Cuckoo Sandbox

File 5da3099a1b0ee5d6_unicorn-29765.exe

Summary
Download Resubmit sample

Size	468.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5f9c5f85a88fb04148117759292c0e01`
SHA1	`49a94640c95ae5045a13c1e9dd7dea68bae9310c`
SHA256	`5da3099a1b0ee5d68a95e7a4df8be768439a59a7bcc71577b3ad2692c3a0d52f`
SHA512	`d0a4623beb2a79d84bc0695d07f5ebac17180f030651bc74898c12118142ca78fcb0ab5291d455b47fc177205961f1a16717cee0c1f80931a14f08e737772603`
CRC32	`68EF8D9B`
ssdeep	`None`
Yara	SEH__vba - (no description)

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:6585851

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	July 2, 2025, 12:10 p.m.	July 2, 2025, 12:18 p.m.	485 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-06-24 21:27:38,015 [analyzer] DEBUG: Starting analyzer from: C:\tmp564etj
2025-06-24 21:27:38,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\JyOOBsxxuCohqlfWjv
2025-06-24 21:27:38,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\UPKSmATQIcfFuALr
2025-06-24 21:27:38,030 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-06-24 21:27:38,046 [analyzer] INFO: Automatically selected analysis package "exe"
2025-06-24 21:27:38,358 [analyzer] DEBUG: Started auxiliary module Curtain
2025-06-24 21:27:38,358 [analyzer] DEBUG: Started auxiliary module DbgView
2025-06-24 21:27:38,842 [analyzer] DEBUG: Started auxiliary module Disguise
2025-06-24 21:27:39,046 [analyzer] DEBUG: Loaded monitor into process with pid 508
2025-06-24 21:27:39,046 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-06-24 21:27:39,062 [analyzer] DEBUG: Started auxiliary module Human
2025-06-24 21:27:39,062 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-06-24 21:27:39,062 [analyzer] DEBUG: Started auxiliary module Reboot
2025-06-24 21:27:39,125 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-06-24 21:27:39,125 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-06-24 21:27:39,125 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-06-24 21:27:39,125 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-06-24 21:27:39,296 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\5da3099a1b0ee5d6_unicorn-29765.exe' with arguments '' and pid 788
2025-06-24 21:27:39,500 [analyzer] DEBUG: Loaded monitor into process with pid 788
2025-06-24 21:27:42,562 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-23840.exe
2025-06-24 21:27:42,671 [analyzer] INFO: Injected into process with pid 2688 and name u'Unicorn-23840.exe'
2025-06-24 21:27:42,828 [analyzer] DEBUG: Loaded monitor into process with pid 2688
2025-06-24 21:27:45,890 [analyzer] INFO: Added new file to list with pid 2688 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-6481.exe
2025-06-24 21:27:45,967 [analyzer] INFO: Injected into process with pid 564 and name u'Unicorn-6481.exe'
2025-06-24 21:27:46,125 [analyzer] DEBUG: Loaded monitor into process with pid 564
2025-06-24 21:27:49,187 [analyzer] INFO: Added new file to list with pid 564 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-63632.exe
2025-06-24 21:27:49,312 [analyzer] INFO: Injected into process with pid 2920 and name u'Unicorn-63632.exe'
2025-06-24 21:27:49,500 [analyzer] DEBUG: Loaded monitor into process with pid 2920
2025-06-24 21:27:52,562 [analyzer] INFO: Added new file to list with pid 2920 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-15391.exe
2025-06-24 21:27:52,717 [analyzer] INFO: Injected into process with pid 3000 and name u'Unicorn-15391.exe'
2025-06-24 21:27:52,890 [analyzer] DEBUG: Loaded monitor into process with pid 3000
2025-06-24 21:27:55,953 [analyzer] INFO: Added new file to list with pid 3000 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-2153.exe
2025-06-24 21:27:56,030 [analyzer] INFO: Injected into process with pid 2500 and name u'Unicorn-2153.exe'
2025-06-24 21:27:56,187 [analyzer] DEBUG: Loaded monitor into process with pid 2500
2025-06-24 21:27:59,250 [analyzer] INFO: Added new file to list with pid 2500 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-59112.exe
2025-06-24 21:27:59,421 [analyzer] INFO: Injected into process with pid 1852 and name u'Unicorn-59112.exe'
2025-06-24 21:27:59,578 [analyzer] DEBUG: Loaded monitor into process with pid 1852
2025-06-24 21:28:02,655 [analyzer] INFO: Added new file to list with pid 1852 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-60228.exe
2025-06-24 21:28:02,733 [analyzer] INFO: Injected into process with pid 3032 and name u'Unicorn-60228.exe'
2025-06-24 21:28:02,890 [analyzer] DEBUG: Loaded monitor into process with pid 3032
2025-06-24 21:28:05,953 [analyzer] INFO: Added new file to list with pid 3032 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-59242.exe
2025-06-24 21:28:06,078 [analyzer] INFO: Injected into process with pid 3108 and name u'Unicorn-59242.exe'
2025-06-24 21:28:06,250 [analyzer] DEBUG: Loaded monitor into process with pid 3108
2025-06-24 21:28:09,328 [analyzer] INFO: Added new file to list with pid 3108 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-11769.exe
2025-06-24 21:28:09,421 [analyzer] INFO: Injected into process with pid 3196 and name u'Unicorn-11769.exe'
2025-06-24 21:28:09,592 [analyzer] DEBUG: Loaded monitor into process with pid 3196
2025-06-24 21:28:12,733 [analyzer] INFO: Added new file to list with pid 3196 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-25174.exe
2025-06-24 21:28:12,828 [analyzer] INFO: Injected into process with pid 3288 and name u'Unicorn-25174.exe'
2025-06-24 21:28:12,983 [analyzer] DEBUG: Loaded monitor into process with pid 3288
2025-06-24 21:28:16,108 [analyzer] INFO: Added new file to list with pid 3288 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-11502.exe
2025-06-24 21:28:16,187 [analyzer] INFO: Injected into process with pid 3380 and name u'Unicorn-11502.exe'
2025-06-24 21:28:16,358 [analyzer] DEBUG: Loaded monitor into process with pid 3380
2025-06-24 21:28:19,500 [analyzer] INFO: Added new file to list with pid 3380 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-59525.exe
2025-06-24 21:28:19,592 [analyzer] INFO: Injected into process with pid 3472 and name u'Unicorn-59525.exe'
2025-06-24 21:28:19,750 [analyzer] DEBUG: Loaded monitor into process with pid 3472
2025-06-24 21:28:22,875 [analyzer] INFO: Added new file to list with pid 3472 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-11476.exe
2025-06-24 21:28:23,000 [analyzer] INFO: Injected into process with pid 3552 and name u'Unicorn-11476.exe'
2025-06-24 21:28:23,155 [analyzer] DEBUG: Loaded monitor into process with pid 3552
2025-06-24 21:28:26,296 [analyzer] INFO: Added new file to list with pid 3552 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-56183.exe
2025-06-24 21:28:26,375 [analyzer] INFO: Injected into process with pid 3660 and name u'Unicorn-56183.exe'
2025-06-24 21:28:26,546 [analyzer] DEBUG: Loaded monitor into process with pid 3660
2025-06-24 21:28:29,687 [analyzer] INFO: Added new file to list with pid 3660 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-38861.exe
2025-06-24 21:28:29,780 [analyzer] INFO: Injected into process with pid 3752 and name u'Unicorn-38861.exe'
2025-06-24 21:28:29,953 [analyzer] DEBUG: Loaded monitor into process with pid 3752
2025-06-24 21:28:33,092 [analyzer] INFO: Added new file to list with pid 3752 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-40553.exe
2025-06-24 21:28:33,187 [analyzer] INFO: Injected into process with pid 3836 and name u'Unicorn-40553.exe'
2025-06-24 21:28:33,342 [analyzer] DEBUG: Loaded monitor into process with pid 3836
2025-06-24 21:28:36,453 [analyzer] INFO: Added new file to list with pid 3836 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-27315.exe
2025-06-24 21:28:36,546 [analyzer] INFO: Injected into process with pid 3928 and name u'Unicorn-27315.exe'
2025-06-24 21:28:36,703 [analyzer] DEBUG: Loaded monitor into process with pid 3928
2025-06-24 21:28:39,842 [analyzer] INFO: Added new file to list with pid 3928 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-44611.exe
2025-06-24 21:28:39,967 [analyzer] INFO: Injected into process with pid 4024 and name u'Unicorn-44611.exe'
2025-06-24 21:28:40,125 [analyzer] DEBUG: Loaded monitor into process with pid 4024
2025-06-24 21:28:43,250 [analyzer] INFO: Added new file to list with pid 4024 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-23781.exe
2025-06-24 21:28:43,421 [analyzer] INFO: Injected into process with pid 3120 and name u'Unicorn-23781.exe'
2025-06-24 21:28:43,578 [analyzer] DEBUG: Loaded monitor into process with pid 3120
2025-06-24 21:28:46,703 [analyzer] INFO: Added new file to list with pid 3120 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-63827.exe
2025-06-24 21:28:46,812 [analyzer] INFO: Injected into process with pid 1808 and name u'Unicorn-63827.exe'
2025-06-24 21:28:46,983 [analyzer] DEBUG: Loaded monitor into process with pid 1808
2025-06-24 21:28:50,092 [analyzer] INFO: Added new file to list with pid 1808 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-34793.exe
2025-06-24 21:28:50,217 [analyzer] INFO: Injected into process with pid 3484 and name u'Unicorn-34793.exe'
2025-06-24 21:28:50,375 [analyzer] DEBUG: Loaded monitor into process with pid 3484
2025-06-24 21:28:53,500 [analyzer] INFO: Added new file to list with pid 3484 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-48005.exe
2025-06-24 21:28:53,608 [analyzer] INFO: Injected into process with pid 3640 and name u'Unicorn-48005.exe'
2025-06-24 21:28:53,765 [analyzer] DEBUG: Loaded monitor into process with pid 3640
2025-06-24 21:28:56,905 [analyzer] INFO: Added new file to list with pid 3640 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-61409.exe
2025-06-24 21:28:57,062 [analyzer] INFO: Injected into process with pid 3888 and name u'Unicorn-61409.exe'
2025-06-24 21:28:57,233 [analyzer] DEBUG: Loaded monitor into process with pid 3888
2025-06-24 21:29:00,405 [analyzer] INFO: Added new file to list with pid 3888 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-63137.exe
2025-06-24 21:29:00,562 [analyzer] INFO: Injected into process with pid 2124 and name u'Unicorn-63137.exe'
2025-06-24 21:29:00,765 [analyzer] DEBUG: Loaded monitor into process with pid 2124
2025-06-24 21:29:03,890 [analyzer] INFO: Added new file to list with pid 2124 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-33371.exe
2025-06-24 21:29:04,000 [analyzer] INFO: Injected into process with pid 3084 and name u'Unicorn-33371.exe'
2025-06-24 21:29:04,187 [analyzer] DEBUG: Loaded monitor into process with pid 3084
2025-06-24 21:29:07,312 [analyzer] INFO: Added new file to list with pid 3084 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-252.exe
2025-06-24 21:29:07,421 [analyzer] INFO: Injected into process with pid 2424 and name u'Unicorn-252.exe'
2025-06-24 21:29:07,592 [analyzer] DEBUG: Loaded monitor into process with pid 2424
2025-06-24 21:29:10,717 [analyzer] INFO: Added new file to list with pid 2424 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-13656.exe
2025-06-24 21:29:10,842 [analyzer] INFO: Injected into process with pid 1276 and name u'Unicorn-13656.exe'
2025-06-24 21:29:11,015 [analyzer] DEBUG: Loaded monitor into process with pid 1276
2025-06-24 21:29:14,187 [analyzer] INFO: Added new file to list with pid 1276 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-19469.exe
2025-06-24 21:29:14,280 [analyzer] INFO: Injected into process with pid 2336 and name u'Unicorn-19469.exe'
2025-06-24 21:29:14,453 [analyzer] DEBUG: Loaded monitor into process with pid 2336
2025-06-24 21:29:17,608 [analyzer] INFO: Added new file to list with pid 2336 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-63407.exe
2025-06-24 21:29:17,733 [analyzer] INFO: Injected into process with pid 1372 and name u'Unicorn-63407.exe'
2025-06-24 21:29:17,905 [analyzer] DEBUG: Loaded monitor into process with pid 1372
2025-06-24 21:29:21,062 [analyzer] INFO: Added new file to list with pid 1372 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-26205.exe
2025-06-24 21:29:21,187 [analyzer] INFO: Injected into process with pid 3960 and name u'Unicorn-26205.exe'
2025-06-24 21:29:21,342 [analyzer] DEBUG: Loaded monitor into process with pid 3960
2025-06-24 21:29:24,500 [analyzer] INFO: Added new file to list with pid 3960 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-35333.exe
2025-06-24 21:29:24,592 [analyzer] INFO: Injected into process with pid 896 and name u'Unicorn-35333.exe'
2025-06-24 21:29:24,750 [analyzer] DEBUG: Loaded monitor into process with pid 896
2025-06-24 21:29:27,905 [analyzer] INFO: Added new file to list with pid 896 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-48737.exe
2025-06-24 21:29:28,000 [analyzer] INFO: Injected into process with pid 3040 and name u'Unicorn-48737.exe'
2025-06-24 21:29:28,171 [analyzer] DEBUG: Loaded monitor into process with pid 3040
2025-06-24 21:29:31,296 [analyzer] INFO: Added new file to list with pid 3040 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-31991.exe
2025-06-24 21:29:31,405 [analyzer] INFO: Injected into process with pid 3848 and name u'Unicorn-31991.exe'
2025-06-24 21:29:31,546 [analyzer] DEBUG: Loaded monitor into process with pid 3848
2025-06-24 21:29:34,671 [analyzer] INFO: Added new file to list with pid 3848 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-49479.exe
2025-06-24 21:29:34,765 [analyzer] INFO: Injected into process with pid 3516 and name u'Unicorn-49479.exe'
2025-06-24 21:29:34,937 [analyzer] DEBUG: Loaded monitor into process with pid 3516
2025-06-24 21:29:38,092 [analyzer] INFO: Added new file to list with pid 3516 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-51171.exe
2025-06-24 21:29:38,203 [analyzer] INFO: Injected into process with pid 1972 and name u'Unicorn-51171.exe'
2025-06-24 21:29:38,358 [analyzer] DEBUG: Loaded monitor into process with pid 1972
2025-06-24 21:29:41,515 [analyzer] INFO: Added new file to list with pid 1972 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-60299.exe
2025-06-24 21:29:41,625 [analyzer] INFO: Injected into process with pid 4128 and name u'Unicorn-60299.exe'
2025-06-24 21:29:41,780 [analyzer] DEBUG: Loaded monitor into process with pid 4128
2025-06-24 21:29:44,937 [analyzer] INFO: Added new file to list with pid 4128 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-38893.exe
2025-06-24 21:29:45,030 [analyzer] INFO: Injected into process with pid 4208 and name u'Unicorn-38893.exe'
2025-06-24 21:29:45,203 [analyzer] DEBUG: Loaded monitor into process with pid 4208
2025-06-24 21:29:48,390 [analyzer] INFO: Added new file to list with pid 4208 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-13978.exe
2025-06-24 21:29:48,530 [analyzer] INFO: Injected into process with pid 4284 and name u'Unicorn-13978.exe'
2025-06-24 21:29:48,703 [analyzer] DEBUG: Loaded monitor into process with pid 4284
2025-06-24 21:29:51,875 [analyzer] INFO: Added new file to list with pid 4284 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-49749.exe
2025-06-24 21:29:51,967 [analyzer] INFO: Injected into process with pid 4360 and name u'Unicorn-49749.exe'
2025-06-24 21:29:52,140 [analyzer] DEBUG: Loaded monitor into process with pid 4360
2025-06-24 21:29:55,296 [analyzer] INFO: Added new file to list with pid 4360 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-16631.exe
2025-06-24 21:29:55,405 [analyzer] INFO: Injected into process with pid 4440 and name u'Unicorn-16631.exe'
2025-06-24 21:29:55,578 [analyzer] DEBUG: Loaded monitor into process with pid 4440
2025-06-24 21:29:58,733 [analyzer] INFO: Added new file to list with pid 4440 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-25951.exe
2025-06-24 21:29:58,828 [analyzer] INFO: Injected into process with pid 4524 and name u'Unicorn-25951.exe'
2025-06-24 21:29:58,983 [analyzer] DEBUG: Loaded monitor into process with pid 4524
2025-06-24 21:30:02,140 [analyzer] INFO: Added new file to list with pid 4524 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-39931.exe
2025-06-24 21:30:02,296 [analyzer] INFO: Injected into process with pid 4608 and name u'Unicorn-39931.exe'
2025-06-24 21:30:02,453 [analyzer] DEBUG: Loaded monitor into process with pid 4608
2025-06-24 21:30:05,687 [analyzer] INFO: Added new file to list with pid 4608 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-1996.exe
2025-06-24 21:30:05,796 [analyzer] INFO: Injected into process with pid 4692 and name u'Unicorn-1996.exe'
2025-06-24 21:30:05,983 [analyzer] DEBUG: Loaded monitor into process with pid 4692
2025-06-24 21:30:09,140 [analyzer] INFO: Added new file to list with pid 4692 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-30331.exe
2025-06-24 21:30:09,217 [analyzer] INFO: Injected into process with pid 4768 and name u'Unicorn-30331.exe'
2025-06-24 21:30:09,358 [analyzer] DEBUG: Loaded monitor into process with pid 4768
2025-06-24 21:30:12,546 [analyzer] INFO: Added new file to list with pid 4768 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-43543.exe
2025-06-24 21:30:12,703 [analyzer] INFO: Injected into process with pid 4844 and name u'Unicorn-43543.exe'
2025-06-24 21:30:12,875 [analyzer] DEBUG: Loaded monitor into process with pid 4844
2025-06-24 21:30:16,092 [analyzer] INFO: Added new file to list with pid 4844 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-6376.exe
2025-06-24 21:30:16,187 [analyzer] INFO: Injected into process with pid 4920 and name u'Unicorn-6376.exe'
2025-06-24 21:30:16,358 [analyzer] DEBUG: Loaded monitor into process with pid 4920
2025-06-24 21:30:19,640 [analyzer] INFO: Added new file to list with pid 4920 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-33979.exe
2025-06-24 21:30:19,733 [analyzer] INFO: Injected into process with pid 5000 and name u'Unicorn-33979.exe'
2025-06-24 21:30:19,905 [analyzer] DEBUG: Loaded monitor into process with pid 5000
2025-06-24 21:30:23,155 [analyzer] INFO: Added new file to list with pid 5000 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-896.exe
2025-06-24 21:30:23,250 [analyzer] INFO: Injected into process with pid 5084 and name u'Unicorn-896.exe'
2025-06-24 21:30:23,421 [analyzer] DEBUG: Loaded monitor into process with pid 5084
2025-06-24 21:30:26,640 [analyzer] INFO: Added new file to list with pid 5084 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-57147.exe
2025-06-24 21:30:26,750 [analyzer] INFO: Injected into process with pid 2396 and name u'Unicorn-57147.exe'
2025-06-24 21:30:26,921 [analyzer] DEBUG: Loaded monitor into process with pid 2396
2025-06-24 21:30:30,467 [analyzer] INFO: Added new file to list with pid 2396 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-48569.exe
2025-06-24 21:30:30,625 [analyzer] INFO: Injected into process with pid 1500 and name u'Unicorn-48569.exe'
2025-06-24 21:30:30,796 [analyzer] DEBUG: Loaded monitor into process with pid 1500
2025-06-24 21:30:34,062 [analyzer] INFO: Added new file to list with pid 1500 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-37853.exe
2025-06-24 21:30:34,155 [analyzer] INFO: Injected into process with pid 2592 and name u'Unicorn-37853.exe'
2025-06-24 21:30:34,328 [analyzer] DEBUG: Loaded monitor into process with pid 2592
2025-06-24 21:30:37,703 [analyzer] INFO: Added new file to list with pid 2592 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-22477.exe
2025-06-24 21:30:37,842 [analyzer] INFO: Injected into process with pid 4628 and name u'Unicorn-22477.exe'
2025-06-24 21:30:38,015 [analyzer] DEBUG: Loaded monitor into process with pid 4628
2025-06-24 21:30:41,342 [analyzer] INFO: Added new file to list with pid 4628 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-26115.exe
2025-06-24 21:30:41,608 [analyzer] INFO: Injected into process with pid 4864 and name u'Unicorn-26115.exe'
2025-06-24 21:30:41,780 [analyzer] DEBUG: Loaded monitor into process with pid 4864
2025-06-24 21:30:45,265 [analyzer] INFO: Added new file to list with pid 4864 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-5092.exe
2025-06-24 21:30:45,421 [analyzer] INFO: Injected into process with pid 5052 and name u'Unicorn-5092.exe'
2025-06-24 21:30:45,578 [analyzer] DEBUG: Loaded monitor into process with pid 5052
2025-06-24 21:30:48,875 [analyzer] INFO: Added new file to list with pid 5052 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-55253.exe
2025-06-24 21:30:49,078 [analyzer] INFO: Injected into process with pid 1792 and name u'Unicorn-55253.exe'
2025-06-24 21:30:49,250 [analyzer] DEBUG: Loaded monitor into process with pid 1792
2025-06-24 21:30:52,562 [analyzer] INFO: Added new file to list with pid 1792 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-32285.exe
2025-06-24 21:30:52,687 [analyzer] INFO: Injected into process with pid 4540 and name u'Unicorn-32285.exe'
2025-06-24 21:30:52,858 [analyzer] DEBUG: Loaded monitor into process with pid 4540
2025-06-24 21:30:56,140 [analyzer] INFO: Added new file to list with pid 4540 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-13556.exe
2025-06-24 21:30:56,250 [analyzer] INFO: Injected into process with pid 2732 and name u'Unicorn-13556.exe'
2025-06-24 21:30:56,421 [analyzer] DEBUG: Loaded monitor into process with pid 2732
2025-06-24 21:30:58,687 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-06-24 21:30:59,687 [analyzer] INFO: Added new file to list with pid 2732 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-41159.exe
2025-06-24 21:30:59,812 [analyzer] INFO: Injected into process with pid 2884 and name u'Unicorn-41159.exe'
2025-06-24 21:30:59,983 [analyzer] DEBUG: Loaded monitor into process with pid 2884
2025-06-24 21:31:00,890 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-06-24 21:31:00,890 [lib.api.process] INFO: Successfully terminated process with pid 788.
2025-06-24 21:31:00,890 [lib.api.process] INFO: Successfully terminated process with pid 2688.
2025-06-24 21:31:00,890 [lib.api.process] INFO: Successfully terminated process with pid 564.
2025-06-24 21:31:00,890 [lib.api.process] INFO: Successfully terminated process with pid 2920.
2025-06-24 21:31:00,890 [lib.api.process] INFO: Successfully terminated process with pid 3000.
2025-06-24 21:31:00,890 [lib.api.process] INFO: Successfully terminated process with pid 2500.
2025-06-24 21:31:00,890 [lib.api.process] INFO: Successfully terminated process with pid 1852.
2025-06-24 21:31:00,905 [lib.api.process] INFO: Successfully terminated process with pid 3032.
2025-06-24 21:31:00,905 [lib.api.process] INFO: Successfully terminated process with pid 3108.
2025-06-24 21:31:00,905 [lib.api.process] INFO: Successfully terminated process with pid 3196.
2025-06-24 21:31:00,905 [lib.api.process] INFO: Successfully terminated process with pid 3288.
2025-06-24 21:31:00,905 [lib.api.process] INFO: Successfully terminated process with pid 3380.
2025-06-24 21:31:00,905 [lib.api.process] INFO: Successfully terminated process with pid 3472.
2025-06-24 21:31:00,905 [lib.api.process] INFO: Successfully terminated process with pid 3552.
2025-06-24 21:31:00,905 [lib.api.process] INFO: Successfully terminated process with pid 3660.
2025-06-24 21:31:00,905 [lib.api.process] INFO: Successfully terminated process with pid 3752.
2025-06-24 21:31:00,905 [lib.api.process] INFO: Successfully terminated process with pid 3836.
2025-06-24 21:31:00,905 [lib.api.process] INFO: Successfully terminated process with pid 3928.
2025-06-24 21:31:00,905 [lib.api.process] INFO: Successfully terminated process with pid 4024.
2025-06-24 21:31:00,905 [lib.api.process] INFO: Successfully terminated process with pid 3120.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 1808.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 3484.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 3640.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 3888.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 2124.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 3084.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 2424.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 1276.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 2336.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 1372.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 3960.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 896.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 3040.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 3848.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 3516.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 1972.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 4128.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 4208.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 4284.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 4360.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 4440.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 4524.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 4608.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 4692.
2025-06-24 21:31:00,921 [lib.api.process] INFO: Successfully terminated process with pid 4768.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 4844.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 4920.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 5000.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 5084.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 2396.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 1500.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 2592.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 4628.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 4864.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 5052.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 1792.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 4540.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 2732.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 2884.
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-48005.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-26115.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-2153.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-11476.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-26205.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-30331.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-63827.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-51171.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-11502.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-252.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-11769.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-39931.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-34793.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-63407.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-6376.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-56183.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-13556.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-25951.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-61409.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-16631.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-38893.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-63137.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-55253.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-59242.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-6481.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-60228.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-38861.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-32285.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-13656.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-49749.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-63632.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-33979.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-31991.exe
2025-06-24 21:31:01,250 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-07-02 12:10:03,056 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:04,077 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:05,096 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:06,116 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:07,141 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:08,165 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:09,187 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:10,203 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:11,440 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:12,482 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:13,898 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:14,976 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:16,025 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:17,072 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:18,109 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:19,399 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:20,494 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:21,547 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:22,655 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:23,727 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:24,786 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:25,837 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:26,893 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:27,943 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:29,004 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:30,024 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:31,204 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:32,309 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:33,374 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:34,501 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:35,590 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:36,658 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:37,773 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:39,185 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:40,273 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:41,396 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:42,679 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:43,792 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:44,857 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:45,937 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:47,007 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:48,111 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:49,193 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:50,260 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:51,317 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:52,384 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:53,454 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:54,513 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:55,573 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:56,635 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:57,687 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:58,745 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:10:59,796 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:11:00,832 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:11:01,879 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:11:02,931 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:11:03,986 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:11:05,029 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:11:06,067 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:11:07,117 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:11:08,185 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:11:09,246 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:11:10,312 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:11:11,583 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:11:12,817 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:11:13,876 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:11:14,943 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:11:16,020 [cuckoo.core.scheduler] DEBUG: Task #6631127: no machine available yet
2025-07-02 12:11:17,094 [cuckoo.core.scheduler] INFO: Task #6631127: acquired machine win7x6419 (label=win7x6419)
2025-07-02 12:11:17,105 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.219 for task #6631127
2025-07-02 12:11:17,470 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2749658 (interface=vboxnet0, host=192.168.168.219)
2025-07-02 12:11:18,713 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6419
2025-07-02 12:11:25,996 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6419 to vmcloak
2025-07-02 12:12:53,913 [cuckoo.core.guest] INFO: Starting analysis #6631127 on guest (id=win7x6419, ip=192.168.168.219)
2025-07-02 12:12:54,918 [cuckoo.core.guest] DEBUG: win7x6419: not ready yet
2025-07-02 12:12:59,942 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6419, ip=192.168.168.219)
2025-07-02 12:13:00,029 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6419, ip=192.168.168.219, monitor=latest, size=6660546)
2025-07-02 12:13:03,874 [cuckoo.core.resultserver] DEBUG: Task #6631127: live log analysis.log initialized.
2025-07-02 12:13:03,903 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:13:03,957 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:13:04,056 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0001.jpg'
2025-07-02 12:13:04,074 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 133580
2025-07-02 12:13:06,155 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:13:08,207 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0002.jpg'
2025-07-02 12:13:08,243 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 137133
2025-07-02 12:13:09,441 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:13:11,402 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0003.jpg'
2025-07-02 12:13:11,470 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 125323
2025-07-02 12:13:13,177 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:13:15,581 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0004.jpg'
2025-07-02 12:13:15,596 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 127014
2025-07-02 12:13:16,205 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:13:16,232 [cuckoo.core.guest] DEBUG: win7x6419: analysis #6631127 still processing
2025-07-02 12:13:17,704 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0005.jpg'
2025-07-02 12:13:17,757 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 126903
2025-07-02 12:13:19,514 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:13:21,895 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0006.jpg'
2025-07-02 12:13:21,960 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 128954
2025-07-02 12:13:23,659 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:13:24,089 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0007.jpg'
2025-07-02 12:13:24,106 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 128884
2025-07-02 12:13:26,220 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:13:27,265 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0008.jpg'
2025-07-02 12:13:27,289 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 129882
2025-07-02 12:13:29,872 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0009.jpg'
2025-07-02 12:13:29,883 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 130567
2025-07-02 12:13:30,117 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:13:32,309 [cuckoo.core.guest] DEBUG: win7x6419: analysis #6631127 still processing
2025-07-02 12:13:33,512 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0010.jpg'
2025-07-02 12:13:33,530 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 130738
2025-07-02 12:13:34,411 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:13:35,159 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0011.jpg'
2025-07-02 12:13:35,180 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 131143
2025-07-02 12:13:37,507 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:13:39,678 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:13:41,859 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0012.jpg'
2025-07-02 12:13:42,210 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 109466
2025-07-02 12:13:43,589 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:13:46,474 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:13:47,778 [cuckoo.core.guest] DEBUG: win7x6419: analysis #6631127 still processing
2025-07-02 12:13:49,860 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:13:55,144 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:13:56,668 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:14:00,249 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:14:02,990 [cuckoo.core.guest] DEBUG: win7x6419: analysis #6631127 still processing
2025-07-02 12:14:03,444 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:14:06,923 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:14:11,769 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:14:13,719 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:14:17,080 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:14:18,442 [cuckoo.core.guest] DEBUG: win7x6419: analysis #6631127 still processing
2025-07-02 12:14:20,560 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:14:24,085 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:14:28,273 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:14:31,352 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:14:34,024 [cuckoo.core.guest] DEBUG: win7x6419: analysis #6631127 still processing
2025-07-02 12:14:34,326 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:14:38,134 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:14:41,217 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:14:44,688 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:14:48,066 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:14:49,219 [cuckoo.core.guest] DEBUG: win7x6419: analysis #6631127 still processing
2025-07-02 12:14:51,485 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:14:54,888 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:14:58,251 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:15:02,712 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:15:04,750 [cuckoo.core.guest] DEBUG: win7x6419: analysis #6631127 still processing
2025-07-02 12:15:05,210 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:15:08,569 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:15:12,013 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:15:15,452 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:15:18,893 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:15:20,381 [cuckoo.core.guest] DEBUG: win7x6419: analysis #6631127 still processing
2025-07-02 12:15:22,435 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:15:25,767 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:15:29,300 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:15:32,685 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:15:35,474 [cuckoo.core.guest] DEBUG: win7x6419: analysis #6631127 still processing
2025-07-02 12:15:36,190 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:15:39,670 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:15:43,217 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:15:46,734 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:15:50,232 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:15:50,586 [cuckoo.core.guest] DEBUG: win7x6419: analysis #6631127 still processing
2025-07-02 12:15:54,108 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:15:57,641 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:16:01,294 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0013.jpg'
2025-07-02 12:16:01,427 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:16:01,431 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 101950
2025-07-02 12:16:02,657 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0014.jpg'
2025-07-02 12:16:02,672 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 101670
2025-07-02 12:16:04,827 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0015.jpg'
2025-07-02 12:16:04,842 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 102718
2025-07-02 12:16:05,094 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:16:06,311 [cuckoo.core.guest] DEBUG: win7x6419: analysis #6631127 still processing
2025-07-02 12:16:07,745 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0016.jpg'
2025-07-02 12:16:07,748 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 102700
2025-07-02 12:16:08,598 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0017.jpg'
2025-07-02 12:16:08,601 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 103236
2025-07-02 12:16:08,888 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:16:10,213 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0018.jpg'
2025-07-02 12:16:10,235 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 102643
2025-07-02 12:16:11,336 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0019.jpg'
2025-07-02 12:16:11,351 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 103708
2025-07-02 12:16:12,685 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:16:13,513 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0020.jpg'
2025-07-02 12:16:13,536 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 103258
2025-07-02 12:16:15,658 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0021.jpg'
2025-07-02 12:16:15,681 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 104572
2025-07-02 12:16:16,171 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:16:16,881 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0022.jpg'
2025-07-02 12:16:16,901 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 104318
2025-07-02 12:16:19,029 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0023.jpg'
2025-07-02 12:16:19,043 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 105271
2025-07-02 12:16:19,733 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:16:21,385 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0024.jpg'
2025-07-02 12:16:21,398 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 104869
2025-07-02 12:16:21,509 [cuckoo.core.guest] DEBUG: win7x6419: analysis #6631127 still processing
2025-07-02 12:16:22,779 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'curtain/1750793458.95.curtain.log'
2025-07-02 12:16:22,782 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 36
2025-07-02 12:16:22,817 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'shots/0025.jpg'
2025-07-02 12:16:22,848 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 105895
2025-07-02 12:16:23,436 [cuckoo.core.resultserver] DEBUG: Task #6631127 is sending a BSON stream
2025-07-02 12:16:24,055 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'sysmon/1750793460.66.sysmon.xml'
2025-07-02 12:16:24,313 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 13738700
2025-07-02 12:16:24,378 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/b0bdcdfca8b41d91_unicorn-60299.exe'
2025-07-02 12:16:24,401 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/864549b15655c1e2_unicorn-5092.exe'
2025-07-02 12:16:24,415 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/fc2a2917495aa1bd_unicorn-23781.exe'
2025-07-02 12:16:24,423 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/fa242122a83f5b4f_unicorn-22477.exe'
2025-07-02 12:16:24,443 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479302
2025-07-02 12:16:24,446 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479284
2025-07-02 12:16:24,452 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/3aab54c54ca42ab2_unicorn-40553.exe'
2025-07-02 12:16:24,455 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/cebbb5f7ecfc4ac7_unicorn-27315.exe'
2025-07-02 12:16:24,458 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479267
2025-07-02 12:16:24,463 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/de74fec01f65af09_unicorn-15391.exe'
2025-07-02 12:16:24,470 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/5266761597c02bfd_unicorn-1996.exe'
2025-07-02 12:16:24,474 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479300
2025-07-02 12:16:24,480 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479265
2025-07-02 12:16:24,487 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479264
2025-07-02 12:16:24,491 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/0c673ae16f07b2f9_unicorn-57147.exe'
2025-07-02 12:16:24,498 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479252
2025-07-02 12:16:24,502 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/3a6b25215d39fc40_unicorn-59112.exe'
2025-07-02 12:16:24,510 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479291
2025-07-02 12:16:24,513 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/95408e062bd4f88d_unicorn-48737.exe'
2025-07-02 12:16:24,519 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479297
2025-07-02 12:16:24,561 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/5037712a0bed9fd5_unicorn-13978.exe'
2025-07-02 12:16:24,565 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/9ab40d065c5ebe66_unicorn-19469.exe'
2025-07-02 12:16:24,569 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/c28dfbf46a8d7b63_unicorn-37853.exe'
2025-07-02 12:16:24,572 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/244cac657ed8c13d_unicorn-43543.exe'
2025-07-02 12:16:24,574 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/104ba26d5d0203be_unicorn-896.exe'
2025-07-02 12:16:24,582 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479254
2025-07-02 12:16:24,586 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/b353e24b1df6b56b_unicorn-59525.exe'
2025-07-02 12:16:24,589 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/e284962903e2cfe5_unicorn-25174.exe'
2025-07-02 12:16:24,594 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479276
2025-07-02 12:16:24,599 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479280
2025-07-02 12:16:24,605 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479293
2025-07-02 12:16:24,608 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479299
2025-07-02 12:16:24,612 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479286
2025-07-02 12:16:24,616 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/468a69661ccb3f58_unicorn-35333.exe'
2025-07-02 12:16:24,619 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/97dfe9b4aafe4f56_unicorn-48569.exe'
2025-07-02 12:16:24,625 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479258
2025-07-02 12:16:24,628 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479260
2025-07-02 12:16:24,631 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/2fc9f9bfab362d56_unicorn-49479.exe'
2025-07-02 12:16:24,634 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479279
2025-07-02 12:16:24,638 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479296
2025-07-02 12:16:24,641 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/d00d16d496f08071_unicorn-41159.exe'
2025-07-02 12:16:24,645 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/3bce0bf0a01829ac_unicorn-23840.exe'
2025-07-02 12:16:24,650 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/1ca7d82f3e01f6d4_unicorn-33371.exe'
2025-07-02 12:16:24,659 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479282
2025-07-02 12:16:24,665 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479298
2025-07-02 12:16:24,669 [cuckoo.core.resultserver] DEBUG: Task #6631127: File upload for 'files/8b741325e8b7402f_unicorn-44611.exe'
2025-07-02 12:16:24,676 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479306
2025-07-02 12:16:24,763 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479273
2025-07-02 12:16:24,766 [cuckoo.core.resultserver] DEBUG: Task #6631127 had connection reset for <Context for LOG>
2025-07-02 12:16:24,768 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479249
2025-07-02 12:16:24,774 [cuckoo.core.resultserver] DEBUG: Task #6631127 uploaded file length: 479266
2025-07-02 12:16:27,544 [cuckoo.core.guest] INFO: win7x6419: analysis completed successfully
2025-07-02 12:16:27,559 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-07-02 12:16:27,584 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-07-02 12:16:28,687 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6419 to path /srv/cuckoo/cwd/storage/analyses/6631127/memory.dmp
2025-07-02 12:16:28,688 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6419
2025-07-02 12:17:57,413 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.219 for task #6631127
2025-07-02 12:17:57,994 [cuckoo.core.scheduler] DEBUG: Released database task #6631127
2025-07-02 12:18:08,202 [cuckoo.core.scheduler] INFO: Task #6631127: analysis procedure completed

Signatures

Yara rule detected for file (1 event)

description

(no description)

rule

SEH__vba

One or more processes crashed (50 out of 57 events)

Time & API	Arguments	Status
__exception__ June 24, 2025, 10:27 p.m.	stacktrace: 0x3072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: 5da3099a1b0ee5d6_unicorn-29765+0x2ab95 exception.instruction: int3 exception.module: 5da3099a1b0ee5d6_unicorn-29765.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6559272 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6557336	1
__exception__ June 24, 2025, 10:27 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-23840+0x2ab95 exception.instruction: int3 exception.module: Unicorn-23840.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9250024 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9248096	1
__exception__ June 24, 2025, 10:27 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-6481+0x2ab95 exception.instruction: int3 exception.module: Unicorn-6481.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2827496 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2825568	1
__exception__ June 24, 2025, 10:27 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-63632+0x2ab95 exception.instruction: int3 exception.module: Unicorn-63632.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6431976 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6430048	1
__exception__ June 24, 2025, 10:27 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-15391+0x2ab95 exception.instruction: int3 exception.module: Unicorn-15391.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5383400 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5381472	1
__exception__ June 24, 2025, 10:27 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-2153+0x2ab95 exception.instruction: int3 exception.module: Unicorn-2153.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9118952 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9117024	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-59112+0x2ab95 exception.instruction: int3 exception.module: Unicorn-59112.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5907688 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5905760	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-60228+0x2ab95 exception.instruction: int3 exception.module: Unicorn-60228.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6563048 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6561120	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-59242+0x2ab95 exception.instruction: int3 exception.module: Unicorn-59242.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6104296 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6102368	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-11769+0x2ab95 exception.instruction: int3 exception.module: Unicorn-11769.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 3351784 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 3349856	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-25174+0x2ab95 exception.instruction: int3 exception.module: Unicorn-25174.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6104296 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6102368	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-11502+0x2ab95 exception.instruction: int3 exception.module: Unicorn-11502.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6169832 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6167904	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-59525+0x2ab95 exception.instruction: int3 exception.module: Unicorn-59525.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6104296 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6102368	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-11476+0x2ab95 exception.instruction: int3 exception.module: Unicorn-11476.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2958568 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2956640	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-56183+0x2ab95 exception.instruction: int3 exception.module: Unicorn-56183.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5317864 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5315936	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-38861+0x2ab95 exception.instruction: int3 exception.module: Unicorn-38861.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9381096 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9379168	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-40553+0x2ab95 exception.instruction: int3 exception.module: Unicorn-40553.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2958568 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2956640	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-27315+0x2ab95 exception.instruction: int3 exception.module: Unicorn-27315.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2827496 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2825568	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-44611+0x2ab95 exception.instruction: int3 exception.module: Unicorn-44611.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6038760 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6036832	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-23781+0x2ab95 exception.instruction: int3 exception.module: Unicorn-23781.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5383400 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5381472	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-63827+0x2ab95 exception.instruction: int3 exception.module: Unicorn-63827.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6235368 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6233440	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-34793+0x2ab95 exception.instruction: int3 exception.module: Unicorn-34793.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9118952 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9117024	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-48005+0x2ab95 exception.instruction: int3 exception.module: Unicorn-48005.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9381096 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9379168	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-61409+0x2ab95 exception.instruction: int3 exception.module: Unicorn-61409.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6563048 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6561120	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-63137+0x2ab95 exception.instruction: int3 exception.module: Unicorn-63137.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 3220712 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 3218784	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-33371+0x2ab95 exception.instruction: int3 exception.module: Unicorn-33371.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6366440 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6364512	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-252+0x2ab95 exception.instruction: int3 exception.module: Unicorn-252.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5383400 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5381472	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-13656+0x2ab95 exception.instruction: int3 exception.module: Unicorn-13656.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5514472 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5512544	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-19469+0x2ab95 exception.instruction: int3 exception.module: Unicorn-19469.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 3089640 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 3087712	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-63407+0x2ab95 exception.instruction: int3 exception.module: Unicorn-63407.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5842152 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5840224	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-26205+0x2ab95 exception.instruction: int3 exception.module: Unicorn-26205.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6497512 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6495584	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-35333+0x2ab95 exception.instruction: int3 exception.module: Unicorn-35333.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6497512 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6495584	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-48737+0x2ab95 exception.instruction: int3 exception.module: Unicorn-48737.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6300904 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6298976	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-31991+0x2ab95 exception.instruction: int3 exception.module: Unicorn-31991.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6104296 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6102368	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-49479+0x2ab95 exception.instruction: int3 exception.module: Unicorn-49479.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9381096 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9379168	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-51171+0x2ab95 exception.instruction: int3 exception.module: Unicorn-51171.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2696424 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2694496	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-60299+0x2ab95 exception.instruction: int3 exception.module: Unicorn-60299.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 3220712 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 3218784	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-38893+0x2ab95 exception.instruction: int3 exception.module: Unicorn-38893.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9381096 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9379168	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-13978+0x2ab95 exception.instruction: int3 exception.module: Unicorn-13978.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6431976 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6430048	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-49749+0x2ab95 exception.instruction: int3 exception.module: Unicorn-49749.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5842152 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5840224	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-16631+0x2ab95 exception.instruction: int3 exception.module: Unicorn-16631.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 3220712 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 3218784	1
__exception__ June 24, 2025, 10:30 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-25951+0x2ab95 exception.instruction: int3 exception.module: Unicorn-25951.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6104296 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6102368	1
__exception__ June 24, 2025, 10:30 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-39931+0x2ab95 exception.instruction: int3 exception.module: Unicorn-39931.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2827496 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2825568	1
__exception__ June 24, 2025, 10:30 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-1996+0x2ab95 exception.instruction: int3 exception.module: Unicorn-1996.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5514472 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5512544	1
__exception__ June 24, 2025, 10:30 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-30331+0x2ab95 exception.instruction: int3 exception.module: Unicorn-30331.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5842152 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5840224	1
__exception__ June 24, 2025, 10:30 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-43543+0x2ab95 exception.instruction: int3 exception.module: Unicorn-43543.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6038760 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6036832	1
__exception__ June 24, 2025, 10:30 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-6376+0x2ab95 exception.instruction: int3 exception.module: Unicorn-6376.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9381096 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9379168	1
__exception__ June 24, 2025, 10:30 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-33979+0x2ab95 exception.instruction: int3 exception.module: Unicorn-33979.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6563048 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6561120	1
__exception__ June 24, 2025, 10:30 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-896+0x2ab95 exception.instruction: int3 exception.module: Unicorn-896.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 3220712 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 3218784	1
__exception__ June 24, 2025, 10:30 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-57147+0x2ab95 exception.instruction: int3 exception.module: Unicorn-57147.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5776616 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5774688	1

Foreign language identified in PE resource (1 event)

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000747c4

size

0x00000234

Creates executable files on the filesystem (50 out of 58 events)

file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-11476.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-26205.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-30331.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-63827.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-5092.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-252.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-11769.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-59242.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-19469.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-34793.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-48737.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-6376.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-25951.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-26115.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-61409.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-16631.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-38893.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-55253.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-57147.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-6481.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-60228.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-38861.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-32285.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-33371.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-49749.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-63632.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-43543.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-33979.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-60299.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-23781.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-22477.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-13656.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-40553.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-27315.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-11502.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-13556.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-59112.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-13978.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-63407.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-37853.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-15391.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-25174.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-1996.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-896.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-59525.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-56183.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-2153.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-35333.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-48569.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-49479.exe

Drops an executable to the user AppData folder (2 events)

file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-60299.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-5092.exe

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 24, 2025, 10:27 p.m.	process_identifier: 788 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x003f0000 process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0002b000', u'virtual_address': u'0x00001000', u'entropy': 7.571762426320823, u'name': u'.text', u'virtual_size': u'0x0002a5c4'}

entropy

7.57176242632

description

A section with a high entropy has been found

entropy

0.370689655172

description

Overall entropy of this PE file is high

File has been identified by 14 AntiVirus engine on IRMA as malicious (14 events)

G Data Antivirus (Windows)	Virus: Generic.Dacic.94CCEEA9.A.B279922E (Engine A)
Avast Core Security (Linux)	Win32:MalwareX-gen [Wrm]
C4S ClamAV (Linux)	Win.Packed.Generic-9967832-0
Trend Micro SProtect (Linux)	Trojan.Win32.FAREIT.SME
Trellix (Linux)	GenericRXTC-TT
WithSecure (Linux)	Trojan.TR/Crypt.XPACK.Gen
eScan Antivirus (Linux)	Generic.Dacic.94CCEEA9.A.B279922E(DB)
ESET Security (Windows)	a variant of Win32/VBClone.E trojan
Sophos Anti-Virus (Linux)	Troj/VB-KCP
DrWeb Antivirus (Linux)	Trojan.Siggen29.56020
ClamAV (Linux)	Win.Packed.Generic-9967832-0
Bitdefender Antivirus (Linux)	Generic.Dacic.94CCEEA9.A.B279922E
Kaspersky Standard (Windows)	Trojan.Win32.VB.dosq
Emsisoft Commandline Scanner (Windows)	Generic.Dacic.94CCEEA9.A.B279922E (B)