Analyzer Log
2025-06-30 17:39:17,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpqnr2dk
2025-06-30 17:39:17,030 [analyzer] DEBUG: Pipe server name: \??\PIPE\XejCsuaykQWiWzddUbthyNPXGutXoG
2025-06-30 17:39:17,030 [analyzer] DEBUG: Log pipe server name: \??\PIPE\rSuYERRLMiMNiQYzPQcTtDhCuOply
2025-06-30 17:39:17,250 [analyzer] DEBUG: Started auxiliary module Curtain
2025-06-30 17:39:17,250 [analyzer] DEBUG: Started auxiliary module DbgView
2025-06-30 17:39:17,608 [analyzer] DEBUG: Started auxiliary module Disguise
2025-06-30 17:39:17,780 [analyzer] DEBUG: Loaded monitor into process with pid 504
2025-06-30 17:39:17,780 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-06-30 17:39:17,780 [analyzer] DEBUG: Started auxiliary module Human
2025-06-30 17:39:17,780 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-06-30 17:39:17,796 [analyzer] DEBUG: Started auxiliary module Reboot
2025-06-30 17:39:17,875 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-06-30 17:39:17,875 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-06-30 17:39:17,875 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-06-30 17:39:17,890 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-06-30 17:39:18,640 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\VMware-VMRC-12.0.5-22744838.exe' with arguments '' and pid 1960
2025-06-30 17:39:18,796 [analyzer] DEBUG: Loaded monitor into process with pid 1960
2025-06-30 17:39:18,796 [analyzer] INFO: Added new file to list with pid 1960 and path C:\Users\Administrator\AppData\Local\Temp\vminst.log
2025-06-30 17:39:19,030 [analyzer] INFO: Added new file to list with pid 1960 and path C:\Users\Administrator\AppData\Local\Temp\{3657CBD5-0B09-4A42-B439-A7FBE563F668}~setup\VMware-VMRC-12.0.5-22744838.msi
2025-06-30 17:39:20,265 [analyzer] INFO: Added new file to list with pid 1960 and path C:\Users\Administrator\AppData\Local\Temp\{3657CBD5-0B09-4A42-B439-A7FBE563F668}~setup\vcredist_x64.exe
2025-06-30 17:39:21,187 [analyzer] INFO: Injected into process with pid 2920 and name ''
2025-06-30 17:39:21,358 [analyzer] DEBUG: Loaded monitor into process with pid 2920
2025-06-30 17:39:21,421 [analyzer] INFO: Added new file to list with pid 2920 and path C:\Windows\Temp\{A1ECCD21-BF90-4005-AC8C-949138EF7F0E}\.cr\vcredist_x64.exe
2025-06-30 16:41:07,440 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-06-30 16:41:07,628 [lib.api.process] ERROR: Failed to dump memory of 32-bit process with pid 1960.
2025-06-30 16:41:07,737 [lib.api.process] ERROR: Failed to dump memory of 32-bit process with pid 2920.
2025-06-30 16:41:07,956 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-06-30 16:41:07,956 [lib.api.process] INFO: Successfully terminated process with pid 1960.
2025-06-30 16:41:07,971 [lib.api.process] INFO: Successfully terminated process with pid 2920.
2025-06-30 16:41:08,924 [analyzer] INFO: Analysis completed.
Cuckoo Log
2025-06-30 17:39:25,333 [cuckoo.core.scheduler] INFO: Task #6649984: acquired machine win7x6415 (label=win7x6415)
2025-06-30 17:39:25,334 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.215 for task #6649984
2025-06-30 17:39:25,635 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 3193668 (interface=vboxnet0, host=192.168.168.215)
2025-06-30 17:39:55,401 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6415
2025-06-30 17:39:55,844 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6415 to vmcloak
2025-06-30 17:40:26,079 [cuckoo.core.guest] INFO: Starting analysis #6649984 on guest (id=win7x6415, ip=192.168.168.215)
2025-06-30 17:40:27,085 [cuckoo.core.guest] DEBUG: win7x6415: not ready yet
2025-06-30 17:40:32,109 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6415, ip=192.168.168.215)
2025-06-30 17:40:32,207 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6415, ip=192.168.168.215, monitor=latest, size=6660546)
2025-06-30 17:40:36,765 [cuckoo.core.resultserver] DEBUG: Task #6649984: live log analysis.log initialized.
2025-06-30 17:40:37,498 [cuckoo.core.resultserver] DEBUG: Task #6649984 is sending a BSON stream
2025-06-30 17:40:38,499 [cuckoo.core.resultserver] DEBUG: Task #6649984 is sending a BSON stream
2025-06-30 17:40:38,768 [cuckoo.core.resultserver] DEBUG: Task #6649984: File upload for 'shots/0001.jpg'
2025-06-30 17:40:38,788 [cuckoo.core.resultserver] DEBUG: Task #6649984 uploaded file length: 133526
2025-06-30 17:40:39,956 [cuckoo.core.resultserver] DEBUG: Task #6649984: File upload for 'shots/0002.jpg'
2025-06-30 17:40:39,995 [cuckoo.core.resultserver] DEBUG: Task #6649984 uploaded file length: 125456
2025-06-30 17:40:41,089 [cuckoo.core.resultserver] DEBUG: Task #6649984 is sending a BSON stream
2025-06-30 17:40:41,091 [cuckoo.core.resultserver] DEBUG: Task #6649984: File upload for 'shots/0003.jpg'
2025-06-30 17:40:41,109 [cuckoo.core.resultserver] DEBUG: Task #6649984 uploaded file length: 125664
2025-06-30 17:40:42,215 [cuckoo.core.resultserver] DEBUG: Task #6649984: File upload for 'shots/0004.jpg'
2025-06-30 17:40:42,248 [cuckoo.core.resultserver] DEBUG: Task #6649984 uploaded file length: 124294
2025-06-30 17:40:51,285 [cuckoo.core.guest] DEBUG: win7x6415: analysis #6649984 still processing
2025-06-30 17:41:06,392 [cuckoo.core.guest] DEBUG: win7x6415: analysis #6649984 still processing
2025-06-30 17:41:07,856 [cuckoo.core.resultserver] DEBUG: Task #6649984: File upload for 'curtain/1751294467.85.curtain.log'
2025-06-30 17:41:07,859 [cuckoo.core.resultserver] DEBUG: Task #6649984 uploaded file length: 36
2025-06-30 17:41:07,962 [cuckoo.core.resultserver] DEBUG: Task #6649984: File upload for 'sysmon/1751294467.96.sysmon.xml'
2025-06-30 17:41:07,970 [cuckoo.core.resultserver] DEBUG: Task #6649984: File upload for 'files/0cb0f6e303130a0f_vminst.log'
2025-06-30 17:41:07,990 [cuckoo.core.resultserver] DEBUG: Task #6649984 uploaded file length: 18832
2025-06-30 17:41:07,993 [cuckoo.core.resultserver] DEBUG: Task #6649984: File upload for 'files/39e5ac1cf6b42e07_vcredist_x64.exe'
2025-06-30 17:41:07,997 [cuckoo.core.resultserver] DEBUG: Task #6649984 uploaded file length: 822244
2025-06-30 17:41:08,005 [cuckoo.core.resultserver] DEBUG: Task #6649984 uploaded file length: 648328
2025-06-30 17:41:08,125 [cuckoo.core.resultserver] DEBUG: Task #6649984: File upload for 'shots/0005.jpg'
2025-06-30 17:41:08,142 [cuckoo.core.resultserver] DEBUG: Task #6649984 uploaded file length: 133874
2025-06-30 17:41:08,397 [cuckoo.core.resultserver] DEBUG: Task #6649984: File upload for 'files/0aa8935d43dd7771_vmware-vmrc-12.0.5-22744838.msi'
2025-06-30 17:41:08,613 [cuckoo.core.resultserver] DEBUG: Task #6649984 uploaded file length: 52793344
2025-06-30 17:41:08,784 [cuckoo.core.resultserver] DEBUG: Task #6649984: File upload for 'files/003063723b2131da_vcredist_x64.exe'
2025-06-30 17:41:08,918 [cuckoo.core.resultserver] DEBUG: Task #6649984 uploaded file length: 25167488
2025-06-30 17:41:08,956 [cuckoo.core.resultserver] DEBUG: Task #6649984 had connection reset for <Context for LOG>
2025-06-30 17:41:09,405 [cuckoo.core.guest] INFO: win7x6415: analysis completed successfully
2025-06-30 17:41:09,417 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-06-30 17:41:09,444 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-06-30 17:41:10,245 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6415 to path /srv/cuckoo/cwd/storage/analyses/6649984/memory.dmp
2025-06-30 17:41:10,247 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6415
2025-06-30 17:41:43,958 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.215 for task #6649984
2025-06-30 17:41:44,469 [cuckoo.core.scheduler] DEBUG: Released database task #6649984
2025-06-30 17:41:44,500 [cuckoo.core.scheduler] INFO: Task #6649984: analysis procedure completed