Analysis

Category Package Started Completed Duration Log
FILE exe 2019-10-10 00:07:32 2019-10-10 00:12:04 272 seconds Show Log
2019-10-10 01:07:55,015 [root] INFO: Date set to: 10-10-19, time set to: 00:07:55, timeout set to: 200
2019-10-10 01:07:55,108 [root] DEBUG: Starting analyzer from: C:\gcnovt
2019-10-10 01:07:55,124 [root] DEBUG: Storing results at: C:\iROsGaK
2019-10-10 01:07:55,124 [root] DEBUG: Pipe server name: \\.\PIPE\YCKBZFEiD
2019-10-10 01:07:55,124 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2019-10-10 01:07:55,124 [root] INFO: Automatically selected analysis package "exe"
2019-10-10 01:08:03,313 [root] DEBUG: Started auxiliary module Browser
2019-10-10 01:08:03,329 [root] DEBUG: Started auxiliary module Curtain
2019-10-10 01:08:03,329 [modules.auxiliary.digisig] DEBUG: Checking for a digitial signature.
2019-10-10 01:08:07,759 [modules.auxiliary.digisig] DEBUG: File is not signed.
2019-10-10 01:08:07,759 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2019-10-10 01:08:07,759 [root] DEBUG: Started auxiliary module DigiSig
2019-10-10 01:08:07,759 [root] DEBUG: Started auxiliary module Disguise
2019-10-10 01:08:07,759 [root] DEBUG: Started auxiliary module Human
2019-10-10 01:08:07,776 [root] DEBUG: Started auxiliary module Screenshots
2019-10-10 01:08:07,776 [root] DEBUG: Started auxiliary module Sysmon
2019-10-10 01:08:07,776 [root] DEBUG: Started auxiliary module Usage
2019-10-10 01:08:07,776 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2019-10-10 01:08:07,776 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2019-10-10 01:08:07,822 [lib.api.process] INFO: Successfully executed process from path "C:\Users\user\AppData\Local\Temp\tmpaj0x_r37.exe" with arguments "" with pid 2256
2019-10-10 01:08:07,822 [lib.api.process] INFO: 32-bit DLL to inject is C:\gcnovt\dll\WlbGKsfN.dll, loader C:\gcnovt\bin\ZxnVMLL.exe
2019-10-10 01:08:07,963 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\YCKBZFEiD.
2019-10-10 01:08:07,979 [root] DEBUG: Loader: Injecting process 2256 (thread 2796) with C:\gcnovt\dll\WlbGKsfN.dll.
2019-10-10 01:08:07,979 [root] DEBUG: Process image base: 0x012E0000
2019-10-10 01:08:07,979 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\gcnovt\dll\WlbGKsfN.dll.
2019-10-10 01:08:07,979 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x01307000 - 0x77940000
2019-10-10 01:08:07,979 [root] DEBUG: InjectDllViaIAT: Allocated 0x19c bytes for new import table at 0x01310000.
2019-10-10 01:08:07,979 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-10-10 01:08:07,979 [root] DEBUG: Successfully injected DLL C:\gcnovt\dll\WlbGKsfN.dll.
2019-10-10 01:08:07,979 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2256
2019-10-10 01:08:10,085 [lib.api.process] INFO: Successfully resumed process with pid 2256
2019-10-10 01:08:10,786 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-10-10 01:08:10,786 [root] INFO: Added new process to list with pid: 2256
2019-10-10 01:08:11,316 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-10-10 01:08:11,316 [root] INFO: Disabling sleep skipping.
2019-10-10 01:08:11,316 [root] INFO: Disabling sleep skipping.
2019-10-10 01:08:11,316 [root] INFO: Disabling sleep skipping.
2019-10-10 01:08:11,316 [root] INFO: Disabling sleep skipping.
2019-10-10 01:08:11,316 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 2256 at 0x74ed0000, image base 0x12e0000, stack from 0x2a6000-0x2b0000
2019-10-10 01:08:11,316 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Users\user\AppData\Local\Temp\tmpaj0x_r37.exe".
2019-10-10 01:08:11,316 [root] INFO: Monitor successfully loaded in process with pid 2256.
2019-10-10 01:08:15,358 [root] DEBUG: DLL loaded at 0x755B0000: C:\Windows\system32\mswsock (0x3c000 bytes).
2019-10-10 01:08:15,358 [root] DEBUG: DLL loaded at 0x755A0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-10-10 01:08:15,358 [root] DEBUG: DLL loaded at 0x75590000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-10-10 01:08:15,358 [root] DEBUG: DLL loaded at 0x75580000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-10-10 01:08:15,358 [root] DEBUG: DLL loaded at 0x75560000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-10-10 01:08:15,388 [root] DEBUG: DLL loaded at 0x75510000: C:\Windows\system32\DNSAPI (0x44000 bytes).
2019-10-10 01:08:15,388 [root] DEBUG: DLL loaded at 0x75500000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-10-10 01:08:15,467 [root] DEBUG: DLL loaded at 0x74EA0000: C:\Windows\system32\IPHLPAPI (0x1c000 bytes).
2019-10-10 01:08:15,467 [root] DEBUG: DLL loaded at 0x74E90000: C:\Windows\system32\WINNSI (0x7000 bytes).
2019-10-10 01:08:27,526 [root] DEBUG: DLL loaded at 0x74E80000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-10-10 01:11:32,651 [root] INFO: Analysis timeout hit (200 seconds), terminating analysis.
2019-10-10 01:11:32,651 [root] INFO: Created shutdown mutex.
2019-10-10 01:11:33,664 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 2256
2019-10-10 01:11:33,664 [root] INFO: Terminate event set for process 2256.
2019-10-10 01:11:33,664 [root] INFO: Terminating process 2256 before shutdown.
2019-10-10 01:11:33,664 [root] INFO: Waiting for process 2256 to exit.
2019-10-10 01:11:33,664 [root] DEBUG: Terminate Event: Skipping dump of process 2256
2019-10-10 01:11:33,664 [root] DEBUG: Terminate Event: Shutdown complete for process 2256 but failed to inform analyzer.
2019-10-10 01:11:34,678 [root] INFO: Shutting down package.
2019-10-10 01:11:34,678 [root] INFO: Stopping auxiliary modules.
2019-10-10 01:11:34,678 [root] INFO: Finishing auxiliary modules.
2019-10-10 01:11:34,678 [root] INFO: Shutting down pipe server and dumping dropped files.
2019-10-10 01:11:34,678 [root] WARNING: File at path "C:\iROsGaK\debugger" does not exist, skip.
2019-10-10 01:11:34,678 [root] INFO: Analysis completed.

MalScore

0.5

Benign

Machine

Name Label Manager Started On Shutdown On
target-05 target-05 ESX 2019-10-10 00:07:32 2019-10-10 00:12:02

File Details

File Name tmpaj0x_r37
File Size 130048 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 add97d237eb606d4df13cd9d11b30e65
SHA1 0abe2e5fd63ab5f770997498641013e793c3ae7e
SHA256 7ab7abbcb34b7d9ec56d421f02cb65bcf58d2dbf13d38bfb6b4ad10ddd6b6ad9
SHA512 31ed8770ddf1cbe7dbe8e774923a6484dea8c7de845df0b6b5677a99a23e666fe7931e4fb3b892d899836a3f415bbdae59a8a2228de38962320488383edad4f1
CRC32 A01D6C35
Ssdeep 3072:rihn1ytvO8X0mdYLOblG8EaGYj95UjSn:UedaLOpG2E
TrID
  • 41.0% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 36.3% (.EXE) Win64 Executable (generic) (27625/18/4)
  • 8.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 5.9% (.EXE) Win32 Executable (generic) (4508/7/1)
  • 2.6% (.EXE) OS/2 Executable (generic) (2029/13)
ClamAV None matched
Yara None matched
CAPE Yara None matched
Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)

Screenshots


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States

DNS

Name Response Post-Analysis Lookup
gongzuosousuo.net [VT]

Summary

PE Information

Image Base 0x00400000
Entry Point 0x00408686
Reported Checksum 0x00000000
Actual Checksum 0x0002af3f
Minimum OS Version 5.0
Compile Time 2019-07-03 06:45:44
Import Hash 7ba3440402803fb5a28206431139b327

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00001000 0x00017076 0x00017200 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.63
.rdata 0x00019000 0x000046d8 0x00004800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.16
.data 0x0001e000 0x000051e8 0x00001800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.12
.rsrc 0x00024000 0x00000560 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.92
.reloc 0x00025000 0x00001e94 0x00002000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 4.82

Imports

Library KERNEL32.dll:
0x419014 TerminateProcess
0x419018 Process32Next
0x41901c GetSystemInfo
0x419020 Sleep
0x419024 GetModuleFileNameA
0x419028 GetModuleHandleA
0x419030 CloseHandle
0x419034 WriteFile
0x419038 Process32First
0x41903c GetComputerNameA
0x419040 GetProcessHeap
0x419044 SetEndOfFile
0x419048 CreateFileA
0x41904c GetLocaleInfoW
0x419050 CreateFileW
0x419054 SetStdHandle
0x419058 WriteConsoleW
0x41905c GetConsoleOutputCP
0x419060 WriteConsoleA
0x419064 LoadLibraryA
0x419084 GetLastError
0x419088 MoveFileA
0x41908c HeapFree
0x419090 HeapAlloc
0x419094 GetCurrentProcess
0x4190a0 IsDebuggerPresent
0x4190a4 HeapReAlloc
0x4190a8 GetStartupInfoW
0x4190ac RtlUnwind
0x4190b0 RaiseException
0x4190b4 MultiByteToWideChar
0x4190b8 LCMapStringA
0x4190bc WideCharToMultiByte
0x4190c0 LCMapStringW
0x4190c4 GetCPInfo
0x4190c8 SetHandleCount
0x4190cc GetStdHandle
0x4190d0 GetFileType
0x4190d4 GetStartupInfoA
0x4190d8 HeapCreate
0x4190dc VirtualFree
0x4190e0 VirtualAlloc
0x4190e4 GetModuleHandleW
0x4190e8 GetProcAddress
0x4190ec ExitProcess
0x4190f0 ReadFile
0x4190f4 GetConsoleCP
0x4190f8 GetConsoleMode
0x4190fc FlushFileBuffers
0x419100 TlsGetValue
0x419104 TlsAlloc
0x419108 TlsSetValue
0x41910c TlsFree
0x419110 SetLastError
0x419114 GetCurrentThreadId
0x419118 SetFilePointer
0x41911c GetModuleFileNameW
0x419128 GetCommandLineW
0x419130 GetTickCount
0x419134 GetCurrentProcessId
0x41913c HeapSize
0x419140 GetACP
0x419144 GetOEMCP
0x419148 IsValidCodePage
0x41914c GetUserDefaultLCID
0x419150 GetLocaleInfoA
0x419154 EnumSystemLocalesA
0x419158 IsValidLocale
0x41915c GetStringTypeA
0x419160 GetStringTypeW
Library ADVAPI32.dll:
0x419000 GetUserNameA
0x419004 RegOpenKeyExA
0x419008 RegQueryValueExA
0x41900c RegCloseKey
Library SHELL32.dll:
0x419168 ShellExecuteA
Library WS2_32.dll:
0x419170 WSAStartup
0x419174 inet_addr
0x419178 htons
0x41917c WSACleanup
0x419180 connect
0x419184 socket
0x419188 closesocket
0x41918c gethostbyaddr
0x419190 gethostbyname
0x419194 send
0x419198 gethostname
0x41919c recv

.text
`.rdata
@.data
.rsrc
@.reloc
D$LPj
YQPVh
QW@Ph
@h_ A
SVWUj
string too long
invalid string position
Unknown exception
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
bad exception
(null)
`h````
CorExitProcess
runtime error
Microsoft Visual C++ Runtime Library
<program name unknown>
Program:
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
czech
china
britain
america
swiss
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`RTTI
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CONOUT$
bad allocation
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
http://
https://
GET %s HTTP/1.0
Host: %s
GET /
Host:
%s%s%s%s%s%s%s%s
bad cast
GetComputerNameA
Process32First
WriteFile
Sleep
TerminateProcess
Process32Next
GetSystemInfo
GetModuleFileNameA
GetModuleHandleA
CreateToolhelp32Snapshot
CloseHandle
KERNEL32.dll
RegQueryValueExA
RegOpenKeyExA
GetUserNameA
RegCloseKey
ADVAPI32.dll
ShellExecuteA
SHELL32.dll
WS2_32.dll
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
MoveFileA
HeapFree
HeapAlloc
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetStartupInfoW
RtlUnwind
RaiseException
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetCPInfo
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleW
GetProcAddress
ExitProcess
ReadFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetFilePointer
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileW
GetLocaleInfoW
CreateFileA
SetEndOfFile
GetProcessHeap
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVtype_info@@
.?AVbad_exception@std@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AV?$codecvt@DDH@std@@
.?AV?$ctype@D@std@@
.?AUctype_base@std@@
.?AVcodecvt_base@std@@
.?AVfacet@locale@std@@
.?AV?$basic_ofstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$_Iosb@H@std@@
.?AVios_base@std@@
-svyr
-_RTl`g-<q-/
.?AVruntime_error@std@@
.?AVexception@std@@
.?AVfailure@ios_base@std@@
.?AVbad_cast@std@@
.?AVbad_alloc@std@@
</assembly>
<\><?
6*6\;
0#0/0;0E0O0Y0d0h0m0
3h4l4p4t4
> >(>4>
90>0?4?8?<?@?D?H?L?P?T?
(null)
mscoree.dll
KERNEL32.DLL
UTF-8
UTF-16LE
UNICODE
VS_VERSION_INFO
StringFileInfo
040904b0
FileDescription
Windows Audio Device Graph Isolation
FileVersion
6, 1, 7600, 13867
InternalName
audiodq.exe
LegalCopyright
Microsoft Corporation All rights reserved
OriginalFilename
audiodq.exe
ProductName
Microsoft Windows Operating System
ProductVersion
6, 0, 0, 1
VarFileInfo
Translation
This file is not on VirusTotal.

Process Tree


tmpaj0x_r37.exe, PID: 2256, Parent PID: 2204
Full Path: C:\Users\user\AppData\Local\Temp\tmpaj0x_r37.exe
Command Line: "C:\Users\user\AppData\Local\Temp\tmpaj0x_r37.exe"

Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.35.25 49705 8.8.8.8 53
192.168.35.25 51419 8.8.8.8 53
192.168.35.25 54372 8.8.8.8 53
192.168.35.25 55513 8.8.8.8 53
192.168.35.25 59000 8.8.8.8 53
192.168.35.25 59547 8.8.8.8 53
192.168.35.25 60281 8.8.8.8 53
192.168.35.25 61391 8.8.8.8 53
192.168.35.25 61816 8.8.8.8 53
192.168.35.25 65366 8.8.8.8 53
192.168.35.25 65414 8.8.8.8 53

DNS

Name Response Post-Analysis Lookup
gongzuosousuo.net [VT]

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Comments



No comments posted

Processing ( 0.936 seconds )

  • 0.267 TargetInfo
  • 0.25 Static
  • 0.23 CAPE
  • 0.096 TrID
  • 0.037 Deduplicate
  • 0.021 NetworkAnalysis
  • 0.016 BehaviorAnalysis
  • 0.012 Strings
  • 0.006 AnalysisInfo
  • 0.001 Debug

Signatures ( 0.048 seconds )

  • 0.008 ransomware_files
  • 0.007 antiav_detectreg
  • 0.003 persistence_autorun
  • 0.003 antiav_detectfile
  • 0.003 infostealer_ftp
  • 0.003 ransomware_extensions
  • 0.002 browser_security
  • 0.002 disables_browser_warn
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.002 infostealer_mail
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_keys
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 network_torgateway

Reporting ( 0.0 seconds )

Task ID 94392
Mongo ID 5d9e7756c3c009112d67b3f3
Cuckoo release 1.3-CAPE
Delete