Cuckoo Sandbox

File 599ae7f5f96205eabd782b5943c683680a03fb0b119b6ceb856b40cd88bf9cfb

Summary
Download Resubmit sample

Size	468.1KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ed6e330ac23a8321236cafd8384ba815`
SHA1	`5541749850df09fc554b86dfb721935bf0cb4f11`
SHA256	`599ae7f5f96205eabd782b5943c683680a03fb0b119b6ceb856b40cd88bf9cfb`
SHA512	`6ea70b75d60b1c2861be39ceb6b76445d8cd54dc4ce15f8b9bc754d51f805ba4a7826739169b66308455cf0f1e33d6e5abb2239386003ff77ac5e7b2ae9a9a02`
CRC32	`C5DA1D6C`
ssdeep	`None`
Yara	SEH__vba - (no description)

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

6631122

6631123

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	June 24, 2025, 9:17 p.m.	June 24, 2025, 9:25 p.m.	446 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-06-21 09:33:58,046 [analyzer] DEBUG: Starting analyzer from: C:\tmpwwr_kc
2025-06-21 09:33:58,062 [analyzer] DEBUG: Pipe server name: \??\PIPE\WUdEAYoRqnjqUBhK
2025-06-21 09:33:58,062 [analyzer] DEBUG: Log pipe server name: \??\PIPE\fATZWfwVbeDHKtcU
2025-06-21 09:33:58,578 [analyzer] DEBUG: Started auxiliary module Curtain
2025-06-21 09:33:58,578 [analyzer] DEBUG: Started auxiliary module DbgView
2025-06-21 09:33:59,250 [analyzer] DEBUG: Started auxiliary module Disguise
2025-06-21 09:33:59,467 [analyzer] DEBUG: Loaded monitor into process with pid 504
2025-06-21 09:33:59,467 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-06-21 09:33:59,467 [analyzer] DEBUG: Started auxiliary module Human
2025-06-21 09:33:59,467 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-06-21 09:33:59,467 [analyzer] DEBUG: Started auxiliary module Reboot
2025-06-21 09:33:59,578 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-06-21 09:33:59,578 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-06-21 09:33:59,578 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-06-21 09:33:59,578 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-06-21 09:33:59,733 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\599ae7f5f96205eabd782b5943c683680a03fb0b119b6ceb856b40cd88bf9cfb.exe' with arguments '' and pid 568
2025-06-21 09:33:59,937 [analyzer] DEBUG: Loaded monitor into process with pid 568
2025-06-21 09:34:03,015 [analyzer] INFO: Added new file to list with pid 568 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-23182.exe
2025-06-21 09:34:03,140 [analyzer] INFO: Injected into process with pid 1892 and name u'Unicorn-23182.exe'
2025-06-21 09:34:03,312 [analyzer] DEBUG: Loaded monitor into process with pid 1892
2025-06-21 09:34:06,390 [analyzer] INFO: Added new file to list with pid 1892 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-58350.exe
2025-06-21 09:34:06,453 [analyzer] INFO: Added new file to list with pid 568 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-22148.exe
2025-06-21 09:34:06,500 [analyzer] INFO: Injected into process with pid 2352 and name u'Unicorn-58350.exe'
2025-06-21 09:34:06,546 [analyzer] INFO: Injected into process with pid 2472 and name u'Unicorn-22148.exe'
2025-06-21 09:34:06,671 [analyzer] DEBUG: Loaded monitor into process with pid 2352
2025-06-21 09:34:06,717 [analyzer] DEBUG: Loaded monitor into process with pid 2472
2025-06-21 09:34:09,796 [analyzer] INFO: Added new file to list with pid 2352 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-7141.exe
2025-06-21 09:34:09,858 [analyzer] INFO: Injected into process with pid 2572 and name u'Unicorn-7141.exe'
2025-06-21 09:34:09,875 [analyzer] INFO: Added new file to list with pid 1892 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-32200.exe
2025-06-21 09:34:09,890 [analyzer] INFO: Added new file to list with pid 2472 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-47982.exe
2025-06-21 09:34:09,953 [analyzer] INFO: Injected into process with pid 2520 and name u'Unicorn-32200.exe'
2025-06-21 09:34:09,967 [analyzer] INFO: Injected into process with pid 2888 and name u'Unicorn-47982.exe'
2025-06-21 09:34:09,983 [analyzer] INFO: Added new file to list with pid 568 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-17347.exe
2025-06-21 09:34:10,030 [analyzer] DEBUG: Loaded monitor into process with pid 2572
2025-06-21 09:34:10,092 [analyzer] INFO: Injected into process with pid 2380 and name u'Unicorn-17347.exe'
2025-06-21 09:34:10,108 [analyzer] DEBUG: Loaded monitor into process with pid 2520
2025-06-21 09:34:10,140 [analyzer] DEBUG: Loaded monitor into process with pid 2888
2025-06-21 09:34:10,250 [analyzer] DEBUG: Loaded monitor into process with pid 2380
2025-06-21 09:34:13,078 [analyzer] INFO: Added new file to list with pid 2572 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-2237.exe
2025-06-21 09:34:13,140 [analyzer] INFO: Added new file to list with pid 2352 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-31380.exe
2025-06-21 09:34:13,203 [analyzer] INFO: Injected into process with pid 412 and name u'Unicorn-2237.exe'
2025-06-21 09:34:13,250 [analyzer] INFO: Added new file to list with pid 2520 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-26742.exe
2025-06-21 09:34:13,250 [analyzer] INFO: Injected into process with pid 2716 and name u'Unicorn-31380.exe'
2025-06-21 09:34:13,312 [analyzer] INFO: Injected into process with pid 292 and name u'Unicorn-26742.exe'
2025-06-21 09:34:13,358 [analyzer] DEBUG: Loaded monitor into process with pid 412
2025-06-21 09:34:13,358 [analyzer] INFO: Added new file to list with pid 1892 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-53668.exe
2025-06-21 09:34:13,390 [analyzer] DEBUG: Loaded monitor into process with pid 2716
2025-06-21 09:34:13,390 [analyzer] INFO: Added new file to list with pid 2888 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-51438.exe
2025-06-21 09:34:13,437 [analyzer] INFO: Added new file to list with pid 2380 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-39186.exe
2025-06-21 09:34:13,483 [analyzer] DEBUG: Loaded monitor into process with pid 292
2025-06-21 09:34:13,500 [analyzer] INFO: Injected into process with pid 2004 and name u'Unicorn-53668.exe'
2025-06-21 09:34:13,562 [analyzer] INFO: Added new file to list with pid 2472 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-51609.exe
2025-06-21 09:34:13,562 [analyzer] INFO: Injected into process with pid 1400 and name u'Unicorn-51438.exe'
2025-06-21 09:34:13,578 [analyzer] INFO: Injected into process with pid 1416 and name u'Unicorn-39186.exe'
2025-06-21 09:34:13,655 [analyzer] INFO: Added new file to list with pid 568 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-50597.exe
2025-06-21 09:34:13,703 [analyzer] DEBUG: Loaded monitor into process with pid 2004
2025-06-21 09:34:13,717 [analyzer] INFO: Injected into process with pid 396 and name u'Unicorn-51609.exe'
2025-06-21 09:34:13,780 [analyzer] DEBUG: Loaded monitor into process with pid 1400
2025-06-21 09:34:13,812 [analyzer] DEBUG: Loaded monitor into process with pid 1416
2025-06-21 09:34:13,828 [analyzer] INFO: Injected into process with pid 3084 and name u'Unicorn-50597.exe'
2025-06-21 09:34:13,921 [analyzer] DEBUG: Loaded monitor into process with pid 396
2025-06-21 09:34:14,015 [analyzer] DEBUG: Loaded monitor into process with pid 3084
2025-06-21 09:34:16,453 [analyzer] INFO: Added new file to list with pid 412 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-25118.exe
2025-06-21 09:34:16,515 [analyzer] INFO: Injected into process with pid 3164 and name u'Unicorn-25118.exe'
2025-06-21 09:34:16,562 [analyzer] INFO: Added new file to list with pid 2572 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-41624.exe
2025-06-21 09:34:16,578 [analyzer] INFO: Added new file to list with pid 2716 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-57406.exe
2025-06-21 09:34:16,640 [analyzer] INFO: Injected into process with pid 3204 and name u'Unicorn-41624.exe'
2025-06-21 09:34:16,640 [analyzer] INFO: Injected into process with pid 3220 and name u'Unicorn-57406.exe'
2025-06-21 09:34:16,687 [analyzer] DEBUG: Loaded monitor into process with pid 3164
2025-06-21 09:34:16,733 [analyzer] INFO: Added new file to list with pid 2352 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-10243.exe
2025-06-21 09:34:16,750 [analyzer] INFO: Added new file to list with pid 292 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-12481.exe
2025-06-21 09:34:16,812 [analyzer] DEBUG: Loaded monitor into process with pid 3220
2025-06-21 09:34:16,875 [analyzer] DEBUG: Loaded monitor into process with pid 3204
2025-06-21 09:34:16,983 [analyzer] INFO: Added new file to list with pid 2520 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-784.exe
2025-06-21 09:34:17,030 [analyzer] INFO: Injected into process with pid 3300 and name u'Unicorn-12481.exe'
2025-06-21 09:34:17,046 [analyzer] INFO: Injected into process with pid 3292 and name u'Unicorn-10243.exe'
2025-06-21 09:34:17,078 [analyzer] INFO: Injected into process with pid 3348 and name u'Unicorn-784.exe'
2025-06-21 09:34:17,092 [analyzer] INFO: Added new file to list with pid 1416 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-54474.exe
2025-06-21 09:34:17,203 [analyzer] DEBUG: Loaded monitor into process with pid 3300
2025-06-21 09:34:17,203 [analyzer] INFO: Added new file to list with pid 1400 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-25694.exe
2025-06-21 09:34:17,217 [analyzer] DEBUG: Loaded monitor into process with pid 3292
2025-06-21 09:34:17,342 [analyzer] INFO: Injected into process with pid 3416 and name u'Unicorn-54474.exe'
2025-06-21 09:34:17,342 [analyzer] INFO: Added new file to list with pid 2380 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-34800.exe
2025-06-21 09:34:17,358 [analyzer] DEBUG: Loaded monitor into process with pid 3348
2025-06-21 09:34:17,358 [analyzer] INFO: Injected into process with pid 3456 and name u'Unicorn-25694.exe'
2025-06-21 09:34:17,453 [analyzer] INFO: Injected into process with pid 3508 and name u'Unicorn-34800.exe'
2025-06-21 09:34:17,500 [analyzer] DEBUG: Loaded monitor into process with pid 3416
2025-06-21 09:34:17,515 [analyzer] INFO: Added new file to list with pid 2004 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-8973.exe
2025-06-21 09:34:17,530 [analyzer] DEBUG: Loaded monitor into process with pid 3456
2025-06-21 09:34:17,546 [analyzer] INFO: Added new file to list with pid 2888 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-54645.exe
2025-06-21 09:34:17,562 [analyzer] INFO: Added new file to list with pid 396 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-805.exe
2025-06-21 09:34:17,671 [analyzer] DEBUG: Loaded monitor into process with pid 3508
2025-06-21 09:34:17,671 [analyzer] INFO: Injected into process with pid 3560 and name u'Unicorn-8973.exe'
2025-06-21 09:34:17,703 [analyzer] INFO: Injected into process with pid 3596 and name u'Unicorn-805.exe'
2025-06-21 09:34:17,703 [analyzer] INFO: Injected into process with pid 3588 and name u'Unicorn-54645.exe'
2025-06-21 09:34:17,842 [analyzer] DEBUG: Loaded monitor into process with pid 3596
2025-06-21 09:34:17,842 [analyzer] DEBUG: Loaded monitor into process with pid 3560
2025-06-21 09:34:17,858 [analyzer] INFO: Added new file to list with pid 1892 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-54017.exe
2025-06-21 09:34:17,858 [analyzer] INFO: Added new file to list with pid 2472 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-48152.exe
2025-06-21 09:34:17,875 [analyzer] DEBUG: Loaded monitor into process with pid 3588
2025-06-21 09:34:17,890 [analyzer] INFO: Added new file to list with pid 3084 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-45922.exe
2025-06-21 09:34:18,030 [analyzer] INFO: Injected into process with pid 3700 and name u'Unicorn-54017.exe'
2025-06-21 09:34:18,046 [analyzer] INFO: Added new file to list with pid 568 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-58564.exe
2025-06-21 09:34:18,062 [analyzer] INFO: Injected into process with pid 3708 and name u'Unicorn-48152.exe'
2025-06-21 09:34:18,092 [analyzer] INFO: Injected into process with pid 3748 and name u'Unicorn-45922.exe'
2025-06-21 09:34:18,140 [analyzer] INFO: Injected into process with pid 3804 and name u'Unicorn-58564.exe'
2025-06-21 09:34:18,217 [analyzer] DEBUG: Loaded monitor into process with pid 3700
2025-06-21 09:34:18,233 [analyzer] DEBUG: Loaded monitor into process with pid 3708
2025-06-21 09:34:18,265 [analyzer] DEBUG: Loaded monitor into process with pid 3748
2025-06-21 09:34:18,312 [analyzer] DEBUG: Loaded monitor into process with pid 3804
2025-06-21 09:34:19,765 [analyzer] INFO: Added new file to list with pid 3164 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-14785.exe
2025-06-21 09:34:19,937 [analyzer] INFO: Injected into process with pid 3892 and name u'Unicorn-14785.exe'
2025-06-21 09:34:20,046 [analyzer] INFO: Added new file to list with pid 412 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-53249.exe
2025-06-21 09:34:20,187 [analyzer] INFO: Added new file to list with pid 3204 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-40250.exe
2025-06-21 09:34:20,187 [analyzer] DEBUG: Loaded monitor into process with pid 3892
2025-06-21 09:34:20,467 [analyzer] INFO: Added new file to list with pid 2572 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-22059.exe
2025-06-21 09:34:20,467 [analyzer] INFO: Added new file to list with pid 3300 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-28190.exe
2025-06-21 09:34:20,467 [analyzer] INFO: Injected into process with pid 3932 and name u'Unicorn-53249.exe'
2025-06-21 09:34:20,530 [analyzer] INFO: Injected into process with pid 3964 and name u'Unicorn-40250.exe'
2025-06-21 09:34:20,671 [analyzer] DEBUG: Loaded monitor into process with pid 3932
2025-06-21 09:34:20,671 [analyzer] INFO: Injected into process with pid 4008 and name u'Unicorn-22059.exe'
2025-06-21 09:34:20,687 [analyzer] INFO: Added new file to list with pid 292 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-15916.exe
2025-06-21 09:34:20,717 [analyzer] INFO: Injected into process with pid 4016 and name u'Unicorn-28190.exe'
2025-06-21 09:34:20,733 [analyzer] INFO: Added new file to list with pid 3220 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-19446.exe
2025-06-21 09:34:20,780 [analyzer] INFO: Injected into process with pid 4092 and name u'Unicorn-15916.exe'
2025-06-21 09:34:20,796 [analyzer] DEBUG: Loaded monitor into process with pid 3964
2025-06-21 09:34:20,842 [analyzer] DEBUG: Loaded monitor into process with pid 4008
2025-06-21 09:34:20,890 [analyzer] DEBUG: Loaded monitor into process with pid 4016
2025-06-21 09:34:20,983 [analyzer] INFO: Injected into process with pid 3184 and name u'Unicorn-19446.exe'
2025-06-21 09:34:21,062 [analyzer] DEBUG: Loaded monitor into process with pid 4092
2025-06-21 09:34:21,140 [analyzer] INFO: Added new file to list with pid 2716 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-29320.exe
2025-06-21 09:34:21,155 [analyzer] DEBUG: Loaded monitor into process with pid 3184
2025-06-21 09:34:21,250 [analyzer] INFO: Added new file to list with pid 3416 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-16706.exe
2025-06-21 09:34:21,265 [analyzer] INFO: Injected into process with pid 3332 and name u'Unicorn-29320.exe'
2025-06-21 09:34:21,453 [analyzer] DEBUG: Loaded monitor into process with pid 3332
2025-06-21 09:34:21,608 [analyzer] INFO: Injected into process with pid 3368 and name u'Unicorn-16706.exe'
2025-06-21 09:34:21,608 [analyzer] INFO: Added new file to list with pid 1416 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-37296.exe
2025-06-21 09:34:21,717 [analyzer] INFO: Injected into process with pid 3504 and name u'Unicorn-37296.exe'
2025-06-21 09:34:21,765 [analyzer] INFO: Added new file to list with pid 3560 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-16322.exe
2025-06-21 09:34:21,796 [analyzer] DEBUG: Loaded monitor into process with pid 3368
2025-06-21 09:34:21,890 [analyzer] DEBUG: Loaded monitor into process with pid 3504
2025-06-21 09:34:21,890 [analyzer] INFO: Added new file to list with pid 3348 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-12237.exe
2025-06-21 09:34:22,328 [analyzer] INFO: Added new file to list with pid 2004 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-46809.exe
2025-06-21 09:34:22,328 [analyzer] INFO: Injected into process with pid 3652 and name u'Unicorn-12237.exe'
2025-06-21 09:34:22,328 [analyzer] INFO: Injected into process with pid 3624 and name u'Unicorn-16322.exe'
2025-06-21 09:34:22,421 [analyzer] INFO: Added new file to list with pid 3292 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-41978.exe
2025-06-21 09:34:22,421 [analyzer] INFO: Added new file to list with pid 2520 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-35848.exe
2025-06-21 09:34:22,483 [analyzer] INFO: Injected into process with pid 3780 and name u'Unicorn-46809.exe'
2025-06-21 09:34:22,500 [analyzer] DEBUG: Loaded monitor into process with pid 3624
2025-06-21 09:34:22,530 [analyzer] DEBUG: Loaded monitor into process with pid 3652
2025-06-21 09:34:22,687 [analyzer] INFO: Injected into process with pid 3884 and name u'Unicorn-35848.exe'
2025-06-21 09:34:22,733 [analyzer] INFO: Injected into process with pid 3908 and name u'Unicorn-41978.exe'
2025-06-21 09:34:22,733 [analyzer] INFO: Added new file to list with pid 2352 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-20716.exe
2025-06-21 09:34:22,780 [analyzer] DEBUG: Loaded monitor into process with pid 3780
2025-06-21 09:34:22,858 [analyzer] DEBUG: Loaded monitor into process with pid 3884
2025-06-21 09:34:22,905 [analyzer] DEBUG: Loaded monitor into process with pid 3908
2025-06-21 09:34:22,953 [analyzer] INFO: Added new file to list with pid 3456 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-37510.exe
2025-06-21 09:34:23,030 [analyzer] INFO: Injected into process with pid 3984 and name u'Unicorn-20716.exe'
2025-06-21 09:34:23,203 [analyzer] DEBUG: Loaded monitor into process with pid 3984
2025-06-21 09:34:23,233 [analyzer] INFO: Added new file to list with pid 396 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-6352.exe
2025-06-21 09:34:23,233 [analyzer] INFO: Added new file to list with pid 3508 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-26218.exe
2025-06-21 09:34:23,250 [analyzer] INFO: Injected into process with pid 4044 and name u'Unicorn-37510.exe'
2025-06-21 09:34:23,375 [analyzer] INFO: Injected into process with pid 3256 and name u'Unicorn-6352.exe'
2025-06-21 09:34:23,390 [analyzer] INFO: Injected into process with pid 3360 and name u'Unicorn-26218.exe'
2025-06-21 09:34:23,467 [analyzer] INFO: Added new file to list with pid 1400 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-6544.exe
2025-06-21 09:34:23,483 [analyzer] DEBUG: Loaded monitor into process with pid 4044
2025-06-21 09:34:23,562 [analyzer] DEBUG: Loaded monitor into process with pid 3256
2025-06-21 09:34:23,562 [analyzer] INFO: Injected into process with pid 3736 and name u'Unicorn-6544.exe'
2025-06-21 09:34:23,578 [analyzer] DEBUG: Loaded monitor into process with pid 3360
2025-06-21 09:34:23,655 [analyzer] INFO: Added new file to list with pid 2380 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-36040.exe
2025-06-21 09:34:23,765 [analyzer] INFO: Added new file to list with pid 3588 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-17858.exe
2025-06-21 09:34:23,765 [analyzer] DEBUG: Loaded monitor into process with pid 3736
2025-06-21 09:34:23,812 [analyzer] INFO: Injected into process with pid 1964 and name u'Unicorn-36040.exe'
2025-06-21 09:34:24,015 [analyzer] INFO: Injected into process with pid 3096 and name u'Unicorn-17858.exe'
2025-06-21 09:34:24,108 [analyzer] DEBUG: Loaded monitor into process with pid 1964
2025-06-21 09:34:24,171 [analyzer] DEBUG: Loaded monitor into process with pid 3096
2025-06-21 09:34:24,203 [analyzer] INFO: Added new file to list with pid 2888 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-16735.exe
2025-06-21 09:34:24,265 [analyzer] INFO: Added new file to list with pid 3748 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-6721.exe
2025-06-21 09:34:24,342 [analyzer] INFO: Injected into process with pid 3524 and name u'Unicorn-16735.exe'
2025-06-21 09:34:24,358 [analyzer] INFO: Injected into process with pid 2720 and name u'Unicorn-6721.exe'
2025-06-21 09:34:24,500 [analyzer] DEBUG: Loaded monitor into process with pid 3524
2025-06-21 09:34:24,530 [analyzer] DEBUG: Loaded monitor into process with pid 2720
2025-06-21 09:34:24,608 [analyzer] INFO: Added new file to list with pid 3084 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-23228.exe
2025-06-21 09:34:24,703 [analyzer] INFO: Added new file to list with pid 3700 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-18398.exe
2025-06-21 09:34:24,717 [analyzer] INFO: Injected into process with pid 3444 and name u'Unicorn-23228.exe'
2025-06-21 09:34:24,890 [analyzer] DEBUG: Loaded monitor into process with pid 3444
2025-06-21 09:34:24,921 [analyzer] INFO: Added new file to list with pid 3708 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-26758.exe
2025-06-21 09:34:24,953 [analyzer] INFO: Injected into process with pid 4120 and name u'Unicorn-18398.exe'
2025-06-21 09:34:25,125 [analyzer] DEBUG: Loaded monitor into process with pid 4120
2025-06-21 09:34:25,187 [analyzer] INFO: Injected into process with pid 4160 and name u'Unicorn-26758.exe'
2025-06-21 09:34:25,405 [analyzer] INFO: Added new file to list with pid 1892 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-27147.exe
2025-06-21 09:34:25,546 [analyzer] DEBUG: Loaded monitor into process with pid 4160
2025-06-21 09:34:26,467 [analyzer] INFO: Added new file to list with pid 3596 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-60581.exe
2025-06-21 09:34:26,467 [analyzer] INFO: Added new file to list with pid 3596 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-644.exe
2025-06-21 09:34:26,467 [analyzer] INFO: Added new file to list with pid 2472 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-20244.exe
2025-06-21 09:34:26,483 [analyzer] INFO: Added new file to list with pid 3804 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-20510.exe
2025-06-21 09:34:26,703 [analyzer] INFO: Injected into process with pid 4216 and name u'Unicorn-27147.exe'
2025-06-21 09:34:27,467 [analyzer] INFO: Added new file to list with pid 3892 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-41698.exe
2025-06-21 09:34:27,467 [analyzer] INFO: Added new file to list with pid 3164 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-1412.exe
2025-06-21 09:34:27,500 [analyzer] INFO: Injected into process with pid 4276 and name u'Unicorn-60581.exe'
2025-06-21 09:34:27,500 [analyzer] INFO: Injected into process with pid 4284 and name u'Unicorn-644.exe'
2025-06-21 09:34:27,500 [analyzer] INFO: Injected into process with pid 4292 and name u'Unicorn-20244.exe'
2025-06-21 09:34:27,546 [analyzer] INFO: Injected into process with pid 4324 and name u'Unicorn-20510.exe'
2025-06-21 09:34:27,608 [analyzer] DEBUG: Loaded monitor into process with pid 4216
2025-06-21 09:34:27,625 [analyzer] INFO: Injected into process with pid 4440 and name u'Unicorn-41698.exe'
2025-06-21 09:34:27,750 [analyzer] DEBUG: Loaded monitor into process with pid 4284
2025-06-21 09:34:27,750 [analyzer] INFO: Injected into process with pid 4452 and name u'Unicorn-1412.exe'
2025-06-21 09:34:27,765 [analyzer] DEBUG: Loaded monitor into process with pid 4324
2025-06-21 09:34:27,796 [analyzer] INFO: Added new file to list with pid 4016 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-61926.exe
2025-06-21 09:34:27,842 [analyzer] DEBUG: Loaded monitor into process with pid 4292
2025-06-21 09:34:27,905 [analyzer] DEBUG: Loaded monitor into process with pid 4276
2025-06-21 09:34:27,953 [analyzer] DEBUG: Loaded monitor into process with pid 4452
2025-06-21 09:34:27,967 [analyzer] DEBUG: Loaded monitor into process with pid 4440
2025-06-21 09:34:28,000 [analyzer] INFO: Added new file to list with pid 3932 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-12725.exe
2025-06-21 09:34:28,030 [analyzer] INFO: Injected into process with pid 4556 and name u'Unicorn-61926.exe'
2025-06-21 09:34:28,217 [analyzer] DEBUG: Loaded monitor into process with pid 4556
2025-06-21 09:34:28,453 [analyzer] INFO: Added new file to list with pid 3300 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-6264.exe
2025-06-21 09:34:28,467 [analyzer] INFO: Injected into process with pid 4648 and name u'Unicorn-12725.exe'
2025-06-21 09:34:28,640 [analyzer] INFO: Injected into process with pid 4700 and name u'Unicorn-6264.exe'
2025-06-21 09:34:28,655 [analyzer] DEBUG: Loaded monitor into process with pid 4648
2025-06-21 09:34:28,875 [analyzer] DEBUG: Loaded monitor into process with pid 4700
2025-06-21 09:34:29,592 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-06-21 09:34:29,765 [analyzer] INFO: Added new file to list with pid 412 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-4047.exe
2025-06-21 09:34:29,780 [analyzer] INFO: Added new file to list with pid 3184 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-10177.exe
2025-06-21 09:34:30,108 [analyzer] INFO: Injected into process with pid 4776 and name u'Unicorn-4047.exe'
2025-06-21 09:34:30,108 [analyzer] INFO: Injected into process with pid 4788 and name u'Unicorn-10177.exe'
2025-06-21 09:34:30,296 [analyzer] DEBUG: Loaded monitor into process with pid 4776
2025-06-21 09:34:30,358 [analyzer] DEBUG: Loaded monitor into process with pid 4788
2025-06-21 09:34:30,875 [analyzer] INFO: Added new file to list with pid 3220 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-28028.exe
2025-06-21 09:34:31,062 [analyzer] INFO: Injected into process with pid 4896 and name u'Unicorn-28028.exe'
2025-06-21 09:34:31,078 [analyzer] INFO: Added new file to list with pid 4092 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-57022.exe
2025-06-21 09:34:31,217 [analyzer] INFO: Injected into process with pid 4936 and name u'Unicorn-57022.exe'
2025-06-21 09:34:31,250 [analyzer] DEBUG: Loaded monitor into process with pid 4896
2025-06-21 09:34:31,390 [analyzer] DEBUG: Loaded monitor into process with pid 4936
2025-06-21 09:34:31,671 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 568.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 1892.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 2352.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 2472.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 2572.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 2520.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 2888.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 2380.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 412.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 2716.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 292.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 2004.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 1400.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 1416.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 396.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 3084.
2025-06-21 09:34:31,671 [lib.api.process] INFO: Successfully terminated process with pid 3164.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3204.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3220.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3292.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3300.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3348.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3416.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3456.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3508.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3560.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3588.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3596.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3700.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3708.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3748.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3804.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3892.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3932.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3964.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4008.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4016.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 4092.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3184.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3332.
2025-06-21 09:34:31,687 [lib.api.process] INFO: Successfully terminated process with pid 3368.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 3504.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 3624.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 3652.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 3780.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 3884.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 3908.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 3984.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 4044.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 3256.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 3360.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 3736.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 1964.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 3096.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 3524.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 2720.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 3444.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 4120.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 4160.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 4216.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 4284.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 4292.
2025-06-21 09:34:31,703 [lib.api.process] INFO: Successfully terminated process with pid 4276.
2025-06-21 09:34:31,717 [lib.api.process] INFO: Successfully terminated process with pid 4324.
2025-06-21 09:34:31,717 [lib.api.process] INFO: Successfully terminated process with pid 4440.
2025-06-21 09:34:31,717 [lib.api.process] INFO: Successfully terminated process with pid 4452.
2025-06-21 09:34:31,717 [lib.api.process] INFO: Successfully terminated process with pid 4556.
2025-06-21 09:34:31,717 [lib.api.process] INFO: Successfully terminated process with pid 4648.
2025-06-21 09:34:31,717 [lib.api.process] INFO: Successfully terminated process with pid 4700.
2025-06-21 09:34:31,717 [lib.api.process] INFO: Successfully terminated process with pid 4776.
2025-06-21 09:34:31,717 [lib.api.process] INFO: Successfully terminated process with pid 4788.
2025-06-21 09:34:31,717 [lib.api.process] INFO: Successfully terminated process with pid 4896.
2025-06-21 09:34:31,717 [lib.api.process] INFO: Successfully terminated process with pid 4936.
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-51609.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-45922.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-4047.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-29320.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-26218.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-1412.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-784.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-23228.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-50597.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-22148.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-41624.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-17347.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-6352.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-17858.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-2237.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-34800.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-28190.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-32200.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-48152.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-10177.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-805.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-54474.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-41978.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-35848.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-6264.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-41698.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-12725.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-22059.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-51438.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-16735.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-58564.exe
2025-06-21 09:34:31,937 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-60581.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-18398.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-19446.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-20716.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-54645.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-20244.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-57022.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-6721.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-10243.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-6544.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-36040.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-31380.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-23182.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-58350.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-15916.exe
2025-06-21 09:34:31,953 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-26742.exe
2025-06-21 09:34:31,953 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-06-24 21:17:56,269 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:17:57,337 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:17:58,358 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:17:59,380 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:00,404 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:01,483 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:02,612 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:03,702 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:04,749 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:05,928 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:06,973 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:08,011 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:09,051 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:10,098 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:11,181 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:12,218 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:13,254 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:14,522 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:15,822 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:16,856 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:17,894 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:18,926 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:19,978 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:21,012 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:22,055 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:23,091 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:24,127 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:25,161 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:26,193 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:27,241 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:28,277 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:29,313 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:30,355 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:31,384 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:33,058 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:34,177 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:35,283 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:36,443 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:37,605 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:38,772 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:40,172 [cuckoo.core.scheduler] DEBUG: Task #6585846: no machine available yet
2025-06-24 21:18:41,482 [cuckoo.core.scheduler] INFO: Task #6585846: acquired machine win7x645 (label=win7x645)
2025-06-24 21:18:41,483 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.205 for task #6585846
2025-06-24 21:18:42,110 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2783225 (interface=vboxnet0, host=192.168.168.205)
2025-06-24 21:18:43,719 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x645
2025-06-24 21:18:45,186 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x645 to vmcloak
2025-06-24 21:21:46,153 [cuckoo.core.guest] INFO: Starting analysis #6585846 on guest (id=win7x645, ip=192.168.168.205)
2025-06-24 21:21:47,188 [cuckoo.core.guest] DEBUG: win7x645: not ready yet
2025-06-24 21:21:52,233 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x645, ip=192.168.168.205)
2025-06-24 21:21:52,294 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x645, ip=192.168.168.205, monitor=latest, size=6660546)
2025-06-24 21:21:54,305 [cuckoo.core.resultserver] DEBUG: Task #6585846: live log analysis.log initialized.
2025-06-24 21:21:56,084 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:21:56,178 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:21:57,155 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'shots/0001.jpg'
2025-06-24 21:21:57,174 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 133491
2025-06-24 21:21:59,744 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:02,894 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:02,940 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:06,253 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:06,331 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:06,361 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:06,483 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:09,197 [cuckoo.core.guest] DEBUG: win7x645: analysis #6585846 still processing
2025-06-24 21:22:09,724 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:09,726 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:09,945 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:10,270 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:10,282 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:10,284 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:10,302 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:10,303 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:12,910 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:13,018 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:13,033 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:13,439 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:13,444 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:13,581 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:13,753 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:13,759 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:13,903 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:14,072 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:14,080 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:14,095 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:14,439 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:14,467 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:14,488 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:14,533 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:16,409 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:16,948 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:17,007 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:17,066 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:17,112 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:17,283 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:17,377 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:17,673 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:18,017 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:18,112 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:18,731 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:18,753 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:19,169 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:19,170 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:19,171 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:19,423 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:19,691 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:19,782 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:19,785 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:19,971 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:20,330 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:20,392 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:20,721 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:20,751 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:21,124 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:21,347 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:21,768 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:22,900 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'shots/0002.jpg'
2025-06-24 21:22:22,919 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 107795
2025-06-24 21:22:23,834 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:23,968 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:23,971 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:23,971 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:23,972 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:24,061 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'shots/0003.jpg'
2025-06-24 21:22:24,079 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:24,102 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 63947
2025-06-24 21:22:24,173 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:24,285 [cuckoo.core.guest] DEBUG: win7x645: analysis #6585846 still processing
2025-06-24 21:22:24,439 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:24,877 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:25,048 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:26,520 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:26,587 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:27,046 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'curtain/1750491270.73.curtain.log'
2025-06-24 21:22:27,048 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 36
2025-06-24 21:22:27,471 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:27,611 [cuckoo.core.resultserver] DEBUG: Task #6585846 is sending a BSON stream
2025-06-24 21:22:27,954 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'sysmon/1750491271.64.sysmon.xml'
2025-06-24 21:22:27,971 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 1980260
2025-06-24 21:22:28,029 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/c1585307df31316a_unicorn-39186.exe'
2025-06-24 21:22:28,034 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479324
2025-06-24 21:22:28,038 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/a523f8098fbce455_unicorn-16322.exe'
2025-06-24 21:22:28,042 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479326
2025-06-24 21:22:28,047 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/c1d06439b5da054c_unicorn-28028.exe'
2025-06-24 21:22:28,050 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479327
2025-06-24 21:22:28,056 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/acea479f489acf37_unicorn-57406.exe'
2025-06-24 21:22:28,059 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479326
2025-06-24 21:22:28,062 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/5cb3311ee97b118f_unicorn-8973.exe'
2025-06-24 21:22:28,066 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479325
2025-06-24 21:22:28,074 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/5116e389f6615165_unicorn-14785.exe'
2025-06-24 21:22:28,078 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479328
2025-06-24 21:22:28,083 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/90ce417b06596b01_unicorn-53249.exe'
2025-06-24 21:22:28,086 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479327
2025-06-24 21:22:28,092 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/fc9f3445e4459923_unicorn-7141.exe'
2025-06-24 21:22:28,095 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479325
2025-06-24 21:22:28,100 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/d412c6802c5df579_unicorn-37296.exe'
2025-06-24 21:22:28,104 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479325
2025-06-24 21:22:28,109 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/510bd0fa37c3b395_unicorn-53668.exe'
2025-06-24 21:22:28,113 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479324
2025-06-24 21:22:28,118 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/46ffdd5d84544ee3_unicorn-40250.exe'
2025-06-24 21:22:28,121 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479327
2025-06-24 21:22:28,126 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/7c74265ced5e7d7e_unicorn-12237.exe'
2025-06-24 21:22:28,129 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479326
2025-06-24 21:22:28,135 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/8a5466be6e13515d_unicorn-37510.exe'
2025-06-24 21:22:28,139 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479327
2025-06-24 21:22:28,144 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/1a788011ce3290ef_unicorn-16706.exe'
2025-06-24 21:22:28,148 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479326
2025-06-24 21:22:28,153 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/01d5d70ad70903c3_unicorn-20510.exe'
2025-06-24 21:22:28,157 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479324
2025-06-24 21:22:28,160 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/97bd849343d79711_unicorn-644.exe'
2025-06-24 21:22:28,164 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479326
2025-06-24 21:22:28,167 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/c4913ebe165550e8_unicorn-25118.exe'
2025-06-24 21:22:28,171 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479327
2025-06-24 21:22:28,175 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/cb3519f1fc741347_unicorn-61926.exe'
2025-06-24 21:22:28,178 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479328
2025-06-24 21:22:28,181 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/5653bfe23d57b3d1_unicorn-54017.exe'
2025-06-24 21:22:28,194 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479324
2025-06-24 21:22:28,207 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/9495e421f34daf20_unicorn-47982.exe'
2025-06-24 21:22:28,224 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/f09b0a35ed6795cd_unicorn-27147.exe'
2025-06-24 21:22:28,226 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479324
2025-06-24 21:22:28,230 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/4287746f6cd10be8_unicorn-26758.exe'
2025-06-24 21:22:28,232 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/cc22fcf2eb4b0c5d_unicorn-25694.exe'
2025-06-24 21:22:28,234 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/1b524d061c91da88_unicorn-12481.exe'
2025-06-24 21:22:28,237 [cuckoo.core.resultserver] DEBUG: Task #6585846: File upload for 'files/d31a9beb38bd2b27_unicorn-46809.exe'
2025-06-24 21:22:28,242 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479325
2025-06-24 21:22:28,244 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479326
2025-06-24 21:22:28,246 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479324
2025-06-24 21:22:28,249 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479326
2025-06-24 21:22:28,252 [cuckoo.core.resultserver] DEBUG: Task #6585846 uploaded file length: 479325
2025-06-24 21:22:28,305 [cuckoo.core.resultserver] DEBUG: Task #6585846 had connection reset for <Context for LOG>
2025-06-24 21:22:30,310 [cuckoo.core.guest] INFO: win7x645: analysis completed successfully
2025-06-24 21:22:30,321 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-06-24 21:22:30,341 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-06-24 21:22:31,530 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x645 to path /srv/cuckoo/cwd/storage/analyses/6585846/memory.dmp
2025-06-24 21:22:31,544 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x645
2025-06-24 21:25:19,127 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.205 for task #6585846
2025-06-24 21:25:22,073 [cuckoo.core.scheduler] DEBUG: Released database task #6585846
2025-06-24 21:25:22,317 [cuckoo.core.scheduler] INFO: Task #6585846: analysis procedure completed

Signatures

Yara rule detected for file (1 event)

description

(no description)

rule

SEH__vba

One or more processes crashed (50 out of 101 events)

Time & API	Arguments	Status
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 599ae7f5f96205eabd782b5943c683680a03fb0b119b6ceb856b40cd88bf9cfb+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: 599ae7f5f96205eabd782b5943c683680a03fb0b119b6ceb856b40cd88bf9cfb+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: 599ae7f5f96205eabd782b5943c683680a03fb0b119b6ceb856b40cd88bf9cfb.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 39415285 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2004957354	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 9244856 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 9244856 registers.esi: 9244856 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 599ae7f5f96205eabd782b5943c683680a03fb0b119b6ceb856b40cd88bf9cfb+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: 599ae7f5f96205eabd782b5943c683680a03fb0b119b6ceb856b40cd88bf9cfb+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: 599ae7f5f96205eabd782b5943c683680a03fb0b119b6ceb856b40cd88bf9cfb.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 9244856 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 9244856 registers.esi: 9244856 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 599ae7f5f96205eabd782b5943c683680a03fb0b119b6ceb856b40cd88bf9cfb+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: 599ae7f5f96205eabd782b5943c683680a03fb0b119b6ceb856b40cd88bf9cfb+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: 599ae7f5f96205eabd782b5943c683680a03fb0b119b6ceb856b40cd88bf9cfb.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 39415285 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 2004957354	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 9244856 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 9244856 registers.esi: 9244856 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 599ae7f5f96205eabd782b5943c683680a03fb0b119b6ceb856b40cd88bf9cfb+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: 599ae7f5f96205eabd782b5943c683680a03fb0b119b6ceb856b40cd88bf9cfb+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: 599ae7f5f96205eabd782b5943c683680a03fb0b119b6ceb856b40cd88bf9cfb.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 9244856 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 9244856 registers.esi: 9244856 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-23182+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-23182+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-23182.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 2956960 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 2956960 registers.esi: 2956960 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-23182+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-23182+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-23182.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 2956960 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 2956960 registers.esi: 2956960 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-23182+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-23182+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-23182.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 7 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 7	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 2956960 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 2956960 registers.esi: 2956960 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-23182+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-23182+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-23182.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 2956960 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 2956960 registers.esi: 2956960 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-58350+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-58350+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-58350.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 6495904 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6495904 registers.esi: 6495904 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-58350+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-58350+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-58350.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 6495904 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6495904 registers.esi: 6495904 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-58350+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-58350+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-58350.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 7 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 7	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 6495904 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6495904 registers.esi: 6495904 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-58350+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-58350+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-58350.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 6495904 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6495904 registers.esi: 6495904 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-22148+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-22148+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-22148.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 5709472 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 5709472 registers.esi: 5709472 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-22148+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-22148+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-22148.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 5709472 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 5709472 registers.esi: 5709472 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-22148+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-22148+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-22148.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 6 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 5709472 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 5709472 registers.esi: 5709472 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-22148+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-22148+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-22148.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 5709472 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 5709472 registers.esi: 5709472 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-7141+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-7141+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-7141.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 6495904 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6495904 registers.esi: 6495904 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-7141+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-7141+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-7141.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 6495904 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6495904 registers.esi: 6495904 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-7141+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-7141+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-7141.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 6 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 6495904 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6495904 registers.esi: 6495904 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-7141+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-7141+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-7141.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 6495904 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6495904 registers.esi: 6495904 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-32200+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-32200+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-32200.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 6430368 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6430368 registers.esi: 6430368 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-32200+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-32200+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-32200.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 6430368 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6430368 registers.esi: 6430368 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-32200+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-32200+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-32200.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 6 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 6430368 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6430368 registers.esi: 6430368 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-32200+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-32200+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-32200.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 6430368 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6430368 registers.esi: 6430368 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-47982+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x75d262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75d26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x75d277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75d27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-47982+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-47982.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x7701c41f registers.esp: 1634992 registers.edi: 6037152 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6037152 registers.esi: 6037152 registers.ecx: 2	1

Foreign language identified in PE resource (1 event)

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000747c4

size

0x00000234

Creates executable files on the filesystem (50 out of 72 events)

file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-17347.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-6352.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-805.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-2237.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-26742.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-54645.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-28190.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-6544.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-48152.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-10177.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-12725.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-14785.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-46809.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-7141.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-40250.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-35848.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-6264.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-41698.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-4047.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-22059.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-51438.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-644.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-34800.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-16735.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-60581.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-19446.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-6721.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-15916.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-20244.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-10243.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-26758.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-18398.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-17858.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-54474.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-29320.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-39186.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-20510.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-31380.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-28028.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-57406.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-8973.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-23182.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-25118.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-36040.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-58350.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-53668.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-37296.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-12237.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-37510.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-16706.exe

Drops an executable to the user AppData folder (2 events)

file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-39186.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-16322.exe

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 21, 2025, 10:33 a.m.	process_identifier: 568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x00750000 process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0002b000', u'virtual_address': u'0x00001000', u'entropy': 7.571165232093388, u'name': u'.text', u'virtual_size': u'0x0002a5c4'}

entropy

7.57116523209

description

A section with a high entropy has been found

entropy

0.370689655172

description

Overall entropy of this PE file is high

File has been identified by 13 AntiVirus engine on IRMA as malicious (13 events)

G Data Antivirus (Windows)	Virus: Generic.Dacic.94CCEEA9.A.045053DC (Engine A), Win32.Trojan.PSE.1FY1FUT (Engine B)
Avast Core Security (Linux)	Win32:MalwareX-gen [Wrm]
C4S ClamAV (Linux)	Win.Packed.Generic-9967832-0
Trellix (Linux)	GenericRXTC-TT
WithSecure (Linux)	Trojan.TR/Crypt.XPACK.Gen
eScan Antivirus (Linux)	Generic.Dacic.94CCEEA9.A.045053DC(DB)
ESET Security (Windows)	a variant of Win32/VBClone.E trojan
Sophos Anti-Virus (Linux)	Troj/VB-KCP
DrWeb Antivirus (Linux)	Trojan.Siggen31.13685
ClamAV (Linux)	Win.Packed.Generic-9967832-0
Bitdefender Antivirus (Linux)	Generic.Dacic.94CCEEA9.A.045053DC
Kaspersky Standard (Windows)	Trojan.Win32.VB.dosq
Emsisoft Commandline Scanner (Windows)	Generic.Dacic.94CCEEA9.A.045053DC (B)

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File 599ae7f5f96205eabd782b5943c683680a03fb0b119b6ceb856b40cd88bf9cfb

Summary Download Resubmit sample

Score

Autosubmit

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample