Cuckoo Sandbox

File 3e05545cf810b795b2a3cc69d6035ac1e3cab737d525e8b0af61e491471afcfc

Summary
Download Resubmit sample

Size	59.2KB
Type	HTML document, Unicode text, UTF-8 text, with very long lines (1786)
MD5	`7f7b0ccab55ab6163b30cf3a1e4e35db`
SHA1	`b4aba914c1d2dc4cb756e676a3f45744fbe04864`
SHA256	`3e05545cf810b795b2a3cc69d6035ac1e3cab737d525e8b0af61e491471afcfc`
SHA512	`4e07913f19ae5ac12a9f8c521180125d209b8c0f1fbf6fbe8371c9ed1cf96a746b95a1662795353cca16acccc80b12a8f00aae95d4d3eea428ca4df908c53af2`
CRC32	`486D7850`
ssdeep	`None`
Yara	None matched

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	April 11, 2025, 1:50 p.m.	April 11, 2025, 1:57 p.m.	414 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-04-10 13:21:59,000 [analyzer] DEBUG: Starting analyzer from: C:\tmp4w2pkt
2025-04-10 13:21:59,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\KtCIFZrYzXZgYtSGSbQwjaXQdil
2025-04-10 13:21:59,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\ScNYNlVuiQWgCwLfGhdill
2025-04-10 13:21:59,015 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-04-10 13:21:59,015 [analyzer] INFO: Automatically selected analysis package "ie"
2025-04-10 13:21:59,312 [analyzer] DEBUG: Started auxiliary module Curtain
2025-04-10 13:21:59,312 [analyzer] DEBUG: Started auxiliary module DbgView
2025-04-10 13:21:59,796 [analyzer] DEBUG: Started auxiliary module Disguise
2025-04-10 13:22:00,030 [analyzer] DEBUG: Loaded monitor into process with pid 508
2025-04-10 13:22:00,030 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-04-10 13:22:00,030 [analyzer] DEBUG: Started auxiliary module Human
2025-04-10 13:22:00,030 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-04-10 13:22:00,030 [analyzer] DEBUG: Started auxiliary module Reboot
2025-04-10 13:22:00,125 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-04-10 13:22:00,125 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-04-10 13:22:00,125 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-04-10 13:22:00,125 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-04-10 13:22:00,125 [modules.packages.ie] INFO: Submitted file is missing extension, adding .html
2025-04-10 13:22:00,233 [lib.api.process] INFO: Successfully executed process from path 'C:\\Program Files\\Internet Explorer\\iexplore.exe' with arguments [u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\3e05545cf810b795b2a3cc69d6035ac1e3cab737d525e8b0af61e491471afcfc.html'] and pid 2904
2025-04-10 13:22:00,375 [analyzer] DEBUG: Loaded monitor into process with pid 2904
2025-04-10 13:22:02,217 [analyzer] DEBUG: Following legitimate IE11 process: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:2!
2025-04-10 13:22:02,312 [analyzer] INFO: Injected into process with pid 2584 and name u'iexplore.exe'
2025-04-10 13:22:02,375 [lib.api.process] ERROR: Failed to dump memory of 32-bit process with pid 2584.
2025-04-10 13:22:02,530 [analyzer] INFO: Added new file to list with pid 2904 and path C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{04CC0E67-15FE-11F0-99EB-0CEAD772813F}.dat
2025-04-10 13:22:02,562 [analyzer] DEBUG: Loaded monitor into process with pid 2584
2025-04-10 13:22:02,608 [analyzer] INFO: Added new file to list with pid 2904 and path C:\Users\Administrator\AppData\Local\Temp\~DF6F436CAB519C54DF.TMP
2025-04-10 13:22:02,812 [analyzer] DEBUG: Error resolving function mshtml!CDocument_write through our custom callback.
2025-04-10 13:22:02,828 [analyzer] DEBUG: Error resolving function mshtml!CElement_put_innerHTML through our custom callback.
2025-04-10 13:22:02,828 [analyzer] DEBUG: Error resolving function mshtml!CHyperlink_SetUrlComponent through our custom callback.
2025-04-10 13:22:02,828 [analyzer] DEBUG: Error resolving function mshtml!CIFrameElement_CreateElement through our custom callback.
2025-04-10 13:22:02,828 [analyzer] DEBUG: Error resolving function mshtml!CImgElement_put_src through our custom callback.
2025-04-10 13:22:02,828 [analyzer] DEBUG: Error resolving function mshtml!CScriptElement_put_src through our custom callback.
2025-04-10 13:22:02,828 [analyzer] DEBUG: Error resolving function mshtml!CWindow_AddTimeoutCode through our custom callback.
2025-04-10 13:22:02,842 [analyzer] DEBUG: Error resolving function mshtml!CDocument_write through our custom callback.
2025-04-10 13:22:02,842 [analyzer] DEBUG: Error resolving function mshtml!CElement_put_innerHTML through our custom callback.
2025-04-10 13:22:02,842 [analyzer] DEBUG: Error resolving function mshtml!CHyperlink_SetUrlComponent through our custom callback.
2025-04-10 13:22:02,842 [analyzer] DEBUG: Error resolving function mshtml!CIFrameElement_CreateElement through our custom callback.
2025-04-10 13:22:02,842 [analyzer] DEBUG: Error resolving function mshtml!CImgElement_put_src through our custom callback.
2025-04-10 13:22:02,842 [analyzer] DEBUG: Error resolving function mshtml!CScriptElement_put_src through our custom callback.
2025-04-10 13:22:02,842 [analyzer] DEBUG: Error resolving function mshtml!CWindow_AddTimeoutCode through our custom callback.
2025-04-10 13:22:03,250 [analyzer] INFO: Added new file to list with pid 2904 and path C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{04CC0E69-15FE-11F0-99EB-0CEAD772813F}.dat
2025-04-10 13:22:03,280 [analyzer] INFO: Added new file to list with pid 2904 and path C:\Users\Administrator\AppData\Local\Temp\~DF7B27EC4DE8007F3D.TMP
2025-04-10 13:22:03,358 [analyzer] DEBUG: Error resolving function mshtml!CDocument_write through our custom callback.
2025-04-10 13:22:03,358 [analyzer] DEBUG: Error resolving function mshtml!CElement_put_innerHTML through our custom callback.
2025-04-10 13:22:03,358 [analyzer] DEBUG: Error resolving function mshtml!CHyperlink_SetUrlComponent through our custom callback.
2025-04-10 13:22:03,358 [analyzer] DEBUG: Error resolving function mshtml!CIFrameElement_CreateElement through our custom callback.
2025-04-10 13:22:03,375 [analyzer] DEBUG: Error resolving function mshtml!CImgElement_put_src through our custom callback.
2025-04-10 13:22:03,375 [analyzer] DEBUG: Error resolving function mshtml!CScriptElement_put_src through our custom callback.
2025-04-10 13:22:03,375 [analyzer] DEBUG: Error resolving function mshtml!CWindow_AddTimeoutCode through our custom callback.
2025-04-10 13:22:06,375 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\14232B434CF29D4C4FB335A86D7FFFE3
2025-04-10 13:22:06,375 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\14232B434CF29D4C4FB335A86D7FFFE3
2025-04-10 13:22:06,375 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
2025-04-10 13:22:06,375 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
2025-04-10 13:22:06,390 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabA96D.tmp
2025-04-10 13:22:06,390 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabA97E.tmp
2025-04-10 13:22:06,390 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarA96E.tmp
2025-04-10 13:22:06,390 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24
2025-04-10 13:22:06,405 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarA97F.tmp
2025-04-10 13:22:06,405 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24
2025-04-10 13:22:06,421 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabA990.tmp
2025-04-10 13:22:06,421 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabA992.tmp
2025-04-10 13:22:06,421 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarA991.tmp
2025-04-10 13:22:06,421 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarA9A2.tmp
2025-04-10 13:22:06,546 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
2025-04-10 13:22:06,562 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
2025-04-10 13:22:06,578 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabAA40.tmp
2025-04-10 13:22:06,578 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarAA41.tmp
2025-04-10 13:22:06,592 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabAA42.tmp
2025-04-10 13:22:06,592 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarAA43.tmp
2025-04-10 13:22:06,640 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabAA82.tmp
2025-04-10 13:22:06,640 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarAA83.tmp
2025-04-10 13:22:06,687 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabAAA3.tmp
2025-04-10 13:22:06,687 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarAAA4.tmp
2025-04-10 13:22:06,717 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabAAD4.tmp
2025-04-10 13:22:06,717 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarAAD5.tmp
2025-04-10 13:22:06,733 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
2025-04-10 13:22:06,733 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
2025-04-10 13:22:06,780 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
2025-04-10 13:22:06,796 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
2025-04-10 13:22:06,812 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabAB24.tmp
2025-04-10 13:22:06,812 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarAB25.tmp
2025-04-10 13:22:06,812 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabAB36.tmp
2025-04-10 13:22:06,828 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarAB37.tmp
2025-04-10 13:22:06,858 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22O2ZOOB\flag-icon.min[1].css
2025-04-10 13:22:06,858 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabAB67.tmp
2025-04-10 13:22:06,858 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarAB68.tmp
2025-04-10 13:22:06,921 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabABA7.tmp
2025-04-10 13:22:06,937 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarABA8.tmp
2025-04-10 13:22:06,983 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabABD8.tmp
2025-04-10 13:22:06,983 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarABD9.tmp
2025-04-10 13:22:07,015 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabAC09.tmp
2025-04-10 13:22:07,015 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarAC0A.tmp
2025-04-10 13:22:07,046 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabAC2A.tmp
2025-04-10 13:22:07,062 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarAC2B.tmp
2025-04-10 13:22:07,125 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabAC6B.tmp
2025-04-10 13:22:07,125 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarAC7C.tmp
2025-04-10 13:22:07,155 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabAC9C.tmp
2025-04-10 13:22:07,171 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarAC9D.tmp
2025-04-10 13:22:07,203 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabACCD.tmp
2025-04-10 13:22:07,203 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarACCE.tmp
2025-04-10 13:22:07,250 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
2025-04-10 13:22:07,250 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
2025-04-10 13:22:07,280 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabAD1D.tmp
2025-04-10 13:22:07,296 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarAD1E.tmp
2025-04-10 13:22:07,328 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabAD4E.tmp
2025-04-10 13:22:07,328 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarAD4F.tmp
2025-04-10 13:22:07,342 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DA548C7E5915679F87E910D6581DEF1_DDA8EF9211240E7A0402740E2A773ED2
2025-04-10 13:22:07,342 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_DDA8EF9211240E7A0402740E2A773ED2
2025-04-10 13:22:07,358 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U479NC5\webfont[1].js
2025-04-10 13:22:07,405 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabAD9E.tmp
2025-04-10 13:22:07,421 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarAD9F.tmp
2025-04-10 13:22:07,453 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabADCF.tmp
2025-04-10 13:22:07,453 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarADD0.tmp
2025-04-10 13:22:07,530 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\CabAE0F.tmp
2025-04-10 13:22:07,530 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Temp\TarAE10.tmp
2025-04-10 13:22:07,640 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
2025-04-10 13:22:07,640 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
2025-04-10 13:22:07,717 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
2025-04-10 13:22:07,717 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
2025-04-10 13:22:07,796 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
2025-04-10 13:22:07,812 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
2025-04-10 13:22:07,828 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQHTGTL3\jquery-3.5.1.min.dc5e7f18c8[1].js
2025-04-10 13:22:12,878 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWNKCB35\4iCp6KVjbNBYlgoKejZPsmyL[1].woff
2025-04-10 13:22:12,881 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWNKCB35\4iCp6KVjbNBYlgoKejZftWyL[1].woff
2025-04-10 13:22:12,881 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWNKCB35\4iCu6KVjbNBYlgoKeg7w[1].woff
2025-04-10 13:22:12,881 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWNKCB35\4iCp6KVjbNBYlgoKejYHtGyL[1].woff
2025-04-10 13:22:12,890 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWNKCB35\4iCv6KVjbNBYlgoC1CzTtA[1].woff
2025-04-10 13:22:12,894 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWNKCB35\jp[1].svg
2025-04-10 13:22:12,894 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWNKCB35\4iCs6KVjbNBYlgo6ew[1].woff
2025-04-10 13:22:12,905 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWNKCB35\gb[1].svg
2025-04-10 13:22:12,914 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22O2ZOOB\de[1].svg
2025-04-10 13:22:12,971 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U479NC5\es[1].svg
2025-04-10 13:22:12,987 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U479NC5\4iCv6KVjbNBYlgoCjC3TtA[1].woff
2025-04-10 13:22:12,992 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U479NC5\KFOKCnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmOClHrs6ljXfMMLoHQiAw[1].woff
2025-04-10 13:22:13,000 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQHTGTL3\KFOKCnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmOClHrs6ljXfMMLt_QiAw[1].woff
2025-04-10 13:22:13,003 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U479NC5\KFOKCnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmOClHrs6ljXfMMLoHRiAw[1].woff
2025-04-10 13:22:13,006 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U479NC5\KFOKCnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmOClHrs6ljXfMMLrPQiAw[1].woff
2025-04-10 13:22:13,015 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQHTGTL3\se[1].svg
2025-04-10 13:22:13,015 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQHTGTL3\it[1].svg
2025-04-10 13:22:13,015 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQHTGTL3\tr[1].svg
2025-04-10 13:22:13,023 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQHTGTL3\KFOKCnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmOClHrs6ljXfMMLmbXiAw[1].woff
2025-04-10 13:22:13,035 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQHTGTL3\pt[1].svg
2025-04-10 13:22:13,035 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22O2ZOOB\pl[1].svg
2025-04-10 13:22:13,035 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22O2ZOOB\KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWuaabWmQ[1].woff
2025-04-10 13:22:13,039 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22O2ZOOB\KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbGmQ[1].woff
2025-04-10 13:22:13,039 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22O2ZOOB\KFOKCnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmOClHrs6ljXfMMLijXiAw[1].woff
2025-04-10 13:22:13,039 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22O2ZOOB\no[1].svg
2025-04-10 13:22:13,042 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22O2ZOOB\dk[1].svg
2025-04-10 13:22:13,046 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQHTGTL3\nl[1].svg
2025-04-10 13:22:13,049 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22O2ZOOB\KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbWmQ[1].woff
2025-04-10 13:22:13,062 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22O2ZOOB\ru[1].svg
2025-04-10 13:22:13,065 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U479NC5\KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWuZtammQ[1].woff
2025-04-10 13:22:13,065 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22O2ZOOB\KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bWmQ[1].woff
2025-04-10 13:22:13,065 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U479NC5\th[1].svg
2025-04-10 13:22:13,065 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22O2ZOOB\KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWuYjammQ[1].woff
2025-04-10 13:22:13,073 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U479NC5\in[1].svg
2025-04-10 13:22:13,073 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U479NC5\ph[1].svg
2025-04-10 13:22:13,073 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22O2ZOOB\4iCv6KVjbNBYlgoCxCvTtA[1].woff
2025-04-10 13:22:13,078 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U479NC5\sa[1].svg
2025-04-10 13:22:13,078 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U479NC5\kr[1].svg
2025-04-10 13:22:13,078 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U479NC5\cn[1].svg
2025-04-10 13:22:13,082 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22O2ZOOB\fi[1].svg
2025-04-10 13:22:13,088 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQHTGTL3\sk[1].svg
2025-04-10 13:22:13,096 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQHTGTL3\cz[1].svg
2025-04-10 13:22:13,101 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQHTGTL3\ro[1].svg
2025-04-10 13:22:13,101 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQHTGTL3\hu[1].svg
2025-04-10 13:22:13,105 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQHTGTL3\hr[1].svg
2025-04-10 13:22:13,105 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWNKCB35\bg[1].svg
2025-04-10 13:22:13,117 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWNKCB35\gr[1].svg
2025-04-10 13:22:13,117 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWNKCB35\id[1].svg
2025-04-10 13:22:13,121 [analyzer] INFO: Added new file to list with pid 2584 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWNKCB35\fr[1].svg
2025-04-10 13:22:29,237 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-04-10 13:22:29,769 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-04-10 13:22:29,769 [lib.api.process] INFO: Successfully terminated process with pid 2904.
2025-04-10 13:22:29,769 [lib.api.process] INFO: Successfully terminated process with pid 2584.
2025-04-10 13:22:29,785 [analyzer] INFO: Error dumping file from path "c:\users\administrator\appdata\local\temp\~df6f436cab519c54df.tmp": [Errno 13] Permission denied: u'c:\\users\\administrator\\appdata\\local\\temp\\~df6f436cab519c54df.tmp'
2025-04-10 13:22:29,799 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cabaa40.tmp' does not exist, skip.
2025-04-10 13:22:29,832 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\tarac9d.tmp' does not exist, skip.
2025-04-10 13:22:29,832 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\tara96e.tmp' does not exist, skip.
2025-04-10 13:22:29,832 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\taraad5.tmp' does not exist, skip.
2025-04-10 13:22:29,832 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cababd8.tmp' does not exist, skip.
2025-04-10 13:22:29,862 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\tarac7c.tmp' does not exist, skip.
2025-04-10 13:22:29,862 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cabae0f.tmp' does not exist, skip.
2025-04-10 13:22:29,862 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cabaaa3.tmp' does not exist, skip.
2025-04-10 13:22:29,862 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\taracce.tmp' does not exist, skip.
2025-04-10 13:22:29,862 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cababa7.tmp' does not exist, skip.
2025-04-10 13:22:29,862 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\tarac0a.tmp' does not exist, skip.
2025-04-10 13:22:29,862 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cabaad4.tmp' does not exist, skip.
2025-04-10 13:22:29,894 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cabaa82.tmp' does not exist, skip.
2025-04-10 13:22:29,910 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cabac09.tmp' does not exist, skip.
2025-04-10 13:22:29,910 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\tara991.tmp' does not exist, skip.
2025-04-10 13:22:29,910 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\tarad1e.tmp' does not exist, skip.
2025-04-10 13:22:29,924 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cabaa42.tmp' does not exist, skip.
2025-04-10 13:22:29,940 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\tarab37.tmp' does not exist, skip.
2025-04-10 13:22:29,940 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\tarad9f.tmp' does not exist, skip.
2025-04-10 13:22:29,957 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cabab67.tmp' does not exist, skip.
2025-04-10 13:22:29,971 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\caba992.tmp' does not exist, skip.
2025-04-10 13:22:29,971 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\taraa41.tmp' does not exist, skip.
2025-04-10 13:22:29,971 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\tara97f.tmp' does not exist, skip.
2025-04-10 13:22:29,987 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\tarab68.tmp' does not exist, skip.
2025-04-10 13:22:29,987 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\taradd0.tmp' does not exist, skip.
2025-04-10 13:22:29,987 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cabab36.tmp' does not exist, skip.
2025-04-10 13:22:29,987 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cabad9e.tmp' does not exist, skip.
2025-04-10 13:22:29,987 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cabad4e.tmp' does not exist, skip.
2025-04-10 13:22:29,987 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cabaccd.tmp' does not exist, skip.
2025-04-10 13:22:29,987 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\tarac2b.tmp' does not exist, skip.
2025-04-10 13:22:30,019 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\tarabd9.tmp' does not exist, skip.
2025-04-10 13:22:30,019 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cabac2a.tmp' does not exist, skip.
2025-04-10 13:22:30,035 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cabac9c.tmp' does not exist, skip.
2025-04-10 13:22:30,049 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\tarab25.tmp' does not exist, skip.
2025-04-10 13:22:30,049 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cabab24.tmp' does not exist, skip.
2025-04-10 13:22:30,049 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\caba97e.tmp' does not exist, skip.
2025-04-10 13:22:30,065 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cabadcf.tmp' does not exist, skip.
2025-04-10 13:22:30,065 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cabac6b.tmp' does not exist, skip.
2025-04-10 13:22:30,082 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\cabad1d.tmp' does not exist, skip.
2025-04-10 13:22:30,082 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\tara9a2.tmp' does not exist, skip.
2025-04-10 13:22:30,082 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\taraa83.tmp' does not exist, skip.
2025-04-10 13:22:30,096 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\tarad4f.tmp' does not exist, skip.
2025-04-10 13:22:30,096 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\~df7b27ec4de8007f3d.tmp' does not exist, skip.
2025-04-10 13:22:30,112 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\taraba8.tmp' does not exist, skip.
2025-04-10 13:22:30,112 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\taraa43.tmp' does not exist, skip.
2025-04-10 13:22:30,128 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\taraaa4.tmp' does not exist, skip.
2025-04-10 13:22:30,160 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\caba96d.tmp' does not exist, skip.
2025-04-10 13:22:30,160 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\tarae10.tmp' does not exist, skip.
2025-04-10 13:22:30,269 [analyzer] WARNING: File at path u'c:\\users\\administrator\\appdata\\local\\temp\\caba990.tmp' does not exist, skip.
2025-04-10 13:22:30,285 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-04-11 13:50:56,050 [cuckoo.core.scheduler] INFO: Task #6259024: acquired machine win7x6423 (label=win7x6423)
2025-04-11 13:50:56,051 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.223 for task #6259024
2025-04-11 13:50:56,518 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 3076004 (interface=vboxnet0, host=192.168.168.223)
2025-04-11 13:50:56,555 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6423
2025-04-11 13:50:57,249 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6423 to vmcloak
2025-04-11 13:54:23,846 [cuckoo.core.guest] INFO: Starting analysis #6259024 on guest (id=win7x6423, ip=192.168.168.223)
2025-04-11 13:54:24,850 [cuckoo.core.guest] DEBUG: win7x6423: not ready yet
2025-04-11 13:54:29,872 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6423, ip=192.168.168.223)
2025-04-11 13:54:29,944 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6423, ip=192.168.168.223, monitor=latest, size=6660546)
2025-04-11 13:54:31,215 [cuckoo.core.resultserver] DEBUG: Task #6259024: live log analysis.log initialized.
2025-04-11 13:54:32,273 [cuckoo.core.resultserver] DEBUG: Task #6259024 is sending a BSON stream
2025-04-11 13:54:32,701 [cuckoo.core.resultserver] DEBUG: Task #6259024 is sending a BSON stream
2025-04-11 13:54:33,473 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'shots/0001.jpg'
2025-04-11 13:54:33,489 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 133467
2025-04-11 13:54:34,728 [cuckoo.core.resultserver] DEBUG: Task #6259024 is sending a BSON stream
2025-04-11 13:54:35,602 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'shots/0002.jpg'
2025-04-11 13:54:35,614 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 24483
2025-04-11 13:54:36,692 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'shots/0003.jpg'
2025-04-11 13:54:36,701 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 50535
2025-04-11 13:54:37,779 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'shots/0004.jpg'
2025-04-11 13:54:37,787 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 57300
2025-04-11 13:54:45,906 [cuckoo.core.guest] DEBUG: win7x6423: analysis #6259024 still processing
2025-04-11 13:54:45,999 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'shots/0005.jpg'
2025-04-11 13:54:46,002 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 53005
2025-04-11 13:55:01,001 [cuckoo.core.guest] DEBUG: win7x6423: analysis #6259024 still processing
2025-04-11 13:55:01,652 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'curtain/1744284149.42.curtain.log'
2025-04-11 13:55:01,655 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 36
2025-04-11 13:55:01,967 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'sysmon/1744284149.67.sysmon.xml'
2025-04-11 13:55:01,999 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 2355600
2025-04-11 13:55:02,007 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/e80d714480a79561_cn[1].svg'
2025-04-11 13:55:02,009 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 801
2025-04-11 13:55:02,011 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/2d46fd7fde3f19c3_it[1].svg'
2025-04-11 13:55:02,012 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 292
2025-04-11 13:55:02,023 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/7a6260da285f80be_4a9377e7e528f7e56b69a81c500abc24'
2025-04-11 13:55:02,026 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 176
2025-04-11 13:55:02,030 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/83783a7dc69702df_fi[1].svg'
2025-04-11 13:55:02,032 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 237
2025-04-11 13:55:02,043 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/bc6fa3f3457991ef_14232b434cf29d4c4fb335a86d7fffe3'
2025-04-11 13:55:02,045 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 170
2025-04-11 13:55:02,049 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/7e44703ad312cc46_recoverystore.{04cc0e67-15fe-11f0-99eb-0cead772813f}.dat'
2025-04-11 13:55:02,051 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 5632
2025-04-11 13:55:02,055 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/f7f6a5894f1d19dd_jquery-3.5.1.min.dc5e7f18c8[1].js'
2025-04-11 13:55:02,057 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 89476
2025-04-11 13:55:02,059 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/e759dccba5bc3838_jp[1].svg'
2025-04-11 13:55:02,060 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 474
2025-04-11 13:55:02,064 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/094d348550431d31_4icu6kvjbnbylgokeg7w[1].woff'
2025-04-11 13:55:02,067 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 145604
2025-04-11 13:55:02,073 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/e1f1da02b9737bd6_4icp6kvjbnbylgokejzftwyl[1].woff'
2025-04-11 13:55:02,077 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 153168
2025-04-11 13:55:02,079 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/a91174a3cccd5ec6_nl[1].svg'
2025-04-11 13:55:02,081 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 224
2025-04-11 13:55:02,082 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/d22330d2af43ce22_gr[1].svg'
2025-04-11 13:55:02,084 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 1096
2025-04-11 13:55:02,086 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/ec8b8f65fee0bb29_kfokcnqeu92fr1mu53zec9_vu3r1gihoszmoclhrs6ljxfmmlohqiaw[1].woff'
2025-04-11 13:55:02,088 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 69960
2025-04-11 13:55:02,094 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/6ab9fad7d19ea320_kfomcnqeu92fr1me7ksn66agldtyluamqxc89ymc2dpnwuaabwmq[1].woff'
2025-04-11 13:55:02,096 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 64692
2025-04-11 13:55:02,098 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/d72761e1a334a754_94308059b57b3142e455b38a6eb92015'
2025-04-11 13:55:02,101 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 73305
2025-04-11 13:55:02,103 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/6fb1b8e593cb0388_b46811c17859ffb409cf0e904a4aa8f8'
2025-04-11 13:55:02,105 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 530
2025-04-11 13:55:02,107 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/7b5be8932db6e515_se[1].svg'
2025-04-11 13:55:02,108 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 691
2025-04-11 13:55:02,111 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/d6660a07ad0fa753_4icp6kvjbnbylgokejzpsmyl[1].woff'
2025-04-11 13:55:02,113 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 127280
2025-04-11 13:55:02,115 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/4ca76c921fae3345_sk[1].svg'
2025-04-11 13:55:02,117 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 1202
2025-04-11 13:55:02,119 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/ebd41040e4bb3ec7_4a9377e7e528f7e56b69a81c500abc24'
2025-04-11 13:55:02,121 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 889
2025-04-11 13:55:02,124 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/11db81bb5136347f_4ics6kvjbnbylgo6ew[1].woff'
2025-04-11 13:55:02,126 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 134032
2025-04-11 13:55:02,128 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/854593a65b293832_ro[1].svg'
2025-04-11 13:55:02,129 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 305
2025-04-11 13:55:02,132 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/5c81b01e7693b40d_b66240b0f6c84bd4857aba60cf5ce4a0_5043e0f5df723415c9eecc201c838a62'
2025-04-11 13:55:02,133 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 2064
2025-04-11 13:55:02,136 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/81016ac6be850b72_webfont[1].js'
2025-04-11 13:55:02,138 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 13188
2025-04-11 13:55:02,141 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/623702bd791d4553_flag-icon.min[1].css'
2025-04-11 13:55:02,143 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 33818
2025-04-11 13:55:02,145 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/4e206b563d27b5a7_th[1].svg'
2025-04-11 13:55:02,147 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 287
2025-04-11 13:55:02,150 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/033a416ecc30a516_tr[1].svg'
2025-04-11 13:55:02,151 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 554
2025-04-11 13:55:02,154 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/d29bf9ab88c629c8_kfokcnqeu92fr1mu53zec9_vu3r1gihoszmoclhrs6ljxfmmlohriaw[1].woff'
2025-04-11 13:55:02,156 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 67484
2025-04-11 13:55:02,159 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/151243c97b0936de_kfokcnqeu92fr1mu53zec9_vu3r1gihoszmoclhrs6ljxfmmlrpqiaw[1].woff'
2025-04-11 13:55:02,161 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 71000
2025-04-11 13:55:02,163 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/226631a8fa9deee0_de[1].svg'
2025-04-11 13:55:02,165 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 213
2025-04-11 13:55:02,168 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/400a5d037c908c48_75ca58072b9926f763a91f0cc2798706_b5d3a17e5bedd2eda793611a0a74e1e8'
2025-04-11 13:55:02,170 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 438
2025-04-11 13:55:02,173 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/aad032a390ade09f_kfomcnqeu92fr1me7ksn66agldtyluamqxc89ymc2dpnwuztammq[1].woff'
2025-04-11 13:55:02,175 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 65000
2025-04-11 13:55:02,177 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/c29517b4eb6b0564_dk[1].svg'
2025-04-11 13:55:02,179 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 239
2025-04-11 13:55:02,182 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/b9caad247ef5093c_4icv6kvjbnbylgocxcvtta[1].woff'
2025-04-11 13:55:02,185 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 117140
2025-04-11 13:55:02,187 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/a094f93ce465415e_cz[1].svg'
2025-04-11 13:55:02,188 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 484
2025-04-11 13:55:02,191 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/a39e661424eacfae_6da548c7e5915679f87e910d6581def1_dda8ef9211240e7a0402740e2a773ed2'
2025-04-11 13:55:02,193 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 472
2025-04-11 13:55:02,196 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/6e09a84d57f7540d_8b2b9a00839eed1dfdccc3bfc2f5df12'
2025-04-11 13:55:02,199 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 174
2025-04-11 13:55:02,203 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/c59f156ddd70507f_no[1].svg'
2025-04-11 13:55:02,205 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 321
2025-04-11 13:55:02,207 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/4bc50892d8a596be_kfokcnqeu92fr1mu53zec9_vu3r1gihoszmoclhrs6ljxfmmlijxiaw[1].woff'
2025-04-11 13:55:02,210 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 70732
2025-04-11 13:55:02,214 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/400e38b7c27364b7_kfomcnqeu92fr1me7ksn66agldtyluamqxc89ymc2dpnwub2bwmq[1].woff'
2025-04-11 13:55:02,216 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 65664
2025-04-11 13:55:02,222 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/b6ac57a911914a74_b46811c17859ffb409cf0e904a4aa8f8'
2025-04-11 13:55:02,224 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 170
2025-04-11 13:55:02,227 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/9af6eb7f12f60789_kfomcnqeu92fr1me7ksn66agldtyluamqxc89ymc2dpnwubebgmq[1].woff'
2025-04-11 13:55:02,230 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 62788
2025-04-11 13:55:02,232 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/add77f478265785a_{04cc0e69-15fe-11f0-99eb-0cead772813f}.dat'
2025-04-11 13:55:02,234 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 7680
2025-04-11 13:55:02,237 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/f112c0bf36b33862_kfomcnqeu92fr1me7ksn66agldtyluamqxc89ymc2dpnwuyjammq[1].woff'
2025-04-11 13:55:02,239 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 65844
2025-04-11 13:55:02,241 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/63667b36ddd95d29_fr[1].svg'
2025-04-11 13:55:02,243 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 292
2025-04-11 13:55:02,246 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/d54e76d7ad9da524_sa[1].svg'
2025-04-11 13:55:02,248 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 10238
2025-04-11 13:55:02,250 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/a214a6b6fc63a9b4_kfomcnqeu92fr1me7ksn66agldtyluamqxc89ymc2dpnwubebwmq[1].woff'
2025-04-11 13:55:02,252 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 64396
2025-04-11 13:55:02,254 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/fb6a7c3edcd7b97f_8b2b9a00839eed1dfdccc3bfc2f5df12'
2025-04-11 13:55:02,256 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 1739
2025-04-11 13:55:02,260 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/c9871d91b6b58310_id[1].svg'
2025-04-11 13:55:02,261 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 237
2025-04-11 13:55:02,264 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/62137f64b8b37b24_pt[1].svg'
2025-04-11 13:55:02,265 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 8280
2025-04-11 13:55:02,269 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/790b922bc1031b8e_bad725c80f9e10846f35d039a996e4a8_88b6ae015495c1ecc395d19c1dd02894'
2025-04-11 13:55:02,279 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 1560
2025-04-11 13:55:02,281 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/fe4298ef1cff3b03_05ddc6aa91765aacacdb0a5f96df8199'
2025-04-11 13:55:02,283 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 170
2025-04-11 13:55:02,284 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/d153e9ef2636d9eb_94308059b57b3142e455b38a6eb92015'
2025-04-11 13:55:02,291 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 344
2025-04-11 13:55:02,293 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/d73494e3446b0216_070e0202839d9d67350cd2613e78e416'
2025-04-11 13:55:02,295 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 1302
2025-04-11 13:55:02,296 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/825310f9bcc88925_gb[1].svg'
2025-04-11 13:55:02,298 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 538
2025-04-11 13:55:02,299 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/3162c67e01704d06_kr[1].svg'
2025-04-11 13:55:02,301 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 1822
2025-04-11 13:55:02,302 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/aa95b8e492ae6e9e_070e0202839d9d67350cd2613e78e416'
2025-04-11 13:55:02,303 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 230
2025-04-11 13:55:02,305 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/cbc15f5fb40df22a_in[1].svg'
2025-04-11 13:55:02,306 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 1074
2025-04-11 13:55:02,307 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/625ca5f97dda9657_4icv6kvjbnbylgoc1cztta[1].woff'
2025-04-11 13:55:02,310 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/a58b2ffa6bb549b5_kfokcnqeu92fr1mu53zec9_vu3r1gihoszmoclhrs6ljxfmmlt_qiaw[1].woff'
2025-04-11 13:55:02,312 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 69980
2025-04-11 13:55:02,313 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 156448
2025-04-11 13:55:02,315 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/b7f02b25c23e07da_b66240b0f6c84bd4857aba60cf5ce4a0_5043e0f5df723415c9eecc201c838a62'
2025-04-11 13:55:02,317 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 458
2025-04-11 13:55:02,319 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/fd167a43304972aa_ph[1].svg'
2025-04-11 13:55:02,321 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 1565
2025-04-11 13:55:02,325 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/ac5bc7dde06f37ec_6da548c7e5915679f87e910d6581def1_dda8ef9211240e7a0402740e2a773ed2'
2025-04-11 13:55:02,327 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 398
2025-04-11 13:55:02,329 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/5b51b57f63cf58e4_ru[1].svg'
2025-04-11 13:55:02,331 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 286
2025-04-11 13:55:02,333 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/c67e049a9f003f09_bg[1].svg'
2025-04-11 13:55:02,334 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 286
2025-04-11 13:55:02,338 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/cbd3e4debe511a32_4icv6kvjbnbylgocjc3tta[1].woff'
2025-04-11 13:55:02,340 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 123272
2025-04-11 13:55:02,342 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/bd8c588ce4c71594_pl[1].svg'
2025-04-11 13:55:02,344 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 222
2025-04-11 13:55:02,348 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/e6917741aa31b195_4icp6kvjbnbylgokejyhtgyl[1].woff'
2025-04-11 13:55:02,351 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 139272
2025-04-11 13:55:02,353 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/4399611216fcf900_kfokcnqeu92fr1mu53zec9_vu3r1gihoszmoclhrs6ljxfmmlmbxiaw[1].woff'
2025-04-11 13:55:02,355 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 71316
2025-04-11 13:55:02,357 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/470431d1ed0dc209_hu[1].svg'
2025-04-11 13:55:02,359 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 274
2025-04-11 13:55:02,361 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/ca3eca993ba116d4_75ca58072b9926f763a91f0cc2798706_b5d3a17e5bedd2eda793611a0a74e1e8'
2025-04-11 13:55:02,363 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 1438
2025-04-11 13:55:02,374 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/eac173f6aa2de93a_05ddc6aa91765aacacdb0a5f96df8199'
2025-04-11 13:55:02,391 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 993
2025-04-11 13:55:02,401 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/ab3d438837b7f1c4_es[1].svg'
2025-04-11 13:55:02,667 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 90819
2025-04-11 13:55:02,675 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'shots/0006.jpg'
2025-04-11 13:55:02,678 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/b0b1d075c651e2ce_hr[1].svg'
2025-04-11 13:55:02,680 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 40615
2025-04-11 13:55:02,681 [cuckoo.core.resultserver] DEBUG: Task #6259024: File upload for 'files/8f7f9ee9b98e5d74_bad725c80f9e10846f35d039a996e4a8_88b6ae015495c1ecc395d19c1dd02894'
2025-04-11 13:55:02,683 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 432
2025-04-11 13:55:02,687 [cuckoo.core.resultserver] DEBUG: Task #6259024 uploaded file length: 133467
2025-04-11 13:55:02,699 [cuckoo.core.resultserver] DEBUG: Task #6259024 had connection reset for <Context for LOG>
2025-04-11 13:55:04,018 [cuckoo.core.guest] INFO: win7x6423: analysis completed successfully
2025-04-11 13:55:04,029 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-04-11 13:55:04,244 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-04-11 13:55:05,396 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6423 to path /srv/cuckoo/cwd/storage/analyses/6259024/memory.dmp
2025-04-11 13:55:05,398 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6423
2025-04-11 13:57:48,416 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.223 for task #6259024
2025-04-11 13:57:50,187 [cuckoo.core.scheduler] DEBUG: Released database task #6259024
2025-04-11 13:57:50,229 [cuckoo.core.scheduler] INFO: Task #6259024: analysis procedure completed

Signatures

Allocates read-write-execute memory (usually to unpack itself) (50 out of 292 events)

Time & API	Arguments	Status
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefeea8000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefeea8000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefeea8000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefec2f000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefec06000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefec06000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefec06000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefafbb000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef51e4000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefcdc4000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa07c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa094000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef9feb000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef35d4000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefab8a000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000032e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefd74b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefd74b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefd74b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefd74b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefd501000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:14 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef29d2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:15 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef526e000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:15 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefd42f000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:15 p.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefd458000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01316000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76251000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75bbc000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75bbc000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75bbc000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75bb7000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75bb7000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75bb7000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74d31000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75e70000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75e70000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75e70000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75490000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75601000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75611000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75c51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75c51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75c51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75c51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75c51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75c51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75c51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75c51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75c51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75c51000 process_handle: 0xffffffff	1

Creates executable files on the filesystem (2 events)

file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQHTGTL3\jquery-3.5.1.min.dc5e7f18c8[1].js
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U479NC5\webfont[1].js

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory April 10, 2025, 2:22 p.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 16 (PAGE_EXECUTE) base_address: 0x05160000 process_handle: 0xffffffff	1	0	0

Uses Windows utilities for basic Windows functionality (1 event)

cmdline

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:2

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Process injection

Process 2904 resumed a thread in remote process 2584

Time & API	Arguments	Status	Return	Repeated
NtResumeThread April 10, 2025, 2:14 p.m.	thread_handle: 0x0000000000000370 suspend_count: 1 process_identifier: 2584	1	0	0

File has been identified by 2 AntiVirus engine on IRMA as malicious (2 events)

Avast Core Security (Linux)	HTML:FinancialScam-BL [Scam]
ESET Security (Windows)	HTML/Nomani.J trojan

File has been identified by 6 AntiVirus engines on VirusTotal as malicious (6 events)

ESET-NOD32	HTML/Nomani.J
Avast	HTML:FinancialScam-BL [Scam]
GData	HTML.Trojan.Agent.8JT2L3
Tencent	Html.Win32.Script.506009
Fortinet	HTML/Nomani.J!tr
AVG	HTML:FinancialScam-BL [Scam]