynloskiMutexes 2024-12-14 10:22:52,363 [root] DEBUG: |-- KaraganyEventObjects 2024-12-14 10:22:52,363 [root] DEBUG: |-- KaraganyFiles 2024-12-14 10:22:52,363 [root] DEBUG: |-- LimeRATMutexes 2024-12-14 10:22:52,363 [root] DEBUG: |-- LimeRATRegkeys 2024-12-14 10:22:52,363 [root] DEBUG: |-- LodaRATFileBehavior 2024-12-14 10:22:52,363 [root] DEBUG: |-- LuminosityRAT 2024-12-14 10:22:52,363 [root] DEBUG: |-- ModiRATBehavior 2024-12-14 10:22:52,363 [root] DEBUG: |-- NanocoreRAT 2024-12-14 10:22:52,363 [root] DEBUG: |-- netwire 2024-12-14 10:22:52,363 [root] DEBUG: |-- NjratRegkeys 2024-12-14 10:22:52,363 [root] DEBUG: |-- ObliquekRATFiles 2024-12-14 10:22:52,363 [root] DEBUG: |-- ObliquekRATMutexes 2024-12-14 10:22:52,363 [root] DEBUG: |-- ObliquekRATNetworkActivity 2024-12-14 10:22:52,363 [root] DEBUG: |-- OrcusRAT 2024-12-14 10:22:52,363 [root] DEBUG: |-- ParallaxMutexes 2024-12-14 10:22:52,363 [root] DEBUG: |-- PcClientMutexes 2024-12-14 10:22:52,363 [root] DEBUG: |-- PlugxMutexes 2024-12-14 10:22:52,363 [root] DEBUG: |-- PoisonIvyMutexes 2024-12-14 10:22:52,363 [root] DEBUG: |-- QuasarMutexes 2024-12-14 10:22:52,363 [root] DEBUG: |-- RatsnifMutexes 2024-12-14 10:22:52,363 [root] DEBUG: |-- SennaMutexes 2024-12-14 10:22:52,363 [root] DEBUG: |-- SpynetRat 2024-12-14 10:22:52,364 [root] DEBUG: |-- TrochilusRATAPIs 2024-12-14 10:22:52,364 [root] DEBUG: |-- VenomRAT 2024-12-14 10:22:52,364 [root] DEBUG: |-- WarzoneRATFiles 2024-12-14 10:22:52,364 [root] DEBUG: |-- WarzoneRATRegkeys 2024-12-14 10:22:52,364 [root] DEBUG: |-- XpertRATFiles 2024-12-14 10:22:52,364 [root] DEBUG: |-- XpertRATMutexes 2024-12-14 10:22:52,364 [root] DEBUG: |-- XtremeMutexes 2024-12-14 10:22:52,364 [root] DEBUG: |-- ReadsSelf 2024-12-14 10:22:52,364 [root] DEBUG: |-- Recon_Beacon 2024-12-14 10:22:52,364 [root] DEBUG: |-- Fingerprint 2024-12-14 10:22:52,364 [root] DEBUG: |-- InstalledApps 2024-12-14 10:22:52,364 [root] DEBUG: |-- SystemInfo 2024-12-14 10:22:52,364 [root] DEBUG: |-- Accesses_RecycleBin 2024-12-14 10:22:52,364 [root] DEBUG: |-- RemcosFiles 2024-12-14 10:22:52,364 [root] DEBUG: |-- RemcosMutexes 2024-12-14 10:22:52,364 [root] DEBUG: |-- RemcosRegkeys 2024-12-14 10:22:52,364 [root] DEBUG: |-- RDPTCPKey 2024-12-14 10:22:52,364 [root] DEBUG: |-- UsesRDPClip 2024-12-14 10:22:52,364 [root] DEBUG: |-- UsesRemoteDesktopSession 2024-12-14 10:22:52,364 [root] DEBUG: |-- RemovesNetworkingIcon 2024-12-14 10:22:52,364 [root] DEBUG: |-- RemovesPinnedPrograms 2024-12-14 10:22:52,364 [root] DEBUG: |-- RemovesSecurityAndMaintenanceIcon 2024-12-14 10:22:52,364 [root] DEBUG: |-- RemovesStartMenuDefaults 2024-12-14 10:22:52,364 [root] DEBUG: |-- RemovesUsernameStartMenu 2024-12-14 10:22:52,364 [root] DEBUG: |-- RemovesZoneIdADS 2024-12-14 10:22:52,364 [root] DEBUG: |-- SpicyHotPotBehavior 2024-12-14 10:22:52,365 [root] DEBUG: |-- ScriptCreatedProcess 2024-12-14 10:22:52,365 [root] DEBUG: |-- ScriptNetworkActvity 2024-12-14 10:22:52,365 [root] DEBUG: |-- SuspiciousJSScript 2024-12-14 10:22:52,365 [root] DEBUG: |-- JavaScriptTimer 2024-12-14 10:22:52,365 [root] DEBUG: |-- Secure_Login_Phish 2024-12-14 10:22:52,365 [root] DEBUG: |-- SecurityXploded_Modules 2024-12-14 10:22:52,365 [root] DEBUG: |-- GetClipboardData 2024-12-14 10:22:52,365 [root] DEBUG: |-- SetsAutoconfigURL 2024-12-14 10:22:52,365 [root] DEBUG: |-- InstallsWinpcap 2024-12-14 10:22:52,365 [root] DEBUG: |-- SpoofsProcname 2024-12-14 10:22:52,365 [root] DEBUG: |-- CreatesAutorunInf 2024-12-14 10:22:52,365 [root] DEBUG: |-- StackPivot 2024-12-14 10:22:52,365 [root] DEBUG: |-- StackPivotFileCreated 2024-12-14 10:22:52,365 [root] DEBUG: |-- StackPivotProcessCreate 2024-12-14 10:22:52,365 [root] DEBUG: |-- StealingClipboardData 2024-12-14 10:22:52,365 [root] DEBUG: |-- StealthChildProc 2024-12-14 10:22:52,365 [root] DEBUG: |-- StealthFile 2024-12-14 10:22:52,365 [root] DEBUG: |-- StealthHiddenExtension 2024-12-14 10:22:52,365 [root] DEBUG: |-- StealthHiddenReg 2024-12-14 10:22:52,365 [root] DEBUG: |-- StealthHideNotifications 2024-12-14 10:22:52,365 [root] DEBUG: |-- StealthSystemProcName 2024-12-14 10:22:52,365 [root] DEBUG: |-- StealthTimeout 2024-12-14 10:22:52,365 [root] DEBUG: |-- StealthWebHistory 2024-12-14 10:22:52,365 [root] DEBUG: |-- Hidden_Window 2024-12-14 10:22:52,365 [root] DEBUG: |-- sysinternals_psexec 2024-12-14 10:22:52,365 [root] DEBUG: |-- sysinternals_tools 2024-12-14 10:22:52,366 [root] DEBUG: |-- QueriesKeyboardLayout 2024-12-14 10:22:52,366 [root] DEBUG: |-- TampersETW 2024-12-14 10:22:52,366 [root] DEBUG: |-- LSATampering 2024-12-14 10:22:52,366 [root] DEBUG: |-- TampersPowerShellLogging 2024-12-14 10:22:52,366 [root] DEBUG: |-- Flame 2024-12-14 10:22:52,366 [root] DEBUG: |-- TerminatesRemoteProcess 2024-12-14 10:22:52,366 [root] DEBUG: |-- TerritorialDisputeSIGs 2024-12-14 10:22:52,366 [root] DEBUG: |-- TrickBotTaskDelete 2024-12-14 10:22:52,366 [root] DEBUG: |-- TrickBotMutexes 2024-12-14 10:22:52,366 [root] DEBUG: |-- FleerCivetMutexes 2024-12-14 10:22:52,366 [root] DEBUG: |-- LokibotMutexes 2024-12-14 10:22:52,366 [root] DEBUG: |-- UrsnifBehavior 2024-12-14 10:22:52,366 [root] DEBUG: |-- UpatreFiles 2024-12-14 10:22:52,366 [root] DEBUG: |-- UpatreMutexes 2024-12-14 10:22:52,366 [root] DEBUG: |-- UserEnum 2024-12-14 10:22:52,366 [root] DEBUG: |-- ADFind 2024-12-14 10:22:52,366 [root] DEBUG: |-- UsesMSProtocol 2024-12-14 10:22:52,366 [root] DEBUG: |-- Virus 2024-12-14 10:22:52,366 [root] DEBUG: |-- NeshtaFiles 2024-12-14 10:22:52,366 [root] DEBUG: |-- NeshtaMutexes 2024-12-14 10:22:52,366 [root] DEBUG: |-- NeshtaRegKeys 2024-12-14 10:22:52,366 [root] DEBUG: |-- RenamerMutexes 2024-12-14 10:22:52,366 [root] DEBUG: |-- Webmail_Phish 2024-12-14 10:22:52,366 [root] DEBUG: |-- OWAWebShellFiles 2024-12-14 10:22:52,366 [root] DEBUG: |-- WebShellFiles 2024-12-14 10:22:52,366 [root] DEBUG: |-- WebShellProcesses 2024-12-14 10:22:52,367 [root] DEBUG: |-- PersistsDotNetDevUtility 2024-12-14 10:22:52,367 [root] DEBUG: |-- SpwansDotNetDevUtiliy 2024-12-14 10:22:52,367 [root] DEBUG: |-- AltersWindowsUtility 2024-12-14 10:22:52,367 [root] DEBUG: |-- DotNETCSCBuild 2024-12-14 10:22:52,367 [root] DEBUG: |-- MultipleExplorerInstances 2024-12-14 10:22:52,367 [root] DEBUG: |-- OverwritesAccessibilityUtility 2024-12-14 10:22:52,367 [root] DEBUG: |-- ScriptToolExecuted 2024-12-14 10:22:52,367 [root] DEBUG: |-- SuspiciousCertutilUse 2024-12-14 10:22:52,367 [root] DEBUG: |-- SuspiciousCommandTools 2024-12-14 10:22:52,367 [root] DEBUG: |-- SuspiciousMpCmdRunUse 2024-12-14 10:22:52,367 [root] DEBUG: |-- SuspiciousPingUse 2024-12-14 10:22:52,367 [root] DEBUG: |-- UsesPowerShellCopyItem 2024-12-14 10:22:52,367 [root] DEBUG: |-- UsesWindowsUtilities 2024-12-14 10:22:52,367 [root] DEBUG: |-- UsesWindowsUtilitiesAppCmd 2024-12-14 10:22:52,367 [root] DEBUG: |-- UsesWindowsUtilitiesCSVDELDFIDE 2024-12-14 10:22:52,367 [root] DEBUG: |-- UsesWindowsUtilitiesCipher 2024-12-14 10:22:52,367 [root] DEBUG: |-- UsesWindowsUtilitiesClickOnce 2024-12-14 10:22:52,367 [root] DEBUG: |-- UsesWindowsUtilitiesCurl 2024-12-14 10:22:52,367 [root] DEBUG: |-- UsesWindowsUtilitiesDSQuery 2024-12-14 10:22:52,367 [root] DEBUG: |-- UsesWindowsUtilitiesEsentutl 2024-12-14 10:22:52,367 [root] DEBUG: |-- UsesWindowsUtilitiesFinger 2024-12-14 10:22:52,367 [root] DEBUG: |-- UsesWindowsUtilitiesMode 2024-12-14 10:22:52,367 [root] DEBUG: |-- UsesWindowsUtilitiesNTDSutil 2024-12-14 10:22:52,367 [root] DEBUG: |-- UsesWindowsUtilitiesNltest 2024-12-14 10:22:52,367 [root] DEBUG: |-- UsesWindowsUtilitiesScheduler 2024-12-14 10:22:52,367 [root] DEBUG: |-- UsesWindowsUtilitiesXcopy 2024-12-14 10:22:52,368 [root] DEBUG: |-- WMICCommandSuspicious 2024-12-14 10:22:52,368 [root] DEBUG: |-- WiperZeroedBytes 2024-12-14 10:22:52,368 [root] DEBUG: |-- ScrconsWMIScriptConsumer 2024-12-14 10:22:52,368 [root] DEBUG: |-- WMICreateProcess 2024-12-14 10:22:52,368 [root] DEBUG: |-- WMIScriptProcess 2024-12-14 10:22:52,368 [root] DEBUG: |-- Win32ProcessCreate 2024-12-14 10:22:52,368 [root] DEBUG: |-- AllapleMutexes 2024-12-14 10:22:52,368 [root] DEBUG: |-- LinuxDeletesFiles 2024-12-14 10:22:52,368 [root] DEBUG: |-- LinuxDropsFiles 2024-12-14 10:22:52,368 [root] DEBUG: |-- LinuxReadsFiles 2024-12-14 10:22:52,368 [root] DEBUG: -- LinuxWritesFiles 2024-12-14 10:22:52,368 [root] DEBUG: Imported "reporting" modules: 2024-12-14 10:22:52,368 [root] DEBUG: |-- BinGraph 2024-12-14 10:22:52,368 [root] DEBUG: |-- CAPASummary 2024-12-14 10:22:52,368 [root] DEBUG: |-- JsonDump 2024-12-14 10:22:52,368 [root] DEBUG: |-- MongoDB 2024-12-14 10:22:52,368 [root] DEBUG: -- PCAP2CERT 2024-12-14 10:22:52,368 [root] DEBUG: Imported "feeds" modules: 2024-12-14 10:22:52,368 [root] DEBUG: -- AbuseCH_SSL 2024-12-14 10:22:52,368 [root] DEBUG: Imported "machinery" modules: 2024-12-14 10:22:52,368 [root] DEBUG: -- Physical 2024-12-14 10:22:52,368 [Task 23] [root] DEBUG: Processing task 2024-12-14 10:22:52,378 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "CAPE" on analysis at "/opt/CAPEv2/storage/analyses/23" 2024-12-14 10:22:52,571 [Task 23] [lib.cuckoo.common.objects] DEBUG: file type set using basic heuristics for: /opt/CAPEv2/storage/binaries/33b4fd9d1dd032c56f0e2d74d609db74a04a3190eb45cd07f277f5efca7abe23 2024-12-14 10:22:52,571 [Task 23] [lib.cuckoo.common.objects] DEBUG: Initializing Yara... 2024-12-14 10:22:52,644 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries AutoIT.yar 2024-12-14 10:22:52,645 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries EcrimePackerStub.yar 2024-12-14 10:22:52,645 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries Generic_Phishing_PDF.yar 2024-12-14 10:22:52,645 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries HTMLPhisher_2023.yar 2024-12-14 10:22:52,645 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries HeavensGate.yar 2024-12-14 10:22:52,645 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries IEuser_author_doc.yar 2024-12-14 10:22:52,645 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries ISO_exec.yar 2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries LNK_Ruleset.yar 2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries MalScript_Tricks.yar 2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries Maldoc_PDF.yar 2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries OLEfile_in_CAD_FAS_LSP.yar 2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries OneNote.yar 2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries RoyalRoad_RTF.yar 2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries Themida.yar 2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries VMProtectStub.yar 2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries Webshell_in_image.yar 2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries embedded.yar 2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries indicator_packed.yar 2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries indicator_suspicious.yar 2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries indicator_tools.yar 2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries oAuth_Phishing_PDF.yar 2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries ole_vba.yar 2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries shellcodes.yar 2024-12-14 10:22:52,646 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries susp_obfuscated_JS.yar 2024-12-14 10:22:52,647 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- binaries vmdetect.yar 2024-12-14 10:22:52,672 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory Exploit_HT_Flash_Vars.yar 2024-12-14 10:22:52,672 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory Exploit_HT_VRename.yar 2024-12-14 10:22:52,672 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory adgholas.yar 2024-12-14 10:22:52,672 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory angler.yar 2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory astrum.yar 2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory cve_2013_2551.yar 2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory cve_2014_0515.yar 2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory cve_2014_0569.yar 2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory cve_2014_6332.yar 2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory cve_2015_0016.yar 2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory cve_2015_2419.yar 2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory cve_2015_2545.yar 2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory cve_2015_5122.yar 2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory cve_2016_0189.yar 2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory cve_2016_3298.yar 2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory darkcomet.yar 2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory eitest.yar 2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory flash_exploits.yar 2024-12-14 10:22:52,673 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory kazybot.yar 2024-12-14 10:22:52,674 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory neutrino.yar 2024-12-14 10:22:52,674 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory nuclear.yar 2024-12-14 10:22:52,674 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory rig.yar 2024-12-14 10:22:52,674 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory shellcodes.yar 2024-12-14 10:22:52,674 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- memory sundown.yar 2024-12-14 10:22:52,748 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE A310Logger.yar 2024-12-14 10:22:52,749 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE AAR.yar 2024-12-14 10:22:52,749 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE APT27.yar 2024-12-14 10:22:52,749 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE ARCrypt.yar 2024-12-14 10:22:52,749 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE AbubasbanditBot.yar 2024-12-14 10:22:52,749 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE AcidRain.yar 2024-12-14 10:22:52,749 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE ActionRAT.yar 2024-12-14 10:22:52,749 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Adfind.yar 2024-12-14 10:22:52,749 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Adzok.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE AgentRacoon.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE AgentTesla.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE AgnianeStealer.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Agrius.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Akira.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Alfonso.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE AlienCrypter.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE AlienSpy.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Alkhal.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE AllaKore.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Amadey.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Andromeda.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Ap0calypse.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Apocalypse.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Arcom.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Arechclient2.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Arkei.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE ArrowRAT.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Aspire.yar 2024-12-14 10:22:52,750 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE AsyncRAT.yar 2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Atlas.yar 2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Aurora.yar 2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE AuroraStealer.yar 2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Avaddon.yar 2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Avalon.yar 2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE AvosLocker.yar 2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Azer.yar 2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Azorult.yar 2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BACKSPACE.yar 2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BHunt.yar 2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Babuk.yar 2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BackNet.yar 2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BackOffLoader.yar 2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BackOffPOS.yar 2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BadJoke.yar 2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BadRabbit.yar 2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Bagle.yar 2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Baldr.yar 2024-12-14 10:22:52,751 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Bandit.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Bandook.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Banload.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Bazar.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BazarLoader.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BazarLoaderNim.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Beastdoor.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BetaBot.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BioPass.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BitCoinGrabber.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BitPaymer.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BitRAT.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BitterRAT.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BlackByte.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BlackByteGo.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BlackCat.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BlackDropper.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BlackHunt.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BlackMatter.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BlackNET.yar 2024-12-14 10:22:52,752 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BlackNix.yar 2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BlackShades.yar 2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BlackshadesRAT.yar 2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BlankStealer.yar 2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Blister.yar 2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BlitzGrabber.yar 2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BlueBanana.yar 2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BlueBot.yar 2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Bobik.yar 2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BoxCaon.yar 2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Bozok.yar 2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BrbBot.yar 2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BreakStaf.yar 2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BreakWin.yar 2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BroEx.yar 2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BruteRatel.yar 2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BuerLoader.yar 2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE BumbleBee.yar 2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Buran.yar 2024-12-14 10:22:52,753 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE ButeRAT.yar 2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE CRAT.yar 2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Caliber.yar 2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Carbanak.yar 2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE CargoBayLoader.yar 2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE CasperTroy.yar 2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Cerber.yar 2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE ChChes.yar 2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE ChaChaDDoS.yar 2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Chaos.yar 2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Chinotto.yar 2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Chuwi.yar 2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE ClientMesh.yar 2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE ClipBanker.yar 2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Clop.yar 2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE CobaltStrikeBeacon.yar 2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE CobaltStrikeStager.yar 2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE CobianRAT.yar 2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Codoso.yar 2024-12-14 10:22:52,754 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE CoinMiners.yar 2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE CoinMiningBot.yar 2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE CommonMagic.yar 2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Confucius_B.yar 2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Conti.yar 2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE CookieStealer.yar 2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE CoreBot.yar 2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Covenant.yar 2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE CrimsonRAT.yar 2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE Crown.yar 2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE CryLock.yar 2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE CryptBot.yar 2024-12-14 10:22:52,755 [Task 23] [lib.cuckoo.common.objects] DEBUG: |-- CAPE CryptoLocker.yar 2024-12-14

yep cape recognizes playload as lumma correctly with yara but doesn't extract configuration with parser Lumma.py (i suppose..)

@doomedraven
Copy link
Collaborator

doomedraven commented Dec 14, 2024 via email

@marsomx
Copy link
Author

marsomx commented Dec 14, 2024
edited
Loading

@doomedraven inside config/processing.conf i have these lines

# Community
# Extractors
[mwcp]
enabled = yes
modules_path = modules/processing/parsers/mwcp/

# Community
[ratdecoders]
enabled = yes
modules_path = modules/processing/parsers/RATDecoders/

# Community
[malduck]
enabled = yes
modules_path = modules/processing/parsers/malduck/

[CAPE_extractors]
enabled = yes
# Must ends with /
modules_path = modules/processing/parsers/CAPE/

but inside modules/processing/parsers/CAPE/ i have only

 __pycache__
Snake.py

and not Core and Community folders as per CAPE_Parser repo. could be this the isue?

moreover changelog reported

Feature added. load=X, where X is one of those: all/core/community
All = core and community
Exclude parsers. Allows to not load some particular parsers. exclude_parsers=["name1", "name2"]

where i have to use this options?

Thanks

edit:

for the sample you can use 81e2acbd26c2d3dcfba65fdff1c91d0927bfbb5f9d7c923184c97af4edda63f1

@doomedraven
Copy link
Collaborator

no, not having those folder not needed, as they are under cape-parsers. you need load=All if you want all parsers. thanks for hash, i will test it in few mins

@doomedraven
Copy link
Collaborator

Captura de pantalla 2024-12-14 a las 18 48 08

can you post output of this command as cape user poetry run pip freaze|grep cape-parsers

poetry run pip freeze|grep CAPE-parsers

@marsomx
Copy link
Author

marsomx commented Dec 14, 2024

Captura de pantalla 2024-12-14 a las 18 48 08 can you post output of this command as cape user `poetry run pip freaze|grep cape-parsers` 
poetry run pip freeze|grep CAPE-parsers

i got nothing from this command

@doomedraven
Copy link
Collaborator

so you don't have parsers installed, run poetry run pip3 install -U CAPE-parsers, and reprocess the job, if that works, you need to restart processing, but also run poetry install to ensure that the rest of libs are up to date

@marsomx
Copy link
Author

marsomx commented Dec 14, 2024

so you don't have parsers installed, run poetry run pip3 install -U CAPE-parsers, and reprocess the job, if that works, you need to restart processing, but also run poetry install to ensure that the rest of libs are up to date

now it works as expected ... maybe i found what was my mistake... i ran poetry install not as cape user... this could cause the cape parser not to be installed properly...

thanks a lot.. have a nice weekend :)

@doomedraven
Copy link
Collaborator

doomedraven commented Dec 14, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@doomedraven @marsomx