Failed to generate summary HTML report: 'dict object' has no attribute 'CAPE'

[tionosaja]

Please Help Me

I have an issue related to the reporting process

WARNING: The reporting module "ReportHTML" returned the following error: Failed to generate summary HTML report: 'dict object' has no attribute 'CAPE

WARNING: The reporting module "ReportHTMLSummary" returned the following error: Failed to generate summary HTML report: 'dict object' has no attribute 'CAPE'

WARNING: The reporting module "ReportPDF" returned the following error: Unable to open summary HTML report to convert to PDF: Ensure reporthtmlsummary is enabled in reporting.conf

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• I am running the latest version
• I did read the README!
• I checked the documentation and found no answer
• I checked to make sure that this issue has not already been filed
• I'm reporting the issue to the correct repository (for multi-repository projects)
• I have read and checked all configs (with all optional parts)

Context

Question	Answer
Git commit	Type $ git log | head -n1 to find out
OS version	Ubuntu 24.04, Windows 10 (VM Guest)

Failure Logs

in process.log

in reporting.conf

[reporthtml]
enabled = yes
screenshots = yes
apicalls = no

[reporthtmlsummary]
enabled = yes
screenshots = yes

[reportpdf]
enabled = yes

[doomedraven]

hello, just tested it works fine here, have you disaled CAPE in processing.conf? also provide more info from template as on which commit you are, and you maybe have some previous errors in console?

[tionosaja]

hello, just tested it works fine here, have you disaled CAPE in processing.conf? also provide more info from template as on which commit you are, and you maybe have some previous errors in console?

By default, [CAPE] is enabled. I just disabled it, tried again, and the error is still the same.

processing.conf

# Enable or disable the available processing modules [on/off].
# If you add a custom processing module to your Cuckoo setup, you have to add
# a dedicated entry in this file, or it won't be executed.
# You can also add additional options under the section of your module and
# they will be available in your Python class.

# Community
# exclude files that doesn't match safe extension and ignore their files from processing inside of other modules like CAPE.py
[antiransomware]
enabled = no
# ignore all files with extension found more than X
skip_number = 30

# Community
[curtain]
enabled = no

# Community
[sysmon]
#enabled = no
enabled = yes

[analysisinfo]
enabled = yes

# Community
# FLARE capa -> to update rules utils/community.py -cr
# install -> cd /tmp && git clone --recurse-submodules https://github.com/fireeye/capa.git && cd capa && git submodule update --init rules && python -m poetry run pip in>[flare_capa]
enabled = no
# Generate it always or generate on demand only(user need to click button to generate it), still should be enabled to use this feature on demand
on_demand = no
# Analyze binary payloads
static = no
# Analyze CAPE payloads
cape = no
# Analyze ProcDump
procdump = no
# Community
[decompression]
enabled = no

[dumptls]
enabled = no

[amsi]
enabled = no

[behavior]
enabled = yes
# Toggle specific modules within the BehaviorAnalysis class
anomaly = yes
processtree = yes
summary = yes
enhanced = yes
encryptedbuffers = yes
# Should the server use a compressed version of behavioural logs? This helps
# in saving space in Mongo, accelerates searchs and reduce the size of the
# final JSON report.
loop_detection = no
# The number of calls per process to process. 0 switches the limit off.
# 10000 api calls should be processed in less than 2 minutes
analysis_call_limit = 0
# Use ram to boost processing speed. You will need more than 20GB of RAM for this feature.
# Please read "performance" section in the documentation.
ram_boost = no                                                                                                                                                            # https://capev2.readthedocs.io/en/latest/usage/patterns_replacement.html
replace_patterns = no
file_activities = no

[tracee]
enabled = no

[strace]
enabled = no
# Toggle specific modules within the StraceAnalysis class
processtree = no
# Platform specific
platform = linux

[debug]
enabled = yes
# Amount of text (bytes)
buffer = 0

[detections]
enabled = yes
# Signatures
behavior = yes
yara = yes
suricata = yes
virustotal = no
clamav = no

# ... but this mechanism may still be switched on
[procmemory]
enabled = yes
strings = yes

[procmon]
enabled = no

[memory]
enabled = no
                                                                                                                                                                          [usage]
enabled = no

[network]
enabled = yes
sort_pcap = no
# DNS whitelisting to ignore domains/IPs configured in network.py
dnswhitelist = yes
# additional entries
dnswhitelist_file = extra/whitelist_domains.txt
ipwhitelist = yes
ipwhitelist_file = extra/whitelist_ips.txt
network_passlist = no
network_passlist_file = extra/whitelist_network.txt

# Requires geoip2 and maxmind database
country_lookup = no
# Register and download for free from
# https://www.maxmind.com/ or https://ipinfo.io/
# For maxmind use: GeoLite2 Country
# For ipinfo use: Free IP to Country + IP to ASN
maxmind_database = data/GeoLite2-Country.mmdb

[pcapng]
enabled = no

[url_analysis]
enabled = yes
# Enable a WHOIS lookup for the target domain of a URL analyses
whois = yes

[strings]
enabled = yes
on_demand = no
nullterminated_only = no
minchars = 5

# Community
[trid]
# Specify the path to the trid binary to use for static analysis.
enabled = no
identifier = data/trid/trid
definitions = data/trid/triddefs.trd

[die]
# Detect it Easy
enabled = no
binary = /usr/bin/diec

[virustotal]
enabled = yes
on_demand = no
timeout = 60
# remove empty detections
remove_empty = yes
# Add your VirusTotal API key here. The default API key, kindly provided
# by the VirusTotal team, should enable you with a sufficient throughput
# and while being shared with all our users, it shouldn't affect your use.
key = a0283a2c3d55728300d064874239b5346fb991317e8449fe43c902879d758088
do_file_lookup = yes
do_url_lookup = yes
urlscrub = (^http:\/\/serw\.clicksor\.com\/redir\.php\?url=|&InjectedParam=.+$)

[suricata]
# Notes on getting this to work check install_suricata function:
# https://github.com/kevoreilly/CAPEv2/blob/master/installer/cape2.sh

enabled = yes
#Runmode "cli" or "socket"
runmode = socket
#Outputfiles
# if evelog is specified, it will be used instead of the per-protocol log files
evelog = eve.json

# per-protocol log files
#
#alertlog = alert.json
#httplog = http.json                                                                                                                                                      #tlslog = tls.json
#sshlog = ssh.json
#dnslog = dns.json

fileslog = files-json.log
filesdir = files
# Amount of text to carve from plaintext files (bytes)
buffer = 8192
#Used for creating an archive of extracted files
7zbin = /usr/bin/7z
zippass = infected
##Runmode "cli" options
bin = /usr/bin/suricata
conf = /etc/suricata/suricata.yaml
##Runmode "socket" Options
socket_file = /tmp/suricata-command.socket

# Community
[cif]
enabled = no
# url of CIF server
url = https://your-cif-server.com/api
# CIF API key
key = your-api-key-here
# time to wait for server to respond, in seconds
timeout = 60
# minimum confidence level of returned results:
# 25=not confident, 50=automated, 75=somewhat confident, 85=very confident, 95=certain
# defaults to 85
confidence = 85
# don't log queries by default, set to 'no' to log queries
nolog = yes
# max number of results per query
per_lookup_limit = 20
# max number of queries per analysis
per_analysis_limit = 200

[CAPE]
enabled = no
# Ex targetinfo standalone module
targetinfo = yes
# Ex dropped standalone module
dropped = yes
# Ex procdump standalone module
procdump = yes
# Amount of text to carve from plaintext files (bytes)
buffer = 8192
# Process files not bigger than value below in Mb. We saw that after 90Mb it has biggest delay
max_file_size = 90
# Scan for UserDB.TXT signature matches
userdb_signature = no
# https://capev2.readthedocs.io/en/latest/usage/patterns_replacement.html
replace_patterns = no

# Deduplicate screenshots - You need to install dependency ImageHash>=4.3.1
[deduplication]
#
# Available hashs functions:
#  ahash:      Average hash
#  phash:      Perceptual hash
#  dhash:      Difference hash
#  whash-haar: Haar wavelet hash
#  whash-db4:  Daubechies wavelet hash
enabled = no
hashmethod = ahash

# Community
[vba2graph]
# Mac - brew install graphviz
# Ubuntu - sudo apt-get install graphviz
# Arch - sudo pacman -S graphviz+
# sudo poetry run pip install networkx>=2.1 graphviz>=0.8.4 pydot>=1.2.4
enabled = yes
on_demand = yes

# ja3 finger print db with descriptions
# https://github.com/trisulnsm/trisul-scripts/blob/master/lua/frontend_scripts/reassembly/ja3/prints/ja3fingerprint.json
[ja3]
ja3_path = data/ja3/ja3fingerprint.json

[maliciousmacrobot]
# https://maliciousmacrobot.readthedocs.io
# Install mmbot
#   sudo poetry run pip install mmbot
# Create/Set required paths
# Populate benign_path and malicious_path with appropriate macro maldocs (try the tests/samples in the github)
#   https://github.com/egaus/MaliciousMacroBot/tree/master/tests/samples
# Create modeldata.pickle with your maldocs (this does not append to the model, it overwrites it)
#
#   mmb = MaliciousMacroBot(benign_path, malicious_path, model_path, retain_sample_contents=False)
#   result = mmb.mmb_init_model(modelRebuild=True)
#
# Copy your model file and vocab.txt to your model_path
enabled = no
benign_path = /opt/cuckoo/data/mmbot/benign
malicious_path = /opt/cuckoo/data/mmbot/malicious
model_path = /opt/cuckoo/data/mmbot/model

# Community
[xlsdeobf]
# poetry run pip install git+https://github.com/DissectMalware/XLMMacroDeobfuscator.git
enabled = no
on_demand = no

# Community
[boxjs]
enabled = no
timeout = 60
url = http://your_super_box_js:9000

# Community
# Extractors
[mwcp]
enabled = yes
modules_path = modules/processing/parsers/mwcp/

# Community
[ratdecoders]
enabled = yes
modules_path = modules/processing/parsers/RATDecoders/

# Community
[malduck]
enabled = yes
modules_path = modules/processing/parsers/malduck/

[CAPE_extractors]
enabled = yes
# Must ends with /
modules_path = modules/processing/parsers/CAPE/
# Config parsers all/core/community
parsers = all
# list of comma separated parsers. Ex: stealc,lumma
exclude=

# Community
[reversinglabs]
enabled = no
url =
key =

# Community
[script_log_processing]
enabled = yes

# Community
[floss]
enabled = no
on_demand = yes
static_strings = no
stack_strings = yes
decoded_strings = yes
tight_strings = yes
min_length = 5
# Download FLOSS signatures from https://github.com/mandiant/flare-floss/tree/master/sigs
sigs_path = data/flare-signatures

[html_scraper]
enabled = no

Debug log from command poetry run python utils/process.py -r 15 -d

2025-03-08 11:17:34,771 [root] DEBUG: Importing modules...
2025-03-08 11:17:34,772 [modules.auxiliary.QemuScreenshots] DEBUG: Importing 'PIL.ImageChops.difference'
2025-03-08 11:17:34,772 [modules.auxiliary.QemuScreenshots] DEBUG: Importing 'PIL.ImageDraw'
2025-03-08 11:17:34,773 [modules.auxiliary.QemuScreenshots] DEBUG: Importing 'PIL.Image'
OPTIONAL! Missed dependency: poetry run pip install -U git+https://github.com/CAPESandbox/httpreplay
2025-03-08 11:17:34,938 [lazy_import] DEBUG: Getting attr Fernet of LazyModule instance of cryptography.fernet
2025-03-08 11:17:34,938 [lazy_import] DEBUG: Getting attr __name__ of LazyModule instance of cryptography.fernet
2025-03-08 11:17:34,959 [root] DEBUG: Missed file extra/msft-public-ips.csv. Get a fresh copy from https://www.microsoft.com/en-us/download/details.aspx?id=53602
2025-03-08 11:17:35,033 [lazy_import] DEBUG: Getting attr __spec__ of LazyModule instance of yaml
2025-03-08 11:17:35,034 [lazy_import] DEBUG: Getting attr __path__ of LazyModule instance of yaml
2025-03-08 11:17:35,034 [lazy_import] DEBUG: Getting attr __name__ of LazyModule instance of yaml
2025-03-08 11:17:35,034 [lazy_import] DEBUG: Proceeding to load module yaml, from requested value __path__
2025-03-08 11:17:35,034 [lazy_import] DEBUG: Getting attr __name__ of LazyModule instance of yaml
2025-03-08 11:17:35,034 [lazy_import] DEBUG: loading module yaml
2025-03-08 11:17:35,041 [lazy_import] DEBUG: Successfully loaded module yaml
2025-03-08 11:17:35,268 [capa.rules] DEBUG: reading rules from directory /opt/CAPEv2/data/capa-rules
2025-03-08 11:17:35,283 [capa.rules.cache] DEBUG: loading rule set from cache: /home/cape/.cache/capa/capa-1d6fb80b.cache
2025-03-08 11:17:35,318 [capa.loader] DEBUG: reading signatures from directory /opt/CAPEv2/data/flare-signatures
2025-03-08 11:17:35,318 [capa.loader] DEBUG: found signature file: /opt/CAPEv2/data/flare-signatures/1_flare_msvc_rtf_32_64.sig
2025-03-08 11:17:35,318 [capa.loader] DEBUG: found signature file: /opt/CAPEv2/data/flare-signatures/2_flare_msvc_atlmfc_32_64.sig
2025-03-08 11:17:35,318 [capa.loader] DEBUG: found signature file: /opt/CAPEv2/data/flare-signatures/3_flare_common_libs.sig
2025-03-08 11:17:35,347 [root] DEBUG: Imported "auxiliary" modules:
2025-03-08 11:17:35,347 [root] DEBUG:    |-- AzSniffer
2025-03-08 11:17:35,347 [root] DEBUG:    |-- Mitmdump
2025-03-08 11:17:35,347 [root] DEBUG:    |-- QEMUScreenshots
2025-03-08 11:17:35,347 [root] DEBUG:    `-- Sniffer
2025-03-08 11:17:35,347 [root] DEBUG: Imported "processing" modules:
2025-03-08 11:17:35,347 [root] DEBUG:    |-- AnalysisInfo
2025-03-08 11:17:35,347 [root] DEBUG:    |-- Autoruns
2025-03-08 11:17:35,348 [root] DEBUG:    |-- BehaviorAnalysis
2025-03-08 11:17:35,348 [root] DEBUG:    |-- Debug
2025-03-08 11:17:35,348 [root] DEBUG:    |-- HollowsHunter
2025-03-08 11:17:35,348 [root] DEBUG:    |-- NetworkAnalysis
2025-03-08 11:17:35,348 [root] DEBUG:    |-- ProcessMemory
2025-03-08 11:17:35,348 [root] DEBUG:    |-- script_log_processing
2025-03-08 11:17:35,348 [root] DEBUG:    |-- Suricata
2025-03-08 11:17:35,348 [root] DEBUG:    |-- Sysmon
2025-03-08 11:17:35,348 [root] DEBUG:    `-- UrlAnalysis
2025-03-08 11:17:35,348 [root] DEBUG: Imported "signatures" modules:
2025-03-08 11:17:35,348 [root] DEBUG:    |-- AntiAnalysisTLSSection
2025-03-08 11:17:35,348 [root] DEBUG:    |-- ClamAV
2025-03-08 11:17:35,348 [root] DEBUG:    |-- KnownVirustotal
2025-03-08 11:17:35,348 [root] DEBUG:    |-- BadCerts
2025-03-08 11:17:35,348 [root] DEBUG:    |-- BadSSLCerts
2025-03-08 11:17:35,348 [root] DEBUG:    |-- ZeusP2P
2025-03-08 11:17:35,348 [root] DEBUG:    |-- ZeusURL
2025-03-08 11:17:35,348 [root] DEBUG:    |-- BinaryTriggeredYARA
2025-03-08 11:17:35,348 [root] DEBUG:    |-- AthenaHttp
2025-03-08 11:17:35,348 [root] DEBUG:    |-- DirtJumper
2025-03-08 11:17:35,348 [root] DEBUG:    |-- Drive
2025-03-08 11:17:35,348 [root] DEBUG:    |-- Drive2
2025-03-08 11:17:35,348 [root] DEBUG:    |-- Madness
2025-03-08 11:17:35,348 [root] DEBUG:    |-- HTMLPhisher_0
2025-03-08 11:17:35,348 [root] DEBUG:    |-- HTMLPhisher_1
2025-03-08 11:17:35,348 [root] DEBUG:    |-- HTMLPhisher_2
2025-03-08 11:17:35,348 [root] DEBUG:    |-- FamilyProxyBack
2025-03-08 11:17:35,348 [root] DEBUG:    |-- FlareCAPAAntiAnalysis
2025-03-08 11:17:35,348 [root] DEBUG:    |-- FlareCAPACollection
2025-03-08 11:17:35,348 [root] DEBUG:    |-- FlareCAPAcommunication
2025-03-08 11:17:35,348 [root] DEBUG:    |-- FlareCAPACompiler
2025-03-08 11:17:35,348 [root] DEBUG:    |-- FlareCAPADataManipulation
2025-03-08 11:17:35,348 [root] DEBUG:    |-- FlareCAPAExecutable
2025-03-08 11:17:35,348 [root] DEBUG:    |-- FlareCAPAHostInteration
2025-03-08 11:17:35,348 [root] DEBUG:    |-- FlareCAPAcommunication
2025-03-08 11:17:35,348 [root] DEBUG:    |-- FlareCAPALib
2025-03-08 11:17:35,348 [root] DEBUG:    |-- FlareCAPALinking
2025-03-08 11:17:35,348 [root] DEBUG:    |-- FlareCAPALoadCode
2025-03-08 11:17:35,348 [root] DEBUG:    |-- FlareCAPAMalwareFamily
2025-03-08 11:17:35,348 [root] DEBUG:    |-- FlareCAPANursery
2025-03-08 11:17:35,348 [root] DEBUG:    |-- FlareCAPAPersistence
2025-03-08 11:17:35,348 [root] DEBUG:    |-- FlareCAPARuntime
2025-03-08 11:17:35,348 [root] DEBUG:    |-- FlareCAPATargeting
2025-03-08 11:17:35,348 [root] DEBUG:    |-- ThreatFox
2025-03-08 11:17:35,348 [root] DEBUG:    |-- Log4j
2025-03-08 11:17:35,348 [root] DEBUG:    |-- MimicsExtension
2025-03-08 11:17:35,348 [root] DEBUG:    |-- NetworkCountryDistribution
2025-03-08 11:17:35,348 [root] DEBUG:    |-- NetworkMultipleDirectIPConnections
2025-03-08 11:17:35,348 [root] DEBUG:    |-- NetworkCnCHTTP
2025-03-08 11:17:35,348 [root] DEBUG:    |-- NetworkHTTPPOST
2025-03-08 11:17:35,348 [root] DEBUG:    |-- NetworkIPEXE
2025-03-08 11:17:35,348 [root] DEBUG:    |-- NetworkDGA
2025-03-08 11:17:35,348 [root] DEBUG:    |-- NetworkDGAFraunhofer
2025-03-08 11:17:35,349 [root] DEBUG:    |-- NetworkDynDNS
2025-03-08 11:17:35,349 [root] DEBUG:    |-- NetworkExcessiveUDP
2025-03-08 11:17:35,349 [root] DEBUG:    |-- NetworkHTTP
2025-03-08 11:17:35,349 [root] DEBUG:    |-- NetworkICMP
2025-03-08 11:17:35,349 [root] DEBUG:    |-- NetworkIRC
2025-03-08 11:17:35,349 [root] DEBUG:    |-- NetworkOpenProxy
2025-03-08 11:17:35,349 [root] DEBUG:    |-- NetworkP2P
2025-03-08 11:17:35,349 [root] DEBUG:    |-- NetworkQuestionableHost
2025-03-08 11:17:35,349 [root] DEBUG:    |-- NetworkQuestionableHttpPath
2025-03-08 11:17:35,349 [root] DEBUG:    |-- NetworkQuestionableHttpsPath
2025-03-08 11:17:35,349 [root] DEBUG:    |-- NetworkSMTP
2025-03-08 11:17:35,349 [root] DEBUG:    |-- TorGateway
2025-03-08 11:17:35,349 [root] DEBUG:    |-- BuildLangID
2025-03-08 11:17:35,349 [root] DEBUG:    |-- ResourceLangID
2025-03-08 11:17:35,349 [root] DEBUG:    |-- overlay
2025-03-08 11:17:35,349 [root] DEBUG:    |-- PackerUnknownPESectionName
2025-03-08 11:17:35,349 [root] DEBUG:    |-- ASPackPacked
2025-03-08 11:17:35,349 [root] DEBUG:    |-- AspireCryptPacked
2025-03-08 11:17:35,349 [root] DEBUG:    |-- BedsProtectorPacked
2025-03-08 11:17:35,349 [root] DEBUG:    |-- ConfuserPacked
2025-03-08 11:17:35,349 [root] DEBUG:    |-- EnigmaPacked
2025-03-08 11:17:35,349 [root] DEBUG:    |-- PackerEntropy
2025-03-08 11:17:35,349 [root] DEBUG:    |-- MPressPacked
2025-03-08 11:17:35,349 [root] DEBUG:    |-- NatePacked
2025-03-08 11:17:35,349 [root] DEBUG:    |-- NsPacked
2025-03-08 11:17:35,349 [root] DEBUG:    |-- SmartAssemblyPacked
2025-03-08 11:17:35,349 [root] DEBUG:    |-- SpicesPacked
2025-03-08 11:17:35,349 [root] DEBUG:    |-- ThemidaPacked
2025-03-08 11:17:35,349 [root] DEBUG:    |-- ThemidaPackedSection
2025-03-08 11:17:35,349 [root] DEBUG:    |-- TitanPacked
2025-03-08 11:17:35,349 [root] DEBUG:    |-- UPXCompressed
2025-03-08 11:17:35,349 [root] DEBUG:    |-- VMPPacked
2025-03-08 11:17:35,349 [root] DEBUG:    |-- YodaPacked
2025-03-08 11:17:35,349 [root] DEBUG:    |-- PDF_Annot_URLs_Checker
2025-03-08 11:17:35,349 [root] DEBUG:    |-- Polymorphic
2025-03-08 11:17:35,349 [root] DEBUG:    |-- PunchPlusPlusPCREs
2025-03-08 11:17:35,349 [root] DEBUG:    |-- Procmem_Yara
2025-03-08 11:17:35,349 [root] DEBUG:    |-- CheckIP
2025-03-08 11:17:35,349 [root] DEBUG:    |-- Authenticode
2025-03-08 11:17:35,349 [root] DEBUG:    |-- InvalidAuthenticodeSignature
2025-03-08 11:17:35,349 [root] DEBUG:    |-- DotNetAnomaly
2025-03-08 11:17:35,349 [root] DEBUG:    |-- Static_Java
2025-03-08 11:17:35,349 [root] DEBUG:    |-- Static_PDF
2025-03-08 11:17:35,349 [root] DEBUG:    |-- ContainsPEOverlay
2025-03-08 11:17:35,349 [root] DEBUG:    |-- PEAnomaly
2025-03-08 11:17:35,349 [root] DEBUG:    |-- PECompileTimeStomping
2025-03-08 11:17:35,349 [root] DEBUG:    |-- StaticPEPDBPath
2025-03-08 11:17:35,349 [root] DEBUG:    |-- RATConfig
2025-03-08 11:17:35,349 [root] DEBUG:    |-- VersionInfoAnomaly
2025-03-08 11:17:35,349 [root] DEBUG:    |-- StealthNetwork
2025-03-08 11:17:35,349 [root] DEBUG:    |-- SuricataAlert
2025-03-08 11:17:35,349 [root] DEBUG:    |-- suspiciousHRML_Body
2025-03-08 11:17:35,349 [root] DEBUG:    |-- suspiciousHTML_Filename
2025-03-08 11:17:35,349 [root] DEBUG:    |-- suspiciousHTML_Title
2025-03-08 11:17:35,349 [root] DEBUG:    |-- VolDevicetree1
2025-03-08 11:17:35,350 [root] DEBUG:    |-- VolHandles1
2025-03-08 11:17:35,350 [root] DEBUG:    |-- VolLdrModules1
2025-03-08 11:17:35,350 [root] DEBUG:    |-- VolLdrModules2
2025-03-08 11:17:35,350 [root] DEBUG:    |-- VolMalfind1
2025-03-08 11:17:35,350 [root] DEBUG:    |-- VolMalfind2
2025-03-08 11:17:35,350 [root] DEBUG:    |-- VolModscan1
2025-03-08 11:17:35,350 [root] DEBUG:    |-- VolSvcscan1
2025-03-08 11:17:35,350 [root] DEBUG:    |-- VolSvcscan2
2025-03-08 11:17:35,350 [root] DEBUG:    |-- VolSvcscan3
2025-03-08 11:17:35,350 [root] DEBUG:    |-- WHOIS_Create
2025-03-08 11:17:35,350 [root] DEBUG:    |-- DisableDriverViaBlocklist
2025-03-08 11:17:35,350 [root] DEBUG:    |-- DisableDriverViaHVCIDisallowedImages
2025-03-08 11:17:35,350 [root] DEBUG:    |-- DisableHypervisorProtectedCodeIntegrity
2025-03-08 11:17:35,350 [root] DEBUG:    |-- PendingFileRenameOperations
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AccessesMailslot
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AccessesNetlogonRegkey
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AccessesPublicFolder
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AccessesSysvol
2025-03-08 11:17:35,350 [root] DEBUG:    |-- WritesSysvol
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AddsAdminUser
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AddsUser
2025-03-08 11:17:35,350 [root] DEBUG:    |-- OverwritesAdminPassword
2025-03-08 11:17:35,350 [root] DEBUG:    |-- anomalous_deletefile
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AntiAnalysisDetectFile
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AntiAnalysisDetectReg
2025-03-08 11:17:35,350 [root] DEBUG:    |-- QihooDetectLibs
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AhnlabDetectLibs
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AvastDetectLibs
2025-03-08 11:17:35,350 [root] DEBUG:    |-- BitdefenderDetectLibs
2025-03-08 11:17:35,350 [root] DEBUG:    |-- BullguardDetectLibs
2025-03-08 11:17:35,350 [root] DEBUG:    |-- ModifiesAttachmentManager
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AntiAVDetectFile
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AntiAVDetectReg
2025-03-08 11:17:35,350 [root] DEBUG:    |-- EmsisoftDetectLibs
2025-03-08 11:17:35,350 [root] DEBUG:    |-- QurbDetectLibs
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AntiAVServiceStop
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AntiAVSRP
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AntiAVWhitespace
2025-03-08 11:17:35,350 [root] DEBUG:    |-- antidebug_addvectoredexceptionhandler
2025-03-08 11:17:35,350 [root] DEBUG:    |-- APIOverrideDetectLibs
2025-03-08 11:17:35,350 [root] DEBUG:    |-- antidebug_checkremotedebuggerpresent
2025-03-08 11:17:35,350 [root] DEBUG:    |-- antidebug_debugactiveprocess
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AntiDBGDevices
2025-03-08 11:17:35,350 [root] DEBUG:    |-- antidebug_gettickcount
2025-03-08 11:17:35,350 [root] DEBUG:    |-- antidebug_guardpages
2025-03-08 11:17:35,350 [root] DEBUG:    |-- antidebug_ntcreatethreadex
2025-03-08 11:17:35,350 [root] DEBUG:    |-- BullguardDetectLibs
2025-03-08 11:17:35,350 [root] DEBUG:    |-- antidebug_ntsetinformationthread
2025-03-08 11:17:35,350 [root] DEBUG:    |-- antidebug_outputdebugstring
2025-03-08 11:17:35,350 [root] DEBUG:    |-- antidebug_setunhandledexceptionfilter
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AntiDBGWindows
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AntiEmuWinDefend
2025-03-08 11:17:35,350 [root] DEBUG:    |-- WineDetectReg
2025-03-08 11:17:35,350 [root] DEBUG:    |-- WineDetectFunc
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AntiSandboxCheckUserdomain
2025-03-08 11:17:35,350 [root] DEBUG:    |-- AntiCuckoo
2025-03-08 11:17:35,351 [root] DEBUG:    |-- CuckooDetectFiles
2025-03-08 11:17:35,351 [root] DEBUG:    |-- CuckooCrash
2025-03-08 11:17:35,351 [root] DEBUG:    |-- AntiSandboxForegroundWindow
2025-03-08 11:17:35,351 [root] DEBUG:    |-- FortinetDetectFiles
2025-03-08 11:17:35,351 [root] DEBUG:    |-- SandboxJoeAnubisDetectFiles
2025-03-08 11:17:35,351 [root] DEBUG:    |-- HookMouse
2025-03-08 11:17:35,351 [root] DEBUG:    |-- AntiSandboxRestart
2025-03-08 11:17:35,351 [root] DEBUG:    |-- SandboxieDetectLibs
2025-03-08 11:17:35,351 [root] DEBUG:    |-- AntisandboxSboxieMutex
2025-03-08 11:17:35,351 [root] DEBUG:    |-- AntiSandboxSboxieObjects
2025-03-08 11:17:35,351 [root] DEBUG:    |-- AntiSandboxScriptTimer
2025-03-08 11:17:35,351 [root] DEBUG:    |-- AntiSandboxSleep
2025-03-08 11:17:35,351 [root] DEBUG:    |-- SunbeltDetectFiles
2025-03-08 11:17:35,351 [root] DEBUG:    |-- SunbeltDetectLibs
2025-03-08 11:17:35,351 [root] DEBUG:    |-- AntiSandboxSuspend
2025-03-08 11:17:35,351 [root] DEBUG:    |-- ThreatTrackDetectFiles
2025-03-08 11:17:35,351 [root] DEBUG:    |-- Unhook
2025-03-08 11:17:35,351 [root] DEBUG:    |-- BochsDetectKeys
2025-03-08 11:17:35,351 [root] DEBUG:    |-- AntiVMDirectoryObjects
2025-03-08 11:17:35,351 [root] DEBUG:    |-- AntiVMBios
2025-03-08 11:17:35,351 [root] DEBUG:    |-- AntiVMCPU
2025-03-08 11:17:35,351 [root] DEBUG:    |-- DiskInformation
2025-03-08 11:17:35,351 [root] DEBUG:    |-- SetupAPIDiskInformation
2025-03-08 11:17:35,351 [root] DEBUG:    |-- AntiVMDiskReg
2025-03-08 11:17:35,351 [root] DEBUG:    |-- AntiVMSCSI
2025-03-08 11:17:35,351 [root] DEBUG:    |-- AntiVMServices
2025-03-08 11:17:35,351 [root] DEBUG:    |-- AntiVMSystem
2025-03-08 11:17:35,351 [root] DEBUG:    |-- HyperVDetectKeys
2025-03-08 11:17:35,351 [root] DEBUG:    |-- AntiVMChecksAvailableMemory
2025-03-08 11:17:35,351 [root] DEBUG:    |-- NetworkAdapters
2025-03-08 11:17:35,351 [root] DEBUG:    |-- ParallelsDetectKeys
2025-03-08 11:17:35,351 [root] DEBUG:    |-- DetectVirtualizationViaRecentFiles
2025-03-08 11:17:35,351 [root] DEBUG:    |-- VBoxDetectDevices
2025-03-08 11:17:35,351 [root] DEBUG:    |-- VBoxDetectFiles
2025-03-08 11:17:35,351 [root] DEBUG:    |-- VBoxDetectKeys
2025-03-08 11:17:35,351 [root] DEBUG:    |-- VBoxDetectLibs
2025-03-08 11:17:35,351 [root] DEBUG:    |-- VBoxDetectProvname
2025-03-08 11:17:35,351 [root] DEBUG:    |-- VBoxDetectWindow
2025-03-08 11:17:35,351 [root] DEBUG:    |-- VMwareDetectDevices
2025-03-08 11:17:35,351 [root] DEBUG:    |-- VMwareDetectEvent
2025-03-08 11:17:35,351 [root] DEBUG:    |-- VMwareDetectFiles
2025-03-08 11:17:35,351 [root] DEBUG:    |-- VMwareDetectKeys
2025-03-08 11:17:35,351 [root] DEBUG:    |-- VMwareDetectLibs
2025-03-08 11:17:35,351 [root] DEBUG:    |-- VMwareDetectMutexes
2025-03-08 11:17:35,351 [root] DEBUG:    |-- VPCDetectFiles
2025-03-08 11:17:35,351 [root] DEBUG:    |-- VPCDetectKeys
2025-03-08 11:17:35,351 [root] DEBUG:    |-- VPCDetectMutex
2025-03-08 11:17:35,351 [root] DEBUG:    |-- XenDetectKeys
2025-03-08 11:17:35,351 [root] DEBUG:    |-- APISpamming
2025-03-08 11:17:35,351 [root] DEBUG:    |-- api_uuidfromstringa
2025-03-08 11:17:35,351 [root] DEBUG:    |-- AsyncRatMutex
2025-03-08 11:17:35,351 [root] DEBUG:    |-- GulpixBehavior
2025-03-08 11:17:35,351 [root] DEBUG:    |-- KetricanRegkeys
2025-03-08 11:17:35,351 [root] DEBUG:    |-- OkrumMutexes
2025-03-08 11:17:35,351 [root] DEBUG:    |-- Cridex
2025-03-08 11:17:35,351 [root] DEBUG:    |-- Geodo
2025-03-08 11:17:35,352 [root] DEBUG:    |-- Prinimalka
2025-03-08 11:17:35,352 [root] DEBUG:    |-- SpyEyeMutexes
2025-03-08 11:17:35,352 [root] DEBUG:    |-- ZeusMutexes
2025-03-08 11:17:35,352 [root] DEBUG:    |-- BCDEditCommand
2025-03-08 11:17:35,352 [root] DEBUG:    |-- BitcoinOpenCL
2025-03-08 11:17:35,352 [root] DEBUG:    |-- AccessesPrimaryPartition
2025-03-08 11:17:35,352 [root] DEBUG:    |-- Bootkit
2025-03-08 11:17:35,352 [root] DEBUG:    |-- DirectHDDAccess
2025-03-08 11:17:35,352 [root] DEBUG:    |-- EnumeratesPhysicalDrives
2025-03-08 11:17:35,352 [root] DEBUG:    |-- PhysicalDriveAccess
2025-03-08 11:17:35,352 [root] DEBUG:    |-- PotentialOverWriteMBR
2025-03-08 11:17:35,352 [root] DEBUG:    |-- SuspiciousIoctlSCSIPassthough
2025-03-08 11:17:35,352 [root] DEBUG:    |-- Ruskill
2025-03-08 11:17:35,352 [root] DEBUG:    |-- BrowserAddon
2025-03-08 11:17:35,352 [root] DEBUG:    |-- ChromiumBrowserExtensionDirectory
2025-03-08 11:17:35,352 [root] DEBUG:    |-- BrowserHelperObject
2025-03-08 11:17:35,352 [root] DEBUG:    |-- BrowserNeeded
2025-03-08 11:17:35,352 [root] DEBUG:    |-- ModifyProxy
2025-03-08 11:17:35,352 [root] DEBUG:    |-- BrowserScanbox
2025-03-08 11:17:35,352 [root] DEBUG:    |-- BrowserSecurity
2025-03-08 11:17:35,352 [root] DEBUG:    |-- browser_startpage
2025-03-08 11:17:35,352 [root] DEBUG:    |-- FirefoxDisablesProcessPerTab
2025-03-08 11:17:35,352 [root] DEBUG:    |-- IEDisablesProcessPerTab
2025-03-08 11:17:35,352 [root] DEBUG:    |-- OdbcconfBypass
2025-03-08 11:17:35,352 [root] DEBUG:    |-- RegSrv32SquiblydooDLLLoad
2025-03-08 11:17:35,352 [root] DEBUG:    |-- SquiblydooBypass
2025-03-08 11:17:35,352 [root] DEBUG:    |-- SquiblytwoBypass
2025-03-08 11:17:35,352 [root] DEBUG:    |-- BypassFirewall
2025-03-08 11:17:35,352 [root] DEBUG:    |-- ChecksUACStatus
2025-03-08 11:17:35,352 [root] DEBUG:    |-- UACBypassCMSTP
2025-03-08 11:17:35,352 [root] DEBUG:    |-- UACBypassCMSTPCOM
2025-03-08 11:17:35,352 [root] DEBUG:    |-- UACBypassDelegateExecuteSdclt
2025-03-08 11:17:35,352 [root] DEBUG:    |-- UACBypassEventvwr
2025-03-08 11:17:35,352 [root] DEBUG:    |-- UACBypassFodhelper
2025-03-08 11:17:35,352 [root] DEBUG:    |-- UACBypassWindowsBackup
2025-03-08 11:17:35,352 [root] DEBUG:    |-- CAPEExtractedContent
2025-03-08 11:17:35,352 [root] DEBUG:    |-- CarberpMutexes
2025-03-08 11:17:35,352 [root] DEBUG:    |-- ClearsLogs
2025-03-08 11:17:35,352 [root] DEBUG:    |-- ClickfraudCookies
2025-03-08 11:17:35,352 [root] DEBUG:    |-- ClickfraudVolume
2025-03-08 11:17:35,352 [root] DEBUG:    |-- CmdlineObfuscation
2025-03-08 11:17:35,352 [root] DEBUG:    |-- CmdlineSwitches
2025-03-08 11:17:35,352 [root] DEBUG:    |-- CmdlineTerminate
2025-03-08 11:17:35,352 [root] DEBUG:    |-- CommandLineForFilesWildCard
2025-03-08 11:17:35,352 [root] DEBUG:    |-- CommandLineHTTPLink
2025-03-08 11:17:35,352 [root] DEBUG:    |-- CommandLineLongString
2025-03-08 11:17:35,352 [root] DEBUG:    |-- CommandLineReversedHTTPLink
2025-03-08 11:17:35,352 [root] DEBUG:    |-- LongCommandline
2025-03-08 11:17:35,352 [root] DEBUG:    |-- PowershellRenamedCommandLine
2025-03-08 11:17:35,352 [root] DEBUG:    |-- SystemAccountDiscoveryCMD
2025-03-08 11:17:35,352 [root] DEBUG:    |-- SystemCurrentlyLoggedinUserCMD
2025-03-08 11:17:35,352 [root] DEBUG:    |-- SystemInfoDiscoveryCMD
2025-03-08 11:17:35,352 [root] DEBUG:    |-- SystemInfoDiscoveryPWSH
2025-03-08 11:17:35,352 [root] DEBUG:    |-- SystemNetworkDiscoveryCMD
2025-03-08 11:17:35,352 [root] DEBUG:    |-- SystemNetworkDiscoveryPWSH
2025-03-08 11:17:35,352 [root] DEBUG:    |-- SystemUserDiscoveryCMD
2025-03-08 11:17:35,353 [root] DEBUG:    |-- CompilesDotNetCode
2025-03-08 11:17:35,353 [root] DEBUG:    |-- QueriesComputerName
2025-03-08 11:17:35,353 [root] DEBUG:    |-- QueriesUserName
2025-03-08 11:17:35,353 [root] DEBUG:    |-- CopiesSelf
2025-03-08 11:17:35,353 [root] DEBUG:    |-- CreatesExe
2025-03-08 11:17:35,353 [root] DEBUG:    |-- CreatesLargeKey
2025-03-08 11:17:35,353 [root] DEBUG:    |-- CreatesNullValue
2025-03-08 11:17:35,353 [root] DEBUG:    |-- AccessWindowsPasswordsVault
2025-03-08 11:17:35,353 [root] DEBUG:    |-- CredWiz
2025-03-08 11:17:35,353 [root] DEBUG:    |-- EnablesWDigest
2025-03-08 11:17:35,353 [root] DEBUG:    |-- VaultCmd
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DumpLSAViaWindowsErrorReporting
2025-03-08 11:17:35,353 [root] DEBUG:    |-- FileCredentialStoreAccess
2025-03-08 11:17:35,353 [root] DEBUG:    |-- FileCredentialStoreWrite
2025-03-08 11:17:35,353 [root] DEBUG:    |-- KerberosCredentialAccessViaRubeus
2025-03-08 11:17:35,353 [root] DEBUG:    |-- LsassCredentialDumping
2025-03-08 11:17:35,353 [root] DEBUG:    |-- RegistryCredentialDumping
2025-03-08 11:17:35,353 [root] DEBUG:    |-- RegistryCredentialStoreAccess
2025-03-08 11:17:35,353 [root] DEBUG:    |-- RegistryLSASecretsAccess
2025-03-08 11:17:35,353 [root] DEBUG:    |-- ComsvcsCredentialDump
2025-03-08 11:17:35,353 [root] DEBUG:    |-- CriticalProcess
2025-03-08 11:17:35,353 [root] DEBUG:    |-- CryptGenKey
2025-03-08 11:17:35,353 [root] DEBUG:    |-- CryptominingStratumCommand
2025-03-08 11:17:35,353 [root] DEBUG:    |-- MINERS
2025-03-08 11:17:35,353 [root] DEBUG:    |-- CVE_2014_6332
2025-03-08 11:17:35,353 [root] DEBUG:    |-- CVE2015_2419_JS
2025-03-08 11:17:35,353 [root] DEBUG:    |-- CVE_2016_0189
2025-03-08 11:17:35,353 [root] DEBUG:    |-- CVE_2016_7200
2025-03-08 11:17:35,353 [root] DEBUG:    |-- CypherITMutexes
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DarkCometRegkeys
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DatopLoader
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DeadConnect
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DeadLink
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DebugsSelf
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DecoyDocument
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DecoyImage
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DeepFreezeMutex
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DeletesExecutedFiles
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DeletesExecutedFiles
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DeletesSelf
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DeletesShadowCopies
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DeletesSystemStateBackup
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DEPBypass
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DEPDisable
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DisablesAppLaunch
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DisablesAutomaticAppTermination
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DisablesAppVirtualiztion
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DisablesBackups
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DisablesBrowserWarn
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DisablesContextMenus
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DisablesCPLDisplay
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DisablesCrashdumps
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DisablesMappedDrivesAutodisconnect
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DisablesEventLogging
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DisableFolderOptions
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DisablesNotificationCenter
2025-03-08 11:17:35,353 [root] DEBUG:    |-- DisablesPowerOptions
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DisablesRestoreDefaultState
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DisableRunCommand
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DisablesSecurity
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DisablesSmartScreen
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DisablesSPDY
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DisablesStartMenuSearch
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DisablesSystemRestore
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DisablesUAC
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DisablesWER
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DisablesWFP
2025-03-08 11:17:35,354 [root] DEBUG:    |-- AddWindowsDefenderExclusions
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DisablesWindowsDefender
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DisablesWindowsDefenderDISM
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DisablesWindowsDefenderLogging
2025-03-08 11:17:35,354 [root] DEBUG:    |-- RemovesWindowsDefenderContextMenu
2025-03-08 11:17:35,354 [root] DEBUG:    |-- WindowsDefenderPowerShell
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DisablesWindowsFileProtection
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DisablesWindowsUpdate
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DisablesWindowsFirewall
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DllLoadUncommonFileTypes
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DocScriptEXEDrop
2025-03-08 11:17:35,354 [root] DEBUG:    |-- AdfindDomainEnumeration
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DomainEnumerationCommands
2025-03-08 11:17:35,354 [root] DEBUG:    |-- AndromutMutexes
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DownloaderCabby
2025-03-08 11:17:35,354 [root] DEBUG:    |-- GuLoaderAPIs
2025-03-08 11:17:35,354 [root] DEBUG:    |-- PhorpiexMutexes
2025-03-08 11:17:35,354 [root] DEBUG:    |-- ProtonBotMutexes
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DriverFilterManager
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DriverLoad
2025-03-08 11:17:35,354 [root] DEBUG:    |-- Dropper
2025-03-08 11:17:35,354 [root] DEBUG:    |-- EXEDropper_JS
2025-03-08 11:17:35,354 [root] DEBUG:    |-- dynamic_function_loading
2025-03-08 11:17:35,354 [root] DEBUG:    |-- DLLArchiveExecution
2025-03-08 11:17:35,354 [root] DEBUG:    |-- LNKArchiveExecution
2025-03-08 11:17:35,354 [root] DEBUG:    |-- ScriptArchiveExecution
2025-03-08 11:17:35,354 [root] DEBUG:    |-- EncryptedIOC
2025-03-08 11:17:35,354 [root] DEBUG:    |-- Excel4MacroUrls
2025-03-08 11:17:35,354 [root] DEBUG:    |-- Crash
2025-03-08 11:17:35,354 [root] DEBUG:    |-- ProcessCreationSuspiciousLocation
2025-03-08 11:17:35,354 [root] DEBUG:    |-- exploit_getbasekerneladdress
2025-03-08 11:17:35,354 [root] DEBUG:    |-- exploit_gethaldispatchtable
2025-03-08 11:17:35,354 [root] DEBUG:    |-- ExploitHeapspray
2025-03-08 11:17:35,354 [root] DEBUG:    |-- EscalatePrivilegeViaNTLMRelay
2025-03-08 11:17:35,354 [root] DEBUG:    |-- SpoolerAccess
2025-03-08 11:17:35,354 [root] DEBUG:    |-- SpoolerSvcStart
2025-03-08 11:17:35,354 [root] DEBUG:    |-- KoadicAPIs
2025-03-08 11:17:35,354 [root] DEBUG:    |-- KoadicNetworkActivity
2025-03-08 11:17:35,354 [root] DEBUG:    |-- Modiloader_APIs
2025-03-08 11:17:35,354 [root] DEBUG:    |-- MappedDrivesUAC
2025-03-08 11:17:35,354 [root] DEBUG:    |-- SystemMetrics
2025-03-08 11:17:35,354 [root] DEBUG:    |-- Generic_Phish
2025-03-08 11:17:35,354 [root] DEBUG:    |-- HidesRecycleBinIcon
2025-03-08 11:17:35,354 [root] DEBUG:    |-- HTTP_Request
2025-03-08 11:17:35,354 [root] DEBUG:    |-- ApocalypseStealerFileBehavior
2025-03-08 11:17:35,354 [root] DEBUG:    |-- ArkeiFiles
2025-03-08 11:17:35,355 [root] DEBUG:    |-- AzorultMutexes
2025-03-08 11:17:35,355 [root] DEBUG:    |-- BitcoinWallet
2025-03-08 11:17:35,355 [root] DEBUG:    |-- BrowserStealer
2025-03-08 11:17:35,355 [root] DEBUG:    |-- InfostealerBrowserPassword
2025-03-08 11:17:35,355 [root] DEBUG:    |-- CookiesStealer
2025-03-08 11:17:35,355 [root] DEBUG:    |-- CryptBotFiles
2025-03-08 11:17:35,355 [root] DEBUG:    |-- CryptBotNetwork
2025-03-08 11:17:35,355 [root] DEBUG:    |-- EchelonFiles
2025-03-08 11:17:35,355 [root] DEBUG:    |-- FTPStealer
2025-03-08 11:17:35,355 [root] DEBUG:    |-- IMStealer
2025-03-08 11:17:35,355 [root] DEBUG:    |-- KeyLogger
2025-03-08 11:17:35,355 [root] DEBUG:    |-- EmailStealer
2025-03-08 11:17:35,355 [root] DEBUG:    |-- MassLoggerArtifacts
2025-03-08 11:17:35,355 [root] DEBUG:    |-- MassLoggerFiles
2025-03-08 11:17:35,355 [root] DEBUG:    |-- MassLoggerVersion
2025-03-08 11:17:35,355 [root] DEBUG:    |-- PoullightFiles
2025-03-08 11:17:35,355 [root] DEBUG:    |-- PurpleWaveMutexes
2025-03-08 11:17:35,355 [root] DEBUG:    |-- PurpleWaveNetworkAcivity
2025-03-08 11:17:35,355 [root] DEBUG:    |-- QuilClipperMutexes
2025-03-08 11:17:35,355 [root] DEBUG:    |-- QuilClipperNetworkBehavior
2025-03-08 11:17:35,355 [root] DEBUG:    |-- QulabFiles
2025-03-08 11:17:35,355 [root] DEBUG:    |-- QulabMutexes
2025-03-08 11:17:35,355 [root] DEBUG:    |-- RaccoonInfoStealerMutex
2025-03-08 11:17:35,355 [root] DEBUG:    |-- raccoon
2025-03-08 11:17:35,355 [root] DEBUG:    |-- CapturesScreenshot
2025-03-08 11:17:35,355 [root] DEBUG:    |-- vidar
2025-03-08 11:17:35,355 [root] DEBUG:    |-- InjectionCRT
2025-03-08 11:17:35,355 [root] DEBUG:    |-- InjectionExplorer
2025-03-08 11:17:35,355 [root] DEBUG:    |-- InjectionExtension
2025-03-08 11:17:35,355 [root] DEBUG:    |-- InjectionNetworkTraffic
2025-03-08 11:17:35,355 [root] DEBUG:    |-- InjectionRUNPE
2025-03-08 11:17:35,355 [root] DEBUG:    |-- InjectionRWX
2025-03-08 11:17:35,355 [root] DEBUG:    |-- injection_themeinitapihook
2025-03-08 11:17:35,355 [root] DEBUG:    |-- ThreadManipulationRemoteProcess
2025-03-08 11:17:35,355 [root] DEBUG:    |-- Internet_Dropper
2025-03-08 11:17:35,355 [root] DEBUG:    |-- EscalatePrivilegeViaNamedPipe
2025-03-08 11:17:35,355 [root] DEBUG:    |-- IPC_NamedPipe
2025-03-08 11:17:35,355 [root] DEBUG:    |-- JS_Phish
2025-03-08 11:17:35,355 [root] DEBUG:    |-- JS_SuspiciousRedirect
2025-03-08 11:17:35,355 [root] DEBUG:    |-- LOLBAS_EvadeExecutionViaASPNetCompiler
2025-03-08 11:17:35,355 [root] DEBUG:    |-- LOLBAS_EvadeExecutionViaDeviceCredentialDeployment
2025-03-08 11:17:35,355 [root] DEBUG:    |-- LOLBAS_EvadeExecutionViaFilterManagerControl
2025-03-08 11:17:35,355 [root] DEBUG:    |-- LOLBAS_EvadeExecutionViaIntelGFXDownloadWrapper
2025-03-08 11:17:35,355 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaAppVLP
2025-03-08 11:17:35,355 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaCDB
2025-03-08 11:17:35,355 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaInternetExplorerExporter
2025-03-08 11:17:35,355 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaOpenSSH
2025-03-08 11:17:35,355 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaPcalua
2025-03-08 11:17:35,355 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaPesterPSModule
2025-03-08 11:17:35,355 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaRunExeHelperUtility
2025-03-08 11:17:35,355 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaScriptRunner
2025-03-08 11:17:35,355 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaTTDinject
2025-03-08 11:17:35,355 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryVisualStudioLiveShare
2025-03-08 11:17:35,355 [root] DEBUG:    |-- LOLBAS_ExecuteMsiexecViaExplorer
2025-03-08 11:17:35,355 [root] DEBUG:    |-- LOLBAS_ExecutePSViaSyncappvpublishingserver
2025-03-08 11:17:35,355 [root] DEBUG:    |-- LOLBAS_ExecuteRemoteMSIViaDevinit
2025-03-08 11:17:35,356 [root] DEBUG:    |-- LOLBAS_ExecuteSuspiciousPowerShellViaRunscripthelper
2025-03-08 11:17:35,356 [root] DEBUG:    |-- LOLBAS_ExecuteSuspiciousPowerShellViaSQLPS
2025-03-08 11:17:35,356 [root] DEBUG:    |-- LOLBAS_IndirectCommandExecutionViaConsoleWindowHost
2025-03-08 11:17:35,356 [root] DEBUG:    |-- LOLBAS_PerformMaliciousActivitiesViaHeadlessBrowser
2025-03-08 11:17:35,356 [root] DEBUG:    |-- LOLBAS_RegisterDLLViaCertOC
2025-03-08 11:17:35,356 [root] DEBUG:    |-- LOLBAS_RegisterDLLViaMSIEXEC
2025-03-08 11:17:35,356 [root] DEBUG:    |-- LOLBAS_RegisterDLLViaOdbcconf
2025-03-08 11:17:35,356 [root] DEBUG:    |-- LOLBAS_ScriptletProxyExecutionViaPubprn
2025-03-08 11:17:35,356 [root] DEBUG:    |-- malicious_dynamic_function_loading
2025-03-08 11:17:35,356 [root] DEBUG:    |-- EncryptPCInfo
2025-03-08 11:17:35,356 [root] DEBUG:    |-- EnryptDataAgentTeslaHTTP
2025-03-08 11:17:35,356 [root] DEBUG:    |-- EnryptDataAgentTeslaHTTPT2
2025-03-08 11:17:35,356 [root] DEBUG:    |-- EnryptDataNanoCore
2025-03-08 11:17:35,356 [root] DEBUG:    |-- MartiansIE
2025-03-08 11:17:35,356 [root] DEBUG:    |-- MartiansOffice
2025-03-08 11:17:35,356 [root] DEBUG:    |-- ReadsMemoryRemoteProcess
2025-03-08 11:17:35,356 [root] DEBUG:    |-- MimicsAgent
2025-03-08 11:17:35,356 [root] DEBUG:    |-- MimicsFiletime
2025-03-08 11:17:35,356 [root] DEBUG:    |-- MimicsIcon
2025-03-08 11:17:35,356 [root] DEBUG:    |-- MasqueradesProcessName
2025-03-08 11:17:35,356 [root] DEBUG:    |-- MimikatzModules
2025-03-08 11:17:35,356 [root] DEBUG:    |-- QuilMinerNetworkBehavior
2025-03-08 11:17:35,356 [root] DEBUG:    |-- AMSIBypassViaCOMRegistry
2025-03-08 11:17:35,356 [root] DEBUG:    |-- AccessAutoLogonsViaRegistry
2025-03-08 11:17:35,356 [root] DEBUG:    |-- AccessBootKeyViaRegistry
2025-03-08 11:17:35,356 [root] DEBUG:    |-- CreateSuspiciousLNKFiles
2025-03-08 11:17:35,356 [root] DEBUG:    |-- CredentialAccessViaWindowsCredentialHistory
2025-03-08 11:17:35,356 [root] DEBUG:    |-- DLLHijackingViaMicrosoftExchange
2025-03-08 11:17:35,356 [root] DEBUG:    |-- DLLHijackingViaWaaSMedicSvcCOMTypeLib
2025-03-08 11:17:35,356 [root] DEBUG:    |-- ExecuteFileDownloadedViaOpenSSH
2025-03-08 11:17:35,356 [root] DEBUG:    |-- ExecuteSafeModeFromSuspiciousProcess
2025-03-08 11:17:35,356 [root] DEBUG:    |-- ExecuteScriptsViaMicrosoftManagementConsole
2025-03-08 11:17:35,356 [root] DEBUG:    |-- ExecuteSuspiciousProcessesViaWindowsMSSQLService
2025-03-08 11:17:35,356 [root] DEBUG:    |-- ExecutionFromSelfExtractingArchive
2025-03-08 11:17:35,356 [root] DEBUG:    |-- IPAddressDiscoveryViaTrustedProgram
2025-03-08 11:17:35,356 [root] DEBUG:    |-- LoadDLLViaControlPanel
2025-03-08 11:17:35,356 [root] DEBUG:    |-- MSOfficeCMDRCE
2025-03-08 11:17:35,356 [root] DEBUG:    |-- MountCopyToWebDavShare
2025-03-08 11:17:35,356 [root] DEBUG:    |-- NetworkConnectionViaSuspiciousProcess
2025-03-08 11:17:35,356 [root] DEBUG:    |-- PotentialLocationDiscoveryViaUnusualProcess
2025-03-08 11:17:35,356 [root] DEBUG:    |-- PotentialProtocolTunnelingViaLegitUtilities
2025-03-08 11:17:35,356 [root] DEBUG:    |-- PotentialProtocolTunnelingViaQEMU
2025-03-08 11:17:35,356 [root] DEBUG:    |-- StoreExecutableRegistry
2025-03-08 11:17:35,356 [root] DEBUG:    |-- SuspiciousExecutionViaDotnetRemoting
2025-03-08 11:17:35,356 [root] DEBUG:    |-- SuspiciousExecutionViaMicrosoftExchangeTransportAgent
2025-03-08 11:17:35,356 [root] DEBUG:    |-- SuspiciousJavaExecutionViaWinScripts
2025-03-08 11:17:35,356 [root] DEBUG:    |-- SuspiciousScheduledTaskCreationviaMasqueradedXMLFile
2025-03-08 11:17:35,356 [root] DEBUG:    |-- UsesRestartManagerForSuspiciousActivities
2025-03-08 11:17:35,356 [root] DEBUG:    |-- ModifiesCerts
2025-03-08 11:17:35,356 [root] DEBUG:    |-- DotNetCLRUsageLogKnob
2025-03-08 11:17:35,356 [root] DEBUG:    |-- Modifies_HostFile
2025-03-08 11:17:35,356 [root] DEBUG:    |-- ModifiesOEMInformation
2025-03-08 11:17:35,356 [root] DEBUG:    |-- ModifySecurityCenterWarnings
2025-03-08 11:17:35,356 [root] DEBUG:    |-- ModifiesUACNotify
2025-03-08 11:17:35,356 [root] DEBUG:    |-- ModifiesDesktopWallpaper
2025-03-08 11:17:35,356 [root] DEBUG:    |-- ZoneID
2025-03-08 11:17:35,357 [root] DEBUG:    |-- move_file_on_reboot
2025-03-08 11:17:35,357 [root] DEBUG:    |-- Multiple_UA
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkAnomaly
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkBIND
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkCnCHTTPSArchive
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkCnCHTTPSFreeWebHosting
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkCnCHTTPSGeneric
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkCnCHTTPSInteractsh
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkCnCHTTPSOpenSource
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkCnCHTTPSPasteSite
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkCnCHTTPSPayload
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkCnCHTTPSServiceInterface
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkCnCHTTPSSocialMedia
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkCnCHTTPSTelegram
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkCnCHTTPSTempStorageSite
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkCnCHTTPSTempURLDNS
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkCnCHTTPSURLShortenerSite
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkCnCHTTPSUserAgent
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkCnCSMTPSExfil
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkCnCSMTPSGeneric
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkDNSBlockChain
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkDNSIDN
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkDNSOpenNIC
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkDNSPasteSite
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkDNSReverseProxy
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkDNSSuspiciousQueryType
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkDNSTempFileService
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkDNSTempURLDNS
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkDNSTunnelingRequest
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkDNSURLShortener
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkDOHTLS
2025-03-08 11:17:35,357 [root] DEBUG:    |-- Suspicious_TLD
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkDocumentHTTP
2025-03-08 11:17:35,357 [root] DEBUG:    |-- ExplorerHTTP
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkFakeUserAgent
2025-03-08 11:17:35,357 [root] DEBUG:    |-- LegitDomainAbuse
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkDocumentFile
2025-03-08 11:17:35,357 [root] DEBUG:    |-- NetworkEXE
2025-03-08 11:17:35,357 [root] DEBUG:    |-- Tor
2025-03-08 11:17:35,357 [root] DEBUG:    |-- TorHiddenService
2025-03-08 11:17:35,357 [root] DEBUG:    |-- Office_Code_Page
2025-03-08 11:17:35,357 [root] DEBUG:    |-- OfficeAddinLoading
2025-03-08 11:17:35,357 [root] DEBUG:    |-- OfficeCOMLoad
2025-03-08 11:17:35,357 [root] DEBUG:    |-- OfficeDotNetLoad
2025-03-08 11:17:35,357 [root] DEBUG:    |-- OfficeMSHTMLLoad
2025-03-08 11:17:35,357 [root] DEBUG:    |-- OfficePerfKey
2025-03-08 11:17:35,357 [root] DEBUG:    |-- OfficeVBLLoad
2025-03-08 11:17:35,357 [root] DEBUG:    |-- OfficeWMILoad
2025-03-08 11:17:35,357 [root] DEBUG:    |-- OfficeCVE201711882
2025-03-08 11:17:35,357 [root] DEBUG:    |-- OfficeCVE201711882Network
2025-03-08 11:17:35,357 [root] DEBUG:    |-- OfficeCVE202140444
2025-03-08 11:17:35,357 [root] DEBUG:    |-- OfficeCVE202140444M2
2025-03-08 11:17:35,357 [root] DEBUG:    |-- OfficeFlashLoad
2025-03-08 11:17:35,357 [root] DEBUG:    |-- OfficePostScript
2025-03-08 11:17:35,357 [root] DEBUG:    |-- Office_Macro
2025-03-08 11:17:35,358 [root] DEBUG:    |-- ChangesTrustCenter_settings
2025-03-08 11:17:35,358 [root] DEBUG:    |-- DisablesVBATrustAccess
2025-03-08 11:17:35,358 [root] DEBUG:    |-- OfficeMacroAutoExecution
2025-03-08 11:17:35,358 [root] DEBUG:    |-- OfficeMacroIOC
2025-03-08 11:17:35,358 [root] DEBUG:    |-- OfficeMacroMaliciousPredition
2025-03-08 11:17:35,358 [root] DEBUG:    |-- OfficeMacroSuspicious
2025-03-08 11:17:35,358 [root] DEBUG:    |-- RTFASLRBypass
2025-03-08 11:17:35,358 [root] DEBUG:    |-- RTFAnomalyCharacterSet
2025-03-08 11:17:35,358 [root] DEBUG:    |-- RTFAnomalyVersion
2025-03-08 11:17:35,358 [root] DEBUG:    |-- RTFEmbeddedContent
2025-03-08 11:17:35,358 [root] DEBUG:    |-- RTFEmbeddedOfficeFile
2025-03-08 11:17:35,358 [root] DEBUG:    |-- RTFExploitStatic
2025-03-08 11:17:35,358 [root] DEBUG:    |-- OfficeSecurity
2025-03-08 11:17:35,358 [root] DEBUG:    |-- OfficeAnamalousFeature
2025-03-08 11:17:35,358 [root] DEBUG:    |-- OfficeDDECommand
2025-03-08 11:17:35,358 [root] DEBUG:    |-- OfficeSuspiciousProcesses
2025-03-08 11:17:35,358 [root] DEBUG:    |-- OfficeWriteEXE
2025-03-08 11:17:35,358 [root] DEBUG:    |-- ArmadilloMutex
2025-03-08 11:17:35,358 [root] DEBUG:    |-- ArmadilloRegKey
2025-03-08 11:17:35,358 [root] DEBUG:    |-- ADS
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PersistenceViaAutodialDLLRegistry
2025-03-08 11:17:35,358 [root] DEBUG:    |-- Autorun
2025-03-08 11:17:35,358 [root] DEBUG:    |-- Autorun_scheduler
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PersistenceSafeBoot
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PersistenceBootexecute
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PersistenceRegistryScript
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PersistenceIFEO
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PersistenceSilentProcessExit
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PersistenceRDPRegistry
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PersistenceRDPShadowing
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PersistenceService
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PersistenceShimDatabase
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PowerpoolMutexes
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PowerShellNetworkConnection
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PowerShellScriptBlockLogging
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PowershellCommandSuspicious
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PowershellDownload
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PowershellRenamed
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PowershellRequest
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PowershellReversed
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PowershellVariableObfuscation
2025-03-08 11:17:35,358 [root] DEBUG:    |-- PreventsSafeboot
2025-03-08 11:17:35,358 [root] DEBUG:    |-- CmdlineProcessDiscovery
2025-03-08 11:17:35,358 [root] DEBUG:    |-- CreateToolhelp32SnapshotProcessModuleEnumeration
2025-03-08 11:17:35,358 [root] DEBUG:    |-- EnumeratesRunningProcesses
2025-03-08 11:17:35,358 [root] DEBUG:    |-- ProcessInterest
2025-03-08 11:17:35,358 [root] DEBUG:    |-- ProcessNeeded
2025-03-08 11:17:35,358 [root] DEBUG:    |-- MassDataEncryption
2025-03-08 11:17:35,358 [root] DEBUG:    |-- CryptoMixMutexes
2025-03-08 11:17:35,358 [root] DEBUG:    |-- DharmaMutexes
2025-03-08 11:17:35,358 [root] DEBUG:    |-- RansomwareDMALocker
2025-03-08 11:17:35,358 [root] DEBUG:    |-- RansomwareExtensions
2025-03-08 11:17:35,358 [root] DEBUG:    |-- RansomwareFileModifications
2025-03-08 11:17:35,358 [root] DEBUG:    |-- RansomwareFiles
2025-03-08 11:17:35,358 [root] DEBUG:    |-- FonixMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- GandCrabMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- GermanWiperMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- MedusaLockerMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- MedusaLockerRegkeys
2025-03-08 11:17:35,359 [root] DEBUG:    |-- RansomwareMessage
2025-03-08 11:17:35,359 [root] DEBUG:    |-- NemtyMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- NemtyNetworkActivity
2025-03-08 11:17:35,359 [root] DEBUG:    |-- NemtyNote
2025-03-08 11:17:35,359 [root] DEBUG:    |-- NemtyRegkeys
2025-03-08 11:17:35,359 [root] DEBUG:    |-- PYSAMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- RansomwareRadamant
2025-03-08 11:17:35,359 [root] DEBUG:    |-- RansomwareRecyclebin
2025-03-08 11:17:35,359 [root] DEBUG:    |-- RevilMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- RevilRegkey
2025-03-08 11:17:35,359 [root] DEBUG:    |-- SatanMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- SnakeRansomMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- sodinokibi
2025-03-08 11:17:35,359 [root] DEBUG:    |-- StopRansomMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- StopRansomwareCMD
2025-03-08 11:17:35,359 [root] DEBUG:    |-- StopRansomwareRegistry
2025-03-08 11:17:35,359 [root] DEBUG:    |-- RansomwareSTOPDJVU
2025-03-08 11:17:35,359 [root] DEBUG:    |-- BeebusMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- BlackNETMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- BlackRATAPIs
2025-03-08 11:17:35,359 [root] DEBUG:    |-- BlackRATMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- BlackRATNetworkActivity
2025-03-08 11:17:35,359 [root] DEBUG:    |-- BlackRATRegistryKeys
2025-03-08 11:17:35,359 [root] DEBUG:    |-- CRATMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- DCRatAPIs
2025-03-08 11:17:35,359 [root] DEBUG:    |-- DCRatFiles
2025-03-08 11:17:35,359 [root] DEBUG:    |-- DCRatMutex
2025-03-08 11:17:35,359 [root] DEBUG:    |-- FynloskiMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- KaraganyEventObjects
2025-03-08 11:17:35,359 [root] DEBUG:    |-- KaraganyFiles
2025-03-08 11:17:35,359 [root] DEBUG:    |-- LimeRATMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- LimeRATRegkeys
2025-03-08 11:17:35,359 [root] DEBUG:    |-- LodaRATFileBehavior
2025-03-08 11:17:35,359 [root] DEBUG:    |-- LuminosityRAT
2025-03-08 11:17:35,359 [root] DEBUG:    |-- ModiRATBehavior
2025-03-08 11:17:35,359 [root] DEBUG:    |-- NanocoreRAT
2025-03-08 11:17:35,359 [root] DEBUG:    |-- netwire
2025-03-08 11:17:35,359 [root] DEBUG:    |-- NjratRegkeys
2025-03-08 11:17:35,359 [root] DEBUG:    |-- ObliquekRATFiles
2025-03-08 11:17:35,359 [root] DEBUG:    |-- ObliquekRATMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- ObliquekRATNetworkActivity
2025-03-08 11:17:35,359 [root] DEBUG:    |-- OrcusRAT
2025-03-08 11:17:35,359 [root] DEBUG:    |-- ParallaxMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- PcClientMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- PlugxMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- PoisonIvyMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- QuasarMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- RatsnifMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- SennaMutexes
2025-03-08 11:17:35,359 [root] DEBUG:    |-- SpynetRat
2025-03-08 11:17:35,359 [root] DEBUG:    |-- TrochilusRATAPIs
2025-03-08 11:17:35,359 [root] DEBUG:    |-- VenomRAT
2025-03-08 11:17:35,360 [root] DEBUG:    |-- WarzoneRATFiles
2025-03-08 11:17:35,360 [root] DEBUG:    |-- WarzoneRATRegkeys
2025-03-08 11:17:35,360 [root] DEBUG:    |-- XpertRATFiles
2025-03-08 11:17:35,360 [root] DEBUG:    |-- XpertRATMutexes
2025-03-08 11:17:35,360 [root] DEBUG:    |-- XtremeMutexes
2025-03-08 11:17:35,360 [root] DEBUG:    |-- ReadsSelf
2025-03-08 11:17:35,360 [root] DEBUG:    |-- Recon_Beacon
2025-03-08 11:17:35,360 [root] DEBUG:    |-- Fingerprint
2025-03-08 11:17:35,360 [root] DEBUG:    |-- InstalledApps
2025-03-08 11:17:35,360 [root] DEBUG:    |-- SystemInfo
2025-03-08 11:17:35,360 [root] DEBUG:    |-- Accesses_RecycleBin
2025-03-08 11:17:35,360 [root] DEBUG:    |-- RemcosFiles
2025-03-08 11:17:35,360 [root] DEBUG:    |-- RemcosMutexes
2025-03-08 11:17:35,360 [root] DEBUG:    |-- RemcosRegkeys
2025-03-08 11:17:35,360 [root] DEBUG:    |-- RemcosShellCodeDynamicWrapperX
2025-03-08 11:17:35,360 [root] DEBUG:    |-- RDPTCPKey
2025-03-08 11:17:35,360 [root] DEBUG:    |-- UsesRDPClip
2025-03-08 11:17:35,360 [root] DEBUG:    |-- UsesRemoteDesktopSession
2025-03-08 11:17:35,360 [root] DEBUG:    |-- RemovesNetworkingIcon
2025-03-08 11:17:35,360 [root] DEBUG:    |-- RemovesPinnedPrograms
2025-03-08 11:17:35,360 [root] DEBUG:    |-- RemovesSecurityAndMaintenanceIcon
2025-03-08 11:17:35,360 [root] DEBUG:    |-- RemovesStartMenuDefaults
2025-03-08 11:17:35,360 [root] DEBUG:    |-- RemovesUsernameStartMenu
2025-03-08 11:17:35,360 [root] DEBUG:    |-- RemovesZoneIdADS
2025-03-08 11:17:35,360 [root] DEBUG:    |-- SpicyHotPotBehavior
2025-03-08 11:17:35,360 [root] DEBUG:    |-- ScriptCreatedProcess
2025-03-08 11:17:35,360 [root] DEBUG:    |-- ScriptNetworkActvity
2025-03-08 11:17:35,360 [root] DEBUG:    |-- SuspiciousJSScript
2025-03-08 11:17:35,360 [root] DEBUG:    |-- JavaScriptTimer
2025-03-08 11:17:35,360 [root] DEBUG:    |-- Secure_Login_Phish
2025-03-08 11:17:35,360 [root] DEBUG:    |-- SecurityXploded_Modules
2025-03-08 11:17:35,360 [root] DEBUG:    |-- GetClipboardData
2025-03-08 11:17:35,360 [root] DEBUG:    |-- SetsAutoconfigURL
2025-03-08 11:17:35,360 [root] DEBUG:    |-- InstallsWinpcap
2025-03-08 11:17:35,360 [root] DEBUG:    |-- SpoofsProcname
2025-03-08 11:17:35,360 [root] DEBUG:    |-- CreatesAutorunInf
2025-03-08 11:17:35,360 [root] DEBUG:    |-- StackPivot
2025-03-08 11:17:35,360 [root] DEBUG:    |-- StackPivotFileCreated
2025-03-08 11:17:35,360 [root] DEBUG:    |-- StackPivotProcessCreate
2025-03-08 11:17:35,360 [root] DEBUG:    |-- StealingClipboardData
2025-03-08 11:17:35,360 [root] DEBUG:    |-- StealthChildProc
2025-03-08 11:17:35,360 [root] DEBUG:    |-- StealthFile
2025-03-08 11:17:35,360 [root] DEBUG:    |-- StealthHiddenExtension
2025-03-08 11:17:35,360 [root] DEBUG:    |-- StealthHiddenReg
2025-03-08 11:17:35,360 [root] DEBUG:    |-- StealthHideNotifications
2025-03-08 11:17:35,360 [root] DEBUG:    |-- StealthSystemProcName
2025-03-08 11:17:35,360 [root] DEBUG:    |-- StealthTimeout
2025-03-08 11:17:35,360 [root] DEBUG:    |-- StealthWebHistory
2025-03-08 11:17:35,360 [root] DEBUG:    |-- Hidden_Window
2025-03-08 11:17:35,360 [root] DEBUG:    |-- sysinternals_psexec
2025-03-08 11:17:35,360 [root] DEBUG:    |-- sysinternals_tools
2025-03-08 11:17:35,360 [root] DEBUG:    |-- LanguageCheckReg
2025-03-08 11:17:35,360 [root] DEBUG:    |-- QueriesKeyboardLayout
2025-03-08 11:17:35,360 [root] DEBUG:    |-- QueriesLocaleAPI
2025-03-08 11:17:35,360 [root] DEBUG:    |-- TampersETW
2025-03-08 11:17:35,360 [root] DEBUG:    |-- LSATampering
2025-03-08 11:17:35,360 [root] DEBUG:    |-- TampersPowerShellLogging
2025-03-08 11:17:35,361 [root] DEBUG:    |-- Flame
2025-03-08 11:17:35,361 [root] DEBUG:    |-- TerminatesRemoteProcess
2025-03-08 11:17:35,361 [root] DEBUG:    |-- TerritorialDisputeSIGs
2025-03-08 11:17:35,361 [root] DEBUG:    |-- TrickBotTaskDelete
2025-03-08 11:17:35,361 [root] DEBUG:    |-- TrickBotMutexes
2025-03-08 11:17:35,361 [root] DEBUG:    |-- FleerCivetMutexes
2025-03-08 11:17:35,361 [root] DEBUG:    |-- LokibotMutexes
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UrsnifBehavior
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UpatreFiles
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UpatreMutexes
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UserEnum
2025-03-08 11:17:35,361 [root] DEBUG:    |-- ADFind
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UsesMSProtocol
2025-03-08 11:17:35,361 [root] DEBUG:    |-- Virus
2025-03-08 11:17:35,361 [root] DEBUG:    |-- NeshtaFiles
2025-03-08 11:17:35,361 [root] DEBUG:    |-- NeshtaMutexes
2025-03-08 11:17:35,361 [root] DEBUG:    |-- NeshtaRegKeys
2025-03-08 11:17:35,361 [root] DEBUG:    |-- RenamerMutexes
2025-03-08 11:17:35,361 [root] DEBUG:    |-- Webmail_Phish
2025-03-08 11:17:35,361 [root] DEBUG:    |-- OWAWebShellFiles
2025-03-08 11:17:35,361 [root] DEBUG:    |-- WebShellFiles
2025-03-08 11:17:35,361 [root] DEBUG:    |-- WebShellProcesses
2025-03-08 11:17:35,361 [root] DEBUG:    |-- PersistsDotNetDevUtility
2025-03-08 11:17:35,361 [root] DEBUG:    |-- SpwansDotNetDevUtiliy
2025-03-08 11:17:35,361 [root] DEBUG:    |-- AltersWindowsUtility
2025-03-08 11:17:35,361 [root] DEBUG:    |-- DotNETCSCBuild
2025-03-08 11:17:35,361 [root] DEBUG:    |-- MavInjectLolbin
2025-03-08 11:17:35,361 [root] DEBUG:    |-- MultipleExplorerInstances
2025-03-08 11:17:35,361 [root] DEBUG:    |-- OverwritesAccessibilityUtility
2025-03-08 11:17:35,361 [root] DEBUG:    |-- PotentialLateralMovementViaSMBEXEC
2025-03-08 11:17:35,361 [root] DEBUG:    |-- PotentialWebShellViaScreenConnectServer
2025-03-08 11:17:35,361 [root] DEBUG:    |-- ScriptToolExecuted
2025-03-08 11:17:35,361 [root] DEBUG:    |-- SuspiciousCertutilUse
2025-03-08 11:17:35,361 [root] DEBUG:    |-- SuspiciousCommandTools
2025-03-08 11:17:35,361 [root] DEBUG:    |-- SuspiciousMpCmdRunUse
2025-03-08 11:17:35,361 [root] DEBUG:    |-- SuspiciousPingUse
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UsesMicrosoftHTMLHelpExecutable
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UsesPowerShellCopyItem
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UsesWindowsUtilities
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UsesWindowsUtilitiesAppCmd
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UsesWindowsUtilitiesCSVDELDFIDE
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UsesWindowsUtilitiesCipher
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UsesWindowsUtilitiesClickOnce
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UsesWindowsUtilitiesCurl
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UsesWindowsUtilitiesDSQuery
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UsesWindowsUtilitiesEsentutl
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UsesWindowsUtilitiesFinger
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UsesWindowsUtilitiesMode
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UsesWindowsUtilitiesNTDSutil
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UsesWindowsUtilitiesNltest
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UsesWindowsUtilitiesScheduler
2025-03-08 11:17:35,361 [root] DEBUG:    |-- UsesWindowsUtilitiesXcopy
2025-03-08 11:17:35,361 [root] DEBUG:    |-- WMICCommandSuspicious
2025-03-08 11:17:35,361 [root] DEBUG:    |-- WiperZeroedBytes
2025-03-08 11:17:35,361 [root] DEBUG:    |-- ScrconsWMIScriptConsumer
2025-03-08 11:17:35,361 [root] DEBUG:    |-- WMICreateProcess
2025-03-08 11:17:35,361 [root] DEBUG:    |-- WMIScriptProcess
2025-03-08 11:17:35,362 [root] DEBUG:    |-- Win32ProcessCreate
2025-03-08 11:17:35,362 [root] DEBUG:    |-- AllapleMutexes
2025-03-08 11:17:35,362 [root] DEBUG:    |-- LinuxDeletesFiles
2025-03-08 11:17:35,362 [root] DEBUG:    |-- LinuxDropsFiles
2025-03-08 11:17:35,362 [root] DEBUG:    |-- LinuxReadsFiles
2025-03-08 11:17:35,362 [root] DEBUG:    `-- LinuxWritesFiles
2025-03-08 11:17:35,362 [root] DEBUG: Imported "reporting" modules:
2025-03-08 11:17:35,362 [root] DEBUG:    |-- BinGraph
2025-03-08 11:17:35,362 [root] DEBUG:    |-- CAPASummary
2025-03-08 11:17:35,362 [root] DEBUG:    |-- JsonDump
2025-03-08 11:17:35,362 [root] DEBUG:    |-- MongoDB
2025-03-08 11:17:35,362 [root] DEBUG:    |-- PCAP2CERT
2025-03-08 11:17:35,362 [root] DEBUG:    |-- ReportHTML
2025-03-08 11:17:35,362 [root] DEBUG:    |-- ReportHTMLSummary
2025-03-08 11:17:35,362 [root] DEBUG:    `-- ReportPDF
2025-03-08 11:17:35,362 [root] DEBUG: Imported "feeds" modules:
2025-03-08 11:17:35,362 [root] DEBUG:    `-- AbuseCH_SSL
2025-03-08 11:17:35,362 [root] DEBUG: Imported "machinery" modules:
2025-03-08 11:17:35,362 [root] DEBUG:    `-- Proxmox
2025-03-08 11:17:35,362 [Task 15] [root] DEBUG: Processing task
2025-03-08 11:17:35,369 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "AnalysisInfo" on analysis at "/opt/CAPEv2/storage/analyses/15"
2025-03-08 11:17:35,376 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Processing module autoruns not found in configuration file
2025-03-08 11:17:35,376 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "BehaviorAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/15"
2025-03-08 11:17:35,399 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Debug" on analysis at "/opt/CAPEv2/storage/analyses/15"
2025-03-08 11:17:35,400 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Processing module hollowshunter not found in configuration file
2025-03-08 11:17:35,400 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "NetworkAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/15"
2025-03-08 11:17:35,400 [Task 15] [modules.processing.network] DEBUG: The PCAP file does not exist at path "/opt/CAPEv2/storage/analyses/15/dump.pcap"
2025-03-08 11:17:35,400 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Suricata" on analysis at "/opt/CAPEv2/storage/analyses/15"
2025-03-08 11:17:35,400 [Task 15] [modules.processing.suricata] DEBUG: Unable to Run Suricata: Pcap file /opt/CAPEv2/storage/analyses/15/dump.pcap does not exist. Did you run analysis with live connection?
2025-03-08 11:17:35,401 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Sysmon" on analysis at "/opt/CAPEv2/storage/analyses/15"
2025-03-08 11:17:35,401 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "UrlAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/15"
2025-03-08 11:17:35,401 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "script_log_processing" on analysis at "/opt/CAPEv2/storage/analyses/15"
2025-03-08 11:17:35,401 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "ProcessMemory" on analysis at "/opt/CAPEv2/storage/analyses/15"
2025-03-08 11:17:35,470 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Applying signature overlays for signatures: creates_exe
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running 285 evented signatures
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- packer_themida
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- stealth_network
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- disable_driver_via_blocklist
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- disable_driver_via_hvcidisallowedimages
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- disable_hypervisor_protected_code_integrity
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- pendingfilerenameoperations_Operations
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- anomalous_deletefile
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_360_libs
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_ahnlab_libs
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_avast_libs
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_bitdefender_libs
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_bullgaurd_libs
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_emsisoft_libs
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_qurb_libs
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_servicestop
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_addvectoredexceptionhandler
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_apioverride_libs
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_checkremotedebuggerpresent
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_debugactiveprocess
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_gettickcount
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_guardpages
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_ntcreatethreadex
2025-03-08 11:17:35,472 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_nthookengine_libs
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_ntsetinformationthread
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_outputdebugstring
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_setunhandledexceptionfilter
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_windows
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antiemu_wine_func
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_check_userdomain
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_cuckoo
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_cuckoocrash
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_foregroundwindows
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_mouse_hook
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_restart
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_sboxie_libs
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_sboxie_objects
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_script_timer
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_sleep
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_sunbelt_libs
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_suspend
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_unhook
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_directory_objects
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_generic_disk
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_generic_disk_setupapi
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_generic_scsi
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_generic_services
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_generic_system
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_checks_available_memory
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_network_adapters
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- detect_virtualization_via_recent_files
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_vbox_libs
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_vbox_provname
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_vbox_window
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_vmware_events
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_vmware_libs
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- api_spamming
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- api_uuidfromstringa
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- banker_prinimalka
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- bcdedit_command
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- bootkit
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- potential_overwrite_mbr
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- suspicious_ioctl_scsipassthough
2025-03-08 11:17:35,473 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- browser_needed
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- browser_scanbox
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- firefox_disables_process_tab
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- regsvr32_squiblydoo_dll_load
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- uac_bypass_cmstp
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- uac_bypass_eventvwr
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- uac_bypass_windows_Backup
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- clickfraud_cookies
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- clickfraud_volume
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- queries_computer_name
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- queries_user_name
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- creates_largekey
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- creates_nullvalue
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- access_windows_passwords_vault
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- dump_lsa_via_windows_error_reporting
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- lsass_credential_dumping
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- critical_process
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- generates_crypto_key
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- cryptopool_domains
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- cve_2014_6332
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- cve_2015_2419_js
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- cve_2016-0189
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- cve_2016_7200
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- dead_connect
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- dead_link
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- debugs_self
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- decoy_image
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- deletes_consolehost_history
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- deletes_self
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- deletes_shadow_copies
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- deletes_system_state_backup
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- dep_bypass
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- dep_disable
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- disables_mappeddrives_autodisconnect
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- disables_spdy
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- disables_wfp
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- add_windows_defender_exclusions
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- dll_load_uncommon_file_types
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- document_script_exe_drop
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- guloader_apis
2025-03-08 11:17:35,474 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- driver_load
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- dynamic_function_loading
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- exec_crash
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- process_creation_suspicious_location
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- exploit_getbasekerneladdress
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- exploit_gethaldispatchtable
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- exploit_heapspray
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- koadic_apis
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- koadic_network_activity
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- downloads_from_filehosting
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- generic_phish
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- http_request
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- infostealer_browser
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- infostealer_browser_password
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- infostealer_cookies
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- cryptbot_network
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- infostealer_keylog
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- masslogger_artifacts
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- masslogger_version
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- purplewave_network_activity
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- quilclipper_behavior
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- raccoon_behavior
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- captures_screenshot
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- vidar_behavior
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- injection_createremotethread
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- injection_explorer
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- injection_needextension
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- injection_network_traffic
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- injection_runpe
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- injection_themeinitapihook
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- resumethread_remote_process
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- internet_dropper
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- escalate_privilege_via_named_pipe
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- ipc_namedpipe
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- js_phish
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- js_suspicious_redirect
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_binary_via_internet_explorer_exporter
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_binary_via_run_exe_helper_utility
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_ps_via_syncappvpublishingserver
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- malicious_dynamic_function_loading
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- encrypt_pcinfo
2025-03-08 11:17:35,475 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- encrypt_data_agenttesla_http
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- encrypt_data_agentteslat2_http
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- encrypt_data_nanocore
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- reads_memory_remote_process
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- mimics_filetime
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- quilclipper_behavior
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- amsi_bypass_via_com_registry
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- access_auto_logons_via_registry
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- access_boot_key_via_registry
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- create_suspicious_lnk_files
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- credential_access_via_windows_credential_history
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- dll_hijacking_via_microsoft_exchange
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- dll_hijacking_via_waas_medic_svc_com_typelib
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_file_downloaded_via_openssh
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_safe_mode_from_suspicious_process
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_scripts_via_microsoft_management_console
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_suspicious_processes_via_windows_mssql_service
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- execution_from_self_extracting_archive
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- ip_address_discovery_via_trusted_program
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- load_dll_via_control_panel
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_connection_via_suspicious_process
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- potential_location_discovery_via_unusual_process
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- store_executable_registry
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- Suspicious_Execution_Via_MicrosoftExchangeTransportAgent
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- suspicious_java_execution_via_win_scripts
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- Suspicious_Scheduled_Task_Creation_Via_Masqueraded_XML_File
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- uses_restart_manager_for_suspicious_activities
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- modify_desktop_wallpaper
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- modify_zoneid_ads
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- move_file_on_reboot
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- multiple_useragents
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_anomaly
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_bind
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_archive
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_free_webshoting
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_generic
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_temp_urldns
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_opensource
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_pastesite
2025-03-08 11:17:35,476 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_payload
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_serviceinterface
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_socialmedia
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_telegram
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_tempstorage
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_temp_urldns
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_urlshortener
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_useragent
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_smtps_exfil
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_smtps_generic
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_dns_idn
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_dns_suspicious_querytype
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_dns_tunneling_request
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- explorer_http
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_fake_useragent
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- legitimate_domain_abuse
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_downloader_exe
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- network_tor
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- office_com_load
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- office_dotnet_load
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- office_mshtml_load
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- office_vb_load
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- office_wmi_load
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- office_cve2017_11882_network
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- office_cve_2021_40444
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- office_cve_2021_40444_m2
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- office_flash_load
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- office_postscript
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- office_suspicious_processes
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- persistence_via_autodial_dll_registry
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- persistence_autorun
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- persistence_autorun_tasks
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- persistence_bootexecute
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- persistence_registry_script
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- powershell_download
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- powershell_request
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- createtoolhelp32snapshot_module_enumeration
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- enumerates_running_processes
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- process_interest
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- process_needed
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- mass_data_encryption
2025-03-08 11:17:35,477 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- ransomware_dmalocker
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- ransomware_file_modifications
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- ransomware_message
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- nemty_network_activity
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- nemty_note
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- sodinokibi_behavior
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- stop_ransomware_registry
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- blackrat_apis
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- blackrat_network_activity
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- blackrat_registry_keys
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- dcrat_behavior
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- karagany_system_event_objects
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- rat_luminosity
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- rat_nanocore
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- netwire_behavior
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- obliquerat_network_activity
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- orcusrat_behavior
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- trochilusrat_apis
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- recon_beacon
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- recon_programs
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- recon_systeminfo
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- accesses_recyclebin
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- remcos_shell_code_dynamic_wrapper_x
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- removes_zoneid_ads
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- script_created_process
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- script_network_activity
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- suspicious_js_script
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- javascript_timer
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- secure_login_phishing
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- securityxploded_modules
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- get_clipboard_data
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- sets_autoconfig_url
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- spoofs_procname
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- stack_pivot
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- stack_pivot_file_created
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- stack_pivot_process_create
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- set_clipboard_data
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- stealth_childproc
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- stealth_system_procname
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- stealth_timeout
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- stealth_window
2025-03-08 11:17:35,478 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- queries_keyboard_layout
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- queries_locale_api
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- terminates_remote_process
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- trickbot_task_delete
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- user_enum
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- virus
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- neshta_files
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- neshta_regkeys
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- webmail_phish
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- persists_dev_util
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- spawns_dev_util
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- alters_windows_utility
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- overwrites_accessibility_utility
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- Potential_Lateral_Movement_Via_SMBEXEC
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- potential_WebShell_Via_ScreenConnectServer
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- uses_Microsoft_HTML_Help_Executable
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- uses_windows_utilities_to_create_scheduled_task
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- wiper_zeroedbytes
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- wmi_create_process
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       |-- wmi_script_process
2025-03-08 11:17:35,479 [Task 15] [lib.cuckoo.core.plugins] DEBUG:       `-- win32_process_create
2025-03-08 11:17:35,518 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running non-evented signatures
2025-03-08 11:17:35,518 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_tls_section"
2025-03-08 11:17:35,518 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivirus_clamav"
2025-03-08 11:17:35,519 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivirus_virustotal"
2025-03-08 11:17:35,519 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_certs"
2025-03-08 11:17:35,519 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_ssl_certs"
2025-03-08 11:17:35,519 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_p2p"
2025-03-08 11:17:35,519 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_url"
2025-03-08 11:17:35,519 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "binary_yara"
2025-03-08 11:17:35,519 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Failed to run signature "binary_yara": 'target'
2025-03-08 11:17:35,519 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_athenahttp"
2025-03-08 11:17:35,519 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_dirtjumper"
2025-03-08 11:17:35,519 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive"
2025-03-08 11:17:35,520 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive2"
2025-03-08 11:17:35,520 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_madness"
2025-03-08 11:17:35,520 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "phishing_kit_detected"
2025-03-08 11:17:35,520 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "phishing_kit_detected"
2025-03-08 11:17:35,520 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "phishing_kit_detected"
2025-03-08 11:17:35,520 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "family_proxyback"
2025-03-08 11:17:35,520 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_antianalysis"
2025-03-08 11:17:35,520 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_collection"
2025-03-08 11:17:35,520 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_communication"
2025-03-08 11:17:35,520 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_compiler"
2025-03-08 11:17:35,521 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_datamanipulation"
2025-03-08 11:17:35,521 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_executable"
2025-03-08 11:17:35,521 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_hostinteraction"
2025-03-08 11:17:35,521 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_impact"
2025-03-08 11:17:35,521 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_lib"
2025-03-08 11:17:35,521 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_linking"
2025-03-08 11:17:35,521 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_loadcode"
2025-03-08 11:17:35,521 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_malwarefamily"
2025-03-08 11:17:35,521 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_nursery"
2025-03-08 11:17:35,521 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_persistence"
2025-03-08 11:17:35,521 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_runtime"
2025-03-08 11:17:35,521 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_targeting"
2025-03-08 11:17:35,521 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "threatfox"
2025-03-08 11:17:35,521 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "log4shell"
2025-03-08 11:17:35,522 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_extension"
2025-03-08 11:17:35,522 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_ip_exe"
2025-03-08 11:17:35,522 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga"
2025-03-08 11:17:35,522 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga_fraunhofer"
2025-03-08 11:17:35,522 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dyndns"
2025-03-08 11:17:35,522 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_icmp"
2025-03-08 11:17:35,522 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_irc"
2025-03-08 11:17:35,522 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_open_proxy"
2025-03-08 11:17:35,522 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_smtp"
2025-03-08 11:17:35,522 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_torgateway"
2025-03-08 11:17:35,522 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_langid"
2025-03-08 11:17:35,522 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_resource_langid"
2025-03-08 11:17:35,523 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "overlay"
2025-03-08 11:17:35,523 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_unknown_pe_section_name"
2025-03-08 11:17:35,523 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspack"
2025-03-08 11:17:35,523 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspirecrypt"
2025-03-08 11:17:35,523 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_bedsprotector"
2025-03-08 11:17:35,523 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_confuser"
2025-03-08 11:17:35,523 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_enigma"
2025-03-08 11:17:35,523 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_entropy"
2025-03-08 11:17:35,523 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_mpress"
2025-03-08 11:17:35,523 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nate"
2025-03-08 11:17:35,523 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nspack"
2025-03-08 11:17:35,523 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_smartassembly"
2025-03-08 11:17:35,523 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_spices"
2025-03-08 11:17:35,523 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_themida"
2025-03-08 11:17:35,524 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_titan"
2025-03-08 11:17:35,524 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_upx"
2025-03-08 11:17:35,524 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_vmprotect"
2025-03-08 11:17:35,524 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_yoda"
2025-03-08 11:17:35,524 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "punch_plus_plus_pcres"
2025-03-08 11:17:35,524 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "procmem_yara"
2025-03-08 11:17:35,524 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_checkip"
2025-03-08 11:17:35,524 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_authenticode"
2025-03-08 11:17:35,524 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "invalid_authenticode_signature"
2025-03-08 11:17:35,524 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_dotnet_anomaly"
2025-03-08 11:17:35,524 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_java"
2025-03-08 11:17:35,524 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pdf"
2025-03-08 11:17:35,524 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "contains_pe_overlay"
2025-03-08 11:17:35,524 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_anomaly"
2025-03-08 11:17:35,525 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "pe_compile_timestomping"
2025-03-08 11:17:35,525 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_pdbpath"
2025-03-08 11:17:35,525 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_rat_config"
2025-03-08 11:17:35,525 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_versioninfo_anomaly"
2025-03-08 11:17:35,525 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "suricata_alert"
2025-03-08 11:17:35,525 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_html_body"
2025-03-08 11:17:35,525 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_html_name"
2025-03-08 11:17:35,525 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_html_title"
2025-03-08 11:17:35,525 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_devicetree_1"
2025-03-08 11:17:35,525 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_handles_1"
2025-03-08 11:17:35,525 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_1"
2025-03-08 11:17:35,525 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_2"
2025-03-08 11:17:35,526 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_1"
2025-03-08 11:17:35,526 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_2"
2025-03-08 11:17:35,526 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_modscan_1"
2025-03-08 11:17:35,526 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_1"
2025-03-08 11:17:35,526 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_2"
2025-03-08 11:17:35,526 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_3"
2025-03-08 11:17:35,526 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "whois_create"
2025-03-08 11:17:35,526 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_mailslot"
2025-03-08 11:17:35,526 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_netlogon_regkey"
2025-03-08 11:17:35,526 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_public_folder"
2025-03-08 11:17:35,526 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_sysvol"
2025-03-08 11:17:35,527 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "writes_sysvol"
2025-03-08 11:17:35,527 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "adds_admin_user"
2025-03-08 11:17:35,527 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "adds_user"
2025-03-08 11:17:35,527 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "overwrites_admin_password"
2025-03-08 11:17:35,527 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectfile"
2025-03-08 11:17:35,528 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectreg"
2025-03-08 11:17:35,532 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_attachment_manager"
2025-03-08 11:17:35,532 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectfile"
2025-03-08 11:17:35,533 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectreg"
2025-03-08 11:17:35,550 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_srp"
2025-03-08 11:17:35,550 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_whitespace"
2025-03-08 11:17:35,550 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_devices"
2025-03-08 11:17:35,551 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_windefend"
2025-03-08 11:17:35,551 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_reg"
2025-03-08 11:17:35,551 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoo_files"
2025-03-08 11:17:35,551 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_fortinet_files"
2025-03-08 11:17:35,551 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_joe_anubis_files"
2025-03-08 11:17:35,551 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_mutex"
2025-03-08 11:17:35,551 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_files"
2025-03-08 11:17:35,552 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_threattrack_files"
2025-03-08 11:17:35,552 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_bochs_keys"
2025-03-08 11:17:35,552 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_bios"
2025-03-08 11:17:35,552 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_cpu"
2025-03-08 11:17:35,552 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_diskreg"
2025-03-08 11:17:35,553 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_hyperv_keys"
2025-03-08 11:17:35,554 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_parallels_keys"
2025-03-08 11:17:35,555 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_devices"
2025-03-08 11:17:35,555 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_files"
2025-03-08 11:17:35,556 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_keys"
2025-03-08 11:17:35,558 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_devices"
2025-03-08 11:17:35,558 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_files"
2025-03-08 11:17:35,558 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_keys"
2025-03-08 11:17:35,559 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_mutexes"
2025-03-08 11:17:35,559 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_files"
2025-03-08 11:17:35,560 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_keys"
2025-03-08 11:17:35,560 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_mutex"
2025-03-08 11:17:35,560 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_xen_keys"
2025-03-08 11:17:35,562 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "asyncrat_mutex"
2025-03-08 11:17:35,562 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "gulpix_behavior"
2025-03-08 11:17:35,562 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "ketrican_regkeys"
2025-03-08 11:17:35,562 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "okrum_mutexes"
2025-03-08 11:17:35,562 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_cridex"
2025-03-08 11:17:35,562 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "geodo_banking_trojan"
2025-03-08 11:17:35,563 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_spyeye_mutexes"
2025-03-08 11:17:35,563 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_mutex"
2025-03-08 11:17:35,564 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "bitcoin_opencl"
2025-03-08 11:17:35,564 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_primary_patition"
2025-03-08 11:17:35,564 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "direct_hdd_access"
2025-03-08 11:17:35,564 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "enumerates_physical_drives"
2025-03-08 11:17:35,564 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "physical_drive_access"
2025-03-08 11:17:35,564 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_russkill"
2025-03-08 11:17:35,564 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_addon"
2025-03-08 11:17:35,564 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "chromium_browser_extension_directory"
2025-03-08 11:17:35,564 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_helper_object"
2025-03-08 11:17:35,565 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_security"
2025-03-08 11:17:35,565 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_startpage"
2025-03-08 11:17:35,565 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "ie_disables_process_tab"
2025-03-08 11:17:35,565 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "odbcconf_bypass"
2025-03-08 11:17:35,565 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblydoo_bypass"
2025-03-08 11:17:35,565 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblytwo_bypass"
2025-03-08 11:17:35,565 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "bypass_firewall"
2025-03-08 11:17:35,566 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "checks_uac_status"
2025-03-08 11:17:35,566 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_cmstpcom"
2025-03-08 11:17:35,566 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_delegateexecute_sdclt"
2025-03-08 11:17:35,566 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_fodhelper"
2025-03-08 11:17:35,567 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_extracted_content"
2025-03-08 11:17:35,567 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "carberp_mutex"
2025-03-08 11:17:35,567 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "clears_logs"
2025-03-08 11:17:35,567 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_obfuscation"
2025-03-08 11:17:35,567 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_switches"
2025-03-08 11:17:35,567 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_terminate"
2025-03-08 11:17:35,567 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_forfiles_wildcard"
2025-03-08 11:17:35,567 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_http_link"
2025-03-08 11:17:35,567 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_long_string"
2025-03-08 11:17:35,567 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_reversed_http_link"
2025-03-08 11:17:35,567 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "long_commandline"
2025-03-08 11:17:35,567 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed_commandline"
2025-03-08 11:17:35,568 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_account_discovery_cmd"
2025-03-08 11:17:35,568 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_currently_loggedin_user_cmd"
2025-03-08 11:17:35,568 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_discovery_cmd"
2025-03-08 11:17:35,568 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_discovery_pwsh"
2025-03-08 11:17:35,568 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_cmd"
2025-03-08 11:17:35,568 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_pwsh"
2025-03-08 11:17:35,568 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_user_discovery_cmd"
2025-03-08 11:17:35,568 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "copies_self"
2025-03-08 11:17:35,568 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "credwiz_credentialaccess"
2025-03-08 11:17:35,568 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "enables_wdigest"
2025-03-08 11:17:35,568 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "vaultcmd_credentialaccess"
2025-03-08 11:17:35,568 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "file_credential_store_access"
2025-03-08 11:17:35,569 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "file_credential_store_write"
2025-03-08 11:17:35,569 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "kerberos_credential_access_via_rubeus"
2025-03-08 11:17:35,569 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_dumping"
2025-03-08 11:17:35,569 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_store_access"
2025-03-08 11:17:35,569 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Failed to run signature "registry_credential_store_access": 'target'
2025-03-08 11:17:35,569 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_lsa_secrets_access"
2025-03-08 11:17:35,569 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "comsvcs_credentialdump"
2025-03-08 11:17:35,569 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptomining_stratum_command"
2025-03-08 11:17:35,570 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "cypherit_mutexes"
2025-03-08 11:17:35,570 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "darkcomet_regkeys"
2025-03-08 11:17:35,570 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "datop_loader"
2025-03-08 11:17:35,570 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "deepfreeze_mutex"
2025-03-08 11:17:35,570 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_executed_files"
2025-03-08 11:17:35,570 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_app_launch"
2025-03-08 11:17:35,570 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_auto_app_termination"
2025-03-08 11:17:35,571 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_appv_virtualization"
2025-03-08 11:17:35,571 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_backups"
2025-03-08 11:17:35,571 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_browser_warn"
2025-03-08 11:17:35,571 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_context_menus"
2025-03-08 11:17:35,572 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_cpl_disable"
2025-03-08 11:17:35,572 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_crashdumps"
2025-03-08 11:17:35,572 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_event_logging"
2025-03-08 11:17:35,572 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_folder_options"
2025-03-08 11:17:35,572 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_notificationcenter"
2025-03-08 11:17:35,572 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_power_options"
2025-03-08 11:17:35,572 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_restore_default_state"
2025-03-08 11:17:35,572 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_run_command"
2025-03-08 11:17:35,573 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_security"
2025-03-08 11:17:35,573 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_smartscreen"
2025-03-08 11:17:35,573 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_startmenu_search"
2025-03-08 11:17:35,573 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_system_restore"
2025-03-08 11:17:35,573 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_uac"
2025-03-08 11:17:35,573 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wer"
2025-03-08 11:17:35,573 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender"
2025-03-08 11:17:35,574 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender_dism"
2025-03-08 11:17:35,574 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender_logging"
2025-03-08 11:17:35,574 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_windows_defender_contextmenu"
2025-03-08 11:17:35,574 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "windows_defender_powershell"
2025-03-08 11:17:35,574 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_file_protection"
2025-03-08 11:17:35,574 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windowsupdate"
2025-03-08 11:17:35,574 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_winfirewall"
2025-03-08 11:17:35,575 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "adfind_domain_enumeration"
2025-03-08 11:17:35,575 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "domain_enumeration_commands"
2025-03-08 11:17:35,575 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "andromut_mutexes"
2025-03-08 11:17:35,575 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "downloader_cabby"
2025-03-08 11:17:35,575 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "phorpiex_mutexes"
2025-03-08 11:17:35,575 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "protonbot_mutexes"
2025-03-08 11:17:35,575 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "driver_filtermanager"
2025-03-08 11:17:35,575 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "dropper"
2025-03-08 11:17:35,575 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "dll_archive_execution"
2025-03-08 11:17:35,575 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "lnk_archive_execution"
2025-03-08 11:17:35,576 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "script_archive_execution"
2025-03-08 11:17:35,576 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "excel4_macro_urls"
2025-03-08 11:17:35,576 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "escalate_privilege_via_ntlm_relay"
2025-03-08 11:17:35,576 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "spooler_access"
2025-03-08 11:17:35,576 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "spooler_svc_start"
2025-03-08 11:17:35,576 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "mapped_drives_uac"
2025-03-08 11:17:35,576 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "hides_recycle_bin_icon"
2025-03-08 11:17:35,576 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "apocalypse_stealer_file_behavior"
2025-03-08 11:17:35,576 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "arkei_files"
2025-03-08 11:17:35,576 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "azorult_mutexes"
2025-03-08 11:17:35,577 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_bitcoin"
2025-03-08 11:17:35,578 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptbot_files"
2025-03-08 11:17:35,578 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "echelon_files"
2025-03-08 11:17:35,578 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_ftp"
2025-03-08 11:17:35,584 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_im"
2025-03-08 11:17:35,588 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_mail"
2025-03-08 11:17:35,589 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "masslogger_files"
2025-03-08 11:17:35,589 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "poullight_files"
2025-03-08 11:17:35,590 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "purplewave_mutexes"
2025-03-08 11:17:35,590 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "quilclipper_mutexes"
2025-03-08 11:17:35,590 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_files"
2025-03-08 11:17:35,590 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_mutexes"
2025-03-08 11:17:35,590 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "asyncrat_mutex"
2025-03-08 11:17:35,590 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "Evade_Execution_Via_ASPNet_Compiler"
2025-03-08 11:17:35,591 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "Evade_Execute_Via_DeviceCredentialDeployment"
2025-03-08 11:17:35,591 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "Evade_Execution_Via_Filter_Manager_Control"
2025-03-08 11:17:35,591 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "Evade_Execution_Via_Intel_GFXDownloadWrapper"
2025-03-08 11:17:35,591 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_binary_via_appvlp"
2025-03-08 11:17:35,591 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_binary_via_pcalua"
2025-03-08 11:17:35,591 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "Execute_Binary_Via_OpenSSH"
2025-03-08 11:17:35,591 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_binary_via_pcalua"
2025-03-08 11:17:35,591 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "Execute_Binary_Via_PesterPSModule"
2025-03-08 11:17:35,591 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "Execute_Binary_Via_ScriptRunner"
2025-03-08 11:17:35,591 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_binary_via_ttdinject"
2025-03-08 11:17:35,591 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "Execute_Binary_Via_VisualStudioLiveShare"
2025-03-08 11:17:35,591 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "Execute_Msiexec_Via_Explorer"
2025-03-08 11:17:35,591 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_remote_msi"
2025-03-08 11:17:35,592 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_suspicious_powershell_via_runscripthelper"
2025-03-08 11:17:35,592 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_suspicious_powershell_via_sqlps"
2025-03-08 11:17:35,592 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "Indirect_Command_Execution_Via_ConsoleWindowHost"
2025-03-08 11:17:35,592 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "Perform_Malicious_Activities_Via_Headless_Browser"
2025-03-08 11:17:35,592 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "Register_DLL_Via_CertOC"
2025-03-08 11:17:35,592 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "Register_DLL_Via_MSIEXEC"
2025-03-08 11:17:35,592 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "Register_DLL_Via_Odbcconf"
2025-03-08 11:17:35,592 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "Scriptlet_Proxy_Execution_Via_Pubprn"
2025-03-08 11:17:35,592 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "ie_martian_children"
2025-03-08 11:17:35,592 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_martian_children"
2025-03-08 11:17:35,592 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_icon"
2025-03-08 11:17:35,592 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "masquerade_process_name"
2025-03-08 11:17:35,593 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "mimikatz_modules"
2025-03-08 11:17:35,593 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "ms_office_cmd_rce"
2025-03-08 11:17:35,593 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "mount_copy_to_webdav_share"
2025-03-08 11:17:35,593 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "potential_protocol_tunneling_via_legit_utilities"
2025-03-08 11:17:35,593 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "potential_protocol_tunneling_via_qemu"
2025-03-08 11:17:35,593 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_execution_via_dotnet_remoting"
2025-03-08 11:17:35,594 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_clr_usagelog_regkeys"
2025-03-08 11:17:35,594 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_hostfile"
2025-03-08 11:17:35,594 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_oem_information"
2025-03-08 11:17:35,594 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_security_center_warnings"
2025-03-08 11:17:35,594 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_uac_prompt"
2025-03-08 11:17:35,594 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_blockchain"
2025-03-08 11:17:35,594 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_opennic"
2025-03-08 11:17:35,594 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_paste_site"
2025-03-08 11:17:35,595 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_reverse_proxy"
2025-03-08 11:17:35,595 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_temp_file_storage"
2025-03-08 11:17:35,595 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_temp_urldns"
2025-03-08 11:17:35,595 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_url_shortener"
2025-03-08 11:17:35,595 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_doh_tls"
2025-03-08 11:17:35,595 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_tld"
2025-03-08 11:17:35,595 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor_service"
2025-03-08 11:17:35,595 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_code_page"
2025-03-08 11:17:35,595 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_addinloading"
2025-03-08 11:17:35,595 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_perfkey"
2025-03-08 11:17:35,595 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro"
2025-03-08 11:17:35,596 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "changes_trust_center_settings"
2025-03-08 11:17:35,596 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_vba_trust_access"
2025-03-08 11:17:35,596 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_autoexecution"
2025-03-08 11:17:35,596 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_ioc"
2025-03-08 11:17:35,596 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_malicious_prediction"
2025-03-08 11:17:35,596 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_suspicious"
2025-03-08 11:17:35,596 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_aslr_bypass"
2025-03-08 11:17:35,596 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_characterset"
2025-03-08 11:17:35,596 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_version"
2025-03-08 11:17:35,596 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_content"
2025-03-08 11:17:35,596 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_office_file"
2025-03-08 11:17:35,596 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_exploit_static"
2025-03-08 11:17:35,596 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_security"
2025-03-08 11:17:35,597 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_anomalous_feature"
2025-03-08 11:17:35,597 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_dde_command"
2025-03-08 11:17:35,597 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_mutex"
2025-03-08 11:17:35,597 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_regkey"
2025-03-08 11:17:35,597 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ads"
2025-03-08 11:17:35,597 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_safeboot"
2025-03-08 11:17:35,597 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ifeo"
2025-03-08 11:17:35,597 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_silent_process_exit"
2025-03-08 11:17:35,598 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_rdp_registry"
2025-03-08 11:17:35,598 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_rdp_shadowing"
2025-03-08 11:17:35,598 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_service"
2025-03-08 11:17:35,598 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_shim_database"
2025-03-08 11:17:35,598 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "powerpool_mutexes"
2025-03-08 11:17:35,598 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_scriptblock_logging"
2025-03-08 11:17:35,598 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_command_suspicious"
2025-03-08 11:17:35,598 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed"
2025-03-08 11:17:35,598 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_reversed"
2025-03-08 11:17:35,598 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_variable_obfuscation"
2025-03-08 11:17:35,599 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "prevents_safeboot"
2025-03-08 11:17:35,599 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_process_discovery"
2025-03-08 11:17:35,599 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptomix_mutexes"
2025-03-08 11:17:35,599 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "dharma_mutexes"
2025-03-08 11:17:35,599 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_extensions"
2025-03-08 11:17:35,600 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_files"
2025-03-08 11:17:35,602 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "fonix_mutexes"
2025-03-08 11:17:35,602 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "gandcrab_mutexes"
2025-03-08 11:17:35,602 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "germanwiper_mutexes"
2025-03-08 11:17:35,602 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_mutexes"
2025-03-08 11:17:35,603 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_regkeys"
2025-03-08 11:17:35,603 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_mutexes"
2025-03-08 11:17:35,603 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_regkeys"
2025-03-08 11:17:35,603 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "pysa_mutexes"
2025-03-08 11:17:35,603 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_radamant"
2025-03-08 11:17:35,603 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_recyclebin"
2025-03-08 11:17:35,603 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "revil_mutexes"
2025-03-08 11:17:35,604 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_revil_regkey"
2025-03-08 11:17:35,604 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "satan_mutexes"
2025-03-08 11:17:35,604 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "snake_ransom_mutexes"
2025-03-08 11:17:35,604 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransom_mutexes"
2025-03-08 11:17:35,604 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransomware_cmd"
2025-03-08 11:17:35,604 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_stopdjvu"
2025-03-08 11:17:35,604 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_beebus_mutexes"
2025-03-08 11:17:35,605 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "blacknet_mutexes"
2025-03-08 11:17:35,605 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_mutexes"
2025-03-08 11:17:35,605 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "crat_mutexes"
2025-03-08 11:17:35,605 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_files"
2025-03-08 11:17:35,605 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_mutexes"
2025-03-08 11:17:35,605 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_fynloski_mutexes"
2025-03-08 11:17:35,605 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "karagany_files"
2025-03-08 11:17:35,605 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_mutexes"
2025-03-08 11:17:35,605 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_regkeys"
2025-03-08 11:17:35,606 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "lodarat_file_behavior"
2025-03-08 11:17:35,606 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "modirat_behavior"
2025-03-08 11:17:35,606 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "njrat_regkeys"
2025-03-08 11:17:35,606 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_files"
2025-03-08 11:17:35,606 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_mutexes"
2025-03-08 11:17:35,607 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "parallax_mutexes"
2025-03-08 11:17:35,607 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_pcclient"
2025-03-08 11:17:35,607 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_plugx_mutexes"
2025-03-08 11:17:35,607 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_poisonivy_mutexes"
2025-03-08 11:17:35,607 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_quasar_mutexes"
2025-03-08 11:17:35,607 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "ratsnif_mutexes"
2025-03-08 11:17:35,607 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_senna_mutexes"
2025-03-08 11:17:35,607 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_spynet"
2025-03-08 11:17:35,607 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "venomrat_mutexes"
2025-03-08 11:17:35,608 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_files"
2025-03-08 11:17:35,608 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_regkeys"
2025-03-08 11:17:35,608 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_files"
2025-03-08 11:17:35,608 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_mutexes"
2025-03-08 11:17:35,608 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_xtreme_mutexes"
2025-03-08 11:17:35,608 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_fingerprint"
2025-03-08 11:17:35,609 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_files"
2025-03-08 11:17:35,609 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_mutexes"
2025-03-08 11:17:35,609 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_regkeys"
2025-03-08 11:17:35,609 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "rdptcp_key"
2025-03-08 11:17:35,609 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_rdp_clip"
2025-03-08 11:17:35,609 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_remote_desktop_session"
2025-03-08 11:17:35,609 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_networking_icon"
2025-03-08 11:17:35,610 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_pinned_programs"
2025-03-08 11:17:35,610 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_security_maintenance_icon"
2025-03-08 11:17:35,610 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_startmenu_defaults"
2025-03-08 11:17:35,610 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_username_startmenu"
2025-03-08 11:17:35,610 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "spicyhotpot_behavior"
2025-03-08 11:17:35,610 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "sniffer_winpcap"
2025-03-08 11:17:35,611 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "spreading_autoruninf"
2025-03-08 11:17:35,611 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hidden_extension"
2025-03-08 11:17:35,611 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hiddenreg"
2025-03-08 11:17:35,611 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hide_notifications"
2025-03-08 11:17:35,611 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_webhistory"
2025-03-08 11:17:35,611 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_psexec"
2025-03-08 11:17:35,611 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_tools"
2025-03-08 11:17:35,611 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "language_check_registry"
2025-03-08 11:17:35,612 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "language_check_registry"
2025-03-08 11:17:35,612 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_etw"
2025-03-08 11:17:35,612 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "lsa_tampering"
2025-03-08 11:17:35,612 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_powershell_logging"
2025-03-08 11:17:35,612 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "targeted_flame"
2025-03-08 11:17:35,612 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "territorial_disputes_sigs"
2025-03-08 11:17:35,618 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "trickbot_mutex"
2025-03-08 11:17:35,619 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "fleercivet_mutex"
2025-03-08 11:17:35,619 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "lokibot_mutexes"
2025-03-08 11:17:35,619 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "ursnif_behavior"
2025-03-08 11:17:35,619 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "upatre_files"
2025-03-08 11:17:35,619 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "upatre_files"
2025-03-08 11:17:35,619 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_adfind"
2025-03-08 11:17:35,619 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_ms_protocol"
2025-03-08 11:17:35,620 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "neshta_mutexes"
2025-03-08 11:17:35,620 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "renamer_mutexes"
2025-03-08 11:17:35,620 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "owa_web_shell_files"
2025-03-08 11:17:35,620 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_files"
2025-03-08 11:17:35,620 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_processes"
2025-03-08 11:17:35,620 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_csc_build"
2025-03-08 11:17:35,620 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "mavinject_lolbin"
2025-03-08 11:17:35,620 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "multiple_explorer_instances"
2025-03-08 11:17:35,620 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "script_tool_executed"
2025-03-08 11:17:35,620 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_certutil_use"
2025-03-08 11:17:35,620 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_command_tools"
2025-03-08 11:17:35,621 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_mpcmdrun_use"
2025-03-08 11:17:35,621 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_ping_use"
2025-03-08 11:17:35,621 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_powershell_copyitem"
2025-03-08 11:17:35,622 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities"
2025-03-08 11:17:35,622 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_appcmd"
2025-03-08 11:17:35,623 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_csvde_ldifde"
2025-03-08 11:17:35,623 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_cipher"
2025-03-08 11:17:35,623 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_clickonce"
2025-03-08 11:17:35,623 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_curl"
2025-03-08 11:17:35,623 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_dsquery"
2025-03-08 11:17:35,623 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_esentutl"
2025-03-08 11:17:35,623 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_finger"
2025-03-08 11:17:35,623 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_mode"
2025-03-08 11:17:35,623 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_ntdsutil"
2025-03-08 11:17:35,623 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_nltest"
2025-03-08 11:17:35,623 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_xcopy"
2025-03-08 11:17:35,623 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "wmic_command_suspicious"
2025-03-08 11:17:35,623 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "scrcons_wmi_script_consumer"
2025-03-08 11:17:35,624 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Running signature "allaple_mutexes"
2025-03-08 11:17:35,624 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "stealth_timeout"
2025-03-08 11:17:35,624 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "language_check_registry"
2025-03-08 11:17:35,637 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "BinGraph"
2025-03-08 11:17:35,638 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "CAPASummary"
2025-03-08 11:17:35,638 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "PCAP2CERT"
2025-03-08 11:17:35,638 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTML"
2025-03-08 11:17:35,657 [Task 15] [lib.cuckoo.core.plugins] WARNING: The reporting module "ReportHTML" returned the following error: Failed to generate summary HTML report: 'dict object' has no attribute 'CAPE'
2025-03-08 11:17:35,657 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTMLSummary"
2025-03-08 11:17:35,675 [Task 15] [lib.cuckoo.core.plugins] WARNING: The reporting module "ReportHTMLSummary" returned the following error: Failed to generate summary HTML report: 'dict object' has no attribute 'CAPE'
2025-03-08 11:17:35,675 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "JsonDump"
2025-03-08 11:17:35,677 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportPDF"
2025-03-08 11:17:35,677 [Task 15] [lib.cuckoo.core.plugins] WARNING: The reporting module "ReportPDF" returned the following error: Unable to open summary HTML report to convert to PDF: Ensure reporthtmlsummary is enabled in reporting.conf
2025-03-08 11:17:35,677 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MongoDB"
2025-03-08 11:17:35,694 [Task 15] [modules.reporting.mongodb] DEBUG: Deleted previous MongoDB data for Task 15
2025-03-08 11:17:35,761 [Task 15] [root] DEBUG: Finished processing task

[doomedraven]

can you share hash to try to reproduce it on my side?

[tionosaja]

Hash of a file that has been analyzed ?

**65c9f1d4977cf587a3dc9ac30d1193c0**

[doomedraven]

file are not on vt, and i can't find it on another platforms, can you attack it? is that just a txt file with some ips?

[tionosaja]

Yes, this is just a regular sample file that I am using (no indication of malware).

[doomedraven]

i just submitted random txt files, and it generated me the report just fine. i did check again those modules that fails to you but i don't see whats is wrong

[tionosaja]

Just for your information, if I disable HTML & PDF reporting, the reporting in JSON format works without any issues.

[doomedraven]

i have pushed some changes to those modules, if you need them, reenable it, pull from master poetry run utils/community.py -waf and then reprocess again that task, that now should give better error details + shouldn't make failed analysis

[tionosaja]

After I performed the update, the error that occurred is as follows:

2025-03-08 15:42:18,156 [Task 21] [modules.reporting.reporthtml] ERROR: Failed to generate summary HTML report: 'dict object' has no attribute 'CAPE'
Traceback (most recent call last):
  File "/opt/CAPEv2/utils/../modules/reporting/reporthtml.py", line 85, in run
    html = tpl.render({"results": results, "summary_report": False})
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 1295, in render
    self.environment.handle_exception()
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 942, in handle_exception
    raise rewrite_traceback_stack(source=source)
  File "/opt/CAPEv2/data/html/report.html", line 1, in top-level template code
    {% extends "base-report.html" %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/base-report.html", line 67, in top-level template code
    {% block content %}{% endblock %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/report.html", line 3, in block 'content'
    {% include "sections/info.html" %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/sections/info.html", line 65, in top-level template code
    {% if results.CAPE.configs %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 490, in getattr
    return getattr(obj, attribute)
           ^^^^^^^^^^^^^^^^^^^^^^^
jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'CAPE'
2025-03-08 15:42:18,158 [Task 21] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTMLSummary"
2025-03-08 15:42:18,175 [Task 21] [modules.reporting.reporthtmlsummary] ERROR: Failed to generate summary HTML report: 'dict object' has no attribute 'CAPE'
Traceback (most recent call last):
  File "/opt/CAPEv2/utils/../modules/reporting/reporthtmlsummary.py", line 95, in run
    html = tpl.render({"results": results, "summary_report": True})
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 1295, in render
    self.environment.handle_exception()
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 942, in handle_exception
    raise rewrite_traceback_stack(source=source)
  File "/opt/CAPEv2/data/html/report.html", line 1, in top-level template code
    {% extends "base-report.html" %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/base-report.html", line 67, in top-level template code
    {% block content %}{% endblock %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/report.html", line 3, in block 'content'
    {% include "sections/info.html" %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/sections/info.html", line 65, in top-level template code
    {% if results.CAPE.configs %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 490, in getattr
    return getattr(obj, attribute)
           ^^^^^^^^^^^^^^^^^^^^^^^
jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'CAPE'
2025-03-08 15:42:18,176 [Task 21] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "JsonDump"
2025-03-08 15:42:18,176 [Task 21] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportPDF"
2025-03-08 15:42:18,176 [Task 21] [lib.cuckoo.core.plugins] WARNING: The reporting module "ReportPDF" returned the following error: Unable to open summary HTML report to convert to PDF: Ensure reporthtmlsummary is enabled in reporting.conf
2025-03-08 15:42:18,177 [Task 21] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MongoDB"
2025-03-08 15:42:18,182 [Task 21] [modules.reporting.mongodb] DEBUG: Deleted previous MongoDB data for Task 21
2025-03-08 15:42:18,261 [Task 21] [root] DEBUG: Finished processing task

[doomedraven]

Great this is what I need, thank you will push a fix in a bit

[doomedraven]

ok, lets try once more.

do next:

1. git pull
2. reprocess the same job and see if it still happens

also provide plz output of poetry run pip freeze grep Jinja
Here is mine

Jinja2==3.1.5

[tionosaja]

2025-03-08 17:17:01,565 [Task 23] [modules.reporting.reporthtml] ERROR: Failed to generate summary HTML report: 'dict object' has no attribute 'target'
Traceback (most recent call last):
  File "/opt/CAPEv2/utils/../modules/reporting/reporthtml.py", line 85, in run
    html = tpl.render({"results": results, "summary_report": False})
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 1295, in render
    self.environment.handle_exception()
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 942, in handle_exception
    raise rewrite_traceback_stack(source=source)
  File "/opt/CAPEv2/data/html/report.html", line 1, in top-level template code
    {% extends "base-report.html" %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/base-report.html", line 67, in top-level template code
    {% block content %}{% endblock %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/report.html", line 6, in block 'content'
    {% include "sections/file.html" %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/sections/file.html", line 16, in top-level template code
    {% if results.target.file %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 490, in getattr
    return getattr(obj, attribute)
           ^^^^^^^^^^^^^^^^^^^^^^^
jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'target'
2025-03-08 17:17:01,566 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTMLSummary"
2025-03-08 17:17:01,586 [Task 23] [modules.reporting.reporthtmlsummary] ERROR: Failed to generate summary HTML report: 'dict object' has no attribute 'target'
Traceback (most recent call last):
  File "/opt/CAPEv2/utils/../modules/reporting/reporthtmlsummary.py", line 95, in run
    html = tpl.render({"results": results, "summary_report": True})
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 1295, in render
    self.environment.handle_exception()
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 942, in handle_exception
    raise rewrite_traceback_stack(source=source)
  File "/opt/CAPEv2/data/html/report.html", line 1, in top-level template code
    {% extends "base-report.html" %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/base-report.html", line 67, in top-level template code
    {% block content %}{% endblock %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/report.html", line 6, in block 'content'
    {% include "sections/file.html" %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/sections/file.html", line 16, in top-level template code
    {% if results.target.file %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 490, in getattr
    return getattr(obj, attribute)
           ^^^^^^^^^^^^^^^^^^^^^^^
jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'target'
2025-03-08 17:17:01,587 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "JsonDump"
2025-03-08 17:17:01,587 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportPDF"
2025-03-08 17:17:01,588 [Task 23] [lib.cuckoo.core.plugins] WARNING: The reporting module "ReportPDF" returned the following error: Unable to open summary HTML report to convert to PDF: Ensure reporthtmlsummary is enabled in reporting.conf
2025-03-08 17:17:01,588 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MongoDB"
2025-03-08 17:17:01,593 [Task 23] [modules.reporting.mongodb] DEBUG: Deleted previous MongoDB data for Task 23
2025-03-08 17:17:01,651 [Task 23] [root] DEBUG: Finished processing task

poetry run pip freeze grep Jinja

[doomedraven]

did you reenabble CAPE in processing.conf? that must be enabled

[tionosaja]

I have tried enabling and disabling it, and the log is the same.

[doomedraven]

you have in logs 2025-03-08 11:17:35,519 [Task 15] [lib.cuckoo.core.plugins] DEBUG: Failed to run signature "binary_yara": 'target'
but there is no info why for some reason %)

[doomedraven]

does that happens only with this txt or it happens with real samples?

[tionosaja]

I am using the sample MalwareBazaar_dll.zip with the hash 2793dee0d84f1d94df7d5dcd8634b9d7.

2025-03-08 17:43:12,360 [root] DEBUG: Importing modules...
2025-03-08 17:43:12,361 [modules.auxiliary.QemuScreenshots] DEBUG: Importing 'PIL.ImageChops.difference'
2025-03-08 17:43:12,362 [modules.auxiliary.QemuScreenshots] DEBUG: Importing 'PIL.ImageDraw'
2025-03-08 17:43:12,362 [modules.auxiliary.QemuScreenshots] DEBUG: Importing 'PIL.Image'
OPTIONAL! Missed dependency: poetry run pip install -U git+https://github.com/CAPESandbox/httpreplay
2025-03-08 17:43:12,532 [lazy_import] DEBUG: Getting attr Fernet of LazyModule instance of cryptography.fernet
2025-03-08 17:43:12,532 [lazy_import] DEBUG: Getting attr __name__ of LazyModule instance of cryptography.fernet
2025-03-08 17:43:12,553 [root] DEBUG: Missed file extra/msft-public-ips.csv. Get a fresh copy from https://www.microsoft.com/en-us/download/details.aspx?id=53602
2025-03-08 17:43:12,629 [lazy_import] DEBUG: Getting attr __spec__ of LazyModule instance of yaml
2025-03-08 17:43:12,630 [lazy_import] DEBUG: Getting attr __path__ of LazyModule instance of yaml
2025-03-08 17:43:12,630 [lazy_import] DEBUG: Getting attr __name__ of LazyModule instance of yaml
2025-03-08 17:43:12,630 [lazy_import] DEBUG: Proceeding to load module yaml, from requested value __path__
2025-03-08 17:43:12,630 [lazy_import] DEBUG: Getting attr __name__ of LazyModule instance of yaml
2025-03-08 17:43:12,630 [lazy_import] DEBUG: loading module yaml
2025-03-08 17:43:12,637 [lazy_import] DEBUG: Successfully loaded module yaml
2025-03-08 17:43:12,871 [capa.rules] DEBUG: reading rules from directory /opt/CAPEv2/data/capa-rules
2025-03-08 17:43:12,887 [capa.rules.cache] DEBUG: loading rule set from cache: /home/cape/.cache/capa/capa-1d6fb80b.cache
2025-03-08 17:43:12,925 [capa.loader] DEBUG: reading signatures from directory /opt/CAPEv2/data/flare-signatures
2025-03-08 17:43:12,925 [capa.loader] DEBUG: found signature file: /opt/CAPEv2/data/flare-signatures/1_flare_msvc_rtf_32_64.sig
2025-03-08 17:43:12,925 [capa.loader] DEBUG: found signature file: /opt/CAPEv2/data/flare-signatures/2_flare_msvc_atlmfc_32_64.sig
2025-03-08 17:43:12,925 [capa.loader] DEBUG: found signature file: /opt/CAPEv2/data/flare-signatures/3_flare_common_libs.sig
2025-03-08 17:43:12,954 [root] DEBUG: Imported "auxiliary" modules:
2025-03-08 17:43:12,954 [root] DEBUG:    |-- AzSniffer
2025-03-08 17:43:12,955 [root] DEBUG:    |-- Mitmdump
2025-03-08 17:43:12,955 [root] DEBUG:    |-- QEMUScreenshots
2025-03-08 17:43:12,955 [root] DEBUG:    `-- Sniffer
2025-03-08 17:43:12,955 [root] DEBUG: Imported "processing" modules:
2025-03-08 17:43:12,955 [root] DEBUG:    |-- AnalysisInfo
2025-03-08 17:43:12,955 [root] DEBUG:    |-- Autoruns
2025-03-08 17:43:12,955 [root] DEBUG:    |-- BehaviorAnalysis
2025-03-08 17:43:12,955 [root] DEBUG:    |-- Debug
2025-03-08 17:43:12,955 [root] DEBUG:    |-- HollowsHunter
2025-03-08 17:43:12,955 [root] DEBUG:    |-- NetworkAnalysis
2025-03-08 17:43:12,955 [root] DEBUG:    |-- ProcessMemory
2025-03-08 17:43:12,955 [root] DEBUG:    |-- script_log_processing
2025-03-08 17:43:12,955 [root] DEBUG:    |-- Suricata
2025-03-08 17:43:12,955 [root] DEBUG:    |-- Sysmon
2025-03-08 17:43:12,955 [root] DEBUG:    `-- UrlAnalysis
2025-03-08 17:43:12,955 [root] DEBUG: Imported "signatures" modules:
2025-03-08 17:43:12,955 [root] DEBUG:    |-- AntiAnalysisTLSSection
2025-03-08 17:43:12,955 [root] DEBUG:    |-- ClamAV
2025-03-08 17:43:12,955 [root] DEBUG:    |-- KnownVirustotal
2025-03-08 17:43:12,955 [root] DEBUG:    |-- BadCerts
2025-03-08 17:43:12,955 [root] DEBUG:    |-- BadSSLCerts
2025-03-08 17:43:12,955 [root] DEBUG:    |-- ZeusP2P
2025-03-08 17:43:12,955 [root] DEBUG:    |-- ZeusURL
2025-03-08 17:43:12,955 [root] DEBUG:    |-- BinaryTriggeredYARA
2025-03-08 17:43:12,955 [root] DEBUG:    |-- AthenaHttp
2025-03-08 17:43:12,955 [root] DEBUG:    |-- DirtJumper
2025-03-08 17:43:12,955 [root] DEBUG:    |-- Drive
2025-03-08 17:43:12,955 [root] DEBUG:    |-- Drive2
2025-03-08 17:43:12,955 [root] DEBUG:    |-- Madness
2025-03-08 17:43:12,955 [root] DEBUG:    |-- HTMLPhisher_0
2025-03-08 17:43:12,955 [root] DEBUG:    |-- HTMLPhisher_1
2025-03-08 17:43:12,955 [root] DEBUG:    |-- HTMLPhisher_2
2025-03-08 17:43:12,955 [root] DEBUG:    |-- FamilyProxyBack
2025-03-08 17:43:12,955 [root] DEBUG:    |-- FlareCAPAAntiAnalysis
2025-03-08 17:43:12,955 [root] DEBUG:    |-- FlareCAPACollection
2025-03-08 17:43:12,955 [root] DEBUG:    |-- FlareCAPAcommunication
2025-03-08 17:43:12,955 [root] DEBUG:    |-- FlareCAPACompiler
2025-03-08 17:43:12,955 [root] DEBUG:    |-- FlareCAPADataManipulation
2025-03-08 17:43:12,955 [root] DEBUG:    |-- FlareCAPAExecutable
2025-03-08 17:43:12,955 [root] DEBUG:    |-- FlareCAPAHostInteration
2025-03-08 17:43:12,956 [root] DEBUG:    |-- FlareCAPAcommunication
2025-03-08 17:43:12,956 [root] DEBUG:    |-- FlareCAPALib
2025-03-08 17:43:12,956 [root] DEBUG:    |-- FlareCAPALinking
2025-03-08 17:43:12,956 [root] DEBUG:    |-- FlareCAPALoadCode
2025-03-08 17:43:12,956 [root] DEBUG:    |-- FlareCAPAMalwareFamily
2025-03-08 17:43:12,956 [root] DEBUG:    |-- FlareCAPANursery
2025-03-08 17:43:12,956 [root] DEBUG:    |-- FlareCAPAPersistence
2025-03-08 17:43:12,956 [root] DEBUG:    |-- FlareCAPARuntime
2025-03-08 17:43:12,956 [root] DEBUG:    |-- FlareCAPATargeting
2025-03-08 17:43:12,956 [root] DEBUG:    |-- ThreatFox
2025-03-08 17:43:12,956 [root] DEBUG:    |-- Log4j
2025-03-08 17:43:12,956 [root] DEBUG:    |-- MimicsExtension
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NetworkCountryDistribution
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NetworkMultipleDirectIPConnections
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NetworkCnCHTTP
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NetworkHTTPPOST
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NetworkIPEXE
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NetworkDGA
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NetworkDGAFraunhofer
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NetworkDynDNS
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NetworkExcessiveUDP
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NetworkHTTP
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NetworkICMP
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NetworkIRC
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NetworkOpenProxy
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NetworkP2P
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NetworkQuestionableHost
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NetworkQuestionableHttpPath
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NetworkQuestionableHttpsPath
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NetworkSMTP
2025-03-08 17:43:12,956 [root] DEBUG:    |-- TorGateway
2025-03-08 17:43:12,956 [root] DEBUG:    |-- BuildLangID
2025-03-08 17:43:12,956 [root] DEBUG:    |-- ResourceLangID
2025-03-08 17:43:12,956 [root] DEBUG:    |-- overlay
2025-03-08 17:43:12,956 [root] DEBUG:    |-- PackerUnknownPESectionName
2025-03-08 17:43:12,956 [root] DEBUG:    |-- ASPackPacked
2025-03-08 17:43:12,956 [root] DEBUG:    |-- AspireCryptPacked
2025-03-08 17:43:12,956 [root] DEBUG:    |-- BedsProtectorPacked
2025-03-08 17:43:12,956 [root] DEBUG:    |-- ConfuserPacked
2025-03-08 17:43:12,956 [root] DEBUG:    |-- EnigmaPacked
2025-03-08 17:43:12,956 [root] DEBUG:    |-- PackerEntropy
2025-03-08 17:43:12,956 [root] DEBUG:    |-- MPressPacked
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NatePacked
2025-03-08 17:43:12,956 [root] DEBUG:    |-- NsPacked
2025-03-08 17:43:12,956 [root] DEBUG:    |-- SmartAssemblyPacked
2025-03-08 17:43:12,956 [root] DEBUG:    |-- SpicesPacked
2025-03-08 17:43:12,956 [root] DEBUG:    |-- ThemidaPacked
2025-03-08 17:43:12,956 [root] DEBUG:    |-- ThemidaPackedSection
2025-03-08 17:43:12,956 [root] DEBUG:    |-- TitanPacked
2025-03-08 17:43:12,956 [root] DEBUG:    |-- UPXCompressed
2025-03-08 17:43:12,956 [root] DEBUG:    |-- VMPPacked
2025-03-08 17:43:12,956 [root] DEBUG:    |-- YodaPacked
2025-03-08 17:43:12,957 [root] DEBUG:    |-- PDF_Annot_URLs_Checker
2025-03-08 17:43:12,957 [root] DEBUG:    |-- Polymorphic
2025-03-08 17:43:12,957 [root] DEBUG:    |-- PunchPlusPlusPCREs
2025-03-08 17:43:12,957 [root] DEBUG:    |-- Procmem_Yara
2025-03-08 17:43:12,957 [root] DEBUG:    |-- CheckIP
2025-03-08 17:43:12,957 [root] DEBUG:    |-- Authenticode
2025-03-08 17:43:12,957 [root] DEBUG:    |-- InvalidAuthenticodeSignature
2025-03-08 17:43:12,957 [root] DEBUG:    |-- DotNetAnomaly
2025-03-08 17:43:12,957 [root] DEBUG:    |-- Static_Java
2025-03-08 17:43:12,957 [root] DEBUG:    |-- Static_PDF
2025-03-08 17:43:12,957 [root] DEBUG:    |-- ContainsPEOverlay
2025-03-08 17:43:12,957 [root] DEBUG:    |-- PEAnomaly
2025-03-08 17:43:12,957 [root] DEBUG:    |-- PECompileTimeStomping
2025-03-08 17:43:12,957 [root] DEBUG:    |-- StaticPEPDBPath
2025-03-08 17:43:12,957 [root] DEBUG:    |-- RATConfig
2025-03-08 17:43:12,957 [root] DEBUG:    |-- VersionInfoAnomaly
2025-03-08 17:43:12,957 [root] DEBUG:    |-- StealthNetwork
2025-03-08 17:43:12,957 [root] DEBUG:    |-- SuricataAlert
2025-03-08 17:43:12,957 [root] DEBUG:    |-- suspiciousHRML_Body
2025-03-08 17:43:12,957 [root] DEBUG:    |-- suspiciousHTML_Filename
2025-03-08 17:43:12,957 [root] DEBUG:    |-- suspiciousHTML_Title
2025-03-08 17:43:12,957 [root] DEBUG:    |-- VolDevicetree1
2025-03-08 17:43:12,957 [root] DEBUG:    |-- VolHandles1
2025-03-08 17:43:12,957 [root] DEBUG:    |-- VolLdrModules1
2025-03-08 17:43:12,957 [root] DEBUG:    |-- VolLdrModules2
2025-03-08 17:43:12,957 [root] DEBUG:    |-- VolMalfind1
2025-03-08 17:43:12,957 [root] DEBUG:    |-- VolMalfind2
2025-03-08 17:43:12,957 [root] DEBUG:    |-- VolModscan1
2025-03-08 17:43:12,957 [root] DEBUG:    |-- VolSvcscan1
2025-03-08 17:43:12,957 [root] DEBUG:    |-- VolSvcscan2
2025-03-08 17:43:12,957 [root] DEBUG:    |-- VolSvcscan3
2025-03-08 17:43:12,957 [root] DEBUG:    |-- WHOIS_Create
2025-03-08 17:43:12,957 [root] DEBUG:    |-- DisableDriverViaBlocklist
2025-03-08 17:43:12,957 [root] DEBUG:    |-- DisableDriverViaHVCIDisallowedImages
2025-03-08 17:43:12,957 [root] DEBUG:    |-- DisableHypervisorProtectedCodeIntegrity
2025-03-08 17:43:12,957 [root] DEBUG:    |-- PendingFileRenameOperations
2025-03-08 17:43:12,957 [root] DEBUG:    |-- AccessesMailslot
2025-03-08 17:43:12,957 [root] DEBUG:    |-- AccessesNetlogonRegkey
2025-03-08 17:43:12,957 [root] DEBUG:    |-- AccessesPublicFolder
2025-03-08 17:43:12,957 [root] DEBUG:    |-- AccessesSysvol
2025-03-08 17:43:12,957 [root] DEBUG:    |-- WritesSysvol
2025-03-08 17:43:12,957 [root] DEBUG:    |-- AddsAdminUser
2025-03-08 17:43:12,957 [root] DEBUG:    |-- AddsUser
2025-03-08 17:43:12,957 [root] DEBUG:    |-- OverwritesAdminPassword
2025-03-08 17:43:12,957 [root] DEBUG:    |-- anomalous_deletefile
2025-03-08 17:43:12,957 [root] DEBUG:    |-- AntiAnalysisDetectFile
2025-03-08 17:43:12,957 [root] DEBUG:    |-- AntiAnalysisDetectReg
2025-03-08 17:43:12,957 [root] DEBUG:    |-- QihooDetectLibs
2025-03-08 17:43:12,957 [root] DEBUG:    |-- AhnlabDetectLibs
2025-03-08 17:43:12,957 [root] DEBUG:    |-- AvastDetectLibs
2025-03-08 17:43:12,957 [root] DEBUG:    |-- BitdefenderDetectLibs
2025-03-08 17:43:12,957 [root] DEBUG:    |-- BullguardDetectLibs
2025-03-08 17:43:12,957 [root] DEBUG:    |-- ModifiesAttachmentManager
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiAVDetectFile
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiAVDetectReg
2025-03-08 17:43:12,958 [root] DEBUG:    |-- EmsisoftDetectLibs
2025-03-08 17:43:12,958 [root] DEBUG:    |-- QurbDetectLibs
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiAVServiceStop
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiAVSRP
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiAVWhitespace
2025-03-08 17:43:12,958 [root] DEBUG:    |-- antidebug_addvectoredexceptionhandler
2025-03-08 17:43:12,958 [root] DEBUG:    |-- APIOverrideDetectLibs
2025-03-08 17:43:12,958 [root] DEBUG:    |-- antidebug_checkremotedebuggerpresent
2025-03-08 17:43:12,958 [root] DEBUG:    |-- antidebug_debugactiveprocess
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiDBGDevices
2025-03-08 17:43:12,958 [root] DEBUG:    |-- antidebug_gettickcount
2025-03-08 17:43:12,958 [root] DEBUG:    |-- antidebug_guardpages
2025-03-08 17:43:12,958 [root] DEBUG:    |-- antidebug_ntcreatethreadex
2025-03-08 17:43:12,958 [root] DEBUG:    |-- BullguardDetectLibs
2025-03-08 17:43:12,958 [root] DEBUG:    |-- antidebug_ntsetinformationthread
2025-03-08 17:43:12,958 [root] DEBUG:    |-- antidebug_outputdebugstring
2025-03-08 17:43:12,958 [root] DEBUG:    |-- antidebug_setunhandledexceptionfilter
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiDBGWindows
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiEmuWinDefend
2025-03-08 17:43:12,958 [root] DEBUG:    |-- WineDetectReg
2025-03-08 17:43:12,958 [root] DEBUG:    |-- WineDetectFunc
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiSandboxCheckUserdomain
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiCuckoo
2025-03-08 17:43:12,958 [root] DEBUG:    |-- CuckooDetectFiles
2025-03-08 17:43:12,958 [root] DEBUG:    |-- CuckooCrash
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiSandboxForegroundWindow
2025-03-08 17:43:12,958 [root] DEBUG:    |-- FortinetDetectFiles
2025-03-08 17:43:12,958 [root] DEBUG:    |-- SandboxJoeAnubisDetectFiles
2025-03-08 17:43:12,958 [root] DEBUG:    |-- HookMouse
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiSandboxRestart
2025-03-08 17:43:12,958 [root] DEBUG:    |-- SandboxieDetectLibs
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntisandboxSboxieMutex
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiSandboxSboxieObjects
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiSandboxScriptTimer
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiSandboxSleep
2025-03-08 17:43:12,958 [root] DEBUG:    |-- SunbeltDetectFiles
2025-03-08 17:43:12,958 [root] DEBUG:    |-- SunbeltDetectLibs
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiSandboxSuspend
2025-03-08 17:43:12,958 [root] DEBUG:    |-- ThreatTrackDetectFiles
2025-03-08 17:43:12,958 [root] DEBUG:    |-- Unhook
2025-03-08 17:43:12,958 [root] DEBUG:    |-- BochsDetectKeys
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiVMDirectoryObjects
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiVMBios
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiVMCPU
2025-03-08 17:43:12,958 [root] DEBUG:    |-- DiskInformation
2025-03-08 17:43:12,958 [root] DEBUG:    |-- SetupAPIDiskInformation
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiVMDiskReg
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiVMSCSI
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiVMServices
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiVMSystem
2025-03-08 17:43:12,958 [root] DEBUG:    |-- HyperVDetectKeys
2025-03-08 17:43:12,958 [root] DEBUG:    |-- AntiVMChecksAvailableMemory
2025-03-08 17:43:12,958 [root] DEBUG:    |-- NetworkAdapters
2025-03-08 17:43:12,959 [root] DEBUG:    |-- ParallelsDetectKeys
2025-03-08 17:43:12,959 [root] DEBUG:    |-- DetectVirtualizationViaRecentFiles
2025-03-08 17:43:12,959 [root] DEBUG:    |-- VBoxDetectDevices
2025-03-08 17:43:12,959 [root] DEBUG:    |-- VBoxDetectFiles
2025-03-08 17:43:12,959 [root] DEBUG:    |-- VBoxDetectKeys
2025-03-08 17:43:12,959 [root] DEBUG:    |-- VBoxDetectLibs
2025-03-08 17:43:12,959 [root] DEBUG:    |-- VBoxDetectProvname
2025-03-08 17:43:12,959 [root] DEBUG:    |-- VBoxDetectWindow
2025-03-08 17:43:12,959 [root] DEBUG:    |-- VMwareDetectDevices
2025-03-08 17:43:12,959 [root] DEBUG:    |-- VMwareDetectEvent
2025-03-08 17:43:12,959 [root] DEBUG:    |-- VMwareDetectFiles
2025-03-08 17:43:12,959 [root] DEBUG:    |-- VMwareDetectKeys
2025-03-08 17:43:12,959 [root] DEBUG:    |-- VMwareDetectLibs
2025-03-08 17:43:12,959 [root] DEBUG:    |-- VMwareDetectMutexes
2025-03-08 17:43:12,959 [root] DEBUG:    |-- VPCDetectFiles
2025-03-08 17:43:12,959 [root] DEBUG:    |-- VPCDetectKeys
2025-03-08 17:43:12,959 [root] DEBUG:    |-- VPCDetectMutex
2025-03-08 17:43:12,959 [root] DEBUG:    |-- XenDetectKeys
2025-03-08 17:43:12,959 [root] DEBUG:    |-- APISpamming
2025-03-08 17:43:12,959 [root] DEBUG:    |-- api_uuidfromstringa
2025-03-08 17:43:12,959 [root] DEBUG:    |-- AsyncRatMutex
2025-03-08 17:43:12,959 [root] DEBUG:    |-- GulpixBehavior
2025-03-08 17:43:12,959 [root] DEBUG:    |-- KetricanRegkeys
2025-03-08 17:43:12,959 [root] DEBUG:    |-- OkrumMutexes
2025-03-08 17:43:12,959 [root] DEBUG:    |-- Cridex
2025-03-08 17:43:12,959 [root] DEBUG:    |-- Geodo
2025-03-08 17:43:12,959 [root] DEBUG:    |-- Prinimalka
2025-03-08 17:43:12,959 [root] DEBUG:    |-- SpyEyeMutexes
2025-03-08 17:43:12,959 [root] DEBUG:    |-- ZeusMutexes
2025-03-08 17:43:12,959 [root] DEBUG:    |-- BCDEditCommand
2025-03-08 17:43:12,959 [root] DEBUG:    |-- BitcoinOpenCL
2025-03-08 17:43:12,959 [root] DEBUG:    |-- AccessesPrimaryPartition
2025-03-08 17:43:12,959 [root] DEBUG:    |-- Bootkit
2025-03-08 17:43:12,959 [root] DEBUG:    |-- DirectHDDAccess
2025-03-08 17:43:12,959 [root] DEBUG:    |-- EnumeratesPhysicalDrives
2025-03-08 17:43:12,959 [root] DEBUG:    |-- PhysicalDriveAccess
2025-03-08 17:43:12,959 [root] DEBUG:    |-- PotentialOverWriteMBR
2025-03-08 17:43:12,959 [root] DEBUG:    |-- SuspiciousIoctlSCSIPassthough
2025-03-08 17:43:12,959 [root] DEBUG:    |-- Ruskill
2025-03-08 17:43:12,959 [root] DEBUG:    |-- BrowserAddon
2025-03-08 17:43:12,959 [root] DEBUG:    |-- ChromiumBrowserExtensionDirectory
2025-03-08 17:43:12,959 [root] DEBUG:    |-- BrowserHelperObject
2025-03-08 17:43:12,959 [root] DEBUG:    |-- BrowserNeeded
2025-03-08 17:43:12,959 [root] DEBUG:    |-- ModifyProxy
2025-03-08 17:43:12,959 [root] DEBUG:    |-- BrowserScanbox
2025-03-08 17:43:12,959 [root] DEBUG:    |-- BrowserSecurity
2025-03-08 17:43:12,959 [root] DEBUG:    |-- browser_startpage
2025-03-08 17:43:12,959 [root] DEBUG:    |-- FirefoxDisablesProcessPerTab
2025-03-08 17:43:12,959 [root] DEBUG:    |-- IEDisablesProcessPerTab
2025-03-08 17:43:12,959 [root] DEBUG:    |-- OdbcconfBypass
2025-03-08 17:43:12,959 [root] DEBUG:    |-- RegSrv32SquiblydooDLLLoad
2025-03-08 17:43:12,959 [root] DEBUG:    |-- SquiblydooBypass
2025-03-08 17:43:12,959 [root] DEBUG:    |-- SquiblytwoBypass
2025-03-08 17:43:12,960 [root] DEBUG:    |-- BypassFirewall
2025-03-08 17:43:12,960 [root] DEBUG:    |-- ChecksUACStatus
2025-03-08 17:43:12,960 [root] DEBUG:    |-- UACBypassCMSTP
2025-03-08 17:43:12,960 [root] DEBUG:    |-- UACBypassCMSTPCOM
2025-03-08 17:43:12,960 [root] DEBUG:    |-- UACBypassDelegateExecuteSdclt
2025-03-08 17:43:12,960 [root] DEBUG:    |-- UACBypassEventvwr
2025-03-08 17:43:12,960 [root] DEBUG:    |-- UACBypassFodhelper
2025-03-08 17:43:12,960 [root] DEBUG:    |-- UACBypassWindowsBackup
2025-03-08 17:43:12,960 [root] DEBUG:    |-- CAPEExtractedContent
2025-03-08 17:43:12,960 [root] DEBUG:    |-- CarberpMutexes
2025-03-08 17:43:12,960 [root] DEBUG:    |-- ClearsLogs
2025-03-08 17:43:12,960 [root] DEBUG:    |-- ClickfraudCookies
2025-03-08 17:43:12,960 [root] DEBUG:    |-- ClickfraudVolume
2025-03-08 17:43:12,960 [root] DEBUG:    |-- CmdlineObfuscation
2025-03-08 17:43:12,960 [root] DEBUG:    |-- CmdlineSwitches
2025-03-08 17:43:12,960 [root] DEBUG:    |-- CmdlineTerminate
2025-03-08 17:43:12,960 [root] DEBUG:    |-- CommandLineForFilesWildCard
2025-03-08 17:43:12,960 [root] DEBUG:    |-- CommandLineHTTPLink
2025-03-08 17:43:12,960 [root] DEBUG:    |-- CommandLineLongString
2025-03-08 17:43:12,960 [root] DEBUG:    |-- CommandLineReversedHTTPLink
2025-03-08 17:43:12,960 [root] DEBUG:    |-- LongCommandline
2025-03-08 17:43:12,960 [root] DEBUG:    |-- PowershellRenamedCommandLine
2025-03-08 17:43:12,960 [root] DEBUG:    |-- SystemAccountDiscoveryCMD
2025-03-08 17:43:12,960 [root] DEBUG:    |-- SystemCurrentlyLoggedinUserCMD
2025-03-08 17:43:12,960 [root] DEBUG:    |-- SystemInfoDiscoveryCMD
2025-03-08 17:43:12,960 [root] DEBUG:    |-- SystemInfoDiscoveryPWSH
2025-03-08 17:43:12,960 [root] DEBUG:    |-- SystemNetworkDiscoveryCMD
2025-03-08 17:43:12,960 [root] DEBUG:    |-- SystemNetworkDiscoveryPWSH
2025-03-08 17:43:12,960 [root] DEBUG:    |-- SystemUserDiscoveryCMD
2025-03-08 17:43:12,960 [root] DEBUG:    |-- CompilesDotNetCode
2025-03-08 17:43:12,960 [root] DEBUG:    |-- QueriesComputerName
2025-03-08 17:43:12,960 [root] DEBUG:    |-- QueriesUserName
2025-03-08 17:43:12,960 [root] DEBUG:    |-- CopiesSelf
2025-03-08 17:43:12,960 [root] DEBUG:    |-- CreatesExe
2025-03-08 17:43:12,960 [root] DEBUG:    |-- CreatesLargeKey
2025-03-08 17:43:12,960 [root] DEBUG:    |-- CreatesNullValue
2025-03-08 17:43:12,960 [root] DEBUG:    |-- AccessWindowsPasswordsVault
2025-03-08 17:43:12,960 [root] DEBUG:    |-- CredWiz
2025-03-08 17:43:12,960 [root] DEBUG:    |-- EnablesWDigest
2025-03-08 17:43:12,960 [root] DEBUG:    |-- VaultCmd
2025-03-08 17:43:12,960 [root] DEBUG:    |-- DumpLSAViaWindowsErrorReporting
2025-03-08 17:43:12,960 [root] DEBUG:    |-- FileCredentialStoreAccess
2025-03-08 17:43:12,960 [root] DEBUG:    |-- FileCredentialStoreWrite
2025-03-08 17:43:12,960 [root] DEBUG:    |-- KerberosCredentialAccessViaRubeus
2025-03-08 17:43:12,960 [root] DEBUG:    |-- LsassCredentialDumping
2025-03-08 17:43:12,960 [root] DEBUG:    |-- RegistryCredentialDumping
2025-03-08 17:43:12,960 [root] DEBUG:    |-- RegistryCredentialStoreAccess
2025-03-08 17:43:12,960 [root] DEBUG:    |-- RegistryLSASecretsAccess
2025-03-08 17:43:12,960 [root] DEBUG:    |-- ComsvcsCredentialDump
2025-03-08 17:43:12,960 [root] DEBUG:    |-- CriticalProcess
2025-03-08 17:43:12,960 [root] DEBUG:    |-- CryptGenKey
2025-03-08 17:43:12,960 [root] DEBUG:    |-- CryptominingStratumCommand
2025-03-08 17:43:12,960 [root] DEBUG:    |-- MINERS
2025-03-08 17:43:12,960 [root] DEBUG:    |-- CVE_2014_6332
2025-03-08 17:43:12,961 [root] DEBUG:    |-- CVE2015_2419_JS
2025-03-08 17:43:12,961 [root] DEBUG:    |-- CVE_2016_0189
2025-03-08 17:43:12,961 [root] DEBUG:    |-- CVE_2016_7200
2025-03-08 17:43:12,961 [root] DEBUG:    |-- CypherITMutexes
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DarkCometRegkeys
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DatopLoader
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DeadConnect
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DeadLink
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DebugsSelf
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DecoyDocument
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DecoyImage
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DeepFreezeMutex
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DeletesExecutedFiles
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DeletesExecutedFiles
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DeletesSelf
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DeletesShadowCopies
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DeletesSystemStateBackup
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DEPBypass
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DEPDisable
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesAppLaunch
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesAutomaticAppTermination
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesAppVirtualiztion
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesBackups
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesBrowserWarn
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesContextMenus
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesCPLDisplay
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesCrashdumps
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesMappedDrivesAutodisconnect
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesEventLogging
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisableFolderOptions
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesNotificationCenter
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesPowerOptions
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesRestoreDefaultState
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisableRunCommand
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesSecurity
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesSmartScreen
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesSPDY
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesStartMenuSearch
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesSystemRestore
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesUAC
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesWER
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesWFP
2025-03-08 17:43:12,961 [root] DEBUG:    |-- AddWindowsDefenderExclusions
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesWindowsDefender
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesWindowsDefenderDISM
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesWindowsDefenderLogging
2025-03-08 17:43:12,961 [root] DEBUG:    |-- RemovesWindowsDefenderContextMenu
2025-03-08 17:43:12,961 [root] DEBUG:    |-- WindowsDefenderPowerShell
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesWindowsFileProtection
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesWindowsUpdate
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DisablesWindowsFirewall
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DllLoadUncommonFileTypes
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DocScriptEXEDrop
2025-03-08 17:43:12,961 [root] DEBUG:    |-- AdfindDomainEnumeration
2025-03-08 17:43:12,961 [root] DEBUG:    |-- DomainEnumerationCommands
2025-03-08 17:43:12,962 [root] DEBUG:    |-- AndromutMutexes
2025-03-08 17:43:12,962 [root] DEBUG:    |-- DownloaderCabby
2025-03-08 17:43:12,962 [root] DEBUG:    |-- GuLoaderAPIs
2025-03-08 17:43:12,962 [root] DEBUG:    |-- PhorpiexMutexes
2025-03-08 17:43:12,962 [root] DEBUG:    |-- ProtonBotMutexes
2025-03-08 17:43:12,962 [root] DEBUG:    |-- DriverFilterManager
2025-03-08 17:43:12,962 [root] DEBUG:    |-- DriverLoad
2025-03-08 17:43:12,962 [root] DEBUG:    |-- Dropper
2025-03-08 17:43:12,962 [root] DEBUG:    |-- EXEDropper_JS
2025-03-08 17:43:12,962 [root] DEBUG:    |-- dynamic_function_loading
2025-03-08 17:43:12,962 [root] DEBUG:    |-- DLLArchiveExecution
2025-03-08 17:43:12,962 [root] DEBUG:    |-- LNKArchiveExecution
2025-03-08 17:43:12,962 [root] DEBUG:    |-- ScriptArchiveExecution
2025-03-08 17:43:12,962 [root] DEBUG:    |-- EncryptedIOC
2025-03-08 17:43:12,962 [root] DEBUG:    |-- Excel4MacroUrls
2025-03-08 17:43:12,962 [root] DEBUG:    |-- Crash
2025-03-08 17:43:12,962 [root] DEBUG:    |-- ProcessCreationSuspiciousLocation
2025-03-08 17:43:12,962 [root] DEBUG:    |-- exploit_getbasekerneladdress
2025-03-08 17:43:12,962 [root] DEBUG:    |-- exploit_gethaldispatchtable
2025-03-08 17:43:12,962 [root] DEBUG:    |-- ExploitHeapspray
2025-03-08 17:43:12,962 [root] DEBUG:    |-- EscalatePrivilegeViaNTLMRelay
2025-03-08 17:43:12,962 [root] DEBUG:    |-- SpoolerAccess
2025-03-08 17:43:12,962 [root] DEBUG:    |-- SpoolerSvcStart
2025-03-08 17:43:12,962 [root] DEBUG:    |-- KoadicAPIs
2025-03-08 17:43:12,962 [root] DEBUG:    |-- KoadicNetworkActivity
2025-03-08 17:43:12,962 [root] DEBUG:    |-- Modiloader_APIs
2025-03-08 17:43:12,962 [root] DEBUG:    |-- MappedDrivesUAC
2025-03-08 17:43:12,962 [root] DEBUG:    |-- SystemMetrics
2025-03-08 17:43:12,962 [root] DEBUG:    |-- Generic_Phish
2025-03-08 17:43:12,962 [root] DEBUG:    |-- HidesRecycleBinIcon
2025-03-08 17:43:12,962 [root] DEBUG:    |-- HTTP_Request
2025-03-08 17:43:12,962 [root] DEBUG:    |-- ApocalypseStealerFileBehavior
2025-03-08 17:43:12,962 [root] DEBUG:    |-- ArkeiFiles
2025-03-08 17:43:12,962 [root] DEBUG:    |-- AzorultMutexes
2025-03-08 17:43:12,962 [root] DEBUG:    |-- BitcoinWallet
2025-03-08 17:43:12,962 [root] DEBUG:    |-- BrowserStealer
2025-03-08 17:43:12,962 [root] DEBUG:    |-- InfostealerBrowserPassword
2025-03-08 17:43:12,962 [root] DEBUG:    |-- CookiesStealer
2025-03-08 17:43:12,962 [root] DEBUG:    |-- CryptBotFiles
2025-03-08 17:43:12,962 [root] DEBUG:    |-- CryptBotNetwork
2025-03-08 17:43:12,962 [root] DEBUG:    |-- EchelonFiles
2025-03-08 17:43:12,962 [root] DEBUG:    |-- FTPStealer
2025-03-08 17:43:12,962 [root] DEBUG:    |-- IMStealer
2025-03-08 17:43:12,962 [root] DEBUG:    |-- KeyLogger
2025-03-08 17:43:12,962 [root] DEBUG:    |-- EmailStealer
2025-03-08 17:43:12,962 [root] DEBUG:    |-- MassLoggerArtifacts
2025-03-08 17:43:12,962 [root] DEBUG:    |-- MassLoggerFiles
2025-03-08 17:43:12,962 [root] DEBUG:    |-- MassLoggerVersion
2025-03-08 17:43:12,962 [root] DEBUG:    |-- PoullightFiles
2025-03-08 17:43:12,962 [root] DEBUG:    |-- PurpleWaveMutexes
2025-03-08 17:43:12,962 [root] DEBUG:    |-- PurpleWaveNetworkAcivity
2025-03-08 17:43:12,962 [root] DEBUG:    |-- QuilClipperMutexes
2025-03-08 17:43:12,962 [root] DEBUG:    |-- QuilClipperNetworkBehavior
2025-03-08 17:43:12,962 [root] DEBUG:    |-- QulabFiles
2025-03-08 17:43:12,963 [root] DEBUG:    |-- QulabMutexes
2025-03-08 17:43:12,963 [root] DEBUG:    |-- RaccoonInfoStealerMutex
2025-03-08 17:43:12,963 [root] DEBUG:    |-- raccoon
2025-03-08 17:43:12,963 [root] DEBUG:    |-- CapturesScreenshot
2025-03-08 17:43:12,963 [root] DEBUG:    |-- vidar
2025-03-08 17:43:12,963 [root] DEBUG:    |-- InjectionCRT
2025-03-08 17:43:12,963 [root] DEBUG:    |-- InjectionExplorer
2025-03-08 17:43:12,963 [root] DEBUG:    |-- InjectionExtension
2025-03-08 17:43:12,963 [root] DEBUG:    |-- InjectionNetworkTraffic
2025-03-08 17:43:12,963 [root] DEBUG:    |-- InjectionRUNPE
2025-03-08 17:43:12,963 [root] DEBUG:    |-- InjectionRWX
2025-03-08 17:43:12,963 [root] DEBUG:    |-- injection_themeinitapihook
2025-03-08 17:43:12,963 [root] DEBUG:    |-- ThreadManipulationRemoteProcess
2025-03-08 17:43:12,963 [root] DEBUG:    |-- Internet_Dropper
2025-03-08 17:43:12,963 [root] DEBUG:    |-- EscalatePrivilegeViaNamedPipe
2025-03-08 17:43:12,963 [root] DEBUG:    |-- IPC_NamedPipe
2025-03-08 17:43:12,963 [root] DEBUG:    |-- JS_Phish
2025-03-08 17:43:12,963 [root] DEBUG:    |-- JS_SuspiciousRedirect
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_EvadeExecutionViaASPNetCompiler
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_EvadeExecutionViaDeviceCredentialDeployment
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_EvadeExecutionViaFilterManagerControl
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_EvadeExecutionViaIntelGFXDownloadWrapper
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaAppVLP
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaCDB
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaInternetExplorerExporter
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaOpenSSH
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaPcalua
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaPesterPSModule
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaRunExeHelperUtility
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaScriptRunner
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaTTDinject
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryVisualStudioLiveShare
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_ExecuteMsiexecViaExplorer
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_ExecutePSViaSyncappvpublishingserver
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_ExecuteRemoteMSIViaDevinit
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_ExecuteSuspiciousPowerShellViaRunscripthelper
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_ExecuteSuspiciousPowerShellViaSQLPS
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_IndirectCommandExecutionViaConsoleWindowHost
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_PerformMaliciousActivitiesViaHeadlessBrowser
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_RegisterDLLViaCertOC
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_RegisterDLLViaMSIEXEC
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_RegisterDLLViaOdbcconf
2025-03-08 17:43:12,963 [root] DEBUG:    |-- LOLBAS_ScriptletProxyExecutionViaPubprn
2025-03-08 17:43:12,963 [root] DEBUG:    |-- malicious_dynamic_function_loading
2025-03-08 17:43:12,963 [root] DEBUG:    |-- EncryptPCInfo
2025-03-08 17:43:12,963 [root] DEBUG:    |-- EnryptDataAgentTeslaHTTP
2025-03-08 17:43:12,963 [root] DEBUG:    |-- EnryptDataAgentTeslaHTTPT2
2025-03-08 17:43:12,963 [root] DEBUG:    |-- EnryptDataNanoCore
2025-03-08 17:43:12,963 [root] DEBUG:    |-- MartiansIE
2025-03-08 17:43:12,963 [root] DEBUG:    |-- MartiansOffice
2025-03-08 17:43:12,963 [root] DEBUG:    |-- ReadsMemoryRemoteProcess
2025-03-08 17:43:12,963 [root] DEBUG:    |-- MimicsAgent
2025-03-08 17:43:12,963 [root] DEBUG:    |-- MimicsFiletime
2025-03-08 17:43:12,963 [root] DEBUG:    |-- MimicsIcon
2025-03-08 17:43:12,964 [root] DEBUG:    |-- MasqueradesProcessName
2025-03-08 17:43:12,964 [root] DEBUG:    |-- MimikatzModules
2025-03-08 17:43:12,964 [root] DEBUG:    |-- QuilMinerNetworkBehavior
2025-03-08 17:43:12,964 [root] DEBUG:    |-- AMSIBypassViaCOMRegistry
2025-03-08 17:43:12,964 [root] DEBUG:    |-- AccessAutoLogonsViaRegistry
2025-03-08 17:43:12,964 [root] DEBUG:    |-- AccessBootKeyViaRegistry
2025-03-08 17:43:12,964 [root] DEBUG:    |-- CreateSuspiciousLNKFiles
2025-03-08 17:43:12,964 [root] DEBUG:    |-- CredentialAccessViaWindowsCredentialHistory
2025-03-08 17:43:12,964 [root] DEBUG:    |-- DLLHijackingViaMicrosoftExchange
2025-03-08 17:43:12,964 [root] DEBUG:    |-- DLLHijackingViaWaaSMedicSvcCOMTypeLib
2025-03-08 17:43:12,964 [root] DEBUG:    |-- ExecuteFileDownloadedViaOpenSSH
2025-03-08 17:43:12,964 [root] DEBUG:    |-- ExecuteSafeModeFromSuspiciousProcess
2025-03-08 17:43:12,964 [root] DEBUG:    |-- ExecuteScriptsViaMicrosoftManagementConsole
2025-03-08 17:43:12,964 [root] DEBUG:    |-- ExecuteSuspiciousProcessesViaWindowsMSSQLService
2025-03-08 17:43:12,964 [root] DEBUG:    |-- ExecutionFromSelfExtractingArchive
2025-03-08 17:43:12,964 [root] DEBUG:    |-- IPAddressDiscoveryViaTrustedProgram
2025-03-08 17:43:12,964 [root] DEBUG:    |-- LoadDLLViaControlPanel
2025-03-08 17:43:12,964 [root] DEBUG:    |-- MSOfficeCMDRCE
2025-03-08 17:43:12,964 [root] DEBUG:    |-- MountCopyToWebDavShare
2025-03-08 17:43:12,964 [root] DEBUG:    |-- NetworkConnectionViaSuspiciousProcess
2025-03-08 17:43:12,964 [root] DEBUG:    |-- PotentialLocationDiscoveryViaUnusualProcess
2025-03-08 17:43:12,964 [root] DEBUG:    |-- PotentialProtocolTunnelingViaLegitUtilities
2025-03-08 17:43:12,964 [root] DEBUG:    |-- PotentialProtocolTunnelingViaQEMU
2025-03-08 17:43:12,964 [root] DEBUG:    |-- StoreExecutableRegistry
2025-03-08 17:43:12,964 [root] DEBUG:    |-- SuspiciousExecutionViaDotnetRemoting
2025-03-08 17:43:12,964 [root] DEBUG:    |-- SuspiciousExecutionViaMicrosoftExchangeTransportAgent
2025-03-08 17:43:12,964 [root] DEBUG:    |-- SuspiciousJavaExecutionViaWinScripts
2025-03-08 17:43:12,964 [root] DEBUG:    |-- SuspiciousScheduledTaskCreationviaMasqueradedXMLFile
2025-03-08 17:43:12,964 [root] DEBUG:    |-- UsesRestartManagerForSuspiciousActivities
2025-03-08 17:43:12,964 [root] DEBUG:    |-- ModifiesCerts
2025-03-08 17:43:12,964 [root] DEBUG:    |-- DotNetCLRUsageLogKnob
2025-03-08 17:43:12,964 [root] DEBUG:    |-- Modifies_HostFile
2025-03-08 17:43:12,964 [root] DEBUG:    |-- ModifiesOEMInformation
2025-03-08 17:43:12,964 [root] DEBUG:    |-- ModifySecurityCenterWarnings
2025-03-08 17:43:12,964 [root] DEBUG:    |-- ModifiesUACNotify
2025-03-08 17:43:12,964 [root] DEBUG:    |-- ModifiesDesktopWallpaper
2025-03-08 17:43:12,964 [root] DEBUG:    |-- ZoneID
2025-03-08 17:43:12,964 [root] DEBUG:    |-- move_file_on_reboot
2025-03-08 17:43:12,964 [root] DEBUG:    |-- Multiple_UA
2025-03-08 17:43:12,964 [root] DEBUG:    |-- NetworkAnomaly
2025-03-08 17:43:12,964 [root] DEBUG:    |-- NetworkBIND
2025-03-08 17:43:12,964 [root] DEBUG:    |-- NetworkCnCHTTPSArchive
2025-03-08 17:43:12,964 [root] DEBUG:    |-- NetworkCnCHTTPSFreeWebHosting
2025-03-08 17:43:12,964 [root] DEBUG:    |-- NetworkCnCHTTPSGeneric
2025-03-08 17:43:12,964 [root] DEBUG:    |-- NetworkCnCHTTPSInteractsh
2025-03-08 17:43:12,964 [root] DEBUG:    |-- NetworkCnCHTTPSOpenSource
2025-03-08 17:43:12,964 [root] DEBUG:    |-- NetworkCnCHTTPSPasteSite
2025-03-08 17:43:12,964 [root] DEBUG:    |-- NetworkCnCHTTPSPayload
2025-03-08 17:43:12,964 [root] DEBUG:    |-- NetworkCnCHTTPSServiceInterface
2025-03-08 17:43:12,964 [root] DEBUG:    |-- NetworkCnCHTTPSSocialMedia
2025-03-08 17:43:12,964 [root] DEBUG:    |-- NetworkCnCHTTPSTelegram
2025-03-08 17:43:12,964 [root] DEBUG:    |-- NetworkCnCHTTPSTempStorageSite
2025-03-08 17:43:12,964 [root] DEBUG:    |-- NetworkCnCHTTPSTempURLDNS
2025-03-08 17:43:12,965 [root] DEBUG:    |-- NetworkCnCHTTPSURLShortenerSite
2025-03-08 17:43:12,965 [root] DEBUG:    |-- NetworkCnCHTTPSUserAgent
2025-03-08 17:43:12,965 [root] DEBUG:    |-- NetworkCnCSMTPSExfil
2025-03-08 17:43:12,965 [root] DEBUG:    |-- NetworkCnCSMTPSGeneric
2025-03-08 17:43:12,965 [root] DEBUG:    |-- NetworkDNSBlockChain
2025-03-08 17:43:12,965 [root] DEBUG:    |-- NetworkDNSIDN
2025-03-08 17:43:12,965 [root] DEBUG:    |-- NetworkDNSOpenNIC
2025-03-08 17:43:12,965 [root] DEBUG:    |-- NetworkDNSPasteSite
2025-03-08 17:43:12,965 [root] DEBUG:    |-- NetworkDNSReverseProxy
2025-03-08 17:43:12,965 [root] DEBUG:    |-- NetworkDNSSuspiciousQueryType
2025-03-08 17:43:12,965 [root] DEBUG:    |-- NetworkDNSTempFileService
2025-03-08 17:43:12,965 [root] DEBUG:    |-- NetworkDNSTempURLDNS
2025-03-08 17:43:12,965 [root] DEBUG:    |-- NetworkDNSTunnelingRequest
2025-03-08 17:43:12,965 [root] DEBUG:    |-- NetworkDNSURLShortener
2025-03-08 17:43:12,965 [root] DEBUG:    |-- NetworkDOHTLS
2025-03-08 17:43:12,965 [root] DEBUG:    |-- Suspicious_TLD
2025-03-08 17:43:12,965 [root] DEBUG:    |-- NetworkDocumentHTTP
2025-03-08 17:43:12,965 [root] DEBUG:    |-- ExplorerHTTP
2025-03-08 17:43:12,965 [root] DEBUG:    |-- NetworkFakeUserAgent
2025-03-08 17:43:12,965 [root] DEBUG:    |-- LegitDomainAbuse
2025-03-08 17:43:12,965 [root] DEBUG:    |-- NetworkDocumentFile
2025-03-08 17:43:12,965 [root] DEBUG:    |-- NetworkEXE
2025-03-08 17:43:12,965 [root] DEBUG:    |-- Tor
2025-03-08 17:43:12,965 [root] DEBUG:    |-- TorHiddenService
2025-03-08 17:43:12,965 [root] DEBUG:    |-- Office_Code_Page
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficeAddinLoading
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficeCOMLoad
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficeDotNetLoad
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficeMSHTMLLoad
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficePerfKey
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficeVBLLoad
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficeWMILoad
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficeCVE201711882
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficeCVE201711882Network
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficeCVE202140444
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficeCVE202140444M2
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficeFlashLoad
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficePostScript
2025-03-08 17:43:12,965 [root] DEBUG:    |-- Office_Macro
2025-03-08 17:43:12,965 [root] DEBUG:    |-- ChangesTrustCenter_settings
2025-03-08 17:43:12,965 [root] DEBUG:    |-- DisablesVBATrustAccess
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficeMacroAutoExecution
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficeMacroIOC
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficeMacroMaliciousPredition
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficeMacroSuspicious
2025-03-08 17:43:12,965 [root] DEBUG:    |-- RTFASLRBypass
2025-03-08 17:43:12,965 [root] DEBUG:    |-- RTFAnomalyCharacterSet
2025-03-08 17:43:12,965 [root] DEBUG:    |-- RTFAnomalyVersion
2025-03-08 17:43:12,965 [root] DEBUG:    |-- RTFEmbeddedContent
2025-03-08 17:43:12,965 [root] DEBUG:    |-- RTFEmbeddedOfficeFile
2025-03-08 17:43:12,965 [root] DEBUG:    |-- RTFExploitStatic
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficeSecurity
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficeAnamalousFeature
2025-03-08 17:43:12,965 [root] DEBUG:    |-- OfficeDDECommand
2025-03-08 17:43:12,966 [root] DEBUG:    |-- OfficeSuspiciousProcesses
2025-03-08 17:43:12,966 [root] DEBUG:    |-- OfficeWriteEXE
2025-03-08 17:43:12,966 [root] DEBUG:    |-- ArmadilloMutex
2025-03-08 17:43:12,966 [root] DEBUG:    |-- ArmadilloRegKey
2025-03-08 17:43:12,966 [root] DEBUG:    |-- ADS
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PersistenceViaAutodialDLLRegistry
2025-03-08 17:43:12,966 [root] DEBUG:    |-- Autorun
2025-03-08 17:43:12,966 [root] DEBUG:    |-- Autorun_scheduler
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PersistenceSafeBoot
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PersistenceBootexecute
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PersistenceRegistryScript
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PersistenceIFEO
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PersistenceSilentProcessExit
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PersistenceRDPRegistry
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PersistenceRDPShadowing
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PersistenceService
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PersistenceShimDatabase
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PowerpoolMutexes
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PowerShellNetworkConnection
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PowerShellScriptBlockLogging
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PowershellCommandSuspicious
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PowershellDownload
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PowershellRenamed
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PowershellRequest
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PowershellReversed
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PowershellVariableObfuscation
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PreventsSafeboot
2025-03-08 17:43:12,966 [root] DEBUG:    |-- CmdlineProcessDiscovery
2025-03-08 17:43:12,966 [root] DEBUG:    |-- CreateToolhelp32SnapshotProcessModuleEnumeration
2025-03-08 17:43:12,966 [root] DEBUG:    |-- EnumeratesRunningProcesses
2025-03-08 17:43:12,966 [root] DEBUG:    |-- ProcessInterest
2025-03-08 17:43:12,966 [root] DEBUG:    |-- ProcessNeeded
2025-03-08 17:43:12,966 [root] DEBUG:    |-- MassDataEncryption
2025-03-08 17:43:12,966 [root] DEBUG:    |-- CryptoMixMutexes
2025-03-08 17:43:12,966 [root] DEBUG:    |-- DharmaMutexes
2025-03-08 17:43:12,966 [root] DEBUG:    |-- RansomwareDMALocker
2025-03-08 17:43:12,966 [root] DEBUG:    |-- RansomwareExtensions
2025-03-08 17:43:12,966 [root] DEBUG:    |-- RansomwareFileModifications
2025-03-08 17:43:12,966 [root] DEBUG:    |-- RansomwareFiles
2025-03-08 17:43:12,966 [root] DEBUG:    |-- FonixMutexes
2025-03-08 17:43:12,966 [root] DEBUG:    |-- GandCrabMutexes
2025-03-08 17:43:12,966 [root] DEBUG:    |-- GermanWiperMutexes
2025-03-08 17:43:12,966 [root] DEBUG:    |-- MedusaLockerMutexes
2025-03-08 17:43:12,966 [root] DEBUG:    |-- MedusaLockerRegkeys
2025-03-08 17:43:12,966 [root] DEBUG:    |-- RansomwareMessage
2025-03-08 17:43:12,966 [root] DEBUG:    |-- NemtyMutexes
2025-03-08 17:43:12,966 [root] DEBUG:    |-- NemtyNetworkActivity
2025-03-08 17:43:12,966 [root] DEBUG:    |-- NemtyNote
2025-03-08 17:43:12,966 [root] DEBUG:    |-- NemtyRegkeys
2025-03-08 17:43:12,966 [root] DEBUG:    |-- PYSAMutexes
2025-03-08 17:43:12,966 [root] DEBUG:    |-- RansomwareRadamant
2025-03-08 17:43:12,966 [root] DEBUG:    |-- RansomwareRecyclebin
2025-03-08 17:43:12,966 [root] DEBUG:    |-- RevilMutexes
2025-03-08 17:43:12,966 [root] DEBUG:    |-- RevilRegkey
2025-03-08 17:43:12,966 [root] DEBUG:    |-- SatanMutexes
2025-03-08 17:43:12,967 [root] DEBUG:    |-- SnakeRansomMutexes
2025-03-08 17:43:12,967 [root] DEBUG:    |-- sodinokibi
2025-03-08 17:43:12,967 [root] DEBUG:    |-- StopRansomMutexes
2025-03-08 17:43:12,967 [root] DEBUG:    |-- StopRansomwareCMD
2025-03-08 17:43:12,967 [root] DEBUG:    |-- StopRansomwareRegistry
2025-03-08 17:43:12,967 [root] DEBUG:    |-- RansomwareSTOPDJVU
2025-03-08 17:43:12,967 [root] DEBUG:    |-- BeebusMutexes
2025-03-08 17:43:12,967 [root] DEBUG:    |-- BlackNETMutexes
2025-03-08 17:43:12,967 [root] DEBUG:    |-- BlackRATAPIs
2025-03-08 17:43:12,967 [root] DEBUG:    |-- BlackRATMutexes
2025-03-08 17:43:12,967 [root] DEBUG:    |-- BlackRATNetworkActivity
2025-03-08 17:43:12,967 [root] DEBUG:    |-- BlackRATRegistryKeys
2025-03-08 17:43:12,967 [root] DEBUG:    |-- CRATMutexes
2025-03-08 17:43:12,967 [root] DEBUG:    |-- DCRatAPIs
2025-03-08 17:43:12,967 [root] DEBUG:    |-- DCRatFiles
2025-03-08 17:43:12,967 [root] DEBUG:    |-- DCRatMutex
2025-03-08 17:43:12,967 [root] DEBUG:    |-- FynloskiMutexes
2025-03-08 17:43:12,967 [root] DEBUG:    |-- KaraganyEventObjects
2025-03-08 17:43:12,967 [root] DEBUG:    |-- KaraganyFiles
2025-03-08 17:43:12,967 [root] DEBUG:    |-- LimeRATMutexes
2025-03-08 17:43:12,967 [root] DEBUG:    |-- LimeRATRegkeys
2025-03-08 17:43:12,967 [root] DEBUG:    |-- LodaRATFileBehavior
2025-03-08 17:43:12,967 [root] DEBUG:    |-- LuminosityRAT
2025-03-08 17:43:12,967 [root] DEBUG:    |-- ModiRATBehavior
2025-03-08 17:43:12,967 [root] DEBUG:    |-- NanocoreRAT
2025-03-08 17:43:12,967 [root] DEBUG:    |-- netwire
2025-03-08 17:43:12,967 [root] DEBUG:    |-- NjratRegkeys
2025-03-08 17:43:12,967 [root] DEBUG:    |-- ObliquekRATFiles
2025-03-08 17:43:12,967 [root] DEBUG:    |-- ObliquekRATMutexes
2025-03-08 17:43:12,967 [root] DEBUG:    |-- ObliquekRATNetworkActivity
2025-03-08 17:43:12,967 [root] DEBUG:    |-- OrcusRAT
2025-03-08 17:43:12,967 [root] DEBUG:    |-- ParallaxMutexes
2025-03-08 17:43:12,967 [root] DEBUG:    |-- PcClientMutexes
2025-03-08 17:43:12,967 [root] DEBUG:    |-- PlugxMutexes
2025-03-08 17:43:12,967 [root] DEBUG:    |-- PoisonIvyMutexes
2025-03-08 17:43:12,967 [root] DEBUG:    |-- QuasarMutexes
2025-03-08 17:43:12,967 [root] DEBUG:    |-- RatsnifMutexes
2025-03-08 17:43:12,967 [root] DEBUG:    |-- SennaMutexes
2025-03-08 17:43:12,967 [root] DEBUG:    |-- SpynetRat
2025-03-08 17:43:12,967 [root] DEBUG:    |-- TrochilusRATAPIs
2025-03-08 17:43:12,967 [root] DEBUG:    |-- VenomRAT
2025-03-08 17:43:12,967 [root] DEBUG:    |-- WarzoneRATFiles
2025-03-08 17:43:12,967 [root] DEBUG:    |-- WarzoneRATRegkeys
2025-03-08 17:43:12,967 [root] DEBUG:    |-- XpertRATFiles
2025-03-08 17:43:12,967 [root] DEBUG:    |-- XpertRATMutexes
2025-03-08 17:43:12,967 [root] DEBUG:    |-- XtremeMutexes
2025-03-08 17:43:12,967 [root] DEBUG:    |-- ReadsSelf
2025-03-08 17:43:12,967 [root] DEBUG:    |-- Recon_Beacon
2025-03-08 17:43:12,967 [root] DEBUG:    |-- Fingerprint
2025-03-08 17:43:12,967 [root] DEBUG:    |-- InstalledApps
2025-03-08 17:43:12,967 [root] DEBUG:    |-- SystemInfo
2025-03-08 17:43:12,967 [root] DEBUG:    |-- Accesses_RecycleBin
2025-03-08 17:43:12,967 [root] DEBUG:    |-- RemcosFiles
2025-03-08 17:43:12,968 [root] DEBUG:    |-- RemcosMutexes
2025-03-08 17:43:12,968 [root] DEBUG:    |-- RemcosRegkeys
2025-03-08 17:43:12,968 [root] DEBUG:    |-- RemcosShellCodeDynamicWrapperX
2025-03-08 17:43:12,968 [root] DEBUG:    |-- RDPTCPKey
2025-03-08 17:43:12,968 [root] DEBUG:    |-- UsesRDPClip
2025-03-08 17:43:12,968 [root] DEBUG:    |-- UsesRemoteDesktopSession
2025-03-08 17:43:12,968 [root] DEBUG:    |-- RemovesNetworkingIcon
2025-03-08 17:43:12,968 [root] DEBUG:    |-- RemovesPinnedPrograms
2025-03-08 17:43:12,968 [root] DEBUG:    |-- RemovesSecurityAndMaintenanceIcon
2025-03-08 17:43:12,968 [root] DEBUG:    |-- RemovesStartMenuDefaults
2025-03-08 17:43:12,968 [root] DEBUG:    |-- RemovesUsernameStartMenu
2025-03-08 17:43:12,968 [root] DEBUG:    |-- RemovesZoneIdADS
2025-03-08 17:43:12,968 [root] DEBUG:    |-- SpicyHotPotBehavior
2025-03-08 17:43:12,968 [root] DEBUG:    |-- ScriptCreatedProcess
2025-03-08 17:43:12,968 [root] DEBUG:    |-- ScriptNetworkActvity
2025-03-08 17:43:12,968 [root] DEBUG:    |-- SuspiciousJSScript
2025-03-08 17:43:12,968 [root] DEBUG:    |-- JavaScriptTimer
2025-03-08 17:43:12,968 [root] DEBUG:    |-- Secure_Login_Phish
2025-03-08 17:43:12,968 [root] DEBUG:    |-- SecurityXploded_Modules
2025-03-08 17:43:12,968 [root] DEBUG:    |-- GetClipboardData
2025-03-08 17:43:12,968 [root] DEBUG:    |-- SetsAutoconfigURL
2025-03-08 17:43:12,968 [root] DEBUG:    |-- InstallsWinpcap
2025-03-08 17:43:12,968 [root] DEBUG:    |-- SpoofsProcname
2025-03-08 17:43:12,968 [root] DEBUG:    |-- CreatesAutorunInf
2025-03-08 17:43:12,968 [root] DEBUG:    |-- StackPivot
2025-03-08 17:43:12,968 [root] DEBUG:    |-- StackPivotFileCreated
2025-03-08 17:43:12,968 [root] DEBUG:    |-- StackPivotProcessCreate
2025-03-08 17:43:12,968 [root] DEBUG:    |-- StealingClipboardData
2025-03-08 17:43:12,968 [root] DEBUG:    |-- StealthChildProc
2025-03-08 17:43:12,968 [root] DEBUG:    |-- StealthFile
2025-03-08 17:43:12,968 [root] DEBUG:    |-- StealthHiddenExtension
2025-03-08 17:43:12,968 [root] DEBUG:    |-- StealthHiddenReg
2025-03-08 17:43:12,968 [root] DEBUG:    |-- StealthHideNotifications
2025-03-08 17:43:12,968 [root] DEBUG:    |-- StealthSystemProcName
2025-03-08 17:43:12,968 [root] DEBUG:    |-- StealthTimeout
2025-03-08 17:43:12,968 [root] DEBUG:    |-- StealthWebHistory
2025-03-08 17:43:12,968 [root] DEBUG:    |-- Hidden_Window
2025-03-08 17:43:12,968 [root] DEBUG:    |-- sysinternals_psexec
2025-03-08 17:43:12,968 [root] DEBUG:    |-- sysinternals_tools
2025-03-08 17:43:12,968 [root] DEBUG:    |-- LanguageCheckReg
2025-03-08 17:43:12,968 [root] DEBUG:    |-- QueriesKeyboardLayout
2025-03-08 17:43:12,968 [root] DEBUG:    |-- QueriesLocaleAPI
2025-03-08 17:43:12,968 [root] DEBUG:    |-- TampersETW
2025-03-08 17:43:12,968 [root] DEBUG:    |-- LSATampering
2025-03-08 17:43:12,968 [root] DEBUG:    |-- TampersPowerShellLogging
2025-03-08 17:43:12,968 [root] DEBUG:    |-- Flame
2025-03-08 17:43:12,968 [root] DEBUG:    |-- TerminatesRemoteProcess
2025-03-08 17:43:12,968 [root] DEBUG:    |-- TerritorialDisputeSIGs
2025-03-08 17:43:12,968 [root] DEBUG:    |-- TrickBotTaskDelete
2025-03-08 17:43:12,968 [root] DEBUG:    |-- TrickBotMutexes
2025-03-08 17:43:12,968 [root] DEBUG:    |-- FleerCivetMutexes
2025-03-08 17:43:12,968 [root] DEBUG:    |-- LokibotMutexes
2025-03-08 17:43:12,968 [root] DEBUG:    |-- UrsnifBehavior
2025-03-08 17:43:12,968 [root] DEBUG:    |-- UpatreFiles
2025-03-08 17:43:12,969 [root] DEBUG:    |-- UpatreMutexes
2025-03-08 17:43:12,969 [root] DEBUG:    |-- UserEnum
2025-03-08 17:43:12,969 [root] DEBUG:    |-- ADFind
2025-03-08 17:43:12,969 [root] DEBUG:    |-- UsesMSProtocol
2025-03-08 17:43:12,969 [root] DEBUG:    |-- Virus
2025-03-08 17:43:12,969 [root] DEBUG:    |-- NeshtaFiles
2025-03-08 17:43:12,969 [root] DEBUG:    |-- NeshtaMutexes
2025-03-08 17:43:12,969 [root] DEBUG:    |-- NeshtaRegKeys
2025-03-08 17:43:12,969 [root] DEBUG:    |-- RenamerMutexes
2025-03-08 17:43:12,969 [root] DEBUG:    |-- Webmail_Phish
2025-03-08 17:43:12,969 [root] DEBUG:    |-- OWAWebShellFiles
2025-03-08 17:43:12,969 [root] DEBUG:    |-- WebShellFiles
2025-03-08 17:43:12,969 [root] DEBUG:    |-- WebShellProcesses
2025-03-08 17:43:12,969 [root] DEBUG:    |-- PersistsDotNetDevUtility
2025-03-08 17:43:12,969 [root] DEBUG:    |-- SpwansDotNetDevUtiliy
2025-03-08 17:43:12,969 [root] DEBUG:    |-- AltersWindowsUtility
2025-03-08 17:43:12,969 [root] DEBUG:    |-- DotNETCSCBuild
2025-03-08 17:43:12,969 [root] DEBUG:    |-- MavInjectLolbin
2025-03-08 17:43:12,969 [root] DEBUG:    |-- MultipleExplorerInstances
2025-03-08 17:43:12,969 [root] DEBUG:    |-- OverwritesAccessibilityUtility
2025-03-08 17:43:12,969 [root] DEBUG:    |-- PotentialLateralMovementViaSMBEXEC
2025-03-08 17:43:12,969 [root] DEBUG:    |-- PotentialWebShellViaScreenConnectServer
2025-03-08 17:43:12,969 [root] DEBUG:    |-- ScriptToolExecuted
2025-03-08 17:43:12,969 [root] DEBUG:    |-- SuspiciousCertutilUse
2025-03-08 17:43:12,969 [root] DEBUG:    |-- SuspiciousCommandTools
2025-03-08 17:43:12,969 [root] DEBUG:    |-- SuspiciousMpCmdRunUse
2025-03-08 17:43:12,969 [root] DEBUG:    |-- SuspiciousPingUse
2025-03-08 17:43:12,969 [root] DEBUG:    |-- UsesMicrosoftHTMLHelpExecutable
2025-03-08 17:43:12,969 [root] DEBUG:    |-- UsesPowerShellCopyItem
2025-03-08 17:43:12,969 [root] DEBUG:    |-- UsesWindowsUtilities
2025-03-08 17:43:12,969 [root] DEBUG:    |-- UsesWindowsUtilitiesAppCmd
2025-03-08 17:43:12,969 [root] DEBUG:    |-- UsesWindowsUtilitiesCSVDELDFIDE
2025-03-08 17:43:12,969 [root] DEBUG:    |-- UsesWindowsUtilitiesCipher
2025-03-08 17:43:12,969 [root] DEBUG:    |-- UsesWindowsUtilitiesClickOnce
2025-03-08 17:43:12,969 [root] DEBUG:    |-- UsesWindowsUtilitiesCurl
2025-03-08 17:43:12,969 [root] DEBUG:    |-- UsesWindowsUtilitiesDSQuery
2025-03-08 17:43:12,969 [root] DEBUG:    |-- UsesWindowsUtilitiesEsentutl
2025-03-08 17:43:12,969 [root] DEBUG:    |-- UsesWindowsUtilitiesFinger
2025-03-08 17:43:12,969 [root] DEBUG:    |-- UsesWindowsUtilitiesMode
2025-03-08 17:43:12,969 [root] DEBUG:    |-- UsesWindowsUtilitiesNTDSutil
2025-03-08 17:43:12,969 [root] DEBUG:    |-- UsesWindowsUtilitiesNltest
2025-03-08 17:43:12,969 [root] DEBUG:    |-- UsesWindowsUtilitiesScheduler
2025-03-08 17:43:12,969 [root] DEBUG:    |-- UsesWindowsUtilitiesXcopy
2025-03-08 17:43:12,969 [root] DEBUG:    |-- WMICCommandSuspicious
2025-03-08 17:43:12,969 [root] DEBUG:    |-- WiperZeroedBytes
2025-03-08 17:43:12,969 [root] DEBUG:    |-- ScrconsWMIScriptConsumer
2025-03-08 17:43:12,969 [root] DEBUG:    |-- WMICreateProcess
2025-03-08 17:43:12,969 [root] DEBUG:    |-- WMIScriptProcess
2025-03-08 17:43:12,969 [root] DEBUG:    |-- Win32ProcessCreate
2025-03-08 17:43:12,969 [root] DEBUG:    |-- AllapleMutexes
2025-03-08 17:43:12,969 [root] DEBUG:    |-- LinuxDeletesFiles
2025-03-08 17:43:12,969 [root] DEBUG:    |-- LinuxDropsFiles
2025-03-08 17:43:12,969 [root] DEBUG:    |-- LinuxReadsFiles
2025-03-08 17:43:12,970 [root] DEBUG:    `-- LinuxWritesFiles
2025-03-08 17:43:12,970 [root] DEBUG: Imported "reporting" modules:
2025-03-08 17:43:12,970 [root] DEBUG:    |-- BinGraph
2025-03-08 17:43:12,970 [root] DEBUG:    |-- CAPASummary
2025-03-08 17:43:12,970 [root] DEBUG:    |-- JsonDump
2025-03-08 17:43:12,970 [root] DEBUG:    |-- MongoDB
2025-03-08 17:43:12,970 [root] DEBUG:    |-- PCAP2CERT
2025-03-08 17:43:12,970 [root] DEBUG:    |-- ReportHTML
2025-03-08 17:43:12,970 [root] DEBUG:    |-- ReportHTMLSummary
2025-03-08 17:43:12,970 [root] DEBUG:    `-- ReportPDF
2025-03-08 17:43:12,970 [root] DEBUG: Imported "feeds" modules:
2025-03-08 17:43:12,970 [root] DEBUG:    `-- AbuseCH_SSL
2025-03-08 17:43:12,970 [root] DEBUG: Imported "machinery" modules:
2025-03-08 17:43:12,970 [root] DEBUG:    `-- Proxmox
2025-03-08 17:43:12,970 [Task 23] [root] DEBUG: Processing task
2025-03-08 17:43:12,980 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "AnalysisInfo" on analysis at "/opt/CAPEv2/storage/analyses/23"
2025-03-08 17:43:12,987 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Processing module autoruns not found in configuration file
2025-03-08 17:43:12,988 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "BehaviorAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/23"
2025-03-08 17:43:12,988 [Task 23] [modules.processing.behavior] WARNING: Analysis results folder does not exist at path "/opt/CAPEv2/storage/analyses/23/logs"
2025-03-08 17:43:12,989 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Debug" on analysis at "/opt/CAPEv2/storage/analyses/23"
2025-03-08 17:43:12,990 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Processing module hollowshunter not found in configuration file
2025-03-08 17:43:12,990 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "NetworkAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/23"
2025-03-08 17:43:12,990 [Task 23] [modules.processing.network] DEBUG: The PCAP file does not exist at path "/opt/CAPEv2/storage/analyses/23/dump.pcap"
2025-03-08 17:43:12,990 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Suricata" on analysis at "/opt/CAPEv2/storage/analyses/23"
2025-03-08 17:43:12,990 [Task 23] [modules.processing.suricata] DEBUG: Unable to Run Suricata: Pcap file /opt/CAPEv2/storage/analyses/23/dump.pcap does not exist. Did you run analysis with live connection?
2025-03-08 17:43:12,990 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Sysmon" on analysis at "/opt/CAPEv2/storage/analyses/23"
2025-03-08 17:43:12,991 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "UrlAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/23"
2025-03-08 17:43:12,991 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "script_log_processing" on analysis at "/opt/CAPEv2/storage/analyses/23"
2025-03-08 17:43:12,991 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "ProcessMemory" on analysis at "/opt/CAPEv2/storage/analyses/23"
2025-03-08 17:43:13,064 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Applying signature overlays for signatures: creates_exe
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running 285 evented signatures
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- packer_themida
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- stealth_network
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- disable_driver_via_blocklist
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- disable_driver_via_hvcidisallowedimages
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- disable_hypervisor_protected_code_integrity
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- pendingfilerenameoperations_Operations
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- anomalous_deletefile
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_360_libs
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_ahnlab_libs
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_avast_libs
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_bitdefender_libs
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_bullgaurd_libs
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_emsisoft_libs
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_qurb_libs
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_servicestop
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_addvectoredexceptionhandler
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_apioverride_libs
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_checkremotedebuggerpresent
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_debugactiveprocess
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_gettickcount
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_guardpages
2025-03-08 17:43:13,066 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_ntcreatethreadex
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_nthookengine_libs
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_ntsetinformationthread
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_outputdebugstring
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_setunhandledexceptionfilter
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_windows
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiemu_wine_func
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_check_userdomain
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_cuckoo
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_cuckoocrash
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_foregroundwindows
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_mouse_hook
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_restart
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_sboxie_libs
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_sboxie_objects
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_script_timer
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_sleep
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_sunbelt_libs
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_suspend
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_unhook
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_directory_objects
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_generic_disk
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_generic_disk_setupapi
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_generic_scsi
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_generic_services
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_generic_system
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_checks_available_memory
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_network_adapters
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- detect_virtualization_via_recent_files
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_vbox_libs
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_vbox_provname
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_vbox_window
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_vmware_events
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_vmware_libs
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- api_spamming
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- api_uuidfromstringa
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- banker_prinimalka
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- bcdedit_command
2025-03-08 17:43:13,067 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- bootkit
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- potential_overwrite_mbr
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- suspicious_ioctl_scsipassthough
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- browser_needed
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- browser_scanbox
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- firefox_disables_process_tab
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- regsvr32_squiblydoo_dll_load
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- uac_bypass_cmstp
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- uac_bypass_eventvwr
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- uac_bypass_windows_Backup
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- clickfraud_cookies
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- clickfraud_volume
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- queries_computer_name
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- queries_user_name
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- creates_largekey
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- creates_nullvalue
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- access_windows_passwords_vault
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dump_lsa_via_windows_error_reporting
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- lsass_credential_dumping
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- critical_process
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- generates_crypto_key
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- cryptopool_domains
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- cve_2014_6332
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- cve_2015_2419_js
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- cve_2016-0189
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- cve_2016_7200
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dead_connect
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dead_link
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- debugs_self
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- decoy_image
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- deletes_consolehost_history
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- deletes_self
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- deletes_shadow_copies
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- deletes_system_state_backup
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dep_bypass
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dep_disable
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- disables_mappeddrives_autodisconnect
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- disables_spdy
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- disables_wfp
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- add_windows_defender_exclusions
2025-03-08 17:43:13,068 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dll_load_uncommon_file_types
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- document_script_exe_drop
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- guloader_apis
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- driver_load
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dynamic_function_loading
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- exec_crash
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- process_creation_suspicious_location
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- exploit_getbasekerneladdress
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- exploit_gethaldispatchtable
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- exploit_heapspray
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- koadic_apis
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- koadic_network_activity
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- downloads_from_filehosting
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- generic_phish
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- http_request
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- infostealer_browser
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- infostealer_browser_password
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- infostealer_cookies
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- cryptbot_network
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- infostealer_keylog
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- masslogger_artifacts
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- masslogger_version
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- purplewave_network_activity
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- quilclipper_behavior
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- raccoon_behavior
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- captures_screenshot
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- vidar_behavior
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- injection_createremotethread
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- injection_explorer
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- injection_needextension
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- injection_network_traffic
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- injection_runpe
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- injection_themeinitapihook
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- resumethread_remote_process
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- internet_dropper
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- escalate_privilege_via_named_pipe
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- ipc_namedpipe
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- js_phish
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- js_suspicious_redirect
2025-03-08 17:43:13,069 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_binary_via_internet_explorer_exporter
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_binary_via_run_exe_helper_utility
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_ps_via_syncappvpublishingserver
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- malicious_dynamic_function_loading
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- encrypt_pcinfo
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- encrypt_data_agenttesla_http
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- encrypt_data_agentteslat2_http
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- encrypt_data_nanocore
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- reads_memory_remote_process
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- mimics_filetime
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- quilclipper_behavior
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- amsi_bypass_via_com_registry
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- access_auto_logons_via_registry
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- access_boot_key_via_registry
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- create_suspicious_lnk_files
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- credential_access_via_windows_credential_history
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dll_hijacking_via_microsoft_exchange
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dll_hijacking_via_waas_medic_svc_com_typelib
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_file_downloaded_via_openssh
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_safe_mode_from_suspicious_process
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_scripts_via_microsoft_management_console
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_suspicious_processes_via_windows_mssql_service
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- execution_from_self_extracting_archive
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- ip_address_discovery_via_trusted_program
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- load_dll_via_control_panel
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_connection_via_suspicious_process
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- potential_location_discovery_via_unusual_process
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- store_executable_registry
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- Suspicious_Execution_Via_MicrosoftExchangeTransportAgent
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- suspicious_java_execution_via_win_scripts
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- Suspicious_Scheduled_Task_Creation_Via_Masqueraded_XML_File
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- uses_restart_manager_for_suspicious_activities
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- modify_desktop_wallpaper
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- modify_zoneid_ads
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- move_file_on_reboot
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- multiple_useragents
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_anomaly
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_bind
2025-03-08 17:43:13,070 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_archive
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_free_webshoting
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_generic
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_temp_urldns
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_opensource
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_pastesite
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_payload
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_serviceinterface
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_socialmedia
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_telegram
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_tempstorage
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_temp_urldns
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_urlshortener
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_useragent
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_smtps_exfil
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_smtps_generic
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_dns_idn
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_dns_suspicious_querytype
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_dns_tunneling_request
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- explorer_http
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_fake_useragent
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- legitimate_domain_abuse
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_downloader_exe
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_tor
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_com_load
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_dotnet_load
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_mshtml_load
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_vb_load
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_wmi_load
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_cve2017_11882_network
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_cve_2021_40444
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_cve_2021_40444_m2
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_flash_load
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_postscript
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_suspicious_processes
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- persistence_via_autodial_dll_registry
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- persistence_autorun
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- persistence_autorun_tasks
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- persistence_bootexecute
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- persistence_registry_script
2025-03-08 17:43:13,071 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- powershell_download
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- powershell_request
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- createtoolhelp32snapshot_module_enumeration
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- enumerates_running_processes
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- process_interest
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- process_needed
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- mass_data_encryption
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- ransomware_dmalocker
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- ransomware_file_modifications
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- ransomware_message
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- nemty_network_activity
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- nemty_note
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- sodinokibi_behavior
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- stop_ransomware_registry
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- blackrat_apis
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- blackrat_network_activity
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- blackrat_registry_keys
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dcrat_behavior
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- karagany_system_event_objects
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- rat_luminosity
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- rat_nanocore
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- netwire_behavior
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- obliquerat_network_activity
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- orcusrat_behavior
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- trochilusrat_apis
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- recon_beacon
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- recon_programs
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- recon_systeminfo
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- accesses_recyclebin
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- remcos_shell_code_dynamic_wrapper_x
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- removes_zoneid_ads
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- script_created_process
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- script_network_activity
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- suspicious_js_script
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- javascript_timer
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- secure_login_phishing
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- securityxploded_modules
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- get_clipboard_data
2025-03-08 17:43:13,072 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- sets_autoconfig_url
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- spoofs_procname
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- stack_pivot
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- stack_pivot_file_created
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- stack_pivot_process_create
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- set_clipboard_data
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- stealth_childproc
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- stealth_system_procname
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- stealth_timeout
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- stealth_window
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- queries_keyboard_layout
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- queries_locale_api
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- terminates_remote_process
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- trickbot_task_delete
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- user_enum
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- virus
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- neshta_files
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- neshta_regkeys
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- webmail_phish
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- persists_dev_util
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- spawns_dev_util
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- alters_windows_utility
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- overwrites_accessibility_utility
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- Potential_Lateral_Movement_Via_SMBEXEC
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- potential_WebShell_Via_ScreenConnectServer
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- uses_Microsoft_HTML_Help_Executable
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- uses_windows_utilities_to_create_scheduled_task
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- wiper_zeroedbytes
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- wmi_create_process
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- wmi_script_process
2025-03-08 17:43:13,073 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       `-- win32_process_create
2025-03-08 17:43:13,076 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Failed to run signature "uac_bypass_windows_Backup": 'NoneType' object is not iterable
2025-03-08 17:43:13,085 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running non-evented signatures
2025-03-08 17:43:13,085 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_tls_section"
2025-03-08 17:43:13,085 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivirus_clamav"
2025-03-08 17:43:13,085 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivirus_virustotal"
2025-03-08 17:43:13,085 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_certs"
2025-03-08 17:43:13,085 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_ssl_certs"
2025-03-08 17:43:13,085 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_p2p"
2025-03-08 17:43:13,085 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_url"
2025-03-08 17:43:13,085 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "binary_yara"
2025-03-08 17:43:13,085 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Failed to run signature "binary_yara": 'target'
2025-03-08 17:43:13,086 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_athenahttp"
2025-03-08 17:43:13,086 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_dirtjumper"
2025-03-08 17:43:13,086 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive"
2025-03-08 17:43:13,086 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive2"
2025-03-08 17:43:13,086 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_madness"
2025-03-08 17:43:13,086 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "phishing_kit_detected"
2025-03-08 17:43:13,086 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "phishing_kit_detected"
2025-03-08 17:43:13,086 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "phishing_kit_detected"
2025-03-08 17:43:13,087 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "family_proxyback"
2025-03-08 17:43:13,087 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_antianalysis"
2025-03-08 17:43:13,087 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_collection"
2025-03-08 17:43:13,087 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_communication"
2025-03-08 17:43:13,087 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_compiler"
2025-03-08 17:43:13,087 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_datamanipulation"
2025-03-08 17:43:13,087 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_executable"
2025-03-08 17:43:13,087 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_hostinteraction"
2025-03-08 17:43:13,087 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_impact"
2025-03-08 17:43:13,087 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_lib"
2025-03-08 17:43:13,087 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_linking"
2025-03-08 17:43:13,087 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_loadcode"
2025-03-08 17:43:13,087 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_malwarefamily"
2025-03-08 17:43:13,088 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_nursery"
2025-03-08 17:43:13,088 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_persistence"
2025-03-08 17:43:13,088 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_runtime"
2025-03-08 17:43:13,088 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_targeting"
2025-03-08 17:43:13,088 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "threatfox"
2025-03-08 17:43:13,088 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "log4shell"
2025-03-08 17:43:13,088 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_extension"
2025-03-08 17:43:13,088 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_ip_exe"
2025-03-08 17:43:13,088 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga"
2025-03-08 17:43:13,088 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga_fraunhofer"
2025-03-08 17:43:13,088 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dyndns"
2025-03-08 17:43:13,088 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_icmp"
2025-03-08 17:43:13,088 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_irc"
2025-03-08 17:43:13,089 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_open_proxy"
2025-03-08 17:43:13,089 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_smtp"
2025-03-08 17:43:13,089 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_torgateway"
2025-03-08 17:43:13,089 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_langid"
2025-03-08 17:43:13,089 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_resource_langid"
2025-03-08 17:43:13,089 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "overlay"
2025-03-08 17:43:13,089 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_unknown_pe_section_name"
2025-03-08 17:43:13,089 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspack"
2025-03-08 17:43:13,089 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspirecrypt"
2025-03-08 17:43:13,089 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_bedsprotector"
2025-03-08 17:43:13,089 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_confuser"
2025-03-08 17:43:13,089 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_enigma"
2025-03-08 17:43:13,089 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_entropy"
2025-03-08 17:43:13,090 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_mpress"
2025-03-08 17:43:13,090 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nate"
2025-03-08 17:43:13,090 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nspack"
2025-03-08 17:43:13,090 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_smartassembly"
2025-03-08 17:43:13,090 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_spices"
2025-03-08 17:43:13,090 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_themida"
2025-03-08 17:43:13,090 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_titan"
2025-03-08 17:43:13,090 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_upx"
2025-03-08 17:43:13,090 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_vmprotect"
2025-03-08 17:43:13,090 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_yoda"
2025-03-08 17:43:13,090 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "punch_plus_plus_pcres"
2025-03-08 17:43:13,090 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "procmem_yara"
2025-03-08 17:43:13,090 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_checkip"
2025-03-08 17:43:13,090 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_authenticode"
2025-03-08 17:43:13,091 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "invalid_authenticode_signature"
2025-03-08 17:43:13,091 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_dotnet_anomaly"
2025-03-08 17:43:13,091 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_java"
2025-03-08 17:43:13,091 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pdf"
2025-03-08 17:43:13,091 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "contains_pe_overlay"
2025-03-08 17:43:13,091 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_anomaly"
2025-03-08 17:43:13,091 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "pe_compile_timestomping"
2025-03-08 17:43:13,091 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_pdbpath"
2025-03-08 17:43:13,091 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_rat_config"
2025-03-08 17:43:13,091 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_versioninfo_anomaly"
2025-03-08 17:43:13,091 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suricata_alert"
2025-03-08 17:43:13,091 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_html_body"
2025-03-08 17:43:13,091 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_html_name"
2025-03-08 17:43:13,091 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_html_title"
2025-03-08 17:43:13,092 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_devicetree_1"
2025-03-08 17:43:13,092 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_handles_1"
2025-03-08 17:43:13,092 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_1"
2025-03-08 17:43:13,092 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_2"
2025-03-08 17:43:13,092 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_1"
2025-03-08 17:43:13,092 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_2"
2025-03-08 17:43:13,092 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_modscan_1"
2025-03-08 17:43:13,092 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_1"
2025-03-08 17:43:13,092 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_2"
2025-03-08 17:43:13,092 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_3"
2025-03-08 17:43:13,092 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "whois_create"
2025-03-08 17:43:13,092 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_mailslot"
2025-03-08 17:43:13,093 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_netlogon_regkey"
2025-03-08 17:43:13,093 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_public_folder"
2025-03-08 17:43:13,093 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_sysvol"
2025-03-08 17:43:13,093 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "writes_sysvol"
2025-03-08 17:43:13,093 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "adds_admin_user"
2025-03-08 17:43:13,093 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "adds_user"
2025-03-08 17:43:13,093 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "overwrites_admin_password"
2025-03-08 17:43:13,093 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectfile"
2025-03-08 17:43:13,094 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectreg"
2025-03-08 17:43:13,094 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_attachment_manager"
2025-03-08 17:43:13,095 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectfile"
2025-03-08 17:43:13,095 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectreg"
2025-03-08 17:43:13,096 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_srp"
2025-03-08 17:43:13,097 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_whitespace"
2025-03-08 17:43:13,097 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_devices"
2025-03-08 17:43:13,097 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_windefend"
2025-03-08 17:43:13,097 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_reg"
2025-03-08 17:43:13,097 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoo_files"
2025-03-08 17:43:13,097 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_fortinet_files"
2025-03-08 17:43:13,097 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_joe_anubis_files"
2025-03-08 17:43:13,097 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_mutex"
2025-03-08 17:43:13,098 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_files"
2025-03-08 17:43:13,098 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_threattrack_files"
2025-03-08 17:43:13,098 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_bochs_keys"
2025-03-08 17:43:13,098 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_bios"
2025-03-08 17:43:13,098 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_cpu"
2025-03-08 17:43:13,098 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_diskreg"
2025-03-08 17:43:13,098 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_hyperv_keys"
2025-03-08 17:43:13,098 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_parallels_keys"
2025-03-08 17:43:13,098 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_devices"
2025-03-08 17:43:13,099 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_files"
2025-03-08 17:43:13,099 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_keys"
2025-03-08 17:43:13,099 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_devices"
2025-03-08 17:43:13,099 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_files"
2025-03-08 17:43:13,099 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_keys"
2025-03-08 17:43:13,100 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_mutexes"
2025-03-08 17:43:13,100 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_files"
2025-03-08 17:43:13,100 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_keys"
2025-03-08 17:43:13,100 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_mutex"
2025-03-08 17:43:13,100 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_xen_keys"
2025-03-08 17:43:13,100 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "asyncrat_mutex"
2025-03-08 17:43:13,100 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "gulpix_behavior"
2025-03-08 17:43:13,101 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ketrican_regkeys"
2025-03-08 17:43:13,101 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "okrum_mutexes"
2025-03-08 17:43:13,101 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_cridex"
2025-03-08 17:43:13,101 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "geodo_banking_trojan"
2025-03-08 17:43:13,101 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_spyeye_mutexes"
2025-03-08 17:43:13,102 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_mutex"
2025-03-08 17:43:13,102 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bitcoin_opencl"
2025-03-08 17:43:13,102 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_primary_patition"
2025-03-08 17:43:13,102 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "direct_hdd_access"
2025-03-08 17:43:13,102 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "enumerates_physical_drives"
2025-03-08 17:43:13,102 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "physical_drive_access"
2025-03-08 17:43:13,102 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_russkill"
2025-03-08 17:43:13,102 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_addon"
2025-03-08 17:43:13,102 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "chromium_browser_extension_directory"
2025-03-08 17:43:13,103 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_helper_object"
2025-03-08 17:43:13,103 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_security"
2025-03-08 17:43:13,103 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_startpage"
2025-03-08 17:43:13,103 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ie_disables_process_tab"
2025-03-08 17:43:13,103 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "odbcconf_bypass"
2025-03-08 17:43:13,103 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblydoo_bypass"
2025-03-08 17:43:13,103 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblytwo_bypass"
2025-03-08 17:43:13,104 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bypass_firewall"
2025-03-08 17:43:13,104 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "checks_uac_status"
2025-03-08 17:43:13,104 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_cmstpcom"
2025-03-08 17:43:13,104 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_delegateexecute_sdclt"
2025-03-08 17:43:13,104 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_fodhelper"
2025-03-08 17:43:13,104 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_extracted_content"
2025-03-08 17:43:13,104 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "carberp_mutex"
2025-03-08 17:43:13,104 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "clears_logs"
2025-03-08 17:43:13,105 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_obfuscation"
2025-03-08 17:43:13,105 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_switches"
2025-03-08 17:43:13,105 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_terminate"
2025-03-08 17:43:13,105 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_forfiles_wildcard"
2025-03-08 17:43:13,105 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_http_link"
2025-03-08 17:43:13,105 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_long_string"
2025-03-08 17:43:13,105 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_reversed_http_link"
2025-03-08 17:43:13,105 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "long_commandline"
2025-03-08 17:43:13,105 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed_commandline"
2025-03-08 17:43:13,105 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_account_discovery_cmd"
2025-03-08 17:43:13,105 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_currently_loggedin_user_cmd"
2025-03-08 17:43:13,105 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_discovery_cmd"
2025-03-08 17:43:13,105 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_discovery_pwsh"
2025-03-08 17:43:13,106 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_cmd"
2025-03-08 17:43:13,106 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_pwsh"
2025-03-08 17:43:13,106 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_user_discovery_cmd"
2025-03-08 17:43:13,106 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "copies_self"
2025-03-08 17:43:13,106 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "credwiz_credentialaccess"
2025-03-08 17:43:13,106 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "enables_wdigest"
2025-03-08 17:43:13,106 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "vaultcmd_credentialaccess"
2025-03-08 17:43:13,106 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "file_credential_store_access"
2025-03-08 17:43:13,106 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "file_credential_store_write"
2025-03-08 17:43:13,106 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "kerberos_credential_access_via_rubeus"
2025-03-08 17:43:13,106 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_dumping"
2025-03-08 17:43:13,106 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_store_access"
2025-03-08 17:43:13,107 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Failed to run signature "registry_credential_store_access": 'target'
2025-03-08 17:43:13,107 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_lsa_secrets_access"
2025-03-08 17:43:13,107 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "comsvcs_credentialdump"
2025-03-08 17:43:13,107 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptomining_stratum_command"
2025-03-08 17:43:13,107 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cypherit_mutexes"
2025-03-08 17:43:13,107 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "darkcomet_regkeys"
2025-03-08 17:43:13,107 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "datop_loader"
2025-03-08 17:43:13,107 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "deepfreeze_mutex"
2025-03-08 17:43:13,107 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_executed_files"
2025-03-08 17:43:13,107 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_app_launch"
2025-03-08 17:43:13,108 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_auto_app_termination"
2025-03-08 17:43:13,108 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_appv_virtualization"
2025-03-08 17:43:13,108 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_backups"
2025-03-08 17:43:13,108 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_browser_warn"
2025-03-08 17:43:13,108 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_context_menus"
2025-03-08 17:43:13,109 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_cpl_disable"
2025-03-08 17:43:13,109 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_crashdumps"
2025-03-08 17:43:13,109 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_event_logging"
2025-03-08 17:43:13,109 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_folder_options"
2025-03-08 17:43:13,109 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_notificationcenter"
2025-03-08 17:43:13,109 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_power_options"
2025-03-08 17:43:13,109 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_restore_default_state"
2025-03-08 17:43:13,110 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_run_command"
2025-03-08 17:43:13,110 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_security"
2025-03-08 17:43:13,110 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_smartscreen"
2025-03-08 17:43:13,110 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_startmenu_search"
2025-03-08 17:43:13,110 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_system_restore"
2025-03-08 17:43:13,110 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_uac"
2025-03-08 17:43:13,110 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wer"
2025-03-08 17:43:13,111 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender"
2025-03-08 17:43:13,111 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender_dism"
2025-03-08 17:43:13,111 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender_logging"
2025-03-08 17:43:13,111 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_windows_defender_contextmenu"
2025-03-08 17:43:13,111 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "windows_defender_powershell"
2025-03-08 17:43:13,111 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_file_protection"
2025-03-08 17:43:13,111 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windowsupdate"
2025-03-08 17:43:13,112 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_winfirewall"
2025-03-08 17:43:13,112 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "adfind_domain_enumeration"
2025-03-08 17:43:13,112 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "domain_enumeration_commands"
2025-03-08 17:43:13,112 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "andromut_mutexes"
2025-03-08 17:43:13,112 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "downloader_cabby"
2025-03-08 17:43:13,112 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "phorpiex_mutexes"
2025-03-08 17:43:13,112 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "protonbot_mutexes"
2025-03-08 17:43:13,112 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "driver_filtermanager"
2025-03-08 17:43:13,112 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dropper"
2025-03-08 17:43:13,112 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dll_archive_execution"
2025-03-08 17:43:13,112 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "lnk_archive_execution"
2025-03-08 17:43:13,113 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "script_archive_execution"
2025-03-08 17:43:13,113 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "excel4_macro_urls"
2025-03-08 17:43:13,113 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "escalate_privilege_via_ntlm_relay"
2025-03-08 17:43:13,113 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "spooler_access"
2025-03-08 17:43:13,113 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "spooler_svc_start"
2025-03-08 17:43:13,113 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "mapped_drives_uac"
2025-03-08 17:43:13,113 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "hides_recycle_bin_icon"
2025-03-08 17:43:13,113 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "apocalypse_stealer_file_behavior"
2025-03-08 17:43:13,113 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "arkei_files"
2025-03-08 17:43:13,113 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "azorult_mutexes"
2025-03-08 17:43:13,114 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_bitcoin"
2025-03-08 17:43:13,114 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptbot_files"
2025-03-08 17:43:13,114 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "echelon_files"
2025-03-08 17:43:13,115 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_ftp"
2025-03-08 17:43:13,115 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_im"
2025-03-08 17:43:13,116 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_mail"
2025-03-08 17:43:13,116 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "masslogger_files"
2025-03-08 17:43:13,116 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "poullight_files"
2025-03-08 17:43:13,117 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "purplewave_mutexes"
2025-03-08 17:43:13,117 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "quilclipper_mutexes"
2025-03-08 17:43:13,117 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_files"
2025-03-08 17:43:13,117 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_mutexes"
2025-03-08 17:43:13,117 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "asyncrat_mutex"
2025-03-08 17:43:13,117 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Evade_Execution_Via_ASPNet_Compiler"
2025-03-08 17:43:13,117 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Evade_Execute_Via_DeviceCredentialDeployment"
2025-03-08 17:43:13,117 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Evade_Execution_Via_Filter_Manager_Control"
2025-03-08 17:43:13,117 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Evade_Execution_Via_Intel_GFXDownloadWrapper"
2025-03-08 17:43:13,117 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_binary_via_appvlp"
2025-03-08 17:43:13,118 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_binary_via_pcalua"
2025-03-08 17:43:13,118 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Execute_Binary_Via_OpenSSH"
2025-03-08 17:43:13,118 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_binary_via_pcalua"
2025-03-08 17:43:13,118 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Execute_Binary_Via_PesterPSModule"
2025-03-08 17:43:13,118 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Execute_Binary_Via_ScriptRunner"
2025-03-08 17:43:13,118 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_binary_via_ttdinject"
2025-03-08 17:43:13,118 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Execute_Binary_Via_VisualStudioLiveShare"
2025-03-08 17:43:13,118 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Execute_Msiexec_Via_Explorer"
2025-03-08 17:43:13,118 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_remote_msi"
2025-03-08 17:43:13,118 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_suspicious_powershell_via_runscripthelper"
2025-03-08 17:43:13,118 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_suspicious_powershell_via_sqlps"
2025-03-08 17:43:13,118 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Indirect_Command_Execution_Via_ConsoleWindowHost"
2025-03-08 17:43:13,118 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Perform_Malicious_Activities_Via_Headless_Browser"
2025-03-08 17:43:13,118 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Register_DLL_Via_CertOC"
2025-03-08 17:43:13,119 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Register_DLL_Via_MSIEXEC"
2025-03-08 17:43:13,119 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Register_DLL_Via_Odbcconf"
2025-03-08 17:43:13,119 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Scriptlet_Proxy_Execution_Via_Pubprn"
2025-03-08 17:43:13,119 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ie_martian_children"
2025-03-08 17:43:13,119 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_martian_children"
2025-03-08 17:43:13,119 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_icon"
2025-03-08 17:43:13,119 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "masquerade_process_name"
2025-03-08 17:43:13,119 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "mimikatz_modules"
2025-03-08 17:43:13,119 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ms_office_cmd_rce"
2025-03-08 17:43:13,119 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "mount_copy_to_webdav_share"
2025-03-08 17:43:13,120 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "potential_protocol_tunneling_via_legit_utilities"
2025-03-08 17:43:13,120 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "potential_protocol_tunneling_via_qemu"
2025-03-08 17:43:13,120 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_execution_via_dotnet_remoting"
2025-03-08 17:43:13,120 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_clr_usagelog_regkeys"
2025-03-08 17:43:13,120 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_hostfile"
2025-03-08 17:43:13,120 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_oem_information"
2025-03-08 17:43:13,120 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_security_center_warnings"
2025-03-08 17:43:13,120 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_uac_prompt"
2025-03-08 17:43:13,121 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_blockchain"
2025-03-08 17:43:13,121 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_opennic"
2025-03-08 17:43:13,121 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_paste_site"
2025-03-08 17:43:13,121 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_reverse_proxy"
2025-03-08 17:43:13,121 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_temp_file_storage"
2025-03-08 17:43:13,121 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_temp_urldns"
2025-03-08 17:43:13,121 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_url_shortener"
2025-03-08 17:43:13,121 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_doh_tls"
2025-03-08 17:43:13,121 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_tld"
2025-03-08 17:43:13,121 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor_service"
2025-03-08 17:43:13,121 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_code_page"
2025-03-08 17:43:13,121 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_addinloading"
2025-03-08 17:43:13,122 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_perfkey"
2025-03-08 17:43:13,122 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro"
2025-03-08 17:43:13,122 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "changes_trust_center_settings"
2025-03-08 17:43:13,122 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_vba_trust_access"
2025-03-08 17:43:13,122 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_autoexecution"
2025-03-08 17:43:13,122 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_ioc"
2025-03-08 17:43:13,122 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_malicious_prediction"
2025-03-08 17:43:13,122 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_suspicious"
2025-03-08 17:43:13,122 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_aslr_bypass"
2025-03-08 17:43:13,122 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_characterset"
2025-03-08 17:43:13,122 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_version"
2025-03-08 17:43:13,122 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_content"
2025-03-08 17:43:13,122 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_office_file"
2025-03-08 17:43:13,123 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_exploit_static"
2025-03-08 17:43:13,123 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_security"
2025-03-08 17:43:13,123 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_anomalous_feature"
2025-03-08 17:43:13,123 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_dde_command"
2025-03-08 17:43:13,123 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_mutex"
2025-03-08 17:43:13,123 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_regkey"
2025-03-08 17:43:13,123 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ads"
2025-03-08 17:43:13,123 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Failed to run signature "persistence_ads": 'files'
2025-03-08 17:43:13,123 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_safeboot"
2025-03-08 17:43:13,123 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ifeo"
2025-03-08 17:43:13,123 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_silent_process_exit"
2025-03-08 17:43:13,124 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_rdp_registry"
2025-03-08 17:43:13,124 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_rdp_shadowing"
2025-03-08 17:43:13,124 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_service"
2025-03-08 17:43:13,124 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Failed to run signature "persistence_service": 'created_services'
2025-03-08 17:43:13,124 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_shim_database"
2025-03-08 17:43:13,124 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powerpool_mutexes"
2025-03-08 17:43:13,124 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_scriptblock_logging"
2025-03-08 17:43:13,124 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_command_suspicious"
2025-03-08 17:43:13,124 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed"
2025-03-08 17:43:13,124 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_reversed"
2025-03-08 17:43:13,125 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_variable_obfuscation"
2025-03-08 17:43:13,125 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "prevents_safeboot"
2025-03-08 17:43:13,125 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_process_discovery"
2025-03-08 17:43:13,125 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptomix_mutexes"
2025-03-08 17:43:13,125 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dharma_mutexes"
2025-03-08 17:43:13,125 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_extensions"
2025-03-08 17:43:13,126 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_files"
2025-03-08 17:43:13,128 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "fonix_mutexes"
2025-03-08 17:43:13,128 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "gandcrab_mutexes"
2025-03-08 17:43:13,128 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "germanwiper_mutexes"
2025-03-08 17:43:13,129 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_mutexes"
2025-03-08 17:43:13,129 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_regkeys"
2025-03-08 17:43:13,129 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_mutexes"
2025-03-08 17:43:13,129 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_regkeys"
2025-03-08 17:43:13,129 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "pysa_mutexes"
2025-03-08 17:43:13,129 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_radamant"
2025-03-08 17:43:13,129 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_recyclebin"
2025-03-08 17:43:13,129 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "revil_mutexes"
2025-03-08 17:43:13,130 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_revil_regkey"
2025-03-08 17:43:13,130 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "satan_mutexes"
2025-03-08 17:43:13,130 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "snake_ransom_mutexes"
2025-03-08 17:43:13,130 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransom_mutexes"
2025-03-08 17:43:13,130 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransomware_cmd"
2025-03-08 17:43:13,130 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_stopdjvu"
2025-03-08 17:43:13,130 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Failed to run signature "ransomware_stopdjvu": 'NoneType' object is not iterable
2025-03-08 17:43:13,130 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_beebus_mutexes"
2025-03-08 17:43:13,130 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "blacknet_mutexes"
2025-03-08 17:43:13,131 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_mutexes"
2025-03-08 17:43:13,131 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "crat_mutexes"
2025-03-08 17:43:13,131 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_files"
2025-03-08 17:43:13,131 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_mutexes"
2025-03-08 17:43:13,131 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_fynloski_mutexes"
2025-03-08 17:43:13,131 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "karagany_files"
2025-03-08 17:43:13,131 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_mutexes"
2025-03-08 17:43:13,131 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_regkeys"
2025-03-08 17:43:13,132 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "lodarat_file_behavior"
2025-03-08 17:43:13,132 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modirat_behavior"
2025-03-08 17:43:13,132 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "njrat_regkeys"
2025-03-08 17:43:13,132 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_files"
2025-03-08 17:43:13,132 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_mutexes"
2025-03-08 17:43:13,132 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "parallax_mutexes"
2025-03-08 17:43:13,132 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_pcclient"
2025-03-08 17:43:13,132 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_plugx_mutexes"
2025-03-08 17:43:13,133 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_poisonivy_mutexes"
2025-03-08 17:43:13,133 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_quasar_mutexes"
2025-03-08 17:43:13,133 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ratsnif_mutexes"
2025-03-08 17:43:13,133 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_senna_mutexes"
2025-03-08 17:43:13,133 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_spynet"
2025-03-08 17:43:13,133 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "venomrat_mutexes"
2025-03-08 17:43:13,133 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_files"
2025-03-08 17:43:13,133 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_regkeys"
2025-03-08 17:43:13,133 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_files"
2025-03-08 17:43:13,133 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_mutexes"
2025-03-08 17:43:13,134 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_xtreme_mutexes"
2025-03-08 17:43:13,134 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_fingerprint"
2025-03-08 17:43:13,134 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_files"
2025-03-08 17:43:13,134 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_mutexes"
2025-03-08 17:43:13,134 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_regkeys"
2025-03-08 17:43:13,134 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rdptcp_key"
2025-03-08 17:43:13,134 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_rdp_clip"
2025-03-08 17:43:13,134 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_remote_desktop_session"
2025-03-08 17:43:13,135 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_networking_icon"
2025-03-08 17:43:13,135 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_pinned_programs"
2025-03-08 17:43:13,135 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_security_maintenance_icon"
2025-03-08 17:43:13,135 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_startmenu_defaults"
2025-03-08 17:43:13,135 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_username_startmenu"
2025-03-08 17:43:13,135 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "spicyhotpot_behavior"
2025-03-08 17:43:13,135 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "sniffer_winpcap"
2025-03-08 17:43:13,136 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "spreading_autoruninf"
2025-03-08 17:43:13,136 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hidden_extension"
2025-03-08 17:43:13,136 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hiddenreg"
2025-03-08 17:43:13,136 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hide_notifications"
2025-03-08 17:43:13,136 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_webhistory"
2025-03-08 17:43:13,136 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_psexec"
2025-03-08 17:43:13,136 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_tools"
2025-03-08 17:43:13,136 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "language_check_registry"
2025-03-08 17:43:13,137 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_etw"
2025-03-08 17:43:13,137 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "lsa_tampering"
2025-03-08 17:43:13,137 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_powershell_logging"
2025-03-08 17:43:13,137 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "targeted_flame"
2025-03-08 17:43:13,137 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "territorial_disputes_sigs"
2025-03-08 17:43:13,138 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "trickbot_mutex"
2025-03-08 17:43:13,138 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "fleercivet_mutex"
2025-03-08 17:43:13,138 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "lokibot_mutexes"
2025-03-08 17:43:13,138 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ursnif_behavior"
2025-03-08 17:43:13,139 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "upatre_files"
2025-03-08 17:43:13,139 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "upatre_files"
2025-03-08 17:43:13,139 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_adfind"
2025-03-08 17:43:13,139 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_ms_protocol"
2025-03-08 17:43:13,139 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "neshta_mutexes"
2025-03-08 17:43:13,139 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "renamer_mutexes"
2025-03-08 17:43:13,139 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "owa_web_shell_files"
2025-03-08 17:43:13,139 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_files"
2025-03-08 17:43:13,139 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_processes"
2025-03-08 17:43:13,139 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_csc_build"
2025-03-08 17:43:13,139 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "mavinject_lolbin"
2025-03-08 17:43:13,140 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "multiple_explorer_instances"
2025-03-08 17:43:13,140 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "script_tool_executed"
2025-03-08 17:43:13,140 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_certutil_use"
2025-03-08 17:43:13,140 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_command_tools"
2025-03-08 17:43:13,140 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_mpcmdrun_use"
2025-03-08 17:43:13,140 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_ping_use"
2025-03-08 17:43:13,140 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_powershell_copyitem"
2025-03-08 17:43:13,140 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities"
2025-03-08 17:43:13,140 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_appcmd"
2025-03-08 17:43:13,140 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_csvde_ldifde"
2025-03-08 17:43:13,140 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_cipher"
2025-03-08 17:43:13,140 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_clickonce"
2025-03-08 17:43:13,140 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_curl"
2025-03-08 17:43:13,140 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_dsquery"
2025-03-08 17:43:13,141 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_esentutl"
2025-03-08 17:43:13,141 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_finger"
2025-03-08 17:43:13,141 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_mode"
2025-03-08 17:43:13,141 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_ntdsutil"
2025-03-08 17:43:13,141 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_nltest"
2025-03-08 17:43:13,141 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_xcopy"
2025-03-08 17:43:13,141 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "wmic_command_suspicious"
2025-03-08 17:43:13,141 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "scrcons_wmi_script_consumer"
2025-03-08 17:43:13,141 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "allaple_mutexes"
2025-03-08 17:43:13,142 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "BinGraph"
2025-03-08 17:43:13,142 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "CAPASummary"
2025-03-08 17:43:13,142 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "PCAP2CERT"
2025-03-08 17:43:13,143 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTML"
2025-03-08 17:43:13,168 [Task 23] [modules.reporting.reporthtml] ERROR: Failed to generate summary HTML report: 'dict object' has no attribute 'target'
Traceback (most recent call last):
  File "/opt/CAPEv2/utils/../modules/reporting/reporthtml.py", line 85, in run
    html = tpl.render({"results": results, "summary_report": False})
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 1295, in render
    self.environment.handle_exception()
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 942, in handle_exception
    raise rewrite_traceback_stack(source=source)
  File "/opt/CAPEv2/data/html/report.html", line 1, in top-level template code
    {% extends "base-report.html" %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/base-report.html", line 67, in top-level template code
    {% block content %}{% endblock %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/report.html", line 6, in block 'content'
    {% include "sections/file.html" %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/sections/file.html", line 16, in top-level template code
    {% if results.target.file %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 490, in getattr
    return getattr(obj, attribute)
           ^^^^^^^^^^^^^^^^^^^^^^^
jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'target'
2025-03-08 17:43:13,170 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTMLSummary"
2025-03-08 17:43:13,190 [Task 23] [modules.reporting.reporthtmlsummary] ERROR: Failed to generate summary HTML report: 'dict object' has no attribute 'target'
Traceback (most recent call last):
  File "/opt/CAPEv2/utils/../modules/reporting/reporthtmlsummary.py", line 95, in run
    html = tpl.render({"results": results, "summary_report": True})
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 1295, in render
    self.environment.handle_exception()
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 942, in handle_exception
    raise rewrite_traceback_stack(source=source)
  File "/opt/CAPEv2/data/html/report.html", line 1, in top-level template code
    {% extends "base-report.html" %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/base-report.html", line 67, in top-level template code
    {% block content %}{% endblock %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/report.html", line 6, in block 'content'
    {% include "sections/file.html" %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/sections/file.html", line 16, in top-level template code
    {% if results.target.file %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 490, in getattr
    return getattr(obj, attribute)
           ^^^^^^^^^^^^^^^^^^^^^^^
jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'target'
2025-03-08 17:43:13,191 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "JsonDump"
2025-03-08 17:43:13,192 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportPDF"
2025-03-08 17:43:13,192 [Task 23] [lib.cuckoo.core.plugins] WARNING: The reporting module "ReportPDF" returned the following error: Unable to open summary HTML report to convert to PDF: Ensure reporthtmlsummary is enabled in reporting.conf
2025-03-08 17:43:13,193 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MongoDB"
2025-03-08 17:43:13,214 [Task 23] [modules.reporting.mongodb] DEBUG: Deleted previous MongoDB data for Task 23
2025-03-08 17:43:13,285 [Task 23] [root] DEBUG: Finished processing task

[doomedraven]

do you have any custom plugin/signature or anything custom that you added? i can't reproduce it and you still have target key issue

[tionosaja]

I did not add any plugins/signatures or anything else, everything is default.

[doomedraven]

then i have no idea what is wrong

[tionosaja]

Maybe I will try re-deploying, hopefully, everything will be fine after the last update you made.

I will update you again after the re-deployment.

Thank you.

[doomedraven]

let me me know how that goes, that is very strange, and unusual to see problems with target key, but lets see if we can find what is wrong, try to disable capa in processing and reporting, and reprocess real sample as last test

[tionosaja]

conf/processing.conf

[flare_capa]
enabled = no
# Generate it always or generate on demand only(user need to click button to generate it), still should be enabled to use this feature on demand
on_demand = no
# Analyze binary payloads
static = no
# Analyze CAPE payloads
cape = no
# Analyze ProcDump
procdump = no

conf/reporting.conf

[flare_capa_summary]
enabled = no
on_demand= no

Spoetry run python utils/process.py -r 23 -d

2025-03-08 18:18:36,928 [root] DEBUG: Importing modules...
2025-03-08 18:18:36,929 [modules.auxiliary.QemuScreenshots] DEBUG: Importing 'PIL.ImageChops.difference'
2025-03-08 18:18:36,929 [modules.auxiliary.QemuScreenshots] DEBUG: Importing 'PIL.ImageDraw'
2025-03-08 18:18:36,929 [modules.auxiliary.QemuScreenshots] DEBUG: Importing 'PIL.Image'
OPTIONAL! Missed dependency: poetry run pip install -U git+https://github.com/CAPESandbox/httpreplay
2025-03-08 18:18:37,093 [lazy_import] DEBUG: Getting attr Fernet of LazyModule instance of cryptography.fernet
2025-03-08 18:18:37,093 [lazy_import] DEBUG: Getting attr __name__ of LazyModule instance of cryptography.fernet
2025-03-08 18:18:37,114 [root] DEBUG: Missed file extra/msft-public-ips.csv. Get a fresh copy from https://www.microsoft.com/en-us/download/details.aspx?id=53602
2025-03-08 18:18:37,189 [root] DEBUG: Imported "auxiliary" modules:
2025-03-08 18:18:37,189 [root] DEBUG:    |-- AzSniffer
2025-03-08 18:18:37,189 [root] DEBUG:    |-- Mitmdump
2025-03-08 18:18:37,189 [root] DEBUG:    |-- QEMUScreenshots
2025-03-08 18:18:37,189 [root] DEBUG:    `-- Sniffer
2025-03-08 18:18:37,189 [root] DEBUG: Imported "processing" modules:
2025-03-08 18:18:37,189 [root] DEBUG:    |-- AnalysisInfo
2025-03-08 18:18:37,189 [root] DEBUG:    |-- Autoruns
2025-03-08 18:18:37,189 [root] DEBUG:    |-- BehaviorAnalysis
2025-03-08 18:18:37,189 [root] DEBUG:    |-- Debug
2025-03-08 18:18:37,189 [root] DEBUG:    |-- HollowsHunter
2025-03-08 18:18:37,189 [root] DEBUG:    |-- NetworkAnalysis
2025-03-08 18:18:37,189 [root] DEBUG:    |-- ProcessMemory
2025-03-08 18:18:37,189 [root] DEBUG:    |-- script_log_processing
2025-03-08 18:18:37,189 [root] DEBUG:    |-- Suricata
2025-03-08 18:18:37,189 [root] DEBUG:    |-- Sysmon
2025-03-08 18:18:37,189 [root] DEBUG:    `-- UrlAnalysis
2025-03-08 18:18:37,189 [root] DEBUG: Imported "signatures" modules:
2025-03-08 18:18:37,189 [root] DEBUG:    |-- AntiAnalysisTLSSection
2025-03-08 18:18:37,189 [root] DEBUG:    |-- ClamAV
2025-03-08 18:18:37,190 [root] DEBUG:    |-- KnownVirustotal
2025-03-08 18:18:37,190 [root] DEBUG:    |-- BadCerts
2025-03-08 18:18:37,190 [root] DEBUG:    |-- BadSSLCerts
2025-03-08 18:18:37,190 [root] DEBUG:    |-- ZeusP2P
2025-03-08 18:18:37,190 [root] DEBUG:    |-- ZeusURL
2025-03-08 18:18:37,190 [root] DEBUG:    |-- BinaryTriggeredYARA
2025-03-08 18:18:37,190 [root] DEBUG:    |-- AthenaHttp
2025-03-08 18:18:37,190 [root] DEBUG:    |-- DirtJumper
2025-03-08 18:18:37,190 [root] DEBUG:    |-- Drive
2025-03-08 18:18:37,190 [root] DEBUG:    |-- Drive2
2025-03-08 18:18:37,190 [root] DEBUG:    |-- Madness
2025-03-08 18:18:37,190 [root] DEBUG:    |-- HTMLPhisher_0
2025-03-08 18:18:37,190 [root] DEBUG:    |-- HTMLPhisher_1
2025-03-08 18:18:37,190 [root] DEBUG:    |-- HTMLPhisher_2
2025-03-08 18:18:37,190 [root] DEBUG:    |-- FamilyProxyBack
2025-03-08 18:18:37,190 [root] DEBUG:    |-- FlareCAPAAntiAnalysis
2025-03-08 18:18:37,190 [root] DEBUG:    |-- FlareCAPACollection
2025-03-08 18:18:37,190 [root] DEBUG:    |-- FlareCAPAcommunication
2025-03-08 18:18:37,190 [root] DEBUG:    |-- FlareCAPACompiler
2025-03-08 18:18:37,190 [root] DEBUG:    |-- FlareCAPADataManipulation
2025-03-08 18:18:37,190 [root] DEBUG:    |-- FlareCAPAExecutable
2025-03-08 18:18:37,190 [root] DEBUG:    |-- FlareCAPAHostInteration
2025-03-08 18:18:37,190 [root] DEBUG:    |-- FlareCAPAcommunication
2025-03-08 18:18:37,190 [root] DEBUG:    |-- FlareCAPALib
2025-03-08 18:18:37,190 [root] DEBUG:    |-- FlareCAPALinking
2025-03-08 18:18:37,190 [root] DEBUG:    |-- FlareCAPALoadCode
2025-03-08 18:18:37,190 [root] DEBUG:    |-- FlareCAPAMalwareFamily
2025-03-08 18:18:37,190 [root] DEBUG:    |-- FlareCAPANursery
2025-03-08 18:18:37,190 [root] DEBUG:    |-- FlareCAPAPersistence
2025-03-08 18:18:37,190 [root] DEBUG:    |-- FlareCAPARuntime
2025-03-08 18:18:37,190 [root] DEBUG:    |-- FlareCAPATargeting
2025-03-08 18:18:37,190 [root] DEBUG:    |-- ThreatFox
2025-03-08 18:18:37,190 [root] DEBUG:    |-- Log4j
2025-03-08 18:18:37,190 [root] DEBUG:    |-- MimicsExtension
2025-03-08 18:18:37,190 [root] DEBUG:    |-- NetworkCountryDistribution
2025-03-08 18:18:37,190 [root] DEBUG:    |-- NetworkMultipleDirectIPConnections
2025-03-08 18:18:37,190 [root] DEBUG:    |-- NetworkCnCHTTP
2025-03-08 18:18:37,190 [root] DEBUG:    |-- NetworkHTTPPOST
2025-03-08 18:18:37,190 [root] DEBUG:    |-- NetworkIPEXE
2025-03-08 18:18:37,190 [root] DEBUG:    |-- NetworkDGA
2025-03-08 18:18:37,190 [root] DEBUG:    |-- NetworkDGAFraunhofer
2025-03-08 18:18:37,190 [root] DEBUG:    |-- NetworkDynDNS
2025-03-08 18:18:37,190 [root] DEBUG:    |-- NetworkExcessiveUDP
2025-03-08 18:18:37,190 [root] DEBUG:    |-- NetworkHTTP
2025-03-08 18:18:37,190 [root] DEBUG:    |-- NetworkICMP
2025-03-08 18:18:37,190 [root] DEBUG:    |-- NetworkIRC
2025-03-08 18:18:37,190 [root] DEBUG:    |-- NetworkOpenProxy
2025-03-08 18:18:37,190 [root] DEBUG:    |-- NetworkP2P
2025-03-08 18:18:37,190 [root] DEBUG:    |-- NetworkQuestionableHost
2025-03-08 18:18:37,190 [root] DEBUG:    |-- NetworkQuestionableHttpPath
2025-03-08 18:18:37,190 [root] DEBUG:    |-- NetworkQuestionableHttpsPath
2025-03-08 18:18:37,190 [root] DEBUG:    |-- NetworkSMTP
2025-03-08 18:18:37,190 [root] DEBUG:    |-- TorGateway
2025-03-08 18:18:37,190 [root] DEBUG:    |-- BuildLangID
2025-03-08 18:18:37,191 [root] DEBUG:    |-- ResourceLangID
2025-03-08 18:18:37,191 [root] DEBUG:    |-- overlay
2025-03-08 18:18:37,191 [root] DEBUG:    |-- PackerUnknownPESectionName
2025-03-08 18:18:37,191 [root] DEBUG:    |-- ASPackPacked
2025-03-08 18:18:37,191 [root] DEBUG:    |-- AspireCryptPacked
2025-03-08 18:18:37,191 [root] DEBUG:    |-- BedsProtectorPacked
2025-03-08 18:18:37,191 [root] DEBUG:    |-- ConfuserPacked
2025-03-08 18:18:37,191 [root] DEBUG:    |-- EnigmaPacked
2025-03-08 18:18:37,191 [root] DEBUG:    |-- PackerEntropy
2025-03-08 18:18:37,191 [root] DEBUG:    |-- MPressPacked
2025-03-08 18:18:37,191 [root] DEBUG:    |-- NatePacked
2025-03-08 18:18:37,191 [root] DEBUG:    |-- NsPacked
2025-03-08 18:18:37,191 [root] DEBUG:    |-- SmartAssemblyPacked
2025-03-08 18:18:37,191 [root] DEBUG:    |-- SpicesPacked
2025-03-08 18:18:37,191 [root] DEBUG:    |-- ThemidaPacked
2025-03-08 18:18:37,191 [root] DEBUG:    |-- ThemidaPackedSection
2025-03-08 18:18:37,191 [root] DEBUG:    |-- TitanPacked
2025-03-08 18:18:37,191 [root] DEBUG:    |-- UPXCompressed
2025-03-08 18:18:37,191 [root] DEBUG:    |-- VMPPacked
2025-03-08 18:18:37,191 [root] DEBUG:    |-- YodaPacked
2025-03-08 18:18:37,191 [root] DEBUG:    |-- PDF_Annot_URLs_Checker
2025-03-08 18:18:37,191 [root] DEBUG:    |-- Polymorphic
2025-03-08 18:18:37,191 [root] DEBUG:    |-- PunchPlusPlusPCREs
2025-03-08 18:18:37,191 [root] DEBUG:    |-- Procmem_Yara
2025-03-08 18:18:37,191 [root] DEBUG:    |-- CheckIP
2025-03-08 18:18:37,191 [root] DEBUG:    |-- Authenticode
2025-03-08 18:18:37,191 [root] DEBUG:    |-- InvalidAuthenticodeSignature
2025-03-08 18:18:37,191 [root] DEBUG:    |-- DotNetAnomaly
2025-03-08 18:18:37,191 [root] DEBUG:    |-- Static_Java
2025-03-08 18:18:37,191 [root] DEBUG:    |-- Static_PDF
2025-03-08 18:18:37,191 [root] DEBUG:    |-- ContainsPEOverlay
2025-03-08 18:18:37,191 [root] DEBUG:    |-- PEAnomaly
2025-03-08 18:18:37,191 [root] DEBUG:    |-- PECompileTimeStomping
2025-03-08 18:18:37,191 [root] DEBUG:    |-- StaticPEPDBPath
2025-03-08 18:18:37,191 [root] DEBUG:    |-- RATConfig
2025-03-08 18:18:37,191 [root] DEBUG:    |-- VersionInfoAnomaly
2025-03-08 18:18:37,191 [root] DEBUG:    |-- StealthNetwork
2025-03-08 18:18:37,191 [root] DEBUG:    |-- SuricataAlert
2025-03-08 18:18:37,191 [root] DEBUG:    |-- suspiciousHRML_Body
2025-03-08 18:18:37,191 [root] DEBUG:    |-- suspiciousHTML_Filename
2025-03-08 18:18:37,191 [root] DEBUG:    |-- suspiciousHTML_Title
2025-03-08 18:18:37,191 [root] DEBUG:    |-- VolDevicetree1
2025-03-08 18:18:37,191 [root] DEBUG:    |-- VolHandles1
2025-03-08 18:18:37,191 [root] DEBUG:    |-- VolLdrModules1
2025-03-08 18:18:37,191 [root] DEBUG:    |-- VolLdrModules2
2025-03-08 18:18:37,191 [root] DEBUG:    |-- VolMalfind1
2025-03-08 18:18:37,191 [root] DEBUG:    |-- VolMalfind2
2025-03-08 18:18:37,191 [root] DEBUG:    |-- VolModscan1
2025-03-08 18:18:37,191 [root] DEBUG:    |-- VolSvcscan1
2025-03-08 18:18:37,191 [root] DEBUG:    |-- VolSvcscan2
2025-03-08 18:18:37,191 [root] DEBUG:    |-- VolSvcscan3
2025-03-08 18:18:37,191 [root] DEBUG:    |-- WHOIS_Create
2025-03-08 18:18:37,191 [root] DEBUG:    |-- DisableDriverViaBlocklist
2025-03-08 18:18:37,191 [root] DEBUG:    |-- DisableDriverViaHVCIDisallowedImages
2025-03-08 18:18:37,191 [root] DEBUG:    |-- DisableHypervisorProtectedCodeIntegrity
2025-03-08 18:18:37,191 [root] DEBUG:    |-- PendingFileRenameOperations
2025-03-08 18:18:37,191 [root] DEBUG:    |-- AccessesMailslot
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AccessesNetlogonRegkey
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AccessesPublicFolder
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AccessesSysvol
2025-03-08 18:18:37,192 [root] DEBUG:    |-- WritesSysvol
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AddsAdminUser
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AddsUser
2025-03-08 18:18:37,192 [root] DEBUG:    |-- OverwritesAdminPassword
2025-03-08 18:18:37,192 [root] DEBUG:    |-- anomalous_deletefile
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AntiAnalysisDetectFile
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AntiAnalysisDetectReg
2025-03-08 18:18:37,192 [root] DEBUG:    |-- QihooDetectLibs
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AhnlabDetectLibs
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AvastDetectLibs
2025-03-08 18:18:37,192 [root] DEBUG:    |-- BitdefenderDetectLibs
2025-03-08 18:18:37,192 [root] DEBUG:    |-- BullguardDetectLibs
2025-03-08 18:18:37,192 [root] DEBUG:    |-- ModifiesAttachmentManager
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AntiAVDetectFile
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AntiAVDetectReg
2025-03-08 18:18:37,192 [root] DEBUG:    |-- EmsisoftDetectLibs
2025-03-08 18:18:37,192 [root] DEBUG:    |-- QurbDetectLibs
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AntiAVServiceStop
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AntiAVSRP
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AntiAVWhitespace
2025-03-08 18:18:37,192 [root] DEBUG:    |-- antidebug_addvectoredexceptionhandler
2025-03-08 18:18:37,192 [root] DEBUG:    |-- APIOverrideDetectLibs
2025-03-08 18:18:37,192 [root] DEBUG:    |-- antidebug_checkremotedebuggerpresent
2025-03-08 18:18:37,192 [root] DEBUG:    |-- antidebug_debugactiveprocess
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AntiDBGDevices
2025-03-08 18:18:37,192 [root] DEBUG:    |-- antidebug_gettickcount
2025-03-08 18:18:37,192 [root] DEBUG:    |-- antidebug_guardpages
2025-03-08 18:18:37,192 [root] DEBUG:    |-- antidebug_ntcreatethreadex
2025-03-08 18:18:37,192 [root] DEBUG:    |-- BullguardDetectLibs
2025-03-08 18:18:37,192 [root] DEBUG:    |-- antidebug_ntsetinformationthread
2025-03-08 18:18:37,192 [root] DEBUG:    |-- antidebug_outputdebugstring
2025-03-08 18:18:37,192 [root] DEBUG:    |-- antidebug_setunhandledexceptionfilter
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AntiDBGWindows
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AntiEmuWinDefend
2025-03-08 18:18:37,192 [root] DEBUG:    |-- WineDetectReg
2025-03-08 18:18:37,192 [root] DEBUG:    |-- WineDetectFunc
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AntiSandboxCheckUserdomain
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AntiCuckoo
2025-03-08 18:18:37,192 [root] DEBUG:    |-- CuckooDetectFiles
2025-03-08 18:18:37,192 [root] DEBUG:    |-- CuckooCrash
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AntiSandboxForegroundWindow
2025-03-08 18:18:37,192 [root] DEBUG:    |-- FortinetDetectFiles
2025-03-08 18:18:37,192 [root] DEBUG:    |-- SandboxJoeAnubisDetectFiles
2025-03-08 18:18:37,192 [root] DEBUG:    |-- HookMouse
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AntiSandboxRestart
2025-03-08 18:18:37,192 [root] DEBUG:    |-- SandboxieDetectLibs
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AntisandboxSboxieMutex
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AntiSandboxSboxieObjects
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AntiSandboxScriptTimer
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AntiSandboxSleep
2025-03-08 18:18:37,192 [root] DEBUG:    |-- SunbeltDetectFiles
2025-03-08 18:18:37,192 [root] DEBUG:    |-- SunbeltDetectLibs
2025-03-08 18:18:37,192 [root] DEBUG:    |-- AntiSandboxSuspend
2025-03-08 18:18:37,193 [root] DEBUG:    |-- ThreatTrackDetectFiles
2025-03-08 18:18:37,193 [root] DEBUG:    |-- Unhook
2025-03-08 18:18:37,193 [root] DEBUG:    |-- BochsDetectKeys
2025-03-08 18:18:37,193 [root] DEBUG:    |-- AntiVMDirectoryObjects
2025-03-08 18:18:37,193 [root] DEBUG:    |-- AntiVMBios
2025-03-08 18:18:37,193 [root] DEBUG:    |-- AntiVMCPU
2025-03-08 18:18:37,193 [root] DEBUG:    |-- DiskInformation
2025-03-08 18:18:37,193 [root] DEBUG:    |-- SetupAPIDiskInformation
2025-03-08 18:18:37,193 [root] DEBUG:    |-- AntiVMDiskReg
2025-03-08 18:18:37,193 [root] DEBUG:    |-- AntiVMSCSI
2025-03-08 18:18:37,193 [root] DEBUG:    |-- AntiVMServices
2025-03-08 18:18:37,193 [root] DEBUG:    |-- AntiVMSystem
2025-03-08 18:18:37,193 [root] DEBUG:    |-- HyperVDetectKeys
2025-03-08 18:18:37,193 [root] DEBUG:    |-- AntiVMChecksAvailableMemory
2025-03-08 18:18:37,193 [root] DEBUG:    |-- NetworkAdapters
2025-03-08 18:18:37,193 [root] DEBUG:    |-- ParallelsDetectKeys
2025-03-08 18:18:37,193 [root] DEBUG:    |-- DetectVirtualizationViaRecentFiles
2025-03-08 18:18:37,193 [root] DEBUG:    |-- VBoxDetectDevices
2025-03-08 18:18:37,193 [root] DEBUG:    |-- VBoxDetectFiles
2025-03-08 18:18:37,193 [root] DEBUG:    |-- VBoxDetectKeys
2025-03-08 18:18:37,193 [root] DEBUG:    |-- VBoxDetectLibs
2025-03-08 18:18:37,193 [root] DEBUG:    |-- VBoxDetectProvname
2025-03-08 18:18:37,193 [root] DEBUG:    |-- VBoxDetectWindow
2025-03-08 18:18:37,193 [root] DEBUG:    |-- VMwareDetectDevices
2025-03-08 18:18:37,193 [root] DEBUG:    |-- VMwareDetectEvent
2025-03-08 18:18:37,193 [root] DEBUG:    |-- VMwareDetectFiles
2025-03-08 18:18:37,193 [root] DEBUG:    |-- VMwareDetectKeys
2025-03-08 18:18:37,193 [root] DEBUG:    |-- VMwareDetectLibs
2025-03-08 18:18:37,193 [root] DEBUG:    |-- VMwareDetectMutexes
2025-03-08 18:18:37,193 [root] DEBUG:    |-- VPCDetectFiles
2025-03-08 18:18:37,193 [root] DEBUG:    |-- VPCDetectKeys
2025-03-08 18:18:37,193 [root] DEBUG:    |-- VPCDetectMutex
2025-03-08 18:18:37,193 [root] DEBUG:    |-- XenDetectKeys
2025-03-08 18:18:37,193 [root] DEBUG:    |-- APISpamming
2025-03-08 18:18:37,193 [root] DEBUG:    |-- api_uuidfromstringa
2025-03-08 18:18:37,193 [root] DEBUG:    |-- AsyncRatMutex
2025-03-08 18:18:37,193 [root] DEBUG:    |-- GulpixBehavior
2025-03-08 18:18:37,193 [root] DEBUG:    |-- KetricanRegkeys
2025-03-08 18:18:37,193 [root] DEBUG:    |-- OkrumMutexes
2025-03-08 18:18:37,193 [root] DEBUG:    |-- Cridex
2025-03-08 18:18:37,193 [root] DEBUG:    |-- Geodo
2025-03-08 18:18:37,193 [root] DEBUG:    |-- Prinimalka
2025-03-08 18:18:37,193 [root] DEBUG:    |-- SpyEyeMutexes
2025-03-08 18:18:37,193 [root] DEBUG:    |-- ZeusMutexes
2025-03-08 18:18:37,193 [root] DEBUG:    |-- BCDEditCommand
2025-03-08 18:18:37,193 [root] DEBUG:    |-- BitcoinOpenCL
2025-03-08 18:18:37,193 [root] DEBUG:    |-- AccessesPrimaryPartition
2025-03-08 18:18:37,193 [root] DEBUG:    |-- Bootkit
2025-03-08 18:18:37,193 [root] DEBUG:    |-- DirectHDDAccess
2025-03-08 18:18:37,193 [root] DEBUG:    |-- EnumeratesPhysicalDrives
2025-03-08 18:18:37,193 [root] DEBUG:    |-- PhysicalDriveAccess
2025-03-08 18:18:37,193 [root] DEBUG:    |-- PotentialOverWriteMBR
2025-03-08 18:18:37,193 [root] DEBUG:    |-- SuspiciousIoctlSCSIPassthough
2025-03-08 18:18:37,193 [root] DEBUG:    |-- Ruskill
2025-03-08 18:18:37,193 [root] DEBUG:    |-- BrowserAddon
2025-03-08 18:18:37,193 [root] DEBUG:    |-- ChromiumBrowserExtensionDirectory
2025-03-08 18:18:37,194 [root] DEBUG:    |-- BrowserHelperObject
2025-03-08 18:18:37,194 [root] DEBUG:    |-- BrowserNeeded
2025-03-08 18:18:37,194 [root] DEBUG:    |-- ModifyProxy
2025-03-08 18:18:37,194 [root] DEBUG:    |-- BrowserScanbox
2025-03-08 18:18:37,194 [root] DEBUG:    |-- BrowserSecurity
2025-03-08 18:18:37,194 [root] DEBUG:    |-- browser_startpage
2025-03-08 18:18:37,194 [root] DEBUG:    |-- FirefoxDisablesProcessPerTab
2025-03-08 18:18:37,194 [root] DEBUG:    |-- IEDisablesProcessPerTab
2025-03-08 18:18:37,194 [root] DEBUG:    |-- OdbcconfBypass
2025-03-08 18:18:37,194 [root] DEBUG:    |-- RegSrv32SquiblydooDLLLoad
2025-03-08 18:18:37,194 [root] DEBUG:    |-- SquiblydooBypass
2025-03-08 18:18:37,194 [root] DEBUG:    |-- SquiblytwoBypass
2025-03-08 18:18:37,194 [root] DEBUG:    |-- BypassFirewall
2025-03-08 18:18:37,194 [root] DEBUG:    |-- ChecksUACStatus
2025-03-08 18:18:37,194 [root] DEBUG:    |-- UACBypassCMSTP
2025-03-08 18:18:37,194 [root] DEBUG:    |-- UACBypassCMSTPCOM
2025-03-08 18:18:37,194 [root] DEBUG:    |-- UACBypassDelegateExecuteSdclt
2025-03-08 18:18:37,194 [root] DEBUG:    |-- UACBypassEventvwr
2025-03-08 18:18:37,194 [root] DEBUG:    |-- UACBypassFodhelper
2025-03-08 18:18:37,194 [root] DEBUG:    |-- UACBypassWindowsBackup
2025-03-08 18:18:37,194 [root] DEBUG:    |-- CAPEExtractedContent
2025-03-08 18:18:37,194 [root] DEBUG:    |-- CarberpMutexes
2025-03-08 18:18:37,194 [root] DEBUG:    |-- ClearsLogs
2025-03-08 18:18:37,194 [root] DEBUG:    |-- ClickfraudCookies
2025-03-08 18:18:37,194 [root] DEBUG:    |-- ClickfraudVolume
2025-03-08 18:18:37,194 [root] DEBUG:    |-- CmdlineObfuscation
2025-03-08 18:18:37,194 [root] DEBUG:    |-- CmdlineSwitches
2025-03-08 18:18:37,194 [root] DEBUG:    |-- CmdlineTerminate
2025-03-08 18:18:37,194 [root] DEBUG:    |-- CommandLineForFilesWildCard
2025-03-08 18:18:37,194 [root] DEBUG:    |-- CommandLineHTTPLink
2025-03-08 18:18:37,194 [root] DEBUG:    |-- CommandLineLongString
2025-03-08 18:18:37,194 [root] DEBUG:    |-- CommandLineReversedHTTPLink
2025-03-08 18:18:37,194 [root] DEBUG:    |-- LongCommandline
2025-03-08 18:18:37,194 [root] DEBUG:    |-- PowershellRenamedCommandLine
2025-03-08 18:18:37,194 [root] DEBUG:    |-- SystemAccountDiscoveryCMD
2025-03-08 18:18:37,194 [root] DEBUG:    |-- SystemCurrentlyLoggedinUserCMD
2025-03-08 18:18:37,194 [root] DEBUG:    |-- SystemInfoDiscoveryCMD
2025-03-08 18:18:37,194 [root] DEBUG:    |-- SystemInfoDiscoveryPWSH
2025-03-08 18:18:37,194 [root] DEBUG:    |-- SystemNetworkDiscoveryCMD
2025-03-08 18:18:37,194 [root] DEBUG:    |-- SystemNetworkDiscoveryPWSH
2025-03-08 18:18:37,194 [root] DEBUG:    |-- SystemUserDiscoveryCMD
2025-03-08 18:18:37,194 [root] DEBUG:    |-- CompilesDotNetCode
2025-03-08 18:18:37,194 [root] DEBUG:    |-- QueriesComputerName
2025-03-08 18:18:37,194 [root] DEBUG:    |-- QueriesUserName
2025-03-08 18:18:37,194 [root] DEBUG:    |-- CopiesSelf
2025-03-08 18:18:37,194 [root] DEBUG:    |-- CreatesExe
2025-03-08 18:18:37,194 [root] DEBUG:    |-- CreatesLargeKey
2025-03-08 18:18:37,194 [root] DEBUG:    |-- CreatesNullValue
2025-03-08 18:18:37,194 [root] DEBUG:    |-- AccessWindowsPasswordsVault
2025-03-08 18:18:37,194 [root] DEBUG:    |-- CredWiz
2025-03-08 18:18:37,194 [root] DEBUG:    |-- EnablesWDigest
2025-03-08 18:18:37,194 [root] DEBUG:    |-- VaultCmd
2025-03-08 18:18:37,194 [root] DEBUG:    |-- DumpLSAViaWindowsErrorReporting
2025-03-08 18:18:37,194 [root] DEBUG:    |-- FileCredentialStoreAccess
2025-03-08 18:18:37,194 [root] DEBUG:    |-- FileCredentialStoreWrite
2025-03-08 18:18:37,194 [root] DEBUG:    |-- KerberosCredentialAccessViaRubeus
2025-03-08 18:18:37,195 [root] DEBUG:    |-- LsassCredentialDumping
2025-03-08 18:18:37,195 [root] DEBUG:    |-- RegistryCredentialDumping
2025-03-08 18:18:37,195 [root] DEBUG:    |-- RegistryCredentialStoreAccess
2025-03-08 18:18:37,195 [root] DEBUG:    |-- RegistryLSASecretsAccess
2025-03-08 18:18:37,195 [root] DEBUG:    |-- ComsvcsCredentialDump
2025-03-08 18:18:37,195 [root] DEBUG:    |-- CriticalProcess
2025-03-08 18:18:37,195 [root] DEBUG:    |-- CryptGenKey
2025-03-08 18:18:37,195 [root] DEBUG:    |-- CryptominingStratumCommand
2025-03-08 18:18:37,195 [root] DEBUG:    |-- MINERS
2025-03-08 18:18:37,195 [root] DEBUG:    |-- CVE_2014_6332
2025-03-08 18:18:37,195 [root] DEBUG:    |-- CVE2015_2419_JS
2025-03-08 18:18:37,195 [root] DEBUG:    |-- CVE_2016_0189
2025-03-08 18:18:37,195 [root] DEBUG:    |-- CVE_2016_7200
2025-03-08 18:18:37,195 [root] DEBUG:    |-- CypherITMutexes
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DarkCometRegkeys
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DatopLoader
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DeadConnect
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DeadLink
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DebugsSelf
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DecoyDocument
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DecoyImage
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DeepFreezeMutex
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DeletesExecutedFiles
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DeletesExecutedFiles
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DeletesSelf
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DeletesShadowCopies
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DeletesSystemStateBackup
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DEPBypass
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DEPDisable
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesAppLaunch
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesAutomaticAppTermination
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesAppVirtualiztion
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesBackups
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesBrowserWarn
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesContextMenus
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesCPLDisplay
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesCrashdumps
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesMappedDrivesAutodisconnect
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesEventLogging
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisableFolderOptions
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesNotificationCenter
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesPowerOptions
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesRestoreDefaultState
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisableRunCommand
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesSecurity
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesSmartScreen
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesSPDY
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesStartMenuSearch
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesSystemRestore
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesUAC
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesWER
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesWFP
2025-03-08 18:18:37,195 [root] DEBUG:    |-- AddWindowsDefenderExclusions
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesWindowsDefender
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesWindowsDefenderDISM
2025-03-08 18:18:37,195 [root] DEBUG:    |-- DisablesWindowsDefenderLogging
2025-03-08 18:18:37,195 [root] DEBUG:    |-- RemovesWindowsDefenderContextMenu
2025-03-08 18:18:37,196 [root] DEBUG:    |-- WindowsDefenderPowerShell
2025-03-08 18:18:37,196 [root] DEBUG:    |-- DisablesWindowsFileProtection
2025-03-08 18:18:37,196 [root] DEBUG:    |-- DisablesWindowsUpdate
2025-03-08 18:18:37,196 [root] DEBUG:    |-- DisablesWindowsFirewall
2025-03-08 18:18:37,196 [root] DEBUG:    |-- DllLoadUncommonFileTypes
2025-03-08 18:18:37,196 [root] DEBUG:    |-- DocScriptEXEDrop
2025-03-08 18:18:37,196 [root] DEBUG:    |-- AdfindDomainEnumeration
2025-03-08 18:18:37,196 [root] DEBUG:    |-- DomainEnumerationCommands
2025-03-08 18:18:37,196 [root] DEBUG:    |-- AndromutMutexes
2025-03-08 18:18:37,196 [root] DEBUG:    |-- DownloaderCabby
2025-03-08 18:18:37,196 [root] DEBUG:    |-- GuLoaderAPIs
2025-03-08 18:18:37,196 [root] DEBUG:    |-- PhorpiexMutexes
2025-03-08 18:18:37,196 [root] DEBUG:    |-- ProtonBotMutexes
2025-03-08 18:18:37,196 [root] DEBUG:    |-- DriverFilterManager
2025-03-08 18:18:37,196 [root] DEBUG:    |-- DriverLoad
2025-03-08 18:18:37,196 [root] DEBUG:    |-- Dropper
2025-03-08 18:18:37,196 [root] DEBUG:    |-- EXEDropper_JS
2025-03-08 18:18:37,196 [root] DEBUG:    |-- dynamic_function_loading
2025-03-08 18:18:37,196 [root] DEBUG:    |-- DLLArchiveExecution
2025-03-08 18:18:37,196 [root] DEBUG:    |-- LNKArchiveExecution
2025-03-08 18:18:37,196 [root] DEBUG:    |-- ScriptArchiveExecution
2025-03-08 18:18:37,196 [root] DEBUG:    |-- EncryptedIOC
2025-03-08 18:18:37,196 [root] DEBUG:    |-- Excel4MacroUrls
2025-03-08 18:18:37,196 [root] DEBUG:    |-- Crash
2025-03-08 18:18:37,196 [root] DEBUG:    |-- ProcessCreationSuspiciousLocation
2025-03-08 18:18:37,196 [root] DEBUG:    |-- exploit_getbasekerneladdress
2025-03-08 18:18:37,196 [root] DEBUG:    |-- exploit_gethaldispatchtable
2025-03-08 18:18:37,196 [root] DEBUG:    |-- ExploitHeapspray
2025-03-08 18:18:37,196 [root] DEBUG:    |-- EscalatePrivilegeViaNTLMRelay
2025-03-08 18:18:37,196 [root] DEBUG:    |-- SpoolerAccess
2025-03-08 18:18:37,196 [root] DEBUG:    |-- SpoolerSvcStart
2025-03-08 18:18:37,196 [root] DEBUG:    |-- KoadicAPIs
2025-03-08 18:18:37,196 [root] DEBUG:    |-- KoadicNetworkActivity
2025-03-08 18:18:37,196 [root] DEBUG:    |-- Modiloader_APIs
2025-03-08 18:18:37,196 [root] DEBUG:    |-- MappedDrivesUAC
2025-03-08 18:18:37,196 [root] DEBUG:    |-- SystemMetrics
2025-03-08 18:18:37,196 [root] DEBUG:    |-- Generic_Phish
2025-03-08 18:18:37,196 [root] DEBUG:    |-- HidesRecycleBinIcon
2025-03-08 18:18:37,196 [root] DEBUG:    |-- HTTP_Request
2025-03-08 18:18:37,196 [root] DEBUG:    |-- ApocalypseStealerFileBehavior
2025-03-08 18:18:37,196 [root] DEBUG:    |-- ArkeiFiles
2025-03-08 18:18:37,196 [root] DEBUG:    |-- AzorultMutexes
2025-03-08 18:18:37,196 [root] DEBUG:    |-- BitcoinWallet
2025-03-08 18:18:37,196 [root] DEBUG:    |-- BrowserStealer
2025-03-08 18:18:37,196 [root] DEBUG:    |-- InfostealerBrowserPassword
2025-03-08 18:18:37,196 [root] DEBUG:    |-- CookiesStealer
2025-03-08 18:18:37,196 [root] DEBUG:    |-- CryptBotFiles
2025-03-08 18:18:37,196 [root] DEBUG:    |-- CryptBotNetwork
2025-03-08 18:18:37,196 [root] DEBUG:    |-- EchelonFiles
2025-03-08 18:18:37,196 [root] DEBUG:    |-- FTPStealer
2025-03-08 18:18:37,196 [root] DEBUG:    |-- IMStealer
2025-03-08 18:18:37,196 [root] DEBUG:    |-- KeyLogger
2025-03-08 18:18:37,196 [root] DEBUG:    |-- EmailStealer
2025-03-08 18:18:37,196 [root] DEBUG:    |-- MassLoggerArtifacts
2025-03-08 18:18:37,196 [root] DEBUG:    |-- MassLoggerFiles
2025-03-08 18:18:37,196 [root] DEBUG:    |-- MassLoggerVersion
2025-03-08 18:18:37,196 [root] DEBUG:    |-- PoullightFiles
2025-03-08 18:18:37,197 [root] DEBUG:    |-- PurpleWaveMutexes
2025-03-08 18:18:37,197 [root] DEBUG:    |-- PurpleWaveNetworkAcivity
2025-03-08 18:18:37,197 [root] DEBUG:    |-- QuilClipperMutexes
2025-03-08 18:18:37,197 [root] DEBUG:    |-- QuilClipperNetworkBehavior
2025-03-08 18:18:37,197 [root] DEBUG:    |-- QulabFiles
2025-03-08 18:18:37,197 [root] DEBUG:    |-- QulabMutexes
2025-03-08 18:18:37,197 [root] DEBUG:    |-- RaccoonInfoStealerMutex
2025-03-08 18:18:37,197 [root] DEBUG:    |-- raccoon
2025-03-08 18:18:37,197 [root] DEBUG:    |-- CapturesScreenshot
2025-03-08 18:18:37,197 [root] DEBUG:    |-- vidar
2025-03-08 18:18:37,197 [root] DEBUG:    |-- InjectionCRT
2025-03-08 18:18:37,197 [root] DEBUG:    |-- InjectionExplorer
2025-03-08 18:18:37,197 [root] DEBUG:    |-- InjectionExtension
2025-03-08 18:18:37,197 [root] DEBUG:    |-- InjectionNetworkTraffic
2025-03-08 18:18:37,197 [root] DEBUG:    |-- InjectionRUNPE
2025-03-08 18:18:37,197 [root] DEBUG:    |-- InjectionRWX
2025-03-08 18:18:37,197 [root] DEBUG:    |-- injection_themeinitapihook
2025-03-08 18:18:37,197 [root] DEBUG:    |-- ThreadManipulationRemoteProcess
2025-03-08 18:18:37,197 [root] DEBUG:    |-- Internet_Dropper
2025-03-08 18:18:37,197 [root] DEBUG:    |-- EscalatePrivilegeViaNamedPipe
2025-03-08 18:18:37,197 [root] DEBUG:    |-- IPC_NamedPipe
2025-03-08 18:18:37,197 [root] DEBUG:    |-- JS_Phish
2025-03-08 18:18:37,197 [root] DEBUG:    |-- JS_SuspiciousRedirect
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_EvadeExecutionViaASPNetCompiler
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_EvadeExecutionViaDeviceCredentialDeployment
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_EvadeExecutionViaFilterManagerControl
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_EvadeExecutionViaIntelGFXDownloadWrapper
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaAppVLP
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaCDB
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaInternetExplorerExporter
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaOpenSSH
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaPcalua
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaPesterPSModule
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaRunExeHelperUtility
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaScriptRunner
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryViaTTDinject
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_ExecuteBinaryVisualStudioLiveShare
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_ExecuteMsiexecViaExplorer
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_ExecutePSViaSyncappvpublishingserver
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_ExecuteRemoteMSIViaDevinit
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_ExecuteSuspiciousPowerShellViaRunscripthelper
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_ExecuteSuspiciousPowerShellViaSQLPS
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_IndirectCommandExecutionViaConsoleWindowHost
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_PerformMaliciousActivitiesViaHeadlessBrowser
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_RegisterDLLViaCertOC
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_RegisterDLLViaMSIEXEC
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_RegisterDLLViaOdbcconf
2025-03-08 18:18:37,197 [root] DEBUG:    |-- LOLBAS_ScriptletProxyExecutionViaPubprn
2025-03-08 18:18:37,197 [root] DEBUG:    |-- malicious_dynamic_function_loading
2025-03-08 18:18:37,197 [root] DEBUG:    |-- EncryptPCInfo
2025-03-08 18:18:37,197 [root] DEBUG:    |-- EnryptDataAgentTeslaHTTP
2025-03-08 18:18:37,197 [root] DEBUG:    |-- EnryptDataAgentTeslaHTTPT2
2025-03-08 18:18:37,197 [root] DEBUG:    |-- EnryptDataNanoCore
2025-03-08 18:18:37,197 [root] DEBUG:    |-- MartiansIE
2025-03-08 18:18:37,197 [root] DEBUG:    |-- MartiansOffice
2025-03-08 18:18:37,197 [root] DEBUG:    |-- ReadsMemoryRemoteProcess
2025-03-08 18:18:37,197 [root] DEBUG:    |-- MimicsAgent
2025-03-08 18:18:37,198 [root] DEBUG:    |-- MimicsFiletime
2025-03-08 18:18:37,198 [root] DEBUG:    |-- MimicsIcon
2025-03-08 18:18:37,198 [root] DEBUG:    |-- MasqueradesProcessName
2025-03-08 18:18:37,198 [root] DEBUG:    |-- MimikatzModules
2025-03-08 18:18:37,198 [root] DEBUG:    |-- QuilMinerNetworkBehavior
2025-03-08 18:18:37,198 [root] DEBUG:    |-- AMSIBypassViaCOMRegistry
2025-03-08 18:18:37,198 [root] DEBUG:    |-- AccessAutoLogonsViaRegistry
2025-03-08 18:18:37,198 [root] DEBUG:    |-- AccessBootKeyViaRegistry
2025-03-08 18:18:37,198 [root] DEBUG:    |-- CreateSuspiciousLNKFiles
2025-03-08 18:18:37,198 [root] DEBUG:    |-- CredentialAccessViaWindowsCredentialHistory
2025-03-08 18:18:37,198 [root] DEBUG:    |-- DLLHijackingViaMicrosoftExchange
2025-03-08 18:18:37,198 [root] DEBUG:    |-- DLLHijackingViaWaaSMedicSvcCOMTypeLib
2025-03-08 18:18:37,198 [root] DEBUG:    |-- ExecuteFileDownloadedViaOpenSSH
2025-03-08 18:18:37,198 [root] DEBUG:    |-- ExecuteSafeModeFromSuspiciousProcess
2025-03-08 18:18:37,198 [root] DEBUG:    |-- ExecuteScriptsViaMicrosoftManagementConsole
2025-03-08 18:18:37,198 [root] DEBUG:    |-- ExecuteSuspiciousProcessesViaWindowsMSSQLService
2025-03-08 18:18:37,198 [root] DEBUG:    |-- ExecutionFromSelfExtractingArchive
2025-03-08 18:18:37,198 [root] DEBUG:    |-- IPAddressDiscoveryViaTrustedProgram
2025-03-08 18:18:37,198 [root] DEBUG:    |-- LoadDLLViaControlPanel
2025-03-08 18:18:37,198 [root] DEBUG:    |-- MSOfficeCMDRCE
2025-03-08 18:18:37,198 [root] DEBUG:    |-- MountCopyToWebDavShare
2025-03-08 18:18:37,198 [root] DEBUG:    |-- NetworkConnectionViaSuspiciousProcess
2025-03-08 18:18:37,198 [root] DEBUG:    |-- PotentialLocationDiscoveryViaUnusualProcess
2025-03-08 18:18:37,198 [root] DEBUG:    |-- PotentialProtocolTunnelingViaLegitUtilities
2025-03-08 18:18:37,198 [root] DEBUG:    |-- PotentialProtocolTunnelingViaQEMU
2025-03-08 18:18:37,198 [root] DEBUG:    |-- StoreExecutableRegistry
2025-03-08 18:18:37,198 [root] DEBUG:    |-- SuspiciousExecutionViaDotnetRemoting
2025-03-08 18:18:37,198 [root] DEBUG:    |-- SuspiciousExecutionViaMicrosoftExchangeTransportAgent
2025-03-08 18:18:37,198 [root] DEBUG:    |-- SuspiciousJavaExecutionViaWinScripts
2025-03-08 18:18:37,198 [root] DEBUG:    |-- SuspiciousScheduledTaskCreationviaMasqueradedXMLFile
2025-03-08 18:18:37,198 [root] DEBUG:    |-- UsesRestartManagerForSuspiciousActivities
2025-03-08 18:18:37,198 [root] DEBUG:    |-- ModifiesCerts
2025-03-08 18:18:37,198 [root] DEBUG:    |-- DotNetCLRUsageLogKnob
2025-03-08 18:18:37,198 [root] DEBUG:    |-- Modifies_HostFile
2025-03-08 18:18:37,198 [root] DEBUG:    |-- ModifiesOEMInformation
2025-03-08 18:18:37,198 [root] DEBUG:    |-- ModifySecurityCenterWarnings
2025-03-08 18:18:37,198 [root] DEBUG:    |-- ModifiesUACNotify
2025-03-08 18:18:37,198 [root] DEBUG:    |-- ModifiesDesktopWallpaper
2025-03-08 18:18:37,198 [root] DEBUG:    |-- ZoneID
2025-03-08 18:18:37,198 [root] DEBUG:    |-- move_file_on_reboot
2025-03-08 18:18:37,198 [root] DEBUG:    |-- Multiple_UA
2025-03-08 18:18:37,198 [root] DEBUG:    |-- NetworkAnomaly
2025-03-08 18:18:37,198 [root] DEBUG:    |-- NetworkBIND
2025-03-08 18:18:37,198 [root] DEBUG:    |-- NetworkCnCHTTPSArchive
2025-03-08 18:18:37,198 [root] DEBUG:    |-- NetworkCnCHTTPSFreeWebHosting
2025-03-08 18:18:37,198 [root] DEBUG:    |-- NetworkCnCHTTPSGeneric
2025-03-08 18:18:37,198 [root] DEBUG:    |-- NetworkCnCHTTPSInteractsh
2025-03-08 18:18:37,198 [root] DEBUG:    |-- NetworkCnCHTTPSOpenSource
2025-03-08 18:18:37,198 [root] DEBUG:    |-- NetworkCnCHTTPSPasteSite
2025-03-08 18:18:37,198 [root] DEBUG:    |-- NetworkCnCHTTPSPayload
2025-03-08 18:18:37,198 [root] DEBUG:    |-- NetworkCnCHTTPSServiceInterface
2025-03-08 18:18:37,198 [root] DEBUG:    |-- NetworkCnCHTTPSSocialMedia
2025-03-08 18:18:37,198 [root] DEBUG:    |-- NetworkCnCHTTPSTelegram
2025-03-08 18:18:37,198 [root] DEBUG:    |-- NetworkCnCHTTPSTempStorageSite
2025-03-08 18:18:37,198 [root] DEBUG:    |-- NetworkCnCHTTPSTempURLDNS
2025-03-08 18:18:37,198 [root] DEBUG:    |-- NetworkCnCHTTPSURLShortenerSite
2025-03-08 18:18:37,199 [root] DEBUG:    |-- NetworkCnCHTTPSUserAgent
2025-03-08 18:18:37,199 [root] DEBUG:    |-- NetworkCnCSMTPSExfil
2025-03-08 18:18:37,199 [root] DEBUG:    |-- NetworkCnCSMTPSGeneric
2025-03-08 18:18:37,199 [root] DEBUG:    |-- NetworkDNSBlockChain
2025-03-08 18:18:37,199 [root] DEBUG:    |-- NetworkDNSIDN
2025-03-08 18:18:37,199 [root] DEBUG:    |-- NetworkDNSOpenNIC
2025-03-08 18:18:37,199 [root] DEBUG:    |-- NetworkDNSPasteSite
2025-03-08 18:18:37,199 [root] DEBUG:    |-- NetworkDNSReverseProxy
2025-03-08 18:18:37,199 [root] DEBUG:    |-- NetworkDNSSuspiciousQueryType
2025-03-08 18:18:37,199 [root] DEBUG:    |-- NetworkDNSTempFileService
2025-03-08 18:18:37,199 [root] DEBUG:    |-- NetworkDNSTempURLDNS
2025-03-08 18:18:37,199 [root] DEBUG:    |-- NetworkDNSTunnelingRequest
2025-03-08 18:18:37,199 [root] DEBUG:    |-- NetworkDNSURLShortener
2025-03-08 18:18:37,199 [root] DEBUG:    |-- NetworkDOHTLS
2025-03-08 18:18:37,199 [root] DEBUG:    |-- Suspicious_TLD
2025-03-08 18:18:37,199 [root] DEBUG:    |-- NetworkDocumentHTTP
2025-03-08 18:18:37,199 [root] DEBUG:    |-- ExplorerHTTP
2025-03-08 18:18:37,199 [root] DEBUG:    |-- NetworkFakeUserAgent
2025-03-08 18:18:37,199 [root] DEBUG:    |-- LegitDomainAbuse
2025-03-08 18:18:37,199 [root] DEBUG:    |-- NetworkDocumentFile
2025-03-08 18:18:37,199 [root] DEBUG:    |-- NetworkEXE
2025-03-08 18:18:37,199 [root] DEBUG:    |-- Tor
2025-03-08 18:18:37,199 [root] DEBUG:    |-- TorHiddenService
2025-03-08 18:18:37,199 [root] DEBUG:    |-- Office_Code_Page
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeAddinLoading
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeCOMLoad
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeDotNetLoad
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeMSHTMLLoad
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficePerfKey
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeVBLLoad
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeWMILoad
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeCVE201711882
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeCVE201711882Network
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeCVE202140444
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeCVE202140444M2
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeFlashLoad
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficePostScript
2025-03-08 18:18:37,199 [root] DEBUG:    |-- Office_Macro
2025-03-08 18:18:37,199 [root] DEBUG:    |-- ChangesTrustCenter_settings
2025-03-08 18:18:37,199 [root] DEBUG:    |-- DisablesVBATrustAccess
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeMacroAutoExecution
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeMacroIOC
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeMacroMaliciousPredition
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeMacroSuspicious
2025-03-08 18:18:37,199 [root] DEBUG:    |-- RTFASLRBypass
2025-03-08 18:18:37,199 [root] DEBUG:    |-- RTFAnomalyCharacterSet
2025-03-08 18:18:37,199 [root] DEBUG:    |-- RTFAnomalyVersion
2025-03-08 18:18:37,199 [root] DEBUG:    |-- RTFEmbeddedContent
2025-03-08 18:18:37,199 [root] DEBUG:    |-- RTFEmbeddedOfficeFile
2025-03-08 18:18:37,199 [root] DEBUG:    |-- RTFExploitStatic
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeSecurity
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeAnamalousFeature
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeDDECommand
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeSuspiciousProcesses
2025-03-08 18:18:37,199 [root] DEBUG:    |-- OfficeWriteEXE
2025-03-08 18:18:37,199 [root] DEBUG:    |-- ArmadilloMutex
2025-03-08 18:18:37,199 [root] DEBUG:    |-- ArmadilloRegKey
2025-03-08 18:18:37,200 [root] DEBUG:    |-- ADS
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PersistenceViaAutodialDLLRegistry
2025-03-08 18:18:37,200 [root] DEBUG:    |-- Autorun
2025-03-08 18:18:37,200 [root] DEBUG:    |-- Autorun_scheduler
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PersistenceSafeBoot
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PersistenceBootexecute
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PersistenceRegistryScript
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PersistenceIFEO
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PersistenceSilentProcessExit
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PersistenceRDPRegistry
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PersistenceRDPShadowing
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PersistenceService
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PersistenceShimDatabase
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PowerpoolMutexes
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PowerShellNetworkConnection
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PowerShellScriptBlockLogging
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PowershellCommandSuspicious
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PowershellDownload
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PowershellRenamed
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PowershellRequest
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PowershellReversed
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PowershellVariableObfuscation
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PreventsSafeboot
2025-03-08 18:18:37,200 [root] DEBUG:    |-- CmdlineProcessDiscovery
2025-03-08 18:18:37,200 [root] DEBUG:    |-- CreateToolhelp32SnapshotProcessModuleEnumeration
2025-03-08 18:18:37,200 [root] DEBUG:    |-- EnumeratesRunningProcesses
2025-03-08 18:18:37,200 [root] DEBUG:    |-- ProcessInterest
2025-03-08 18:18:37,200 [root] DEBUG:    |-- ProcessNeeded
2025-03-08 18:18:37,200 [root] DEBUG:    |-- MassDataEncryption
2025-03-08 18:18:37,200 [root] DEBUG:    |-- CryptoMixMutexes
2025-03-08 18:18:37,200 [root] DEBUG:    |-- DharmaMutexes
2025-03-08 18:18:37,200 [root] DEBUG:    |-- RansomwareDMALocker
2025-03-08 18:18:37,200 [root] DEBUG:    |-- RansomwareExtensions
2025-03-08 18:18:37,200 [root] DEBUG:    |-- RansomwareFileModifications
2025-03-08 18:18:37,200 [root] DEBUG:    |-- RansomwareFiles
2025-03-08 18:18:37,200 [root] DEBUG:    |-- FonixMutexes
2025-03-08 18:18:37,200 [root] DEBUG:    |-- GandCrabMutexes
2025-03-08 18:18:37,200 [root] DEBUG:    |-- GermanWiperMutexes
2025-03-08 18:18:37,200 [root] DEBUG:    |-- MedusaLockerMutexes
2025-03-08 18:18:37,200 [root] DEBUG:    |-- MedusaLockerRegkeys
2025-03-08 18:18:37,200 [root] DEBUG:    |-- RansomwareMessage
2025-03-08 18:18:37,200 [root] DEBUG:    |-- NemtyMutexes
2025-03-08 18:18:37,200 [root] DEBUG:    |-- NemtyNetworkActivity
2025-03-08 18:18:37,200 [root] DEBUG:    |-- NemtyNote
2025-03-08 18:18:37,200 [root] DEBUG:    |-- NemtyRegkeys
2025-03-08 18:18:37,200 [root] DEBUG:    |-- PYSAMutexes
2025-03-08 18:18:37,200 [root] DEBUG:    |-- RansomwareRadamant
2025-03-08 18:18:37,200 [root] DEBUG:    |-- RansomwareRecyclebin
2025-03-08 18:18:37,200 [root] DEBUG:    |-- RevilMutexes
2025-03-08 18:18:37,200 [root] DEBUG:    |-- RevilRegkey
2025-03-08 18:18:37,200 [root] DEBUG:    |-- SatanMutexes
2025-03-08 18:18:37,200 [root] DEBUG:    |-- SnakeRansomMutexes
2025-03-08 18:18:37,200 [root] DEBUG:    |-- sodinokibi
2025-03-08 18:18:37,200 [root] DEBUG:    |-- StopRansomMutexes
2025-03-08 18:18:37,200 [root] DEBUG:    |-- StopRansomwareCMD
2025-03-08 18:18:37,200 [root] DEBUG:    |-- StopRansomwareRegistry
2025-03-08 18:18:37,200 [root] DEBUG:    |-- RansomwareSTOPDJVU
2025-03-08 18:18:37,200 [root] DEBUG:    |-- BeebusMutexes
2025-03-08 18:18:37,201 [root] DEBUG:    |-- BlackNETMutexes
2025-03-08 18:18:37,201 [root] DEBUG:    |-- BlackRATAPIs
2025-03-08 18:18:37,201 [root] DEBUG:    |-- BlackRATMutexes
2025-03-08 18:18:37,201 [root] DEBUG:    |-- BlackRATNetworkActivity
2025-03-08 18:18:37,201 [root] DEBUG:    |-- BlackRATRegistryKeys
2025-03-08 18:18:37,201 [root] DEBUG:    |-- CRATMutexes
2025-03-08 18:18:37,201 [root] DEBUG:    |-- DCRatAPIs
2025-03-08 18:18:37,201 [root] DEBUG:    |-- DCRatFiles
2025-03-08 18:18:37,201 [root] DEBUG:    |-- DCRatMutex
2025-03-08 18:18:37,201 [root] DEBUG:    |-- FynloskiMutexes
2025-03-08 18:18:37,201 [root] DEBUG:    |-- KaraganyEventObjects
2025-03-08 18:18:37,201 [root] DEBUG:    |-- KaraganyFiles
2025-03-08 18:18:37,201 [root] DEBUG:    |-- LimeRATMutexes
2025-03-08 18:18:37,201 [root] DEBUG:    |-- LimeRATRegkeys
2025-03-08 18:18:37,201 [root] DEBUG:    |-- LodaRATFileBehavior
2025-03-08 18:18:37,201 [root] DEBUG:    |-- LuminosityRAT
2025-03-08 18:18:37,201 [root] DEBUG:    |-- ModiRATBehavior
2025-03-08 18:18:37,201 [root] DEBUG:    |-- NanocoreRAT
2025-03-08 18:18:37,201 [root] DEBUG:    |-- netwire
2025-03-08 18:18:37,201 [root] DEBUG:    |-- NjratRegkeys
2025-03-08 18:18:37,201 [root] DEBUG:    |-- ObliquekRATFiles
2025-03-08 18:18:37,201 [root] DEBUG:    |-- ObliquekRATMutexes
2025-03-08 18:18:37,201 [root] DEBUG:    |-- ObliquekRATNetworkActivity
2025-03-08 18:18:37,201 [root] DEBUG:    |-- OrcusRAT
2025-03-08 18:18:37,201 [root] DEBUG:    |-- ParallaxMutexes
2025-03-08 18:18:37,201 [root] DEBUG:    |-- PcClientMutexes
2025-03-08 18:18:37,201 [root] DEBUG:    |-- PlugxMutexes
2025-03-08 18:18:37,201 [root] DEBUG:    |-- PoisonIvyMutexes
2025-03-08 18:18:37,201 [root] DEBUG:    |-- QuasarMutexes
2025-03-08 18:18:37,201 [root] DEBUG:    |-- RatsnifMutexes
2025-03-08 18:18:37,201 [root] DEBUG:    |-- SennaMutexes
2025-03-08 18:18:37,201 [root] DEBUG:    |-- SpynetRat
2025-03-08 18:18:37,201 [root] DEBUG:    |-- TrochilusRATAPIs
2025-03-08 18:18:37,201 [root] DEBUG:    |-- VenomRAT
2025-03-08 18:18:37,201 [root] DEBUG:    |-- WarzoneRATFiles
2025-03-08 18:18:37,201 [root] DEBUG:    |-- WarzoneRATRegkeys
2025-03-08 18:18:37,201 [root] DEBUG:    |-- XpertRATFiles
2025-03-08 18:18:37,201 [root] DEBUG:    |-- XpertRATMutexes
2025-03-08 18:18:37,201 [root] DEBUG:    |-- XtremeMutexes
2025-03-08 18:18:37,201 [root] DEBUG:    |-- ReadsSelf
2025-03-08 18:18:37,201 [root] DEBUG:    |-- Recon_Beacon
2025-03-08 18:18:37,201 [root] DEBUG:    |-- Fingerprint
2025-03-08 18:18:37,201 [root] DEBUG:    |-- InstalledApps
2025-03-08 18:18:37,201 [root] DEBUG:    |-- SystemInfo
2025-03-08 18:18:37,201 [root] DEBUG:    |-- Accesses_RecycleBin
2025-03-08 18:18:37,201 [root] DEBUG:    |-- RemcosFiles
2025-03-08 18:18:37,201 [root] DEBUG:    |-- RemcosMutexes
2025-03-08 18:18:37,201 [root] DEBUG:    |-- RemcosRegkeys
2025-03-08 18:18:37,201 [root] DEBUG:    |-- RemcosShellCodeDynamicWrapperX
2025-03-08 18:18:37,201 [root] DEBUG:    |-- RDPTCPKey
2025-03-08 18:18:37,201 [root] DEBUG:    |-- UsesRDPClip
2025-03-08 18:18:37,201 [root] DEBUG:    |-- UsesRemoteDesktopSession
2025-03-08 18:18:37,201 [root] DEBUG:    |-- RemovesNetworkingIcon
2025-03-08 18:18:37,201 [root] DEBUG:    |-- RemovesPinnedPrograms
2025-03-08 18:18:37,201 [root] DEBUG:    |-- RemovesSecurityAndMaintenanceIcon
2025-03-08 18:18:37,201 [root] DEBUG:    |-- RemovesStartMenuDefaults
2025-03-08 18:18:37,202 [root] DEBUG:    |-- RemovesUsernameStartMenu
2025-03-08 18:18:37,202 [root] DEBUG:    |-- RemovesZoneIdADS
2025-03-08 18:18:37,202 [root] DEBUG:    |-- SpicyHotPotBehavior
2025-03-08 18:18:37,202 [root] DEBUG:    |-- ScriptCreatedProcess
2025-03-08 18:18:37,202 [root] DEBUG:    |-- ScriptNetworkActvity
2025-03-08 18:18:37,202 [root] DEBUG:    |-- SuspiciousJSScript
2025-03-08 18:18:37,202 [root] DEBUG:    |-- JavaScriptTimer
2025-03-08 18:18:37,202 [root] DEBUG:    |-- Secure_Login_Phish
2025-03-08 18:18:37,202 [root] DEBUG:    |-- SecurityXploded_Modules
2025-03-08 18:18:37,202 [root] DEBUG:    |-- GetClipboardData
2025-03-08 18:18:37,202 [root] DEBUG:    |-- SetsAutoconfigURL
2025-03-08 18:18:37,202 [root] DEBUG:    |-- InstallsWinpcap
2025-03-08 18:18:37,202 [root] DEBUG:    |-- SpoofsProcname
2025-03-08 18:18:37,202 [root] DEBUG:    |-- CreatesAutorunInf
2025-03-08 18:18:37,202 [root] DEBUG:    |-- StackPivot
2025-03-08 18:18:37,202 [root] DEBUG:    |-- StackPivotFileCreated
2025-03-08 18:18:37,202 [root] DEBUG:    |-- StackPivotProcessCreate
2025-03-08 18:18:37,202 [root] DEBUG:    |-- StealingClipboardData
2025-03-08 18:18:37,202 [root] DEBUG:    |-- StealthChildProc
2025-03-08 18:18:37,202 [root] DEBUG:    |-- StealthFile
2025-03-08 18:18:37,202 [root] DEBUG:    |-- StealthHiddenExtension
2025-03-08 18:18:37,202 [root] DEBUG:    |-- StealthHiddenReg
2025-03-08 18:18:37,202 [root] DEBUG:    |-- StealthHideNotifications
2025-03-08 18:18:37,202 [root] DEBUG:    |-- StealthSystemProcName
2025-03-08 18:18:37,202 [root] DEBUG:    |-- StealthTimeout
2025-03-08 18:18:37,202 [root] DEBUG:    |-- StealthWebHistory
2025-03-08 18:18:37,202 [root] DEBUG:    |-- Hidden_Window
2025-03-08 18:18:37,202 [root] DEBUG:    |-- sysinternals_psexec
2025-03-08 18:18:37,202 [root] DEBUG:    |-- sysinternals_tools
2025-03-08 18:18:37,202 [root] DEBUG:    |-- LanguageCheckReg
2025-03-08 18:18:37,202 [root] DEBUG:    |-- QueriesKeyboardLayout
2025-03-08 18:18:37,202 [root] DEBUG:    |-- QueriesLocaleAPI
2025-03-08 18:18:37,202 [root] DEBUG:    |-- TampersETW
2025-03-08 18:18:37,202 [root] DEBUG:    |-- LSATampering
2025-03-08 18:18:37,202 [root] DEBUG:    |-- TampersPowerShellLogging
2025-03-08 18:18:37,202 [root] DEBUG:    |-- Flame
2025-03-08 18:18:37,202 [root] DEBUG:    |-- TerminatesRemoteProcess
2025-03-08 18:18:37,202 [root] DEBUG:    |-- TerritorialDisputeSIGs
2025-03-08 18:18:37,202 [root] DEBUG:    |-- TrickBotTaskDelete
2025-03-08 18:18:37,202 [root] DEBUG:    |-- TrickBotMutexes
2025-03-08 18:18:37,202 [root] DEBUG:    |-- FleerCivetMutexes
2025-03-08 18:18:37,202 [root] DEBUG:    |-- LokibotMutexes
2025-03-08 18:18:37,202 [root] DEBUG:    |-- UrsnifBehavior
2025-03-08 18:18:37,202 [root] DEBUG:    |-- UpatreFiles
2025-03-08 18:18:37,202 [root] DEBUG:    |-- UpatreMutexes
2025-03-08 18:18:37,202 [root] DEBUG:    |-- UserEnum
2025-03-08 18:18:37,202 [root] DEBUG:    |-- ADFind
2025-03-08 18:18:37,202 [root] DEBUG:    |-- UsesMSProtocol
2025-03-08 18:18:37,202 [root] DEBUG:    |-- Virus
2025-03-08 18:18:37,202 [root] DEBUG:    |-- NeshtaFiles
2025-03-08 18:18:37,202 [root] DEBUG:    |-- NeshtaMutexes
2025-03-08 18:18:37,202 [root] DEBUG:    |-- NeshtaRegKeys
2025-03-08 18:18:37,202 [root] DEBUG:    |-- RenamerMutexes
2025-03-08 18:18:37,202 [root] DEBUG:    |-- Webmail_Phish
2025-03-08 18:18:37,202 [root] DEBUG:    |-- OWAWebShellFiles
2025-03-08 18:18:37,202 [root] DEBUG:    |-- WebShellFiles
2025-03-08 18:18:37,202 [root] DEBUG:    |-- WebShellProcesses
2025-03-08 18:18:37,203 [root] DEBUG:    |-- PersistsDotNetDevUtility
2025-03-08 18:18:37,203 [root] DEBUG:    |-- SpwansDotNetDevUtiliy
2025-03-08 18:18:37,203 [root] DEBUG:    |-- AltersWindowsUtility
2025-03-08 18:18:37,203 [root] DEBUG:    |-- DotNETCSCBuild
2025-03-08 18:18:37,203 [root] DEBUG:    |-- MavInjectLolbin
2025-03-08 18:18:37,203 [root] DEBUG:    |-- MultipleExplorerInstances
2025-03-08 18:18:37,203 [root] DEBUG:    |-- OverwritesAccessibilityUtility
2025-03-08 18:18:37,203 [root] DEBUG:    |-- PotentialLateralMovementViaSMBEXEC
2025-03-08 18:18:37,203 [root] DEBUG:    |-- PotentialWebShellViaScreenConnectServer
2025-03-08 18:18:37,203 [root] DEBUG:    |-- ScriptToolExecuted
2025-03-08 18:18:37,203 [root] DEBUG:    |-- SuspiciousCertutilUse
2025-03-08 18:18:37,203 [root] DEBUG:    |-- SuspiciousCommandTools
2025-03-08 18:18:37,203 [root] DEBUG:    |-- SuspiciousMpCmdRunUse
2025-03-08 18:18:37,203 [root] DEBUG:    |-- SuspiciousPingUse
2025-03-08 18:18:37,203 [root] DEBUG:    |-- UsesMicrosoftHTMLHelpExecutable
2025-03-08 18:18:37,203 [root] DEBUG:    |-- UsesPowerShellCopyItem
2025-03-08 18:18:37,203 [root] DEBUG:    |-- UsesWindowsUtilities
2025-03-08 18:18:37,203 [root] DEBUG:    |-- UsesWindowsUtilitiesAppCmd
2025-03-08 18:18:37,203 [root] DEBUG:    |-- UsesWindowsUtilitiesCSVDELDFIDE
2025-03-08 18:18:37,203 [root] DEBUG:    |-- UsesWindowsUtilitiesCipher
2025-03-08 18:18:37,203 [root] DEBUG:    |-- UsesWindowsUtilitiesClickOnce
2025-03-08 18:18:37,203 [root] DEBUG:    |-- UsesWindowsUtilitiesCurl
2025-03-08 18:18:37,203 [root] DEBUG:    |-- UsesWindowsUtilitiesDSQuery
2025-03-08 18:18:37,203 [root] DEBUG:    |-- UsesWindowsUtilitiesEsentutl
2025-03-08 18:18:37,203 [root] DEBUG:    |-- UsesWindowsUtilitiesFinger
2025-03-08 18:18:37,203 [root] DEBUG:    |-- UsesWindowsUtilitiesMode
2025-03-08 18:18:37,203 [root] DEBUG:    |-- UsesWindowsUtilitiesNTDSutil
2025-03-08 18:18:37,203 [root] DEBUG:    |-- UsesWindowsUtilitiesNltest
2025-03-08 18:18:37,203 [root] DEBUG:    |-- UsesWindowsUtilitiesScheduler
2025-03-08 18:18:37,203 [root] DEBUG:    |-- UsesWindowsUtilitiesXcopy
2025-03-08 18:18:37,203 [root] DEBUG:    |-- WMICCommandSuspicious
2025-03-08 18:18:37,203 [root] DEBUG:    |-- WiperZeroedBytes
2025-03-08 18:18:37,203 [root] DEBUG:    |-- ScrconsWMIScriptConsumer
2025-03-08 18:18:37,203 [root] DEBUG:    |-- WMICreateProcess
2025-03-08 18:18:37,203 [root] DEBUG:    |-- WMIScriptProcess
2025-03-08 18:18:37,203 [root] DEBUG:    |-- Win32ProcessCreate
2025-03-08 18:18:37,203 [root] DEBUG:    |-- AllapleMutexes
2025-03-08 18:18:37,203 [root] DEBUG:    |-- LinuxDeletesFiles
2025-03-08 18:18:37,203 [root] DEBUG:    |-- LinuxDropsFiles
2025-03-08 18:18:37,203 [root] DEBUG:    |-- LinuxReadsFiles
2025-03-08 18:18:37,203 [root] DEBUG:    `-- LinuxWritesFiles
2025-03-08 18:18:37,203 [root] DEBUG: Imported "reporting" modules:
2025-03-08 18:18:37,203 [root] DEBUG:    |-- BinGraph
2025-03-08 18:18:37,203 [root] DEBUG:    |-- JsonDump
2025-03-08 18:18:37,203 [root] DEBUG:    |-- MongoDB
2025-03-08 18:18:37,203 [root] DEBUG:    |-- PCAP2CERT
2025-03-08 18:18:37,203 [root] DEBUG:    |-- ReportHTML
2025-03-08 18:18:37,203 [root] DEBUG:    |-- ReportHTMLSummary
2025-03-08 18:18:37,203 [root] DEBUG:    `-- ReportPDF
2025-03-08 18:18:37,203 [root] DEBUG: Imported "feeds" modules:
2025-03-08 18:18:37,203 [root] DEBUG:    `-- AbuseCH_SSL
2025-03-08 18:18:37,203 [root] DEBUG: Imported "machinery" modules:
2025-03-08 18:18:37,203 [root] DEBUG:    `-- Proxmox
2025-03-08 18:18:37,203 [Task 23] [root] DEBUG: Processing task
2025-03-08 18:18:37,211 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "AnalysisInfo" on analysis at "/opt/CAPEv2/storage/analyses/23"
2025-03-08 18:18:37,218 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Processing module autoruns not found in configuration file
2025-03-08 18:18:37,218 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "BehaviorAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/23"
2025-03-08 18:18:37,218 [Task 23] [modules.processing.behavior] WARNING: Analysis results folder does not exist at path "/opt/CAPEv2/storage/analyses/23/logs"
2025-03-08 18:18:37,219 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Debug" on analysis at "/opt/CAPEv2/storage/analyses/23"
2025-03-08 18:18:37,220 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Processing module hollowshunter not found in configuration file
2025-03-08 18:18:37,220 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "NetworkAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/23"
2025-03-08 18:18:37,220 [Task 23] [modules.processing.network] DEBUG: The PCAP file does not exist at path "/opt/CAPEv2/storage/analyses/23/dump.pcap"
2025-03-08 18:18:37,220 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Suricata" on analysis at "/opt/CAPEv2/storage/analyses/23"
2025-03-08 18:18:37,220 [Task 23] [modules.processing.suricata] DEBUG: Unable to Run Suricata: Pcap file /opt/CAPEv2/storage/analyses/23/dump.pcap does not exist. Did you run analysis with live connection?
2025-03-08 18:18:37,220 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Sysmon" on analysis at "/opt/CAPEv2/storage/analyses/23"
2025-03-08 18:18:37,220 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "UrlAnalysis" on analysis at "/opt/CAPEv2/storage/analyses/23"
2025-03-08 18:18:37,220 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "script_log_processing" on analysis at "/opt/CAPEv2/storage/analyses/23"
2025-03-08 18:18:37,221 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing processing module "ProcessMemory" on analysis at "/opt/CAPEv2/storage/analyses/23"
2025-03-08 18:18:37,231 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Applying signature overlays for signatures: creates_exe
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running 285 evented signatures
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- packer_themida
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- stealth_network
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- disable_driver_via_blocklist
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- disable_driver_via_hvcidisallowedimages
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- disable_hypervisor_protected_code_integrity
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- pendingfilerenameoperations_Operations
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- anomalous_deletefile
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_360_libs
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_ahnlab_libs
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_avast_libs
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_bitdefender_libs
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_bullgaurd_libs
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_emsisoft_libs
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_qurb_libs
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_servicestop
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_addvectoredexceptionhandler
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_apioverride_libs
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_checkremotedebuggerpresent
2025-03-08 18:18:37,232 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_debugactiveprocess
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_gettickcount
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_guardpages
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_ntcreatethreadex
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiav_nthookengine_libs
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_ntsetinformationthread
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_outputdebugstring
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_setunhandledexceptionfilter
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antidebug_windows
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antiemu_wine_func
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_check_userdomain
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_cuckoo
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_cuckoocrash
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_foregroundwindows
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_mouse_hook
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_restart
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_sboxie_libs
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_sboxie_objects
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_script_timer
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_sleep
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_sunbelt_libs
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_suspend
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antisandbox_unhook
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_directory_objects
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_generic_disk
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_generic_disk_setupapi
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_generic_scsi
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_generic_services
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_generic_system
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_checks_available_memory
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_network_adapters
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- detect_virtualization_via_recent_files
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_vbox_libs
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_vbox_provname
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_vbox_window
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_vmware_events
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- antivm_vmware_libs
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- api_spamming
2025-03-08 18:18:37,233 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- api_uuidfromstringa
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- banker_prinimalka
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- bcdedit_command
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- bootkit
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- potential_overwrite_mbr
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- suspicious_ioctl_scsipassthough
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- browser_needed
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- browser_scanbox
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- firefox_disables_process_tab
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- regsvr32_squiblydoo_dll_load
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- uac_bypass_cmstp
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- uac_bypass_eventvwr
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- uac_bypass_windows_Backup
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- clickfraud_cookies
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- clickfraud_volume
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- queries_computer_name
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- queries_user_name
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- creates_largekey
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- creates_nullvalue
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- access_windows_passwords_vault
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dump_lsa_via_windows_error_reporting
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- lsass_credential_dumping
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- critical_process
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- generates_crypto_key
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- cryptopool_domains
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- cve_2014_6332
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- cve_2015_2419_js
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- cve_2016-0189
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- cve_2016_7200
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dead_connect
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dead_link
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- debugs_self
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- decoy_image
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- deletes_consolehost_history
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- deletes_self
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- deletes_shadow_copies
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- deletes_system_state_backup
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dep_bypass
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dep_disable
2025-03-08 18:18:37,234 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- disables_mappeddrives_autodisconnect
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- disables_spdy
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- disables_wfp
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- add_windows_defender_exclusions
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dll_load_uncommon_file_types
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- document_script_exe_drop
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- guloader_apis
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- driver_load
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dynamic_function_loading
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- exec_crash
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- process_creation_suspicious_location
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- exploit_getbasekerneladdress
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- exploit_gethaldispatchtable
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- exploit_heapspray
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- koadic_apis
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- koadic_network_activity
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- downloads_from_filehosting
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- generic_phish
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- http_request
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- infostealer_browser
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- infostealer_browser_password
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- infostealer_cookies
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- cryptbot_network
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- infostealer_keylog
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- masslogger_artifacts
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- masslogger_version
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- purplewave_network_activity
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- quilclipper_behavior
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- raccoon_behavior
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- captures_screenshot
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- vidar_behavior
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- injection_createremotethread
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- injection_explorer
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- injection_needextension
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- injection_network_traffic
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- injection_runpe
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- injection_themeinitapihook
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- resumethread_remote_process
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- internet_dropper
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- escalate_privilege_via_named_pipe
2025-03-08 18:18:37,235 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- ipc_namedpipe
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- js_phish
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- js_suspicious_redirect
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_binary_via_internet_explorer_exporter
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_binary_via_run_exe_helper_utility
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_ps_via_syncappvpublishingserver
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- malicious_dynamic_function_loading
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- encrypt_pcinfo
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- encrypt_data_agenttesla_http
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- encrypt_data_agentteslat2_http
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- encrypt_data_nanocore
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- reads_memory_remote_process
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- mimics_filetime
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- quilclipper_behavior
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- amsi_bypass_via_com_registry
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- access_auto_logons_via_registry
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- access_boot_key_via_registry
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- create_suspicious_lnk_files
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- credential_access_via_windows_credential_history
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dll_hijacking_via_microsoft_exchange
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dll_hijacking_via_waas_medic_svc_com_typelib
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_file_downloaded_via_openssh
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_safe_mode_from_suspicious_process
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_scripts_via_microsoft_management_console
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- execute_suspicious_processes_via_windows_mssql_service
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- execution_from_self_extracting_archive
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- ip_address_discovery_via_trusted_program
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- load_dll_via_control_panel
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_connection_via_suspicious_process
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- potential_location_discovery_via_unusual_process
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- store_executable_registry
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- Suspicious_Execution_Via_MicrosoftExchangeTransportAgent
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- suspicious_java_execution_via_win_scripts
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- Suspicious_Scheduled_Task_Creation_Via_Masqueraded_XML_File
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- uses_restart_manager_for_suspicious_activities
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- modify_desktop_wallpaper
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- modify_zoneid_ads
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- move_file_on_reboot
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- multiple_useragents
2025-03-08 18:18:37,236 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_anomaly
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_bind
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_archive
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_free_webshoting
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_generic
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_temp_urldns
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_opensource
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_pastesite
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_payload
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_serviceinterface
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_socialmedia
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_telegram
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_tempstorage
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_temp_urldns
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_urlshortener
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_https_useragent
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_smtps_exfil
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_cnc_smtps_generic
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_dns_idn
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_dns_suspicious_querytype
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_dns_tunneling_request
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- explorer_http
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_fake_useragent
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- legitimate_domain_abuse
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_downloader_exe
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- network_tor
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_com_load
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_dotnet_load
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_mshtml_load
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_vb_load
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_wmi_load
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_cve2017_11882_network
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_cve_2021_40444
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_cve_2021_40444_m2
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_flash_load
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_postscript
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- office_suspicious_processes
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- persistence_via_autodial_dll_registry
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- persistence_autorun
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- persistence_autorun_tasks
2025-03-08 18:18:37,237 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- persistence_bootexecute
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- persistence_registry_script
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- powershell_download
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- powershell_request
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- createtoolhelp32snapshot_module_enumeration
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- enumerates_running_processes
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- process_interest
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- process_needed
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- mass_data_encryption
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- ransomware_dmalocker
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- ransomware_file_modifications
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- ransomware_message
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- nemty_network_activity
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- nemty_note
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- sodinokibi_behavior
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- stop_ransomware_registry
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- blackrat_apis
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- blackrat_network_activity
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- blackrat_registry_keys
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- dcrat_behavior
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- karagany_system_event_objects
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- rat_luminosity
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- rat_nanocore
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- netwire_behavior
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- obliquerat_network_activity
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- orcusrat_behavior
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- trochilusrat_apis
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- recon_beacon
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- recon_programs
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- recon_systeminfo
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- accesses_recyclebin
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- remcos_shell_code_dynamic_wrapper_x
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- removes_zoneid_ads
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- script_created_process
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- script_network_activity
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- suspicious_js_script
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- javascript_timer
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- secure_login_phishing
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- securityxploded_modules
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- get_clipboard_data
2025-03-08 18:18:37,238 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- sets_autoconfig_url
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- spoofs_procname
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- stack_pivot
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- stack_pivot_file_created
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- stack_pivot_process_create
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- set_clipboard_data
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- stealth_childproc
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- stealth_system_procname
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- stealth_timeout
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- stealth_window
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- queries_keyboard_layout
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- queries_locale_api
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- terminates_remote_process
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- trickbot_task_delete
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- user_enum
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- virus
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- neshta_files
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- neshta_regkeys
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- webmail_phish
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- persists_dev_util
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- spawns_dev_util
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- alters_windows_utility
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- overwrites_accessibility_utility
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- Potential_Lateral_Movement_Via_SMBEXEC
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- potential_WebShell_Via_ScreenConnectServer
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- uses_Microsoft_HTML_Help_Executable
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- uses_windows_utilities_to_create_scheduled_task
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- wiper_zeroedbytes
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- wmi_create_process
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       |-- wmi_script_process
2025-03-08 18:18:37,239 [Task 23] [lib.cuckoo.core.plugins] DEBUG:       `-- win32_process_create
2025-03-08 18:18:37,242 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Failed to run signature "uac_bypass_windows_Backup": 'NoneType' object is not iterable
2025-03-08 18:18:37,250 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running non-evented signatures
2025-03-08 18:18:37,250 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_tls_section"
2025-03-08 18:18:37,250 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivirus_clamav"
2025-03-08 18:18:37,250 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivirus_virustotal"
2025-03-08 18:18:37,251 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_certs"
2025-03-08 18:18:37,251 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_ssl_certs"
2025-03-08 18:18:37,251 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_p2p"
2025-03-08 18:18:37,251 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_url"
2025-03-08 18:18:37,251 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "binary_yara"
2025-03-08 18:18:37,251 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Failed to run signature "binary_yara": 'target'
2025-03-08 18:18:37,251 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_athenahttp"
2025-03-08 18:18:37,251 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_dirtjumper"
2025-03-08 18:18:37,251 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive"
2025-03-08 18:18:37,252 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive2"
2025-03-08 18:18:37,252 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_madness"
2025-03-08 18:18:37,252 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "phishing_kit_detected"
2025-03-08 18:18:37,252 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "phishing_kit_detected"
2025-03-08 18:18:37,252 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "phishing_kit_detected"
2025-03-08 18:18:37,252 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "family_proxyback"
2025-03-08 18:18:37,252 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_antianalysis"
2025-03-08 18:18:37,252 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_collection"
2025-03-08 18:18:37,252 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_communication"
2025-03-08 18:18:37,253 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_compiler"
2025-03-08 18:18:37,253 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_datamanipulation"
2025-03-08 18:18:37,253 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_executable"
2025-03-08 18:18:37,253 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_hostinteraction"
2025-03-08 18:18:37,253 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_impact"
2025-03-08 18:18:37,253 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_lib"
2025-03-08 18:18:37,253 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_linking"
2025-03-08 18:18:37,253 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_loadcode"
2025-03-08 18:18:37,253 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_malwarefamily"
2025-03-08 18:18:37,253 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_nursery"
2025-03-08 18:18:37,253 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_persistence"
2025-03-08 18:18:37,253 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_runtime"
2025-03-08 18:18:37,253 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "flare_capa_targeting"
2025-03-08 18:18:37,253 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "threatfox"
2025-03-08 18:18:37,254 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "log4shell"
2025-03-08 18:18:37,254 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_extension"
2025-03-08 18:18:37,254 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_ip_exe"
2025-03-08 18:18:37,254 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga"
2025-03-08 18:18:37,254 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga_fraunhofer"
2025-03-08 18:18:37,254 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dyndns"
2025-03-08 18:18:37,254 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_icmp"
2025-03-08 18:18:37,254 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_irc"
2025-03-08 18:18:37,254 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_open_proxy"
2025-03-08 18:18:37,254 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_smtp"
2025-03-08 18:18:37,254 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_torgateway"
2025-03-08 18:18:37,254 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_langid"
2025-03-08 18:18:37,254 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_resource_langid"
2025-03-08 18:18:37,255 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "overlay"
2025-03-08 18:18:37,255 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_unknown_pe_section_name"
2025-03-08 18:18:37,255 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspack"
2025-03-08 18:18:37,255 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_aspirecrypt"
2025-03-08 18:18:37,255 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_bedsprotector"
2025-03-08 18:18:37,255 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_confuser"
2025-03-08 18:18:37,255 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_enigma"
2025-03-08 18:18:37,255 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_entropy"
2025-03-08 18:18:37,255 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_mpress"
2025-03-08 18:18:37,255 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nate"
2025-03-08 18:18:37,255 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_nspack"
2025-03-08 18:18:37,255 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_smartassembly"
2025-03-08 18:18:37,255 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_spices"
2025-03-08 18:18:37,255 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_themida"
2025-03-08 18:18:37,256 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_titan"
2025-03-08 18:18:37,256 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_upx"
2025-03-08 18:18:37,256 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_vmprotect"
2025-03-08 18:18:37,256 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_yoda"
2025-03-08 18:18:37,256 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "punch_plus_plus_pcres"
2025-03-08 18:18:37,256 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "procmem_yara"
2025-03-08 18:18:37,256 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_checkip"
2025-03-08 18:18:37,256 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_authenticode"
2025-03-08 18:18:37,256 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "invalid_authenticode_signature"
2025-03-08 18:18:37,256 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_dotnet_anomaly"
2025-03-08 18:18:37,256 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_java"
2025-03-08 18:18:37,256 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pdf"
2025-03-08 18:18:37,256 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "contains_pe_overlay"
2025-03-08 18:18:37,256 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_anomaly"
2025-03-08 18:18:37,257 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "pe_compile_timestomping"
2025-03-08 18:18:37,257 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_pdbpath"
2025-03-08 18:18:37,257 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_rat_config"
2025-03-08 18:18:37,257 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "static_versioninfo_anomaly"
2025-03-08 18:18:37,257 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suricata_alert"
2025-03-08 18:18:37,257 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_html_body"
2025-03-08 18:18:37,257 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_html_name"
2025-03-08 18:18:37,257 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_html_title"
2025-03-08 18:18:37,257 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_devicetree_1"
2025-03-08 18:18:37,257 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_handles_1"
2025-03-08 18:18:37,257 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_1"
2025-03-08 18:18:37,257 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_2"
2025-03-08 18:18:37,258 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_1"
2025-03-08 18:18:37,258 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_2"
2025-03-08 18:18:37,258 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_modscan_1"
2025-03-08 18:18:37,258 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_1"
2025-03-08 18:18:37,258 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_2"
2025-03-08 18:18:37,258 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_3"
2025-03-08 18:18:37,258 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "whois_create"
2025-03-08 18:18:37,258 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_mailslot"
2025-03-08 18:18:37,258 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_netlogon_regkey"
2025-03-08 18:18:37,258 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_public_folder"
2025-03-08 18:18:37,258 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_sysvol"
2025-03-08 18:18:37,258 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "writes_sysvol"
2025-03-08 18:18:37,259 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "adds_admin_user"
2025-03-08 18:18:37,259 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "adds_user"
2025-03-08 18:18:37,259 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "overwrites_admin_password"
2025-03-08 18:18:37,259 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectfile"
2025-03-08 18:18:37,260 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectreg"
2025-03-08 18:18:37,260 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_attachment_manager"
2025-03-08 18:18:37,260 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectfile"
2025-03-08 18:18:37,261 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectreg"
2025-03-08 18:18:37,262 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_srp"
2025-03-08 18:18:37,262 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_whitespace"
2025-03-08 18:18:37,262 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antidebug_devices"
2025-03-08 18:18:37,262 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_windefend"
2025-03-08 18:18:37,263 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_reg"
2025-03-08 18:18:37,263 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoo_files"
2025-03-08 18:18:37,263 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_fortinet_files"
2025-03-08 18:18:37,263 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_joe_anubis_files"
2025-03-08 18:18:37,263 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_mutex"
2025-03-08 18:18:37,263 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_files"
2025-03-08 18:18:37,263 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_threattrack_files"
2025-03-08 18:18:37,263 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_bochs_keys"
2025-03-08 18:18:37,263 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_bios"
2025-03-08 18:18:37,263 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_cpu"
2025-03-08 18:18:37,264 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_diskreg"
2025-03-08 18:18:37,264 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_hyperv_keys"
2025-03-08 18:18:37,264 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_parallels_keys"
2025-03-08 18:18:37,264 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_devices"
2025-03-08 18:18:37,264 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_files"
2025-03-08 18:18:37,264 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_keys"
2025-03-08 18:18:37,265 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_devices"
2025-03-08 18:18:37,265 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_files"
2025-03-08 18:18:37,265 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_keys"
2025-03-08 18:18:37,265 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_mutexes"
2025-03-08 18:18:37,265 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_files"
2025-03-08 18:18:37,265 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_keys"
2025-03-08 18:18:37,266 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_mutex"
2025-03-08 18:18:37,266 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_xen_keys"
2025-03-08 18:18:37,266 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "asyncrat_mutex"
2025-03-08 18:18:37,266 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "gulpix_behavior"
2025-03-08 18:18:37,266 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ketrican_regkeys"
2025-03-08 18:18:37,266 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "okrum_mutexes"
2025-03-08 18:18:37,266 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_cridex"
2025-03-08 18:18:37,266 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "geodo_banking_trojan"
2025-03-08 18:18:37,267 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_spyeye_mutexes"
2025-03-08 18:18:37,267 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_mutex"
2025-03-08 18:18:37,267 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bitcoin_opencl"
2025-03-08 18:18:37,267 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "accesses_primary_patition"
2025-03-08 18:18:37,267 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "direct_hdd_access"
2025-03-08 18:18:37,268 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "enumerates_physical_drives"
2025-03-08 18:18:37,268 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "physical_drive_access"
2025-03-08 18:18:37,268 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_russkill"
2025-03-08 18:18:37,268 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_addon"
2025-03-08 18:18:37,268 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "chromium_browser_extension_directory"
2025-03-08 18:18:37,268 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_helper_object"
2025-03-08 18:18:37,268 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_security"
2025-03-08 18:18:37,269 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_startpage"
2025-03-08 18:18:37,269 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ie_disables_process_tab"
2025-03-08 18:18:37,269 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "odbcconf_bypass"
2025-03-08 18:18:37,269 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblydoo_bypass"
2025-03-08 18:18:37,269 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "squiblytwo_bypass"
2025-03-08 18:18:37,269 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "bypass_firewall"
2025-03-08 18:18:37,269 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "checks_uac_status"
2025-03-08 18:18:37,269 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_cmstpcom"
2025-03-08 18:18:37,269 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_delegateexecute_sdclt"
2025-03-08 18:18:37,269 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uac_bypass_fodhelper"
2025-03-08 18:18:37,270 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cape_extracted_content"
2025-03-08 18:18:37,270 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "carberp_mutex"
2025-03-08 18:18:37,270 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "clears_logs"
2025-03-08 18:18:37,270 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_obfuscation"
2025-03-08 18:18:37,270 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_switches"
2025-03-08 18:18:37,270 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_terminate"
2025-03-08 18:18:37,270 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_forfiles_wildcard"
2025-03-08 18:18:37,270 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_http_link"
2025-03-08 18:18:37,270 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_long_string"
2025-03-08 18:18:37,270 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_reversed_http_link"
2025-03-08 18:18:37,270 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "long_commandline"
2025-03-08 18:18:37,271 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed_commandline"
2025-03-08 18:18:37,271 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_account_discovery_cmd"
2025-03-08 18:18:37,271 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_currently_loggedin_user_cmd"
2025-03-08 18:18:37,271 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_discovery_cmd"
2025-03-08 18:18:37,271 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_info_discovery_pwsh"
2025-03-08 18:18:37,271 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_cmd"
2025-03-08 18:18:37,271 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_network_discovery_pwsh"
2025-03-08 18:18:37,271 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "system_user_discovery_cmd"
2025-03-08 18:18:37,271 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "copies_self"
2025-03-08 18:18:37,271 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "credwiz_credentialaccess"
2025-03-08 18:18:37,271 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "enables_wdigest"
2025-03-08 18:18:37,271 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "vaultcmd_credentialaccess"
2025-03-08 18:18:37,271 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "file_credential_store_access"
2025-03-08 18:18:37,272 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "file_credential_store_write"
2025-03-08 18:18:37,272 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "kerberos_credential_access_via_rubeus"
2025-03-08 18:18:37,272 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_dumping"
2025-03-08 18:18:37,272 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_credential_store_access"
2025-03-08 18:18:37,272 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Failed to run signature "registry_credential_store_access": 'target'
2025-03-08 18:18:37,272 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "registry_lsa_secrets_access"
2025-03-08 18:18:37,272 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "comsvcs_credentialdump"
2025-03-08 18:18:37,272 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptomining_stratum_command"
2025-03-08 18:18:37,272 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cypherit_mutexes"
2025-03-08 18:18:37,272 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "darkcomet_regkeys"
2025-03-08 18:18:37,273 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "datop_loader"
2025-03-08 18:18:37,273 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "deepfreeze_mutex"
2025-03-08 18:18:37,273 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_executed_files"
2025-03-08 18:18:37,273 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_app_launch"
2025-03-08 18:18:37,273 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_auto_app_termination"
2025-03-08 18:18:37,273 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_appv_virtualization"
2025-03-08 18:18:37,273 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_backups"
2025-03-08 18:18:37,273 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_browser_warn"
2025-03-08 18:18:37,274 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_context_menus"
2025-03-08 18:18:37,274 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_cpl_disable"
2025-03-08 18:18:37,274 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_crashdumps"
2025-03-08 18:18:37,274 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_event_logging"
2025-03-08 18:18:37,274 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_folder_options"
2025-03-08 18:18:37,274 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_notificationcenter"
2025-03-08 18:18:37,274 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_power_options"
2025-03-08 18:18:37,275 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_restore_default_state"
2025-03-08 18:18:37,275 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_run_command"
2025-03-08 18:18:37,275 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_security"
2025-03-08 18:18:37,275 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_smartscreen"
2025-03-08 18:18:37,275 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_startmenu_search"
2025-03-08 18:18:37,275 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_system_restore"
2025-03-08 18:18:37,276 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_uac"
2025-03-08 18:18:37,276 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wer"
2025-03-08 18:18:37,276 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender"
2025-03-08 18:18:37,276 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender_dism"
2025-03-08 18:18:37,276 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender_logging"
2025-03-08 18:18:37,276 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_windows_defender_contextmenu"
2025-03-08 18:18:37,276 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "windows_defender_powershell"
2025-03-08 18:18:37,277 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_file_protection"
2025-03-08 18:18:37,277 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windowsupdate"
2025-03-08 18:18:37,277 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_winfirewall"
2025-03-08 18:18:37,277 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "adfind_domain_enumeration"
2025-03-08 18:18:37,277 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "domain_enumeration_commands"
2025-03-08 18:18:37,277 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "andromut_mutexes"
2025-03-08 18:18:37,277 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "downloader_cabby"
2025-03-08 18:18:37,277 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "phorpiex_mutexes"
2025-03-08 18:18:37,277 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "protonbot_mutexes"
2025-03-08 18:18:37,278 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "driver_filtermanager"
2025-03-08 18:18:37,278 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dropper"
2025-03-08 18:18:37,278 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dll_archive_execution"
2025-03-08 18:18:37,278 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "lnk_archive_execution"
2025-03-08 18:18:37,278 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "script_archive_execution"
2025-03-08 18:18:37,278 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "excel4_macro_urls"
2025-03-08 18:18:37,278 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "escalate_privilege_via_ntlm_relay"
2025-03-08 18:18:37,278 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "spooler_access"
2025-03-08 18:18:37,278 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "spooler_svc_start"
2025-03-08 18:18:37,278 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "mapped_drives_uac"
2025-03-08 18:18:37,278 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "hides_recycle_bin_icon"
2025-03-08 18:18:37,278 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "apocalypse_stealer_file_behavior"
2025-03-08 18:18:37,279 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "arkei_files"
2025-03-08 18:18:37,279 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "azorult_mutexes"
2025-03-08 18:18:37,279 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_bitcoin"
2025-03-08 18:18:37,279 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptbot_files"
2025-03-08 18:18:37,280 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "echelon_files"
2025-03-08 18:18:37,280 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_ftp"
2025-03-08 18:18:37,281 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_im"
2025-03-08 18:18:37,281 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_mail"
2025-03-08 18:18:37,281 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "masslogger_files"
2025-03-08 18:18:37,282 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "poullight_files"
2025-03-08 18:18:37,282 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "purplewave_mutexes"
2025-03-08 18:18:37,282 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "quilclipper_mutexes"
2025-03-08 18:18:37,282 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_files"
2025-03-08 18:18:37,282 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "qulab_mutexes"
2025-03-08 18:18:37,282 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "asyncrat_mutex"
2025-03-08 18:18:37,282 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Evade_Execution_Via_ASPNet_Compiler"
2025-03-08 18:18:37,283 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Evade_Execute_Via_DeviceCredentialDeployment"
2025-03-08 18:18:37,283 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Evade_Execution_Via_Filter_Manager_Control"
2025-03-08 18:18:37,283 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Evade_Execution_Via_Intel_GFXDownloadWrapper"
2025-03-08 18:18:37,283 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_binary_via_appvlp"
2025-03-08 18:18:37,283 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_binary_via_pcalua"
2025-03-08 18:18:37,283 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Execute_Binary_Via_OpenSSH"
2025-03-08 18:18:37,283 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_binary_via_pcalua"
2025-03-08 18:18:37,283 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Execute_Binary_Via_PesterPSModule"
2025-03-08 18:18:37,283 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Execute_Binary_Via_ScriptRunner"
2025-03-08 18:18:37,283 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_binary_via_ttdinject"
2025-03-08 18:18:37,283 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Execute_Binary_Via_VisualStudioLiveShare"
2025-03-08 18:18:37,283 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Execute_Msiexec_Via_Explorer"
2025-03-08 18:18:37,283 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_remote_msi"
2025-03-08 18:18:37,283 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_suspicious_powershell_via_runscripthelper"
2025-03-08 18:18:37,284 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "execute_suspicious_powershell_via_sqlps"
2025-03-08 18:18:37,284 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Indirect_Command_Execution_Via_ConsoleWindowHost"
2025-03-08 18:18:37,284 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Perform_Malicious_Activities_Via_Headless_Browser"
2025-03-08 18:18:37,284 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Register_DLL_Via_CertOC"
2025-03-08 18:18:37,284 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Register_DLL_Via_MSIEXEC"
2025-03-08 18:18:37,284 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Register_DLL_Via_Odbcconf"
2025-03-08 18:18:37,284 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "Scriptlet_Proxy_Execution_Via_Pubprn"
2025-03-08 18:18:37,284 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ie_martian_children"
2025-03-08 18:18:37,284 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_martian_children"
2025-03-08 18:18:37,284 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_icon"
2025-03-08 18:18:37,284 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "masquerade_process_name"
2025-03-08 18:18:37,285 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "mimikatz_modules"
2025-03-08 18:18:37,285 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ms_office_cmd_rce"
2025-03-08 18:18:37,285 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "mount_copy_to_webdav_share"
2025-03-08 18:18:37,285 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "potential_protocol_tunneling_via_legit_utilities"
2025-03-08 18:18:37,285 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "potential_protocol_tunneling_via_qemu"
2025-03-08 18:18:37,285 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_execution_via_dotnet_remoting"
2025-03-08 18:18:37,285 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_clr_usagelog_regkeys"
2025-03-08 18:18:37,285 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_hostfile"
2025-03-08 18:18:37,285 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_oem_information"
2025-03-08 18:18:37,285 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_security_center_warnings"
2025-03-08 18:18:37,286 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_uac_prompt"
2025-03-08 18:18:37,286 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_blockchain"
2025-03-08 18:18:37,286 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_opennic"
2025-03-08 18:18:37,286 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_paste_site"
2025-03-08 18:18:37,286 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_reverse_proxy"
2025-03-08 18:18:37,286 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_temp_file_storage"
2025-03-08 18:18:37,286 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_temp_urldns"
2025-03-08 18:18:37,286 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_url_shortener"
2025-03-08 18:18:37,286 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dns_doh_tls"
2025-03-08 18:18:37,286 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_tld"
2025-03-08 18:18:37,287 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor_service"
2025-03-08 18:18:37,287 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_code_page"
2025-03-08 18:18:37,287 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_addinloading"
2025-03-08 18:18:37,287 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_perfkey"
2025-03-08 18:18:37,287 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro"
2025-03-08 18:18:37,287 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "changes_trust_center_settings"
2025-03-08 18:18:37,287 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_vba_trust_access"
2025-03-08 18:18:37,287 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_autoexecution"
2025-03-08 18:18:37,287 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_ioc"
2025-03-08 18:18:37,287 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_malicious_prediction"
2025-03-08 18:18:37,287 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro_suspicious"
2025-03-08 18:18:37,287 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_aslr_bypass"
2025-03-08 18:18:37,288 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_characterset"
2025-03-08 18:18:37,288 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_anomaly_version"
2025-03-08 18:18:37,288 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_content"
2025-03-08 18:18:37,288 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_embedded_office_file"
2025-03-08 18:18:37,288 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rtf_exploit_static"
2025-03-08 18:18:37,288 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_security"
2025-03-08 18:18:37,288 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_anomalous_feature"
2025-03-08 18:18:37,288 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "office_dde_command"
2025-03-08 18:18:37,288 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_mutex"
2025-03-08 18:18:37,288 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_regkey"
2025-03-08 18:18:37,288 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ads"
2025-03-08 18:18:37,288 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Failed to run signature "persistence_ads": 'files'
2025-03-08 18:18:37,289 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_safeboot"
2025-03-08 18:18:37,289 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ifeo"
2025-03-08 18:18:37,289 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_silent_process_exit"
2025-03-08 18:18:37,289 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_rdp_registry"
2025-03-08 18:18:37,289 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_rdp_shadowing"
2025-03-08 18:18:37,289 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_service"
2025-03-08 18:18:37,289 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Failed to run signature "persistence_service": 'created_services'
2025-03-08 18:18:37,289 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_shim_database"
2025-03-08 18:18:37,289 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powerpool_mutexes"
2025-03-08 18:18:37,290 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_scriptblock_logging"
2025-03-08 18:18:37,290 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_command_suspicious"
2025-03-08 18:18:37,290 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_renamed"
2025-03-08 18:18:37,290 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_reversed"
2025-03-08 18:18:37,290 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_variable_obfuscation"
2025-03-08 18:18:37,290 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "prevents_safeboot"
2025-03-08 18:18:37,290 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cmdline_process_discovery"
2025-03-08 18:18:37,290 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptomix_mutexes"
2025-03-08 18:18:37,290 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dharma_mutexes"
2025-03-08 18:18:37,290 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_extensions"
2025-03-08 18:18:37,292 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_files"
2025-03-08 18:18:37,293 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "fonix_mutexes"
2025-03-08 18:18:37,294 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "gandcrab_mutexes"
2025-03-08 18:18:37,294 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "germanwiper_mutexes"
2025-03-08 18:18:37,294 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_mutexes"
2025-03-08 18:18:37,294 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "medusalocker_regkeys"
2025-03-08 18:18:37,294 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_mutexes"
2025-03-08 18:18:37,294 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "nemty_regkeys"
2025-03-08 18:18:37,294 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "pysa_mutexes"
2025-03-08 18:18:37,294 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_radamant"
2025-03-08 18:18:37,294 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_recyclebin"
2025-03-08 18:18:37,295 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "revil_mutexes"
2025-03-08 18:18:37,295 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_revil_regkey"
2025-03-08 18:18:37,295 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "satan_mutexes"
2025-03-08 18:18:37,295 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "snake_ransom_mutexes"
2025-03-08 18:18:37,295 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransom_mutexes"
2025-03-08 18:18:37,295 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "stop_ransomware_cmd"
2025-03-08 18:18:37,295 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_stopdjvu"
2025-03-08 18:18:37,295 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Failed to run signature "ransomware_stopdjvu": 'NoneType' object is not iterable
2025-03-08 18:18:37,296 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_beebus_mutexes"
2025-03-08 18:18:37,296 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "blacknet_mutexes"
2025-03-08 18:18:37,296 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "blackrat_mutexes"
2025-03-08 18:18:37,296 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "crat_mutexes"
2025-03-08 18:18:37,296 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_files"
2025-03-08 18:18:37,296 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dcrat_mutexes"
2025-03-08 18:18:37,296 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_fynloski_mutexes"
2025-03-08 18:18:37,296 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "karagany_files"
2025-03-08 18:18:37,296 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_mutexes"
2025-03-08 18:18:37,297 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "limerat_regkeys"
2025-03-08 18:18:37,297 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "lodarat_file_behavior"
2025-03-08 18:18:37,297 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "modirat_behavior"
2025-03-08 18:18:37,297 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "njrat_regkeys"
2025-03-08 18:18:37,297 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_files"
2025-03-08 18:18:37,297 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "obliquerat_mutexes"
2025-03-08 18:18:37,297 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "parallax_mutexes"
2025-03-08 18:18:37,297 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_pcclient"
2025-03-08 18:18:37,298 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_plugx_mutexes"
2025-03-08 18:18:37,298 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_poisonivy_mutexes"
2025-03-08 18:18:37,298 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_quasar_mutexes"
2025-03-08 18:18:37,298 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ratsnif_mutexes"
2025-03-08 18:18:37,298 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_senna_mutexes"
2025-03-08 18:18:37,298 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_spynet"
2025-03-08 18:18:37,298 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "venomrat_mutexes"
2025-03-08 18:18:37,298 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_files"
2025-03-08 18:18:37,298 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "warzonerat_regkeys"
2025-03-08 18:18:37,299 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_files"
2025-03-08 18:18:37,299 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "xpertrat_mutexes"
2025-03-08 18:18:37,299 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_xtreme_mutexes"
2025-03-08 18:18:37,299 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_fingerprint"
2025-03-08 18:18:37,299 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_files"
2025-03-08 18:18:37,299 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_mutexes"
2025-03-08 18:18:37,299 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "remcos_regkeys"
2025-03-08 18:18:37,299 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "rdptcp_key"
2025-03-08 18:18:37,300 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_rdp_clip"
2025-03-08 18:18:37,300 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_remote_desktop_session"
2025-03-08 18:18:37,300 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_networking_icon"
2025-03-08 18:18:37,300 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_pinned_programs"
2025-03-08 18:18:37,300 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_security_maintenance_icon"
2025-03-08 18:18:37,300 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_startmenu_defaults"
2025-03-08 18:18:37,300 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_username_startmenu"
2025-03-08 18:18:37,300 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "spicyhotpot_behavior"
2025-03-08 18:18:37,301 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "sniffer_winpcap"
2025-03-08 18:18:37,301 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "spreading_autoruninf"
2025-03-08 18:18:37,301 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hidden_extension"
2025-03-08 18:18:37,301 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hiddenreg"
2025-03-08 18:18:37,301 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hide_notifications"
2025-03-08 18:18:37,301 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_webhistory"
2025-03-08 18:18:37,301 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_psexec"
2025-03-08 18:18:37,301 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "sysinternals_tools"
2025-03-08 18:18:37,302 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "language_check_registry"
2025-03-08 18:18:37,302 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_etw"
2025-03-08 18:18:37,302 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "lsa_tampering"
2025-03-08 18:18:37,302 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "tampers_powershell_logging"
2025-03-08 18:18:37,302 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "targeted_flame"
2025-03-08 18:18:37,302 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "territorial_disputes_sigs"
2025-03-08 18:18:37,303 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "trickbot_mutex"
2025-03-08 18:18:37,303 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "fleercivet_mutex"
2025-03-08 18:18:37,303 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "lokibot_mutexes"
2025-03-08 18:18:37,303 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "ursnif_behavior"
2025-03-08 18:18:37,304 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "upatre_files"
2025-03-08 18:18:37,304 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "upatre_files"
2025-03-08 18:18:37,304 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_adfind"
2025-03-08 18:18:37,304 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_ms_protocol"
2025-03-08 18:18:37,304 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "neshta_mutexes"
2025-03-08 18:18:37,304 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "renamer_mutexes"
2025-03-08 18:18:37,304 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "owa_web_shell_files"
2025-03-08 18:18:37,304 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_files"
2025-03-08 18:18:37,304 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "web_shell_processes"
2025-03-08 18:18:37,304 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "dotnet_csc_build"
2025-03-08 18:18:37,305 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "mavinject_lolbin"
2025-03-08 18:18:37,305 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "multiple_explorer_instances"
2025-03-08 18:18:37,305 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "script_tool_executed"
2025-03-08 18:18:37,305 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_certutil_use"
2025-03-08 18:18:37,305 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_command_tools"
2025-03-08 18:18:37,305 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_mpcmdrun_use"
2025-03-08 18:18:37,305 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "suspicious_ping_use"
2025-03-08 18:18:37,305 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_powershell_copyitem"
2025-03-08 18:18:37,305 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities"
2025-03-08 18:18:37,305 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_appcmd"
2025-03-08 18:18:37,305 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_csvde_ldifde"
2025-03-08 18:18:37,305 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_cipher"
2025-03-08 18:18:37,305 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_clickonce"
2025-03-08 18:18:37,306 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_curl"
2025-03-08 18:18:37,306 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_dsquery"
2025-03-08 18:18:37,306 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_esentutl"
2025-03-08 18:18:37,306 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_finger"
2025-03-08 18:18:37,306 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_mode"
2025-03-08 18:18:37,306 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_ntdsutil"
2025-03-08 18:18:37,306 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_nltest"
2025-03-08 18:18:37,306 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "uses_windows_utilities_xcopy"
2025-03-08 18:18:37,306 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "wmic_command_suspicious"
2025-03-08 18:18:37,306 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "scrcons_wmi_script_consumer"
2025-03-08 18:18:37,306 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Running signature "allaple_mutexes"
2025-03-08 18:18:37,307 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "BinGraph"
2025-03-08 18:18:37,307 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "PCAP2CERT"
2025-03-08 18:18:37,307 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTML"
2025-03-08 18:18:37,329 [Task 23] [modules.reporting.reporthtml] ERROR: Failed to generate summary HTML report: 'dict object' has no attribute 'target'
Traceback (most recent call last):
  File "/opt/CAPEv2/utils/../modules/reporting/reporthtml.py", line 85, in run
    html = tpl.render({"results": results, "summary_report": False})
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 1295, in render
    self.environment.handle_exception()
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 942, in handle_exception
    raise rewrite_traceback_stack(source=source)
  File "/opt/CAPEv2/data/html/report.html", line 1, in top-level template code
    {% extends "base-report.html" %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/base-report.html", line 67, in top-level template code
    {% block content %}{% endblock %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/report.html", line 6, in block 'content'
    {% include "sections/file.html" %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/sections/file.html", line 16, in top-level template code
    {% if results.target.file %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 490, in getattr
    return getattr(obj, attribute)
           ^^^^^^^^^^^^^^^^^^^^^^^
jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'target'
2025-03-08 18:18:37,330 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTMLSummary"
2025-03-08 18:18:37,350 [Task 23] [modules.reporting.reporthtmlsummary] ERROR: Failed to generate summary HTML report: 'dict object' has no attribute 'target'
Traceback (most recent call last):
  File "/opt/CAPEv2/utils/../modules/reporting/reporthtmlsummary.py", line 95, in run
    html = tpl.render({"results": results, "summary_report": True})
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 1295, in render
    self.environment.handle_exception()
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 942, in handle_exception
    raise rewrite_traceback_stack(source=source)
  File "/opt/CAPEv2/data/html/report.html", line 1, in top-level template code
    {% extends "base-report.html" %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/base-report.html", line 67, in top-level template code
    {% block content %}{% endblock %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/report.html", line 6, in block 'content'
    {% include "sections/file.html" %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/CAPEv2/data/html/sections/file.html", line 16, in top-level template code
    {% if results.target.file %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 490, in getattr
    return getattr(obj, attribute)
           ^^^^^^^^^^^^^^^^^^^^^^^
jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'target'
2025-03-08 18:18:37,351 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "JsonDump"
2025-03-08 18:18:37,352 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportPDF"
2025-03-08 18:18:37,352 [Task 23] [lib.cuckoo.core.plugins] WARNING: The reporting module "ReportPDF" returned the following error: Unable to open summary HTML report to convert to PDF: Ensure reporthtmlsummary is enabled in reporting.conf
2025-03-08 18:18:37,352 [Task 23] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MongoDB"
2025-03-08 18:18:37,358 [Task 23] [modules.reporting.mongodb] DEBUG: Deleted previous MongoDB data for Task 23
2025-03-08 18:18:37,408 [Task 23] [root] DEBUG: Finished processing task

[tionosaja]

Sorry for the late update,

I have tried reinstalling on Ubuntu 22.04 and 24.04.

The status on Ubuntu 22.04 is failed_reporting and when I run the poetry run python utils/process.py -r 37 -d command, the report is successfully generated.

Normal log if running process from web

normal_log_22.txt

log from poetry run python utils/process.py -r 37 -d

log_from_poetry_22.txt

Meanwhile, on Ubuntu 24.04, failed_reporting occurs, and when I run the poetry run python utils/process.py -r 37 -d command, the report still fails.

Normal log if running process from web

normal_log_24.txt

log from poetry run python utils/process.py -r 2 -d

log_from_poetry_24.txt

[doomedraven]

hello, thats interesting, i have both servers version in run but didn't face it. can you add some debugging inside ofmodules/processing/CAPE.py as is where the target. just before return self.cape line 381, add print("target is: ", self.cape.get("target"))

[tionosaja]

After add print("target is: ", self.cape.get("target"))

2025-03-11 08:33:42,020 [Task 38] [modules.reporting.reporthtml] ERROR: Failed to generate summary HTML report: 'dict object' has no attribute 'target'
Traceback (most recent call last):
  File "/opt/CAPEv2/utils/../modules/reporting/reporthtml.py", line 85, in run
    html = tpl.render({"results": results, "summary_report": False})
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/jinja2/environment.py", line 1295, in render
    self.environment.handle_exception()
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/jinja2/environment.py", line 942, in handle_exception
    raise rewrite_traceback_stack(source=source)
  File "/opt/CAPEv2/data/html/report.html", line 1, in top-level template code
    {% extends "base-report.html" %}
  File "/opt/CAPEv2/data/html/base-report.html", line 67, in top-level template code
    {% block content %}{% endblock %}
  File "/opt/CAPEv2/data/html/report.html", line 6, in block 'content'
    {% include "sections/file.html" %}
  File "/opt/CAPEv2/data/html/sections/file.html", line 16, in top-level template code
    {% if results.target.file %}
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/jinja2/environment.py", line 490, in getattr
    return getattr(obj, attribute)
jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'target'
2025-03-11 08:33:42,021 [Task 38] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTMLSummary"
2025-03-11 08:33:42,042 [Task 38] [modules.reporting.reporthtmlsummary] ERROR: Failed to generate summary HTML report: 'dict object' has no attribute 'target'
Traceback (most recent call last):
  File "/opt/CAPEv2/utils/../modules/reporting/reporthtmlsummary.py", line 95, in run
    html = tpl.render({"results": results, "summary_report": True})
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/jinja2/environment.py", line 1295, in render
    self.environment.handle_exception()
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/jinja2/environment.py", line 942, in handle_exception
    raise rewrite_traceback_stack(source=source)
  File "/opt/CAPEv2/data/html/report.html", line 1, in top-level template code
    {% extends "base-report.html" %}
  File "/opt/CAPEv2/data/html/base-report.html", line 67, in top-level template code
    {% block content %}{% endblock %}
  File "/opt/CAPEv2/data/html/report.html", line 6, in block 'content'
    {% include "sections/file.html" %}
  File "/opt/CAPEv2/data/html/sections/file.html", line 16, in top-level template code
    {% if results.target.file %}
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/jinja2/environment.py", line 490, in getattr
    return getattr(obj, attribute)
jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'target'
2025-03-11 08:33:42,042 [Task 38] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "JsonDump"
2025-03-11 08:33:42,043 [Task 38] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportPDF"
2025-03-11 08:33:42,043 [Task 38] [lib.cuckoo.core.plugins] WARNING: The reporting module "ReportPDF" returned the following error: Unable to open summary HTML report to convert to PDF: Ensure reporthtmlsummary is enabled in reporting.conf
2025-03-11 08:33:42,043 [Task 38] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MongoDB"
2025-03-11 08:33:42,050 [Task 38] [modules.reporting.mongodb] DEBUG: Deleted previous MongoDB data for Task 38
2025-03-11 08:33:42,150 [Task 38] [root] DEBUG: Finished processing task

[doomedraven]

It should be printed before, as the log is for reporting part, not processing, so you don't see it right? CAPE is enabled in processing.conf?

[tionosaja]

CAPE is disabled in processing.conf

[doomedraven]

thats explains it, CAPE must be on, without it it won't work and most of the stuff will just fail

[tionosaja]

The same error occurs even though 'CAPE' has been enabled.

2025-03-11 09:04:47,934 [Task 38] [modules.reporting.reporthtml] ERROR: Failed to generate summary HTML report: 'dict object' has no attribute 'target'
Traceback (most recent call last):
  File "/opt/CAPEv2/utils/../modules/reporting/reporthtml.py", line 85, in run
    html = tpl.render({"results": results, "summary_report": False})
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/jinja2/environment.py", line 1295, in render
    self.environment.handle_exception()
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/jinja2/environment.py", line 942, in handle_exception
    raise rewrite_traceback_stack(source=source)
  File "/opt/CAPEv2/data/html/report.html", line 1, in top-level template code
    {% extends "base-report.html" %}
  File "/opt/CAPEv2/data/html/base-report.html", line 67, in top-level template code
    {% block content %}{% endblock %}
  File "/opt/CAPEv2/data/html/report.html", line 6, in block 'content'
    {% include "sections/file.html" %}
  File "/opt/CAPEv2/data/html/sections/file.html", line 16, in top-level template code
    {% if results.target.file %}
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/jinja2/environment.py", line 490, in getattr
    return getattr(obj, attribute)
jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'target'
2025-03-11 09:04:47,934 [Task 38] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTMLSummary"
2025-03-11 09:04:47,957 [Task 38] [modules.reporting.reporthtmlsummary] ERROR: Failed to generate summary HTML report: 'dict object' has no attribute 'target'
Traceback (most recent call last):
  File "/opt/CAPEv2/utils/../modules/reporting/reporthtmlsummary.py", line 95, in run
    html = tpl.render({"results": results, "summary_report": True})
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/jinja2/environment.py", line 1295, in render
    self.environment.handle_exception()
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/jinja2/environment.py", line 942, in handle_exception
    raise rewrite_traceback_stack(source=source)
  File "/opt/CAPEv2/data/html/report.html", line 1, in top-level template code
    {% extends "base-report.html" %}
  File "/opt/CAPEv2/data/html/base-report.html", line 67, in top-level template code
    {% block content %}{% endblock %}
  File "/opt/CAPEv2/data/html/report.html", line 6, in block 'content'
    {% include "sections/file.html" %}
  File "/opt/CAPEv2/data/html/sections/file.html", line 16, in top-level template code
    {% if results.target.file %}
  File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/jinja2/environment.py", line 490, in getattr
    return getattr(obj, attribute)
jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'target'
2025-03-11 09:04:47,957 [Task 38] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "JsonDump"
2025-03-11 09:04:47,958 [Task 38] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportPDF"
2025-03-11 09:04:47,958 [Task 38] [lib.cuckoo.core.plugins] WARNING: The reporting module "ReportPDF" returned the following error: Unable to open summary HTML report to convert to PDF: Ensure reporthtmlsummary is enabled in reporting.conf
2025-03-11 09:04:47,958 [Task 38] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MongoDB"
2025-03-11 09:04:47,964 [Task 38] [modules.reporting.mongodb] DEBUG: Deleted previous MongoDB data for Task 38
2025-03-11 09:04:48,033 [Task 38] [root] DEBUG: Finished processing task

[doomedraven]

but you still not see the print that you added right? even if it would be empty, it should just print initial part

[autozeitung]

@doomedraven Hi, I also face the same issue. However, it's apparently not only the PDF Report, but every Report that fails to be generated. I also made sure to not miss anything, but for some reason non of the reports are working. Regardless whether its JSON; PDF, HTML HTML-Summary etc etc. I'm running CAPE on an Ubuntu 24.04.

Apr 14 12:14:00 sandbox-VirtualBox poetry[29933]: 2025-04-14 14:14:00,965 [lib.cuckoo.core.analysis_manager] ERROR: Task #16: Machine win10: the guest initialization hit the critical timeout, analysis aborted
Apr 14 12:14:00 sandbox-VirtualBox poetry[29933]: Traceback (most recent call last):
Apr 14 12:14:00 sandbox-VirtualBox poetry[29933]: File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 452, in perform_analysis
Apr 14 12:14:00 sandbox-VirtualBox poetry[29933]: self.run_analysis_on_guest()
Apr 14 12:14:00 sandbox-VirtualBox poetry[29933]: File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 418, in run_analysis_on_guest
Apr 14 12:14:00 sandbox-VirtualBox poetry[29933]: guest_manager.start_analysis(options)
Apr 14 12:14:00 sandbox-VirtualBox poetry[29933]: File "/opt/CAPEv2/lib/cuckoo/core/guest.py", line 253, in start_analysis
Apr 14 12:14:00 sandbox-VirtualBox poetry[29933]: self.wait_available()
Apr 14 12:14:00 sandbox-VirtualBox poetry[29933]: File "/opt/CAPEv2/lib/cuckoo/core/guest.py", line 162, in wait_available
Apr 14 12:14:00 sandbox-VirtualBox poetry[29933]: raise CuckooGuestCriticalTimeout(
Apr 14 12:14:00 sandbox-VirtualBox poetry[29933]: lib.cuckoo.common.exceptions.CuckooGuestCriticalTimeout: Machine win10: the guest initialization hit the critical timeout, analysis aborted
Apr 14 12:14:00 sandbox-VirtualBox kernel: virbr0: left promiscuous mode
Apr 14 12:14:01 sandbox-VirtualBox sudo[33491]: pam_unix(sudo:session): session closed for user root
Apr 14 12:14:01 sandbox-VirtualBox poetry[29933]: 2025-04-14 14:14:01,112 [lib.cuckoo.core.analysis_manager] INFO: Task #16: Disabled route 'internet'
Apr 14 12:14:01 sandbox-VirtualBox kernel: virbr0: port 1(vnet12) entered disabled state
Apr 14 12:14:01 sandbox-VirtualBox kernel: vnet12 (unregistering): left allmulticast mode
Apr 14 12:14:01 sandbox-VirtualBox kernel: vnet12 (unregistering): left promiscuous mode
Apr 14 12:14:01 sandbox-VirtualBox kernel: virbr0: port 1(vnet12) entered disabled state
Apr 14 12:14:01 sandbox-VirtualBox NetworkManager[1332]: [1744632841.1272] device (vnet12): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed')
Apr 14 12:14:01 sandbox-VirtualBox NetworkManager[1332]: [1744632841.1275] device (vnet12): released from master device virbr0
Apr 14 12:14:01 sandbox-VirtualBox dbus-daemon[1227]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.12' (uid=0 pid=1332 comm="/usr/sbin/NetworkManager --no-daemon" label="unconfined")
Apr 14 12:14:01 sandbox-VirtualBox systemd[1]: Starting NetworkManager-dispatcher.service - Network Manager Script Dispatcher Service...
Apr 14 12:14:01 sandbox-VirtualBox dbus-daemon[1227]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Apr 14 12:14:01 sandbox-VirtualBox systemd[1]: Started NetworkManager-dispatcher.service - Network Manager Script Dispatcher Service.
Apr 14 12:14:02 sandbox-VirtualBox poetry[29933]: libvirt: Domain Config error : Requested operation is not valid: domain is not running
Apr 14 12:14:02 sandbox-VirtualBox poetry[29933]: libvirt: I/O Stream Utils error : this function is not supported by the connection driver: virStreamFinish
Apr 14 12:14:02 sandbox-VirtualBox poetry[29933]: 2025-04-14 14:14:02,002 [modules.auxiliary.QemuScreenshots] ERROR: Cannot take screenshot: this function is not supported by the connection driver: virStreamFinish
Apr 14 12:14:02 sandbox-VirtualBox tracker-miner-fs-3[53684]: (tracker-extract-3:53684): GLib-GIO-WARNING **: 14:14:02.030: Error creating IO channel for /proc/self/mountinfo: Invalid argument (g-io-error-quark, 13)
Apr 14 12:14:02 sandbox-VirtualBox poetry[29933]: 2025-04-14 14:14:02,031 [lib.cuckoo.core.analysis_manager] INFO: Task #16: Completed analysis unsuccessfully.
Apr 14 12:14:02 sandbox-VirtualBox poetry[29933]: 2025-04-14 14:14:02,033 [lib.cuckoo.core.analysis_manager] INFO: Task #16: analysis procedure completed
Apr 14 12:14:02 sandbox-VirtualBox ntpd[1865]: IO: Deleting interface #18 virbr0, 192.168.122.1#123, interface stats: received=0, sent=0, dropped=0, active_time=2611 secs
Apr 14 12:14:05 sandbox-VirtualBox poetry[19375]: 2025-04-14 12:14:05,092 [root] INFO: Processing analysis data for Task #16
Apr 14 12:14:05 sandbox-VirtualBox mongodb[1757]: {"t":{"$date":"2025-04-14T12:14:05.550+00:00"},"s":"I", "c":"WTCHKPT", "id":22430, "ctx":"Checkpointer","msg":"WiredTiger message","attr":{"message":{"ts_sec":1744632845,"ts_usec":550308,"thread":"1757:0x797e4d7cd6c0","session_name":"WT_SESSION.checkpoint","category":"WT_VERB_CHECKPOINT_PROGRESS","category_id":7,"verbose_level":"DEBUG_1","verbose_level_id":1,"msg":"saving checkpoint snapshot min: 664, snapshot max: 664 snapshot count: 0, oldest timestamp: (0, 0) , meta checkpoint timestamp: (0, 0) base write gen: 119"}}}
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: 2025-04-14 12:14:05,874 [Task 16] [lib.cuckoo.common.integrations.virustotal] ERROR: VT: Request failed
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: --- Logging error ---
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/logging/init.py", line 1163, in emit
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: stream.write(msg + self.terminator)
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: ValueError: I/O operation on closed file.
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: Call stack:
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 689, in
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: main()
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 613, in main
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: autoprocess(
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 442, in autoprocess
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: future = pool.schedule(process, args, kwargs, timeout=processing_timeout)
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 105, in schedule
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: self._check_pool_status()
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 94, in _check_pool_status
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: self._update_pool_status()
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 103, in _update_pool_status
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: self._start_pool()
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 70, in _start_pool
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: self._pool_manager.start()
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 209, in start
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: self.worker_manager.create_workers()
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 387, in create_workers
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: self.new_worker()
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 399, in new_worker
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: worker = launch_process(
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 41, in launch_process
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: process.start()
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 121, in start
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: self._popen = self._Popen(self)
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 224, in _Popen
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: return _default_context.get_context().Process._Popen(process_obj)
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 282, in _Popen
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: return Popen(process_obj)
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 19, in init
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: self._launch(process_obj)
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 71, in _launch
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: code = process_obj._bootstrap(parent_sentinel=child_r)
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 314, in _bootstrap
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: self.run()
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 108, in run
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: self._target(*self._args, **self._kwargs)
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 433, in worker_process
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: result = process_execute(
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 65, in process_execute
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: return Result(ResultStatus.SUCCESS, function(*args, **kwargs))
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 141, in process
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: RunProcessing(task=task_dict, results=results).run()
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 352, in run
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: result = self.process(module)
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 318, in process
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: data = current.run()
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/processing/CAPE.py", line 365, in run
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: self.process_file(
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/processing/CAPE.py", line 198, in process_file
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: static_file_info(
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/common/integrations/file_extra_info.py", line 264, in static_file_info
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: vt_details = vt_lookup("file", file_path, results)
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/common/integrations/virustotal.py", line 232, in vt_lookup
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: log.error("VT: Request failed")
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: Message: 'VT: Request failed'
Apr 14 12:14:05 sandbox-VirtualBox poetry[20295]: Arguments: ()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: 2025-04-14 14:14:06,516 [Task 16] [modules.processing.behavior] WARNING: Analysis results folder does not exist at path "/opt/CAPEv2/storage/analyses/16/logs"
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: --- Logging error ---
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/logging/handlers.py", line 74, in emit
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.doRollover()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 229, in doRollover
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.stream.flush()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ValueError: I/O operation on closed file.
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Call stack:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 689, in
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: main()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 613, in main
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: autoprocess(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 442, in autoprocess
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: future = pool.schedule(process, args, kwargs, timeout=processing_timeout)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 105, in schedule
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._check_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 94, in _check_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._update_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 103, in _update_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._start_pool()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 70, in _start_pool
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._pool_manager.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 209, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.worker_manager.create_workers()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 387, in create_workers
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.new_worker()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 399, in new_worker
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: worker = launch_process(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 41, in launch_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: process.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 121, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._popen = self._Popen(self)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 224, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return _default_context.get_context().Process._Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 282, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 19, in init
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._launch(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 71, in _launch
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: code = process_obj._bootstrap(parent_sentinel=child_r)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 314, in _bootstrap
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 108, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._target(*self._args, **self._kwargs)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 433, in worker_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: result = process_execute(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 65, in process_execute
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Result(ResultStatus.SUCCESS, function(*args, **kwargs))
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 141, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: RunProcessing(task=task_dict, results=results).run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 352, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: result = self.process(module)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 318, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: data = current.run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/processing/behavior.py", line 1219, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: log.warning('Analysis results folder does not exist at path "%s"', self.logs_path)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Message: 'Analysis results folder does not exist at path "%s"'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Arguments: ('/opt/CAPEv2/storage/analyses/16/logs',)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: 2025-04-14 14:14:06,521 [Task 16] [modules.processing.suricata] WARNING: Suricata: Failed to find usable Suricata log file
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: --- Logging error ---
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/logging/handlers.py", line 74, in emit
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.doRollover()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 229, in doRollover
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.stream.flush()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ValueError: I/O operation on closed file.
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Call stack:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 689, in
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: main()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 613, in main
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: autoprocess(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 442, in autoprocess
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: future = pool.schedule(process, args, kwargs, timeout=processing_timeout)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 105, in schedule
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._check_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 94, in _check_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._update_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 103, in _update_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._start_pool()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 70, in _start_pool
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._pool_manager.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 209, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.worker_manager.create_workers()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 387, in create_workers
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.new_worker()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 399, in new_worker
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: worker = launch_process(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 41, in launch_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: process.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 121, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._popen = self._Popen(self)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 224, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return _default_context.get_context().Process._Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 282, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 19, in init
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._launch(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 71, in _launch
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: code = process_obj._bootstrap(parent_sentinel=child_r)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 314, in _bootstrap
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 108, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._target(*self._args, **self._kwargs)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 433, in worker_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: result = process_execute(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 65, in process_execute
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Result(ResultStatus.SUCCESS, function(*args, **kwargs))
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 141, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: RunProcessing(task=task_dict, results=results).run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 352, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: result = self.process(module)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 318, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: data = current.run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/processing/suricata.py", line 225, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: log.warning("Suricata: Failed to find usable Suricata log file")
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Message: 'Suricata: Failed to find usable Suricata log file'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Arguments: ()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: 2025-04-14 14:14:06,523 [Task 16] [lib.cuckoo.core.plugins] INFO: Logs folder doesn't exist, maybe something with with analyzer folder, any change?
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: --- Logging error ---
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/logging/handlers.py", line 74, in emit
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.doRollover()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 229, in doRollover
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.stream.flush()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ValueError: I/O operation on closed file.
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Call stack:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 689, in
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: main()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 613, in main
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: autoprocess(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 442, in autoprocess
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: future = pool.schedule(process, args, kwargs, timeout=processing_timeout)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 105, in schedule
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._check_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 94, in _check_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._update_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 103, in _update_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._start_pool()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 70, in _start_pool
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._pool_manager.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 209, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.worker_manager.create_workers()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 387, in create_workers
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.new_worker()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 399, in new_worker
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: worker = launch_process(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 41, in launch_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: process.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 121, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._popen = self._Popen(self)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 224, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return _default_context.get_context().Process._Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 282, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 19, in init
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._launch(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 71, in _launch
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: code = process_obj._bootstrap(parent_sentinel=child_r)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 314, in _bootstrap
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 108, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._target(*self._args, **self._kwargs)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 433, in worker_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: result = process_execute(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 65, in process_execute
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Result(ResultStatus.SUCCESS, function(*args, **kwargs))
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 141, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: RunProcessing(task=task_dict, results=results).run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 384, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: log.info("Logs folder doesn't exist, maybe something with with analyzer folder, any change?")
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Message: "Logs folder doesn't exist, maybe something with with analyzer folder, any change?"
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Arguments: ()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: 2025-04-14 14:14:06,604 [Task 16] [lib.cuckoo.core.plugins] WARNING: The reporting module "MAEC41Report" has missing dependencies: Unable to import cybox (install with pip3 install cybox)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: --- Logging error ---
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 869, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: current.run(self.results)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/reporting/maec41.py", line 2787, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: raise CuckooDependencyError("Unable to import cybox (install with pip3 install cybox)")
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: lib.cuckoo.common.exceptions.CuckooDependencyError: Unable to import cybox (install with pip3 install cybox)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: During handling of the above exception, another exception occurred:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/logging/handlers.py", line 74, in emit
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.doRollover()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 229, in doRollover
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.stream.flush()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ValueError: I/O operation on closed file.
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Call stack:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 689, in
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: main()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 613, in main
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: autoprocess(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 442, in autoprocess
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: future = pool.schedule(process, args, kwargs, timeout=processing_timeout)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 105, in schedule
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._check_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 94, in _check_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._update_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 103, in _update_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._start_pool()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 70, in _start_pool
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._pool_manager.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 209, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.worker_manager.create_workers()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 387, in create_workers
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.new_worker()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 399, in new_worker
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: worker = launch_process(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 41, in launch_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: process.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 121, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._popen = self._Popen(self)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 224, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return _default_context.get_context().Process._Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 282, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 19, in init
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._launch(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 71, in _launch
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: code = process_obj._bootstrap(parent_sentinel=child_r)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 314, in _bootstrap
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 108, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._target(*self._args, **self._kwargs)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 433, in worker_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: result = process_execute(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 65, in process_execute
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Result(ResultStatus.SUCCESS, function(*args, **kwargs))
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 157, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: error_count = RunReporting(task=task.to_dict(), results=results, reprocess=reprocess).run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 906, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.process(module)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 879, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: log.warning('The reporting module "%s" has missing dependencies: %s', current.class.name, e)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Message: 'The reporting module "%s" has missing dependencies: %s'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Arguments: ('MAEC41Report', CuckooDependencyError('Unable to import cybox (install with pip3 install cybox)'))
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: 2025-04-14 14:14:06,605 [Task 16] [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "MaecReport": 'NoneType' object has no attribute 'enterprise'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 869, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: current.run(self.results)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/reporting/maec5.py", line 188, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.add_mitre_attack(results)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/reporting/maec5.py", line 722, in add_mitre_attack
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: for tactic in self.mitre.enterprise.tactics:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: AttributeError: 'NoneType' object has no attribute 'enterprise'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: --- Logging error ---
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 869, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: current.run(self.results)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/reporting/maec5.py", line 188, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.add_mitre_attack(results)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/reporting/maec5.py", line 722, in add_mitre_attack
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: for tactic in self.mitre.enterprise.tactics:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: AttributeError: 'NoneType' object has no attribute 'enterprise'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: During handling of the above exception, another exception occurred:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/logging/handlers.py", line 74, in emit
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.doRollover()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 229, in doRollover
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.stream.flush()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ValueError: I/O operation on closed file.
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Call stack:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 689, in
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: main()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 613, in main
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: autoprocess(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 442, in autoprocess
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: future = pool.schedule(process, args, kwargs, timeout=processing_timeout)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 105, in schedule
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._check_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 94, in _check_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._update_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 103, in _update_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._start_pool()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 70, in _start_pool
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._pool_manager.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 209, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.worker_manager.create_workers()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 387, in create_workers
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.new_worker()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 399, in new_worker
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: worker = launch_process(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 41, in launch_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: process.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 121, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._popen = self._Popen(self)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 224, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return _default_context.get_context().Process._Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 282, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 19, in init
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._launch(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 71, in _launch
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: code = process_obj._bootstrap(parent_sentinel=child_r)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 314, in _bootstrap
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 108, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._target(*self._args, **self._kwargs)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 433, in worker_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: result = process_execute(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 65, in process_execute
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Result(ResultStatus.SUCCESS, function(*args, **kwargs))
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 157, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: error_count = RunReporting(task=task.to_dict(), results=results, reprocess=reprocess).run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 906, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.process(module)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 885, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: log.exception('Failed to run the reporting module "%s": %s', current.class.name, e)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Message: 'Failed to run the reporting module "%s": %s'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Arguments: ('MaecReport', AttributeError("'NoneType' object has no attribute 'enterprise'"))
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: 2025-04-14 14:14:06,607 [Task 16] [mitre] ERROR: ('Mitre', AttributeError("'NoneType' object has no attribute 'enterprise'"))
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: --- Logging error ---
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/common/integrations/mitre.py", line 21, in mitre_generate_attck
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: for technique in mitre.enterprise.techniques:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: AttributeError: 'NoneType' object has no attribute 'enterprise'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: During handling of the above exception, another exception occurred:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/logging/handlers.py", line 74, in emit
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.doRollover()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 229, in doRollover
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.stream.flush()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ValueError: I/O operation on closed file.
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Call stack:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 689, in
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: main()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 613, in main
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: autoprocess(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 442, in autoprocess
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: future = pool.schedule(process, args, kwargs, timeout=processing_timeout)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 105, in schedule
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._check_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 94, in _check_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._update_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 103, in _update_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._start_pool()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 70, in _start_pool
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._pool_manager.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 209, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.worker_manager.create_workers()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 387, in create_workers
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.new_worker()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 399, in new_worker
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: worker = launch_process(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 41, in launch_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: process.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 121, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._popen = self._Popen(self)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 224, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return _default_context.get_context().Process._Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 282, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 19, in init
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._launch(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 71, in _launch
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: code = process_obj._bootstrap(parent_sentinel=child_r)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 314, in _bootstrap
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 108, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._target(*self._args, **self._kwargs)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 433, in worker_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: result = process_execute(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 65, in process_execute
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Result(ResultStatus.SUCCESS, function(*args, **kwargs))
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 157, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: error_count = RunReporting(task=task.to_dict(), results=results, reprocess=reprocess).run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 906, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.process(module)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 869, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: current.run(self.results)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/reporting/mitre.py", line 18, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: attck = mitre_generate_attck(results, self.mitre)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/common/integrations/mitre.py", line 37, in mitre_generate_attck
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: log.error(("Mitre", e))
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Message: ('Mitre', AttributeError("'NoneType' object has no attribute 'enterprise'"))
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Arguments: ()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: 2025-04-14 14:14:06,658 [Task 16] [modules.reporting.reporthtml] ERROR: Failed to generate summary HTML report: 'dict object' has no attribute 'summary'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/reporting/reporthtml.py", line 85, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: html = tpl.render({"results": results, "summary_report": False})
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 1295, in render
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.environment.handle_exception()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 942, in handle_exception
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: raise rewrite_traceback_stack(source=source)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/data/html/report.html", line 1, in top-level template code
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: {% extends "base-report.html" %}
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/data/html/base-report.html", line 67, in top-level template code
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: {% block content %}{% endblock %}
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/data/html/report.html", line 16, in block 'content'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: {% include "sections/behavior.html" %}
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/data/html/sections/behavior.html", line 163, in top-level template code
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: {% if results.behavior.summary.files %}
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 490, in getattr
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return getattr(obj, attribute)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'summary'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: --- Logging error ---
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/reporting/reporthtml.py", line 85, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: html = tpl.render({"results": results, "summary_report": False})
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 1295, in render
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.environment.handle_exception()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 942, in handle_exception
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: raise rewrite_traceback_stack(source=source)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/data/html/report.html", line 1, in top-level template code
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: {% extends "base-report.html" %}
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/data/html/base-report.html", line 67, in top-level template code
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: {% block content %}{% endblock %}
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/data/html/report.html", line 16, in block 'content'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: {% include "sections/behavior.html" %}
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/data/html/sections/behavior.html", line 163, in top-level template code
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: {% if results.behavior.summary.files %}
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 490, in getattr
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return getattr(obj, attribute)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'summary'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: During handling of the above exception, another exception occurred:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/logging/handlers.py", line 74, in emit
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.doRollover()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 229, in doRollover
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.stream.flush()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ValueError: I/O operation on closed file.
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Call stack:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 689, in
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: main()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 613, in main
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: autoprocess(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 442, in autoprocess
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: future = pool.schedule(process, args, kwargs, timeout=processing_timeout)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 105, in schedule
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._check_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 94, in _check_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._update_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 103, in _update_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._start_pool()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 70, in _start_pool
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._pool_manager.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 209, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.worker_manager.create_workers()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 387, in create_workers
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.new_worker()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 399, in new_worker
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: worker = launch_process(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 41, in launch_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: process.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 121, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._popen = self._Popen(self)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 224, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return _default_context.get_context().Process._Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 282, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 19, in init
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._launch(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 71, in _launch
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: code = process_obj._bootstrap(parent_sentinel=child_r)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 314, in _bootstrap
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 108, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._target(*self._args, **self._kwargs)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 433, in worker_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: result = process_execute(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 65, in process_execute
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Result(ResultStatus.SUCCESS, function(*args, **kwargs))
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 157, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: error_count = RunReporting(task=task.to_dict(), results=results, reprocess=reprocess).run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 906, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.process(module)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 869, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: current.run(self.results)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/reporting/reporthtml.py", line 89, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: log.exception("Failed to generate summary HTML report: %s", e)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Message: 'Failed to generate summary HTML report: %s'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Arguments: (UndefinedError("'dict object' has no attribute 'summary'"),)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: 2025-04-14 14:14:06,705 [Task 16] [modules.reporting.reporthtmlsummary] ERROR: Failed to generate summary HTML report: 'dict object' has no attribute 'summary'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/reporting/reporthtmlsummary.py", line 95, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: html = tpl.render({"results": results, "summary_report": True})
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 1295, in render
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.environment.handle_exception()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 942, in handle_exception
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: raise rewrite_traceback_stack(source=source)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/data/html/report.html", line 1, in top-level template code
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: {% extends "base-report.html" %}
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/data/html/base-report.html", line 67, in top-level template code
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: {% block content %}{% endblock %}
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/data/html/report.html", line 16, in block 'content'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: {% include "sections/behavior.html" %}
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/data/html/sections/behavior.html", line 163, in top-level template code
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: {% if results.behavior.summary.files %}
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 490, in getattr
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return getattr(obj, attribute)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'summary'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: --- Logging error ---
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/reporting/reporthtmlsummary.py", line 95, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: html = tpl.render({"results": results, "summary_report": True})
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 1295, in render
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.environment.handle_exception()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 942, in handle_exception
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: raise rewrite_traceback_stack(source=source)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/data/html/report.html", line 1, in top-level template code
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: {% extends "base-report.html" %}
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/data/html/base-report.html", line 67, in top-level template code
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: {% block content %}{% endblock %}
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/data/html/report.html", line 16, in block 'content'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: {% include "sections/behavior.html" %}
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/data/html/sections/behavior.html", line 163, in top-level template code
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: {% if results.behavior.summary.files %}
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/jinja2/environment.py", line 490, in getattr
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return getattr(obj, attribute)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'summary'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: During handling of the above exception, another exception occurred:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/logging/handlers.py", line 74, in emit
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.doRollover()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 229, in doRollover
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.stream.flush()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ValueError: I/O operation on closed file.
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Call stack:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 689, in
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: main()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 613, in main
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: autoprocess(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 442, in autoprocess
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: future = pool.schedule(process, args, kwargs, timeout=processing_timeout)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 105, in schedule
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._check_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 94, in _check_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._update_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 103, in _update_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._start_pool()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 70, in _start_pool
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._pool_manager.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 209, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.worker_manager.create_workers()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 387, in create_workers
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.new_worker()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 399, in new_worker
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: worker = launch_process(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 41, in launch_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: process.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 121, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._popen = self._Popen(self)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 224, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return _default_context.get_context().Process._Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 282, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 19, in init
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._launch(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 71, in _launch
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: code = process_obj._bootstrap(parent_sentinel=child_r)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 314, in _bootstrap
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 108, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._target(*self._args, **self._kwargs)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 433, in worker_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: result = process_execute(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 65, in process_execute
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Result(ResultStatus.SUCCESS, function(*args, **kwargs))
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 157, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: error_count = RunReporting(task=task.to_dict(), results=results, reprocess=reprocess).run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 906, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.process(module)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 869, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: current.run(self.results)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/reporting/reporthtmlsummary.py", line 99, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: log.exception("Failed to generate summary HTML report: %s", str(e))
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Message: 'Failed to generate summary HTML report: %s'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Arguments: ("'dict object' has no attribute 'summary'",)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: 2025-04-14 14:14:06,707 [Task 16] [lib.cuckoo.core.plugins] WARNING: The reporting module "ReportPDF" returned the following error: Unable to open summary HTML report to convert to PDF: Ensure reporthtmlsummary is enabled in reporting.conf
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: --- Logging error ---
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 869, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: current.run(self.results)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/reporting/reportpdf.py", line 29, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: raise CuckooReportError(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: lib.cuckoo.common.exceptions.CuckooReportError: Unable to open summary HTML report to convert to PDF: Ensure reporthtmlsummary is enabled in reporting.conf
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: During handling of the above exception, another exception occurred:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/logging/handlers.py", line 74, in emit
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.doRollover()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 229, in doRollover
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.stream.flush()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ValueError: I/O operation on closed file.
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Call stack:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 689, in
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: main()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 613, in main
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: autoprocess(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 442, in autoprocess
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: future = pool.schedule(process, args, kwargs, timeout=processing_timeout)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 105, in schedule
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._check_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 94, in _check_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._update_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 103, in _update_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._start_pool()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 70, in _start_pool
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._pool_manager.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 209, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.worker_manager.create_workers()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 387, in create_workers
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.new_worker()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 399, in new_worker
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: worker = launch_process(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 41, in launch_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: process.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 121, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._popen = self._Popen(self)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 224, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return _default_context.get_context().Process._Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 282, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 19, in init
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._launch(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 71, in _launch
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: code = process_obj._bootstrap(parent_sentinel=child_r)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 314, in _bootstrap
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 108, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._target(*self._args, **self._kwargs)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 433, in worker_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: result = process_execute(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 65, in process_execute
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Result(ResultStatus.SUCCESS, function(*args, **kwargs))
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 157, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: error_count = RunReporting(task=task.to_dict(), results=results, reprocess=reprocess).run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 906, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.process(module)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 882, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: log.warning('The reporting module "%s" returned the following error: %s', current.class.name, e)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Message: 'The reporting module "%s" returned the following error: %s'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Arguments: ('ReportPDF', CuckooReportError('Unable to open summary HTML report to convert to PDF: Ensure reporthtmlsummary is enabled in reporting.conf'))

Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: 2025-04-14 14:14:06,760 [Task 16] [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "RunStatistics": 'NoneType' object has no attribute 'get'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 869, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: current.run(self.results)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/reporting/runstatistics.py", line 103, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: detail["files_written"] = self.getFilesWrittenCount(results)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/reporting/runstatistics.py", line 76, in getFilesWrittenCount
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return len(results.get("behavior").get("summary").get("write_files"))
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: AttributeError: 'NoneType' object has no attribute 'get'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: --- Logging error ---
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 869, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: current.run(self.results)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/reporting/runstatistics.py", line 103, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: detail["files_written"] = self.getFilesWrittenCount(results)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../modules/reporting/runstatistics.py", line 76, in getFilesWrittenCount
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return len(results.get("behavior").get("summary").get("write_files"))
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: AttributeError: 'NoneType' object has no attribute 'get'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: During handling of the above exception, another exception occurred:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Traceback (most recent call last):
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/logging/handlers.py", line 74, in emit
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.doRollover()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 229, in doRollover
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.stream.flush()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: ValueError: I/O operation on closed file.
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Call stack:
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 689, in
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: main()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 613, in main
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: autoprocess(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 442, in autoprocess
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: future = pool.schedule(process, args, kwargs, timeout=processing_timeout)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 105, in schedule
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._check_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 94, in _check_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._update_pool_status()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/base_pool.py", line 103, in _update_pool_status
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._start_pool()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 70, in _start_pool
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._pool_manager.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 209, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.worker_manager.create_workers()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 387, in create_workers
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.new_worker()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 399, in new_worker
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: worker = launch_process(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 41, in launch_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: process.start()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 121, in start
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._popen = self._Popen(self)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 224, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return _default_context.get_context().Process._Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/context.py", line 282, in _Popen
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Popen(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 19, in init
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._launch(process_obj)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/popen_fork.py", line 71, in _launch
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: code = process_obj._bootstrap(parent_sentinel=child_r)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 314, in _bootstrap
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/usr/lib/python3.12/multiprocessing/process.py", line 108, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self._target(*self._args, **self._kwargs)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/pool/process.py", line 433, in worker_process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: result = process_execute(
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/pebble/common/process.py", line 65, in process_execute
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: return Result(ResultStatus.SUCCESS, function(*args, **kwargs))
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/process.py", line 157, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: error_count = RunReporting(task=task.to_dict(), results=results, reprocess=reprocess).run()
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 906, in run
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: self.process(module)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 885, in process
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: log.exception('Failed to run the reporting module "%s": %s', current.class.name, e)
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Message: 'Failed to run the reporting module "%s": %s'
Apr 14 12:14:06 sandbox-VirtualBox poetry[20295]: Arguments: ('RunStatistics', AttributeError("'NoneType' object has no attribute 'get'"))
Apr 14 12:14:06 sandbox-VirtualBox poetry[19375]: 2025-04-14 12:14:06,777 [root] INFO: Reports generation completed for Task #16

[doomedraven]

Well your looks like configuration problem of the sandbox/vm

[autozeitung]

That's a bummer - I just went through my config, and alos through the already finished analysis, and noticed that only one analysis came back as "reported" and only there the JSON Report worked. For some reason, all the others fail with "report.html" or "report.pdf" not found. Could you potentially show me please, where I might have misconfigured something? I'd really appreciate that.

[doomedraven]

just read your posted log, almost everything is wrong, starting from that it can't connect to VM, etc. But html/pdf report gen doesnt work due to 3rd party lib issue. json works.

Apr 14 12:14:00 sandbox-VirtualBox poetry[29933]: lib.cuckoo.common.exceptions.CuckooGuestCriticalTimeout: Machine win10: the guest initialization hit the critical timeout, analysis aborted

[autozeitung]

thanks - but the interesting thing is, that I can see that it is starting the win10 VM by itself. i'll have a look into that.

So from what you are saying, only JSON is the way to go for the time being - is there a potential solution on the way or is it not going to be fixed?

[doomedraven]

Well to see report you have webgui. For html/pdf as standalone no and I don't have time to work on it/low priority

About start win10 is one thing, second thing is agent inside of the vm, see docs of configuration and testing connectivity

[autozeitung]

really appreciated your answers - thank you!

[doomedraven]

You are welcome, once you fix that most of the errors will disappear