Cuckoo Sandbox

File d9ed385659edad32cf17ae4cb70c67314c430da7b53bc6136bb744511b5d972a

Summary
Download Resubmit sample

Size	184.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`98ebaa266dd1c2e3fb108b608c77a8de`
SHA1	`a1e05772c2e351180663cfeddfe0e37bee576c73`
SHA256	`d9ed385659edad32cf17ae4cb70c67314c430da7b53bc6136bb744511b5d972a`
SHA512	`2af633867bb775004ef8e14f5bda27a52d247749c42fc9cb8c82bb1d8d3b3c8dcb57a4bd97f3704d64255dbd12ff68c888d21b2e7b1d631a2ab0d1c7c2ac1847`
CRC32	`9759A2E5`
ssdeep	`None`
Yara	SEH__vba - (no description)

Score

This file is very suspicious, with a score of 10.0 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

6631120

6631121

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	June 24, 2025, 9:18 p.m.	June 24, 2025, 9:25 p.m.	384 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-06-21 09:33:59,015 [analyzer] DEBUG: Starting analyzer from: C:\tmp1xmcit
2025-06-21 09:33:59,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\TsKeHFBeeMxnAWhuQozLZyZkTQRfPvn
2025-06-21 09:33:59,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\DJvAYVsWdOiLTEleHNG
2025-06-21 09:33:59,296 [analyzer] DEBUG: Started auxiliary module Curtain
2025-06-21 09:33:59,296 [analyzer] DEBUG: Started auxiliary module DbgView
2025-06-21 09:33:59,796 [analyzer] DEBUG: Started auxiliary module Disguise
2025-06-21 09:34:00,000 [analyzer] DEBUG: Loaded monitor into process with pid 508
2025-06-21 09:34:00,000 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-06-21 09:34:00,000 [analyzer] DEBUG: Started auxiliary module Human
2025-06-21 09:34:00,000 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-06-21 09:34:00,000 [analyzer] DEBUG: Started auxiliary module Reboot
2025-06-21 09:34:00,108 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-06-21 09:34:00,108 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-06-21 09:34:00,108 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-06-21 09:34:00,108 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-06-21 09:34:00,250 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\d9ed385659edad32cf17ae4cb70c67314c430da7b53bc6136bb744511b5d972a.exe' with arguments '' and pid 2936
2025-06-21 09:34:00,453 [analyzer] DEBUG: Loaded monitor into process with pid 2936
2025-06-21 09:34:03,592 [analyzer] INFO: Added new file to list with pid 2936 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-23014.exe
2025-06-21 09:34:03,655 [analyzer] INFO: Injected into process with pid 176 and name u'Unicorn-23014.exe'
2025-06-21 09:34:03,828 [analyzer] DEBUG: Loaded monitor into process with pid 176
2025-06-21 09:34:06,953 [analyzer] INFO: Added new file to list with pid 176 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-4513.exe
2025-06-21 09:34:07,000 [analyzer] INFO: Added new file to list with pid 2936 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-63973.exe
2025-06-21 09:34:07,015 [analyzer] INFO: Injected into process with pid 840 and name u'Unicorn-4513.exe'
2025-06-21 09:34:07,062 [analyzer] INFO: Injected into process with pid 2516 and name u'Unicorn-63973.exe'
2025-06-21 09:34:07,187 [analyzer] DEBUG: Loaded monitor into process with pid 840
2025-06-21 09:34:07,217 [analyzer] DEBUG: Loaded monitor into process with pid 2516
2025-06-21 09:34:10,342 [analyzer] INFO: Added new file to list with pid 840 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-49062.exe
2025-06-21 09:34:10,375 [analyzer] INFO: Added new file to list with pid 176 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-53701.exe
2025-06-21 09:34:10,390 [analyzer] INFO: Added new file to list with pid 2516 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-12113.exe
2025-06-21 09:34:10,421 [analyzer] INFO: Injected into process with pid 2880 and name u'Unicorn-49062.exe'
2025-06-21 09:34:10,437 [analyzer] INFO: Added new file to list with pid 2936 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-18235.exe
2025-06-21 09:34:10,453 [analyzer] INFO: Injected into process with pid 2176 and name u'Unicorn-53701.exe'
2025-06-21 09:34:10,467 [analyzer] INFO: Injected into process with pid 3008 and name u'Unicorn-12113.exe'
2025-06-21 09:34:10,515 [analyzer] INFO: Injected into process with pid 2356 and name u'Unicorn-18235.exe'
2025-06-21 09:34:10,592 [analyzer] DEBUG: Loaded monitor into process with pid 2880
2025-06-21 09:34:10,625 [analyzer] DEBUG: Loaded monitor into process with pid 2176
2025-06-21 09:34:10,640 [analyzer] DEBUG: Loaded monitor into process with pid 3008
2025-06-21 09:34:10,671 [analyzer] DEBUG: Loaded monitor into process with pid 2356
2025-06-21 09:34:13,842 [analyzer] INFO: Added new file to list with pid 2176 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-50982.exe
2025-06-21 09:34:13,858 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-55066.exe
2025-06-21 09:34:13,905 [analyzer] INFO: Added new file to list with pid 3008 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-1781.exe
2025-06-21 09:34:13,905 [analyzer] INFO: Added new file to list with pid 176 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-61188.exe
2025-06-21 09:34:13,905 [analyzer] INFO: Added new file to list with pid 840 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-47453.exe
2025-06-21 09:34:13,937 [analyzer] INFO: Added new file to list with pid 2516 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-6420.exe
2025-06-21 09:34:13,967 [analyzer] INFO: Added new file to list with pid 2356 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-18118.exe
2025-06-21 09:34:14,030 [analyzer] INFO: Added new file to list with pid 2936 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-47977.exe
2025-06-21 09:34:14,078 [analyzer] INFO: Injected into process with pid 1728 and name u'Unicorn-55066.exe'
2025-06-21 09:34:14,078 [analyzer] INFO: Injected into process with pid 1120 and name u'Unicorn-50982.exe'
2025-06-21 09:34:14,092 [analyzer] INFO: Injected into process with pid 1312 and name u'Unicorn-47453.exe'
2025-06-21 09:34:14,108 [analyzer] INFO: Injected into process with pid 360 and name u'Unicorn-6420.exe'
2025-06-21 09:34:14,125 [analyzer] INFO: Injected into process with pid 2420 and name u'Unicorn-61188.exe'
2025-06-21 09:34:14,155 [analyzer] INFO: Injected into process with pid 2156 and name u'Unicorn-47977.exe'
2025-06-21 09:34:14,155 [analyzer] INFO: Injected into process with pid 1356 and name u'Unicorn-18118.exe'
2025-06-21 09:34:14,155 [analyzer] INFO: Injected into process with pid 3012 and name u'Unicorn-1781.exe'
2025-06-21 09:34:14,265 [analyzer] DEBUG: Loaded monitor into process with pid 1728
2025-06-21 09:34:14,296 [analyzer] DEBUG: Loaded monitor into process with pid 1120
2025-06-21 09:34:14,296 [analyzer] DEBUG: Loaded monitor into process with pid 1312
2025-06-21 09:34:14,312 [analyzer] DEBUG: Loaded monitor into process with pid 2156
2025-06-21 09:34:14,328 [analyzer] DEBUG: Loaded monitor into process with pid 1356
2025-06-21 09:34:14,358 [analyzer] DEBUG: Loaded monitor into process with pid 360
2025-06-21 09:34:14,358 [analyzer] DEBUG: Loaded monitor into process with pid 2420
2025-06-21 09:34:14,390 [analyzer] DEBUG: Loaded monitor into process with pid 3012
2025-06-21 09:34:17,717 [analyzer] INFO: Added new file to list with pid 1728 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-9093.exe
2025-06-21 09:34:17,780 [analyzer] INFO: Injected into process with pid 3116 and name u'Unicorn-9093.exe'
2025-06-21 09:34:17,812 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-30068.exe
2025-06-21 09:34:17,842 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-41766.exe
2025-06-21 09:34:17,875 [analyzer] INFO: Injected into process with pid 3156 and name u'Unicorn-30068.exe'
2025-06-21 09:34:17,905 [analyzer] INFO: Added new file to list with pid 840 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-51972.exe
2025-06-21 09:34:17,905 [analyzer] INFO: Injected into process with pid 3180 and name u'Unicorn-41766.exe'
2025-06-21 09:34:17,953 [analyzer] INFO: Added new file to list with pid 1120 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-17070.exe
2025-06-21 09:34:17,953 [analyzer] INFO: Added new file to list with pid 360 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-17070.exe
2025-06-21 09:34:17,953 [analyzer] DEBUG: Loaded monitor into process with pid 3116
2025-06-21 09:34:17,967 [analyzer] INFO: Added new file to list with pid 2156 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-8901.exe
2025-06-21 09:34:17,983 [analyzer] INFO: Added new file to list with pid 2420 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-12985.exe
2025-06-21 09:34:18,030 [analyzer] INFO: Added new file to list with pid 2176 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-19160.exe
2025-06-21 09:34:18,030 [analyzer] INFO: Added new file to list with pid 2516 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-32895.exe
2025-06-21 09:34:18,030 [analyzer] INFO: Added new file to list with pid 3012 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-39026.exe
2025-06-21 09:34:18,046 [analyzer] DEBUG: Loaded monitor into process with pid 3156
2025-06-21 09:34:18,046 [analyzer] INFO: Injected into process with pid 3232 and name u'Unicorn-51972.exe'
2025-06-21 09:34:18,046 [analyzer] INFO: Added new file to list with pid 2936 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-21927.exe
2025-06-21 09:34:18,078 [analyzer] INFO: Added new file to list with pid 176 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-51013.exe
2025-06-21 09:34:18,078 [analyzer] INFO: Added new file to list with pid 2516 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-31412.exe
2025-06-21 09:34:18,078 [analyzer] DEBUG: Loaded monitor into process with pid 3180
2025-06-21 09:34:18,125 [analyzer] INFO: Added new file to list with pid 1356 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-47194.exe
2025-06-21 09:34:18,125 [analyzer] INFO: Added new file to list with pid 2356 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-47749.exe
2025-06-21 09:34:18,265 [analyzer] DEBUG: Loaded monitor into process with pid 3232
2025-06-21 09:34:18,265 [analyzer] INFO: Injected into process with pid 3288 and name u'Unicorn-8901.exe'
2025-06-21 09:34:18,296 [analyzer] INFO: Injected into process with pid 3276 and name u'Unicorn-17070.exe'
2025-06-21 09:34:18,390 [analyzer] INFO: Injected into process with pid 3320 and name u'Unicorn-12985.exe'
2025-06-21 09:34:18,390 [analyzer] INFO: Injected into process with pid 3340 and name u'Unicorn-19160.exe'
2025-06-21 09:34:18,421 [analyzer] INFO: Injected into process with pid 3348 and name u'Unicorn-32895.exe'
2025-06-21 09:34:18,437 [analyzer] INFO: Injected into process with pid 3360 and name u'Unicorn-39026.exe'
2025-06-21 09:34:18,467 [analyzer] INFO: Injected into process with pid 3412 and name u'Unicorn-21927.exe'
2025-06-21 09:34:18,483 [analyzer] INFO: Injected into process with pid 3440 and name u'Unicorn-51013.exe'
2025-06-21 09:34:18,562 [analyzer] INFO: Injected into process with pid 3520 and name u'Unicorn-47194.exe'
2025-06-21 09:34:18,562 [analyzer] INFO: Injected into process with pid 3460 and name u'Unicorn-31412.exe'
2025-06-21 09:34:18,578 [analyzer] DEBUG: Loaded monitor into process with pid 3288
2025-06-21 09:34:18,578 [analyzer] INFO: Injected into process with pid 3536 and name u'Unicorn-47749.exe'
2025-06-21 09:34:18,608 [analyzer] DEBUG: Loaded monitor into process with pid 3320
2025-06-21 09:34:18,625 [analyzer] DEBUG: Loaded monitor into process with pid 3340
2025-06-21 09:34:18,640 [analyzer] DEBUG: Loaded monitor into process with pid 3276
2025-06-21 09:34:18,655 [analyzer] DEBUG: Loaded monitor into process with pid 3360
2025-06-21 09:34:18,703 [analyzer] DEBUG: Loaded monitor into process with pid 3440
2025-06-21 09:34:18,717 [analyzer] DEBUG: Loaded monitor into process with pid 3348
2025-06-21 09:34:18,750 [analyzer] DEBUG: Loaded monitor into process with pid 3536
2025-06-21 09:34:18,765 [analyzer] DEBUG: Loaded monitor into process with pid 3412
2025-06-21 09:34:18,780 [analyzer] DEBUG: Loaded monitor into process with pid 3520
2025-06-21 09:34:18,858 [analyzer] DEBUG: Loaded monitor into process with pid 3460
2025-06-21 09:34:20,967 [analyzer] INFO: Added new file to list with pid 1120 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-56877.exe
2025-06-21 09:34:21,030 [analyzer] INFO: Injected into process with pid 3792 and name u'Unicorn-56877.exe'
2025-06-21 09:34:21,171 [analyzer] INFO: Added new file to list with pid 3116 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-297.exe
2025-06-21 09:34:21,203 [analyzer] DEBUG: Loaded monitor into process with pid 3792
2025-06-21 09:34:21,265 [analyzer] INFO: Injected into process with pid 3836 and name u'Unicorn-297.exe'
2025-06-21 09:34:21,265 [analyzer] INFO: Added new file to list with pid 1728 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-21272.exe
2025-06-21 09:34:21,280 [analyzer] INFO: Added new file to list with pid 3156 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-28886.exe
2025-06-21 09:34:21,328 [analyzer] INFO: Injected into process with pid 3876 and name u'Unicorn-21272.exe'
2025-06-21 09:34:21,342 [analyzer] INFO: Injected into process with pid 3896 and name u'Unicorn-28886.exe'
2025-06-21 09:34:21,358 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-43176.exe
2025-06-21 09:34:21,405 [analyzer] INFO: Added new file to list with pid 3180 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-61558.exe
2025-06-21 09:34:21,421 [analyzer] DEBUG: Loaded monitor into process with pid 3836
2025-06-21 09:34:21,437 [analyzer] INFO: Injected into process with pid 3956 and name u'Unicorn-43176.exe'
2025-06-21 09:34:21,453 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-4744.exe
2025-06-21 09:34:21,515 [analyzer] INFO: Injected into process with pid 3996 and name u'Unicorn-61558.exe'
2025-06-21 09:34:21,515 [analyzer] INFO: Added new file to list with pid 3232 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-40946.exe
2025-06-21 09:34:21,530 [analyzer] DEBUG: Loaded monitor into process with pid 3876
2025-06-21 09:34:21,530 [analyzer] DEBUG: Loaded monitor into process with pid 3896
2025-06-21 09:34:21,562 [analyzer] INFO: Added new file to list with pid 840 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-52933.exe
2025-06-21 09:34:21,592 [analyzer] INFO: Injected into process with pid 4024 and name u'Unicorn-4744.exe'
2025-06-21 09:34:21,640 [analyzer] DEBUG: Loaded monitor into process with pid 3956
2025-06-21 09:34:21,687 [analyzer] INFO: Injected into process with pid 3148 and name u'Unicorn-52933.exe'
2025-06-21 09:34:21,703 [analyzer] DEBUG: Loaded monitor into process with pid 3996
2025-06-21 09:34:21,717 [analyzer] INFO: Injected into process with pid 4080 and name u'Unicorn-40946.exe'
2025-06-21 09:34:21,765 [analyzer] DEBUG: Loaded monitor into process with pid 4024
2025-06-21 09:34:21,921 [analyzer] DEBUG: Loaded monitor into process with pid 4080
2025-06-21 09:34:21,921 [analyzer] DEBUG: Loaded monitor into process with pid 3148
2025-06-21 09:34:22,296 [analyzer] INFO: Added new file to list with pid 3288 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-29654.exe
2025-06-21 09:34:22,375 [analyzer] INFO: Injected into process with pid 1452 and name u'Unicorn-29654.exe'
2025-06-21 09:34:22,375 [analyzer] INFO: Added new file to list with pid 2156 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-50629.exe
2025-06-21 09:34:22,437 [analyzer] INFO: Added new file to list with pid 3320 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-21294.exe
2025-06-21 09:34:22,453 [analyzer] INFO: Injected into process with pid 3356 and name u'Unicorn-50629.exe'
2025-06-21 09:34:22,515 [analyzer] INFO: Injected into process with pid 3396 and name u'Unicorn-21294.exe'
2025-06-21 09:34:22,546 [analyzer] DEBUG: Loaded monitor into process with pid 1452
2025-06-21 09:34:22,546 [analyzer] INFO: Added new file to list with pid 3348 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-33546.exe
2025-06-21 09:34:22,546 [analyzer] INFO: Added new file to list with pid 2420 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-13680.exe
2025-06-21 09:34:22,592 [analyzer] INFO: Added new file to list with pid 3360 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-45798.exe
2025-06-21 09:34:22,608 [analyzer] DEBUG: Loaded monitor into process with pid 3356
2025-06-21 09:34:22,625 [analyzer] INFO: Added new file to list with pid 2516 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-4500.exe
2025-06-21 09:34:22,655 [analyzer] INFO: Added new file to list with pid 3440 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-8849.exe
2025-06-21 09:34:22,655 [analyzer] INFO: Injected into process with pid 3512 and name u'Unicorn-13680.exe'
2025-06-21 09:34:22,671 [analyzer] INFO: Injected into process with pid 3504 and name u'Unicorn-33546.exe'
2025-06-21 09:34:22,687 [analyzer] DEBUG: Loaded monitor into process with pid 3396
2025-06-21 09:34:22,703 [analyzer] INFO: Added new file to list with pid 3012 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-5320.exe
2025-06-21 09:34:22,733 [analyzer] INFO: Added new file to list with pid 176 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-8087.exe
2025-06-21 09:34:22,750 [analyzer] INFO: Injected into process with pid 3608 and name u'Unicorn-45798.exe'
2025-06-21 09:34:22,765 [analyzer] INFO: Added new file to list with pid 3536 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-41522.exe
2025-06-21 09:34:22,842 [analyzer] INFO: Added new file to list with pid 3412 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-57858.exe
2025-06-21 09:34:22,842 [analyzer] INFO: Added new file to list with pid 3412 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-57858.exe
2025-06-21 09:34:22,858 [analyzer] INFO: Added new file to list with pid 2356 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-39476.exe
2025-06-21 09:34:22,858 [analyzer] INFO: Injected into process with pid 3780 and name u'Unicorn-8849.exe'
2025-06-21 09:34:22,858 [analyzer] INFO: Added new file to list with pid 3008 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-43560.exe
2025-06-21 09:34:22,875 [analyzer] DEBUG: Loaded monitor into process with pid 3504
2025-06-21 09:34:22,905 [analyzer] INFO: Injected into process with pid 3904 and name u'Unicorn-8087.exe'
2025-06-21 09:34:22,921 [analyzer] INFO: Added new file to list with pid 2936 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-36476.exe
2025-06-21 09:34:22,921 [analyzer] INFO: Added new file to list with pid 1356 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-42076.exe
2025-06-21 09:34:22,921 [analyzer] INFO: Injected into process with pid 3652 and name u'Unicorn-4500.exe'
2025-06-21 09:34:22,921 [analyzer] INFO: Added new file to list with pid 3340 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-61942.exe
2025-06-21 09:34:22,953 [analyzer] INFO: Added new file to list with pid 2176 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-14779.exe
2025-06-21 09:34:22,953 [analyzer] INFO: Injected into process with pid 3820 and name u'Unicorn-5320.exe'
2025-06-21 09:34:22,953 [analyzer] INFO: Added new file to list with pid 3276 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-20910.exe
2025-06-21 09:34:22,967 [analyzer] DEBUG: Loaded monitor into process with pid 3512
2025-06-21 09:34:23,000 [analyzer] INFO: Added new file to list with pid 360 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-62497.exe
2025-06-21 09:34:23,015 [analyzer] DEBUG: Loaded monitor into process with pid 3608
2025-06-21 09:34:23,092 [analyzer] INFO: Injected into process with pid 3940 and name u'Unicorn-41522.exe'
2025-06-21 09:34:23,125 [analyzer] INFO: Injected into process with pid 3980 and name u'Unicorn-41522.exe'
2025-06-21 09:34:23,203 [analyzer] INFO: Injected into process with pid 1444 and name u'Unicorn-57858.exe'
2025-06-21 09:34:23,203 [analyzer] INFO: Injected into process with pid 3260 and name u'Unicorn-39476.exe'
2025-06-21 09:34:23,203 [analyzer] DEBUG: Loaded monitor into process with pid 3780
2025-06-21 09:34:23,250 [analyzer] DEBUG: Loaded monitor into process with pid 3904
2025-06-21 09:34:23,312 [analyzer] INFO: Injected into process with pid 3392 and name u'Unicorn-43560.exe'
2025-06-21 09:34:23,328 [analyzer] INFO: Injected into process with pid 3596 and name u'Unicorn-36476.exe'
2025-06-21 09:34:23,342 [analyzer] DEBUG: Loaded monitor into process with pid 3652
2025-06-21 09:34:23,342 [analyzer] INFO: Injected into process with pid 3788 and name u'Unicorn-42076.exe'
2025-06-21 09:34:23,421 [analyzer] DEBUG: Loaded monitor into process with pid 3820
2025-06-21 09:34:23,437 [analyzer] INFO: Injected into process with pid 3724 and name u'Unicorn-61942.exe'
2025-06-21 09:34:23,437 [analyzer] INFO: Injected into process with pid 3372 and name u'Unicorn-20910.exe'
2025-06-21 09:34:23,453 [analyzer] INFO: Injected into process with pid 3948 and name u'Unicorn-14779.exe'
2025-06-21 09:34:23,515 [analyzer] DEBUG: Loaded monitor into process with pid 3940
2025-06-21 09:34:23,578 [analyzer] DEBUG: Loaded monitor into process with pid 3260
2025-06-21 09:34:23,578 [analyzer] INFO: Injected into process with pid 3548 and name u'Unicorn-62497.exe'
2025-06-21 09:34:23,592 [analyzer] DEBUG: Loaded monitor into process with pid 1444
2025-06-21 09:34:23,655 [analyzer] DEBUG: Loaded monitor into process with pid 3788
2025-06-21 09:34:23,655 [analyzer] DEBUG: Loaded monitor into process with pid 3980
2025-06-21 09:34:23,687 [analyzer] DEBUG: Loaded monitor into process with pid 3724
2025-06-21 09:34:23,703 [analyzer] DEBUG: Loaded monitor into process with pid 3948
2025-06-21 09:34:23,703 [analyzer] DEBUG: Loaded monitor into process with pid 3392
2025-06-21 09:34:23,717 [analyzer] DEBUG: Loaded monitor into process with pid 3372
2025-06-21 09:34:23,796 [analyzer] DEBUG: Loaded monitor into process with pid 3548
2025-06-21 09:34:23,796 [analyzer] DEBUG: Loaded monitor into process with pid 3596
2025-06-21 09:34:24,342 [analyzer] INFO: Added new file to list with pid 3792 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-47490.exe
2025-06-21 09:34:24,405 [analyzer] INFO: Added new file to list with pid 1120 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-53612.exe
2025-06-21 09:34:24,546 [analyzer] INFO: Injected into process with pid 4184 and name u'Unicorn-53612.exe'
2025-06-21 09:34:24,546 [analyzer] INFO: Injected into process with pid 4176 and name u'Unicorn-47490.exe'
2025-06-21 09:34:24,733 [analyzer] DEBUG: Loaded monitor into process with pid 4184
2025-06-21 09:34:24,765 [analyzer] DEBUG: Loaded monitor into process with pid 4176
2025-06-21 09:34:24,765 [analyzer] INFO: Added new file to list with pid 3116 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-10904.exe
2025-06-21 09:34:24,905 [analyzer] INFO: Added new file to list with pid 3876 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-63442.exe
2025-06-21 09:34:24,921 [analyzer] INFO: Injected into process with pid 4264 and name u'Unicorn-10904.exe'
2025-06-21 09:34:24,983 [analyzer] INFO: Added new file to list with pid 1728 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-65480.exe
2025-06-21 09:34:25,046 [analyzer] INFO: Injected into process with pid 4300 and name u'Unicorn-63442.exe'
2025-06-21 09:34:25,062 [analyzer] INFO: Added new file to list with pid 3896 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-23946.exe
2025-06-21 09:34:25,092 [analyzer] INFO: Added new file to list with pid 3156 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-16332.exe
2025-06-21 09:34:25,108 [analyzer] DEBUG: Loaded monitor into process with pid 4264
2025-06-21 09:34:25,155 [analyzer] INFO: Added new file to list with pid 3956 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-64786.exe
2025-06-21 09:34:25,155 [analyzer] INFO: Injected into process with pid 4336 and name u'Unicorn-65480.exe'
2025-06-21 09:34:25,203 [analyzer] INFO: Added new file to list with pid 3996 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-11501.exe
2025-06-21 09:34:25,233 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-3068.exe
2025-06-21 09:34:25,280 [analyzer] INFO: Added new file to list with pid 3180 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-12056.exe
2025-06-21 09:34:25,280 [analyzer] DEBUG: Loaded monitor into process with pid 4300
2025-06-21 09:34:25,296 [analyzer] INFO: Injected into process with pid 4368 and name u'Unicorn-23946.exe'
2025-06-21 09:34:25,296 [analyzer] INFO: Added new file to list with pid 4024 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-31922.exe
2025-06-21 09:34:25,328 [analyzer] INFO: Injected into process with pid 4400 and name u'Unicorn-16332.exe'
2025-06-21 09:34:25,328 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-42128.exe
2025-06-21 09:34:25,375 [analyzer] INFO: Added new file to list with pid 3148 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-40090.exe
2025-06-21 09:34:25,437 [analyzer] INFO: Added new file to list with pid 840 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-47496.exe
2025-06-21 09:34:25,483 [analyzer] INFO: Added new file to list with pid 3232 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-56981.exe
2025-06-21 09:34:25,483 [analyzer] INFO: Added new file to list with pid 3232 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-56426.exe
2025-06-21 09:34:25,500 [analyzer] DEBUG: Loaded monitor into process with pid 4336
2025-06-21 09:34:25,500 [analyzer] INFO: Injected into process with pid 4432 and name u'Unicorn-64786.exe'
2025-06-21 09:34:25,562 [analyzer] INFO: Injected into process with pid 4472 and name u'Unicorn-11501.exe'
2025-06-21 09:34:25,578 [analyzer] DEBUG: Loaded monitor into process with pid 4368
2025-06-21 09:34:25,608 [analyzer] INFO: Injected into process with pid 4484 and name u'Unicorn-3068.exe'
2025-06-21 09:34:25,703 [analyzer] DEBUG: Loaded monitor into process with pid 4400
2025-06-21 09:34:25,750 [analyzer] INFO: Injected into process with pid 4536 and name u'Unicorn-12056.exe'
2025-06-21 09:34:25,828 [analyzer] INFO: Added new file to list with pid 1452 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-23370.exe
2025-06-21 09:34:25,842 [analyzer] INFO: Injected into process with pid 4564 and name u'Unicorn-31922.exe'
2025-06-21 09:34:25,905 [analyzer] INFO: Added new file to list with pid 3520 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-40260.exe
2025-06-21 09:34:25,905 [analyzer] INFO: Added new file to list with pid 3288 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-40260.exe
2025-06-21 09:34:25,937 [analyzer] INFO: Added new file to list with pid 3356 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-64210.exe
2025-06-21 09:34:25,953 [analyzer] INFO: Injected into process with pid 4616 and name u'Unicorn-42128.exe'
2025-06-21 09:34:25,967 [analyzer] INFO: Injected into process with pid 4652 and name u'Unicorn-47496.exe'
2025-06-21 09:34:25,967 [analyzer] INFO: Injected into process with pid 4636 and name u'Unicorn-40090.exe'
2025-06-21 09:34:25,983 [analyzer] DEBUG: Loaded monitor into process with pid 4432
2025-06-21 09:34:26,015 [analyzer] INFO: Added new file to list with pid 2156 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-62164.exe
2025-06-21 09:34:26,015 [analyzer] INFO: Added new file to list with pid 3396 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-28798.exe
2025-06-21 09:34:26,030 [analyzer] DEBUG: Loaded monitor into process with pid 4472
2025-06-21 09:34:26,108 [analyzer] INFO: Injected into process with pid 4704 and name u'Unicorn-56426.exe'
2025-06-21 09:34:26,108 [analyzer] INFO: Added new file to list with pid 3320 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-29352.exe
2025-06-21 09:34:26,108 [analyzer] DEBUG: Loaded monitor into process with pid 4484
2025-06-21 09:34:26,108 [analyzer] INFO: Injected into process with pid 4676 and name u'Unicorn-56981.exe'
2025-06-21 09:34:26,171 [analyzer] DEBUG: Loaded monitor into process with pid 4536
2025-06-21 09:34:26,250 [analyzer] INFO: Added new file to list with pid 3504 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-4101.exe
2025-06-21 09:34:26,265 [analyzer] DEBUG: Loaded monitor into process with pid 4564
2025-06-21 09:34:26,280 [analyzer] INFO: Added new file to list with pid 3348 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-12824.exe
2025-06-21 09:34:26,296 [analyzer] DEBUG: Loaded monitor into process with pid 4636
2025-06-21 09:34:26,328 [analyzer] DEBUG: Loaded monitor into process with pid 4616
2025-06-21 09:34:26,328 [analyzer] INFO: Injected into process with pid 4900 and name u'Unicorn-64210.exe'
2025-06-21 09:34:26,342 [analyzer] DEBUG: Loaded monitor into process with pid 4652
2025-06-21 09:34:26,342 [analyzer] INFO: Injected into process with pid 4892 and name u'Unicorn-23370.exe'
2025-06-21 09:34:26,375 [analyzer] INFO: Injected into process with pid 4908 and name u'Unicorn-40260.exe'
2025-06-21 09:34:26,437 [analyzer] DEBUG: Loaded monitor into process with pid 4676
2025-06-21 09:34:26,483 [analyzer] INFO: Injected into process with pid 5016 and name u'Unicorn-29352.exe'
2025-06-21 09:34:26,483 [analyzer] INFO: Injected into process with pid 5004 and name u'Unicorn-28798.exe'
2025-06-21 09:34:26,500 [analyzer] DEBUG: Loaded monitor into process with pid 4704
2025-06-21 09:34:26,500 [analyzer] INFO: Injected into process with pid 4996 and name u'Unicorn-62164.exe'
2025-06-21 09:34:26,625 [analyzer] DEBUG: Loaded monitor into process with pid 4900
2025-06-21 09:34:26,625 [analyzer] INFO: Injected into process with pid 4204 and name u'Unicorn-12824.exe'
2025-06-21 09:34:26,655 [analyzer] INFO: Injected into process with pid 4116 and name u'Unicorn-4101.exe'
2025-06-21 09:34:26,671 [analyzer] DEBUG: Loaded monitor into process with pid 4892
2025-06-21 09:34:26,750 [analyzer] DEBUG: Loaded monitor into process with pid 5016
2025-06-21 09:34:26,765 [analyzer] DEBUG: Loaded monitor into process with pid 4908
2025-06-21 09:34:26,842 [analyzer] DEBUG: Loaded monitor into process with pid 5004
2025-06-21 09:34:26,858 [analyzer] DEBUG: Loaded monitor into process with pid 4204
2025-06-21 09:34:26,875 [analyzer] DEBUG: Loaded monitor into process with pid 4996
2025-06-21 09:34:26,890 [analyzer] INFO: Added new file to list with pid 3512 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-60894.exe
2025-06-21 09:34:26,937 [analyzer] DEBUG: Loaded monitor into process with pid 4116
2025-06-21 09:34:27,046 [analyzer] INFO: Added new file to list with pid 2420 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-15267.exe
2025-06-21 09:34:27,092 [analyzer] INFO: Injected into process with pid 4592 and name u'Unicorn-60894.exe'
2025-06-21 09:34:27,233 [analyzer] INFO: Injected into process with pid 4664 and name u'Unicorn-15267.exe'
2025-06-21 09:34:27,312 [analyzer] DEBUG: Loaded monitor into process with pid 4592
2025-06-21 09:34:27,437 [analyzer] DEBUG: Loaded monitor into process with pid 4664
2025-06-21 09:34:27,703 [analyzer] INFO: Added new file to list with pid 3652 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-12653.exe
2025-06-21 09:34:27,733 [analyzer] INFO: Added new file to list with pid 3904 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-8569.exe
2025-06-21 09:34:27,890 [analyzer] INFO: Added new file to list with pid 2516 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-56816.exe
2025-06-21 09:34:27,890 [analyzer] INFO: Injected into process with pid 4820 and name u'Unicorn-8569.exe'
2025-06-21 09:34:27,905 [analyzer] INFO: Injected into process with pid 4808 and name u'Unicorn-12653.exe'
2025-06-21 09:34:27,937 [analyzer] INFO: Added new file to list with pid 176 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-52533.exe
2025-06-21 09:34:28,000 [analyzer] INFO: Added new file to list with pid 3980 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-30334.exe
2025-06-21 09:34:28,030 [analyzer] INFO: Added new file to list with pid 3948 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-34418.exe
2025-06-21 09:34:28,078 [analyzer] INFO: Added new file to list with pid 3724 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-46670.exe
2025-06-21 09:34:28,108 [analyzer] INFO: Injected into process with pid 4968 and name u'Unicorn-56816.exe'
2025-06-21 09:34:28,125 [analyzer] DEBUG: Loaded monitor into process with pid 4808
2025-06-21 09:34:28,155 [analyzer] DEBUG: Loaded monitor into process with pid 4820
2025-06-21 09:34:28,187 [analyzer] INFO: Added new file to list with pid 3260 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-58922.exe
2025-06-21 09:34:28,217 [analyzer] INFO: Injected into process with pid 5032 and name u'Unicorn-52533.exe'
2025-06-21 09:34:28,233 [analyzer] INFO: Added new file to list with pid 3788 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-17890.exe
2025-06-21 09:34:28,250 [analyzer] INFO: Added new file to list with pid 3820 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-5637.exe
2025-06-21 09:34:28,280 [analyzer] INFO: Added new file to list with pid 3460 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-14360.exe
2025-06-21 09:34:28,296 [analyzer] INFO: Injected into process with pid 4236 and name u'Unicorn-34418.exe'
2025-06-21 09:34:28,296 [analyzer] INFO: Added new file to list with pid 3340 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-2108.exe
2025-06-21 09:34:28,312 [analyzer] INFO: Injected into process with pid 5096 and name u'Unicorn-30334.exe'
2025-06-21 09:34:28,312 [analyzer] DEBUG: Loaded monitor into process with pid 4968
2025-06-21 09:34:28,328 [analyzer] INFO: Added new file to list with pid 2176 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-46213.exe
2025-06-21 09:34:28,390 [analyzer] INFO: Injected into process with pid 4316 and name u'Unicorn-46670.exe'
2025-06-21 09:34:28,453 [analyzer] INFO: Added new file to list with pid 2356 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-13348.exe
2025-06-21 09:34:28,467 [analyzer] INFO: Injected into process with pid 4688 and name u'Unicorn-58922.exe'
2025-06-21 09:34:28,515 [analyzer] INFO: Injected into process with pid 4940 and name u'Unicorn-5637.exe'
2025-06-21 09:34:28,515 [analyzer] DEBUG: Loaded monitor into process with pid 5032
2025-06-21 09:34:28,515 [analyzer] INFO: Injected into process with pid 5048 and name u'Unicorn-14360.exe'
2025-06-21 09:34:28,515 [analyzer] INFO: Added new file to list with pid 3372 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-29950.exe
2025-06-21 09:34:28,530 [analyzer] DEBUG: Loaded monitor into process with pid 5096
2025-06-21 09:34:28,530 [analyzer] INFO: Injected into process with pid 4732 and name u'Unicorn-17890.exe'
2025-06-21 09:34:28,546 [analyzer] INFO: Injected into process with pid 4276 and name u'Unicorn-2108.exe'
2025-06-21 09:34:28,562 [analyzer] DEBUG: Loaded monitor into process with pid 4236
2025-06-21 09:34:28,578 [analyzer] INFO: Added new file to list with pid 1356 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-40156.exe
2025-06-21 09:34:28,592 [analyzer] INFO: Added new file to list with pid 1444 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-50370.exe
2025-06-21 09:34:28,608 [analyzer] INFO: Added new file to list with pid 3012 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-44240.exe
2025-06-21 09:34:28,640 [analyzer] DEBUG: Loaded monitor into process with pid 4316
2025-06-21 09:34:28,671 [analyzer] INFO: Added new file to list with pid 3548 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-54454.exe
2025-06-21 09:34:28,703 [analyzer] INFO: Injected into process with pid 4240 and name u'Unicorn-46213.exe'
2025-06-21 09:34:28,717 [analyzer] DEBUG: Loaded monitor into process with pid 4688
2025-06-21 09:34:28,733 [analyzer] INFO: Added new file to list with pid 3596 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-13421.exe
2025-06-21 09:34:28,750 [analyzer] INFO: Added new file to list with pid 3276 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-38672.exe
2025-06-21 09:34:28,780 [analyzer] DEBUG: Loaded monitor into process with pid 4940
2025-06-21 09:34:28,780 [analyzer] DEBUG: Loaded monitor into process with pid 4732
2025-06-21 09:34:28,780 [analyzer] INFO: Injected into process with pid 5204 and name u'Unicorn-13348.exe'
2025-06-21 09:34:28,858 [analyzer] DEBUG: Loaded monitor into process with pid 5048
2025-06-21 09:34:28,858 [analyzer] INFO: Added new file to list with pid 3412 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-18060.exe
2025-06-21 09:34:28,858 [analyzer] INFO: Injected into process with pid 5256 and name u'Unicorn-29950.exe'
2025-06-21 09:34:28,875 [analyzer] DEBUG: Loaded monitor into process with pid 4276
2025-06-21 09:34:28,875 [analyzer] INFO: Added new file to list with pid 360 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-35880.exe
2025-06-21 09:34:28,905 [analyzer] INFO: Injected into process with pid 5304 and name u'Unicorn-40156.exe'
2025-06-21 09:34:28,967 [analyzer] INFO: Injected into process with pid 5320 and name u'Unicorn-50370.exe'
2025-06-21 09:34:28,967 [analyzer] DEBUG: Loaded monitor into process with pid 4240
2025-06-21 09:34:28,983 [analyzer] INFO: Added new file to list with pid 2936 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-8913.exe
2025-06-21 09:34:29,046 [analyzer] INFO: Added new file to list with pid 3520 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-29055.exe
2025-06-21 09:34:29,046 [analyzer] DEBUG: Loaded monitor into process with pid 5204
2025-06-21 09:34:29,062 [analyzer] INFO: Added new file to list with pid 3608 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-35186.exe
2025-06-21 09:34:29,062 [analyzer] INFO: Injected into process with pid 5316 and name u'Unicorn-44240.exe'
2025-06-21 09:34:29,140 [analyzer] INFO: Injected into process with pid 5460 and name u'Unicorn-38672.exe'
2025-06-21 09:34:29,140 [analyzer] DEBUG: Loaded monitor into process with pid 5256
2025-06-21 09:34:29,155 [analyzer] DEBUG: Loaded monitor into process with pid 5304
2025-06-21 09:34:29,155 [analyzer] INFO: Injected into process with pid 5404 and name u'Unicorn-54454.exe'
2025-06-21 09:34:29,155 [analyzer] INFO: Injected into process with pid 5444 and name u'Unicorn-13421.exe'
2025-06-21 09:34:29,233 [analyzer] DEBUG: Loaded monitor into process with pid 5320
2025-06-21 09:34:29,250 [analyzer] INFO: Injected into process with pid 5536 and name u'Unicorn-35880.exe'
2025-06-21 09:34:29,265 [analyzer] INFO: Injected into process with pid 5528 and name u'Unicorn-18060.exe'
2025-06-21 09:34:29,358 [analyzer] DEBUG: Loaded monitor into process with pid 5316
2025-06-21 09:34:29,375 [analyzer] DEBUG: Loaded monitor into process with pid 5460
2025-06-21 09:34:29,390 [analyzer] DEBUG: Loaded monitor into process with pid 5444
2025-06-21 09:34:29,390 [analyzer] DEBUG: Loaded monitor into process with pid 5404
2025-06-21 09:34:29,390 [analyzer] INFO: Injected into process with pid 5648 and name u'Unicorn-8913.exe'
2025-06-21 09:34:29,405 [analyzer] INFO: Injected into process with pid 5724 and name u'Unicorn-35186.exe'
2025-06-21 09:34:29,437 [analyzer] INFO: Injected into process with pid 5680 and name u'Unicorn-29055.exe'
2025-06-21 09:34:29,515 [analyzer] DEBUG: Loaded monitor into process with pid 5528
2025-06-21 09:34:29,515 [analyzer] DEBUG: Loaded monitor into process with pid 5536
2025-06-21 09:34:29,625 [analyzer] DEBUG: Loaded monitor into process with pid 5648
2025-06-21 09:34:29,640 [analyzer] DEBUG: Loaded monitor into process with pid 5680
2025-06-21 09:34:29,687 [analyzer] DEBUG: Loaded monitor into process with pid 5724
2025-06-21 09:34:29,858 [analyzer] INFO: Added new file to list with pid 3360 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-18828.exe
2025-06-21 09:34:30,000 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-06-21 09:34:30,108 [analyzer] INFO: Injected into process with pid 5892 and name u'Unicorn-18828.exe'
2025-06-21 09:34:30,312 [analyzer] DEBUG: Loaded monitor into process with pid 5892
2025-06-21 09:34:31,625 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-06-21 09:34:31,625 [lib.api.process] INFO: Successfully terminated process with pid 2936.
2025-06-21 09:34:31,625 [lib.api.process] INFO: Successfully terminated process with pid 176.
2025-06-21 09:34:31,625 [lib.api.process] INFO: Successfully terminated process with pid 840.
2025-06-21 09:34:31,625 [lib.api.process] INFO: Successfully terminated process with pid 2516.
2025-06-21 09:34:31,625 [lib.api.process] INFO: Successfully terminated process with pid 2880.
2025-06-21 09:34:31,625 [lib.api.process] INFO: Successfully terminated process with pid 2176.
2025-06-21 09:34:31,625 [lib.api.process] INFO: Successfully terminated process with pid 3008.
2025-06-21 09:34:31,625 [lib.api.process] INFO: Successfully terminated process with pid 2356.
2025-06-21 09:34:31,625 [lib.api.process] INFO: Successfully terminated process with pid 1120.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 1728.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 3012.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 2420.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 360.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 1312.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 1356.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 2156.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 3116.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 3156.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 3180.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 3232.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 3276.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 3288.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 3348.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 3320.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 3340.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 3360.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 3412.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 3460.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 3440.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 3520.
2025-06-21 09:34:31,640 [lib.api.process] INFO: Successfully terminated process with pid 3536.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 3792.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 3836.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 3876.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 3896.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 3956.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 3996.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 4024.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 4080.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 3148.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 1452.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 3356.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 3396.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 3504.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 3512.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 3608.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 3652.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 3780.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 3820.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 3904.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 3980.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 3940.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 1444.
2025-06-21 09:34:31,655 [lib.api.process] INFO: Successfully terminated process with pid 3260.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 3392.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 3596.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 3788.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 3724.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 3948.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 3372.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 3548.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 4176.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 4184.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 4264.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 4300.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 4336.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 4368.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 4400.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 4432.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 4472.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 4484.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 4536.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 4564.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 4616.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4636.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4652.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4676.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4704.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4892.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4900.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4908.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4996.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 5004.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 5016.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4116.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4204.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4592.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4664.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4808.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4820.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4968.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 5032.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 5096.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4236.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4316.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 4688.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 4732.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 4940.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 5048.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 4276.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 4240.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 5204.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 5256.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 5304.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 5316.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 5320.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 5404.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 5444.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 5460.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 5528.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 5536.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 5648.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 5680.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 5724.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 5892.
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-42128.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-47977.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-36476.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-65480.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-21927.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-11501.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-56816.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-42076.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-18235.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-8087.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-12824.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-64786.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-5637.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-29654.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-19160.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-18060.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-9093.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-47496.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-13421.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-56981.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-60894.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-55066.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-5320.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-12985.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-46670.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-28798.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-47749.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-29352.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-41766.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-54454.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-62497.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-15267.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-10904.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-63973.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-4513.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-56877.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-18828.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-30334.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-39476.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-14360.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-4101.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-50982.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-23370.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-53612.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-8569.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-4744.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-40260.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-33546.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-35186.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-47194.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-20910.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-63442.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-47490.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-16332.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-12653.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-14779.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-50370.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-23014.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-21294.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-61942.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-39026.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-52933.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-43560.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-32895.exe
2025-06-21 09:34:31,967 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-8913.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-297.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-17070.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-43176.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-52533.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-50629.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-4500.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-47453.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-61558.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-12113.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-46213.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-29055.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-21272.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-53701.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-2108.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-45798.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-62164.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-51972.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-31922.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-49062.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-13680.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-13348.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-12056.exe
2025-06-21 09:34:31,983 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-40946.exe
2025-06-21 09:34:31,983 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-06-24 21:18:58,226 [cuckoo.core.scheduler] DEBUG: Task #6585850: no machine available yet
2025-06-24 21:18:59,244 [cuckoo.core.scheduler] DEBUG: Task #6585850: no machine available yet
2025-06-24 21:19:00,274 [cuckoo.core.scheduler] DEBUG: Task #6585850: no machine available yet
2025-06-24 21:19:01,294 [cuckoo.core.scheduler] DEBUG: Task #6585850: no machine available yet
2025-06-24 21:19:02,316 [cuckoo.core.scheduler] DEBUG: Task #6585850: no machine available yet
2025-06-24 21:19:03,344 [cuckoo.core.scheduler] DEBUG: Task #6585850: no machine available yet
2025-06-24 21:19:04,366 [cuckoo.core.scheduler] DEBUG: Task #6585850: no machine available yet
2025-06-24 21:19:05,388 [cuckoo.core.scheduler] DEBUG: Task #6585850: no machine available yet
2025-06-24 21:19:06,418 [cuckoo.core.scheduler] DEBUG: Task #6585850: no machine available yet
2025-06-24 21:19:07,446 [cuckoo.core.scheduler] DEBUG: Task #6585850: no machine available yet
2025-06-24 21:19:08,472 [cuckoo.core.scheduler] DEBUG: Task #6585850: no machine available yet
2025-06-24 21:19:09,500 [cuckoo.core.scheduler] DEBUG: Task #6585850: no machine available yet
2025-06-24 21:19:10,705 [cuckoo.core.scheduler] DEBUG: Task #6585850: no machine available yet
2025-06-24 21:19:11,753 [cuckoo.core.scheduler] DEBUG: Task #6585850: no machine available yet
2025-06-24 21:19:12,782 [cuckoo.core.scheduler] DEBUG: Task #6585850: no machine available yet
2025-06-24 21:19:13,802 [cuckoo.core.scheduler] DEBUG: Task #6585850: no machine available yet
2025-06-24 21:19:14,845 [cuckoo.core.scheduler] DEBUG: Task #6585850: no machine available yet
2025-06-24 21:19:15,867 [cuckoo.core.scheduler] DEBUG: Task #6585850: no machine available yet
2025-06-24 21:19:16,895 [cuckoo.core.scheduler] DEBUG: Task #6585850: no machine available yet
2025-06-24 21:19:17,946 [cuckoo.core.scheduler] INFO: Task #6585850: acquired machine win7x6414 (label=win7x6414)
2025-06-24 21:19:17,946 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.214 for task #6585850
2025-06-24 21:19:18,416 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2784222 (interface=vboxnet0, host=192.168.168.214)
2025-06-24 21:19:19,405 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6414
2025-06-24 21:19:20,345 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6414 to vmcloak
2025-06-24 21:22:00,338 [cuckoo.core.guest] INFO: Starting analysis #6585850 on guest (id=win7x6414, ip=192.168.168.214)
2025-06-24 21:22:01,342 [cuckoo.core.guest] DEBUG: win7x6414: not ready yet
2025-06-24 21:22:06,369 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6414, ip=192.168.168.214)
2025-06-24 21:22:06,449 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6414, ip=192.168.168.214, monitor=latest, size=6660546)
2025-06-24 21:22:07,836 [cuckoo.core.resultserver] DEBUG: Task #6585850: live log analysis.log initialized.
2025-06-24 21:22:08,900 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:09,423 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:10,286 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'shots/0001.jpg'
2025-06-24 21:22:10,300 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 96739
2025-06-24 21:22:12,588 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:15,948 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:15,979 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:19,355 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:19,385 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:19,401 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:19,432 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:22,374 [cuckoo.core.guest] DEBUG: win7x6414: analysis #6585850 still processing
2025-06-24 21:22:23,025 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:23,057 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:23,058 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:23,059 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:23,074 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:23,089 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:23,089 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:23,119 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:26,713 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:26,839 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:26,875 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:27,060 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:27,329 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:27,372 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:27,390 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:27,405 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:27,419 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:27,468 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:27,488 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:27,517 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:27,521 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:27,527 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:27,604 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:29,985 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:30,181 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:30,280 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:30,291 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:30,580 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:30,586 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:30,589 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:30,651 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:30,666 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:31,788 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:31,797 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:31,801 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:31,806 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:31,807 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:31,807 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:31,929 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:32,040 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:32,052 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:32,171 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:32,267 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:32,331 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:32,355 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:32,401 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:32,417 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:32,448 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:32,449 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:32,463 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:32,477 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:32,543 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:32,544 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:33,495 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:33,497 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:33,862 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:34,028 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:34,180 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:34,354 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:34,453 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:35,269 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:35,271 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:35,272 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:35,273 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:35,274 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:35,275 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:35,276 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:35,276 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:35,277 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:35,278 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:35,391 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:35,417 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:35,482 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:35,511 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:35,557 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:35,602 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:35,607 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:35,699 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:36,073 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:36,198 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:36,882 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:36,888 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:37,073 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:37,246 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:37,292 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:37,324 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:37,388 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:37,471 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:37,513 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:37,530 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:37,554 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:37,594 [cuckoo.core.guest] DEBUG: win7x6414: analysis #6585850 still processing
2025-06-24 21:22:37,602 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:37,728 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:37,798 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:37,900 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:37,909 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:37,998 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:38,120 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:38,135 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:38,154 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:38,157 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:38,260 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:38,261 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:38,386 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:38,435 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:38,460 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:39,072 [cuckoo.core.resultserver] DEBUG: Task #6585850 is sending a BSON stream
2025-06-24 21:22:39,624 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'curtain/1750491270.78.curtain.log'
2025-06-24 21:22:39,629 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 36
2025-06-24 21:22:40,428 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'sysmon/1750491271.58.sysmon.xml'
2025-06-24 21:22:40,469 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 2437414
2025-06-24 21:22:40,560 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/ba563484f08fcd9d_unicorn-8849.exe'
2025-06-24 21:22:40,565 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/f4f50670f01c9aa1_unicorn-51013.exe'
2025-06-24 21:22:40,568 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188419
2025-06-24 21:22:40,570 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188418
2025-06-24 21:22:40,573 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/89ed3aadaddaf08f_unicorn-38672.exe'
2025-06-24 21:22:40,577 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188421
2025-06-24 21:22:40,585 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/3ba3b0bf65dba6f0_unicorn-23946.exe'
2025-06-24 21:22:40,604 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188422
2025-06-24 21:22:40,622 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/5ae80f3bd352e5d0_unicorn-57858.exe'
2025-06-24 21:22:40,635 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188420
2025-06-24 21:22:40,637 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/08a7c161333e609a_unicorn-30068.exe'
2025-06-24 21:22:40,639 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/b1334bb743ffc015_unicorn-41522.exe'
2025-06-24 21:22:40,641 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/b76e3ca4158ad78e_unicorn-3068.exe'
2025-06-24 21:22:40,643 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/66c6090fec268fe0_unicorn-17890.exe'
2025-06-24 21:22:40,646 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/1c050b72fe0448c9_unicorn-35880.exe'
2025-06-24 21:22:40,648 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/74045ab1c948b371_unicorn-28886.exe'
2025-06-24 21:22:40,651 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/186e364f1f233944_unicorn-64210.exe'
2025-06-24 21:22:40,656 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188420
2025-06-24 21:22:40,658 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188419
2025-06-24 21:22:40,659 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188420
2025-06-24 21:22:40,661 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/ebc05ef8a11fc354_unicorn-8901.exe'
2025-06-24 21:22:40,663 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188419
2025-06-24 21:22:40,665 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188421
2025-06-24 21:22:40,666 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188419
2025-06-24 21:22:40,680 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188420
2025-06-24 21:22:40,687 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188418
2025-06-24 21:22:40,689 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/4f0e1ab03adcdc57_unicorn-29950.exe'
2025-06-24 21:22:40,691 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/e6949dddb1e5bc3f_unicorn-31412.exe'
2025-06-24 21:22:40,694 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/218d6e7833055a40_unicorn-6420.exe'
2025-06-24 21:22:40,696 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/94386d10069f4d2f_unicorn-34418.exe'
2025-06-24 21:22:40,698 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188422
2025-06-24 21:22:40,700 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/722dee2ffb3cfe70_unicorn-40090.exe'
2025-06-24 21:22:40,712 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188420
2025-06-24 21:22:40,713 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188418
2025-06-24 21:22:40,716 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188419
2025-06-24 21:22:40,718 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/56b85e323b7d01b8_unicorn-18118.exe'
2025-06-24 21:22:40,720 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/ffc52ccca6e7ee71_unicorn-61188.exe'
2025-06-24 21:22:40,723 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188418
2025-06-24 21:22:40,724 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188420
2025-06-24 21:22:40,726 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188418
2025-06-24 21:22:40,727 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/850d5aa11f45ee80_unicorn-58922.exe'
2025-06-24 21:22:40,731 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188419
2025-06-24 21:22:40,744 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/ac1c987b08070a46_unicorn-44240.exe'
2025-06-24 21:22:40,747 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188420
2025-06-24 21:22:40,753 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/e29d22f8e4863e64_unicorn-56426.exe'
2025-06-24 21:22:40,757 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188421
2025-06-24 21:22:40,762 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/fbe6b4c645635f95_unicorn-1781.exe'
2025-06-24 21:22:40,765 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188419
2025-06-24 21:22:40,773 [cuckoo.core.resultserver] DEBUG: Task #6585850: File upload for 'files/c1386eed566b2cc6_unicorn-40156.exe'
2025-06-24 21:22:40,777 [cuckoo.core.resultserver] DEBUG: Task #6585850 uploaded file length: 188419
2025-06-24 21:22:40,917 [cuckoo.core.resultserver] DEBUG: Task #6585850 had connection reset for <Context for LOG>
2025-06-24 21:22:43,910 [cuckoo.core.guest] INFO: win7x6414: analysis completed successfully
2025-06-24 21:22:44,303 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-06-24 21:22:44,363 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-06-24 21:22:45,529 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6414 to path /srv/cuckoo/cwd/storage/analyses/6585850/memory.dmp
2025-06-24 21:22:45,547 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6414
2025-06-24 21:25:19,302 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.214 for task #6585850
2025-06-24 21:25:22,077 [cuckoo.core.scheduler] DEBUG: Released database task #6585850
2025-06-24 21:25:22,558 [cuckoo.core.scheduler] INFO: Task #6585850: analysis procedure completed

Signatures

Yara rule detected for file (1 event)

description

(no description)

rule

SEH__vba

One or more processes crashed (50 out of 191 events)

Time & API	Arguments	Status
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636800 registers.edi: 2148139061 registers.eax: 1636800 registers.ebp: 1636880 registers.edx: 0 registers.ebx: 5967968 registers.esi: 5967968 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636796 registers.edi: 2148139061 registers.eax: 1636796 registers.ebp: 1636876 registers.edx: 0 registers.ebx: 5967968 registers.esi: 5967968 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636792 registers.edi: 2148139061 registers.eax: 1636792 registers.ebp: 1636872 registers.edx: 0 registers.ebx: 5967968 registers.esi: 5967968 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636800 registers.edi: 2148139061 registers.eax: 1636800 registers.ebp: 1636880 registers.edx: 0 registers.ebx: 8920576 registers.esi: 8920576 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636796 registers.edi: 2148139061 registers.eax: 1636796 registers.ebp: 1636876 registers.edx: 0 registers.ebx: 8920576 registers.esi: 8920576 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636792 registers.edi: 2148139061 registers.eax: 1636792 registers.ebp: 1636872 registers.edx: 0 registers.ebx: 8920576 registers.esi: 8920576 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636800 registers.edi: 2148139061 registers.eax: 1636800 registers.ebp: 1636880 registers.edx: 0 registers.ebx: 5250552 registers.esi: 5250552 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636796 registers.edi: 2148139061 registers.eax: 1636796 registers.ebp: 1636876 registers.edx: 0 registers.ebx: 5250552 registers.esi: 5250552 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636792 registers.edi: 2148139061 registers.eax: 1636792 registers.ebp: 1636872 registers.edx: 0 registers.ebx: 5250552 registers.esi: 5250552 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636800 registers.edi: 2148139061 registers.eax: 1636800 registers.ebp: 1636880 registers.edx: 0 registers.ebx: 5381632 registers.esi: 5381632 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636796 registers.edi: 2148139061 registers.eax: 1636796 registers.ebp: 1636876 registers.edx: 0 registers.ebx: 5381632 registers.esi: 5381632 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636792 registers.edi: 2148139061 registers.eax: 1636792 registers.ebp: 1636872 registers.edx: 0 registers.ebx: 5381632 registers.esi: 5381632 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636800 registers.edi: 2148139061 registers.eax: 1636800 registers.ebp: 1636880 registers.edx: 0 registers.ebx: 4988416 registers.esi: 4988416 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636796 registers.edi: 2148139061 registers.eax: 1636796 registers.ebp: 1636876 registers.edx: 0 registers.ebx: 4988416 registers.esi: 4988416 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636792 registers.edi: 2148139061 registers.eax: 1636792 registers.ebp: 1636872 registers.edx: 0 registers.ebx: 4988416 registers.esi: 4988416 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636800 registers.edi: 2148139061 registers.eax: 1636800 registers.ebp: 1636880 registers.edx: 0 registers.ebx: 8658432 registers.esi: 8658432 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636796 registers.edi: 2148139061 registers.eax: 1636796 registers.ebp: 1636876 registers.edx: 0 registers.ebx: 8658432 registers.esi: 8658432 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636792 registers.edi: 2148139061 registers.eax: 1636792 registers.ebp: 1636872 registers.edx: 0 registers.ebx: 8658432 registers.esi: 8658432 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636800 registers.edi: 2148139061 registers.eax: 1636800 registers.ebp: 1636880 registers.edx: 0 registers.ebx: 5119488 registers.esi: 5119488 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636796 registers.edi: 2148139061 registers.eax: 1636796 registers.ebp: 1636876 registers.edx: 0 registers.ebx: 5119488 registers.esi: 5119488 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636792 registers.edi: 2148139061 registers.eax: 1636792 registers.ebp: 1636872 registers.edx: 0 registers.ebx: 5119488 registers.esi: 5119488 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636800 registers.edi: 2148139061 registers.eax: 1636800 registers.ebp: 1636880 registers.edx: 0 registers.ebx: 2825728 registers.esi: 2825728 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636796 registers.edi: 2148139061 registers.eax: 1636796 registers.ebp: 1636876 registers.edx: 0 registers.ebx: 2825728 registers.esi: 2825728 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636792 registers.edi: 2148139061 registers.eax: 1636792 registers.ebp: 1636872 registers.edx: 0 registers.ebx: 2825728 registers.esi: 2825728 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636800 registers.edi: 2148139061 registers.eax: 1636800 registers.ebp: 1636880 registers.edx: 0 registers.ebx: 5709312 registers.esi: 5709312 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636796 registers.edi: 2148139061 registers.eax: 1636796 registers.ebp: 1636876 registers.edx: 0 registers.ebx: 5709312 registers.esi: 5709312 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636792 registers.edi: 2148139061 registers.eax: 1636792 registers.ebp: 1636872 registers.edx: 0 registers.ebx: 5709312 registers.esi: 5709312 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636800 registers.edi: 2148139061 registers.eax: 1636800 registers.ebp: 1636880 registers.edx: 0 registers.ebx: 6233600 registers.esi: 6233600 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636796 registers.edi: 2148139061 registers.eax: 1636796 registers.ebp: 1636876 registers.edx: 0 registers.ebx: 6233600 registers.esi: 6233600 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636792 registers.edi: 2148139061 registers.eax: 1636792 registers.ebp: 1636872 registers.edx: 0 registers.ebx: 6233600 registers.esi: 6233600 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636800 registers.edi: 2148139061 registers.eax: 1636800 registers.ebp: 1636880 registers.edx: 0 registers.ebx: 5250560 registers.esi: 5250560 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636796 registers.edi: 2148139061 registers.eax: 1636796 registers.ebp: 1636876 registers.edx: 0 registers.ebx: 5250560 registers.esi: 5250560 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636792 registers.edi: 2148139061 registers.eax: 1636792 registers.ebp: 1636872 registers.edx: 0 registers.ebx: 5250560 registers.esi: 5250560 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636800 registers.edi: 2148139061 registers.eax: 1636800 registers.ebp: 1636880 registers.edx: 0 registers.ebx: 5578240 registers.esi: 5578240 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636796 registers.edi: 2148139061 registers.eax: 1636796 registers.ebp: 1636876 registers.edx: 0 registers.ebx: 5578240 registers.esi: 5578240 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636792 registers.edi: 2148139061 registers.eax: 1636792 registers.ebp: 1636872 registers.edx: 0 registers.ebx: 5578240 registers.esi: 5578240 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1633640 registers.edi: 5578240 registers.eax: 1633640 registers.ebp: 1633720 registers.edx: 0 registers.ebx: 5578240 registers.esi: 5578240 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636800 registers.edi: 2148139061 registers.eax: 1636800 registers.ebp: 1636880 registers.edx: 0 registers.ebx: 8789504 registers.esi: 8789504 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636796 registers.edi: 2148139061 registers.eax: 1636796 registers.ebp: 1636876 registers.edx: 0 registers.ebx: 8789504 registers.esi: 8789504 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636792 registers.edi: 2148139061 registers.eax: 1636792 registers.ebp: 1636872 registers.edx: 0 registers.ebx: 8789504 registers.esi: 8789504 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636800 registers.edi: 2148139061 registers.eax: 1636800 registers.ebp: 1636880 registers.edx: 0 registers.ebx: 5185024 registers.esi: 5185024 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636796 registers.edi: 2148139061 registers.eax: 1636796 registers.ebp: 1636876 registers.edx: 0 registers.ebx: 5185024 registers.esi: 5185024 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636792 registers.edi: 2148139061 registers.eax: 1636792 registers.ebp: 1636872 registers.edx: 0 registers.ebx: 5185024 registers.esi: 5185024 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636800 registers.edi: 2148139061 registers.eax: 1636800 registers.ebp: 1636880 registers.edx: 0 registers.ebx: 5709304 registers.esi: 5709304 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636796 registers.edi: 2148139061 registers.eax: 1636796 registers.ebp: 1636876 registers.edx: 0 registers.ebx: 5709304 registers.esi: 5709304 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636792 registers.edi: 2148139061 registers.eax: 1636792 registers.ebp: 1636872 registers.edx: 0 registers.ebx: 5709304 registers.esi: 5709304 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636800 registers.edi: 2148139061 registers.eax: 1636800 registers.ebp: 1636880 registers.edx: 0 registers.ebx: 3218936 registers.esi: 3218936 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636796 registers.edi: 2148139061 registers.eax: 1636796 registers.ebp: 1636876 registers.edx: 0 registers.ebx: 3218936 registers.esi: 3218936 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636792 registers.edi: 2148139061 registers.eax: 1636792 registers.ebp: 1636872 registers.edx: 0 registers.ebx: 3218936 registers.esi: 3218936 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1636800 registers.edi: 2148139061 registers.eax: 1636800 registers.ebp: 1636880 registers.edx: 0 registers.ebx: 5905912 registers.esi: 5905912 registers.ecx: 2	1

Foreign language identified in PE resource (1 event)

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0002d150

size

0x00000234

Creates executable files on the filesystem (50 out of 113 events)

file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-2108.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-29950.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-31412.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-43560.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-20910.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-47490.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-16332.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-18118.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-23014.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-44240.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-56426.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-21294.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-61942.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-39026.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-40156.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-10904.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-36476.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-8849.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-17070.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-43176.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-52533.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-11501.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-4101.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-47453.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-61558.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-12824.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-29654.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-46213.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-19160.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-29055.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-21272.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-47496.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-45798.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-51972.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-60894.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-49062.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-55066.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-6420.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-46670.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-28798.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-47749.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-1781.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-29352.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-41766.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-12056.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-5320.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-62497.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-15267.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-38672.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-39476.exe

Drops an executable to the user AppData folder (2 events)

file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-8849.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-51013.exe

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 21, 2025, 10:34 a.m.	process_identifier: 2936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x003f0000 process_handle: 0xffffffff	1	0	0

File has been identified by 14 AntiVirus engine on IRMA as malicious (14 events)

G Data Antivirus (Windows)	Virus: Generic.Dacic.94CCEEA9.A.A7364D06 (Engine A)
Avast Core Security (Linux)	Win32:VB-AJKU [Trj]
C4S ClamAV (Linux)	Win.Malware.Generickdz-10004857-0
Trend Micro SProtect (Linux)	Possible_SMMULDROPVSA
Trellix (Linux)	GenericRXHC-SS
WithSecure (Linux)	Trojan.TR/Crypt.XPACK.Gen
eScan Antivirus (Linux)	Generic.Dacic.94CCEEA9.A.A7364D06(DB)
ESET Security (Windows)	a variant of Win32/VBClone.D trojan
Sophos Anti-Virus (Linux)	Mal/VB-AQT
DrWeb Antivirus (Linux)	Trojan.MulDrop17.61497
ClamAV (Linux)	Win.Malware.Generickdz-10004857-0
Bitdefender Antivirus (Linux)	Generic.Dacic.94CCEEA9.A.A7364D06
Kaspersky Standard (Windows)	HEUR:Trojan.Win32.VB.gen
Emsisoft Commandline Scanner (Windows)	Generic.Dacic.94CCEEA9.A.A7364D06 (B)

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File d9ed385659edad32cf17ae4cb70c67314c430da7b53bc6136bb744511b5d972a

Summary Download Resubmit sample

Score

Autosubmit

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample