Summary

2cff557a384adc83_unicorn-34753.exe

File 2cff557a384adc83_unicorn-34753.exe

Summary
Download Resubmit sample

Size 468.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4539c90aa64c27ae31ed3799a7aa9f04
SHA1 aca467bcfc00f12f7293fad99d51c17a655047c4
SHA256 2cff557a384adc83a7b5b6fe2169ad4cd4128d555847acb769951e23f705ba96
SHA512
ef5be8068960397bfdcde0425bb16ab63c131822ec39de9bc32679ad54656e2c621997741381d58bbbec11c5fd0b67258e4ecaeccfe83e9743b56d16fbcb924a
CRC32 61D0913F
ssdeep None
Yara
  • SEH__vba - (no description)

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:6585880

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE July 2, 2025, 12:18 p.m. July 2, 2025, 12:30 p.m. 690 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-06-24 21:37:17,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpf7a_02
2025-06-24 21:37:17,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\nWlEPOCtUJfayeDqfaHuOghYUu
2025-06-24 21:37:17,030 [analyzer] DEBUG: Log pipe server name: \??\PIPE\DYUPuHOcIPmDYvfI
2025-06-24 21:37:17,030 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-06-24 21:37:17,030 [analyzer] INFO: Automatically selected analysis package "exe"
2025-06-24 21:37:17,375 [analyzer] DEBUG: Started auxiliary module Curtain
2025-06-24 21:37:17,375 [analyzer] DEBUG: Started auxiliary module DbgView
2025-06-24 21:37:17,828 [analyzer] DEBUG: Started auxiliary module Disguise
2025-06-24 21:37:18,108 [analyzer] DEBUG: Loaded monitor into process with pid 504
2025-06-24 21:37:18,108 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-06-24 21:37:18,108 [analyzer] DEBUG: Started auxiliary module Human
2025-06-24 21:37:18,125 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-06-24 21:37:18,125 [analyzer] DEBUG: Started auxiliary module Reboot
2025-06-24 21:37:18,233 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-06-24 21:37:18,233 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-06-24 21:37:18,233 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-06-24 21:37:18,233 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-06-24 21:37:18,405 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\2cff557a384adc83_unicorn-34753.exe' with arguments '' and pid 2468
2025-06-24 21:37:18,703 [analyzer] DEBUG: Loaded monitor into process with pid 2468
2025-06-24 21:37:21,796 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-57652.exe
2025-06-24 21:37:21,858 [analyzer] INFO: Injected into process with pid 300 and name u'Unicorn-57652.exe'
2025-06-24 21:37:22,030 [analyzer] DEBUG: Loaded monitor into process with pid 300
2025-06-24 21:37:25,092 [analyzer] INFO: Added new file to list with pid 300 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-53350.exe
2025-06-24 21:37:25,187 [analyzer] INFO: Injected into process with pid 316 and name u'Unicorn-53350.exe'
2025-06-24 21:37:25,358 [analyzer] DEBUG: Loaded monitor into process with pid 316
2025-06-24 21:37:28,437 [analyzer] INFO: Added new file to list with pid 316 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-9385.exe
2025-06-24 21:37:28,515 [analyzer] INFO: Injected into process with pid 1412 and name u'Unicorn-9385.exe'
2025-06-24 21:37:28,687 [analyzer] DEBUG: Loaded monitor into process with pid 1412
2025-06-24 21:37:31,765 [analyzer] INFO: Added new file to list with pid 1412 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-39.exe
2025-06-24 21:37:31,828 [analyzer] INFO: Injected into process with pid 2512 and name u'Unicorn-39.exe'
2025-06-24 21:37:31,983 [analyzer] DEBUG: Loaded monitor into process with pid 2512
2025-06-24 21:37:35,046 [analyzer] INFO: Added new file to list with pid 2512 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-30548.exe
2025-06-24 21:37:35,187 [analyzer] INFO: Injected into process with pid 844 and name u'Unicorn-30548.exe'
2025-06-24 21:37:35,342 [analyzer] DEBUG: Loaded monitor into process with pid 844
2025-06-24 21:37:38,405 [analyzer] INFO: Added new file to list with pid 844 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-5021.exe
2025-06-24 21:37:38,483 [analyzer] INFO: Injected into process with pid 900 and name u'Unicorn-5021.exe'
2025-06-24 21:37:38,640 [analyzer] DEBUG: Loaded monitor into process with pid 900
2025-06-24 21:37:41,703 [analyzer] INFO: Added new file to list with pid 900 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-65488.exe
2025-06-24 21:37:41,765 [analyzer] INFO: Injected into process with pid 3140 and name u'Unicorn-65488.exe'
2025-06-24 21:37:41,921 [analyzer] DEBUG: Loaded monitor into process with pid 3140
2025-06-24 21:37:44,983 [analyzer] INFO: Added new file to list with pid 3140 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-29692.exe
2025-06-24 21:37:45,078 [analyzer] INFO: Injected into process with pid 3216 and name u'Unicorn-29692.exe'
2025-06-24 21:37:45,250 [analyzer] DEBUG: Loaded monitor into process with pid 3216
2025-06-24 21:37:48,312 [analyzer] INFO: Added new file to list with pid 3216 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-21114.exe
2025-06-24 21:37:48,390 [analyzer] INFO: Injected into process with pid 3308 and name u'Unicorn-21114.exe'
2025-06-24 21:37:48,562 [analyzer] DEBUG: Loaded monitor into process with pid 3308
2025-06-24 21:37:51,625 [analyzer] INFO: Added new file to list with pid 3308 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-46770.exe
2025-06-24 21:37:51,687 [analyzer] INFO: Injected into process with pid 3392 and name u'Unicorn-46770.exe'
2025-06-24 21:37:51,858 [analyzer] DEBUG: Loaded monitor into process with pid 3392
2025-06-24 21:37:54,937 [analyzer] INFO: Added new file to list with pid 3392 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-60138.exe
2025-06-24 21:37:55,015 [analyzer] INFO: Injected into process with pid 3472 and name u'Unicorn-60138.exe'
2025-06-24 21:37:55,171 [analyzer] DEBUG: Loaded monitor into process with pid 3472
2025-06-24 21:37:58,233 [analyzer] INFO: Added new file to list with pid 3472 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-55836.exe
2025-06-24 21:37:58,328 [analyzer] INFO: Injected into process with pid 3552 and name u'Unicorn-55836.exe'
2025-06-24 21:37:58,515 [analyzer] DEBUG: Loaded monitor into process with pid 3552
2025-06-24 21:38:01,592 [analyzer] INFO: Added new file to list with pid 3552 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-42406.exe
2025-06-24 21:38:01,655 [analyzer] INFO: Injected into process with pid 3644 and name u'Unicorn-42406.exe'
2025-06-24 21:38:01,812 [analyzer] DEBUG: Loaded monitor into process with pid 3644
2025-06-24 21:38:04,875 [analyzer] INFO: Added new file to list with pid 3644 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-6609.exe
2025-06-24 21:38:04,967 [analyzer] INFO: Injected into process with pid 3724 and name u'Unicorn-6609.exe'
2025-06-24 21:38:05,125 [analyzer] DEBUG: Loaded monitor into process with pid 3724
2025-06-24 21:38:08,203 [analyzer] INFO: Added new file to list with pid 3724 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-51472.exe
2025-06-24 21:38:08,280 [analyzer] INFO: Injected into process with pid 3804 and name u'Unicorn-51472.exe'
2025-06-24 21:38:08,453 [analyzer] DEBUG: Loaded monitor into process with pid 3804
2025-06-24 21:38:11,530 [analyzer] INFO: Added new file to list with pid 3804 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-42126.exe
2025-06-24 21:38:11,592 [analyzer] INFO: Injected into process with pid 3892 and name u'Unicorn-42126.exe'
2025-06-24 21:38:11,765 [analyzer] DEBUG: Loaded monitor into process with pid 3892
2025-06-24 21:38:14,828 [analyzer] INFO: Added new file to list with pid 3892 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-37056.exe
2025-06-24 21:38:14,967 [analyzer] INFO: Injected into process with pid 3988 and name u'Unicorn-37056.exe'
2025-06-24 21:38:15,125 [analyzer] DEBUG: Loaded monitor into process with pid 3988
2025-06-24 21:38:18,203 [analyzer] INFO: Added new file to list with pid 3988 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-55312.exe
2025-06-24 21:38:18,265 [analyzer] INFO: Injected into process with pid 4072 and name u'Unicorn-55312.exe'
2025-06-24 21:38:18,437 [analyzer] DEBUG: Loaded monitor into process with pid 4072
2025-06-24 21:38:21,500 [analyzer] INFO: Added new file to list with pid 4072 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-50050.exe
2025-06-24 21:38:21,562 [analyzer] INFO: Injected into process with pid 1344 and name u'Unicorn-50050.exe'
2025-06-24 21:38:21,717 [analyzer] DEBUG: Loaded monitor into process with pid 1344
2025-06-24 21:38:24,780 [analyzer] INFO: Added new file to list with pid 1344 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-1965.exe
2025-06-24 21:38:24,858 [analyzer] INFO: Injected into process with pid 3324 and name u'Unicorn-1965.exe'
2025-06-24 21:38:25,046 [analyzer] DEBUG: Loaded monitor into process with pid 3324
2025-06-24 21:38:28,108 [analyzer] INFO: Added new file to list with pid 3324 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-59116.exe
2025-06-24 21:38:28,187 [analyzer] INFO: Injected into process with pid 3504 and name u'Unicorn-59116.exe'
2025-06-24 21:38:28,342 [analyzer] DEBUG: Loaded monitor into process with pid 3504
2025-06-24 21:38:31,405 [analyzer] INFO: Added new file to list with pid 3504 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-54046.exe
2025-06-24 21:38:31,483 [analyzer] INFO: Injected into process with pid 2684 and name u'Unicorn-54046.exe'
2025-06-24 21:38:31,640 [analyzer] DEBUG: Loaded monitor into process with pid 2684
2025-06-24 21:38:34,703 [analyzer] INFO: Added new file to list with pid 2684 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-48976.exe
2025-06-24 21:38:34,858 [analyzer] INFO: Injected into process with pid 584 and name u'Unicorn-48976.exe'
2025-06-24 21:38:35,000 [analyzer] DEBUG: Loaded monitor into process with pid 584
2025-06-24 21:38:38,062 [analyzer] INFO: Added new file to list with pid 584 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-36314.exe
2025-06-24 21:38:38,125 [analyzer] INFO: Injected into process with pid 4016 and name u'Unicorn-36314.exe'
2025-06-24 21:38:38,296 [analyzer] DEBUG: Loaded monitor into process with pid 4016
2025-06-24 21:38:41,358 [analyzer] INFO: Added new file to list with pid 4016 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-18956.exe
2025-06-24 21:38:41,421 [analyzer] INFO: Injected into process with pid 2488 and name u'Unicorn-18956.exe'
2025-06-24 21:38:41,592 [analyzer] DEBUG: Loaded monitor into process with pid 2488
2025-06-24 21:38:44,655 [analyzer] INFO: Added new file to list with pid 2488 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-13885.exe
2025-06-24 21:38:44,733 [analyzer] INFO: Injected into process with pid 576 and name u'Unicorn-13885.exe'
2025-06-24 21:38:44,921 [analyzer] DEBUG: Loaded monitor into process with pid 576
2025-06-24 21:38:47,983 [analyzer] INFO: Added new file to list with pid 576 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-4731.exe
2025-06-24 21:38:48,046 [analyzer] INFO: Injected into process with pid 2924 and name u'Unicorn-4731.exe'
2025-06-24 21:38:48,217 [analyzer] DEBUG: Loaded monitor into process with pid 2924
2025-06-24 21:38:51,296 [analyzer] INFO: Added new file to list with pid 2924 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-30964.exe
2025-06-24 21:38:51,358 [analyzer] INFO: Injected into process with pid 2908 and name u'Unicorn-30964.exe'
2025-06-24 21:38:51,515 [analyzer] DEBUG: Loaded monitor into process with pid 2908
2025-06-24 21:38:54,578 [analyzer] INFO: Added new file to list with pid 2908 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-60704.exe
2025-06-24 21:38:54,655 [analyzer] INFO: Injected into process with pid 3744 and name u'Unicorn-60704.exe'
2025-06-24 21:38:54,812 [analyzer] DEBUG: Loaded monitor into process with pid 3744
2025-06-24 21:38:57,875 [analyzer] INFO: Added new file to list with pid 3744 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-10577.exe
2025-06-24 21:38:57,937 [analyzer] INFO: Injected into process with pid 2660 and name u'Unicorn-10577.exe'
2025-06-24 21:38:58,108 [analyzer] DEBUG: Loaded monitor into process with pid 2660
2025-06-24 21:39:01,187 [analyzer] INFO: Added new file to list with pid 2660 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-37002.exe
2025-06-24 21:39:01,265 [analyzer] INFO: Injected into process with pid 620 and name u'Unicorn-37002.exe'
2025-06-24 21:39:01,421 [analyzer] DEBUG: Loaded monitor into process with pid 620
2025-06-24 21:39:04,500 [analyzer] INFO: Added new file to list with pid 620 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-62466.exe
2025-06-24 21:39:04,562 [analyzer] INFO: Injected into process with pid 1900 and name u'Unicorn-62466.exe'
2025-06-24 21:39:04,733 [analyzer] DEBUG: Loaded monitor into process with pid 1900
2025-06-24 21:39:07,812 [analyzer] INFO: Added new file to list with pid 1900 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-22586.exe
2025-06-24 21:39:07,890 [analyzer] INFO: Injected into process with pid 3572 and name u'Unicorn-22586.exe'
2025-06-24 21:39:08,046 [analyzer] DEBUG: Loaded monitor into process with pid 3572
2025-06-24 21:39:11,125 [analyzer] INFO: Added new file to list with pid 3572 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-49010.exe
2025-06-24 21:39:11,187 [analyzer] INFO: Injected into process with pid 3740 and name u'Unicorn-49010.exe'
2025-06-24 21:39:11,358 [analyzer] DEBUG: Loaded monitor into process with pid 3740
2025-06-24 21:39:14,437 [analyzer] INFO: Added new file to list with pid 3740 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-62378.exe
2025-06-24 21:39:14,515 [analyzer] INFO: Injected into process with pid 2448 and name u'Unicorn-62378.exe'
2025-06-24 21:39:14,671 [analyzer] DEBUG: Loaded monitor into process with pid 2448
2025-06-24 21:39:17,750 [analyzer] INFO: Added new file to list with pid 2448 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-22306.exe
2025-06-24 21:39:17,828 [analyzer] INFO: Injected into process with pid 1212 and name u'Unicorn-22306.exe'
2025-06-24 21:39:18,000 [analyzer] DEBUG: Loaded monitor into process with pid 1212
2025-06-24 21:39:21,078 [analyzer] INFO: Added new file to list with pid 1212 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-13919.exe
2025-06-24 21:39:21,140 [analyzer] INFO: Injected into process with pid 2516 and name u'Unicorn-13919.exe'
2025-06-24 21:39:21,312 [analyzer] DEBUG: Loaded monitor into process with pid 2516
2025-06-24 21:39:24,390 [analyzer] INFO: Added new file to list with pid 2516 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-39576.exe
2025-06-24 21:39:24,467 [analyzer] INFO: Injected into process with pid 2296 and name u'Unicorn-39576.exe'
2025-06-24 21:39:24,625 [analyzer] DEBUG: Loaded monitor into process with pid 2296
2025-06-24 21:39:27,733 [analyzer] INFO: Added new file to list with pid 2296 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-61148.exe
2025-06-24 21:39:27,828 [analyzer] INFO: Injected into process with pid 4128 and name u'Unicorn-61148.exe'
2025-06-24 21:39:27,983 [analyzer] DEBUG: Loaded monitor into process with pid 4128
2025-06-24 21:39:31,078 [analyzer] INFO: Added new file to list with pid 4128 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-5471.exe
2025-06-24 21:39:31,171 [analyzer] INFO: Injected into process with pid 4212 and name u'Unicorn-5471.exe'
2025-06-24 21:39:31,328 [analyzer] DEBUG: Loaded monitor into process with pid 4212
2025-06-24 21:39:34,421 [analyzer] INFO: Added new file to list with pid 4212 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-27044.exe
2025-06-24 21:39:34,578 [analyzer] INFO: Injected into process with pid 4304 and name u'Unicorn-27044.exe'
2025-06-24 21:39:34,765 [analyzer] DEBUG: Loaded monitor into process with pid 4304
2025-06-24 21:39:37,953 [analyzer] INFO: Added new file to list with pid 4304 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-23920.exe
2025-06-24 21:39:38,062 [analyzer] INFO: Injected into process with pid 4384 and name u'Unicorn-23920.exe'
2025-06-24 21:39:38,233 [analyzer] DEBUG: Loaded monitor into process with pid 4384
2025-06-24 21:39:41,342 [analyzer] INFO: Added new file to list with pid 4384 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-7173.exe
2025-06-24 21:39:41,467 [analyzer] INFO: Injected into process with pid 4468 and name u'Unicorn-7173.exe'
2025-06-24 21:39:41,625 [analyzer] DEBUG: Loaded monitor into process with pid 4468
2025-06-24 21:39:44,765 [analyzer] INFO: Added new file to list with pid 4468 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-38824.exe
2025-06-24 21:39:44,875 [analyzer] INFO: Injected into process with pid 4556 and name u'Unicorn-38824.exe'
2025-06-24 21:39:45,015 [analyzer] DEBUG: Loaded monitor into process with pid 4556
2025-06-24 21:39:48,140 [analyzer] INFO: Added new file to list with pid 4556 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-57080.exe
2025-06-24 21:39:48,250 [analyzer] INFO: Injected into process with pid 4636 and name u'Unicorn-57080.exe'
2025-06-24 21:39:48,421 [analyzer] DEBUG: Loaded monitor into process with pid 4636
2025-06-24 21:39:51,530 [analyzer] INFO: Added new file to list with pid 4636 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-39566.exe
2025-06-24 21:39:51,655 [analyzer] INFO: Injected into process with pid 4728 and name u'Unicorn-39566.exe'
2025-06-24 21:39:51,828 [analyzer] DEBUG: Loaded monitor into process with pid 4728
2025-06-24 21:39:54,967 [analyzer] INFO: Added new file to list with pid 4728 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-48886.exe
2025-06-24 21:39:55,092 [analyzer] INFO: Injected into process with pid 4820 and name u'Unicorn-48886.exe'
2025-06-24 21:39:55,265 [analyzer] DEBUG: Loaded monitor into process with pid 4820
2025-06-24 21:39:58,375 [analyzer] INFO: Added new file to list with pid 4820 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-62866.exe
2025-06-24 21:39:58,453 [analyzer] INFO: Injected into process with pid 4900 and name u'Unicorn-62866.exe'
2025-06-24 21:39:58,625 [analyzer] DEBUG: Loaded monitor into process with pid 4900
2025-06-24 21:40:01,733 [analyzer] INFO: Added new file to list with pid 4900 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-37340.exe
2025-06-24 21:40:01,842 [analyzer] INFO: Injected into process with pid 4984 and name u'Unicorn-37340.exe'
2025-06-24 21:40:02,000 [analyzer] DEBUG: Loaded monitor into process with pid 4984
2025-06-24 21:40:05,125 [analyzer] INFO: Added new file to list with pid 4984 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-20594.exe
2025-06-24 21:40:05,203 [analyzer] INFO: Injected into process with pid 5064 and name u'Unicorn-20594.exe'
2025-06-24 21:40:05,375 [analyzer] DEBUG: Loaded monitor into process with pid 5064
2025-06-24 21:40:08,515 [analyzer] INFO: Added new file to list with pid 5064 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-3079.exe
2025-06-24 21:40:08,592 [analyzer] INFO: Injected into process with pid 4148 and name u'Unicorn-3079.exe'
2025-06-24 21:40:08,750 [analyzer] DEBUG: Loaded monitor into process with pid 4148
2025-06-24 21:40:11,858 [analyzer] INFO: Added new file to list with pid 4148 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-24652.exe
2025-06-24 21:40:11,983 [analyzer] INFO: Injected into process with pid 4316 and name u'Unicorn-24652.exe'
2025-06-24 21:40:12,140 [analyzer] DEBUG: Loaded monitor into process with pid 4316
2025-06-24 21:40:15,265 [analyzer] INFO: Added new file to list with pid 4316 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-38632.exe
2025-06-24 21:40:15,328 [analyzer] INFO: Injected into process with pid 1860 and name u'Unicorn-38632.exe'
2025-06-24 21:40:15,500 [analyzer] DEBUG: Loaded monitor into process with pid 1860
2025-06-24 21:40:18,640 [analyzer] INFO: Added new file to list with pid 1860 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-43832.exe
2025-06-24 21:40:18,703 [analyzer] INFO: Injected into process with pid 128 and name u'Unicorn-43832.exe'
2025-06-24 21:40:18,875 [analyzer] DEBUG: Loaded monitor into process with pid 128
2025-06-24 21:40:22,015 [analyzer] INFO: Added new file to list with pid 128 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-61896.exe
2025-06-24 21:40:22,078 [analyzer] INFO: Injected into process with pid 2464 and name u'Unicorn-61896.exe'
2025-06-24 21:40:22,250 [analyzer] DEBUG: Loaded monitor into process with pid 2464
2025-06-24 21:40:25,405 [analyzer] INFO: Added new file to list with pid 2464 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-44574.exe
2025-06-24 21:40:25,515 [analyzer] INFO: Injected into process with pid 2096 and name u'Unicorn-44574.exe'
2025-06-24 21:40:25,687 [analyzer] DEBUG: Loaded monitor into process with pid 2096
2025-06-24 21:40:28,828 [analyzer] INFO: Added new file to list with pid 2096 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-22976.exe
2025-06-24 21:40:28,905 [analyzer] INFO: Injected into process with pid 4088 and name u'Unicorn-22976.exe'
2025-06-24 21:40:29,062 [analyzer] DEBUG: Loaded monitor into process with pid 4088
2025-06-24 21:40:32,217 [analyzer] INFO: Added new file to list with pid 4088 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-59670.exe
2025-06-24 21:40:32,328 [analyzer] INFO: Injected into process with pid 4496 and name u'Unicorn-59670.exe'
2025-06-24 21:40:32,467 [analyzer] DEBUG: Loaded monitor into process with pid 4496
2025-06-24 21:40:35,625 [analyzer] INFO: Added new file to list with pid 4496 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-7345.exe
2025-06-24 21:40:35,703 [analyzer] INFO: Injected into process with pid 2716 and name u'Unicorn-7345.exe'
2025-06-24 21:40:35,858 [analyzer] DEBUG: Loaded monitor into process with pid 2716
2025-06-24 21:40:37,467 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-06-24 21:40:39,015 [analyzer] INFO: Added new file to list with pid 2716 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-25410.exe
2025-06-24 21:40:39,092 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-06-24 21:40:39,092 [lib.api.process] INFO: Successfully terminated process with pid 2468.
2025-06-24 21:40:39,092 [lib.api.process] INFO: Successfully terminated process with pid 300.
2025-06-24 21:40:39,092 [lib.api.process] INFO: Successfully terminated process with pid 316.
2025-06-24 21:40:39,092 [lib.api.process] INFO: Successfully terminated process with pid 1412.
2025-06-24 21:40:39,092 [lib.api.process] INFO: Successfully terminated process with pid 2512.
2025-06-24 21:40:39,092 [lib.api.process] INFO: Successfully terminated process with pid 844.
2025-06-24 21:40:39,092 [lib.api.process] INFO: Successfully terminated process with pid 900.
2025-06-24 21:40:39,092 [lib.api.process] INFO: Successfully terminated process with pid 3140.
2025-06-24 21:40:39,092 [lib.api.process] INFO: Successfully terminated process with pid 3216.
2025-06-24 21:40:39,092 [lib.api.process] INFO: Successfully terminated process with pid 3308.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 3392.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 3472.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 3552.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 3644.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 3724.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 3804.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 3892.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 3988.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 4072.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 1344.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 3324.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 3504.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 2684.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 584.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 4016.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 2488.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 576.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 2924.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 2908.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 3744.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 2660.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 620.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 1900.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 3572.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 3740.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 2448.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 1212.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 2516.
2025-06-24 21:40:39,108 [lib.api.process] INFO: Successfully terminated process with pid 2296.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 4128.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 4212.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 4304.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 4384.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 4468.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 4556.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 4636.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 4728.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 4820.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 4900.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 4984.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 5064.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 4148.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 4316.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 1860.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 128.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 2464.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 2096.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 4088.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 4496.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 2716.
2025-06-24 21:40:39,125 [lib.api.process] INFO: Successfully terminated process with pid 3880.
2025-06-24 21:40:39,342 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-13919.exe
2025-06-24 21:40:39,342 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-55312.exe
2025-06-24 21:40:39,342 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-48886.exe
2025-06-24 21:40:39,342 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-23920.exe
2025-06-24 21:40:39,342 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-36314.exe
2025-06-24 21:40:39,342 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-53350.exe
2025-06-24 21:40:39,342 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-21114.exe
2025-06-24 21:40:39,342 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-62466.exe
2025-06-24 21:40:39,342 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-65488.exe
2025-06-24 21:40:39,342 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-43832.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-57080.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-37340.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-38632.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-44574.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-22586.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-50050.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-24652.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-59116.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-54046.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-39.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-10577.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-22306.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-30548.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-13885.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-4731.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-62378.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-57652.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-5471.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-22976.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-25410.exe
2025-06-24 21:40:39,358 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-20594.exe

Cuckoo Log

2025-07-02 12:18:51,313 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:18:52,330 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:18:53,348 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:18:54,374 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:18:55,422 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:18:56,450 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:18:57,471 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:18:58,788 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:18:59,860 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:00,895 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:01,928 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:02,958 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:03,986 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:05,017 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:06,051 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:07,089 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:08,137 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:09,199 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:10,299 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:11,366 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:12,405 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:13,445 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:14,599 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:15,804 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:16,876 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:17,954 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:19,004 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:20,036 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:21,064 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:22,095 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:23,148 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:24,184 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:25,222 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:26,255 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:27,283 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:28,310 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:29,345 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:30,376 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:31,408 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:32,436 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:33,463 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:34,609 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:35,651 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:36,698 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:37,755 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:38,835 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:39,909 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:40,991 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:42,376 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:43,465 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:44,695 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:45,767 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:46,855 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:47,930 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:48,992 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:50,248 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:51,456 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:52,513 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:53,977 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:55,044 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:56,126 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:57,196 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:58,239 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:19:59,309 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:00,376 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:01,441 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:02,498 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:03,575 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:04,769 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:05,788 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:06,808 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:07,828 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:08,846 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:09,929 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:10,963 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:12,001 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:13,159 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:14,530 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:15,560 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:16,586 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:17,619 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:18,646 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:19,682 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:20,879 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:21,912 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:23,085 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:24,108 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:25,130 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:26,146 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:27,168 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:28,187 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:29,204 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:30,223 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:31,574 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:32,604 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:33,630 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:34,659 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:35,692 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:36,738 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:37,767 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:38,786 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:39,807 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:40,831 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:41,849 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:42,902 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:44,029 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:45,128 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:46,210 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:47,278 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:48,329 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:49,391 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:50,452 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:51,503 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:52,552 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:53,609 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:54,657 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:55,702 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:56,753 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:57,792 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:58,888 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:20:59,944 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:00,994 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:02,425 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:03,444 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:04,461 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:05,487 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:06,507 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:07,708 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:08,736 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:09,762 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:10,802 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:11,845 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:12,874 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:13,912 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:14,954 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:16,001 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:17,041 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:18,092 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:19,135 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:20,182 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:21,275 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:22,315 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:23,367 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:24,408 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:25,444 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:26,691 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:27,812 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:28,900 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:29,939 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:31,006 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:32,051 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:33,099 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:34,169 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:35,240 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:36,278 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:37,312 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:38,491 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:39,660 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:40,707 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:41,749 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:42,791 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:43,842 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:44,957 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:46,211 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:47,354 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:48,421 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:49,682 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:50,916 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:52,060 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:53,088 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:54,175 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:55,194 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:56,521 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:57,541 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:58,561 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:21:59,579 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:00,600 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:01,619 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:02,637 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:03,675 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:04,692 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:05,709 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:06,728 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:07,746 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:08,767 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:09,783 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:10,805 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:11,822 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:12,838 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:13,866 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:14,884 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:16,097 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:17,164 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:18,195 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:19,515 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:20,638 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:21,789 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:22,847 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:23,911 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:24,956 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:26,143 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:27,509 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:28,852 [cuckoo.core.scheduler] DEBUG: Task #6631179: no machine available yet
2025-07-02 12:22:30,175 [cuckoo.core.scheduler] INFO: Task #6631179: acquired machine win7x6427 (label=win7x6427)
2025-07-02 12:22:30,190 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.227 for task #6631179
2025-07-02 12:22:30,709 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2762349 (interface=vboxnet0, host=192.168.168.227)
2025-07-02 12:22:31,977 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6427
2025-07-02 12:22:39,214 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6427 to vmcloak
2025-07-02 12:24:35,576 [cuckoo.core.guest] INFO: Starting analysis #6631179 on guest (id=win7x6427, ip=192.168.168.227)
2025-07-02 12:24:36,588 [cuckoo.core.guest] DEBUG: win7x6427: not ready yet
2025-07-02 12:24:41,628 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6427, ip=192.168.168.227)
2025-07-02 12:24:41,741 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6427, ip=192.168.168.227, monitor=latest, size=6660546)
2025-07-02 12:24:43,412 [cuckoo.core.resultserver] DEBUG: Task #6631179: live log analysis.log initialized.
2025-07-02 12:24:44,533 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:24:45,035 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:24:45,760 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0001.jpg'
2025-07-02 12:24:45,779 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 133469
2025-07-02 12:24:48,383 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:24:49,995 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0002.jpg'
2025-07-02 12:24:50,006 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 137210
2025-07-02 12:24:51,813 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:24:54,541 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0003.jpg'
2025-07-02 12:24:54,558 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 127239
2025-07-02 12:24:55,357 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:24:57,244 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0004.jpg'
2025-07-02 12:24:57,776 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 127545
2025-07-02 12:24:58,345 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:24:58,544 [cuckoo.core.guest] DEBUG: win7x6427: analysis #6631179 still processing
2025-07-02 12:25:01,731 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:25:02,578 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0005.jpg'
2025-07-02 12:25:02,586 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 128450
2025-07-02 12:25:04,978 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:25:06,770 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0006.jpg'
2025-07-02 12:25:06,802 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 129628
2025-07-02 12:25:08,593 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:25:09,917 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0007.jpg'
2025-07-02 12:25:09,928 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 130354
2025-07-02 12:25:11,587 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:25:13,075 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0008.jpg'
2025-07-02 12:25:13,089 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 130892
2025-07-02 12:25:13,805 [cuckoo.core.guest] DEBUG: win7x6427: analysis #6631179 still processing
2025-07-02 12:25:15,063 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:25:16,309 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0009.jpg'
2025-07-02 12:25:16,327 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 131544
2025-07-02 12:25:18,285 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:25:19,616 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0010.jpg'
2025-07-02 12:25:19,817 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 132175
2025-07-02 12:25:21,509 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:25:22,945 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0011.jpg'
2025-07-02 12:25:22,957 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 132551
2025-07-02 12:25:24,895 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:25:26,067 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0012.jpg'
2025-07-02 12:25:26,076 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 133055
2025-07-02 12:25:28,165 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:25:28,920 [cuckoo.core.guest] DEBUG: win7x6427: analysis #6631179 still processing
2025-07-02 12:25:29,212 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0013.jpg'
2025-07-02 12:25:29,226 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 133200
2025-07-02 12:25:31,472 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:25:34,795 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:25:38,103 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:25:41,648 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:25:44,240 [cuckoo.core.guest] DEBUG: win7x6427: analysis #6631179 still processing
2025-07-02 12:25:44,775 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:25:48,071 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:25:52,348 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:25:54,779 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:25:59,313 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:25:59,584 [cuckoo.core.guest] DEBUG: win7x6427: analysis #6631179 still processing
2025-07-02 12:26:01,363 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:26:04,639 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:26:07,931 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:26:11,348 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:26:14,555 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:26:15,097 [cuckoo.core.guest] DEBUG: win7x6427: analysis #6631179 still processing
2025-07-02 12:26:17,852 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:26:21,149 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:26:24,446 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:26:27,774 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:26:30,221 [cuckoo.core.guest] DEBUG: win7x6427: analysis #6631179 still processing
2025-07-02 12:26:31,071 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:26:34,412 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:26:37,697 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:26:41,008 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:26:44,337 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:26:45,420 [cuckoo.core.guest] DEBUG: win7x6427: analysis #6631179 still processing
2025-07-02 12:26:47,676 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:26:50,992 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:26:54,322 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:26:57,665 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:27:00,513 [cuckoo.core.guest] DEBUG: win7x6427: analysis #6631179 still processing
2025-07-02 12:27:01,127 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:27:04,653 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:27:07,965 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:27:11,368 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:27:14,759 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:27:15,702 [cuckoo.core.guest] DEBUG: win7x6427: analysis #6631179 still processing
2025-07-02 12:27:18,169 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:27:18,913 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0014.jpg'
2025-07-02 12:27:18,929 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 133591
2025-07-02 12:27:20,099 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0015.jpg'
2025-07-02 12:27:20,122 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 133329
2025-07-02 12:27:21,619 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:27:25,088 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:27:31,274 [cuckoo.core.guest] DEBUG: win7x6427: analysis #6631179 still processing
2025-07-02 12:27:32,800 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:27:33,836 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:27:35,102 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:27:38,492 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:27:41,852 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:27:45,228 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:27:46,473 [cuckoo.core.guest] DEBUG: win7x6427: analysis #6631179 still processing
2025-07-02 12:27:47,198 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0016.jpg'
2025-07-02 12:27:47,220 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 132564
2025-07-02 12:27:48,602 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:27:49,337 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0017.jpg'
2025-07-02 12:27:49,367 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 131962
2025-07-02 12:27:50,484 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0018.jpg'
2025-07-02 12:27:50,495 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 132861
2025-07-02 12:27:52,040 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:27:52,676 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0019.jpg'
2025-07-02 12:27:52,698 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 132770
2025-07-02 12:27:53,790 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0020.jpg'
2025-07-02 12:27:53,809 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 132921
2025-07-02 12:27:54,939 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0021.jpg'
2025-07-02 12:27:54,972 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 133627
2025-07-02 12:27:55,415 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:27:56,087 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0022.jpg'
2025-07-02 12:27:56,104 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 132929
2025-07-02 12:27:57,234 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0023.jpg'
2025-07-02 12:27:57,246 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 133453
2025-07-02 12:27:58,340 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0024.jpg'
2025-07-02 12:27:58,359 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 134028
2025-07-02 12:27:58,837 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:27:59,452 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0025.jpg'
2025-07-02 12:27:59,465 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 133408
2025-07-02 12:28:00,562 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0026.jpg'
2025-07-02 12:28:00,577 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 133144
2025-07-02 12:28:01,660 [cuckoo.core.guest] DEBUG: win7x6427: analysis #6631179 still processing
2025-07-02 12:28:01,660 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0027.jpg'
2025-07-02 12:28:01,670 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 124579
2025-07-02 12:28:02,212 [cuckoo.core.resultserver] DEBUG: Task #6631179 is sending a BSON stream
2025-07-02 12:28:02,812 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0028.jpg'
2025-07-02 12:28:02,823 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 124453
2025-07-02 12:28:04,094 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'curtain/1750794037.66.curtain.log'
2025-07-02 12:28:04,096 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 36
2025-07-02 12:28:04,973 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'shots/0029.jpg'
2025-07-02 12:28:04,981 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 125240
2025-07-02 12:28:05,253 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'sysmon/1750794038.81.sysmon.xml'
2025-07-02 12:28:05,548 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 13255390
2025-07-02 12:28:05,587 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/2795d85e7abbb90c_unicorn-7345.exe'
2025-07-02 12:28:05,592 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479297
2025-07-02 12:28:05,596 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/2c9669e18987a928_unicorn-1965.exe'
2025-07-02 12:28:05,600 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479258
2025-07-02 12:28:05,603 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/db215bd08d1c6df9_unicorn-37056.exe'
2025-07-02 12:28:05,624 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/ddc95289828f6a90_unicorn-55836.exe'
2025-07-02 12:28:05,630 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/8abd3194c64f66a2_unicorn-48976.exe'
2025-07-02 12:28:06,000 [cuckoo.core.resultserver] DEBUG: Task #6631179 had connection reset for <Context for LOG>
2025-07-02 12:28:06,008 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479255
2025-07-02 12:28:06,013 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/bb4e7a3d28ba0c49_unicorn-7173.exe'
2025-07-02 12:28:06,016 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/570242bbf0f11c71_unicorn-3079.exe'
2025-07-02 12:28:06,019 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/21a5ceeea88294aa_unicorn-49010.exe'
2025-07-02 12:28:06,021 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/d70fa6a5ad84676c_unicorn-6609.exe'
2025-07-02 12:28:06,023 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/b50fa74c52c8b48c_unicorn-46770.exe'
2025-07-02 12:28:06,028 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/46f8ea01e5b1e5a6_unicorn-30964.exe'
2025-07-02 12:28:06,034 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/06f6ead2381da0cf_unicorn-60138.exe'
2025-07-02 12:28:06,037 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/1bd08132c072b47b_unicorn-37002.exe'
2025-07-02 12:28:06,284 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/c56e1efef62370e1_unicorn-61896.exe'
2025-07-02 12:28:06,296 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/8b84159ad2150b7b_unicorn-42126.exe'
2025-07-02 12:28:06,299 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/1be0efe17b926e4d_unicorn-62866.exe'
2025-07-02 12:28:06,301 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/c9282f7e9aced942_unicorn-61148.exe'
2025-07-02 12:28:06,304 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/e1e5c53a0dd56919_unicorn-60704.exe'
2025-07-02 12:28:06,306 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/0e5ccf6bf74a8128_unicorn-29692.exe'
2025-07-02 12:28:06,309 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/4d98e43bf916ebae_unicorn-38824.exe'
2025-07-02 12:28:06,322 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/ca0bebb45106c958_unicorn-51472.exe'
2025-07-02 12:28:06,324 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/1b3f0f7047ed0e2b_unicorn-59670.exe'
2025-07-02 12:28:06,335 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/d469c37e2fabf509_unicorn-9385.exe'
2025-07-02 12:28:06,337 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/1142f2bac6efaf55_unicorn-5021.exe'
2025-07-02 12:28:06,340 [cuckoo.core.resultserver] DEBUG: Task #6631179: File upload for 'files/0320320b2b48d5f4_unicorn-42406.exe'
2025-07-02 12:28:06,342 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479244
2025-07-02 12:28:06,345 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479253
2025-07-02 12:28:06,349 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479282
2025-07-02 12:28:06,356 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479277
2025-07-02 12:28:06,360 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479286
2025-07-02 12:28:06,368 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479261
2025-07-02 12:28:06,371 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479250
2025-07-02 12:28:06,411 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479296
2025-07-02 12:28:06,414 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479267
2025-07-02 12:28:06,417 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479254
2025-07-02 12:28:06,419 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479269
2025-07-02 12:28:06,422 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479248
2025-07-02 12:28:06,424 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479272
2025-07-02 12:28:06,427 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479241
2025-07-02 12:28:06,430 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479281
2025-07-02 12:28:06,432 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479249
2025-07-02 12:28:06,436 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479289
2025-07-02 12:28:06,438 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479293
2025-07-02 12:28:06,441 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479252
2025-07-02 12:28:06,443 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479266
2025-07-02 12:28:06,446 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479246
2025-07-02 12:28:06,450 [cuckoo.core.resultserver] DEBUG: Task #6631179 uploaded file length: 479251
2025-07-02 12:28:07,695 [cuckoo.core.guest] INFO: win7x6427: analysis completed successfully
2025-07-02 12:28:07,706 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-07-02 12:28:07,930 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-07-02 12:28:08,958 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6427 to path /srv/cuckoo/cwd/storage/analyses/6631179/memory.dmp
2025-07-02 12:28:08,971 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6427
2025-07-02 12:30:20,974 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.227 for task #6631179
2025-07-02 12:30:22,047 [cuckoo.core.scheduler] DEBUG: Released database task #6631179
2025-07-02 12:30:22,070 [cuckoo.core.scheduler] INFO: Task #6631179: analysis procedure completed

Signatures

Yara rule detected for file (1 event)
description (no description) rule SEH__vba
One or more processes crashed (50 out of 59 events)
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: 2cff557a384adc83_unicorn-34753+0x2ab95
exception.instruction: int3
exception.module: 2cff557a384adc83_unicorn-34753.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 3216896
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 3214960
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-57652+0x2ab95
exception.instruction: int3
exception.module: Unicorn-57652.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6169792
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6167864
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-53350+0x2ab95
exception.instruction: int3
exception.module: Unicorn-53350.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 9512128
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 9510200
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-9385+0x2ab95
exception.instruction: int3
exception.module: Unicorn-9385.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 9118912
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 9116984
1 0 0

__exception__

 stacktrace: 
0xd872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-39+0x2ab95
exception.instruction: int3
exception.module: Unicorn-39.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 3220656
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 3218728
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-30548+0x2ab95
exception.instruction: int3
exception.module: Unicorn-30548.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6235328
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6233400
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-5021+0x2ab95
exception.instruction: int3
exception.module: Unicorn-5021.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 2696384
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 2694456
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-65488+0x2ab95
exception.instruction: int3
exception.module: Unicorn-65488.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 8987840
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 8985912
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-29692+0x2ab95
exception.instruction: int3
exception.module: Unicorn-29692.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6235328
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6233400
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-21114+0x2ab95
exception.instruction: int3
exception.module: Unicorn-21114.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6366400
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6364472
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-46770+0x2ab95
exception.instruction: int3
exception.module: Unicorn-46770.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 8987840
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 8985912
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-60138+0x2ab95
exception.instruction: int3
exception.module: Unicorn-60138.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 5514432
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 5512504
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-55836+0x2ab95
exception.instruction: int3
exception.module: Unicorn-55836.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6169792
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6167864
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-42406+0x2ab95
exception.instruction: int3
exception.module: Unicorn-42406.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6104256
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6102328
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-6609+0x2ab95
exception.instruction: int3
exception.module: Unicorn-6609.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 3351744
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 3349816
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-51472+0x2ab95
exception.instruction: int3
exception.module: Unicorn-51472.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6300864
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6298936
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-42126+0x2ab95
exception.instruction: int3
exception.module: Unicorn-42126.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 2958528
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 2956600
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-37056+0x2ab95
exception.instruction: int3
exception.module: Unicorn-37056.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 5776576
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 5774648
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-55312+0x2ab95
exception.instruction: int3
exception.module: Unicorn-55312.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 8987840
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 8985912
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-50050+0x2ab95
exception.instruction: int3
exception.module: Unicorn-50050.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6104256
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6102328
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-1965+0x2ab95
exception.instruction: int3
exception.module: Unicorn-1965.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6104256
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6102328
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-59116+0x2ab95
exception.instruction: int3
exception.module: Unicorn-59116.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 3089600
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 3087672
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-54046+0x2ab95
exception.instruction: int3
exception.module: Unicorn-54046.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 5776576
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 5774648
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-48976+0x2ab95
exception.instruction: int3
exception.module: Unicorn-48976.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6104256
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6102328
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-36314+0x2ab95
exception.instruction: int3
exception.module: Unicorn-36314.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 8987840
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 8985912
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-18956+0x2ab95
exception.instruction: int3
exception.module: Unicorn-18956.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 9249984
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 9248056
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-13885+0x2ab95
exception.instruction: int3
exception.module: Unicorn-13885.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6563008
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6561080
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-4731+0x2ab95
exception.instruction: int3
exception.module: Unicorn-4731.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 9512128
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 9510200
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-30964+0x2ab95
exception.instruction: int3
exception.module: Unicorn-30964.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6431936
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6430008
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-60704+0x2ab95
exception.instruction: int3
exception.module: Unicorn-60704.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6300864
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6298936
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-10577+0x2ab95
exception.instruction: int3
exception.module: Unicorn-10577.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6235328
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6233400
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-37002+0x2ab95
exception.instruction: int3
exception.module: Unicorn-37002.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6038720
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6036792
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-62466+0x2ab95
exception.instruction: int3
exception.module: Unicorn-62466.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 3351744
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 3349816
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-22586+0x2ab95
exception.instruction: int3
exception.module: Unicorn-22586.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 3089600
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 3087672
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-49010+0x2ab95
exception.instruction: int3
exception.module: Unicorn-49010.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6431936
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6430008
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-62378+0x2ab95
exception.instruction: int3
exception.module: Unicorn-62378.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6628544
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6626616
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-22306+0x2ab95
exception.instruction: int3
exception.module: Unicorn-22306.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 3089600
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 3087672
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-13919+0x2ab95
exception.instruction: int3
exception.module: Unicorn-13919.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 2958528
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 2956600
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-39576+0x2ab95
exception.instruction: int3
exception.module: Unicorn-39576.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 5907648
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 5905720
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-61148+0x2ab95
exception.instruction: int3
exception.module: Unicorn-61148.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6169792
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6167864
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-5471+0x2ab95
exception.instruction: int3
exception.module: Unicorn-5471.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 9512128
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 9510200
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-27044+0x2ab95
exception.instruction: int3
exception.module: Unicorn-27044.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 2827456
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 2825528
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-23920+0x2ab95
exception.instruction: int3
exception.module: Unicorn-23920.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 5842112
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 5840184
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-7173+0x2ab95
exception.instruction: int3
exception.module: Unicorn-7173.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 5514432
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 5512504
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-38824+0x2ab95
exception.instruction: int3
exception.module: Unicorn-38824.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 5448896
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 5446968
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-57080+0x2ab95
exception.instruction: int3
exception.module: Unicorn-57080.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6497472
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6495544
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-39566+0x2ab95
exception.instruction: int3
exception.module: Unicorn-39566.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 5842112
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 5840184
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-48886+0x2ab95
exception.instruction: int3
exception.module: Unicorn-48886.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6497472
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6495544
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-62866+0x2ab95
exception.instruction: int3
exception.module: Unicorn-62866.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 6300864
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 6298936
1 0 0

__exception__

 stacktrace: 
0xe872991d

exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0
exception.symbol: unicorn-37340+0x2ab95
exception.instruction: int3
exception.module: Unicorn-37340.exe
exception.exception_code: 0x80000003
exception.offset: 174997
exception.address: 0x42ab95
registers.esp: 1636932
registers.edi: 1637180
registers.eax: 0
registers.ebp: 1637169
registers.edx: 3089600
registers.ebx: 1
registers.esi: 1637388
registers.ecx: 3087672
1 0 0
Foreign language identified in PE resource (1 event)
name RT_VERSION language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x000747c4 size 0x00000234
Creates executable files on the filesystem (50 out of 60 events)
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-23920.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-7345.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-36314.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-53350.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-46770.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-21114.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-62466.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-65488.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-43832.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-62866.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-57080.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-37340.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-22586.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-50050.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-39566.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-44574.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-59116.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-54046.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-39.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-10577.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-22306.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-30548.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-4731.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-62378.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-57652.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-5471.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-25410.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-55836.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-20594.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-27044.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-18956.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-39576.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-1965.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-37056.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-24652.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-38824.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-48976.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-7173.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-3079.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-49010.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-38632.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-30964.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-60138.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-61896.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-42126.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-61148.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-60704.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-29692.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-37002.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-51472.exe
Drops an executable to the user AppData folder (2 events)
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-7345.exe
file C:\Users\Administrator\AppData\Local\Temp\Unicorn-1965.exe
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2468
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x00520000
process_handle: 0xffffffff
1 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 events)
section {u'size_of_data': u'0x0002b000', u'virtual_address': u'0x00001000', u'entropy': 7.5715989926364236, u'name': u'.text', u'virtual_size': u'0x0002a5c4'} entropy 7.57159899264 description A section with a high entropy has been found
entropy 0.370689655172 description Overall entropy of this PE file is high
File has been identified by 14 AntiVirus engine on IRMA as malicious (14 events)
G Data Antivirus (Windows) Virus: Generic.Dacic.94CCEEA9.A.001E7BD4 (Engine A)
Avast Core Security (Linux) Win32:MalwareX-gen [Wrm]
C4S ClamAV (Linux) Win.Packed.Generic-9967832-0
Trend Micro SProtect (Linux) Trojan.Win32.FAREIT.SME
Trellix (Linux) GenericRXTC-TT
WithSecure (Linux) Trojan.TR/Crypt.XPACK.Gen
eScan Antivirus (Linux) Generic.Dacic.94CCEEA9.A.001E7BD4(DB)
ESET Security (Windows) a variant of Win32/VBClone.E trojan
Sophos Anti-Virus (Linux) Troj/VB-KCP
DrWeb Antivirus (Linux) Trojan.Siggen29.56020
ClamAV (Linux) Win.Packed.Generic-9967832-0
Bitdefender Antivirus (Linux) Generic.Dacic.94CCEEA9.A.001E7BD4
Kaspersky Standard (Windows) Trojan.Win32.VB.dosq
Emsisoft Commandline Scanner (Windows) Generic.Dacic.94CCEEA9.A.001E7BD4 (B)
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.