$ cuckoo -d _______ _____ _____ /::\ \ /\ \ /\ \ /::::\ \ /::\____\ /::\ \ /::::::\ \ /::::| | /::::\ \ /::::::::\ \ /:::::| | /::::::\ \ /:::/~~\:::\ \ /::::::| | /:::/\:::\ \ /:::/ \:::\ \ /:::/|::| | /:::/ \:::\ \ /:::/ / \:::\ \ /:::/ |::| | /:::/ \:::\ \ /:::/____/ \:::\____\ /:::/ |::|___|______ /:::/ / \:::\ \ |:::| | |:::| | /:::/ |::::::::\ \ /:::/ / \:::\ ___\ |:::|____| |:::| |/:::/ |:::::::::\____\/:::/____/ ___\:::| | \:::\ \ /:::/ / \::/ / ~~~~~/:::/ /\:::\ \ /\ /:::|____| \:::\ \ /:::/ / \/____/ /:::/ / \:::\ /::\ \::/ / \:::\ /:::/ / /:::/ / \:::\ \:::\ \/____/ \:::\__/:::/ / /:::/ / \:::\ \:::\____\ \::::::::/ / /:::/ / \:::\ /:::/ / \::::::/ / /:::/ / \:::\/:::/ / \::::/ / /:::/ / \::::::/ / \::/____/ /:::/ / \::::/ / ~~ \::/ / \::/____/ \/____/ it's Cuckoo! Cuckoo Sandbox 2.0.7 www.cuckoosandbox.org Copyright (c) 2010-2018 2020-01-11 08:40:03,285 [cuckoo] DEBUG: Increasing resource limit for number of open files to 1048576 Checking for updates... You're good to go! Our latest blogposts: * Cuckoo Sandbox 2.0.7, June 19, 2019. Stability and security More at https://cuckoosandbox.org/blog/207-interim-release * IQY malspam campaign, October 15, 2018. Analysis of a malspam campaign leveraging .IQY (Excel Web Query) files containing DDE to achieve code execution. More at https://hatching.io/blog/iqy-malspam * Hooking VBScript execution in Cuckoo, October 03, 2018. Details on implementation of Visual Basic Script instrumentation for Cuckoo Monitor for extraction of dynamically executed VBScript. More at https://hatching.io/blog/vbscript-hooking * Cuckoo Sandbox 2.0.6 pentest, September 18, 2018. Cuckoo Sandbox 2.0.6 public pentest performed by Cure53 and sponsored by PolySwarm! More at https://hatching.io/blog/cuckoo-206-pentest * Cuckoo Sandbox 2.0.6, June 07, 2018. Interim release awaiting the big release. More at https://cuckoosandbox.org/blog/206-interim-release 2020-01-11 08:40:03,843 [cuckoo.core.database] DEBUG: Using database-wide lock for sqlite 2020-01-11 08:40:04,019 [cuckoo.core.startup] DEBUG: Imported modules... 2020-01-11 08:40:04,024 [cuckoo.core.startup] DEBUG: Imported "auxiliary" modules: 2020-01-11 08:40:04,025 [cuckoo.core.startup] DEBUG: |-- MITM 2020-01-11 08:40:04,025 [cuckoo.core.startup] DEBUG: |-- Reboot 2020-01-11 08:40:04,025 [cuckoo.core.startup] DEBUG: |-- Replay 2020-01-11 08:40:04,025 [cuckoo.core.startup] DEBUG: |-- Services 2020-01-11 08:40:04,026 [cuckoo.core.startup] DEBUG: `-- Sniffer 2020-01-11 08:40:04,026 [cuckoo.core.startup] DEBUG: Imported "machinery" modules: 2020-01-11 08:40:04,026 [cuckoo.core.startup] DEBUG: |-- vSphere 2020-01-11 08:40:04,026 [cuckoo.core.startup] DEBUG: |-- KVM 2020-01-11 08:40:04,026 [cuckoo.core.startup] DEBUG: |-- ESX 2020-01-11 08:40:04,026 [cuckoo.core.startup] DEBUG: |-- XenServer 2020-01-11 08:40:04,026 [cuckoo.core.startup] DEBUG: |-- VirtualBox 2020-01-11 08:40:04,026 [cuckoo.core.startup] DEBUG: |-- Avd 2020-01-11 08:40:04,027 [cuckoo.core.startup] DEBUG: |-- QEMU 2020-01-11 08:40:04,027 [cuckoo.core.startup] DEBUG: |-- VMware 2020-01-11 08:40:04,027 [cuckoo.core.startup] DEBUG: `-- Physical 2020-01-11 08:40:04,027 [cuckoo.core.startup] DEBUG: Imported "processing" modules: 2020-01-11 08:40:04,027 [cuckoo.core.startup] DEBUG: |-- AnalysisInfo 2020-01-11 08:40:04,027 [cuckoo.core.startup] DEBUG: |-- ApkInfo 2020-01-11 08:40:04,027 [cuckoo.core.startup] DEBUG: |-- Baseline 2020-01-11 08:40:04,027 [cuckoo.core.startup] DEBUG: |-- BehaviorAnalysis 2020-01-11 08:40:04,028 [cuckoo.core.startup] DEBUG: |-- Debug 2020-01-11 08:40:04,028 [cuckoo.core.startup] DEBUG: |-- Droidmon 2020-01-11 08:40:04,028 [cuckoo.core.startup] DEBUG: |-- Dropped 2020-01-11 08:40:04,028 [cuckoo.core.startup] DEBUG: |-- DroppedBuffer 2020-01-11 08:40:04,028 [cuckoo.core.startup] DEBUG: |-- Extracted 2020-01-11 08:40:04,028 [cuckoo.core.startup] DEBUG: |-- GooglePlay 2020-01-11 08:40:04,028 [cuckoo.core.startup] DEBUG: |-- Irma 2020-01-11 08:40:04,028 [cuckoo.core.startup] DEBUG: |-- Memory 2020-01-11 08:40:04,029 [cuckoo.core.startup] DEBUG: |-- MetaInfo 2020-01-11 08:40:04,029 [cuckoo.core.startup] DEBUG: |-- MISP 2020-01-11 08:40:04,029 [cuckoo.core.startup] DEBUG: |-- NetworkAnalysis 2020-01-11 08:40:04,029 [cuckoo.core.startup] DEBUG: |-- ProcessMemory 2020-01-11 08:40:04,029 [cuckoo.core.startup] DEBUG: |-- Procmon 2020-01-11 08:40:04,029 [cuckoo.core.startup] DEBUG: |-- Screenshots 2020-01-11 08:40:04,029 [cuckoo.core.startup] DEBUG: |-- Snort 2020-01-11 08:40:04,029 [cuckoo.core.startup] DEBUG: |-- Static 2020-01-11 08:40:04,029 [cuckoo.core.startup] DEBUG: |-- Strings 2020-01-11 08:40:04,030 [cuckoo.core.startup] DEBUG: |-- Suricata 2020-01-11 08:40:04,030 [cuckoo.core.startup] DEBUG: |-- TargetInfo 2020-01-11 08:40:04,030 [cuckoo.core.startup] DEBUG: |-- TLSMasterSecrets 2020-01-11 08:40:04,030 [cuckoo.core.startup] DEBUG: `-- VirusTotal 2020-01-11 08:40:04,030 [cuckoo.core.startup] DEBUG: Imported "signatures" modules: 2020-01-11 08:40:04,030 [cuckoo.core.startup] DEBUG: |-- AndroidAbortBroadcast 2020-01-11 08:40:04,030 [cuckoo.core.startup] DEBUG: |-- AndroidAccountInfo 2020-01-11 08:40:04,030 [cuckoo.core.startup] DEBUG: |-- AndroidAppInfo 2020-01-11 08:40:04,031 [cuckoo.core.startup] DEBUG: |-- AndroidAudio 2020-01-11 08:40:04,031 [cuckoo.core.startup] DEBUG: |-- AndroidCamera 2020-01-11 08:40:04,031 [cuckoo.core.startup] DEBUG: |-- AndroidDangerousPermissions 2020-01-11 08:40:04,031 [cuckoo.core.startup] DEBUG: |-- AndroidDeletedApp 2020-01-11 08:40:04,031 [cuckoo.core.startup] DEBUG: |-- AndroidDynamicCode 2020-01-11 08:40:04,031 [cuckoo.core.startup] DEBUG: |-- AndroidEmbeddedApk 2020-01-11 08:40:04,031 [cuckoo.core.startup] DEBUG: |-- AndroidGooglePlayDiff 2020-01-11 08:40:04,031 [cuckoo.core.startup] DEBUG: |-- AndroidInstalledApps 2020-01-11 08:40:04,032 [cuckoo.core.startup] DEBUG: |-- AndroidNativeCode 2020-01-11 08:40:04,032 [cuckoo.core.startup] DEBUG: |-- AndroidPhoneNumber 2020-01-11 08:40:04,032 [cuckoo.core.startup] DEBUG: |-- AndroidPrivateInfoQuery 2020-01-11 08:40:04,032 [cuckoo.core.startup] DEBUG: |-- AndroidReflectionCode 2020-01-11 08:40:04,032 [cuckoo.core.startup] DEBUG: |-- AndroidRegisteredReceiver 2020-01-11 08:40:04,032 [cuckoo.core.startup] DEBUG: |-- AndroidShellCommands 2020-01-11 08:40:04,032 [cuckoo.core.startup] DEBUG: |-- AndroidSMS 2020-01-11 08:40:04,032 [cuckoo.core.startup] DEBUG: |-- AndroidStopProcess 2020-01-11 08:40:04,033 [cuckoo.core.startup] DEBUG: |-- ApplicationUsesLocation 2020-01-11 08:40:04,033 [cuckoo.core.startup] DEBUG: |-- KnownVirustotal 2020-01-11 08:40:04,033 [cuckoo.core.startup] DEBUG: |-- AntiAnalysisJavascript 2020-01-11 08:40:04,033 [cuckoo.core.startup] DEBUG: |-- DumpedBuffer 2020-01-11 08:40:04,033 [cuckoo.core.startup] DEBUG: |-- DumpedBuffer2 2020-01-11 08:40:04,033 [cuckoo.core.startup] DEBUG: |-- EncryptionKeys 2020-01-11 08:40:04,033 [cuckoo.core.startup] DEBUG: |-- EvalJS 2020-01-11 08:40:04,033 [cuckoo.core.startup] DEBUG: |-- HtmlFlash 2020-01-11 08:40:04,034 [cuckoo.core.startup] DEBUG: |-- JsIframe 2020-01-11 08:40:04,034 [cuckoo.core.startup] DEBUG: |-- PDFAttachments 2020-01-11 08:40:04,034 [cuckoo.core.startup] DEBUG: |-- PDFJavaScript 2020-01-11 08:40:04,034 [cuckoo.core.startup] DEBUG: |-- PDFOpenAction 2020-01-11 08:40:04,034 [cuckoo.core.startup] DEBUG: |-- PDFOpenActionJS 2020-01-11 08:40:04,034 [cuckoo.core.startup] DEBUG: |-- SuspiciousJavascript 2020-01-11 08:40:04,034 [cuckoo.core.startup] DEBUG: |-- DarwinCodeInjection 2020-01-11 08:40:04,034 [cuckoo.core.startup] DEBUG: |-- TaskForPid 2020-01-11 08:40:04,034 [cuckoo.core.startup] DEBUG: |-- DeadHost 2020-01-11 08:40:04,035 [cuckoo.core.startup] DEBUG: |-- NetworkBIND 2020-01-11 08:40:04,035 [cuckoo.core.startup] DEBUG: |-- NetworkCnCHTTP 2020-01-11 08:40:04,035 [cuckoo.core.startup] DEBUG: |-- NetworkDNSTXTLookup 2020-01-11 08:40:04,035 [cuckoo.core.startup] DEBUG: |-- NetworkDynDNS 2020-01-11 08:40:04,035 [cuckoo.core.startup] DEBUG: |-- NetworkHTTP 2020-01-11 08:40:04,035 [cuckoo.core.startup] DEBUG: |-- NetworkHTTPPOST 2020-01-11 08:40:04,035 [cuckoo.core.startup] DEBUG: |-- NetworkICMP 2020-01-11 08:40:04,035 [cuckoo.core.startup] DEBUG: |-- NetworkIRC 2020-01-11 08:40:04,035 [cuckoo.core.startup] DEBUG: |-- NetworkSMTP 2020-01-11 08:40:04,036 [cuckoo.core.startup] DEBUG: |-- NoLookupCommunication 2020-01-11 08:40:04,036 [cuckoo.core.startup] DEBUG: |-- P2PCnC 2020-01-11 08:40:04,036 [cuckoo.core.startup] DEBUG: |-- SnortAlert 2020-01-11 08:40:04,036 [cuckoo.core.startup] DEBUG: |-- SuricataAlert 2020-01-11 08:40:04,036 [cuckoo.core.startup] DEBUG: |-- Suspicious_TLD 2020-01-11 08:40:04,036 [cuckoo.core.startup] DEBUG: |-- TorGateway 2020-01-11 08:40:04,036 [cuckoo.core.startup] DEBUG: |-- WscriptDownloader 2020-01-11 08:40:04,036 [cuckoo.core.startup] DEBUG: |-- AddsUser 2020-01-11 08:40:04,036 [cuckoo.core.startup] DEBUG: |-- AddsUserAdmin 2020-01-11 08:40:04,037 [cuckoo.core.startup] DEBUG: |-- ADS 2020-01-11 08:40:04,037 [cuckoo.core.startup] DEBUG: |-- Adzok 2020-01-11 08:40:04,037 [cuckoo.core.startup] DEBUG: |-- AlinaFile 2020-01-11 08:40:04,037 [cuckoo.core.startup] DEBUG: |-- AlineURL 2020-01-11 08:40:04,037 [cuckoo.core.startup] DEBUG: |-- AllocatesExecuteRemoteProccess 2020-01-11 08:40:04,037 [cuckoo.core.startup] DEBUG: |-- AllocatesRWX 2020-01-11 08:40:04,037 [cuckoo.core.startup] DEBUG: |-- AmsiBypass 2020-01-11 08:40:04,037 [cuckoo.core.startup] DEBUG: |-- Andromeda 2020-01-11 08:40:04,037 [cuckoo.core.startup] DEBUG: |-- AntiAnalysisDetectFile 2020-01-11 08:40:04,038 [cuckoo.core.startup] DEBUG: |-- AntiAVDetectFile 2020-01-11 08:40:04,038 [cuckoo.core.startup] DEBUG: |-- AntiAVDetectReg 2020-01-11 08:40:04,038 [cuckoo.core.startup] DEBUG: |-- AntiAVServiceStop 2020-01-11 08:40:04,038 [cuckoo.core.startup] DEBUG: |-- AntiAVSRP 2020-01-11 08:40:04,038 [cuckoo.core.startup] DEBUG: |-- AntiDBGDevices 2020-01-11 08:40:04,038 [cuckoo.core.startup] DEBUG: |-- AntiDBGWindows 2020-01-11 08:40:04,038 [cuckoo.core.startup] DEBUG: |-- AntisandboxClipboard 2020-01-11 08:40:04,038 [cuckoo.core.startup] DEBUG: |-- AntiSandboxFile 2020-01-11 08:40:04,038 [cuckoo.core.startup] DEBUG: |-- AntiSandboxForegroundWindow 2020-01-11 08:40:04,039 [cuckoo.core.startup] DEBUG: |-- AntiSandboxIdleTime 2020-01-11 08:40:04,039 [cuckoo.core.startup] DEBUG: |-- AntiSandboxRestart 2020-01-11 08:40:04,039 [cuckoo.core.startup] DEBUG: |-- AntiSandboxSleep 2020-01-11 08:40:04,039 [cuckoo.core.startup] DEBUG: |-- AntiVirusIRMA 2020-01-11 08:40:04,039 [cuckoo.core.startup] DEBUG: |-- AntiVMBios 2020-01-11 08:40:04,039 [cuckoo.core.startup] DEBUG: |-- AntiVMComputernameQuery 2020-01-11 08:40:04,039 [cuckoo.core.startup] DEBUG: |-- AntiVMCPU 2020-01-11 08:40:04,039 [cuckoo.core.startup] DEBUG: |-- AntiVMDiskSize 2020-01-11 08:40:04,040 [cuckoo.core.startup] DEBUG: |-- AntiVMIDE 2020-01-11 08:40:04,040 [cuckoo.core.startup] DEBUG: |-- AntiVMSCSI 2020-01-11 08:40:04,040 [cuckoo.core.startup] DEBUG: |-- AntiVMServices 2020-01-11 08:40:04,040 [cuckoo.core.startup] DEBUG: |-- AntiVMSharedDevice 2020-01-11 08:40:04,040 [cuckoo.core.startup] DEBUG: |-- ApplicationExceptionCrash 2020-01-11 08:40:04,040 [cuckoo.core.startup] DEBUG: |-- AppLockerBypass 2020-01-11 08:40:04,040 [cuckoo.core.startup] DEBUG: |-- APT_Carbunak 2020-01-11 08:40:04,040 [cuckoo.core.startup] DEBUG: |-- APT_CloudAtlas 2020-01-11 08:40:04,040 [cuckoo.core.startup] DEBUG: |-- apt_sandworm_ip 2020-01-11 08:40:04,041 [cuckoo.core.startup] DEBUG: |-- apt_sandworm_url 2020-01-11 08:40:04,041 [cuckoo.core.startup] DEBUG: |-- ArdamaxMutexes 2020-01-11 08:40:04,041 [cuckoo.core.startup] DEBUG: |-- AthenaHttp 2020-01-11 08:40:04,041 [cuckoo.core.startup] DEBUG: |-- AthenaURL 2020-01-11 08:40:04,041 [cuckoo.core.startup] DEBUG: |-- Autorun 2020-01-11 08:40:04,041 [cuckoo.core.startup] DEBUG: |-- AvastDetectLibs 2020-01-11 08:40:04,041 [cuckoo.core.startup] DEBUG: |-- AVDetectionChinaKey 2020-01-11 08:40:04,041 [cuckoo.core.startup] DEBUG: |-- BadCerts 2020-01-11 08:40:04,041 [cuckoo.core.startup] DEBUG: |-- Bagle 2020-01-11 08:40:04,042 [cuckoo.core.startup] DEBUG: |-- Bandook 2020-01-11 08:40:04,042 [cuckoo.core.startup] DEBUG: |-- banker_bancos 2020-01-11 08:40:04,042 [cuckoo.core.startup] DEBUG: |-- BankingMutexes 2020-01-11 08:40:04,042 [cuckoo.core.startup] DEBUG: |-- Banload 2020-01-11 08:40:04,042 [cuckoo.core.startup] DEBUG: |-- Beastdoor 2020-01-11 08:40:04,042 [cuckoo.core.startup] DEBUG: |-- BeebusMutexes 2020-01-11 08:40:04,042 [cuckoo.core.startup] DEBUG: |-- BegseabugTDMutexes 2020-01-11 08:40:04,042 [cuckoo.core.startup] DEBUG: |-- BetabotURL 2020-01-11 08:40:04,042 [cuckoo.core.startup] DEBUG: |-- Bifrose 2020-01-11 08:40:04,043 [cuckoo.core.startup] DEBUG: |-- BitcoinOpenCL 2020-01-11 08:40:04,043 [cuckoo.core.startup] DEBUG: |-- BitcoinWallet 2020-01-11 08:40:04,043 [cuckoo.core.startup] DEBUG: |-- BitdefenderDetectLibs 2020-01-11 08:40:04,043 [cuckoo.core.startup] DEBUG: |-- BlackEnergyMutexes 2020-01-11 08:40:04,043 [cuckoo.core.startup] DEBUG: |-- Blackhole 2020-01-11 08:40:04,043 [cuckoo.core.startup] DEBUG: |-- BlackholeURL 2020-01-11 08:40:04,043 [cuckoo.core.startup] DEBUG: |-- Blackice 2020-01-11 08:40:04,043 [cuckoo.core.startup] DEBUG: |-- BlackposURL 2020-01-11 08:40:04,044 [cuckoo.core.startup] DEBUG: |-- BlackRevMutexes 2020-01-11 08:40:04,044 [cuckoo.core.startup] DEBUG: |-- Blackshades 2020-01-11 08:40:04,044 [cuckoo.core.startup] DEBUG: |-- BladabindiMutexes 2020-01-11 08:40:04,044 [cuckoo.core.startup] DEBUG: |-- BochsDetectKeys 2020-01-11 08:40:04,044 [cuckoo.core.startup] DEBUG: |-- Bootkit 2020-01-11 08:40:04,044 [cuckoo.core.startup] DEBUG: |-- Bottilda 2020-01-11 08:40:04,044 [cuckoo.core.startup] DEBUG: |-- BozokKey 2020-01-11 08:40:04,044 [cuckoo.core.startup] DEBUG: |-- browser_startpage 2020-01-11 08:40:04,045 [cuckoo.core.startup] DEBUG: |-- BrowserSecurity 2020-01-11 08:40:04,045 [cuckoo.core.startup] DEBUG: |-- BrowserStealer 2020-01-11 08:40:04,045 [cuckoo.core.startup] DEBUG: |-- Btcbotnet 2020-01-11 08:40:04,045 [cuckoo.core.startup] DEBUG: |-- Bublik 2020-01-11 08:40:04,045 [cuckoo.core.startup] DEBUG: |-- BuildLangID 2020-01-11 08:40:04,045 [cuckoo.core.startup] DEBUG: |-- BuzusMutexes 2020-01-11 08:40:04,045 [cuckoo.core.startup] DEBUG: |-- BypassFirewall 2020-01-11 08:40:04,045 [cuckoo.core.startup] DEBUG: |-- c24URL 2020-01-11 08:40:04,045 [cuckoo.core.startup] DEBUG: |-- CarberpMutexes 2020-01-11 08:40:04,046 [cuckoo.core.startup] DEBUG: |-- Ceatrg 2020-01-11 08:40:04,046 [cuckoo.core.startup] DEBUG: |-- ChanitorMutexes 2020-01-11 08:40:04,046 [cuckoo.core.startup] DEBUG: |-- CheckIP 2020-01-11 08:40:04,046 [cuckoo.core.startup] DEBUG: |-- ChecksDebugger 2020-01-11 08:40:04,046 [cuckoo.core.startup] DEBUG: |-- ChecksKernelDebugger 2020-01-11 08:40:04,046 [cuckoo.core.startup] DEBUG: |-- ClearPermissionEventLogs 2020-01-11 08:40:04,046 [cuckoo.core.startup] DEBUG: |-- ClearsEventLogs 2020-01-11 08:40:04,046 [cuckoo.core.startup] DEBUG: |-- ClickfraudCookies 2020-01-11 08:40:04,046 [cuckoo.core.startup] DEBUG: |-- cloud_mediafire 2020-01-11 08:40:04,046 [cuckoo.core.startup] DEBUG: |-- cloud_wetransfer 2020-01-11 08:40:04,047 [cuckoo.core.startup] DEBUG: |-- CloudFlare 2020-01-11 08:40:04,047 [cuckoo.core.startup] DEBUG: |-- CloudGoogle 2020-01-11 08:40:04,047 [cuckoo.core.startup] DEBUG: |-- CoinminerMutexes 2020-01-11 08:40:04,047 [cuckoo.core.startup] DEBUG: |-- ComRAT 2020-01-11 08:40:04,047 [cuckoo.core.startup] DEBUG: |-- ConsoleOutput 2020-01-11 08:40:04,047 [cuckoo.core.startup] DEBUG: |-- Crash 2020-01-11 08:40:04,047 [cuckoo.core.startup] DEBUG: |-- CreatesAutorunInf 2020-01-11 08:40:04,047 [cuckoo.core.startup] DEBUG: |-- CreatesDocument 2020-01-11 08:40:04,047 [cuckoo.core.startup] DEBUG: |-- CreatesExe 2020-01-11 08:40:04,047 [cuckoo.core.startup] DEBUG: |-- CreatesHiddenFile 2020-01-11 08:40:04,048 [cuckoo.core.startup] DEBUG: |-- CreatesLargeKey 2020-01-11 08:40:04,048 [cuckoo.core.startup] DEBUG: |-- CreatesNullRegistryEntry 2020-01-11 08:40:04,048 [cuckoo.core.startup] DEBUG: |-- CreatesService 2020-01-11 08:40:04,048 [cuckoo.core.startup] DEBUG: |-- CreatesShortcut 2020-01-11 08:40:04,048 [cuckoo.core.startup] DEBUG: |-- CreatesSuspiciousProcess 2020-01-11 08:40:04,048 [cuckoo.core.startup] DEBUG: |-- CreatesUserFolderEXE 2020-01-11 08:40:04,048 [cuckoo.core.startup] DEBUG: |-- CredentialDumpingLsass 2020-01-11 08:40:04,048 [cuckoo.core.startup] DEBUG: |-- CredentialDumpingLsassAccess 2020-01-11 08:40:04,048 [cuckoo.core.startup] DEBUG: |-- Cridex 2020-01-11 08:40:04,049 [cuckoo.core.startup] DEBUG: |-- CryptGenKey 2020-01-11 08:40:04,049 [cuckoo.core.startup] DEBUG: |-- Cryptolocker 2020-01-11 08:40:04,049 [cuckoo.core.startup] DEBUG: |-- CryptoMiningStratumCommand 2020-01-11 08:40:04,049 [cuckoo.core.startup] DEBUG: |-- CuckooDetectFiles 2020-01-11 08:40:04,049 [cuckoo.core.startup] DEBUG: |-- Cybergate 2020-01-11 08:40:04,049 [cuckoo.core.startup] DEBUG: |-- Dapato 2020-01-11 08:40:04,049 [cuckoo.core.startup] DEBUG: |-- Darkcloud 2020-01-11 08:40:04,049 [cuckoo.core.startup] DEBUG: |-- DarkddosMutexes 2020-01-11 08:40:04,049 [cuckoo.core.startup] DEBUG: |-- Darkshell 2020-01-11 08:40:04,049 [cuckoo.core.startup] DEBUG: |-- Ddos556 2020-01-11 08:40:04,050 [cuckoo.core.startup] DEBUG: |-- Decay 2020-01-11 08:40:04,050 [cuckoo.core.startup] DEBUG: |-- DecebalMutexes 2020-01-11 08:40:04,050 [cuckoo.core.startup] DEBUG: |-- DeepFreezeMutex 2020-01-11 08:40:04,050 [cuckoo.core.startup] DEBUG: |-- DeletesExecutedFiles 2020-01-11 08:40:04,050 [cuckoo.core.startup] DEBUG: |-- DelfTrojan 2020-01-11 08:40:04,050 [cuckoo.core.startup] DEBUG: |-- DEPHeapBypass 2020-01-11 08:40:04,050 [cuckoo.core.startup] DEBUG: |-- DEPStackBypass 2020-01-11 08:40:04,050 [cuckoo.core.startup] DEBUG: |-- DerusbiMutexes 2020-01-11 08:40:04,051 [cuckoo.core.startup] DEBUG: |-- Dexter 2020-01-11 08:40:04,051 [cuckoo.core.startup] DEBUG: |-- Dibik 2020-01-11 08:40:04,051 [cuckoo.core.startup] DEBUG: |-- DirtJumper 2020-01-11 08:40:04,051 [cuckoo.core.startup] DEBUG: |-- DisableCmd 2020-01-11 08:40:04,051 [cuckoo.core.startup] DEBUG: |-- DisableRegedit 2020-01-11 08:40:04,051 [cuckoo.core.startup] DEBUG: |-- DisablesAppLaunch 2020-01-11 08:40:04,051 [cuckoo.core.startup] DEBUG: |-- DisablesBrowserWarn 2020-01-11 08:40:04,051 [cuckoo.core.startup] DEBUG: |-- DisablesIEHTTP2 2020-01-11 08:40:04,051 [cuckoo.core.startup] DEBUG: |-- DisablesProxy 2020-01-11 08:40:04,052 [cuckoo.core.startup] DEBUG: |-- DisablesSecurity 2020-01-11 08:40:04,052 [cuckoo.core.startup] DEBUG: |-- DisablesSPDYChrome 2020-01-11 08:40:04,052 [cuckoo.core.startup] DEBUG: |-- DisablesSPDYFirefox 2020-01-11 08:40:04,052 [cuckoo.core.startup] DEBUG: |-- DisablesSPDYIE 2020-01-11 08:40:04,052 [cuckoo.core.startup] DEBUG: |-- DisablesSystemRestore 2020-01-11 08:40:04,052 [cuckoo.core.startup] DEBUG: |-- DisablesWER 2020-01-11 08:40:04,052 [cuckoo.core.startup] DEBUG: |-- DisablesWindowsUpdate 2020-01-11 08:40:04,052 [cuckoo.core.startup] DEBUG: |-- DisableTaskMgr 2020-01-11 08:40:04,052 [cuckoo.core.startup] DEBUG: |-- DiskInformation 2020-01-11 08:40:04,053 [cuckoo.core.startup] DEBUG: |-- Dns_Freehosting_Domain 2020-01-11 08:40:04,053 [cuckoo.core.startup] DEBUG: |-- dnsserver_dynamic 2020-01-11 08:40:04,053 [cuckoo.core.startup] DEBUG: |-- DocumentClose 2020-01-11 08:40:04,053 [cuckoo.core.startup] DEBUG: |-- DocumentOpen 2020-01-11 08:40:04,053 [cuckoo.core.startup] DEBUG: |-- DoFoil 2020-01-11 08:40:04,053 [cuckoo.core.startup] DEBUG: |-- DownloaderCabby 2020-01-11 08:40:04,053 [cuckoo.core.startup] DEBUG: |-- Dridex_APIs 2020-01-11 08:40:04,053 [cuckoo.core.startup] DEBUG: |-- Drive 2020-01-11 08:40:04,053 [cuckoo.core.startup] DEBUG: |-- Drive2 2020-01-11 08:40:04,054 [cuckoo.core.startup] DEBUG: |-- DriverLoad 2020-01-11 08:40:04,054 [cuckoo.core.startup] DEBUG: |-- DropBox 2020-01-11 08:40:04,054 [cuckoo.core.startup] DEBUG: |-- Dropper 2020-01-11 08:40:04,054 [cuckoo.core.startup] DEBUG: |-- Dyreza 2020-01-11 08:40:04,054 [cuckoo.core.startup] DEBUG: |-- EclipseMutexes 2020-01-11 08:40:04,054 [cuckoo.core.startup] DEBUG: |-- Emotet 2020-01-11 08:40:04,054 [cuckoo.core.startup] DEBUG: |-- Emotet_APIs 2020-01-11 08:40:04,054 [cuckoo.core.startup] DEBUG: |-- Evilbot 2020-01-11 08:40:04,055 [cuckoo.core.startup] DEBUG: |-- ExcelDataLinks 2020-01-11 08:40:04,055 [cuckoo.core.startup] DEBUG: |-- ExeAppData 2020-01-11 08:40:04,055 [cuckoo.core.startup] DEBUG: |-- ExecBitsAdmin 2020-01-11 08:40:04,055 [cuckoo.core.startup] DEBUG: |-- ExecWaitFor 2020-01-11 08:40:04,055 [cuckoo.core.startup] DEBUG: |-- exp_3322_dom 2020-01-11 08:40:04,055 [cuckoo.core.startup] DEBUG: |-- Expiro 2020-01-11 08:40:04,055 [cuckoo.core.startup] DEBUG: |-- ExploitHeapspray 2020-01-11 08:40:04,055 [cuckoo.core.startup] DEBUG: |-- ExploitKitMutexes 2020-01-11 08:40:04,055 [cuckoo.core.startup] DEBUG: |-- FakeAVMutexes 2020-01-11 08:40:04,055 [cuckoo.core.startup] DEBUG: |-- FakeAVMutexes 2020-01-11 08:40:04,056 [cuckoo.core.startup] DEBUG: |-- FakeRean 2020-01-11 08:40:04,056 [cuckoo.core.startup] DEBUG: |-- FarFli 2020-01-11 08:40:04,056 [cuckoo.core.startup] DEBUG: |-- FesberMutexes 2020-01-11 08:40:04,056 [cuckoo.core.startup] DEBUG: |-- Fingerprint 2020-01-11 08:40:04,056 [cuckoo.core.startup] DEBUG: |-- Flame 2020-01-11 08:40:04,056 [cuckoo.core.startup] DEBUG: |-- Flystudio 2020-01-11 08:40:04,056 [cuckoo.core.startup] DEBUG: |-- FortinetDetectFiles 2020-01-11 08:40:04,056 [cuckoo.core.startup] DEBUG: |-- FTPStealer 2020-01-11 08:40:04,056 [cuckoo.core.startup] DEBUG: |-- Fynloski 2020-01-11 08:40:04,057 [cuckoo.core.startup] DEBUG: |-- Gaelicum 2020-01-11 08:40:04,057 [cuckoo.core.startup] DEBUG: |-- Ghostbot 2020-01-11 08:40:04,057 [cuckoo.core.startup] DEBUG: |-- HasAuthenticode 2020-01-11 08:40:04,057 [cuckoo.core.startup] DEBUG: |-- HasOfficeEps 2020-01-11 08:40:04,057 [cuckoo.core.startup] DEBUG: |-- HasPdb 2020-01-11 08:40:04,057 [cuckoo.core.startup] DEBUG: |-- HasWMI 2020-01-11 08:40:04,057 [cuckoo.core.startup] DEBUG: |-- Hesperbot 2020-01-11 08:40:04,057 [cuckoo.core.startup] DEBUG: |-- Hidden_Window 2020-01-11 08:40:04,057 [cuckoo.core.startup] DEBUG: |-- Hikit 2020-01-11 08:40:04,058 [cuckoo.core.startup] DEBUG: |-- HookMouse 2020-01-11 08:40:04,058 [cuckoo.core.startup] DEBUG: |-- Hupigon 2020-01-11 08:40:04,058 [cuckoo.core.startup] DEBUG: |-- HyperVDetectKeys 2020-01-11 08:40:04,058 [cuckoo.core.startup] DEBUG: |-- IcePoint 2020-01-11 08:40:04,058 [cuckoo.core.startup] DEBUG: |-- im_btb 2020-01-11 08:40:04,058 [cuckoo.core.startup] DEBUG: |-- im_qq 2020-01-11 08:40:04,058 [cuckoo.core.startup] DEBUG: |-- IMStealer 2020-01-11 08:40:04,058 [cuckoo.core.startup] DEBUG: |-- InceptionAPT 2020-01-11 08:40:04,058 [cuckoo.core.startup] DEBUG: |-- Infinity 2020-01-11 08:40:04,058 [cuckoo.core.startup] DEBUG: |-- InfoStealerClipboard 2020-01-11 08:40:04,059 [cuckoo.core.startup] DEBUG: |-- InjectionCreateRemoteThread 2020-01-11 08:40:04,059 [cuckoo.core.startup] DEBUG: |-- InjectionExplorer 2020-01-11 08:40:04,059 [cuckoo.core.startup] DEBUG: |-- InjectionModifiesMemory 2020-01-11 08:40:04,059 [cuckoo.core.startup] DEBUG: |-- InjectionNetworkTraffic 2020-01-11 08:40:04,059 [cuckoo.core.startup] DEBUG: |-- InjectionProcessSearch 2020-01-11 08:40:04,059 [cuckoo.core.startup] DEBUG: |-- InjectionQueueApcThread 2020-01-11 08:40:04,059 [cuckoo.core.startup] DEBUG: |-- InjectionRunPE 2020-01-11 08:40:04,059 [cuckoo.core.startup] DEBUG: |-- InjectionWriteMemory 2020-01-11 08:40:04,059 [cuckoo.core.startup] DEBUG: |-- InjectionWriteMemoryEXE 2020-01-11 08:40:04,060 [cuckoo.core.startup] DEBUG: |-- InstalledApps 2020-01-11 08:40:04,060 [cuckoo.core.startup] DEBUG: |-- InstallsAppInit 2020-01-11 08:40:04,060 [cuckoo.core.startup] DEBUG: |-- InstallsBHO 2020-01-11 08:40:04,060 [cuckoo.core.startup] DEBUG: |-- InstallsWinpcap 2020-01-11 08:40:04,060 [cuckoo.core.startup] DEBUG: |-- IPKillerMutexes 2020-01-11 08:40:04,060 [cuckoo.core.startup] DEBUG: |-- Ircbrute 2020-01-11 08:40:04,060 [cuckoo.core.startup] DEBUG: |-- ISRstealerURL 2020-01-11 08:40:04,060 [cuckoo.core.startup] DEBUG: |-- iStealerURL 2020-01-11 08:40:04,061 [cuckoo.core.startup] DEBUG: |-- JackPOSFile 2020-01-11 08:40:04,061 [cuckoo.core.startup] DEBUG: |-- JackposURL 2020-01-11 08:40:04,061 [cuckoo.core.startup] DEBUG: |-- JavaScriptCommandline 2020-01-11 08:40:04,061 [cuckoo.core.startup] DEBUG: |-- JeefoMutexes 2020-01-11 08:40:04,061 [cuckoo.core.startup] DEBUG: |-- Jewdo 2020-01-11 08:40:04,061 [cuckoo.core.startup] DEBUG: |-- JintorMutexes 2020-01-11 08:40:04,061 [cuckoo.core.startup] DEBUG: |-- JorikTrojan 2020-01-11 08:40:04,062 [cuckoo.core.startup] DEBUG: |-- Karagany 2020-01-11 08:40:04,062 [cuckoo.core.startup] DEBUG: |-- Karakum 2020-01-11 08:40:04,062 [cuckoo.core.startup] DEBUG: |-- Katusha 2020-01-11 08:40:04,062 [cuckoo.core.startup] DEBUG: |-- KelihosBot 2020-01-11 08:40:04,062 [cuckoo.core.startup] DEBUG: |-- Keylogger 2020-01-11 08:40:04,062 [cuckoo.core.startup] DEBUG: |-- Kilim 2020-01-11 08:40:04,063 [cuckoo.core.startup] DEBUG: |-- Killdisk 2020-01-11 08:40:04,063 [cuckoo.core.startup] DEBUG: |-- KnownVirustotal 2020-01-11 08:40:04,063 [cuckoo.core.startup] DEBUG: |-- Koobface 2020-01-11 08:40:04,063 [cuckoo.core.startup] DEBUG: |-- Koutodoor 2020-01-11 08:40:04,063 [cuckoo.core.startup] DEBUG: |-- KovterBot 2020-01-11 08:40:04,063 [cuckoo.core.startup] DEBUG: |-- KrepperMutexes 2020-01-11 08:40:04,064 [cuckoo.core.startup] DEBUG: |-- KuluozMutexes 2020-01-11 08:40:04,064 [cuckoo.core.startup] DEBUG: |-- Likseput 2020-01-11 08:40:04,064 [cuckoo.core.startup] DEBUG: |-- LocatesBrowser 2020-01-11 08:40:04,064 [cuckoo.core.startup] DEBUG: |-- LocatesSniffer 2020-01-11 08:40:04,064 [cuckoo.core.startup] DEBUG: |-- Lockscreen 2020-01-11 08:40:04,064 [cuckoo.core.startup] DEBUG: |-- LolBot 2020-01-11 08:40:04,064 [cuckoo.core.startup] DEBUG: |-- Luder 2020-01-11 08:40:04,065 [cuckoo.core.startup] DEBUG: |-- Madness 2020-01-11 08:40:04,065 [cuckoo.core.startup] DEBUG: |-- Madness 2020-01-11 08:40:04,065 [cuckoo.core.startup] DEBUG: |-- MadnessURL 2020-01-11 08:40:04,065 [cuckoo.core.startup] DEBUG: |-- MaganiaMutexes 2020-01-11 08:40:04,065 [cuckoo.core.startup] DEBUG: |-- MailStealer 2020-01-11 08:40:04,065 [cuckoo.core.startup] DEBUG: |-- MaliciousDocumentURLs 2020-01-11 08:40:04,066 [cuckoo.core.startup] DEBUG: |-- MartianCommandProcess 2020-01-11 08:40:04,066 [cuckoo.core.startup] DEBUG: |-- MegaUpload 2020-01-11 08:40:04,066 [cuckoo.core.startup] DEBUG: |-- MemoryAvailable 2020-01-11 08:40:04,066 [cuckoo.core.startup] DEBUG: |-- MemoryProtectionRX 2020-01-11 08:40:04,066 [cuckoo.core.startup] DEBUG: |-- MetasploitShellcode 2020-01-11 08:40:04,066 [cuckoo.core.startup] DEBUG: |-- Minerbot 2020-01-11 08:40:04,066 [cuckoo.core.startup] DEBUG: |-- miningpool 2020-01-11 08:40:04,066 [cuckoo.core.startup] DEBUG: |-- MircFile 2020-01-11 08:40:04,066 [cuckoo.core.startup] DEBUG: |-- ModifiesBootConfig 2020-01-11 08:40:04,066 [cuckoo.core.startup] DEBUG: |-- ModifiesCertificates 2020-01-11 08:40:04,067 [cuckoo.core.startup] DEBUG: |-- ModifiesDesktopWallpaper 2020-01-11 08:40:04,067 [cuckoo.core.startup] DEBUG: |-- ModifiesFirefoxConfiguration 2020-01-11 08:40:04,067 [cuckoo.core.startup] DEBUG: |-- ModifiesProxyAutoConfig 2020-01-11 08:40:04,067 [cuckoo.core.startup] DEBUG: |-- ModifiesProxyOverride 2020-01-11 08:40:04,067 [cuckoo.core.startup] DEBUG: |-- ModifiesProxyWPAD 2020-01-11 08:40:04,067 [cuckoo.core.startup] DEBUG: |-- ModifiesUACNotify 2020-01-11 08:40:04,067 [cuckoo.core.startup] DEBUG: |-- ModifySecurityCenterWarnings 2020-01-11 08:40:04,067 [cuckoo.core.startup] DEBUG: |-- MovesSelf 2020-01-11 08:40:04,067 [cuckoo.core.startup] DEBUG: |-- Multiple_UA 2020-01-11 08:40:04,068 [cuckoo.core.startup] DEBUG: |-- MyBot 2020-01-11 08:40:04,068 [cuckoo.core.startup] DEBUG: |-- Nakbot 2020-01-11 08:40:04,068 [cuckoo.core.startup] DEBUG: |-- Napolar 2020-01-11 08:40:04,068 [cuckoo.core.startup] DEBUG: |-- Nebuler 2020-01-11 08:40:04,068 [cuckoo.core.startup] DEBUG: |-- Netobserve 2020-01-11 08:40:04,068 [cuckoo.core.startup] DEBUG: |-- Netshadow 2020-01-11 08:40:04,068 [cuckoo.core.startup] DEBUG: |-- Netwire 2020-01-11 08:40:04,068 [cuckoo.core.startup] DEBUG: |-- NetworkAdapters 2020-01-11 08:40:04,068 [cuckoo.core.startup] DEBUG: |-- NetworkDocumentFile 2020-01-11 08:40:04,069 [cuckoo.core.startup] DEBUG: |-- NetworkEXE 2020-01-11 08:40:04,069 [cuckoo.core.startup] DEBUG: |-- Nitol 2020-01-11 08:40:04,069 [cuckoo.core.startup] DEBUG: |-- NjRat 2020-01-11 08:40:04,069 [cuckoo.core.startup] DEBUG: |-- NtSetContextThreadRemote 2020-01-11 08:40:04,069 [cuckoo.core.startup] DEBUG: |-- Nymaim_APIs 2020-01-11 08:40:04,069 [cuckoo.core.startup] DEBUG: |-- ObfusMutexes 2020-01-11 08:40:04,069 [cuckoo.core.startup] DEBUG: |-- OfficeCheckName 2020-01-11 08:40:04,069 [cuckoo.core.startup] DEBUG: |-- OfficeCheckProjectName 2020-01-11 08:40:04,070 [cuckoo.core.startup] DEBUG: |-- OfficeCheckVersion 2020-01-11 08:40:04,070 [cuckoo.core.startup] DEBUG: |-- OfficeCheckWindow 2020-01-11 08:40:04,070 [cuckoo.core.startup] DEBUG: |-- OfficeCountDirectories 2020-01-11 08:40:04,070 [cuckoo.core.startup] DEBUG: |-- OfficeCreateObject 2020-01-11 08:40:04,070 [cuckoo.core.startup] DEBUG: |-- OfficeDDE 2020-01-11 08:40:04,070 [cuckoo.core.startup] DEBUG: |-- OfficeEpsStrings 2020-01-11 08:40:04,070 [cuckoo.core.startup] DEBUG: |-- OfficeHttpRequest 2020-01-11 08:40:04,070 [cuckoo.core.startup] DEBUG: |-- OfficeIndirectCall 2020-01-11 08:40:04,070 [cuckoo.core.startup] DEBUG: |-- OfficePackager 2020-01-11 08:40:04,071 [cuckoo.core.startup] DEBUG: |-- OfficePlatformDetect 2020-01-11 08:40:04,071 [cuckoo.core.startup] DEBUG: |-- OfficeRecentFiles 2020-01-11 08:40:04,071 [cuckoo.core.startup] DEBUG: |-- OfficeVulnerableGuid 2020-01-11 08:40:04,071 [cuckoo.core.startup] DEBUG: |-- OfficeVulnModules 2020-01-11 08:40:04,071 [cuckoo.core.startup] DEBUG: |-- Oldrea 2020-01-11 08:40:04,071 [cuckoo.core.startup] DEBUG: |-- PackerEntropy 2020-01-11 08:40:04,071 [cuckoo.core.startup] DEBUG: |-- Palevo 2020-01-11 08:40:04,071 [cuckoo.core.startup] DEBUG: |-- ParallelsDetectKeys 2020-01-11 08:40:04,071 [cuckoo.core.startup] DEBUG: |-- ParallelsDetectWindow 2020-01-11 08:40:04,072 [cuckoo.core.startup] DEBUG: |-- Pasta 2020-01-11 08:40:04,072 [cuckoo.core.startup] DEBUG: |-- PcClientMutexes 2020-01-11 08:40:04,072 [cuckoo.core.startup] DEBUG: |-- PEFeatures 2020-01-11 08:40:04,072 [cuckoo.core.startup] DEBUG: |-- PEIDPacker 2020-01-11 08:40:04,072 [cuckoo.core.startup] DEBUG: |-- PerfLogger 2020-01-11 08:40:04,072 [cuckoo.core.startup] DEBUG: |-- PersistenceBootexecute 2020-01-11 08:40:04,072 [cuckoo.core.startup] DEBUG: |-- PersistenceRegistryEXE 2020-01-11 08:40:04,072 [cuckoo.core.startup] DEBUG: |-- PersistenceRegistryJavaScript 2020-01-11 08:40:04,072 [cuckoo.core.startup] DEBUG: |-- PersistenceRegistryPowershell 2020-01-11 08:40:04,072 [cuckoo.core.startup] DEBUG: |-- PEUnknownResourceName 2020-01-11 08:40:04,073 [cuckoo.core.startup] DEBUG: |-- Phorpiex 2020-01-11 08:40:04,073 [cuckoo.core.startup] DEBUG: |-- Pidief 2020-01-11 08:40:04,073 [cuckoo.core.startup] DEBUG: |-- Plugx 2020-01-11 08:40:04,073 [cuckoo.core.startup] DEBUG: |-- Poebot 2020-01-11 08:40:04,073 [cuckoo.core.startup] DEBUG: |-- PoisonIvy 2020-01-11 08:40:04,073 [cuckoo.core.startup] DEBUG: |-- Polymorphic 2020-01-11 08:40:04,073 [cuckoo.core.startup] DEBUG: |-- Ponfoy 2020-01-11 08:40:04,073 [cuckoo.core.startup] DEBUG: |-- PonyURL 2020-01-11 08:40:04,073 [cuckoo.core.startup] DEBUG: |-- PosCardStealerURL 2020-01-11 08:40:04,074 [cuckoo.core.startup] DEBUG: |-- Powerfun 2020-01-11 08:40:04,074 [cuckoo.core.startup] DEBUG: |-- PowershellBitsTransfer 2020-01-11 08:40:04,074 [cuckoo.core.startup] DEBUG: |-- PowershellCcDns 2020-01-11 08:40:04,074 [cuckoo.core.startup] DEBUG: |-- PowershellDdiRc4 2020-01-11 08:40:04,074 [cuckoo.core.startup] DEBUG: |-- PowershellDFSP 2020-01-11 08:40:04,074 [cuckoo.core.startup] DEBUG: |-- PowershellDI 2020-01-11 08:40:04,074 [cuckoo.core.startup] DEBUG: |-- PowershellDownload 2020-01-11 08:40:04,074 [cuckoo.core.startup] DEBUG: |-- PowershellEmpire 2020-01-11 08:40:04,074 [cuckoo.core.startup] DEBUG: |-- PowershellMeterpreter 2020-01-11 08:40:04,074 [cuckoo.core.startup] DEBUG: |-- PowershellRegAdd 2020-01-11 08:40:04,075 [cuckoo.core.startup] DEBUG: |-- PowershellRequest 2020-01-11 08:40:04,075 [cuckoo.core.startup] DEBUG: |-- PowershellUnicorn 2020-01-11 08:40:04,075 [cuckoo.core.startup] DEBUG: |-- Powerworm 2020-01-11 08:40:04,075 [cuckoo.core.startup] DEBUG: |-- Prinimalka 2020-01-11 08:40:04,075 [cuckoo.core.startup] DEBUG: |-- PrivilegeLUIDCheck 2020-01-11 08:40:04,075 [cuckoo.core.startup] DEBUG: |-- ProcessInterest 2020-01-11 08:40:04,075 [cuckoo.core.startup] DEBUG: |-- ProcessMartian 2020-01-11 08:40:04,075 [cuckoo.core.startup] DEBUG: |-- ProcessNeeded 2020-01-11 08:40:04,075 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpIPURLs 2020-01-11 08:40:04,076 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpTorURLs 2020-01-11 08:40:04,076 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpURLs 2020-01-11 08:40:04,076 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpYara 2020-01-11 08:40:04,076 [cuckoo.core.startup] DEBUG: |-- Psyokym 2020-01-11 08:40:04,076 [cuckoo.core.startup] DEBUG: |-- PuceMutexes 2020-01-11 08:40:04,076 [cuckoo.core.startup] DEBUG: |-- PutterpandaMutexes 2020-01-11 08:40:04,076 [cuckoo.core.startup] DEBUG: |-- Putty 2020-01-11 08:40:04,076 [cuckoo.core.startup] DEBUG: |-- PWDumpFile 2020-01-11 08:40:04,076 [cuckoo.core.startup] DEBUG: |-- Pykse 2020-01-11 08:40:04,077 [cuckoo.core.startup] DEBUG: |-- Qakbot 2020-01-11 08:40:04,077 [cuckoo.core.startup] DEBUG: |-- QueriesInstalledApps 2020-01-11 08:40:04,077 [cuckoo.core.startup] DEBUG: |-- Ragebot 2020-01-11 08:40:04,077 [cuckoo.core.startup] DEBUG: |-- RaisesException 2020-01-11 08:40:04,077 [cuckoo.core.startup] DEBUG: |-- Ramnit 2020-01-11 08:40:04,077 [cuckoo.core.startup] DEBUG: |-- RamsomwareFileMoves 2020-01-11 08:40:04,077 [cuckoo.core.startup] DEBUG: |-- ransomware_viruscoder 2020-01-11 08:40:04,077 [cuckoo.core.startup] DEBUG: |-- RansomwareAppendsExtension 2020-01-11 08:40:04,077 [cuckoo.core.startup] DEBUG: |-- RansomwareBcdedit 2020-01-11 08:40:04,077 [cuckoo.core.startup] DEBUG: |-- RansomwareDroppedFiles 2020-01-11 08:40:04,078 [cuckoo.core.startup] DEBUG: |-- RansomwareExtensions 2020-01-11 08:40:04,078 [cuckoo.core.startup] DEBUG: |-- RansomwareFiles 2020-01-11 08:40:04,078 [cuckoo.core.startup] DEBUG: |-- RansomwareMassFileDelete 2020-01-11 08:40:04,078 [cuckoo.core.startup] DEBUG: |-- RansomwareMessage 2020-01-11 08:40:04,078 [cuckoo.core.startup] DEBUG: |-- RansomwareMessageOCR 2020-01-11 08:40:04,078 [cuckoo.core.startup] DEBUG: |-- RansomwareRecyclebin 2020-01-11 08:40:04,078 [cuckoo.core.startup] DEBUG: |-- RansomwareShadowcopy 2020-01-11 08:40:04,078 [cuckoo.core.startup] DEBUG: |-- RansomwareWbadmin 2020-01-11 08:40:04,078 [cuckoo.core.startup] DEBUG: |-- RapidShare 2020-01-11 08:40:04,078 [cuckoo.core.startup] DEBUG: |-- rat_fexel_ip 2020-01-11 08:40:04,079 [cuckoo.core.startup] DEBUG: |-- rat_naid_ip 2020-01-11 08:40:04,079 [cuckoo.core.startup] DEBUG: |-- RatSiggen 2020-01-11 08:40:04,079 [cuckoo.core.startup] DEBUG: |-- RBot 2020-01-11 08:40:04,079 [cuckoo.core.startup] DEBUG: |-- RdpMutexes 2020-01-11 08:40:04,079 [cuckoo.core.startup] DEBUG: |-- ReadsUserAgent 2020-01-11 08:40:04,079 [cuckoo.core.startup] DEBUG: |-- Recon_Beacon 2020-01-11 08:40:04,079 [cuckoo.core.startup] DEBUG: |-- RemovesZoneIdADS 2020-01-11 08:40:04,079 [cuckoo.core.startup] DEBUG: |-- Renocide 2020-01-11 08:40:04,079 [cuckoo.core.startup] DEBUG: |-- RenosTrojan 2020-01-11 08:40:04,079 [cuckoo.core.startup] DEBUG: |-- ResumeThread 2020-01-11 08:40:04,079 [cuckoo.core.startup] DEBUG: |-- Rovnix 2020-01-11 08:40:04,080 [cuckoo.core.startup] DEBUG: |-- RTFCharacterSet 2020-01-11 08:40:04,080 [cuckoo.core.startup] DEBUG: |-- RTFUnknownVersion 2020-01-11 08:40:04,080 [cuckoo.core.startup] DEBUG: |-- Runbu 2020-01-11 08:40:04,080 [cuckoo.core.startup] DEBUG: |-- RunouceMutexes 2020-01-11 08:40:04,080 [cuckoo.core.startup] DEBUG: |-- Ruskill 2020-01-11 08:40:04,080 [cuckoo.core.startup] DEBUG: |-- Sadbot 2020-01-11 08:40:04,080 [cuckoo.core.startup] DEBUG: |-- SandboxieDetect 2020-01-11 08:40:04,080 [cuckoo.core.startup] DEBUG: |-- SandboxJoeAnubisDetectFiles 2020-01-11 08:40:04,080 [cuckoo.core.startup] DEBUG: |-- SDBot 2020-01-11 08:40:04,080 [cuckoo.core.startup] DEBUG: |-- SelfDeleteBat 2020-01-11 08:40:04,081 [cuckoo.core.startup] DEBUG: |-- Senna 2020-01-11 08:40:04,081 [cuckoo.core.startup] DEBUG: |-- Shadowbot 2020-01-11 08:40:04,081 [cuckoo.core.startup] DEBUG: |-- SharingRGhost 2020-01-11 08:40:04,081 [cuckoo.core.startup] DEBUG: |-- SharpStealerURL 2020-01-11 08:40:04,081 [cuckoo.core.startup] DEBUG: |-- ShellcodeWriteProcessMemory 2020-01-11 08:40:04,081 [cuckoo.core.startup] DEBUG: |-- Shiz 2020-01-11 08:40:04,081 [cuckoo.core.startup] DEBUG: |-- Shylock 2020-01-11 08:40:04,082 [cuckoo.core.startup] DEBUG: |-- SipStun 2020-01-11 08:40:04,082 [cuckoo.core.startup] DEBUG: |-- Smtp_GMail 2020-01-11 08:40:04,082 [cuckoo.core.startup] DEBUG: |-- Smtp_Live 2020-01-11 08:40:04,082 [cuckoo.core.startup] DEBUG: |-- Smtp_Mail_Ru 2020-01-11 08:40:04,082 [cuckoo.core.startup] DEBUG: |-- Smtp_Yahoo 2020-01-11 08:40:04,082 [cuckoo.core.startup] DEBUG: |-- SolarURL 2020-01-11 08:40:04,082 [cuckoo.core.startup] DEBUG: |-- SpyEyeMutexes 2020-01-11 08:40:04,082 [cuckoo.core.startup] DEBUG: |-- SpyeyeURL 2020-01-11 08:40:04,083 [cuckoo.core.startup] DEBUG: |-- SpynetRat 2020-01-11 08:40:04,083 [cuckoo.core.startup] DEBUG: |-- Spyrecorder 2020-01-11 08:40:04,083 [cuckoo.core.startup] DEBUG: |-- StackPivot 2020-01-11 08:40:04,083 [cuckoo.core.startup] DEBUG: |-- StackPivotShellcodeAPIs 2020-01-11 08:40:04,083 [cuckoo.core.startup] DEBUG: |-- StackPivotShellcodeCreateProcess 2020-01-11 08:40:04,083 [cuckoo.core.startup] DEBUG: |-- Staser 2020-01-11 08:40:04,083 [cuckoo.core.startup] DEBUG: |-- StealthChildProc 2020-01-11 08:40:04,083 [cuckoo.core.startup] DEBUG: |-- StealthHiddenExtension 2020-01-11 08:40:04,083 [cuckoo.core.startup] DEBUG: |-- StealthHiddenFile 2020-01-11 08:40:04,084 [cuckoo.core.startup] DEBUG: |-- StealthHiddenIcons 2020-01-11 08:40:04,084 [cuckoo.core.startup] DEBUG: |-- StealthHideNotifications 2020-01-11 08:40:04,084 [cuckoo.core.startup] DEBUG: |-- StealthSystemProcName 2020-01-11 08:40:04,084 [cuckoo.core.startup] DEBUG: |-- StopsService 2020-01-11 08:40:04,084 [cuckoo.core.startup] DEBUG: |-- SunbeltDetectFiles 2020-01-11 08:40:04,084 [cuckoo.core.startup] DEBUG: |-- SunBeltSandboxDetect 2020-01-11 08:40:04,084 [cuckoo.core.startup] DEBUG: |-- SuspiciousCommandTools 2020-01-11 08:40:04,084 [cuckoo.core.startup] DEBUG: |-- SuspiciousPowershell 2020-01-11 08:40:04,084 [cuckoo.core.startup] DEBUG: |-- SuspiciousWriteEXE 2020-01-11 08:40:04,084 [cuckoo.core.startup] DEBUG: |-- SweetorangeMutexes 2020-01-11 08:40:04,085 [cuckoo.core.startup] DEBUG: |-- Swrort 2020-01-11 08:40:04,085 [cuckoo.core.startup] DEBUG: |-- SysInternalsToolsUsage 2020-01-11 08:40:04,085 [cuckoo.core.startup] DEBUG: |-- SystemInfo 2020-01-11 08:40:04,085 [cuckoo.core.startup] DEBUG: |-- SystemMetrics 2020-01-11 08:40:04,085 [cuckoo.core.startup] DEBUG: |-- TapiDpMutexes 2020-01-11 08:40:04,085 [cuckoo.core.startup] DEBUG: |-- TDSSBackdoor 2020-01-11 08:40:04,085 [cuckoo.core.startup] DEBUG: |-- TeamviewerRat 2020-01-11 08:40:04,085 [cuckoo.core.startup] DEBUG: |-- TerminatesRemoteProcess 2020-01-11 08:40:04,086 [cuckoo.core.startup] DEBUG: |-- ThreatTrackDetectFiles 2020-01-11 08:40:04,086 [cuckoo.core.startup] DEBUG: |-- TinbaMutexes 2020-01-11 08:40:04,086 [cuckoo.core.startup] DEBUG: |-- TnegaMutexes 2020-01-11 08:40:04,086 [cuckoo.core.startup] DEBUG: |-- Tor 2020-01-11 08:40:04,086 [cuckoo.core.startup] DEBUG: |-- TorHiddenService 2020-01-11 08:40:04,086 [cuckoo.core.startup] DEBUG: |-- Travnet 2020-01-11 08:40:04,086 [cuckoo.core.startup] DEBUG: |-- Trogbot 2020-01-11 08:40:04,086 [cuckoo.core.startup] DEBUG: |-- TrojanJorik 2020-01-11 08:40:04,087 [cuckoo.core.startup] DEBUG: |-- TrojanLethic 2020-01-11 08:40:04,087 [cuckoo.core.startup] DEBUG: |-- TrojanLethic 2020-01-11 08:40:04,087 [cuckoo.core.startup] DEBUG: |-- trojanmrblack 2020-01-11 08:40:04,087 [cuckoo.core.startup] DEBUG: |-- TrojanRedosru 2020-01-11 08:40:04,087 [cuckoo.core.startup] DEBUG: |-- TrojanSysn 2020-01-11 08:40:04,087 [cuckoo.core.startup] DEBUG: |-- trojanyoddos 2020-01-11 08:40:04,087 [cuckoo.core.startup] DEBUG: |-- TufikMutexes 2020-01-11 08:40:04,087 [cuckoo.core.startup] DEBUG: |-- Turkojan 2020-01-11 08:40:04,088 [cuckoo.core.startup] DEBUG: |-- TurlaCarbon 2020-01-11 08:40:04,088 [cuckoo.core.startup] DEBUG: |-- UFRStealer 2020-01-11 08:40:04,088 [cuckoo.core.startup] DEBUG: |-- Unhook 2020-01-11 08:40:04,088 [cuckoo.core.startup] DEBUG: |-- Upatre 2020-01-11 08:40:04,088 [cuckoo.core.startup] DEBUG: |-- UpatreTDMutexes 2020-01-11 08:40:04,088 [cuckoo.core.startup] DEBUG: |-- UPXCompressed 2020-01-11 08:40:04,088 [cuckoo.core.startup] DEBUG: |-- UrkShortCN 2020-01-11 08:40:04,088 [cuckoo.core.startup] DEBUG: |-- URLFile 2020-01-11 08:40:04,088 [cuckoo.core.startup] DEBUG: |-- URLSpy 2020-01-11 08:40:04,088 [cuckoo.core.startup] DEBUG: |-- UroburosFile 2020-01-11 08:40:04,089 [cuckoo.core.startup] DEBUG: |-- UroburosMutexes 2020-01-11 08:40:04,089 [cuckoo.core.startup] DEBUG: |-- Urxbot 2020-01-11 08:40:04,089 [cuckoo.core.startup] DEBUG: |-- UsesWindowsUtilities 2020-01-11 08:40:04,089 [cuckoo.core.startup] DEBUG: |-- Vanbot 2020-01-11 08:40:04,089 [cuckoo.core.startup] DEBUG: |-- VBInject 2020-01-11 08:40:04,089 [cuckoo.core.startup] DEBUG: |-- VBoxDetectACPI 2020-01-11 08:40:04,089 [cuckoo.core.startup] DEBUG: |-- VBoxDetectDevices 2020-01-11 08:40:04,089 [cuckoo.core.startup] DEBUG: |-- VBoxDetectFiles 2020-01-11 08:40:04,089 [cuckoo.core.startup] DEBUG: |-- VBoxDetectKeys 2020-01-11 08:40:04,090 [cuckoo.core.startup] DEBUG: |-- VBoxDetectProvname 2020-01-11 08:40:04,090 [cuckoo.core.startup] DEBUG: |-- VBoxDetectWindow 2020-01-11 08:40:04,090 [cuckoo.core.startup] DEBUG: |-- Vertex 2020-01-11 08:40:04,090 [cuckoo.core.startup] DEBUG: |-- VertexSolarURL 2020-01-11 08:40:04,090 [cuckoo.core.startup] DEBUG: |-- VirtualPCDetect 2020-01-11 08:40:04,090 [cuckoo.core.startup] DEBUG: |-- VirtualPCDetectWindow 2020-01-11 08:40:04,090 [cuckoo.core.startup] DEBUG: |-- VirtualPCIllegalInstruction 2020-01-11 08:40:04,090 [cuckoo.core.startup] DEBUG: |-- Virut 2020-01-11 08:40:04,091 [cuckoo.core.startup] DEBUG: |-- VMFirmware 2020-01-11 08:40:04,091 [cuckoo.core.startup] DEBUG: |-- VMPPacked 2020-01-11 08:40:04,091 [cuckoo.core.startup] DEBUG: |-- VMWareDetectFiles 2020-01-11 08:40:04,091 [cuckoo.core.startup] DEBUG: |-- VMWareDetectKeys 2020-01-11 08:40:04,091 [cuckoo.core.startup] DEBUG: |-- VMwareDetectWindow 2020-01-11 08:40:04,091 [cuckoo.core.startup] DEBUG: |-- VMWareInInstruction 2020-01-11 08:40:04,091 [cuckoo.core.startup] DEBUG: |-- VncMutexes 2020-01-11 08:40:04,091 [cuckoo.core.startup] DEBUG: |-- VNLoaderURL 2020-01-11 08:40:04,091 [cuckoo.core.startup] DEBUG: |-- VolDevicetree1 2020-01-11 08:40:04,091 [cuckoo.core.startup] DEBUG: |-- VolHandles1 2020-01-11 08:40:04,092 [cuckoo.core.startup] DEBUG: |-- VolLdrModules1 2020-01-11 08:40:04,092 [cuckoo.core.startup] DEBUG: |-- VolLdrModules2 2020-01-11 08:40:04,092 [cuckoo.core.startup] DEBUG: |-- VolMalfind1 2020-01-11 08:40:04,092 [cuckoo.core.startup] DEBUG: |-- VolModscan1 2020-01-11 08:40:04,092 [cuckoo.core.startup] DEBUG: |-- VolSvcscan1 2020-01-11 08:40:04,092 [cuckoo.core.startup] DEBUG: |-- VolSvcscan2 2020-01-11 08:40:04,092 [cuckoo.core.startup] DEBUG: |-- VolSvcscan3 2020-01-11 08:40:04,092 [cuckoo.core.startup] DEBUG: |-- VPCDetectKeys 2020-01-11 08:40:04,093 [cuckoo.core.startup] DEBUG: |-- Wakbot 2020-01-11 08:40:04,093 [cuckoo.core.startup] DEBUG: |-- WarbotURL 2020-01-11 08:40:04,093 [cuckoo.core.startup] DEBUG: |-- Whimoo 2020-01-11 08:40:04,093 [cuckoo.core.startup] DEBUG: |-- Win32ProcessCreate 2020-01-11 08:40:04,093 [cuckoo.core.startup] DEBUG: |-- WineDetect 2020-01-11 08:40:04,093 [cuckoo.core.startup] DEBUG: |-- WinSCP 2020-01-11 08:40:04,094 [cuckoo.core.startup] DEBUG: |-- WinSxsBot 2020-01-11 08:40:04,094 [cuckoo.core.startup] DEBUG: |-- WMIAntiVM 2020-01-11 08:40:04,094 [cuckoo.core.startup] DEBUG: |-- WMIPersistance 2020-01-11 08:40:04,094 [cuckoo.core.startup] DEBUG: |-- WMIService 2020-01-11 08:40:04,094 [cuckoo.core.startup] DEBUG: |-- WormAllaple 2020-01-11 08:40:04,094 [cuckoo.core.startup] DEBUG: |-- WormKolabc 2020-01-11 08:40:04,094 [cuckoo.core.startup] DEBUG: |-- XenDetectKeys 2020-01-11 08:40:04,095 [cuckoo.core.startup] DEBUG: |-- XtremeRAT 2020-01-11 08:40:04,095 [cuckoo.core.startup] DEBUG: |-- Xworm 2020-01-11 08:40:04,095 [cuckoo.core.startup] DEBUG: |-- Zegost 2020-01-11 08:40:04,095 [cuckoo.core.startup] DEBUG: |-- ZeusMutexes 2020-01-11 08:40:04,095 [cuckoo.core.startup] DEBUG: |-- ZeusP2P 2020-01-11 08:40:04,095 [cuckoo.core.startup] DEBUG: |-- ZeusURL 2020-01-11 08:40:04,096 [cuckoo.core.startup] DEBUG: `-- ZoneID 2020-01-11 08:40:04,096 [cuckoo.core.startup] DEBUG: Imported "reporting" modules: 2020-01-11 08:40:04,096 [cuckoo.core.startup] DEBUG: |-- ElasticSearch 2020-01-11 08:40:04,096 [cuckoo.core.startup] DEBUG: |-- Feedback 2020-01-11 08:40:04,096 [cuckoo.core.startup] DEBUG: |-- JsonDump 2020-01-11 08:40:04,096 [cuckoo.core.startup] DEBUG: |-- Mattermost 2020-01-11 08:40:04,096 [cuckoo.core.startup] DEBUG: |-- MISP 2020-01-11 08:40:04,097 [cuckoo.core.startup] DEBUG: |-- Moloch 2020-01-11 08:40:04,097 [cuckoo.core.startup] DEBUG: |-- MongoDB 2020-01-11 08:40:04,097 [cuckoo.core.startup] DEBUG: |-- Notification 2020-01-11 08:40:04,097 [cuckoo.core.startup] DEBUG: `-- SingleFile 2020-01-11 08:40:04,110 [cuckoo.core.startup] DEBUG: Checking for locked tasks.. 2020-01-11 08:40:04,123 [cuckoo.core.startup] DEBUG: Checking for pending service tasks.. 2020-01-11 08:40:04,129 [cuckoo.core.startup] DEBUG: Initializing Yara... 2020-01-11 08:40:04,132 [cuckoo.core.startup] DEBUG: |-- binaries embedded.yar 2020-01-11 08:40:04,132 [cuckoo.core.startup] DEBUG: |-- binaries filetypes.yar 2020-01-11 08:40:04,132 [cuckoo.core.startup] DEBUG: |-- binaries shellcodes.yar 2020-01-11 08:40:04,132 [cuckoo.core.startup] DEBUG: |-- binaries vmdetect.yar 2020-01-11 08:40:04,135 [cuckoo.core.startup] DEBUG: |-- scripts applocker_bypass.yar 2020-01-11 08:40:04,135 [cuckoo.core.startup] DEBUG: |-- scripts powerfun.yar 2020-01-11 08:40:04,135 [cuckoo.core.startup] DEBUG: |-- scripts powershell_AMSI.yar 2020-01-11 08:40:04,135 [cuckoo.core.startup] DEBUG: |-- scripts powershell_BITS_transfer.yar 2020-01-11 08:40:04,135 [cuckoo.core.startup] DEBUG: |-- scripts powershell_ddi_rc4.yar 2020-01-11 08:40:04,136 [cuckoo.core.startup] DEBUG: |-- scripts powershell_dfsp.yar 2020-01-11 08:40:04,136 [cuckoo.core.startup] DEBUG: |-- scripts powershell_di.yar 2020-01-11 08:40:04,136 [cuckoo.core.startup] DEBUG: |-- scripts powershell_empire.yar 2020-01-11 08:40:04,136 [cuckoo.core.startup] DEBUG: |-- scripts powershell_meterpreter.yar 2020-01-11 08:40:04,136 [cuckoo.core.startup] DEBUG: |-- scripts powershell_txt_c2.yar 2020-01-11 08:40:04,136 [cuckoo.core.startup] DEBUG: |-- scripts powershell_unicorn.yar 2020-01-11 08:40:04,136 [cuckoo.core.startup] DEBUG: |-- scripts powerworm.yar 2020-01-11 08:40:04,137 [cuckoo.core.startup] DEBUG: |-- shellcode metasploit.yar 2020-01-11 08:40:04,138 [cuckoo.core.startup] DEBUG: |-- office dde.yar 2020-01-11 08:40:04,138 [cuckoo.core.startup] DEBUG: |-- office ole.yar 2020-01-11 08:40:04,140 [cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2020-01-11 08:40:04,396 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Windows7-Cuckoo 2020-01-11 08:40:05,762 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Windows7-Cuckoo to its current snapshot 2020-01-11 08:40:05,869 [cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2020-01-11 08:40:05,879 [cuckoo.core.scheduler] INFO: Waiting for analysis tasks.