Cuckoo Sandbox

File fcdd2f1d143465a8_unicorn-53585.exe

Summary
Download Resubmit sample

Size	468.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3e79958850faed235c7df422f880bd55`
SHA1	`25e42c49e75a56691abd868eaef27e45dc4d6e2e`
SHA256	`fcdd2f1d143465a82c5e3e05b09730c9183b7557277ed1d7f55088e67eef76b1`
SHA512	`b9696d7951aaa4d23e572bd43dc43292e8056ed7f75c7b1aeab06b219fbba69b89c89fa73d81ba87cec8465de4f5b13fbcaa6e02dd507992e36e7c9227be7c86`
CRC32	`DC464C36`
ssdeep	`None`
Yara	SEH__vba - (no description)

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:6585880

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	July 2, 2025, 12:19 p.m.	July 2, 2025, 12:27 p.m.	468 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-06-24 21:37:17,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpdrdvpd
2025-06-24 21:37:17,030 [analyzer] DEBUG: Pipe server name: \??\PIPE\PqHqpctVxpYyXbAuApFNYD
2025-06-24 21:37:17,030 [analyzer] DEBUG: Log pipe server name: \??\PIPE\EcMjGxonUKFccmYef
2025-06-24 21:37:17,030 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-06-24 21:37:17,030 [analyzer] INFO: Automatically selected analysis package "exe"
2025-06-24 21:37:17,312 [analyzer] DEBUG: Started auxiliary module Curtain
2025-06-24 21:37:17,312 [analyzer] DEBUG: Started auxiliary module DbgView
2025-06-24 21:37:17,937 [analyzer] DEBUG: Started auxiliary module Disguise
2025-06-24 21:37:18,217 [analyzer] DEBUG: Loaded monitor into process with pid 508
2025-06-24 21:37:18,217 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-06-24 21:37:18,217 [analyzer] DEBUG: Started auxiliary module Human
2025-06-24 21:37:18,217 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-06-24 21:37:18,217 [analyzer] DEBUG: Started auxiliary module Reboot
2025-06-24 21:37:18,296 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-06-24 21:37:18,296 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-06-24 21:37:18,296 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-06-24 21:37:18,296 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-06-24 21:37:18,453 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\fcdd2f1d143465a8_unicorn-53585.exe' with arguments '' and pid 2836
2025-06-24 21:37:18,717 [analyzer] DEBUG: Loaded monitor into process with pid 2836
2025-06-24 21:37:21,812 [analyzer] INFO: Added new file to list with pid 2836 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-49182.exe
2025-06-24 21:37:21,875 [analyzer] INFO: Injected into process with pid 2164 and name u'Unicorn-49182.exe'
2025-06-24 21:37:22,046 [analyzer] DEBUG: Loaded monitor into process with pid 2164
2025-06-24 21:37:25,092 [analyzer] INFO: Added new file to list with pid 2164 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-59758.exe
2025-06-24 21:37:25,187 [analyzer] INFO: Injected into process with pid 2704 and name u'Unicorn-59758.exe'
2025-06-24 21:37:25,342 [analyzer] DEBUG: Loaded monitor into process with pid 2704
2025-06-24 21:37:28,437 [analyzer] INFO: Added new file to list with pid 2704 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-35934.exe
2025-06-24 21:37:28,515 [analyzer] INFO: Injected into process with pid 1496 and name u'Unicorn-35934.exe'
2025-06-24 21:37:28,687 [analyzer] DEBUG: Loaded monitor into process with pid 1496
2025-06-24 21:37:31,750 [analyzer] INFO: Added new file to list with pid 1496 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-7293.exe
2025-06-24 21:37:31,905 [analyzer] INFO: Injected into process with pid 2904 and name u'Unicorn-7293.exe'
2025-06-24 21:37:32,078 [analyzer] DEBUG: Loaded monitor into process with pid 2904
2025-06-24 21:37:35,155 [analyzer] INFO: Added new file to list with pid 2904 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-17678.exe
2025-06-24 21:37:35,233 [analyzer] INFO: Injected into process with pid 3064 and name u'Unicorn-17678.exe'
2025-06-24 21:37:35,390 [analyzer] DEBUG: Loaded monitor into process with pid 3064
2025-06-24 21:37:38,453 [analyzer] INFO: Added new file to list with pid 3064 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-51318.exe
2025-06-24 21:37:38,546 [analyzer] INFO: Injected into process with pid 352 and name u'Unicorn-51318.exe'
2025-06-24 21:37:38,703 [analyzer] DEBUG: Loaded monitor into process with pid 352
2025-06-24 21:37:41,765 [analyzer] INFO: Added new file to list with pid 352 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-10389.exe
2025-06-24 21:37:41,842 [analyzer] INFO: Injected into process with pid 2132 and name u'Unicorn-10389.exe'
2025-06-24 21:37:42,015 [analyzer] DEBUG: Loaded monitor into process with pid 2132
2025-06-24 21:37:45,092 [analyzer] INFO: Added new file to list with pid 2132 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-61806.exe
2025-06-24 21:37:45,171 [analyzer] INFO: Injected into process with pid 1736 and name u'Unicorn-61806.exe'
2025-06-24 21:37:45,342 [analyzer] DEBUG: Loaded monitor into process with pid 1736
2025-06-24 21:37:48,405 [analyzer] INFO: Added new file to list with pid 1736 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-21646.exe
2025-06-24 21:37:48,515 [analyzer] INFO: Injected into process with pid 2660 and name u'Unicorn-21646.exe'
2025-06-24 21:37:48,687 [analyzer] DEBUG: Loaded monitor into process with pid 2660
2025-06-24 21:37:51,750 [analyzer] INFO: Added new file to list with pid 2660 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-9341.exe
2025-06-24 21:37:51,953 [analyzer] INFO: Injected into process with pid 3132 and name u'Unicorn-9341.exe'
2025-06-24 21:37:52,125 [analyzer] DEBUG: Loaded monitor into process with pid 3132
2025-06-24 21:37:55,187 [analyzer] INFO: Added new file to list with pid 3132 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-36062.exe
2025-06-24 21:37:55,250 [analyzer] INFO: Injected into process with pid 3232 and name u'Unicorn-36062.exe'
2025-06-24 21:37:55,405 [analyzer] DEBUG: Loaded monitor into process with pid 3232
2025-06-24 21:37:58,483 [analyzer] INFO: Added new file to list with pid 3232 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-36934.exe
2025-06-24 21:37:58,562 [analyzer] INFO: Injected into process with pid 3320 and name u'Unicorn-36934.exe'
2025-06-24 21:37:58,703 [analyzer] DEBUG: Loaded monitor into process with pid 3320
2025-06-24 21:38:01,765 [analyzer] INFO: Added new file to list with pid 3320 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-45206.exe
2025-06-24 21:38:01,842 [analyzer] INFO: Injected into process with pid 3420 and name u'Unicorn-45206.exe'
2025-06-24 21:38:02,000 [analyzer] DEBUG: Loaded monitor into process with pid 3420
2025-06-24 21:38:05,078 [analyzer] INFO: Added new file to list with pid 3420 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-6581.exe
2025-06-24 21:38:05,155 [analyzer] INFO: Injected into process with pid 3516 and name u'Unicorn-6581.exe'
2025-06-24 21:38:05,312 [analyzer] DEBUG: Loaded monitor into process with pid 3516
2025-06-24 21:38:08,390 [analyzer] INFO: Added new file to list with pid 3516 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-64726.exe
2025-06-24 21:38:08,467 [analyzer] INFO: Injected into process with pid 3608 and name u'Unicorn-64726.exe'
2025-06-24 21:38:08,640 [analyzer] DEBUG: Loaded monitor into process with pid 3608
2025-06-24 21:38:11,717 [analyzer] INFO: Added new file to list with pid 3608 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-59822.exe
2025-06-24 21:38:11,812 [analyzer] INFO: Injected into process with pid 3696 and name u'Unicorn-59822.exe'
2025-06-24 21:38:11,983 [analyzer] DEBUG: Loaded monitor into process with pid 3696
2025-06-24 21:38:15,062 [analyzer] INFO: Added new file to list with pid 3696 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-38302.exe
2025-06-24 21:38:15,155 [analyzer] INFO: Injected into process with pid 3784 and name u'Unicorn-38302.exe'
2025-06-24 21:38:15,312 [analyzer] DEBUG: Loaded monitor into process with pid 3784
2025-06-24 21:38:18,375 [analyzer] INFO: Added new file to list with pid 3784 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-63678.exe
2025-06-24 21:38:18,530 [analyzer] INFO: Injected into process with pid 3876 and name u'Unicorn-63678.exe'
2025-06-24 21:38:18,703 [analyzer] DEBUG: Loaded monitor into process with pid 3876
2025-06-24 21:38:21,765 [analyzer] INFO: Added new file to list with pid 3876 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-47254.exe
2025-06-24 21:38:21,828 [analyzer] INFO: Injected into process with pid 3964 and name u'Unicorn-47254.exe'
2025-06-24 21:38:22,000 [analyzer] DEBUG: Loaded monitor into process with pid 3964
2025-06-24 21:38:25,062 [analyzer] INFO: Added new file to list with pid 3964 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-16798.exe
2025-06-24 21:38:25,140 [analyzer] INFO: Injected into process with pid 4064 and name u'Unicorn-16798.exe'
2025-06-24 21:38:25,312 [analyzer] DEBUG: Loaded monitor into process with pid 4064
2025-06-24 21:38:28,390 [analyzer] INFO: Added new file to list with pid 4064 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-34006.exe
2025-06-24 21:38:28,453 [analyzer] INFO: Injected into process with pid 3172 and name u'Unicorn-34006.exe'
2025-06-24 21:38:28,625 [analyzer] DEBUG: Loaded monitor into process with pid 3172
2025-06-24 21:38:31,687 [analyzer] INFO: Added new file to list with pid 3172 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-12765.exe
2025-06-24 21:38:31,765 [analyzer] INFO: Injected into process with pid 3396 and name u'Unicorn-12765.exe'
2025-06-24 21:38:31,921 [analyzer] DEBUG: Loaded monitor into process with pid 3396
2025-06-24 21:38:34,983 [analyzer] INFO: Added new file to list with pid 3396 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-13637.exe
2025-06-24 21:38:35,078 [analyzer] INFO: Injected into process with pid 3548 and name u'Unicorn-13637.exe'
2025-06-24 21:38:35,250 [analyzer] DEBUG: Loaded monitor into process with pid 3548
2025-06-24 21:38:38,358 [analyzer] INFO: Added new file to list with pid 3548 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-8453.exe
2025-06-24 21:38:38,467 [analyzer] INFO: Injected into process with pid 3780 and name u'Unicorn-8453.exe'
2025-06-24 21:38:38,640 [analyzer] DEBUG: Loaded monitor into process with pid 3780
2025-06-24 21:38:41,733 [analyzer] INFO: Added new file to list with pid 3780 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-49603.exe
2025-06-24 21:38:41,828 [analyzer] INFO: Injected into process with pid 2424 and name u'Unicorn-49603.exe'
2025-06-24 21:38:41,983 [analyzer] DEBUG: Loaded monitor into process with pid 2424
2025-06-24 21:38:45,062 [analyzer] INFO: Added new file to list with pid 2424 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-36251.exe
2025-06-24 21:38:45,171 [analyzer] INFO: Injected into process with pid 4008 and name u'Unicorn-36251.exe'
2025-06-24 21:38:45,312 [analyzer] DEBUG: Loaded monitor into process with pid 4008
2025-06-24 21:38:48,375 [analyzer] INFO: Added new file to list with pid 4008 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-61627.exe
2025-06-24 21:38:48,467 [analyzer] INFO: Injected into process with pid 1972 and name u'Unicorn-61627.exe'
2025-06-24 21:38:48,640 [analyzer] DEBUG: Loaded monitor into process with pid 1972
2025-06-24 21:38:51,717 [analyzer] INFO: Added new file to list with pid 1972 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-48555.exe
2025-06-24 21:38:51,858 [analyzer] INFO: Injected into process with pid 2352 and name u'Unicorn-48555.exe'
2025-06-24 21:38:52,030 [analyzer] DEBUG: Loaded monitor into process with pid 2352
2025-06-24 21:38:55,125 [analyzer] INFO: Added new file to list with pid 2352 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-59707.exe
2025-06-24 21:38:55,342 [analyzer] INFO: Injected into process with pid 816 and name u'Unicorn-59707.exe'
2025-06-24 21:38:55,500 [analyzer] DEBUG: Loaded monitor into process with pid 816
2025-06-24 21:38:58,578 [analyzer] INFO: Added new file to list with pid 816 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-10418.exe
2025-06-24 21:38:58,703 [analyzer] INFO: Injected into process with pid 3252 and name u'Unicorn-10418.exe'
2025-06-24 21:38:58,858 [analyzer] DEBUG: Loaded monitor into process with pid 3252
2025-06-24 21:39:01,937 [analyzer] INFO: Added new file to list with pid 3252 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-11098.exe
2025-06-24 21:39:02,015 [analyzer] INFO: Injected into process with pid 3348 and name u'Unicorn-11098.exe'
2025-06-24 21:39:02,171 [analyzer] DEBUG: Loaded monitor into process with pid 3348
2025-06-24 21:39:05,265 [analyzer] INFO: Added new file to list with pid 3348 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-30611.exe
2025-06-24 21:39:05,375 [analyzer] INFO: Injected into process with pid 3896 and name u'Unicorn-30611.exe'
2025-06-24 21:39:05,530 [analyzer] DEBUG: Loaded monitor into process with pid 3896
2025-06-24 21:39:08,608 [analyzer] INFO: Added new file to list with pid 3896 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-5250.exe
2025-06-24 21:39:08,687 [analyzer] INFO: Injected into process with pid 2428 and name u'Unicorn-5250.exe'
2025-06-24 21:39:08,842 [analyzer] DEBUG: Loaded monitor into process with pid 2428
2025-06-24 21:39:11,921 [analyzer] INFO: Added new file to list with pid 2428 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-42915.exe
2025-06-24 21:39:12,000 [analyzer] INFO: Injected into process with pid 3448 and name u'Unicorn-42915.exe'
2025-06-24 21:39:12,155 [analyzer] DEBUG: Loaded monitor into process with pid 3448
2025-06-24 21:39:15,233 [analyzer] INFO: Added new file to list with pid 3448 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-37059.exe
2025-06-24 21:39:15,328 [analyzer] INFO: Injected into process with pid 2356 and name u'Unicorn-37059.exe'
2025-06-24 21:39:15,500 [analyzer] DEBUG: Loaded monitor into process with pid 2356
2025-06-24 21:39:18,592 [analyzer] INFO: Added new file to list with pid 2356 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-36971.exe
2025-06-24 21:39:18,687 [analyzer] INFO: Injected into process with pid 3588 and name u'Unicorn-36971.exe'
2025-06-24 21:39:18,828 [analyzer] DEBUG: Loaded monitor into process with pid 3588
2025-06-24 21:39:21,905 [analyzer] INFO: Added new file to list with pid 3588 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-62347.exe
2025-06-24 21:39:21,983 [analyzer] INFO: Injected into process with pid 2280 and name u'Unicorn-62347.exe'
2025-06-24 21:39:22,140 [analyzer] DEBUG: Loaded monitor into process with pid 2280
2025-06-24 21:39:25,233 [analyzer] INFO: Added new file to list with pid 2280 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-15554.exe
2025-06-24 21:39:25,342 [analyzer] INFO: Injected into process with pid 3376 and name u'Unicorn-15554.exe'
2025-06-24 21:39:25,500 [analyzer] DEBUG: Loaded monitor into process with pid 3376
2025-06-24 21:39:28,592 [analyzer] INFO: Added new file to list with pid 3376 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-15466.exe
2025-06-24 21:39:28,671 [analyzer] INFO: Injected into process with pid 4104 and name u'Unicorn-15466.exe'
2025-06-24 21:39:28,842 [analyzer] DEBUG: Loaded monitor into process with pid 4104
2025-06-24 21:39:31,953 [analyzer] INFO: Added new file to list with pid 4104 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-61299.exe
2025-06-24 21:39:32,015 [analyzer] INFO: Injected into process with pid 4200 and name u'Unicorn-61299.exe'
2025-06-24 21:39:32,187 [analyzer] DEBUG: Loaded monitor into process with pid 4200
2025-06-24 21:39:35,280 [analyzer] INFO: Added new file to list with pid 4200 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-47947.exe
2025-06-24 21:39:35,467 [analyzer] INFO: Injected into process with pid 4280 and name u'Unicorn-47947.exe'
2025-06-24 21:39:35,655 [analyzer] DEBUG: Loaded monitor into process with pid 4280
2025-06-24 21:39:38,765 [analyzer] INFO: Added new file to list with pid 4280 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-14994.exe
2025-06-24 21:39:38,875 [analyzer] INFO: Injected into process with pid 4356 and name u'Unicorn-14994.exe'
2025-06-24 21:39:39,046 [analyzer] DEBUG: Loaded monitor into process with pid 4356
2025-06-24 21:39:42,171 [analyzer] INFO: Added new file to list with pid 4356 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-25379.exe
2025-06-24 21:39:42,280 [analyzer] INFO: Injected into process with pid 4440 and name u'Unicorn-25379.exe'
2025-06-24 21:39:42,453 [analyzer] DEBUG: Loaded monitor into process with pid 4440
2025-06-24 21:39:45,578 [analyzer] INFO: Added new file to list with pid 4440 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-690.exe
2025-06-24 21:39:45,655 [analyzer] INFO: Injected into process with pid 4528 and name u'Unicorn-690.exe'
2025-06-24 21:39:45,828 [analyzer] DEBUG: Loaded monitor into process with pid 4528
2025-06-24 21:39:48,921 [analyzer] INFO: Added new file to list with pid 4528 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-42403.exe
2025-06-24 21:39:48,983 [analyzer] INFO: Injected into process with pid 4604 and name u'Unicorn-42403.exe'
2025-06-24 21:39:49,125 [analyzer] DEBUG: Loaded monitor into process with pid 4604
2025-06-24 21:39:52,217 [analyzer] INFO: Added new file to list with pid 4604 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-11946.exe
2025-06-24 21:39:52,296 [analyzer] INFO: Injected into process with pid 4680 and name u'Unicorn-11946.exe'
2025-06-24 21:39:52,483 [analyzer] DEBUG: Loaded monitor into process with pid 4680
2025-06-24 21:39:55,592 [analyzer] INFO: Added new file to list with pid 4680 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-15979.exe
2025-06-24 21:39:55,671 [analyzer] INFO: Injected into process with pid 4756 and name u'Unicorn-15979.exe'
2025-06-24 21:39:55,828 [analyzer] DEBUG: Loaded monitor into process with pid 4756
2025-06-24 21:39:58,953 [analyzer] INFO: Added new file to list with pid 4756 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-49523.exe
2025-06-24 21:39:59,015 [analyzer] INFO: Injected into process with pid 4840 and name u'Unicorn-49523.exe'
2025-06-24 21:39:59,171 [analyzer] DEBUG: Loaded monitor into process with pid 4840
2025-06-24 21:40:02,296 [analyzer] INFO: Added new file to list with pid 4840 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-28003.exe
2025-06-24 21:40:02,358 [analyzer] INFO: Injected into process with pid 4924 and name u'Unicorn-28003.exe'
2025-06-24 21:40:02,530 [analyzer] DEBUG: Loaded monitor into process with pid 4924
2025-06-24 21:40:05,655 [analyzer] INFO: Added new file to list with pid 4924 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-27147.exe
2025-06-24 21:40:05,717 [analyzer] INFO: Injected into process with pid 5012 and name u'Unicorn-27147.exe'
2025-06-24 21:40:05,875 [analyzer] DEBUG: Loaded monitor into process with pid 5012
2025-06-24 21:40:09,000 [analyzer] INFO: Added new file to list with pid 5012 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-5626.exe
2025-06-24 21:40:09,092 [analyzer] INFO: Injected into process with pid 5092 and name u'Unicorn-5626.exe'
2025-06-24 21:40:09,233 [analyzer] DEBUG: Loaded monitor into process with pid 5092
2025-06-24 21:40:12,390 [analyzer] INFO: Added new file to list with pid 5092 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-55507.exe
2025-06-24 21:40:12,562 [analyzer] INFO: Injected into process with pid 4216 and name u'Unicorn-55507.exe'
2025-06-24 21:40:12,717 [analyzer] DEBUG: Loaded monitor into process with pid 4216
2025-06-24 21:40:15,858 [analyzer] INFO: Added new file to list with pid 4216 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-43011.exe
2025-06-24 21:40:15,953 [analyzer] INFO: Injected into process with pid 4372 and name u'Unicorn-43011.exe'
2025-06-24 21:40:16,108 [analyzer] DEBUG: Loaded monitor into process with pid 4372
2025-06-24 21:40:19,250 [analyzer] INFO: Added new file to list with pid 4372 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-29563.exe
2025-06-24 21:40:19,328 [analyzer] INFO: Injected into process with pid 4560 and name u'Unicorn-29563.exe'
2025-06-24 21:40:19,483 [analyzer] DEBUG: Loaded monitor into process with pid 4560
2025-06-24 21:40:22,640 [analyzer] INFO: Added new file to list with pid 4560 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-12370.exe
2025-06-24 21:40:22,717 [analyzer] INFO: Injected into process with pid 2220 and name u'Unicorn-12370.exe'
2025-06-24 21:40:22,875 [analyzer] DEBUG: Loaded monitor into process with pid 2220
2025-06-24 21:40:26,030 [analyzer] INFO: Added new file to list with pid 2220 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-31691.exe
2025-06-24 21:40:26,108 [analyzer] INFO: Injected into process with pid 2860 and name u'Unicorn-31691.exe'
2025-06-24 21:40:26,265 [analyzer] DEBUG: Loaded monitor into process with pid 2860
2025-06-24 21:40:29,467 [analyzer] INFO: Added new file to list with pid 2860 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-56875.exe
2025-06-24 21:40:29,546 [analyzer] INFO: Injected into process with pid 5112 and name u'Unicorn-56875.exe'
2025-06-24 21:40:29,703 [analyzer] DEBUG: Loaded monitor into process with pid 5112
2025-06-24 21:40:32,858 [analyzer] INFO: Added new file to list with pid 5112 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-40451.exe
2025-06-24 21:40:32,937 [analyzer] INFO: Injected into process with pid 4388 and name u'Unicorn-40451.exe'
2025-06-24 21:40:33,108 [analyzer] DEBUG: Loaded monitor into process with pid 4388
2025-06-24 21:40:36,265 [analyzer] INFO: Added new file to list with pid 4388 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-51603.exe
2025-06-24 21:40:36,328 [analyzer] INFO: Injected into process with pid 2092 and name u'Unicorn-51603.exe'
2025-06-24 21:40:36,483 [analyzer] DEBUG: Loaded monitor into process with pid 2092
2025-06-24 21:40:37,655 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-06-24 21:40:39,546 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 2836.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 2164.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 2704.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 1496.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 2904.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 3064.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 352.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 2132.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 1736.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 2660.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 3132.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 3232.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 3320.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 3420.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 3516.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 3608.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 3696.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 3784.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 3876.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 3964.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 4064.
2025-06-24 21:40:39,546 [lib.api.process] INFO: Successfully terminated process with pid 3172.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 3396.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 3548.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 3780.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 2424.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 4008.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 1972.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 2352.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 816.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 3252.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 3348.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 3896.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 2428.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 3448.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 2356.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 3588.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 2280.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 3376.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 4104.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 4200.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 4280.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 4356.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 4440.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 4528.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 4604.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 4680.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 4756.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 4840.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 4924.
2025-06-24 21:40:39,562 [lib.api.process] INFO: Successfully terminated process with pid 5012.
2025-06-24 21:40:39,578 [lib.api.process] INFO: Successfully terminated process with pid 5092.
2025-06-24 21:40:39,578 [lib.api.process] INFO: Successfully terminated process with pid 4216.
2025-06-24 21:40:39,578 [lib.api.process] INFO: Successfully terminated process with pid 4372.
2025-06-24 21:40:39,578 [lib.api.process] INFO: Successfully terminated process with pid 4560.
2025-06-24 21:40:39,578 [lib.api.process] INFO: Successfully terminated process with pid 2220.
2025-06-24 21:40:39,578 [lib.api.process] INFO: Successfully terminated process with pid 2860.
2025-06-24 21:40:39,578 [lib.api.process] INFO: Successfully terminated process with pid 5112.
2025-06-24 21:40:39,578 [lib.api.process] INFO: Successfully terminated process with pid 4388.
2025-06-24 21:40:39,578 [lib.api.process] INFO: Successfully terminated process with pid 2092.
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-36934.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-25379.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-5250.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-51318.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-12765.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-42915.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-40451.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-36971.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-34006.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-59822.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-47947.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-49182.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-9341.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-55507.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-45206.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-61627.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-42403.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-29563.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-10418.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-43011.exe
2025-06-24 21:40:39,796 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-6581.exe
2025-06-24 21:40:39,812 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-8453.exe
2025-06-24 21:40:39,812 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-61299.exe
2025-06-24 21:40:39,812 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-10389.exe
2025-06-24 21:40:39,812 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-51603.exe
2025-06-24 21:40:39,812 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-64726.exe
2025-06-24 21:40:39,812 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-35934.exe
2025-06-24 21:40:39,812 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-11098.exe
2025-06-24 21:40:39,812 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-63678.exe

Cuckoo Log

2025-07-02 12:19:59,875 [cuckoo.core.scheduler] DEBUG: Task #6631180: no machine available yet
2025-07-02 12:20:00,894 [cuckoo.core.scheduler] DEBUG: Task #6631180: no machine available yet
2025-07-02 12:20:01,916 [cuckoo.core.scheduler] DEBUG: Task #6631180: no machine available yet
2025-07-02 12:20:03,276 [cuckoo.core.scheduler] DEBUG: Task #6631180: no machine available yet
2025-07-02 12:20:04,302 [cuckoo.core.scheduler] DEBUG: Task #6631180: no machine available yet
2025-07-02 12:20:05,332 [cuckoo.core.scheduler] DEBUG: Task #6631180: no machine available yet
2025-07-02 12:20:06,350 [cuckoo.core.scheduler] DEBUG: Task #6631180: no machine available yet
2025-07-02 12:20:07,367 [cuckoo.core.scheduler] DEBUG: Task #6631180: no machine available yet
2025-07-02 12:20:08,386 [cuckoo.core.scheduler] DEBUG: Task #6631180: no machine available yet
2025-07-02 12:20:09,410 [cuckoo.core.scheduler] DEBUG: Task #6631180: no machine available yet
2025-07-02 12:20:10,432 [cuckoo.core.scheduler] DEBUG: Task #6631180: no machine available yet
2025-07-02 12:20:11,463 [cuckoo.core.scheduler] INFO: Task #6631180: acquired machine win7x6412 (label=win7x6412)
2025-07-02 12:20:11,464 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.212 for task #6631180
2025-07-02 12:20:11,887 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2759745 (interface=vboxnet0, host=192.168.168.212)
2025-07-02 12:20:12,248 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6412
2025-07-02 12:20:12,899 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6412 to vmcloak
2025-07-02 12:22:10,866 [cuckoo.core.guest] INFO: Starting analysis #6631180 on guest (id=win7x6412, ip=192.168.168.212)
2025-07-02 12:22:11,872 [cuckoo.core.guest] DEBUG: win7x6412: not ready yet
2025-07-02 12:22:16,910 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6412, ip=192.168.168.212)
2025-07-02 12:22:17,012 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6412, ip=192.168.168.212, monitor=latest, size=6660546)
2025-07-02 12:22:18,319 [cuckoo.core.resultserver] DEBUG: Task #6631180: live log analysis.log initialized.
2025-07-02 12:22:19,626 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:22:20,098 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:22:21,121 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0001.jpg'
2025-07-02 12:22:21,138 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 133469
2025-07-02 12:22:23,326 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:22:25,312 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0002.jpg'
2025-07-02 12:22:25,334 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 137210
2025-07-02 12:22:26,609 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:22:32,487 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0003.jpg'
2025-07-02 12:22:32,499 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:22:32,581 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 127219
2025-07-02 12:22:33,342 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:22:33,990 [cuckoo.core.guest] DEBUG: win7x6412: analysis #6631180 still processing
2025-07-02 12:22:34,012 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0004.jpg'
2025-07-02 12:22:34,036 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 128086
2025-07-02 12:22:35,159 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0005.jpg'
2025-07-02 12:22:35,171 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 128198
2025-07-02 12:22:36,655 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:22:38,298 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0006.jpg'
2025-07-02 12:22:38,305 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 128941
2025-07-02 12:22:39,968 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:22:41,434 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0007.jpg'
2025-07-02 12:22:41,444 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 129355
2025-07-02 12:22:43,281 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:22:44,757 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0008.jpg'
2025-07-02 12:22:44,774 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 130114
2025-07-02 12:22:46,616 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:22:47,911 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0009.jpg'
2025-07-02 12:22:47,925 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 130868
2025-07-02 12:22:49,235 [cuckoo.core.guest] DEBUG: win7x6412: analysis #6631180 still processing
2025-07-02 12:22:49,984 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:22:51,052 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0010.jpg'
2025-07-02 12:22:51,068 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 131527
2025-07-02 12:22:52,155 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0011.jpg'
2025-07-02 12:22:52,167 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 132398
2025-07-02 12:22:53,390 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:22:54,272 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0012.jpg'
2025-07-02 12:22:54,285 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 132043
2025-07-02 12:22:56,380 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0013.jpg'
2025-07-02 12:22:56,390 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 133403
2025-07-02 12:22:56,671 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:22:57,476 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0014.jpg'
2025-07-02 12:22:57,485 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 132692
2025-07-02 12:22:59,984 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:23:02,677 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0015.jpg'
2025-07-02 12:23:02,691 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 133936
2025-07-02 12:23:03,265 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:23:05,076 [cuckoo.core.guest] DEBUG: win7x6412: analysis #6631180 still processing
2025-07-02 12:23:05,855 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0016.jpg'
2025-07-02 12:23:05,862 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 89723
2025-07-02 12:23:06,577 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:23:06,950 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0017.jpg'
2025-07-02 12:23:06,962 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 133975
2025-07-02 12:23:09,905 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:23:13,249 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:23:16,583 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:23:20,000 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:23:20,441 [cuckoo.core.guest] DEBUG: win7x6412: analysis #6631180 still processing
2025-07-02 12:23:23,527 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:23:26,577 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:23:30,093 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:23:33,202 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:23:35,956 [cuckoo.core.guest] DEBUG: win7x6412: analysis #6631180 still processing
2025-07-02 12:23:37,429 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:23:40,033 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:23:43,248 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:23:46,856 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:23:49,905 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:23:51,126 [cuckoo.core.guest] DEBUG: win7x6412: analysis #6631180 still processing
2025-07-02 12:23:53,298 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:23:56,795 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:24:00,170 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:24:03,483 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:24:06,386 [cuckoo.core.guest] DEBUG: win7x6412: analysis #6631180 still processing
2025-07-02 12:24:06,843 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:24:10,156 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:24:13,468 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:24:16,813 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:24:20,155 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:24:21,531 [cuckoo.core.guest] DEBUG: win7x6412: analysis #6631180 still processing
2025-07-02 12:24:24,288 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:24:26,828 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:24:30,156 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:24:33,499 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:24:36,642 [cuckoo.core.guest] DEBUG: win7x6412: analysis #6631180 still processing
2025-07-02 12:24:36,968 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:24:40,361 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:24:43,781 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:24:47,139 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:24:50,473 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:24:51,820 [cuckoo.core.guest] DEBUG: win7x6412: analysis #6631180 still processing
2025-07-02 12:24:53,827 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:24:57,580 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:25:00,483 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:25:03,843 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:25:04,299 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0018.jpg'
2025-07-02 12:25:04,305 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 89799
2025-07-02 12:25:05,568 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0019.jpg'
2025-07-02 12:25:05,579 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 133259
2025-07-02 12:25:07,001 [cuckoo.core.guest] DEBUG: win7x6412: analysis #6631180 still processing
2025-07-02 12:25:07,186 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:25:10,562 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:25:14,046 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:25:15,950 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0020.jpg'
2025-07-02 12:25:15,960 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 124947
2025-07-02 12:25:17,423 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:25:18,056 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0021.jpg'
2025-07-02 12:25:18,075 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 124284
2025-07-02 12:25:19,156 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0022.jpg'
2025-07-02 12:25:19,164 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 125412
2025-07-02 12:25:20,796 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:25:21,362 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0023.jpg'
2025-07-02 12:25:21,372 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 125449
2025-07-02 12:25:22,132 [cuckoo.core.guest] DEBUG: win7x6412: analysis #6631180 still processing
2025-07-02 12:25:23,483 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0024.jpg'
2025-07-02 12:25:23,491 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 126234
2025-07-02 12:25:24,188 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:25:24,765 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0025.jpg'
2025-07-02 12:25:24,791 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 81629
2025-07-02 12:25:25,886 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0026.jpg'
2025-07-02 12:25:25,898 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 125590
2025-07-02 12:25:26,990 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0027.jpg'
2025-07-02 12:25:27,000 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 126875
2025-07-02 12:25:27,577 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:25:28,248 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0028.jpg'
2025-07-02 12:25:28,265 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 126717
2025-07-02 12:25:30,375 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0029.jpg'
2025-07-02 12:25:30,390 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 127452
2025-07-02 12:25:31,019 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:25:31,604 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0030.jpg'
2025-07-02 12:25:31,614 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 127247
2025-07-02 12:25:33,734 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0031.jpg'
2025-07-02 12:25:33,747 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 128120
2025-07-02 12:25:34,420 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:25:35,031 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0032.jpg'
2025-07-02 12:25:35,042 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 127960
2025-07-02 12:25:37,149 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0033.jpg'
2025-07-02 12:25:37,161 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 128749
2025-07-02 12:25:37,286 [cuckoo.core.guest] DEBUG: win7x6412: analysis #6631180 still processing
2025-07-02 12:25:37,811 [cuckoo.core.resultserver] DEBUG: Task #6631180 is sending a BSON stream
2025-07-02 12:25:38,426 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0034.jpg'
2025-07-02 12:25:38,455 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 129012
2025-07-02 12:25:39,729 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'shots/0035.jpg'
2025-07-02 12:25:39,735 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'curtain/1750794038.2.curtain.log'
2025-07-02 12:25:39,738 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 36
2025-07-02 12:25:39,787 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 127897
2025-07-02 12:25:40,681 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'sysmon/1750794039.08.sysmon.xml'
2025-07-02 12:25:41,105 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 11179520
2025-07-02 12:25:41,141 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/e5e31e15300adb84_unicorn-15554.exe'
2025-07-02 12:25:41,144 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/061ce50cf2d5af24_unicorn-36062.exe'
2025-07-02 12:25:41,146 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/ab86753d44a87410_unicorn-5626.exe'
2025-07-02 12:25:41,148 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/3c00ba7a794eeedc_unicorn-31691.exe'
2025-07-02 12:25:41,150 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/9ace51dfa65ab77a_unicorn-21646.exe'
2025-07-02 12:25:41,152 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/cf475f21c55fea26_unicorn-37059.exe'
2025-07-02 12:25:41,157 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/52b596ca37a510fb_unicorn-11946.exe'
2025-07-02 12:25:41,161 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/a08f38e90bcccff0_unicorn-59758.exe'
2025-07-02 12:25:41,164 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/203617de27307d63_unicorn-690.exe'
2025-07-02 12:25:41,186 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/fdf645eb11f535fb_unicorn-12370.exe'
2025-07-02 12:25:41,189 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/3d882fb83a431451_unicorn-7293.exe'
2025-07-02 12:25:41,191 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/f2af75e3b921a239_unicorn-28003.exe'
2025-07-02 12:25:41,194 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/dc5ed6f41a1fa383_unicorn-59707.exe'
2025-07-02 12:25:41,211 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/1a94264ac0c9ff46_unicorn-16798.exe'
2025-07-02 12:25:41,213 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/222afc0649719fb4_unicorn-30611.exe'
2025-07-02 12:25:41,223 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479254
2025-07-02 12:25:41,236 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479269
2025-07-02 12:25:41,333 [cuckoo.core.resultserver] DEBUG: Task #6631180 had connection reset for <Context for LOG>
2025-07-02 12:25:41,336 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/5c65ff05c860ecd2_unicorn-62347.exe'
2025-07-02 12:25:41,338 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/0cd851c5611491f7_unicorn-49523.exe'
2025-07-02 12:25:41,340 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/7760a411f15842b1_unicorn-56875.exe'
2025-07-02 12:25:41,342 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/f86057b5e3d12a97_unicorn-38302.exe'
2025-07-02 12:25:41,344 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/604113ddc4253faa_unicorn-15466.exe'
2025-07-02 12:25:41,347 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/d44347f21be2d863_unicorn-13637.exe'
2025-07-02 12:25:41,369 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/445b735c4dfbdad3_unicorn-36251.exe'
2025-07-02 12:25:41,371 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/9b76590cdb6edca2_unicorn-48555.exe'
2025-07-02 12:25:41,374 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/c13467ba84fcd5b5_unicorn-61806.exe'
2025-07-02 12:25:41,377 [cuckoo.core.resultserver] DEBUG: Task #6631180: File upload for 'files/1403b377bf0eda27_unicorn-17678.exe'
2025-07-02 12:25:41,577 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479238
2025-07-02 12:25:41,582 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479289
2025-07-02 12:25:41,587 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479278
2025-07-02 12:25:41,590 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479236
2025-07-02 12:25:41,593 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479280
2025-07-02 12:25:41,596 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479243
2025-07-02 12:25:41,599 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479290
2025-07-02 12:25:41,601 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479285
2025-07-02 12:25:41,604 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479245
2025-07-02 12:25:41,607 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479272
2025-07-02 12:25:41,617 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479242
2025-07-02 12:25:41,619 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479251
2025-07-02 12:25:41,622 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479282
2025-07-02 12:25:41,625 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479257
2025-07-02 12:25:41,627 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479271
2025-07-02 12:25:41,629 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479273
2025-07-02 12:25:41,632 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479239
2025-07-02 12:25:41,634 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479262
2025-07-02 12:25:41,636 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479291
2025-07-02 12:25:41,639 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479260
2025-07-02 12:25:41,642 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479266
2025-07-02 12:25:41,644 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479263
2025-07-02 12:25:41,646 [cuckoo.core.resultserver] DEBUG: Task #6631180 uploaded file length: 479283
2025-07-02 12:25:43,521 [cuckoo.core.guest] INFO: win7x6412: analysis completed successfully
2025-07-02 12:25:43,536 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-07-02 12:25:43,559 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-07-02 12:25:44,504 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6412 to path /srv/cuckoo/cwd/storage/analyses/6631180/memory.dmp
2025-07-02 12:25:44,505 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6412
2025-07-02 12:27:26,391 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.212 for task #6631180
2025-07-02 12:27:27,205 [cuckoo.core.scheduler] DEBUG: Released database task #6631180
2025-07-02 12:27:37,399 [cuckoo.core.scheduler] INFO: Task #6631180: analysis procedure completed

Signatures

Yara rule detected for file (1 event)

description

(no description)

rule

SEH__vba

One or more processes crashed (50 out of 59 events)

Time & API	Arguments	Status
__exception__ June 24, 2025, 10:37 p.m.	stacktrace: 0xe072991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: fcdd2f1d143465a8_unicorn-53585+0x2ab95 exception.instruction: int3 exception.module: fcdd2f1d143465a8_unicorn-53585.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5969368 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5967432	1
__exception__ June 24, 2025, 10:37 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-49182+0x2ab95 exception.instruction: int3 exception.module: Unicorn-49182.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5842008 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5840080	1
__exception__ June 24, 2025, 10:37 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-59758+0x2ab95 exception.instruction: int3 exception.module: Unicorn-59758.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5973080 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5971152	1
__exception__ June 24, 2025, 10:37 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-35934+0x2ab95 exception.instruction: int3 exception.module: Unicorn-35934.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9512024 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9510096	1
__exception__ June 24, 2025, 10:37 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-7293+0x2ab95 exception.instruction: int3 exception.module: Unicorn-7293.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2958424 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2956496	1
__exception__ June 24, 2025, 10:37 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-17678+0x2ab95 exception.instruction: int3 exception.module: Unicorn-17678.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2827352 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2825424	1
__exception__ June 24, 2025, 10:37 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-51318+0x2ab95 exception.instruction: int3 exception.module: Unicorn-51318.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5645400 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5643472	1
__exception__ June 24, 2025, 10:37 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-10389+0x2ab95 exception.instruction: int3 exception.module: Unicorn-10389.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9118808 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9116880	1
__exception__ June 24, 2025, 10:37 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-61806+0x2ab95 exception.instruction: int3 exception.module: Unicorn-61806.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5645400 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5643472	1
__exception__ June 24, 2025, 10:37 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-21646+0x2ab95 exception.instruction: int3 exception.module: Unicorn-21646.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6431832 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6429904	1
__exception__ June 24, 2025, 10:37 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-9341+0x2ab95 exception.instruction: int3 exception.module: Unicorn-9341.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6431832 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6429904	1
__exception__ June 24, 2025, 10:37 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-36062+0x2ab95 exception.instruction: int3 exception.module: Unicorn-36062.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6104152 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6102224	1
__exception__ June 24, 2025, 10:38 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-36934+0x2ab95 exception.instruction: int3 exception.module: Unicorn-36934.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5645400 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5643472	1
__exception__ June 24, 2025, 10:38 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-45206+0x2ab95 exception.instruction: int3 exception.module: Unicorn-45206.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6235224 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6233296	1
__exception__ June 24, 2025, 10:38 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-6581+0x2ab95 exception.instruction: int3 exception.module: Unicorn-6581.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9249880 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9247952	1
__exception__ June 24, 2025, 10:38 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-64726+0x2ab95 exception.instruction: int3 exception.module: Unicorn-64726.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6038616 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6036688	1
__exception__ June 24, 2025, 10:38 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-59822+0x2ab95 exception.instruction: int3 exception.module: Unicorn-59822.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 3351640 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 3349712	1
__exception__ June 24, 2025, 10:38 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-38302+0x2ab95 exception.instruction: int3 exception.module: Unicorn-38302.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6628440 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6626512	1
__exception__ June 24, 2025, 10:38 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-63678+0x2ab95 exception.instruction: int3 exception.module: Unicorn-63678.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2958424 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2956496	1
__exception__ June 24, 2025, 10:38 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-47254+0x2ab95 exception.instruction: int3 exception.module: Unicorn-47254.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6431832 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6429904	1
__exception__ June 24, 2025, 10:38 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-16798+0x2ab95 exception.instruction: int3 exception.module: Unicorn-16798.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 8987736 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 8985808	1
__exception__ June 24, 2025, 10:38 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-34006+0x2ab95 exception.instruction: int3 exception.module: Unicorn-34006.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2827352 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2825424	1
__exception__ June 24, 2025, 10:38 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-12765+0x2ab95 exception.instruction: int3 exception.module: Unicorn-12765.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6497368 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6495440	1
__exception__ June 24, 2025, 10:38 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-13637+0x2ab95 exception.instruction: int3 exception.module: Unicorn-13637.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 3351640 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 3349712	1
__exception__ June 24, 2025, 10:38 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-8453+0x2ab95 exception.instruction: int3 exception.module: Unicorn-8453.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5383256 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5381328	1
__exception__ June 24, 2025, 10:38 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-49603+0x2ab95 exception.instruction: int3 exception.module: Unicorn-49603.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5645400 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5643472	1
__exception__ June 24, 2025, 10:38 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-36251+0x2ab95 exception.instruction: int3 exception.module: Unicorn-36251.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6169688 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6167760	1
__exception__ June 24, 2025, 10:38 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-61627+0x2ab95 exception.instruction: int3 exception.module: Unicorn-61627.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6235224 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6233296	1
__exception__ June 24, 2025, 10:38 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-48555+0x2ab95 exception.instruction: int3 exception.module: Unicorn-48555.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9249880 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9247952	1
__exception__ June 24, 2025, 10:38 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-59707+0x2ab95 exception.instruction: int3 exception.module: Unicorn-59707.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6300760 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6298832	1
__exception__ June 24, 2025, 10:39 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-10418+0x2ab95 exception.instruction: int3 exception.module: Unicorn-10418.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2696280 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2694352	1
__exception__ June 24, 2025, 10:39 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-11098+0x2ab95 exception.instruction: int3 exception.module: Unicorn-11098.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5448792 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5446864	1
__exception__ June 24, 2025, 10:39 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-30611+0x2ab95 exception.instruction: int3 exception.module: Unicorn-30611.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6038616 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6036688	1
__exception__ June 24, 2025, 10:39 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-5250+0x2ab95 exception.instruction: int3 exception.module: Unicorn-5250.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5710936 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5709008	1
__exception__ June 24, 2025, 10:39 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-42915+0x2ab95 exception.instruction: int3 exception.module: Unicorn-42915.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6366296 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6364368	1
__exception__ June 24, 2025, 10:39 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-37059+0x2ab95 exception.instruction: int3 exception.module: Unicorn-37059.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5973080 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5971152	1
__exception__ June 24, 2025, 10:39 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-36971+0x2ab95 exception.instruction: int3 exception.module: Unicorn-36971.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 8987736 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 8985808	1
__exception__ June 24, 2025, 10:39 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-62347+0x2ab95 exception.instruction: int3 exception.module: Unicorn-62347.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6169688 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6167760	1
__exception__ June 24, 2025, 10:39 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-15554+0x2ab95 exception.instruction: int3 exception.module: Unicorn-15554.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6431832 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6429904	1
__exception__ June 24, 2025, 10:39 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-15466+0x2ab95 exception.instruction: int3 exception.module: Unicorn-15466.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6300760 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6298832	1
__exception__ June 24, 2025, 10:39 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-61299+0x2ab95 exception.instruction: int3 exception.module: Unicorn-61299.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 9118808 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9116880	1
__exception__ June 24, 2025, 10:39 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-47947+0x2ab95 exception.instruction: int3 exception.module: Unicorn-47947.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6104152 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6102224	1
__exception__ June 24, 2025, 10:39 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-14994+0x2ab95 exception.instruction: int3 exception.module: Unicorn-14994.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5448792 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5446864	1
__exception__ June 24, 2025, 10:39 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-25379+0x2ab95 exception.instruction: int3 exception.module: Unicorn-25379.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 6562904 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6560976	1
__exception__ June 24, 2025, 10:39 p.m.	stacktrace: 0xa872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-690+0x2ab95 exception.instruction: int3 exception.module: Unicorn-690.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 3089480 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 3087552	1
__exception__ June 24, 2025, 10:39 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-42403+0x2ab95 exception.instruction: int3 exception.module: Unicorn-42403.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5317720 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5315792	1
__exception__ June 24, 2025, 10:39 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-11946+0x2ab95 exception.instruction: int3 exception.module: Unicorn-11946.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 5383256 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 5381328	1
__exception__ June 24, 2025, 10:39 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-15979+0x2ab95 exception.instruction: int3 exception.module: Unicorn-15979.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2827352 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2825424	1
__exception__ June 24, 2025, 10:40 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-49523+0x2ab95 exception.instruction: int3 exception.module: Unicorn-49523.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 2827352 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2825424	1
__exception__ June 24, 2025, 10:40 p.m.	stacktrace: 0xb872991d exception.instruction_r: cc 50 6a 02 ff 15 d0 10 40 00 83 c4 0c 8d 4d c0 exception.symbol: unicorn-28003+0x2ab95 exception.instruction: int3 exception.module: Unicorn-28003.exe exception.exception_code: 0x80000003 exception.offset: 174997 exception.address: 0x42ab95 registers.esp: 1636932 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637169 registers.edx: 3351640 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 3349712	1

Foreign language identified in PE resource (1 event)

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000747c4

size

0x00000234

Creates executable files on the filesystem (50 out of 59 events)

file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-36971.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-34006.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-59822.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-47947.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-49182.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-9341.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-55507.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-45206.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-61627.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-29563.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-12370.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-10418.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-56875.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-6581.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-8453.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-61299.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-16798.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-64726.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-35934.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-27147.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-63678.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-47254.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-49603.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-61806.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-10389.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-49523.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-59758.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-690.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-15979.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-15554.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-36062.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-5626.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-31691.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-21646.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-37059.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-11946.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-25379.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-43011.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-5250.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-7293.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-28003.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-59707.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-51603.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-30611.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-12765.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-15466.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-13637.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-36251.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-48555.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-62347.exe

Drops an executable to the user AppData folder (2 events)

file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-15554.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-36062.exe

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 24, 2025, 10:37 p.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x003a0000 process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0002b000', u'virtual_address': u'0x00001000', u'entropy': 7.571602879486759, u'name': u'.text', u'virtual_size': u'0x0002a5c4'}

entropy

7.57160287949

description

A section with a high entropy has been found

entropy

0.370689655172

description

Overall entropy of this PE file is high

File has been identified by 14 AntiVirus engine on IRMA as malicious (14 events)

G Data Antivirus (Windows)	Virus: Generic.Dacic.94CCEEA9.A.001E7BD4 (Engine A)
Avast Core Security (Linux)	Win32:MalwareX-gen [Wrm]
C4S ClamAV (Linux)	Win.Packed.Generic-9967832-0
Trend Micro SProtect (Linux)	Trojan.Win32.FAREIT.SME
Trellix (Linux)	GenericRXTC-TT
WithSecure (Linux)	Trojan.TR/Crypt.XPACK.Gen
eScan Antivirus (Linux)	Generic.Dacic.94CCEEA9.A.001E7BD4(DB)
ESET Security (Windows)	a variant of Win32/VBClone.E trojan
Sophos Anti-Virus (Linux)	Troj/VB-KCP
DrWeb Antivirus (Linux)	Trojan.Siggen29.56020
ClamAV (Linux)	Win.Packed.Generic-9967832-0
Bitdefender Antivirus (Linux)	Generic.Dacic.94CCEEA9.A.001E7BD4
Kaspersky Standard (Windows)	Trojan.Win32.VB.dosq
Emsisoft Commandline Scanner (Windows)	Generic.Dacic.94CCEEA9.A.001E7BD4 (B)