URL Details

URL
http://whxdxmxztugz.com/

Score

This url appears fairly benign with a score of 0.0 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Information on Execution

Category Started Completed Duration Logs
URL Jan. 21, 2019, 2:07 p.m. Jan. 21, 2019, 2:08 p.m. 22 seconds

Machine

Name Label Started On Shutdown On
win7x32 win7x32 2019-01-21 14:07:56 2019-01-21 14:08:18

Analyzer Log

2019-01-21 06:07:56,124 [analyzer] DEBUG: Starting analyzer from: C:\euidjycw
2019-01-21 06:07:56,124 [analyzer] DEBUG: Pipe server name: \\.\PIPE\wMDHvSDIHuWwVnoOWCyYcrZJwIpmUEI
2019-01-21 06:07:56,124 [analyzer] DEBUG: Log pipe server name: \\.\PIPE\FqvCOFlTgvSobKxhyPPDK
2019-01-21 06:08:00,539 [analyzer] DEBUG: Started auxiliary module Disguise
2019-01-21 06:08:00,928 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x56eb2fb8)
2019-01-21 06:08:00,928 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x56eb2fb8)
2019-01-21 06:08:00,992 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit ncrypt.dll (with timestamp 0x586e85bb)
2019-01-21 06:08:00,992 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit ncrypt.dll (with timestamp 0x586e85bb)
2019-01-21 06:08:00,992 [analyzer] DEBUG: Loaded monitor into process with pid 476
2019-01-21 06:08:01,148 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2019-01-21 06:08:01,194 [analyzer] DEBUG: Started auxiliary module Human
2019-01-21 06:08:01,194 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2019-01-21 06:08:01,194 [analyzer] DEBUG: Started auxiliary module Reboot
2019-01-21 06:08:01,506 [analyzer] DEBUG: Started auxiliary module RecentFiles
2019-01-21 06:08:01,552 [analyzer] DEBUG: Started auxiliary module Screenshots
2019-01-21 06:08:01,849 [lib.api.process] INFO: Successfully executed process from path 'C:\\Python27\\python.exe' with arguments ['http://whxdxmxztugz.com/'] and pid 2852
2019-01-21 06:08:02,006 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x56eb2fb8)
2019-01-21 06:08:02,006 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x56eb2fb8)
2019-01-21 06:08:02,161 [analyzer] DEBUG: Loaded monitor into process with pid 2852
2019-01-21 06:08:02,332 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\site.pyc
2019-01-21 06:08:02,552 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\ntpath.pyc
2019-01-21 06:08:02,644 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\genericpath.pyc
2019-01-21 06:08:02,769 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\warnings.pyc
2019-01-21 06:08:03,051 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\linecache.pyc
2019-01-21 06:08:03,956 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\types.pyc
2019-01-21 06:08:04,204 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\UserDict.pyc
2019-01-21 06:08:04,313 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\_abcoll.pyc
2019-01-21 06:08:04,470 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\copy_reg.pyc
2019-01-21 06:08:04,563 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\sysconfig.pyc
2019-01-21 06:08:04,579 [analyzer] DEBUG: Received request to inject pid=2852, but we are already injected there.
2019-01-21 06:08:04,720 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\re.pyc
2019-01-21 06:08:04,828 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\sre_compile.pyc
2019-01-21 06:08:04,923 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\sre_parse.pyc
2019-01-21 06:08:05,016 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\sre_constants.pyc
2019-01-21 06:08:05,282 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\locale.pyc
2019-01-21 06:08:05,437 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\encodings\__init__.pyc
2019-01-21 06:08:05,562 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\codecs.pyc
2019-01-21 06:08:05,671 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\encodings\aliases.pyc
2019-01-21 06:08:05,750 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\functools.pyc
2019-01-21 06:08:05,828 [analyzer] INFO: Added new file to list with pid 2852 and path C:\Python27\Lib\encodings\cp1252.pyc
2019-01-21 06:08:05,983 [lib.api.process] WARNING: The process with pid 2852 is not alive, memory dump aborted
2019-01-21 06:08:06,950 [analyzer] INFO: Process with pid 2852 has terminated
2019-01-21 06:08:06,950 [analyzer] INFO: Process list is empty, terminating analysis.
2019-01-21 06:08:07,964 [analyzer] INFO: Terminating remaining processes before shutdown.
2019-01-21 06:08:08,729 [analyzer] INFO: Analysis completed.

Cuckoo Log

2019-01-21 14:07:56,756 [lib.cuckoo.core.scheduler] INFO: Task #1197: acquired machine win7x32 (label=win7x32)
2019-01-21 14:07:56,781 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 9604 (interface=eth2, host=192.168.128.112, pcap=/opt/cuckoo/storage/analyses/1197/dump.pcap)
2019-01-21 14:08:01,799 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=win7x32, ip=192.168.128.112)
2019-01-21 14:08:18,274 [lib.cuckoo.core.guest] INFO: win7x32: analysis completed successfully
2019-01-21 14:08:26,066 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary
2019-01-21 14:08:27,392 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937f5a9650>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-21 14:08:27,393 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937f5a9f10>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-21 14:08:27,393 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937f5a97d0>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-21 14:08:27,394 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937f5a98d0>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-21 14:08:27,394 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticSearch":
Traceback (most recent call last):
  File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
    current.run(self.results)
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 196, in run
    self.connect()
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 79, in connect
    if not self.es.indices.exists_template("cuckoo_template"):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 491, in exists_template
    name), params=params)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 327, in perform_request
    status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 105, in perform_request
    raise ConnectionError('N/A', str(e), e)
ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7f937f5a98d0>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f937f5a98d0>: Failed to establish a new connection: [Errno 111] Connection refused)

Signatures

No signatures

Screenshots

Network

DNS

No domains contacted.

Hosts

No hosts contacted.

Summary

Process python.exe (2852)

  • Opened files

    • C:\Python27\Lib\encodings\cp1252.pyc
    • C:\Python27\Lib\codecs.pyc
    • C:\Python27\Lib\linecache.py
    • C:\Python27\Lib\sre_constants.py
    • C:\Python27\Lib\warnings.py
    • C:\Python27\Lib\re.py
    • C:\Python27\Lib\ntpath.pyc
    • C:\Python27\Lib\_abcoll.pyc
    • C:\Python27\Lib\copy_reg.pyc
    • C:\Python27\Lib\warnings.pyc
    • C:\Python27\Lib\types.pyc
    • C:\Python27\Lib\encodings\aliases.pyc
    • C:\Python27\Lib\UserDict.pyc
    • C:\Python27\Lib\sysconfig.py
    • C:\Python27\Lib\sre_parse.py
    • C:\Python27\Lib\locale.py
    • C:\Python27\Lib\_abcoll.py
    • C:\Python27\Lib\sysconfig.pyc
    • C:\Python27\Lib\copy_reg.py
    • C:\Python27\Lib\UserDict.py
    • C:\Python27\Lib\types.py
    • C:\Python27\Lib\genericpath.pyc
    • C:\Python27\Lib\re.pyc
    • C:\Python27\Lib\linecache.pyc
    • C:\Python27\Lib\codecs.py
    • C:\Python27\Lib\functools.pyc
    • C:\Python27\Lib\encodings\__init__.py
    • C:\Python27\Lib\encodings\cp1252.py
    • C:\Windows\System32\en-US\KERNELBASE.dll.mui
    • C:\Python27\Lib\sre_constants.pyc
    • C:\Python27\Lib\encodings\aliases.py
    • C:\Python27\Lib\sre_compile.pyc
    • C:\Python27\Lib\functools.py
    • C:\Python27\Lib\site.pyc
    • C:\Python27\Lib\site.py
    • C:\Python27\Lib\site-packages\PIL.pth
    • C:\Python27\Lib\locale.pyc
    • C:\Python27\Lib\sre_parse.pyc
    • C:\Python27\Lib\genericpath.py
    • C:\Python27\Lib\ntpath.py
    • C:\Python27\Lib\encodings\__init__.pyc
    • C:\Python27\Lib\sre_compile.py
  • Written files

    • C:\Python27\Lib\encodings\cp1252.pyc
    • C:\Python27\Lib\site.pyc
    • C:\Python27\Lib\warnings.pyc
    • C:\Python27\Lib\re.pyc
    • C:\Python27\Lib\linecache.pyc
    • C:\Python27\Lib\types.pyc
    • C:\Python27\Lib\encodings\aliases.pyc
    • C:\Python27\Lib\UserDict.pyc
    • C:\Python27\Lib\codecs.pyc
    • C:\Python27\Lib\sre_constants.pyc
    • C:\Python27\Lib\locale.pyc
    • C:\Python27\Lib\sre_parse.pyc
    • C:\Python27\Lib\functools.pyc
    • C:\Python27\Lib\sysconfig.pyc
    • C:\Python27\Lib\genericpath.pyc
    • C:\Python27\Lib\ntpath.pyc
    • C:\Python27\Lib\sre_compile.pyc
    • C:\Python27\Lib\encodings\__init__.pyc
    • C:\Python27\Lib\_abcoll.pyc
    • C:\Python27\Lib\copy_reg.pyc
  • Files Read

    • C:\Python27\Lib\encodings\cp1252.pyc
    • C:\Python27\Lib\codecs.pyc
    • C:\Python27\Lib\linecache.py
    • C:\Python27\Lib\sre_constants.py
    • C:\Python27\Lib\warnings.py
    • C:\Python27\Lib\re.py
    • C:\Python27\Lib\ntpath.pyc
    • C:\Python27\Lib\_abcoll.pyc
    • C:\Python27\Lib\copy_reg.pyc
    • C:\Python27\Lib\warnings.pyc
    • C:\Python27\Lib\types.pyc
    • C:\Python27\Lib\encodings\aliases.pyc
    • C:\Python27\Lib\UserDict.pyc
    • C:\Python27\Lib\sysconfig.py
    • C:\Python27\Lib\sre_parse.py
    • C:\Python27\Lib\locale.py
    • C:\Python27\Lib\_abcoll.py
    • C:\Python27\Lib\sysconfig.pyc
    • C:\Python27\Lib\copy_reg.py
    • C:\Python27\Lib\UserDict.py
    • C:\Python27\Lib\types.py
    • C:\Python27\Lib\genericpath.pyc
    • C:\Python27\Lib\re.pyc
    • C:\Python27\Lib\linecache.pyc
    • C:\Python27\Lib\codecs.py
    • C:\Python27\Lib\functools.pyc
    • C:\Python27\Lib\encodings\__init__.py
    • C:\Python27\Lib\encodings\cp1252.py
    • C:\Python27\Lib\sre_constants.pyc
    • C:\Python27\Lib\encodings\aliases.py
    • C:\Python27\Lib\sre_compile.pyc
    • C:\Python27\Lib\functools.py
    • C:\Python27\Lib\site.pyc
    • C:\Python27\Lib\site.py
    • C:\Python27\Lib\site-packages\PIL.pth
    • C:\Python27\Lib\locale.pyc
    • C:\Python27\Lib\sre_parse.pyc
    • C:\Python27\Lib\genericpath.py
    • C:\Python27\Lib\ntpath.py
    • C:\Python27\Lib\encodings\__init__.pyc
    • C:\Python27\Lib\sre_compile.py

Process python.exe (2852)

  • Registry keys opened

    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\site
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\genericpath
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\sre_parse
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\types
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\usercustomize
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\encodings
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\PythonPath
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\sre_parse
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\genericpath
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\warnings
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\sysconfig
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\copy_reg
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\UserDict
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\sitecustomize
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\sysconfig
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\_abcoll
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\functools
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\site
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\sitecustomize
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\locale
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\encodings
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\PythonPath
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\sre_constants
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\linecache
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\ntpath
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\sre_constants
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\codecs
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\UserDict
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\copy_reg
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\types
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\linecache
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\re
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\sre_compile
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\codecs
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\warnings
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\re
    • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\sre_compile
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\usercustomize
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\locale
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\ntpath
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\functools
    • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\_abcoll
  • Registry keys read

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US

Process python.exe (2852)

Process python.exe (2852)

  • Directories enumerated

    • C:\Python27\Lib\re
    • C:\Python27\Lib\sre_constants.py
    • C:\Python27\DLLs\sitecustomize
    • C:\Python27\Lib\ntpath
    • C:\Python27\Lib\plat-win
    • C:\Python27\DLLs\functools
    • C:\Python27\DLLs\_abcoll
    • C:\Python27\Lib\sysconfig.py
    • C:\Python27\Lib\sysconfig
    • C:\Python27\Lib\copy_reg.py
    • C:\Python27\Lib\UserDict
    • C:\Python27\Lib\site-packages\usercustomize
    • C:\Python27\Lib\UserDict.py
    • C:\Python27\Lib\lib-tk
    • C:\Python27\DLLs\sysconfig
    • C:\Python27\Lib\codecs
    • C:\Python27\DLLs\warnings
    • C:\Python27\Lib\encodings\aliases.py
    • C:\Python27\Lib\site-packages\PIL\sitecustomize
    • C:\Python27\Lib\functools
    • C:\Python27\Lib\site-packages\sitecustomize
    • C:\Python27\Lib\sre_parse
    • C:\Python27\DLLs\encodings
    • C:\Python27\DLLs\sre_parse
    • C:\Python27\Lib\sre_compile.py
    • C:\Python27\Lib\warnings.py
    • C:\Python27\Lib\locale
    • C:\Python27\Lib\lib-tk\sitecustomize
    • C:\Python27\*.*
    • C:\Python27\Lib\site-packages
    • C:\Python27\Lib\copy_reg
    • C:\Python27\Lib\encodings\__init__
    • C:\Python27\Lib\types.py
    • C:\Python27\Lib\sre_constants
    • C:\Python27\Lib\encodings\encodings
    • C:\Python27\Lib\codecs.py
    • C:\Python27\DLLs\re
    • C:\Python27\Lib\site-packages\PIL
    • C:\Python27\Lib\ntpath.py
    • C:\Python27\DLLs\usercustomize
    • C:\Python27\Lib\genericpath
    • C:\Python27\Lib\encodings\__builtin__
    • C:\Python27\Lib\linecache.py
    • C:\Python27\DLLs\types
    • C:\Python27\Lib\functools.py
    • C:\Users\admin\AppData\Local\Temp\http:
    • C:\Python27\DLLs\locale
    • C:\Python27\Lib\os.py
    • C:\Python27\Lib\_abcoll.py
    • C:\Python27\usercustomize
    • C:\Users\admin\AppData\Local\Temp\http:\whxdxmxztugz.com
    • C:\Python27\Lib\lib-tk\usercustomize
    • C:\Python27\Lib\re.py
    • C:\Python27\Lib\usercustomize
    • C:\Python27
    • C:\Python27\Lib\encodings\cp1252
    • C:\Python27\Lib\site-packages\PIL\usercustomize
    • C:\Python27\Lib\site
    • C:\Python27\DLLs\copy_reg
    • C:\Python27\Lib\encodings\codecs
    • C:\Python27\DLLs\codecs
    • C:\Python27\Lib\genericpath.py
    • C:\Python27\DLLs
    • C:\Python27\DLLs\site
    • C:\Python27\Lib\sre_compile
    • C:\Python27\Lib\encodings\aliases
    • C:\Python27\Lib\warnings
    • C:\Windows\System32\python27.zip
    • C:\Python27\DLLs\sre_constants
    • C:\Python27\DLLs\sre_compile
    • C:\Python27\sitecustomize
    • C:\Windows\System32
    • C:\Python27\Lib\encodings
    • C:\Users\admin\AppData\Local\Temp\http:\whxdxmxztugz.com\
    • C:\Python27\Lib\sitecustomize
    • C:\Python27\Lib\types
    • C:\Python27\Lib\sre_parse.py
    • C:\Python27\Lib\locale.py
    • C:\Python27\Lib
    • C:\Python27\DLLs\ntpath
    • C:\Python27\Lib\encodings\__init__.py
    • C:\Python27\Lib\encodings\cp1252.py
    • C:\Python27\Lib\linecache
    • C:\Python27\DLLs\linecache
    • C:\Python27\Lib\site.py
    • C:\Python27\Lib\_abcoll
    • C:\Python27\DLLs\UserDict
    • C:\Python27\DLLs\genericpath
    • C:\Users\admin\AppData\Local\Temp\http:\
    • C:\Python27\Lib\site-packages\*.*

Process python.exe (2852)

No static analysis available.
No antivirus signatures available.

Process Tree


python.exe, PID: 2852, Parent PID: 2828

default registry file network process services synchronisation iexplore office pdf

Deprecation note: While processing this analysis you did not have the httpreplay Python library installed. Installing this library (i.e., pip install httpreplay) will allow Cuckoo to do more proper PCAP analysis including but not limited to showing full HTTP and HTTPS (!) requests and responses. It is recommended that you install this library and possibly reprocess any interesting analysis tasks.

Hosts

No hosts contacted.

DNS

No domains contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.128.112 138 192.168.128.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name e16f1dcce16f55c8_copy_reg.pyc
Filepath C:\Python27\Lib\copy_reg.pyc
Size 4.9KB
Type python 2.7 byte-compiled
MD5 297f949ba6e39cd3728d746b510f5499
SHA1 ce9a5de535c93c2c7ef342b5b0b51782fab18058
SHA256 e16f1dcce16f55c894c5735c6560c24e6584597c4980c9dfbe4a2a190ac79142
CRC32 12123BC1
ssdeep 96:l2MLsP6SyBOcySmpSzkWaItuDh1fq1xKg1HKnTelIT2zHCT2LG:0csC295DftcHKnTelA2zHCTiG
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name b3634147a84e54ff_sre_constants.pyc
Filepath C:\Python27\Lib\sre_constants.pyc
Size 5.9KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 4c3d9dc44269fc77a10a4ee914766f3e
SHA1 2de6be8fb7875ec50af77578db7cc6d39ddc2708
SHA256 b3634147a84e54ffa1ba0ffa28961cde015b6b95b97b49b8f20aa4a305c4d155
CRC32 B6A453FC
ssdeep 96:vnCwJA3yDX1u324268snWV344mznnk8WLVhNhCOWTzy/x6mgXxBoo+wetRR:vO3yTqkUnnYLVhNhczyJ6mgBxfSRR
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 39d3c6755666f0ef_warnings.pyc
Filepath C:\Python27\Lib\warnings.pyc
Size 12.7KB
Type python 2.7 byte-compiled
MD5 fcb4ea1cef92ec72620bc458df778db7
SHA1 234fee5e08894f7942f753ec3c70355f864acf8e
SHA256 39d3c6755666f0eff18d5a55a58b8c528e3e7b9228b4f1c7ba6ef75008e989ca
CRC32 CA912428
ssdeep 192:fFtDCshICLo4SMVma6pqAEF+xAHQrZxIUwVHnKbId9qaLtcprv3cqZn7kDB:zDZZuMVma6pa+eQrbIUWKmFLKVv3cl
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 857f4d58d5b42d72_aliases.pyc
Filepath C:\Python27\Lib\encodings\aliases.pyc
Size 8.6KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 0dda607cad111eb453cfcc25336f609e
SHA1 d53adf521a090c9be7e5b5fb67e78ce25eb972fa
SHA256 857f4d58d5b42d724968c2ae6349c3fb15b530e570d20c3c1d50ac52be65c791
CRC32 DDFDEAA7
ssdeep 192:MHGjLzPuAX1Ox+2iFJRbkz0JFJqX0zLDCxKjHN1UjYwQRZm+V:MMD9UxXaRYF0x7TZvV
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name b326f8964a9f13d5___init__.pyc
Filepath C:\Python27\Lib\encodings\__init__.pyc
Size 4.3KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 fcf387b257298c232b7e1818976b6969
SHA1 401d39962fff7742ce423e21b848ce04c5e8c103
SHA256 b326f8964a9f13d591944a2c75ae1587422f2695800b66b97580270244a8e781
CRC32 7DA88040
ssdeep 96:sHIYGsplFe06Q0YlAt5xX4/6kt4VKox8gbR083TMapl9mTqXIFREm6:7YLplmYExMgKoxz083TfcTqXoEm6
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name c7bddc8b5af5c051_UserDict.pyc
Filepath C:\Python27\Lib\UserDict.pyc
Size 8.4KB
Type python 2.7 byte-compiled
MD5 3a893f0683c3da99658f84ede1061193
SHA1 ada726be82f54aacf3ccee78f52f89add2b80e2e
SHA256 c7bddc8b5af5c051305fb037a90b033657cf82ef986a370a2c8774f92705d617
CRC32 F35D3082
ssdeep 192:MvJkM4FBwt0lzAMWr2PKszJC0v/oEv3+SHly4d7tIhEl1gzM2:MkqqVAM/MTEv9Ih4iQ2
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 083b483051702c88_sre_compile.pyc
Filepath C:\Python27\Lib\sre_compile.pyc
Size 10.7KB
Type python 2.7 byte-compiled
MD5 81fed713abd1753347a07c827f707de5
SHA1 2d5097ffe1c43e3430d5138535b39104b111d7d5
SHA256 083b483051702c8883541ee24e11cc713970f8f24d3509132fe0f1cfd2eab202
CRC32 BAB944AF
ssdeep 192:a9jvaCmJ5iMU7T82gShDE36PZ/Bm9d6xZyAWT9Ms6W:aBvaCmJ5iR38283jj+A3N
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 61350268ce3cfcc8_linecache.pyc
Filepath C:\Python27\Lib\linecache.pyc
Size 3.1KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 5101eb4116125c046728240629dc2a9a
SHA1 a8a8448292a5bc0f0c3e7da66d33a7b0a3176f7b
SHA256 61350268ce3cfcc81916a3b87d4adc2a0d85d9aec177acd331cd88794ff2a36a
CRC32 25FD7D91
ssdeep 96:joAXSjEmQqgOHkiuHSNxwkNo1kTFtZu18MXSGs:hCjEmQqgOE3SNxJNXPFv
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 576a617d54a59cd0_aliases.pyc
Filepath C:\Python27\Lib\encodings\aliases.pyc
Size 8.6KB
Type python 2.7 byte-compiled
MD5 9f474e9a1b967052488c6acf33fd1cf4
SHA1 64588aa80762e0981ac4ddd40cb5f0dced5f9514
SHA256 576a617d54a59cd0195627ca76ace2663a92651f264c2481e3606dfa46d244ef
CRC32 E6CDD501
ssdeep 192:2HGjLzPuAX1Ox+2iFJRbkz0JFJqX0zLDCxKjHN1UjYwQRZm+V:2MD9UxXaRYF0x7TZvV
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 874990b53bca840d_codecs.pyc
Filepath C:\Python27\Lib\codecs.pyc
Size 35.3KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 59a84cd009de26b1bf5e1f2487572c14
SHA1 2fd93dcea4645937cbb2407ea31a3589b3f6d87e
SHA256 874990b53bca840d3ef1a447a805bfe2f1d99e031c172112680d4888c0048c65
CRC32 F2C8481C
ssdeep 768:kSmQOf+wobZxQoxqgTy6iqbIszpdDz30gNMsZt/uVP0JoOjWy:kSmsZxBTV70gNMsZt/uVP0JoOjWy
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 6d43f596a7411f00_locale.pyc
Filepath C:\Python27\Lib\locale.pyc
Size 48.0KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 0b3f15aa933270617499173bbeeb2dbd
SHA1 283256e569bd9666f29d597e234777c01d75f401
SHA256 6d43f596a7411f00ce5d370198ba11ddcce7a17d77f6c8dc66ca556f35f116bf
CRC32 655AB30D
ssdeep 1536:bUc0UC+gn3OWnBAiUG9aZI3eRQhu9XC5hjPxSJRnEg3f:nc5nBAiUG9aZ4FbGf
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 6a005473219557c2_site.pyc
Filepath C:\Python27\Lib\site.pyc
Size 18.8KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 3031d93989aa71b5f49179d166446268
SHA1 06e6a88d7d53fb54ab24317c0cdc09ac6b0d6396
SHA256 6a005473219557c212a0c99e9530f19d3b4361a67df35126bd904f0d86d3bf2d
CRC32 629F73C4
ssdeep 384:Uzl8Yowe1Uojpm3GZ51Ze9y9ct2myHWq6BbCRg6MtYW0U5fI8CRNPB4mnEV:Uswe+0U651k4WA2q6BbC/tWx5AZ7JXnC
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 8fc166755bd69e71_functools.pyc
Filepath C:\Python27\Lib\functools.pyc
Size 5.7KB
Type python 2.7 byte-compiled
MD5 2e80c04c2114ab94265bc82d370562a4
SHA1 2992f2d1eccd5ee9c3036f3b25e6a838a3f53169
SHA256 8fc166755bd69e7122c6c7694613387b4d5954d10db8c704231444b3951c7953
CRC32 F23D732E
ssdeep 96:o20v0agZZaq25wv5v0cm28DUxIP3B4zJgRd26IpXA8A4mDsfD/HDWwDxDWDNDSCY:Wv0agZZaq25wCcmDxvzmU8ATQfTKw9Su
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name bd9330ecde01a236_types.pyc
Filepath C:\Python27\Lib\types.pyc
Size 2.4KB
Type python 2.7 byte-compiled
MD5 df051bd484eb570149efffc8f96bf196
SHA1 cd403cbe97061251c1f8dcafe37c543cdfecd87c
SHA256 bd9330ecde01a236eabb2f51a6657f1c7dcc0841f522ddd5bc9030c4c98bd9fc
CRC32 18A7586C
ssdeep 48:3WLM32uns5ZmpFXximd5um2MTeSmGom6hEFmu3yXYUOJBsyXjUzAFsFrgwLuGLaN:R2unsaFBimdMmJTeS0m6eBUO8PFrWjN
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name d2377ebeb1bbec40_genericpath.pyc
Filepath C:\Python27\Lib\genericpath.pyc
Size 3.1KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 11828bf96adc139cb1a1f1a8e745cd38
SHA1 1ae9df0eb403ef530116e4b619a558a0f5077e8b
SHA256 d2377ebeb1bbec404121e1f4ad4cb66c6e593f3252f1283bbde64787c5348d01
CRC32 20D588C3
ssdeep 96:pMYnrpObHOMn4NJaS4vGr4Z5D4TSr4mz6r+Bbl:qalObHOL7arucZ2hpAl
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name edd622adaf09c31a__abcoll.pyc
Filepath C:\Python27\Lib\_abcoll.pyc
Size 20.3KB
Type python 2.7 byte-compiled
MD5 852fe951a12d5348d34f09fd862bd63d
SHA1 75f0be720c48d01aefc85f13cfddeb995d8a62ab
SHA256 edd622adaf09c31a9df88256cc179e49568042dd9ca142afa67a640145182086
CRC32 5D89A182
ssdeep 384:Ew8jnb2nlBCd9yZimu2bIkVZjUxNFCaz9C:Ew8inlQ+ZimBbIkVZSFCaz9C
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 617a2befab7dbac7_ntpath.pyc
Filepath C:\Python27\Lib\ntpath.pyc
Size 11.0KB
Type python 2.7 byte-compiled
MD5 e7b864f24a360bf5e31f5db1fac03404
SHA1 9de0ef6d45e3db683de77d561a9fedbd8f8dcb83
SHA256 617a2befab7dbac74cf8d14a6e178be766e44ba90b38a6ec6f5c76c86f1b8714
CRC32 15D58BEE
ssdeep 192:h+0zN21DrNTr39ACoKfUjwmYrC0ZPCI0KnQ8RHwN+ClgJ1ebceLDYzOU2UA:AWqDrNP39ACpfUjwmYrdZPCewomHYSUq
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 719632430239cfcb_sre_constants.pyc
Filepath C:\Python27\Lib\sre_constants.pyc
Size 5.9KB
Type python 2.7 byte-compiled
MD5 90d64ed96bc8ea07cabdfa29526b256c
SHA1 5dd17974d32aedff7c4ff3fbba12da08b7cb9f37
SHA256 719632430239cfcb3596d33fa81844a92ed38601d587f60efbc4d2f362d5638b
CRC32 2A25CA5B
ssdeep 96:JnCwJA3yDX1u324268snWV344mznnk8WLVhNhCOWTzy/x6mgXxBoo+wetRR:JO3yTqkUnnYLVhNhczyJ6mgBxfSRR
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name fbbd8005f69a8d4f_functools.pyc
Filepath C:\Python27\Lib\functools.pyc
Size 5.7KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 a50f18a02e7dbab3afe510c4d073702c
SHA1 3c9289690f033537b101c2bd7c894dc040a51662
SHA256 fbbd8005f69a8d4f9ff499a2871eac0d8f5ee7b10cec19b4c102a04c683c6da3
CRC32 1AB84644
ssdeep 96:S20v0agZZaq25wv5v0cm28DUxIP3B4zJgRd26IpXA8A4mDsfD/HDWwDxDWDNDSCY:Ev0agZZaq25wCcmDxvzmU8ATQfTKw9Su
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name a9e770af5543e072_sysconfig.pyc
Filepath C:\Python27\Lib\sysconfig.pyc
Size 16.9KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 cde6c8cfb77c9db8243614f55abd37ea
SHA1 c6fdd6085a79eef14f66d0dbfbfe061308b32cf9
SHA256 a9e770af5543e072d78344fac5b8e1f6f1f833670abd2ea6d7abe0c13c34f7f8
CRC32 114EBF02
ssdeep 384:6LZG6wSB+JW6wrgcHz83y4tQfdD+84C1+sWerM7L:69Vw0+JFwscTatQfZF4IWH
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name ddd758e3bf570f38_sre_parse.pyc
Filepath C:\Python27\Lib\sre_parse.pyc
Size 18.5KB
Type python 2.7 byte-compiled
MD5 52e7288abeb2c21309c737f9ece870f0
SHA1 27847bdf20fba1e8b908f6eb285675a0c46a7ee5
SHA256 ddd758e3bf570f38cf18b7230dc577815d1c7005b725e0ed1eb7beb2c7b05634
CRC32 55FA5F57
ssdeep 384:UIqH9oX0MMMj6u69nmCm/2GFuaxMemiyrR+2gkdgEZuWjYSwfjGw5cR:UqENMjv69nmn/nF7GemimMEw2MncR
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 5ea6463c68f1f1f0_cp1252.pyc
Filepath C:\Python27\Lib\encodings\cp1252.pyc
Size 2.8KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 f7b28500970db5d259491ce4fdc167a6
SHA1 eb32b7c39603577a04541ba84bc0f8ac210ef9f1
SHA256 5ea6463c68f1f1f008ea1d40161a05d3125f80adc869194d530db35f0c4e46c1
CRC32 3BCF5C74
ssdeep 48:+mqr1Q9/zjzXGqyN/GfG2l6eGyGe/6IGRIGLGuBGIoKhGnoDfLTTLTDfLTTp6Hbr:j0Q9/7zGohlxH3dqIo1xo0i4f33Pf39a
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 8236f9057690d451__abcoll.pyc
Filepath C:\Python27\Lib\_abcoll.pyc
Size 20.3KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 ffa384a381c49a756906ad4cc853decd
SHA1 3629a87864a8af9df56c5a2b09d08dcd52dd5318
SHA256 8236f9057690d45109f64c4168ecf9926904f84e31da0eca6cbeb3735a683ac6
CRC32 CE54F264
ssdeep 384:qw8jnb2nlBCd9yZimu2bIkVZjUxNFCaz9C:qw8inlQ+ZimBbIkVZSFCaz9C
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name a82addd07285c0e3_sre_compile.pyc
Filepath C:\Python27\Lib\sre_compile.pyc
Size 10.7KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 abaa007a290e1341e608eab012396e99
SHA1 5cb5774e0b8ce7ef6636e586a7e73ece41f96c4e
SHA256 a82addd07285c0e3cd3d5c30e221c3ac6971abeb2ba7896c252e8577e90c3bf2
CRC32 C0625062
ssdeep 192:k9jvaCmJ5iMU7T82gShDE36PZ/Bm9d6xZyAWT9Ms6W:kBvaCmJ5iR38283jj+A3N
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 91d19c5c6e6cfd51_re.pyc
Filepath C:\Python27\Lib\re.pyc
Size 12.7KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 8d0641facc3ab8554f5bb63262ac9bb8
SHA1 e0b93289d3fbdceaeac5e214af9059f7efa1c0c2
SHA256 91d19c5c6e6cfd5193cf9d52176a59b23f50255189ae5af78db04a69aa77fe68
CRC32 334D6F19
ssdeep 192:IDOnXuPG2DARzAuXTCQL5IPYPm8tLtR/UZ8ysnUsEStH4olUfy7GFg:IqnXuPjDssW1/MZ8FUn6HnlL
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 1993b9a41613024d_codecs.pyc
Filepath C:\Python27\Lib\codecs.pyc
Size 35.3KB
Type python 2.7 byte-compiled
MD5 e74f4d45a848688802b3d0a5f8afeded
SHA1 73fac6a5e47b2e4aacc2b00d78fbd080d9640321
SHA256 1993b9a41613024df492a1c914c902df5f0f217ca1598e32dc330e6ca16839ce
CRC32 39755536
ssdeep 768:6SmQOf+wobZxQoxqgTy6iqbIszpdDz30gNMsZt/uVP0JoOjWy:6SmsZxBTV70gNMsZt/uVP0JoOjWy
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 47f9474cc3d7f9bc_warnings.pyc
Filepath C:\Python27\Lib\warnings.pyc
Size 12.7KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 17f690ecd13d1a4b6b8435c3845d665c
SHA1 4fac27446a80b54d0ae1a924bdbb0012b3f1465d
SHA256 47f9474cc3d7f9bcfcdf0d5af621fa9ad76f2514dea9f88e7e62af6df9d0c107
CRC32 11E2DA66
ssdeep 192:dFtDCshICLo4SMVma6pqAEF+xAHQrZxIUwVHnKbId9qaLtcprv3cqZn7kDB:VDZZuMVma6pa+eQrbIUWKmFLKVv3cl
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 3149e552f267fe6b_linecache.pyc
Filepath C:\Python27\Lib\linecache.pyc
Size 3.1KB
Type python 2.7 byte-compiled
MD5 69a689cfe132024b9551125a1905465d
SHA1 bd60ea16067c646879973834f716d4a036314a54
SHA256 3149e552f267fe6b7d3259e51ea13c2847421ba14b876a9aa011f4fc1b7f8d0d
CRC32 D7D364F5
ssdeep 96:lfoAXSjEmQqgOHkiuHSNxwkNo1kTFtZu18MXSGs:zCjEmQqgOE3SNxJNXPFv
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 7bbf4a8c93994af6_genericpath.pyc
Filepath C:\Python27\Lib\genericpath.pyc
Size 3.1KB
Type python 2.7 byte-compiled
MD5 327f0cd760946e3537967fc608f97b87
SHA1 95cd66f6c233d10995affee4226645e1e363c523
SHA256 7bbf4a8c93994af60de23b4c0233cf793084015fd26955769b5c57f350f5747c
CRC32 21093167
ssdeep 96:rMYnrpObHOMn4NJaS4vGr4Z5D4TSr4mz6r+Bbl:galObHOL7arucZ2hpAl
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 6c6f5f7d44d0846d___init__.pyc
Filepath C:\Python27\Lib\encodings\__init__.pyc
Size 4.3KB
Type python 2.7 byte-compiled
MD5 2a5d92f48d735da4a3188cba078140ea
SHA1 209319047863970f39cb279315077f0d620b7193
SHA256 6c6f5f7d44d0846d91e2a31c997ba109ce338966e64ba73e95d4e21e2b271376
CRC32 468D0011
ssdeep 96:6LHIYGsplFe06Q0YlAt5xX4/6kt4VKox8gbR083TMapl9mTqXIFREm6:6EYLplmYExMgKoxz083TfcTqXoEm6
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name c5eeae09bf44300e_locale.pyc
Filepath C:\Python27\Lib\locale.pyc
Size 48.0KB
Type python 2.7 byte-compiled
MD5 4aa1d02a9fe5ec065b3f5292ba3c6030
SHA1 e44f40387a9792e163eeb4462b796c30649f17d5
SHA256 c5eeae09bf44300ec1fe71cc88d2bbe8f7a24ca1e3f15c8a998a8d01effe865e
CRC32 436BF5FA
ssdeep 1536:hUc0UC+gn3OWnBAiUG9aZI3eRQhu9XC5hjPxSJRnEg3f:xc5nBAiUG9aZ4FbGf
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 2e19de01326a2b14_site.pyc
Filepath C:\Python27\Lib\site.pyc
Size 18.8KB
Type python 2.7 byte-compiled
MD5 71d668ec825be1806fbce01d2d6424d8
SHA1 4181141f2e1e69be64753d6c3aa3d0653838b37f
SHA256 2e19de01326a2b14e2277a77f4b11780b4b8a074573742e6c59df9cbb587ee95
CRC32 7CB1CC12
ssdeep 384:mzl8Yowe1Uojpm3GZ51Ze9y9ct2myHWq6BbCRg6MtYW0U5fI8CRNPB4mnEV:mswe+0U651k4WA2q6BbC/tWx5AZ7JXnC
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name fe2189d031768ee6_cp1252.pyc
Filepath C:\Python27\Lib\encodings\cp1252.pyc
Size 2.8KB
Type python 2.7 byte-compiled
MD5 b209c474d980390ea6ff46d74eec3d84
SHA1 0d9984870ba1de05e55ef37a2c6db473fe79d300
SHA256 fe2189d031768ee667cddc188bf13e3e021909fa70e6bcbe48b2b22d2606eb8f
CRC32 31D1674E
ssdeep 48:Imqr1Q9/zjzXGqyN/GfG2l6eGyGe/6IGRIGLGuBGIoKhGnoDfLTTLTDfLTTp6Hbr:R0Q9/7zGohlxH3dqIo1xo0i4f33Pf39a
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 92297e33e7563f1b_re.pyc
Filepath C:\Python27\Lib\re.pyc
Size 12.7KB
Type python 2.7 byte-compiled
MD5 9c146707bfc020f846a12eee3f803da8
SHA1 f2890c2e6bb7cc60358ff032cb7b794570a7b78b
SHA256 92297e33e7563f1b1aaaafafeeaf118faa2d7a3fc84f2f28f867a1ce67172b76
CRC32 03F56D76
ssdeep 192:iDOnXuPG2DARzAuXTCQL5IPYPm8tLtR/UZ8ysnUsEStH4olUfy7GFg:iqnXuPjDssW1/MZ8FUn6HnlL
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 599094e42df67639_ntpath.pyc
Filepath C:\Python27\Lib\ntpath.pyc
Size 11.0KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 74f3f6635afe7909ea962e0f644dcbcb
SHA1 4d5438bd83c6770f167f8e070a28ef3ca3f178c0
SHA256 599094e42df67639b09b827dbcedd1d35ac6320ee2ae3f2a26be91d3e195bf7e
CRC32 B1BD3524
ssdeep 192:W0zN21DrNTr39ACoKfUjwmYrC0ZPCI0KnQ8RHwN+ClgJ1ebceLDYzOU2UA:WWqDrNP39ACpfUjwmYrdZPCewomHYSUq
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 77716101cbf5a4c3_types.pyc
Filepath C:\Python27\Lib\types.pyc
Size 2.4KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 7332040b15160e8e6769f154b6f50f2c
SHA1 47ae8e681bba45da1f7de80b6533eeef5b93d48e
SHA256 77716101cbf5a4c3fb17b5572ece7db4370147f41a89abfad33c6bbe5214d7ef
CRC32 153CD355
ssdeep 48:tWLM32uns5ZmpFXximd5um2MTeSmGom6hEFmu3yXYUOJBsyXjUzAFsFrgwLuGLaN:r2unsaFBimdMmJTeS0m6eBUO8PFrWjN
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 28411d24644ec203_copy_reg.pyc
Filepath C:\Python27\Lib\copy_reg.pyc
Size 4.9KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 0c7c1e6ce0e86b6e2c65c2ae8d719fdb
SHA1 aad50b00a88d6853399d1adbfa184f9cd78f1b16
SHA256 28411d24644ec2032a225db45b2f3233600327d6416f2c56747be60dc308e365
CRC32 5028887F
ssdeep 96:qMLsP6SyBOcySmpSzkWaItuDh1fq1xKg1HKnTelIT2zHCT2LG:qcsC295DftcHKnTelA2zHCTiG
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name b0a3b14678550822_sysconfig.pyc
Filepath C:\Python27\Lib\sysconfig.pyc
Size 16.9KB
Type python 2.7 byte-compiled
MD5 4f45296de3f9277550cedb06495eb71c
SHA1 52aede28e013d6ef8fa9425708e2c486792b8c31
SHA256 b0a3b146785508227ae12a90b6213753045b8fe67714e9018a509faf669fcd16
CRC32 5E2170D4
ssdeep 384:QLZG6wSB+JW6wrgcHz83y4tQfdD+84C1+sWerM7L:Q9Vw0+JFwscTatQfZF4IWH
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 6bcc576e7f1db551_sre_parse.pyc
Filepath C:\Python27\Lib\sre_parse.pyc
Size 18.5KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 2d94c25244221a50533576e6e82f55f6
SHA1 001620202e31832dd5a28211231642fd9e080370
SHA256 6bcc576e7f1db551bc6ba4deb23a8cc11c287f470bfda7ca4b449daf90d4a585
CRC32 8D946401
ssdeep 384:yIqH9oX0MMMj6u69nmCm/2GFuaxMemiyrR+2gkdgEZuWjYSwfjGw5cR:yqENMjv69nmn/nF7GemimMEw2MncR
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 06c94219c19fefc4_userdict.pyc
Filepath C:\Python27\Lib\UserDict.pyc
Size 8.4KB
Processes 2852 (python.exe)
Type python 2.7 byte-compiled
MD5 b21d69ecb3e3dec8e94f0b81b82925c9
SHA1 980740942843c160641d205fb2a5e719f0962949
SHA256 06c94219c19fefc4c76e51bb850e95f494be31b4681dcffcfbbab78b1c016324
CRC32 A0A6F68E
ssdeep 192:EJkM4FBwt0lzAMWr2PKszJC0v/oEv3+SHly4d7tIhEl1gzM2:HqqVAM/MTEv9Ih4iQ2
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Sorry! No dropped buffers.
Task ID 1197
Mongo ID 5c4618ac11d30812ab71f1fb
Cuckoo release 2.0-dev