Cuckoo Sandbox

File e998f63c155aafe9_unicorn-24233.exe

Summary
Download Resubmit sample

Size	468.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6fdc8ffdcd79e77096ca4cf5918ebec0`
SHA1	`4fa207d3cef995ae6f150f42ccb9e4818e192b2e`
SHA256	`e998f63c155aafe9c5b1137a1d7e723f755564b79cf17c85b01139b5661215ea`
SHA512	`89dd456cbc80506766c7e2a8eb74668859b850f0dfbe6ebdf2c13e81e9b21c93beb8d564cef7e1743717180aea23e9db59de02a5702514753439adf369801389`
CRC32	`565EF39E`
ssdeep	`None`
Yara	SEH__vba - (no description)

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:6585851

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	July 2, 2025, 12:10 p.m.	July 2, 2025, 12:17 p.m.	461 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-06-24 21:27:38,015 [analyzer] DEBUG: Starting analyzer from: C:\tmp2zg5xi
2025-06-24 21:27:38,030 [analyzer] DEBUG: Pipe server name: \??\PIPE\NTXxUMWWMytIiNQc
2025-06-24 21:27:38,030 [analyzer] DEBUG: Log pipe server name: \??\PIPE\jKTuChEZvUkPSAwGdtIcPvkjzgkob
2025-06-24 21:27:38,030 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-06-24 21:27:38,030 [analyzer] INFO: Automatically selected analysis package "exe"
2025-06-24 21:27:38,483 [analyzer] DEBUG: Started auxiliary module Curtain
2025-06-24 21:27:38,483 [analyzer] DEBUG: Started auxiliary module DbgView
2025-06-24 21:27:39,328 [analyzer] DEBUG: Started auxiliary module Disguise
2025-06-24 21:27:39,608 [analyzer] DEBUG: Loaded monitor into process with pid 512
2025-06-24 21:27:39,625 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-06-24 21:27:39,625 [analyzer] DEBUG: Started auxiliary module Human
2025-06-24 21:27:39,625 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-06-24 21:27:39,625 [analyzer] DEBUG: Started auxiliary module Reboot
2025-06-24 21:27:39,733 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-06-24 21:27:39,750 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-06-24 21:27:39,750 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-06-24 21:27:39,750 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-06-24 21:27:40,030 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\e998f63c155aafe9_unicorn-24233.exe' with arguments '' and pid 3004
2025-06-24 21:27:40,312 [analyzer] DEBUG: Loaded monitor into process with pid 3004
2025-06-24 21:27:43,530 [analyzer] INFO: Added new file to list with pid 3004 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-22063.exe
2025-06-24 21:27:43,625 [analyzer] INFO: Injected into process with pid 2908 and name u'Unicorn-22063.exe'
2025-06-24 21:27:43,796 [analyzer] DEBUG: Loaded monitor into process with pid 2908
2025-06-24 21:27:46,842 [analyzer] INFO: Added new file to list with pid 2908 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-52652.exe
2025-06-24 21:27:46,905 [analyzer] INFO: Injected into process with pid 1344 and name u'Unicorn-52652.exe'
2025-06-24 21:27:47,078 [analyzer] DEBUG: Loaded monitor into process with pid 1344
2025-06-24 21:27:50,140 [analyzer] INFO: Added new file to list with pid 1344 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-42191.exe
2025-06-24 21:27:50,312 [analyzer] INFO: Injected into process with pid 2164 and name u'Unicorn-42191.exe'
2025-06-24 21:27:50,483 [analyzer] DEBUG: Loaded monitor into process with pid 2164
2025-06-24 21:27:53,562 [analyzer] INFO: Added new file to list with pid 2164 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-26351.exe
2025-06-24 21:27:53,671 [analyzer] INFO: Injected into process with pid 2804 and name u'Unicorn-26351.exe'
2025-06-24 21:27:53,812 [analyzer] DEBUG: Loaded monitor into process with pid 2804
2025-06-24 21:27:56,858 [analyzer] INFO: Added new file to list with pid 2804 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-39439.exe
2025-06-24 21:27:56,937 [analyzer] INFO: Injected into process with pid 196 and name u'Unicorn-39439.exe'
2025-06-24 21:27:57,108 [analyzer] DEBUG: Loaded monitor into process with pid 196
2025-06-24 21:28:00,171 [analyzer] INFO: Added new file to list with pid 196 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-11668.exe
2025-06-24 21:28:00,328 [analyzer] INFO: Injected into process with pid 600 and name u'Unicorn-11668.exe'
2025-06-24 21:28:00,483 [analyzer] DEBUG: Loaded monitor into process with pid 600
2025-06-24 21:28:03,546 [analyzer] INFO: Added new file to list with pid 600 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-61077.exe
2025-06-24 21:28:03,625 [analyzer] INFO: Injected into process with pid 1952 and name u'Unicorn-61077.exe'
2025-06-24 21:28:03,796 [analyzer] DEBUG: Loaded monitor into process with pid 1952
2025-06-24 21:28:06,858 [analyzer] INFO: Added new file to list with pid 1952 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-58898.exe
2025-06-24 21:28:06,937 [analyzer] INFO: Injected into process with pid 2424 and name u'Unicorn-58898.exe'
2025-06-24 21:28:07,108 [analyzer] DEBUG: Loaded monitor into process with pid 2424
2025-06-24 21:28:10,171 [analyzer] INFO: Added new file to list with pid 2424 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-48533.exe
2025-06-24 21:28:10,280 [analyzer] INFO: Injected into process with pid 472 and name u'Unicorn-48533.exe'
2025-06-24 21:28:10,437 [analyzer] DEBUG: Loaded monitor into process with pid 472
2025-06-24 21:28:13,500 [analyzer] INFO: Added new file to list with pid 472 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-1486.exe
2025-06-24 21:28:13,592 [analyzer] INFO: Injected into process with pid 2208 and name u'Unicorn-1486.exe'
2025-06-24 21:28:13,765 [analyzer] DEBUG: Loaded monitor into process with pid 2208
2025-06-24 21:28:16,842 [analyzer] INFO: Added new file to list with pid 2208 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-12724.exe
2025-06-24 21:28:16,953 [analyzer] INFO: Injected into process with pid 1388 and name u'Unicorn-12724.exe'
2025-06-24 21:28:17,125 [analyzer] DEBUG: Loaded monitor into process with pid 1388
2025-06-24 21:28:20,187 [analyzer] INFO: Added new file to list with pid 1388 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-4593.exe
2025-06-24 21:28:20,265 [analyzer] INFO: Injected into process with pid 2344 and name u'Unicorn-4593.exe'
2025-06-24 21:28:20,421 [analyzer] DEBUG: Loaded monitor into process with pid 2344
2025-06-24 21:28:23,483 [analyzer] INFO: Added new file to list with pid 2344 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-17682.exe
2025-06-24 21:28:23,703 [analyzer] INFO: Injected into process with pid 3168 and name u'Unicorn-17682.exe'
2025-06-24 21:28:23,890 [analyzer] DEBUG: Loaded monitor into process with pid 3168
2025-06-24 21:28:26,967 [analyzer] INFO: Added new file to list with pid 3168 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-50357.exe
2025-06-24 21:28:27,046 [analyzer] INFO: Injected into process with pid 3244 and name u'Unicorn-50357.exe'
2025-06-24 21:28:27,217 [analyzer] DEBUG: Loaded monitor into process with pid 3244
2025-06-24 21:28:30,265 [analyzer] INFO: Added new file to list with pid 3244 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-6097.exe
2025-06-24 21:28:30,342 [analyzer] INFO: Injected into process with pid 3332 and name u'Unicorn-6097.exe'
2025-06-24 21:28:30,515 [analyzer] DEBUG: Loaded monitor into process with pid 3332
2025-06-24 21:28:33,592 [analyzer] INFO: Added new file to list with pid 3332 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-58290.exe
2025-06-24 21:28:33,703 [analyzer] INFO: Injected into process with pid 3432 and name u'Unicorn-58290.exe'
2025-06-24 21:28:33,875 [analyzer] DEBUG: Loaded monitor into process with pid 3432
2025-06-24 21:28:36,953 [analyzer] INFO: Added new file to list with pid 3432 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-8363.exe
2025-06-24 21:28:37,030 [analyzer] INFO: Injected into process with pid 3512 and name u'Unicorn-8363.exe'
2025-06-24 21:28:37,203 [analyzer] DEBUG: Loaded monitor into process with pid 3512
2025-06-24 21:28:40,280 [analyzer] INFO: Added new file to list with pid 3512 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-25653.exe
2025-06-24 21:28:40,375 [analyzer] INFO: Injected into process with pid 3612 and name u'Unicorn-25653.exe'
2025-06-24 21:28:40,562 [analyzer] DEBUG: Loaded monitor into process with pid 3612
2025-06-24 21:28:43,625 [analyzer] INFO: Added new file to list with pid 3612 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-31948.exe
2025-06-24 21:28:43,717 [analyzer] INFO: Injected into process with pid 3708 and name u'Unicorn-31948.exe'
2025-06-24 21:28:43,890 [analyzer] DEBUG: Loaded monitor into process with pid 3708
2025-06-24 21:28:46,953 [analyzer] INFO: Added new file to list with pid 3708 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-45228.exe
2025-06-24 21:28:47,046 [analyzer] INFO: Injected into process with pid 3796 and name u'Unicorn-45228.exe'
2025-06-24 21:28:47,233 [analyzer] DEBUG: Loaded monitor into process with pid 3796
2025-06-24 21:28:50,296 [analyzer] INFO: Added new file to list with pid 3796 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-47250.exe
2025-06-24 21:28:50,467 [analyzer] INFO: Injected into process with pid 3896 and name u'Unicorn-47250.exe'
2025-06-24 21:28:50,655 [analyzer] DEBUG: Loaded monitor into process with pid 3896
2025-06-24 21:28:53,717 [analyzer] INFO: Added new file to list with pid 3896 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-1713.exe
2025-06-24 21:28:53,842 [analyzer] INFO: Injected into process with pid 3992 and name u'Unicorn-1713.exe'
2025-06-24 21:28:54,000 [analyzer] DEBUG: Loaded monitor into process with pid 3992
2025-06-24 21:28:57,062 [analyzer] INFO: Added new file to list with pid 3992 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-54005.exe
2025-06-24 21:28:57,171 [analyzer] INFO: Injected into process with pid 4080 and name u'Unicorn-54005.exe'
2025-06-24 21:28:57,342 [analyzer] DEBUG: Loaded monitor into process with pid 4080
2025-06-24 21:29:00,405 [analyzer] INFO: Added new file to list with pid 4080 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-34613.exe
2025-06-24 21:29:00,500 [analyzer] INFO: Injected into process with pid 3196 and name u'Unicorn-34613.exe'
2025-06-24 21:29:00,671 [analyzer] DEBUG: Loaded monitor into process with pid 3196
2025-06-24 21:29:03,733 [analyzer] INFO: Added new file to list with pid 3196 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-54037.exe
2025-06-24 21:29:03,828 [analyzer] INFO: Injected into process with pid 3452 and name u'Unicorn-54037.exe'
2025-06-24 21:29:04,000 [analyzer] DEBUG: Loaded monitor into process with pid 3452
2025-06-24 21:29:07,078 [analyzer] INFO: Added new file to list with pid 3452 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-29609.exe
2025-06-24 21:29:07,233 [analyzer] INFO: Injected into process with pid 2100 and name u'Unicorn-29609.exe'
2025-06-24 21:29:07,405 [analyzer] DEBUG: Loaded monitor into process with pid 2100
2025-06-24 21:29:10,500 [analyzer] INFO: Added new file to list with pid 2100 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-21784.exe
2025-06-24 21:29:10,608 [analyzer] INFO: Injected into process with pid 3024 and name u'Unicorn-21784.exe'
2025-06-24 21:29:10,765 [analyzer] DEBUG: Loaded monitor into process with pid 3024
2025-06-24 21:29:13,842 [analyzer] INFO: Added new file to list with pid 3024 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-53691.exe
2025-06-24 21:29:13,967 [analyzer] INFO: Injected into process with pid 2500 and name u'Unicorn-53691.exe'
2025-06-24 21:29:14,140 [analyzer] DEBUG: Loaded monitor into process with pid 2500
2025-06-24 21:29:17,217 [analyzer] INFO: Added new file to list with pid 2500 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-28347.exe
2025-06-24 21:29:17,375 [analyzer] INFO: Injected into process with pid 2476 and name u'Unicorn-28347.exe'
2025-06-24 21:29:17,546 [analyzer] DEBUG: Loaded monitor into process with pid 2476
2025-06-24 21:29:20,625 [analyzer] INFO: Added new file to list with pid 2476 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-51401.exe
2025-06-24 21:29:20,828 [analyzer] INFO: Injected into process with pid 3920 and name u'Unicorn-51401.exe'
2025-06-24 21:29:21,000 [analyzer] DEBUG: Loaded monitor into process with pid 3920
2025-06-24 21:29:24,092 [analyzer] INFO: Added new file to list with pid 3920 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-56233.exe
2025-06-24 21:29:24,217 [analyzer] INFO: Injected into process with pid 3988 and name u'Unicorn-56233.exe'
2025-06-24 21:29:24,390 [analyzer] DEBUG: Loaded monitor into process with pid 3988
2025-06-24 21:29:27,467 [analyzer] INFO: Added new file to list with pid 3988 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-63675.exe
2025-06-24 21:29:27,578 [analyzer] INFO: Injected into process with pid 3524 and name u'Unicorn-63675.exe'
2025-06-24 21:29:27,750 [analyzer] DEBUG: Loaded monitor into process with pid 3524
2025-06-24 21:29:30,858 [analyzer] INFO: Added new file to list with pid 3524 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-65048.exe
2025-06-24 21:29:30,953 [analyzer] INFO: Injected into process with pid 3768 and name u'Unicorn-65048.exe'
2025-06-24 21:29:31,140 [analyzer] DEBUG: Loaded monitor into process with pid 3768
2025-06-24 21:29:34,250 [analyzer] INFO: Added new file to list with pid 3768 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-39704.exe
2025-06-24 21:29:34,375 [analyzer] INFO: Injected into process with pid 3860 and name u'Unicorn-39704.exe'
2025-06-24 21:29:34,546 [analyzer] DEBUG: Loaded monitor into process with pid 3860
2025-06-24 21:29:37,703 [analyzer] INFO: Added new file to list with pid 3860 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-63142.exe
2025-06-24 21:29:37,812 [analyzer] INFO: Injected into process with pid 3092 and name u'Unicorn-63142.exe'
2025-06-24 21:29:37,967 [analyzer] DEBUG: Loaded monitor into process with pid 3092
2025-06-24 21:29:41,092 [analyzer] INFO: Added new file to list with pid 3092 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-61368.exe
2025-06-24 21:29:41,217 [analyzer] INFO: Injected into process with pid 3216 and name u'Unicorn-61368.exe'
2025-06-24 21:29:41,375 [analyzer] DEBUG: Loaded monitor into process with pid 3216
2025-06-24 21:29:44,467 [analyzer] INFO: Added new file to list with pid 3216 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-9399.exe
2025-06-24 21:29:44,546 [analyzer] INFO: Injected into process with pid 2296 and name u'Unicorn-9399.exe'
2025-06-24 21:29:44,717 [analyzer] DEBUG: Loaded monitor into process with pid 2296
2025-06-24 21:29:47,828 [analyzer] INFO: Added new file to list with pid 2296 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-41211.exe
2025-06-24 21:29:48,078 [analyzer] INFO: Injected into process with pid 556 and name u'Unicorn-41211.exe'
2025-06-24 21:29:48,250 [analyzer] DEBUG: Loaded monitor into process with pid 556
2025-06-24 21:29:51,342 [analyzer] INFO: Added new file to list with pid 556 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-31160.exe
2025-06-24 21:29:51,453 [analyzer] INFO: Injected into process with pid 2652 and name u'Unicorn-31160.exe'
2025-06-24 21:29:51,625 [analyzer] DEBUG: Loaded monitor into process with pid 2652
2025-06-24 21:29:54,733 [analyzer] INFO: Added new file to list with pid 2652 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-794.exe
2025-06-24 21:29:54,828 [analyzer] INFO: Injected into process with pid 3752 and name u'Unicorn-794.exe'
2025-06-24 21:29:54,983 [analyzer] DEBUG: Loaded monitor into process with pid 3752
2025-06-24 21:29:58,125 [analyzer] INFO: Added new file to list with pid 3752 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-28870.exe
2025-06-24 21:29:58,233 [analyzer] INFO: Injected into process with pid 4168 and name u'Unicorn-28870.exe'
2025-06-24 21:29:58,390 [analyzer] DEBUG: Loaded monitor into process with pid 4168
2025-06-24 21:30:01,483 [analyzer] INFO: Added new file to list with pid 4168 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-51483.exe
2025-06-24 21:30:01,578 [analyzer] INFO: Injected into process with pid 4240 and name u'Unicorn-51483.exe'
2025-06-24 21:30:01,750 [analyzer] DEBUG: Loaded monitor into process with pid 4240
2025-06-24 21:30:04,875 [analyzer] INFO: Added new file to list with pid 4240 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-26310.exe
2025-06-24 21:30:05,000 [analyzer] INFO: Injected into process with pid 4336 and name u'Unicorn-26310.exe'
2025-06-24 21:30:05,171 [analyzer] DEBUG: Loaded monitor into process with pid 4336
2025-06-24 21:30:08,265 [analyzer] INFO: Added new file to list with pid 4336 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-22494.exe
2025-06-24 21:30:08,342 [analyzer] INFO: Injected into process with pid 4412 and name u'Unicorn-22494.exe'
2025-06-24 21:30:08,500 [analyzer] DEBUG: Loaded monitor into process with pid 4412
2025-06-24 21:30:11,625 [analyzer] INFO: Added new file to list with pid 4412 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-35011.exe
2025-06-24 21:30:11,717 [analyzer] INFO: Injected into process with pid 4492 and name u'Unicorn-35011.exe'
2025-06-24 21:30:11,875 [analyzer] DEBUG: Loaded monitor into process with pid 4492
2025-06-24 21:30:14,983 [analyzer] INFO: Added new file to list with pid 4492 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-55582.exe
2025-06-24 21:30:15,125 [analyzer] INFO: Injected into process with pid 4572 and name u'Unicorn-55582.exe'
2025-06-24 21:30:15,296 [analyzer] DEBUG: Loaded monitor into process with pid 4572
2025-06-24 21:30:18,405 [analyzer] INFO: Added new file to list with pid 4572 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-27454.exe
2025-06-24 21:30:18,592 [analyzer] INFO: Injected into process with pid 4648 and name u'Unicorn-27454.exe'
2025-06-24 21:30:18,765 [analyzer] DEBUG: Loaded monitor into process with pid 4648
2025-06-24 21:30:21,905 [analyzer] INFO: Added new file to list with pid 4648 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-44766.exe
2025-06-24 21:30:22,000 [analyzer] INFO: Injected into process with pid 4728 and name u'Unicorn-44766.exe'
2025-06-24 21:30:22,171 [analyzer] DEBUG: Loaded monitor into process with pid 4728
2025-06-24 21:30:25,312 [analyzer] INFO: Added new file to list with pid 4728 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-16638.exe
2025-06-24 21:30:25,453 [analyzer] INFO: Injected into process with pid 4812 and name u'Unicorn-16638.exe'
2025-06-24 21:30:25,608 [analyzer] DEBUG: Loaded monitor into process with pid 4812
2025-06-24 21:30:28,765 [analyzer] INFO: Added new file to list with pid 4812 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-59331.exe
2025-06-24 21:30:28,875 [analyzer] INFO: Injected into process with pid 4900 and name u'Unicorn-59331.exe'
2025-06-24 21:30:29,046 [analyzer] DEBUG: Loaded monitor into process with pid 4900
2025-06-24 21:30:32,233 [analyzer] INFO: Added new file to list with pid 4900 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-41758.exe
2025-06-24 21:30:32,328 [analyzer] INFO: Injected into process with pid 4984 and name u'Unicorn-41758.exe'
2025-06-24 21:30:32,500 [analyzer] DEBUG: Loaded monitor into process with pid 4984
2025-06-24 21:30:35,703 [analyzer] INFO: Added new file to list with pid 4984 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-19107.exe
2025-06-24 21:30:35,828 [analyzer] INFO: Injected into process with pid 5064 and name u'Unicorn-19107.exe'
2025-06-24 21:30:36,000 [analyzer] DEBUG: Loaded monitor into process with pid 5064
2025-06-24 21:30:39,155 [analyzer] INFO: Added new file to list with pid 5064 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-63710.exe
2025-06-24 21:30:39,280 [analyzer] INFO: Injected into process with pid 4128 and name u'Unicorn-63710.exe'
2025-06-24 21:30:39,453 [analyzer] DEBUG: Loaded monitor into process with pid 4128
2025-06-24 21:30:42,765 [analyzer] INFO: Added new file to list with pid 4128 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-61409.exe
2025-06-24 21:30:42,858 [analyzer] INFO: Injected into process with pid 4316 and name u'Unicorn-61409.exe'
2025-06-24 21:30:43,030 [analyzer] DEBUG: Loaded monitor into process with pid 4316
2025-06-24 21:30:46,187 [analyzer] INFO: Added new file to list with pid 4316 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-3584.exe
2025-06-24 21:30:46,437 [analyzer] INFO: Injected into process with pid 4444 and name u'Unicorn-3584.exe'
2025-06-24 21:30:46,608 [analyzer] DEBUG: Loaded monitor into process with pid 4444
2025-06-24 21:30:49,812 [analyzer] INFO: Added new file to list with pid 4444 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-18689.exe
2025-06-24 21:30:49,921 [analyzer] INFO: Injected into process with pid 4660 and name u'Unicorn-18689.exe'
2025-06-24 21:30:50,078 [analyzer] DEBUG: Loaded monitor into process with pid 4660
2025-06-24 21:30:53,265 [analyzer] INFO: Added new file to list with pid 4660 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-23521.exe
2025-06-24 21:30:53,467 [analyzer] INFO: Injected into process with pid 4828 and name u'Unicorn-23521.exe'
2025-06-24 21:30:53,655 [analyzer] DEBUG: Loaded monitor into process with pid 4828
2025-06-24 21:30:56,937 [analyzer] INFO: Added new file to list with pid 4828 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-9216.exe
2025-06-24 21:30:57,030 [analyzer] INFO: Injected into process with pid 5004 and name u'Unicorn-9216.exe'
2025-06-24 21:30:57,203 [analyzer] DEBUG: Loaded monitor into process with pid 5004
2025-06-24 21:30:59,078 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-06-24 21:31:00,453 [analyzer] INFO: Added new file to list with pid 5004 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-42144.exe
2025-06-24 21:31:00,546 [analyzer] INFO: Injected into process with pid 2176 and name u'Unicorn-42144.exe'
2025-06-24 21:31:00,703 [analyzer] DEBUG: Loaded monitor into process with pid 2176
2025-06-24 21:31:00,937 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 3004.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 2908.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 1344.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 2164.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 2804.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 196.
2025-06-24 21:31:00,937 [lib.api.process] INFO: Successfully terminated process with pid 600.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 1952.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 2424.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 472.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 2208.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 1388.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 2344.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 3168.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 3244.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 3332.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 3432.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 3512.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 3612.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 3708.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 3796.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 3896.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 3992.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 4080.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 3196.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 3452.
2025-06-24 21:31:00,953 [lib.api.process] INFO: Successfully terminated process with pid 2100.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 3024.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 2500.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 2476.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 3920.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 3988.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 3524.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 3768.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 3860.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 3092.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 3216.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 2296.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 556.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 2652.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 3752.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 4168.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 4240.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 4336.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 4412.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 4492.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 4572.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 4648.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 4728.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 4812.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 4900.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 4984.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 5064.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 4128.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 4316.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 4444.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 4660.
2025-06-24 21:31:00,967 [lib.api.process] INFO: Successfully terminated process with pid 4828.
2025-06-24 21:31:00,983 [lib.api.process] INFO: Successfully terminated process with pid 5004.
2025-06-24 21:31:00,983 [lib.api.process] INFO: Successfully terminated process with pid 2176.
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-22063.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-61077.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-47250.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-45228.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-8363.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-4593.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-26351.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-42191.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-44766.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-17682.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-63710.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-31160.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-41211.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-18689.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-51401.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-58290.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-65048.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-56233.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-39439.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-23521.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-35011.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-25653.exe
2025-06-24 21:31:01,233 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-21784.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-9216.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-6097.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-58898.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-1713.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-61409.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-59331.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-42144.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-28870.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-26310.exe
2025-06-24 21:31:01,250 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-54005.exe

Cuckoo Log

2025-07-02 12:10:05,049 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:06,066 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:07,082 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:08,100 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:09,135 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:10,153 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:11,443 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:12,481 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:13,867 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:14,922 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:15,959 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:16,994 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:18,033 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:19,407 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:20,503 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:21,573 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:22,656 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:23,727 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:24,782 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:25,840 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:26,907 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:27,957 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:29,019 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:30,070 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:31,222 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:32,322 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:33,418 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:34,514 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:35,608 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:36,683 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:37,770 [cuckoo.core.scheduler] DEBUG: Task #6631128: no machine available yet
2025-07-02 12:10:39,192 [cuckoo.core.scheduler] INFO: Task #6631128: acquired machine win7x6410 (label=win7x6410)
2025-07-02 12:10:39,196 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.210 for task #6631128
2025-07-02 12:10:39,605 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2749064 (interface=vboxnet0, host=192.168.168.210)
2025-07-02 12:10:39,912 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6410
2025-07-02 12:10:47,148 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6410 to vmcloak
2025-07-02 12:12:27,546 [cuckoo.core.guest] INFO: Starting analysis #6631128 on guest (id=win7x6410, ip=192.168.168.210)
2025-07-02 12:12:28,550 [cuckoo.core.guest] DEBUG: win7x6410: not ready yet
2025-07-02 12:12:33,769 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6410, ip=192.168.168.210)
2025-07-02 12:12:33,873 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6410, ip=192.168.168.210, monitor=latest, size=6660546)
2025-07-02 12:12:36,463 [cuckoo.core.resultserver] DEBUG: Task #6631128: live log analysis.log initialized.
2025-07-02 12:12:40,131 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:12:40,242 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:12:41,266 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0001.jpg'
2025-07-02 12:12:41,291 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 133470
2025-07-02 12:12:45,429 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:12:45,455 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0002.jpg'
2025-07-02 12:12:45,505 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:12:45,520 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 137211
2025-07-02 12:12:47,642 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0003.jpg'
2025-07-02 12:12:47,654 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 125832
2025-07-02 12:12:48,592 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:12:49,753 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0004.jpg'
2025-07-02 12:12:49,764 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 125838
2025-07-02 12:12:51,421 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6631128 still processing
2025-07-02 12:12:51,936 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:12:54,950 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0005.jpg'
2025-07-02 12:12:54,960 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 127785
2025-07-02 12:12:55,222 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:12:58,607 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:12:59,102 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0006.jpg'
2025-07-02 12:12:59,115 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 127779
2025-07-02 12:13:00,204 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0007.jpg'
2025-07-02 12:13:00,218 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 128777
2025-07-02 12:13:03,893 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:13:04,011 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0008.jpg'
2025-07-02 12:13:04,035 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 129319
2025-07-02 12:13:05,221 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:13:06,798 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6631128 still processing
2025-07-02 12:13:08,159 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0009.jpg'
2025-07-02 12:13:08,175 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 131134
2025-07-02 12:13:08,553 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:13:09,352 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0010.jpg'
2025-07-02 12:13:09,399 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 130135
2025-07-02 12:13:10,477 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0011.jpg'
2025-07-02 12:13:10,494 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 131205
2025-07-02 12:13:11,884 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:13:12,937 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0012.jpg'
2025-07-02 12:13:12,964 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 131101
2025-07-02 12:13:15,244 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:13:18,561 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:13:22,006 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:13:22,758 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6631128 still processing
2025-07-02 12:13:25,330 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:13:30,073 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:13:33,727 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:13:37,414 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:13:38,449 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6631128 still processing
2025-07-02 12:13:38,672 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:13:42,347 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:13:45,331 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:13:48,771 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:13:52,592 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:13:53,894 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6631128 still processing
2025-07-02 12:13:55,458 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:13:58,912 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:14:02,898 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:14:05,666 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:14:08,916 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:14:09,356 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6631128 still processing
2025-07-02 12:14:12,964 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:14:12,972 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0013.jpg'
2025-07-02 12:14:13,004 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 89608
2025-07-02 12:14:14,027 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0014.jpg'
2025-07-02 12:14:14,062 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 131361
2025-07-02 12:14:15,661 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:14:19,129 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:14:22,886 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:14:24,550 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6631128 still processing
2025-07-02 12:14:26,267 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:14:29,538 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:14:29,794 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0015.jpg'
2025-07-02 12:14:29,812 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 89608
2025-07-02 12:14:31,074 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0016.jpg'
2025-07-02 12:14:31,318 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 131361
2025-07-02 12:14:32,660 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:14:36,079 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:14:39,485 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:14:40,099 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6631128 still processing
2025-07-02 12:14:42,841 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:14:46,363 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:14:49,732 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:14:53,095 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:14:55,333 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6631128 still processing
2025-07-02 12:14:56,498 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:14:59,860 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:15:03,280 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:15:06,890 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:15:10,000 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:15:10,827 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6631128 still processing
2025-07-02 12:15:13,415 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:15:16,876 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:15:20,297 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:15:23,739 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:15:26,281 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6631128 still processing
2025-07-02 12:15:27,155 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:15:30,613 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:15:34,112 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:15:37,952 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:15:39,463 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0017.jpg'
2025-07-02 12:15:39,482 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 123080
2025-07-02 12:15:41,142 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:15:41,369 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6631128 still processing
2025-07-02 12:15:41,626 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0018.jpg'
2025-07-02 12:15:41,639 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 80473
2025-07-02 12:15:42,737 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0019.jpg'
2025-07-02 12:15:42,750 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 122766
2025-07-02 12:15:43,844 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0020.jpg'
2025-07-02 12:15:43,885 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 123862
2025-07-02 12:15:44,720 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:15:46,017 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0021.jpg'
2025-07-02 12:15:46,036 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 123069
2025-07-02 12:15:47,141 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0022.jpg'
2025-07-02 12:15:47,177 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 124504
2025-07-02 12:15:48,188 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:15:49,444 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0023.jpg'
2025-07-02 12:15:49,464 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 123569
2025-07-02 12:15:51,608 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0024.jpg'
2025-07-02 12:15:51,643 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 125138
2025-07-02 12:15:51,764 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:15:52,777 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0025.jpg'
2025-07-02 12:15:52,791 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 124347
2025-07-02 12:15:54,916 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0026.jpg'
2025-07-02 12:15:54,937 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 125682
2025-07-02 12:15:55,313 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:15:56,147 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0027.jpg'
2025-07-02 12:15:56,166 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 125220
2025-07-02 12:15:56,499 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6631128 still processing
2025-07-02 12:15:57,892 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'curtain/1750793459.69.curtain.log'
2025-07-02 12:15:57,894 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 36
2025-07-02 12:15:58,317 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'shots/0028.jpg'
2025-07-02 12:15:58,343 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 126368
2025-07-02 12:15:58,988 [cuckoo.core.resultserver] DEBUG: Task #6631128 is sending a BSON stream
2025-07-02 12:15:58,989 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'sysmon/1750793460.69.sysmon.xml'
2025-07-02 12:15:59,134 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 11883402
2025-07-02 12:15:59,184 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/7cdf7b11f3b84dce_unicorn-16638.exe'
2025-07-02 12:15:59,194 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/75c8ab6f6db5ce4e_unicorn-11668.exe'
2025-07-02 12:15:59,201 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/afff73acc65f547f_unicorn-1486.exe'
2025-07-02 12:15:59,209 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479295
2025-07-02 12:15:59,214 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/ce96a153c3cd7432_unicorn-28347.exe'
2025-07-02 12:15:59,221 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479252
2025-07-02 12:15:59,228 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/ff894f125a154c77_unicorn-54037.exe'
2025-07-02 12:15:59,232 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479256
2025-07-02 12:15:59,236 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479275
2025-07-02 12:15:59,238 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/18c4c1d477143a60_unicorn-34613.exe'
2025-07-02 12:15:59,246 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479271
2025-07-02 12:15:59,253 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/1d9f9606f46ba1fe_unicorn-27454.exe'
2025-07-02 12:15:59,259 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479270
2025-07-02 12:15:59,264 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/1dba2e02dfec9f35_unicorn-794.exe'
2025-07-02 12:15:59,272 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479293
2025-07-02 12:15:59,277 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479286
2025-07-02 12:15:59,283 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/d2748827fbaf9889_unicorn-39704.exe'
2025-07-02 12:15:59,291 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/ba3d3d941f3fab11_unicorn-52652.exe'
2025-07-02 12:15:59,296 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/5982ab88cd379dc1_unicorn-53691.exe'
2025-07-02 12:15:59,298 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/bd68924a5407ae53_unicorn-63675.exe'
2025-07-02 12:15:59,309 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479274
2025-07-02 12:15:59,482 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479280
2025-07-02 12:15:59,488 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479248
2025-07-02 12:15:59,522 [cuckoo.core.guest] INFO: win7x6410: analysis completed successfully
2025-07-02 12:15:59,563 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-07-02 12:15:59,595 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-07-02 12:16:00,365 [cuckoo.core.resultserver] DEBUG: Task #6631128 had connection reset for <Context for LOG>
2025-07-02 12:16:00,402 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479278
2025-07-02 12:16:00,404 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/5c1c9ef4d01b1382_unicorn-22494.exe'
2025-07-02 12:16:00,410 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479290
2025-07-02 12:16:00,414 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/78e9f5593d5b6988_unicorn-12724.exe'
2025-07-02 12:16:00,418 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/fa08ff8ed418b569_unicorn-9399.exe'
2025-07-02 12:16:00,423 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/2f97270589e241a7_unicorn-41758.exe'
2025-07-02 12:16:00,427 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/4afaae7f4a9338c9_unicorn-19107.exe'
2025-07-02 12:16:00,435 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479298
2025-07-02 12:16:00,441 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/65c15cc0181b3d5b_unicorn-61368.exe'
2025-07-02 12:16:00,449 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/82863283746e0c33_unicorn-29609.exe'
2025-07-02 12:16:00,453 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/6ca8eda6707201d8_unicorn-48533.exe'
2025-07-02 12:16:00,458 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479255
2025-07-02 12:16:00,467 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/e5a5e9a746ca3ca3_unicorn-55582.exe'
2025-07-02 12:16:00,526 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479292
2025-07-02 12:16:00,529 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/4087d64a23589631_unicorn-63142.exe'
2025-07-02 12:16:00,534 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/e2504ddd2a10d1fc_unicorn-51483.exe'
2025-07-02 12:16:00,537 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/b19a41ee96990e79_unicorn-50357.exe'
2025-07-02 12:16:00,539 [cuckoo.core.resultserver] DEBUG: Task #6631128: File upload for 'files/7f4005354079603d_unicorn-3584.exe'
2025-07-02 12:16:00,545 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6410 to path /srv/cuckoo/cwd/storage/analyses/6631128/memory.dmp
2025-07-02 12:16:00,546 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6410
2025-07-02 12:16:00,858 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479301
2025-07-02 12:16:00,862 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479282
2025-07-02 12:16:00,866 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479257
2025-07-02 12:16:00,869 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479281
2025-07-02 12:16:00,873 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479297
2025-07-02 12:16:00,947 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479288
2025-07-02 12:16:00,950 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479272
2025-07-02 12:16:00,953 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479260
2025-07-02 12:16:00,956 [cuckoo.core.resultserver] DEBUG: Task #6631128 uploaded file length: 479283
2025-07-02 12:17:34,741 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.210 for task #6631128
2025-07-02 12:17:35,950 [cuckoo.core.scheduler] DEBUG: Released database task #6631128
2025-07-02 12:17:46,029 [cuckoo.core.scheduler] INFO: Task #6631128: analysis procedure completed

Signatures

Yara rule detected for file (1 event)

description

(no description)

rule

SEH__vba

One or more processes crashed (50 out of 58 events)

Time & API	Arguments	Status
__exception__ June 24, 2025, 10:27 p.m.	stacktrace: 0x1072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: e998f63c155aafe9_unicorn-24233+0x2ab95 exception.instruction: int3 exception.module: e998f63c155aafe9_unicorn-24233.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9246216 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9244280	1
__exception__ June 24, 2025, 10:27 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-22063+0x2ab95 exception.instruction: int3 exception.module: Unicorn-22063.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5579984 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5578056	1
__exception__ June 24, 2025, 10:27 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-52652+0x2ab95 exception.instruction: int3 exception.module: Unicorn-52652.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5842128 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5840200	1
__exception__ June 24, 2025, 10:27 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-42191+0x2ab95 exception.instruction: int3 exception.module: Unicorn-42191.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5842128 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5840200	1
__exception__ June 24, 2025, 10:27 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-26351+0x2ab95 exception.instruction: int3 exception.module: Unicorn-26351.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5383376 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5381448	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-39439+0x2ab95 exception.instruction: int3 exception.module: Unicorn-39439.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5579984 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5578056	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-11668+0x2ab95 exception.instruction: int3 exception.module: Unicorn-11668.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5907664 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5905736	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-61077+0x2ab95 exception.instruction: int3 exception.module: Unicorn-61077.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6169808 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6167880	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-58898+0x2ab95 exception.instruction: int3 exception.module: Unicorn-58898.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9512144 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9510216	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-48533+0x2ab95 exception.instruction: int3 exception.module: Unicorn-48533.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 3220688 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 3218760	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0xf072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-1486+0x2ab95 exception.instruction: int3 exception.module: Unicorn-1486.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6628552 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6626624	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-12724+0x2ab95 exception.instruction: int3 exception.module: Unicorn-12724.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5383376 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5381448	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0xf072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-4593+0x2ab95 exception.instruction: int3 exception.module: Unicorn-4593.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5907656 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5905728	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-17682+0x2ab95 exception.instruction: int3 exception.module: Unicorn-17682.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5645520 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5643592	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-50357+0x2ab95 exception.instruction: int3 exception.module: Unicorn-50357.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 3351760 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 3349832	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0xf072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-6097+0x2ab95 exception.instruction: int3 exception.module: Unicorn-6097.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6366408 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6364480	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-58290+0x2ab95 exception.instruction: int3 exception.module: Unicorn-58290.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6628560 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6626632	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0xf072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-8363+0x2ab95 exception.instruction: int3 exception.module: Unicorn-8363.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5973192 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5971264	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-25653+0x2ab95 exception.instruction: int3 exception.module: Unicorn-25653.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5842128 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5840200	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-31948+0x2ab95 exception.instruction: int3 exception.module: Unicorn-31948.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2827472 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2825544	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-45228+0x2ab95 exception.instruction: int3 exception.module: Unicorn-45228.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6366416 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6364488	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-47250+0x2ab95 exception.instruction: int3 exception.module: Unicorn-47250.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2827472 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2825544	1
__exception__ June 24, 2025, 10:28 p.m.	stacktrace: 0xf072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-1713+0x2ab95 exception.instruction: int3 exception.module: Unicorn-1713.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6628552 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6626624	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-54005+0x2ab95 exception.instruction: int3 exception.module: Unicorn-54005.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2958544 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2956616	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-34613+0x2ab95 exception.instruction: int3 exception.module: Unicorn-34613.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9118928 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9117000	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-54037+0x2ab95 exception.instruction: int3 exception.module: Unicorn-54037.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6628560 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6626632	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-29609+0x2ab95 exception.instruction: int3 exception.module: Unicorn-29609.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2696400 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2694472	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-21784+0x2ab95 exception.instruction: int3 exception.module: Unicorn-21784.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6300880 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6298952	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-53691+0x2ab95 exception.instruction: int3 exception.module: Unicorn-53691.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 3351760 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 3349832	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-28347+0x2ab95 exception.instruction: int3 exception.module: Unicorn-28347.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6563024 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6561096	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-51401+0x2ab95 exception.instruction: int3 exception.module: Unicorn-51401.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 3351760 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 3349832	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-56233+0x2ab95 exception.instruction: int3 exception.module: Unicorn-56233.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5514448 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5512520	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-63675+0x2ab95 exception.instruction: int3 exception.module: Unicorn-63675.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2958544 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2956616	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-65048+0x2ab95 exception.instruction: int3 exception.module: Unicorn-65048.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5579984 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5578056	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-39704+0x2ab95 exception.instruction: int3 exception.module: Unicorn-39704.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9512144 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9510216	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-63142+0x2ab95 exception.instruction: int3 exception.module: Unicorn-63142.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2696400 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2694472	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-61368+0x2ab95 exception.instruction: int3 exception.module: Unicorn-61368.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9512144 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9510216	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0xf072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-9399+0x2ab95 exception.instruction: int3 exception.module: Unicorn-9399.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5383368 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5381440	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-41211+0x2ab95 exception.instruction: int3 exception.module: Unicorn-41211.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6038736 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6036808	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-31160+0x2ab95 exception.instruction: int3 exception.module: Unicorn-31160.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2958544 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2956616	1
__exception__ June 24, 2025, 10:29 p.m.	stacktrace: 0xe872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-794+0x2ab95 exception.instruction: int3 exception.module: Unicorn-794.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9381056 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9379128	1
__exception__ June 24, 2025, 10:30 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-28870+0x2ab95 exception.instruction: int3 exception.module: Unicorn-28870.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9512144 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9510216	1
__exception__ June 24, 2025, 10:30 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-51483+0x2ab95 exception.instruction: int3 exception.module: Unicorn-51483.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5711056 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5709128	1
__exception__ June 24, 2025, 10:30 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-26310+0x2ab95 exception.instruction: int3 exception.module: Unicorn-26310.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9250000 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9248072	1
__exception__ June 24, 2025, 10:30 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-22494+0x2ab95 exception.instruction: int3 exception.module: Unicorn-22494.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 8987856 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 8985928	1
__exception__ June 24, 2025, 10:30 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-35011+0x2ab95 exception.instruction: int3 exception.module: Unicorn-35011.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9381072 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9379144	1
__exception__ June 24, 2025, 10:30 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-55582+0x2ab95 exception.instruction: int3 exception.module: Unicorn-55582.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6628560 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6626632	1
__exception__ June 24, 2025, 10:30 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-27454+0x2ab95 exception.instruction: int3 exception.module: Unicorn-27454.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5448912 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5446984	1
__exception__ June 24, 2025, 10:30 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-44766+0x2ab95 exception.instruction: int3 exception.module: Unicorn-44766.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6497488 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6495560	1
__exception__ June 24, 2025, 10:30 p.m.	stacktrace: 0xf872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-16638+0x2ab95 exception.instruction: int3 exception.module: Unicorn-16638.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5514448 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5512520	1

Foreign language identified in PE resource (1 event)

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000747c4

size

0x00000234

Creates executable files on the filesystem (50 out of 59 events)

file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-42191.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-17682.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-31160.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-31948.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-18689.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-51401.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-27454.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-65048.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-42144.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-47250.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-35011.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-25653.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-21784.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-41211.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-6097.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-58898.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-61409.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-53691.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-59331.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-28870.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-26310.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-54005.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-23521.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-9216.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-22063.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-16638.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-44766.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-11668.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-58290.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-1486.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-794.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-28347.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-54037.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-34613.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-45228.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-39704.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-56233.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-61368.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-63675.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-22494.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-12724.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-1713.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-9399.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-41758.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-19107.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-29609.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-48533.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-55582.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-39439.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-63142.exe

Drops an executable to the user AppData folder (2 events)

file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-16638.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-11668.exe

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 24, 2025, 10:27 p.m.	process_identifier: 3004 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x00340000 process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0002b000', u'virtual_address': u'0x00001000', u'entropy': 7.571739356839104, u'name': u'.text', u'virtual_size': u'0x0002a5c4'}

entropy

7.57173935684

description

A section with a high entropy has been found

entropy

0.370689655172

description

Overall entropy of this PE file is high

File has been identified by 14 AntiVirus engine on IRMA as malicious (14 events)

G Data Antivirus (Windows)	Virus: Generic.Dacic.94CCEEA9.A.B279922E (Engine A)
Avast Core Security (Linux)	Win32:MalwareX-gen [Wrm]
C4S ClamAV (Linux)	Win.Packed.Generic-9967832-0
Trend Micro SProtect (Linux)	Trojan.Win32.FAREIT.SME
Trellix (Linux)	GenericRXTC-TT
WithSecure (Linux)	Trojan.TR/Crypt.XPACK.Gen
eScan Antivirus (Linux)	Generic.Dacic.94CCEEA9.A.B279922E(DB)
ESET Security (Windows)	a variant of Win32/VBClone.E trojan
Sophos Anti-Virus (Linux)	Troj/VB-KCP
DrWeb Antivirus (Linux)	Trojan.Siggen29.56020
ClamAV (Linux)	Win.Packed.Generic-9967832-0
Bitdefender Antivirus (Linux)	Generic.Dacic.94CCEEA9.A.B279922E
Kaspersky Standard (Windows)	Trojan.Win32.VB.dosq
Emsisoft Commandline Scanner (Windows)	Generic.Dacic.94CCEEA9.A.B279922E (B)