Cuckoo Sandbox

File b52fc5fe077f51fc6339aacd08012819517a571da7c4cafb3155f5129c3d9462

Summary
Download Resubmit sample

Size	468.0KB
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`19a78d414511e85c0b18ce8a642dfeb6`
SHA1	`1a559b81e0c748dc2557551e0b360cfb91aeb272`
SHA256	`b52fc5fe077f51fc6339aacd08012819517a571da7c4cafb3155f5129c3d9462`
SHA512	`0f0f1b5c41987d7916b4f44e2f3526a086755fa0f29985c3dcc706ef80ef3a7bbb5263b222baeecdf55d36d760220fa64cb02678969f47596aefeda34e06ccc5`
CRC32	`22E20225`
ssdeep	`None`
Yara	SEH__vba - (no description)

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

6117154

6117155

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	March 14, 2025, 5:14 p.m.	March 14, 2025, 5:20 p.m.	383 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-03-13 08:15:38,030 [analyzer] DEBUG: Starting analyzer from: C:\tmpdyrg_l
2025-03-13 08:15:38,046 [analyzer] DEBUG: Pipe server name: \??\PIPE\UjCLXroKzmWDMZyEjgYCo
2025-03-13 08:15:38,046 [analyzer] DEBUG: Log pipe server name: \??\PIPE\MOnHDqXNGaVlYhEIiEEjbcpzirBxnz
2025-03-13 08:15:38,530 [analyzer] DEBUG: Started auxiliary module Curtain
2025-03-13 08:15:38,530 [analyzer] DEBUG: Started auxiliary module DbgView
2025-03-13 08:15:39,312 [analyzer] DEBUG: Started auxiliary module Disguise
2025-03-13 08:15:39,546 [analyzer] DEBUG: Loaded monitor into process with pid 500
2025-03-13 08:15:39,546 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-03-13 08:15:39,546 [analyzer] DEBUG: Started auxiliary module Human
2025-03-13 08:15:39,546 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-03-13 08:15:39,546 [analyzer] DEBUG: Started auxiliary module Reboot
2025-03-13 08:15:39,655 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-03-13 08:15:39,655 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-03-13 08:15:39,655 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-03-13 08:15:39,655 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-03-13 08:15:39,858 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\b52fc5fe077f51fc6339aacd08012819517a571da7c4cafb3155f5129c3d9462.exe' with arguments '' and pid 2856
2025-03-13 08:15:40,062 [analyzer] DEBUG: Loaded monitor into process with pid 2856
2025-03-13 08:15:43,140 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-29485.exe
2025-03-13 08:15:43,217 [analyzer] INFO: Injected into process with pid 2424 and name u'Unicorn-29485.exe'
2025-03-13 08:15:43,390 [analyzer] DEBUG: Loaded monitor into process with pid 2424
2025-03-13 08:15:46,483 [analyzer] INFO: Added new file to list with pid 2424 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-11044.exe
2025-03-13 08:15:46,515 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-64884.exe
2025-03-13 08:15:46,578 [analyzer] INFO: Injected into process with pid 1560 and name u'Unicorn-11044.exe'
2025-03-13 08:15:46,592 [analyzer] INFO: Injected into process with pid 1908 and name u'Unicorn-64884.exe'
2025-03-13 08:15:46,750 [analyzer] DEBUG: Loaded monitor into process with pid 1560
2025-03-13 08:15:46,765 [analyzer] DEBUG: Loaded monitor into process with pid 1908
2025-03-13 08:15:49,921 [analyzer] INFO: Added new file to list with pid 1908 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-62165.exe
2025-03-13 08:15:49,953 [analyzer] INFO: Added new file to list with pid 1560 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-4796.exe
2025-03-13 08:15:50,000 [analyzer] INFO: Injected into process with pid 1840 and name u'Unicorn-62165.exe'
2025-03-13 08:15:50,015 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-16538.exe
2025-03-13 08:15:50,030 [analyzer] INFO: Injected into process with pid 2476 and name u'Unicorn-4796.exe'
2025-03-13 08:15:50,062 [analyzer] INFO: Added new file to list with pid 2424 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-15055.exe
2025-03-13 08:15:50,092 [analyzer] INFO: Injected into process with pid 1172 and name u'Unicorn-16538.exe'
2025-03-13 08:15:50,187 [analyzer] DEBUG: Loaded monitor into process with pid 1840
2025-03-13 08:15:50,187 [analyzer] INFO: Injected into process with pid 344 and name u'Unicorn-15055.exe'
2025-03-13 08:15:50,280 [analyzer] DEBUG: Loaded monitor into process with pid 2476
2025-03-13 08:15:50,358 [analyzer] DEBUG: Loaded monitor into process with pid 1172
2025-03-13 08:15:50,578 [analyzer] DEBUG: Loaded monitor into process with pid 344
2025-03-13 08:15:53,233 [analyzer] INFO: Added new file to list with pid 1840 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-4324.exe
2025-03-13 08:15:53,328 [analyzer] INFO: Injected into process with pid 788 and name u'Unicorn-4324.exe'
2025-03-13 08:15:53,390 [analyzer] INFO: Added new file to list with pid 1908 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-25299.exe
2025-03-13 08:15:53,390 [analyzer] INFO: Added new file to list with pid 2476 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-45165.exe
2025-03-13 08:15:53,467 [analyzer] INFO: Added new file to list with pid 1560 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-45720.exe
2025-03-13 08:15:53,500 [analyzer] INFO: Injected into process with pid 3024 and name u'Unicorn-45165.exe'
2025-03-13 08:15:53,500 [analyzer] INFO: Injected into process with pid 2076 and name u'Unicorn-25299.exe'
2025-03-13 08:15:53,515 [analyzer] DEBUG: Loaded monitor into process with pid 788
2025-03-13 08:15:53,546 [analyzer] INFO: Injected into process with pid 196 and name u'Unicorn-45720.exe'
2025-03-13 08:15:53,608 [analyzer] INFO: Added new file to list with pid 1172 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-32721.exe
2025-03-13 08:15:53,687 [analyzer] INFO: Added new file to list with pid 344 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-57225.exe
2025-03-13 08:15:53,733 [analyzer] INFO: Injected into process with pid 784 and name u'Unicorn-32721.exe'
2025-03-13 08:15:53,765 [analyzer] INFO: Injected into process with pid 304 and name u'Unicorn-57225.exe'
2025-03-13 08:15:53,828 [analyzer] DEBUG: Loaded monitor into process with pid 3024
2025-03-13 08:15:53,858 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-36348.exe
2025-03-13 08:15:53,858 [analyzer] INFO: Added new file to list with pid 2424 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-30482.exe
2025-03-13 08:15:53,905 [analyzer] DEBUG: Loaded monitor into process with pid 196
2025-03-13 08:15:53,921 [analyzer] DEBUG: Loaded monitor into process with pid 2076
2025-03-13 08:15:54,015 [analyzer] INFO: Injected into process with pid 936 and name u'Unicorn-30482.exe'
2025-03-13 08:15:54,015 [analyzer] INFO: Injected into process with pid 884 and name u'Unicorn-36348.exe'
2025-03-13 08:15:54,187 [analyzer] DEBUG: Loaded monitor into process with pid 784
2025-03-13 08:15:54,187 [analyzer] DEBUG: Loaded monitor into process with pid 304
2025-03-13 08:15:54,500 [analyzer] DEBUG: Loaded monitor into process with pid 936
2025-03-13 08:15:54,515 [analyzer] DEBUG: Loaded monitor into process with pid 884
2025-03-13 08:15:56,592 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-35025.exe
2025-03-13 08:15:56,687 [analyzer] INFO: Injected into process with pid 3164 and name u'Unicorn-35025.exe'
2025-03-13 08:15:56,733 [analyzer] INFO: Added new file to list with pid 1840 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-51916.exe
2025-03-13 08:15:56,812 [analyzer] INFO: Injected into process with pid 3204 and name u'Unicorn-51916.exe'
2025-03-13 08:15:56,842 [analyzer] DEBUG: Loaded monitor into process with pid 3164
2025-03-13 08:15:56,905 [analyzer] INFO: Added new file to list with pid 3024 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-51169.exe
2025-03-13 08:15:57,030 [analyzer] INFO: Added new file to list with pid 2476 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-65512.exe
2025-03-13 08:15:57,030 [analyzer] DEBUG: Loaded monitor into process with pid 3204
2025-03-13 08:15:57,078 [analyzer] INFO: Injected into process with pid 3248 and name u'Unicorn-51169.exe'
2025-03-13 08:15:57,108 [analyzer] INFO: Injected into process with pid 3284 and name u'Unicorn-65512.exe'
2025-03-13 08:15:57,217 [analyzer] INFO: Added new file to list with pid 196 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-3312.exe
2025-03-13 08:15:57,375 [analyzer] INFO: Added new file to list with pid 784 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-40069.exe
2025-03-13 08:15:57,390 [analyzer] DEBUG: Loaded monitor into process with pid 3248
2025-03-13 08:15:57,390 [analyzer] INFO: Injected into process with pid 3328 and name u'Unicorn-3312.exe'
2025-03-13 08:15:57,405 [analyzer] DEBUG: Loaded monitor into process with pid 3284
2025-03-13 08:15:57,530 [analyzer] INFO: Added new file to list with pid 2076 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-11288.exe
2025-03-13 08:15:57,530 [analyzer] INFO: Injected into process with pid 3380 and name u'Unicorn-40069.exe'
2025-03-13 08:15:57,655 [analyzer] INFO: Added new file to list with pid 1560 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-41915.exe
2025-03-13 08:15:57,655 [analyzer] INFO: Injected into process with pid 3416 and name u'Unicorn-11288.exe'
2025-03-13 08:15:57,671 [analyzer] INFO: Added new file to list with pid 304 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-48045.exe
2025-03-13 08:15:57,828 [analyzer] INFO: Injected into process with pid 3452 and name u'Unicorn-41915.exe'
2025-03-13 08:15:57,842 [analyzer] INFO: Injected into process with pid 3460 and name u'Unicorn-48045.exe'
2025-03-13 08:15:57,921 [analyzer] DEBUG: Loaded monitor into process with pid 3380
2025-03-13 08:15:57,983 [analyzer] INFO: Added new file to list with pid 1172 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-52492.exe
2025-03-13 08:15:58,030 [analyzer] INFO: Added new file to list with pid 1908 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-6310.exe
2025-03-13 08:15:58,092 [analyzer] DEBUG: Loaded monitor into process with pid 3328
2025-03-13 08:15:58,140 [analyzer] DEBUG: Loaded monitor into process with pid 3416
2025-03-13 08:15:58,171 [analyzer] INFO: Added new file to list with pid 936 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-53281.exe
2025-03-13 08:15:58,171 [analyzer] INFO: Added new file to list with pid 344 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-33415.exe
2025-03-13 08:15:58,280 [analyzer] INFO: Injected into process with pid 3540 and name u'Unicorn-52492.exe'
2025-03-13 08:15:58,280 [analyzer] INFO: Injected into process with pid 3568 and name u'Unicorn-6310.exe'
2025-03-13 08:15:58,312 [analyzer] INFO: Added new file to list with pid 2424 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-28320.exe
2025-03-13 08:15:58,312 [analyzer] INFO: Injected into process with pid 3604 and name u'Unicorn-53281.exe'
2025-03-13 08:15:58,342 [analyzer] INFO: Injected into process with pid 3624 and name u'Unicorn-33415.exe'
2025-03-13 08:15:58,437 [analyzer] INFO: Added new file to list with pid 884 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-32669.exe
2025-03-13 08:15:58,483 [analyzer] DEBUG: Loaded monitor into process with pid 3460
2025-03-13 08:15:58,500 [analyzer] INFO: Injected into process with pid 3704 and name u'Unicorn-28320.exe'
2025-03-13 08:15:58,500 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-3126.exe
2025-03-13 08:15:58,530 [analyzer] DEBUG: Loaded monitor into process with pid 3452
2025-03-13 08:15:58,562 [analyzer] INFO: Injected into process with pid 3736 and name u'Unicorn-32669.exe'
2025-03-13 08:15:58,608 [analyzer] INFO: Injected into process with pid 3776 and name u'Unicorn-3126.exe'
2025-03-13 08:15:58,750 [analyzer] DEBUG: Loaded monitor into process with pid 3624
2025-03-13 08:15:58,765 [analyzer] DEBUG: Loaded monitor into process with pid 3540
2025-03-13 08:15:58,796 [analyzer] DEBUG: Loaded monitor into process with pid 3704
2025-03-13 08:15:58,812 [analyzer] DEBUG: Loaded monitor into process with pid 3604
2025-03-13 08:15:58,842 [analyzer] DEBUG: Loaded monitor into process with pid 3568
2025-03-13 08:15:59,203 [analyzer] DEBUG: Loaded monitor into process with pid 3776
2025-03-13 08:15:59,217 [analyzer] DEBUG: Loaded monitor into process with pid 3736
2025-03-13 08:15:59,937 [analyzer] INFO: Added new file to list with pid 3164 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-57557.exe
2025-03-13 08:16:00,015 [analyzer] INFO: Injected into process with pid 3892 and name u'Unicorn-57557.exe'
2025-03-13 08:16:00,233 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-43083.exe
2025-03-13 08:16:00,296 [analyzer] INFO: Added new file to list with pid 3204 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-9664.exe
2025-03-13 08:16:00,390 [analyzer] DEBUG: Loaded monitor into process with pid 3892
2025-03-13 08:16:00,421 [analyzer] INFO: Injected into process with pid 3940 and name u'Unicorn-43083.exe'
2025-03-13 08:16:00,467 [analyzer] INFO: Injected into process with pid 3976 and name u'Unicorn-9664.exe'
2025-03-13 08:16:00,671 [analyzer] INFO: Added new file to list with pid 1840 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-36015.exe
2025-03-13 08:16:00,733 [analyzer] INFO: Added new file to list with pid 3284 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-62565.exe
2025-03-13 08:16:00,828 [analyzer] DEBUG: Loaded monitor into process with pid 3940
2025-03-13 08:16:00,842 [analyzer] DEBUG: Loaded monitor into process with pid 3976
2025-03-13 08:16:00,890 [analyzer] INFO: Injected into process with pid 4020 and name u'Unicorn-36015.exe'
2025-03-13 08:16:01,046 [analyzer] INFO: Added new file to list with pid 3380 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-10624.exe
2025-03-13 08:16:01,062 [analyzer] INFO: Injected into process with pid 4060 and name u'Unicorn-62565.exe'
2025-03-13 08:16:01,233 [analyzer] INFO: Injected into process with pid 3100 and name u'Unicorn-10624.exe'
2025-03-13 08:16:01,250 [analyzer] DEBUG: Loaded monitor into process with pid 4020
2025-03-13 08:16:01,421 [analyzer] DEBUG: Loaded monitor into process with pid 3100
2025-03-13 08:16:01,483 [analyzer] DEBUG: Loaded monitor into process with pid 4060
2025-03-13 08:16:01,500 [analyzer] INFO: Added new file to list with pid 784 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-43659.exe
2025-03-13 08:16:01,546 [analyzer] INFO: Added new file to list with pid 2476 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-4110.exe
2025-03-13 08:16:01,687 [analyzer] INFO: Added new file to list with pid 3460 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-46997.exe
2025-03-13 08:16:01,703 [analyzer] INFO: Injected into process with pid 3216 and name u'Unicorn-43659.exe'
2025-03-13 08:16:01,858 [analyzer] INFO: Injected into process with pid 3292 and name u'Unicorn-4110.exe'
2025-03-13 08:16:01,905 [analyzer] INFO: Injected into process with pid 3376 and name u'Unicorn-46997.exe'
2025-03-13 08:16:02,046 [analyzer] DEBUG: Loaded monitor into process with pid 3216
2025-03-13 08:16:02,062 [analyzer] INFO: Added new file to list with pid 3604 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-19561.exe
2025-03-13 08:16:02,250 [analyzer] DEBUG: Loaded monitor into process with pid 3292
2025-03-13 08:16:03,000 [analyzer] INFO: Added new file to list with pid 304 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-19539.exe
2025-03-13 08:16:03,000 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-38443.exe
2025-03-13 08:16:03,140 [analyzer] INFO: Added new file to list with pid 3416 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-39405.exe
2025-03-13 08:16:03,265 [analyzer] INFO: Added new file to list with pid 2076 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-53556.exe
2025-03-13 08:16:03,312 [analyzer] INFO: Added new file to list with pid 3452 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-3800.exe
2025-03-13 08:16:03,312 [analyzer] DEBUG: Loaded monitor into process with pid 3376
2025-03-13 08:16:03,328 [analyzer] INFO: Injected into process with pid 3480 and name u'Unicorn-19561.exe'
2025-03-13 08:16:03,421 [analyzer] INFO: Injected into process with pid 3648 and name u'Unicorn-39405.exe'
2025-03-13 08:16:03,421 [analyzer] INFO: Injected into process with pid 3552 and name u'Unicorn-38443.exe'
2025-03-13 08:16:03,421 [analyzer] INFO: Added new file to list with pid 1908 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-48460.exe
2025-03-13 08:16:03,421 [analyzer] INFO: Injected into process with pid 1392 and name u'Unicorn-19539.exe'
2025-03-13 08:16:03,437 [analyzer] INFO: Injected into process with pid 3644 and name u'Unicorn-39405.exe'
2025-03-13 08:16:03,530 [analyzer] DEBUG: Loaded monitor into process with pid 3480
2025-03-13 08:16:04,280 [analyzer] INFO: Added new file to list with pid 2424 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-65259.exe
2025-03-13 08:16:04,280 [analyzer] INFO: Added new file to list with pid 1560 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-8387.exe
2025-03-13 08:16:04,280 [analyzer] INFO: Injected into process with pid 3768 and name u'Unicorn-53556.exe'
2025-03-13 08:16:04,296 [analyzer] INFO: Added new file to list with pid 3540 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-8652.exe
2025-03-13 08:16:04,453 [analyzer] DEBUG: Loaded monitor into process with pid 3644
2025-03-13 08:16:04,500 [analyzer] INFO: Injected into process with pid 3800 and name u'Unicorn-3800.exe'
2025-03-13 08:16:04,530 [analyzer] DEBUG: Loaded monitor into process with pid 1392
2025-03-13 08:16:04,592 [analyzer] INFO: Added new file to list with pid 4020 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-28881.exe
2025-03-13 08:16:04,608 [analyzer] DEBUG: Loaded monitor into process with pid 3552
2025-03-13 08:16:04,640 [analyzer] INFO: Added new file to list with pid 1172 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-22750.exe
2025-03-13 08:16:04,655 [analyzer] DEBUG: Loaded monitor into process with pid 3648
2025-03-13 08:16:04,687 [analyzer] INFO: Injected into process with pid 3928 and name u'Unicorn-48460.exe'
2025-03-13 08:16:04,765 [analyzer] DEBUG: Loaded monitor into process with pid 3768
2025-03-13 08:16:04,828 [analyzer] DEBUG: Loaded monitor into process with pid 3800
2025-03-13 08:16:04,842 [analyzer] INFO: Injected into process with pid 4088 and name u'Unicorn-65259.exe'
2025-03-13 08:16:04,842 [analyzer] INFO: Injected into process with pid 3092 and name u'Unicorn-8387.exe'
2025-03-13 08:16:04,842 [analyzer] INFO: Injected into process with pid 3184 and name u'Unicorn-8652.exe'
2025-03-13 08:16:04,842 [analyzer] INFO: Injected into process with pid 3132 and name u'Unicorn-8652.exe'
2025-03-13 08:16:04,890 [analyzer] INFO: Injected into process with pid 3680 and name u'Unicorn-28881.exe'
2025-03-13 08:16:04,890 [analyzer] INFO: Injected into process with pid 3816 and name u'Unicorn-22750.exe'
2025-03-13 08:16:05,015 [analyzer] DEBUG: Loaded monitor into process with pid 3928
2025-03-13 08:16:05,687 [analyzer] DEBUG: Loaded monitor into process with pid 3092
2025-03-13 08:16:05,765 [analyzer] DEBUG: Loaded monitor into process with pid 4088
2025-03-13 08:16:05,842 [analyzer] DEBUG: Loaded monitor into process with pid 3132
2025-03-13 08:16:05,858 [analyzer] DEBUG: Loaded monitor into process with pid 3184
2025-03-13 08:16:05,875 [analyzer] INFO: Added new file to list with pid 3892 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-4952.exe
2025-03-13 08:16:05,921 [analyzer] DEBUG: Loaded monitor into process with pid 3816
2025-03-13 08:16:05,983 [analyzer] DEBUG: Loaded monitor into process with pid 3680
2025-03-13 08:16:06,062 [analyzer] INFO: Injected into process with pid 3400 and name u'Unicorn-4952.exe'
2025-03-13 08:16:06,155 [analyzer] INFO: Added new file to list with pid 304 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-36923.exe
2025-03-13 08:16:06,296 [analyzer] DEBUG: Loaded monitor into process with pid 3400
2025-03-13 08:16:06,467 [analyzer] INFO: Added new file to list with pid 1840 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-42596.exe
2025-03-13 08:16:06,562 [analyzer] INFO: Injected into process with pid 4120 and name u'Unicorn-36923.exe'
2025-03-13 08:16:06,655 [analyzer] INFO: Injected into process with pid 4152 and name u'Unicorn-42596.exe'
2025-03-13 08:16:06,875 [analyzer] DEBUG: Loaded monitor into process with pid 4120
2025-03-13 08:16:06,921 [analyzer] DEBUG: Loaded monitor into process with pid 4152
2025-03-13 08:16:07,608 [analyzer] INFO: Added new file to list with pid 3624 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-31185.exe
2025-03-13 08:16:07,796 [analyzer] INFO: Injected into process with pid 4216 and name u'Unicorn-31185.exe'
2025-03-13 08:16:07,921 [analyzer] INFO: Added new file to list with pid 3768 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-47329.exe
2025-03-13 08:16:07,983 [analyzer] DEBUG: Loaded monitor into process with pid 4216
2025-03-13 08:16:08,030 [analyzer] INFO: Injected into process with pid 4260 and name u'Unicorn-47329.exe'
2025-03-13 08:16:08,250 [analyzer] DEBUG: Loaded monitor into process with pid 4260
2025-03-13 08:16:08,796 [analyzer] INFO: Added new file to list with pid 3164 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-44724.exe
2025-03-13 08:16:08,875 [analyzer] INFO: Injected into process with pid 4332 and name u'Unicorn-44724.exe'
2025-03-13 08:16:09,108 [analyzer] DEBUG: Loaded monitor into process with pid 4332
2025-03-13 08:16:09,296 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-03-13 08:16:09,750 [analyzer] INFO: Added new file to list with pid 3248 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-61273.exe
2025-03-13 08:16:09,858 [analyzer] INFO: Added new file to list with pid 344 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-14110.exe
2025-03-13 08:16:10,062 [analyzer] INFO: Injected into process with pid 4440 and name u'Unicorn-14110.exe'
2025-03-13 08:16:10,092 [analyzer] INFO: Injected into process with pid 4408 and name u'Unicorn-61273.exe'
2025-03-13 08:16:10,108 [analyzer] INFO: Injected into process with pid 4432 and name u'Unicorn-14110.exe'
2025-03-13 08:16:10,328 [analyzer] DEBUG: Loaded monitor into process with pid 4440
2025-03-13 08:16:10,358 [analyzer] DEBUG: Loaded monitor into process with pid 4432
2025-03-13 08:16:10,405 [analyzer] DEBUG: Loaded monitor into process with pid 4408
2025-03-13 08:16:10,421 [analyzer] INFO: Added new file to list with pid 3024 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-21947.exe
2025-03-13 08:16:10,750 [analyzer] INFO: Injected into process with pid 4572 and name u'Unicorn-21947.exe'
2025-03-13 08:16:10,921 [analyzer] DEBUG: Loaded monitor into process with pid 4572
2025-03-13 08:16:11,000 [analyzer] INFO: Added new file to list with pid 196 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-37899.exe
2025-03-13 08:16:11,155 [analyzer] INFO: Injected into process with pid 4620 and name u'Unicorn-37899.exe'
2025-03-13 08:16:11,250 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 2856.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 2424.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 1560.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 1908.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 1840.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 2476.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 1172.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 344.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 788.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 2076.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 3024.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 196.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 784.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 304.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 936.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 884.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 3164.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 3204.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 3248.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 3284.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 3328.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 3380.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 3416.
2025-03-13 08:16:11,265 [lib.api.process] INFO: Successfully terminated process with pid 3452.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3460.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3540.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3568.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3624.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3604.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3704.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3736.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3776.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3892.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3940.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3976.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 4020.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 4060.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3100.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3216.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3292.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3376.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3480.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 1392.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3552.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3648.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3644.
2025-03-13 08:16:11,280 [lib.api.process] INFO: Successfully terminated process with pid 3768.
2025-03-13 08:16:11,296 [lib.api.process] INFO: Successfully terminated process with pid 3800.
2025-03-13 08:16:11,296 [lib.api.process] INFO: Successfully terminated process with pid 3928.
2025-03-13 08:16:11,296 [lib.api.process] INFO: Successfully terminated process with pid 4088.
2025-03-13 08:16:11,296 [lib.api.process] INFO: Successfully terminated process with pid 3092.
2025-03-13 08:16:11,296 [lib.api.process] INFO: Successfully terminated process with pid 3132.
2025-03-13 08:16:11,296 [lib.api.process] INFO: Successfully terminated process with pid 3184.
2025-03-13 08:16:11,296 [lib.api.process] INFO: Successfully terminated process with pid 3680.
2025-03-13 08:16:11,296 [lib.api.process] INFO: Successfully terminated process with pid 3816.
2025-03-13 08:16:11,296 [lib.api.process] INFO: Successfully terminated process with pid 3400.
2025-03-13 08:16:11,296 [lib.api.process] INFO: Successfully terminated process with pid 4120.
2025-03-13 08:16:11,296 [lib.api.process] INFO: Successfully terminated process with pid 4152.
2025-03-13 08:16:11,296 [lib.api.process] INFO: Successfully terminated process with pid 4216.
2025-03-13 08:16:11,296 [lib.api.process] INFO: Successfully terminated process with pid 4260.
2025-03-13 08:16:11,296 [lib.api.process] INFO: Successfully terminated process with pid 4332.
2025-03-13 08:16:11,296 [lib.api.process] INFO: Successfully terminated process with pid 4408.
2025-03-13 08:16:11,296 [lib.api.process] INFO: Successfully terminated process with pid 4432.
2025-03-13 08:16:11,296 [lib.api.process] INFO: Successfully terminated process with pid 4440.
2025-03-13 08:16:11,296 [lib.api.process] INFO: Successfully terminated process with pid 4572.
2025-03-13 08:16:11,296 [lib.api.process] INFO: Successfully terminated process with pid 4620.
2025-03-13 08:16:11,530 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-22750.exe
2025-03-13 08:16:11,530 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-32669.exe
2025-03-13 08:16:11,530 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-11044.exe
2025-03-13 08:16:11,530 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-36923.exe
2025-03-13 08:16:11,530 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-15055.exe
2025-03-13 08:16:11,530 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-51169.exe
2025-03-13 08:16:11,530 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-65259.exe
2025-03-13 08:16:11,530 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-28881.exe
2025-03-13 08:16:11,530 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-3800.exe
2025-03-13 08:16:11,530 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-3126.exe
2025-03-13 08:16:11,530 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-38443.exe
2025-03-13 08:16:11,530 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-46997.exe
2025-03-13 08:16:11,530 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-11288.exe
2025-03-13 08:16:11,530 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-45165.exe
2025-03-13 08:16:11,530 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-28320.exe
2025-03-13 08:16:11,530 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-9664.exe
2025-03-13 08:16:11,530 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-41915.exe
2025-03-13 08:16:11,530 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-8387.exe
2025-03-13 08:16:11,530 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-42596.exe
2025-03-13 08:16:11,546 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-43083.exe
2025-03-13 08:16:11,546 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-6310.exe
2025-03-13 08:16:11,546 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-62165.exe
2025-03-13 08:16:11,546 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-4110.exe
2025-03-13 08:16:11,546 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-47329.exe
2025-03-13 08:16:11,546 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-30482.exe
2025-03-13 08:16:11,546 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-61273.exe
2025-03-13 08:16:11,546 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-53281.exe
2025-03-13 08:16:11,546 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-21947.exe
2025-03-13 08:16:11,546 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-48045.exe
2025-03-13 08:16:11,546 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-4324.exe
2025-03-13 08:16:11,546 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-4796.exe
2025-03-13 08:16:11,546 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-62565.exe
2025-03-13 08:16:11,546 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-14110.exe
2025-03-13 08:16:11,546 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-65512.exe
2025-03-13 08:16:11,546 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-64884.exe
2025-03-13 08:16:11,546 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-40069.exe
2025-03-13 08:16:11,546 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-8652.exe
2025-03-13 08:16:11,546 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-03-14 17:14:20,366 [cuckoo.core.scheduler] DEBUG: Task #6098504: no machine available yet
2025-03-14 17:14:21,393 [cuckoo.core.scheduler] DEBUG: Task #6098504: no machine available yet
2025-03-14 17:14:22,635 [cuckoo.core.scheduler] DEBUG: Task #6098504: no machine available yet
2025-03-14 17:14:23,750 [cuckoo.core.scheduler] DEBUG: Task #6098504: no machine available yet
2025-03-14 17:14:24,879 [cuckoo.core.scheduler] DEBUG: Task #6098504: no machine available yet
2025-03-14 17:14:26,164 [cuckoo.core.scheduler] DEBUG: Task #6098504: no machine available yet
2025-03-14 17:14:27,283 [cuckoo.core.scheduler] INFO: Task #6098504: acquired machine win7x6430 (label=win7x6430)
2025-03-14 17:14:27,291 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.230 for task #6098504
2025-03-14 17:14:28,210 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 218381 (interface=vboxnet0, host=192.168.168.230)
2025-03-14 17:14:29,049 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6430
2025-03-14 17:14:37,040 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6430 to vmcloak
2025-03-14 17:17:28,715 [cuckoo.core.guest] INFO: Starting analysis #6098504 on guest (id=win7x6430, ip=192.168.168.230)
2025-03-14 17:17:29,722 [cuckoo.core.guest] DEBUG: win7x6430: not ready yet
2025-03-14 17:17:34,783 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6430, ip=192.168.168.230)
2025-03-14 17:17:35,178 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6430, ip=192.168.168.230, monitor=latest, size=6660546)
2025-03-14 17:17:37,488 [cuckoo.core.resultserver] DEBUG: Task #6098504: live log analysis.log initialized.
2025-03-14 17:17:38,695 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:39,348 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:40,005 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'shots/0001.jpg'
2025-03-14 17:17:40,021 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 133468
2025-03-14 17:17:42,514 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:45,877 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:45,888 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:49,334 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:49,336 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:49,453 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:49,687 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:52,184 [cuckoo.core.guest] DEBUG: win7x6430: analysis #6098504 still processing
2025-03-14 17:17:52,640 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:52,939 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:52,972 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:52,991 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:53,169 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:53,311 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:53,623 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:53,645 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:55,983 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:56,160 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:56,527 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:56,545 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:56,998 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:57,139 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:57,255 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:57,470 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:57,624 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:57,874 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:57,903 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:57,921 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:57,937 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:57,968 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:58,102 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:58,355 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:59,518 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:59,952 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:17:59,982 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:00,373 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:00,545 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:00,611 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:01,423 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:01,430 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:02,630 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:02,665 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:03,598 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:03,602 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'shots/0002.jpg'
2025-03-14 17:18:03,616 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 64122
2025-03-14 17:18:03,676 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:03,744 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:03,766 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:03,867 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:03,951 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:04,114 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:04,856 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:04,867 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:04,869 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'shots/0003.jpg'
2025-03-14 17:18:04,882 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 111902
2025-03-14 17:18:04,890 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:04,967 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:04,989 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:05,046 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:05,435 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:06,011 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:06,013 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'shots/0004.jpg'
2025-03-14 17:18:06,031 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 70249
2025-03-14 17:18:06,045 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:07,122 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:07,124 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'shots/0005.jpg'
2025-03-14 17:18:07,149 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 72298
2025-03-14 17:18:07,358 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:07,476 [cuckoo.core.guest] DEBUG: win7x6430: analysis #6098504 still processing
2025-03-14 17:18:08,254 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:08,257 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'shots/0006.jpg'
2025-03-14 17:18:08,282 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 118005
2025-03-14 17:18:09,352 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'curtain/1741850170.11.curtain.log'
2025-03-14 17:18:09,382 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 36
2025-03-14 17:18:09,389 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'shots/0007.jpg'
2025-03-14 17:18:09,404 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 73673
2025-03-14 17:18:09,458 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:09,482 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:09,529 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:10,046 [cuckoo.core.resultserver] DEBUG: Task #6098504 is sending a BSON stream
2025-03-14 17:18:10,316 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'sysmon/1741850171.11.sysmon.xml'
2025-03-14 17:18:10,478 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 2032996
2025-03-14 17:18:10,521 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/c33722dc7ab60d8f_unicorn-51916.exe'
2025-03-14 17:18:10,547 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479256
2025-03-14 17:18:10,571 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/5731a11a22d2eb20_unicorn-53556.exe'
2025-03-14 17:18:10,594 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479256
2025-03-14 17:18:10,601 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/67aba84d16ae8005_unicorn-35025.exe'
2025-03-14 17:18:10,631 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479257
2025-03-14 17:18:10,639 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/fdff6f686a20d124_unicorn-32721.exe'
2025-03-14 17:18:10,660 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479255
2025-03-14 17:18:10,665 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/67f58d563e405a8f_unicorn-16538.exe'
2025-03-14 17:18:10,678 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479254
2025-03-14 17:18:10,683 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/0e8f67b98627ab4c_unicorn-10624.exe'
2025-03-14 17:18:10,697 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479257
2025-03-14 17:18:10,702 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/6d16a56ec22927c0_unicorn-52492.exe'
2025-03-14 17:18:10,714 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479255
2025-03-14 17:18:10,729 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/7da0f6253bee560d_unicorn-36015.exe'
2025-03-14 17:18:10,749 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479256
2025-03-14 17:18:10,755 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/c3d77cd56c1887a7_unicorn-33415.exe'
2025-03-14 17:18:10,771 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479256
2025-03-14 17:18:10,776 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/77dc22e32010666f_unicorn-4952.exe'
2025-03-14 17:18:10,803 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479259
2025-03-14 17:18:10,808 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/3186f40ac562d2de_unicorn-3312.exe'
2025-03-14 17:18:10,815 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/25442417c90bb6cd_unicorn-25299.exe'
2025-03-14 17:18:10,831 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479255
2025-03-14 17:18:10,838 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/bed09a8a9360f5c8_unicorn-36348.exe'
2025-03-14 17:18:10,848 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479254
2025-03-14 17:18:10,852 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/08165a7e8e6930e3_unicorn-31185.exe'
2025-03-14 17:18:10,868 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479257
2025-03-14 17:18:10,874 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/7a9f738aa33c848a_unicorn-57225.exe'
2025-03-14 17:18:10,887 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/979572c7dab54b77_unicorn-45720.exe'
2025-03-14 17:18:10,905 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479256
2025-03-14 17:18:10,911 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/5e8d615fd22625b0_unicorn-19561.exe'
2025-03-14 17:18:10,928 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479257
2025-03-14 17:18:10,933 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/fe6a1fb66f7d831d_unicorn-19539.exe'
2025-03-14 17:18:10,945 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479257
2025-03-14 17:18:10,949 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/15745be8ab24ec93_unicorn-37899.exe'
2025-03-14 17:18:10,959 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479257
2025-03-14 17:18:10,962 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/e31c13d07d1d5e99_unicorn-57557.exe'
2025-03-14 17:18:11,016 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/971a4fade4c136c8_unicorn-43659.exe'
2025-03-14 17:18:11,036 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479256
2025-03-14 17:18:11,043 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/109f986a032d438b_unicorn-48460.exe'
2025-03-14 17:18:11,077 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479255
2025-03-14 17:18:11,082 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/d1e4c42e2540c3b4_unicorn-29485.exe'
2025-03-14 17:18:11,090 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/b4572d9407e6580a_unicorn-44724.exe'
2025-03-14 17:18:11,102 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479254
2025-03-14 17:18:11,108 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479258
2025-03-14 17:18:11,111 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479256
2025-03-14 17:18:11,385 [cuckoo.core.resultserver] DEBUG: Task #6098504 had connection reset for <Context for LOG>
2025-03-14 17:18:11,388 [cuckoo.core.resultserver] DEBUG: Task #6098504: File upload for 'files/61dcf9ca746ca378_unicorn-39405.exe'
2025-03-14 17:18:11,398 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479257
2025-03-14 17:18:11,401 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479258
2025-03-14 17:18:11,404 [cuckoo.core.resultserver] DEBUG: Task #6098504 uploaded file length: 479257
2025-03-14 17:18:13,522 [cuckoo.core.guest] INFO: win7x6430: analysis completed successfully
2025-03-14 17:18:13,537 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-03-14 17:18:13,580 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-03-14 17:18:15,009 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6430 to path /srv/cuckoo/cwd/storage/analyses/6098504/memory.dmp
2025-03-14 17:18:15,011 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6430
2025-03-14 17:20:43,295 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.230 for task #6098504
2025-03-14 17:20:43,972 [cuckoo.core.scheduler] DEBUG: Released database task #6098504
2025-03-14 17:20:44,000 [cuckoo.core.scheduler] INFO: Task #6098504: analysis procedure completed

Signatures

Yara rule detected for file (1 event)

description

(no description)

rule

SEH__vba

One or more processes crashed (50 out of 92 events)

Time & API	Arguments	Status
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 b52fc5fe077f51fc6339aacd08012819517a571da7c4cafb3155f5129c3d9462+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: b52fc5fe077f51fc6339aacd08012819517a571da7c4cafb3155f5129c3d9462+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: b52fc5fe077f51fc6339aacd08012819517a571da7c4cafb3155f5129c3d9462.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 39153141 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2003187882	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 9244768 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 9244768 registers.esi: 9244768 registers.ecx: 2	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 b52fc5fe077f51fc6339aacd08012819517a571da7c4cafb3155f5129c3d9462+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: b52fc5fe077f51fc6339aacd08012819517a571da7c4cafb3155f5129c3d9462+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: b52fc5fe077f51fc6339aacd08012819517a571da7c4cafb3155f5129c3d9462.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 9244768 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 9244768 registers.esi: 9244768 registers.ecx: 2	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 b52fc5fe077f51fc6339aacd08012819517a571da7c4cafb3155f5129c3d9462+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: b52fc5fe077f51fc6339aacd08012819517a571da7c4cafb3155f5129c3d9462+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: b52fc5fe077f51fc6339aacd08012819517a571da7c4cafb3155f5129c3d9462.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 39153141 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2003187882	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 9244768 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 9244768 registers.esi: 9244768 registers.ecx: 2	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 b52fc5fe077f51fc6339aacd08012819517a571da7c4cafb3155f5129c3d9462+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: b52fc5fe077f51fc6339aacd08012819517a571da7c4cafb3155f5129c3d9462+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: b52fc5fe077f51fc6339aacd08012819517a571da7c4cafb3155f5129c3d9462.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 9244768 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 9244768 registers.esi: 9244768 registers.ecx: 2	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-29485+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-29485+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-29485.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 6430208 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6430208 registers.esi: 6430208 registers.ecx: 2	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-29485+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-29485+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-29485.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 6430208 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6430208 registers.esi: 6430208 registers.ecx: 2	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-29485+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-29485+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-29485.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 7 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 7	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 6430208 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6430208 registers.esi: 6430208 registers.ecx: 2	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-29485+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-29485+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-29485.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 6430208 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6430208 registers.esi: 6430208 registers.ecx: 2	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-29485+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-29485+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-29485.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 9 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 9	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 6430208 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6430208 registers.esi: 6430208 registers.ecx: 2	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-29485+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-29485+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-29485.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 6430208 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6430208 registers.esi: 6430208 registers.ecx: 2	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-11044+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-11044+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-11044.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 3350016 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 3350016 registers.esi: 3350016 registers.ecx: 2	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-11044+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-11044+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-11044.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 3350016 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 3350016 registers.esi: 3350016 registers.ecx: 2	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-64884+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-64884+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-64884.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 6233600 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6233600 registers.esi: 6233600 registers.ecx: 2	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-64884+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-64884+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-64884.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 6233600 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6233600 registers.esi: 6233600 registers.ecx: 2	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-62165+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-62165+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-62165.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 5971456 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 5971456 registers.esi: 5971456 registers.ecx: 2	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-62165+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-62165+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-62165.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 5971456 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 5971456 registers.esi: 5971456 registers.ecx: 2	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-4796+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-4796+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-4796.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 3087864 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 3087864 registers.esi: 3087864 registers.ecx: 2	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-4796+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-4796+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-4796.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ March 13, 2025, 9:15 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 3087864 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 3087864 registers.esi: 3087864 registers.ecx: 2	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-4796+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-4796+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-4796.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 6 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 3087864 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 3087864 registers.esi: 3087864 registers.ecx: 2	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-4796+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-4796+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-4796.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 3087864 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 3087864 registers.esi: 3087864 registers.ecx: 2	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-16538+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-16538+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-16538.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 2694656 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 2694656 registers.esi: 2694656 registers.ecx: 2	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-16538+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-16538+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-16538.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 2694656 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 2694656 registers.esi: 2694656 registers.ecx: 2	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-15055+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-15055+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-15055.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 5512704 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 5512704 registers.esi: 5512704 registers.ecx: 2	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-15055+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-15055+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-15055.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 5512704 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 5512704 registers.esi: 5512704 registers.ecx: 2	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-4324+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76f462fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76f46d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76f477c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76f47bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-4324+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-4324.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ March 13, 2025, 9:16 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7677c41f registers.esp: 1634992 registers.edi: 6102520 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6102520 registers.esi: 6102520 registers.ecx: 2	1

Foreign language identified in PE resource (1 event)

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000747c4

size

0x00000234

Creates executable files on the filesystem (50 out of 62 events)

file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-51169.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-65259.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-21947.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-3800.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-3126.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-36923.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-46997.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-11288.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-45165.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-28320.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-9664.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-8387.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-43083.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-6310.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-62165.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-47329.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-4110.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-43659.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-48045.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-4324.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-4796.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-62565.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-14110.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-65512.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-64884.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-40069.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-8652.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-51916.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-16538.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-53556.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-35025.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-32721.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-28881.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-39405.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-52492.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-61273.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-33415.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-15055.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-4952.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-42596.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-3312.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-25299.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-36348.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-36015.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-31185.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-57225.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-45720.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-30482.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-19561.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-19539.exe

Drops an executable to the user AppData folder (2 events)

file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-51916.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-53556.exe

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory March 13, 2025, 9:15 a.m.	process_identifier: 2856 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x00370000 process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0002b000', u'virtual_address': u'0x00001000', u'entropy': 7.5713477036147845, u'name': u'.text', u'virtual_size': u'0x0002a5c4'}

entropy

7.57134770361

description

A section with a high entropy has been found

entropy

0.370689655172

description

Overall entropy of this PE file is high

File has been identified by 14 AntiVirus engine on IRMA as malicious (14 events)

G Data Antivirus (Windows)	Virus: Generic.Dacic.94CCEEA9.A.EFB87E45 (Engine A), Win32.Trojan.PSE.1FY1FUT (Engine B)
Avast Core Security (Linux)	Win32:Evo-gen [Trj]
C4S ClamAV (Linux)	Win.Trojan.Barys-10005825-0
F-Secure Antivirus (Linux)	Trojan.TR/Crypt.XPACK.Gen [Aquarius]
Sophos Anti-Virus (Linux)	Troj/VB-KCP
eScan Antivirus (Linux)	Generic.Dacic.94CCEEA9.A.EFB87E45(DB)
ESET Security (Windows)	Win32/VBClone.K trojan
DrWeb Antivirus (Linux)	Trojan.MulDrop20.3145
Trend Micro SProtect (Linux)	Trojan.Win32.FAREIT.SME
WithSecure (Linux)	Trojan.TR/Crypt.XPACK.Gen
ClamAV (Linux)	Win.Trojan.Barys-10005825-0
Bitdefender Antivirus (Linux)	Generic.Dacic.94CCEEA9.A.EFB87E45
Kaspersky Standard (Windows)	Trojan.Win32.VB.dosq
Emsisoft Commandline Scanner (Windows)	Generic.Dacic.94CCEEA9.A.EFB87E45 (B)

File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 events)

Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Generic.gt
ALYac	Generic.Dacic.94CCEEA9.A.EFB87E45
Cylance	Unsafe
VIPRE	Generic.Dacic.94CCEEA9.A.EFB87E45
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Generic.Dacic.94CCEEA9.A.EFB87E45
K7GW	Trojan ( 005690671 )
K7AntiVirus	Trojan ( 005690671 )
Arcabit	Generic.Dacic.94CCEEA9.A.EFB87E45
VirIT	Trojan.Win32.VBUnicorn.AA
Symantec	Trojan.Dropper
Elastic	malicious (high confidence)
ESET-NOD32	Win32/VBClone.K
APEX	Malicious
Avast	Win32:Evo-gen [Trj]
ClamAV	Win.Trojan.Barys-10005825-0
Kaspersky	Trojan.Win32.VB.dosq
NANO-Antivirus	Trojan.Win32.Fragtor.kqdbox
SUPERAntiSpyware	Trojan.Agent/Gen-Tedy
MicroWorld-eScan	Generic.Dacic.94CCEEA9.A.EFB87E45
Rising	Trojan.VBClone!1.1072E (CLASSIC)
Emsisoft	Generic.Dacic.94CCEEA9.A.EFB87E45 (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen
DrWeb	Trojan.MulDrop20.3145
Zillya	Trojan.VBGen.Win32.1
TrendMicro	Trojan.Win32.FAREIT.SME
McAfeeD	ti!B52FC5FE077F
CTX	exe.unknown.dacic
Sophos	Troj/VB-KCP
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.19a78d414511e85c
Jiangmin	Worm.WBNA.roep
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Crypt.XPACK.Gen
Antiy-AVL	Trojan/Win32.VBClone.e
Microsoft	Trojan:Win32/Fareit.VB!MTB
ZoneAlarm	Troj/VB-KCP
GData	Win32.Trojan.PSE.12JP8BN
Varist	W32/VB.AED.gen!Eldorado
AhnLab-V3	Trojan/Win.Fareit.R665861
McAfee	GenericRXWO-KC!19A78D414511
TACHYON	Trojan/W32.VB-Agent.479253.D
DeepInstinct	MALICIOUS
VBA32	SScope.Trojan.VB
Malwarebytes	Generic.Malware.AI.DDS
Ikarus	Trojan.Win32.VBClone
Panda	Trj/Genetic.gen