Cuckoo Sandbox

File c9caa8df57652fe5aec74d0c1f7b77b12902e41171c1ad808f53164f073d1c25

Summary
Download Resubmit sample

Size	468.1KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4d626fb8725a20fac9b04b5d9bf709fe`
SHA1	`156091e3a0e478ad8791d4b47d7fc58fa9220660`
SHA256	`c9caa8df57652fe5aec74d0c1f7b77b12902e41171c1ad808f53164f073d1c25`
SHA512	`4646932d19d9f773daa9ecf33bc19d3b1ed8cbe99435e570767827f2b3e0638dc1a40ba66f28bc91b70b1c440f654f82c14b1f90dcabef43b22b61f6ac29d151`
CRC32	`EEDBB7E1`
ssdeep	`None`
Yara	SEH__vba - (no description)

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

6631181

6631182

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	June 24, 2025, 9:30 p.m.	June 24, 2025, 9:36 p.m.	381 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-06-21 09:34:10,015 [analyzer] DEBUG: Starting analyzer from: C:\tmp1xmcit
2025-06-21 09:34:10,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\adTREvqlgXAjMKZI
2025-06-21 09:34:10,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\lynYVoEjGgsVILQVhtPqVbmdXD
2025-06-21 09:34:10,296 [analyzer] DEBUG: Started auxiliary module Curtain
2025-06-21 09:34:10,296 [analyzer] DEBUG: Started auxiliary module DbgView
2025-06-21 09:34:10,875 [analyzer] DEBUG: Started auxiliary module Disguise
2025-06-21 09:34:11,078 [analyzer] DEBUG: Loaded monitor into process with pid 508
2025-06-21 09:34:11,078 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-06-21 09:34:11,078 [analyzer] DEBUG: Started auxiliary module Human
2025-06-21 09:34:11,078 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-06-21 09:34:11,078 [analyzer] DEBUG: Started auxiliary module Reboot
2025-06-21 09:34:11,155 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-06-21 09:34:11,155 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-06-21 09:34:11,155 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-06-21 09:34:11,155 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-06-21 09:34:11,312 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\c9caa8df57652fe5aec74d0c1f7b77b12902e41171c1ad808f53164f073d1c25.exe' with arguments '' and pid 1384
2025-06-21 09:34:11,562 [analyzer] DEBUG: Loaded monitor into process with pid 1384
2025-06-21 09:34:14,625 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-59930.exe
2025-06-21 09:34:14,703 [analyzer] INFO: Injected into process with pid 1192 and name u'Unicorn-59930.exe'
2025-06-21 09:34:14,858 [analyzer] DEBUG: Loaded monitor into process with pid 1192
2025-06-21 09:34:17,921 [analyzer] INFO: Added new file to list with pid 1192 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-54222.exe
2025-06-21 09:34:17,967 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-22104.exe
2025-06-21 09:34:18,015 [analyzer] INFO: Injected into process with pid 2188 and name u'Unicorn-54222.exe'
2025-06-21 09:34:18,046 [analyzer] INFO: Injected into process with pid 1368 and name u'Unicorn-22104.exe'
2025-06-21 09:34:18,187 [analyzer] DEBUG: Loaded monitor into process with pid 2188
2025-06-21 09:34:18,217 [analyzer] DEBUG: Loaded monitor into process with pid 1368
2025-06-21 09:34:21,312 [analyzer] INFO: Added new file to list with pid 2188 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-4393.exe
2025-06-21 09:34:21,390 [analyzer] INFO: Injected into process with pid 2684 and name u'Unicorn-4393.exe'
2025-06-21 09:34:21,405 [analyzer] INFO: Added new file to list with pid 1192 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-41896.exe
2025-06-21 09:34:21,405 [analyzer] INFO: Added new file to list with pid 1368 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-61762.exe
2025-06-21 09:34:21,483 [analyzer] INFO: Injected into process with pid 1516 and name u'Unicorn-41896.exe'
2025-06-21 09:34:21,483 [analyzer] INFO: Injected into process with pid 1276 and name u'Unicorn-61762.exe'
2025-06-21 09:34:21,500 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-14023.exe
2025-06-21 09:34:21,546 [analyzer] DEBUG: Loaded monitor into process with pid 2684
2025-06-21 09:34:21,592 [analyzer] INFO: Injected into process with pid 328 and name u'Unicorn-14023.exe'
2025-06-21 09:34:21,655 [analyzer] DEBUG: Loaded monitor into process with pid 1516
2025-06-21 09:34:21,703 [analyzer] DEBUG: Loaded monitor into process with pid 1276
2025-06-21 09:34:21,765 [analyzer] DEBUG: Loaded monitor into process with pid 328
2025-06-21 09:34:24,640 [analyzer] INFO: Added new file to list with pid 2684 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-43034.exe
2025-06-21 09:34:24,717 [analyzer] INFO: Added new file to list with pid 2188 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-15000.exe
2025-06-21 09:34:24,765 [analyzer] INFO: Added new file to list with pid 1516 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-6277.exe
2025-06-21 09:34:24,828 [analyzer] INFO: Injected into process with pid 2860 and name u'Unicorn-43034.exe'
2025-06-21 09:34:24,858 [analyzer] INFO: Injected into process with pid 544 and name u'Unicorn-6277.exe'
2025-06-21 09:34:24,858 [analyzer] INFO: Injected into process with pid 2504 and name u'Unicorn-15000.exe'
2025-06-21 09:34:24,890 [analyzer] INFO: Added new file to list with pid 1192 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-33011.exe
2025-06-21 09:34:24,921 [analyzer] INFO: Added new file to list with pid 1276 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-47310.exe
2025-06-21 09:34:25,000 [analyzer] INFO: Injected into process with pid 700 and name u'Unicorn-33011.exe'
2025-06-21 09:34:25,015 [analyzer] INFO: Added new file to list with pid 328 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-7237.exe
2025-06-21 09:34:25,030 [analyzer] DEBUG: Loaded monitor into process with pid 544
2025-06-21 09:34:25,046 [analyzer] DEBUG: Loaded monitor into process with pid 2860
2025-06-21 09:34:25,062 [analyzer] DEBUG: Loaded monitor into process with pid 2504
2025-06-21 09:34:25,078 [analyzer] INFO: Injected into process with pid 2828 and name u'Unicorn-47310.exe'
2025-06-21 09:34:25,092 [analyzer] INFO: Added new file to list with pid 1368 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-36572.exe
2025-06-21 09:34:25,140 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-39837.exe
2025-06-21 09:34:25,187 [analyzer] INFO: Injected into process with pid 2904 and name u'Unicorn-7237.exe'
2025-06-21 09:34:25,203 [analyzer] DEBUG: Loaded monitor into process with pid 700
2025-06-21 09:34:25,265 [analyzer] INFO: Injected into process with pid 940 and name u'Unicorn-39837.exe'
2025-06-21 09:34:25,312 [analyzer] DEBUG: Loaded monitor into process with pid 2828
2025-06-21 09:34:25,342 [analyzer] INFO: Injected into process with pid 1120 and name u'Unicorn-36572.exe'
2025-06-21 09:34:25,375 [analyzer] DEBUG: Loaded monitor into process with pid 2904
2025-06-21 09:34:25,467 [analyzer] DEBUG: Loaded monitor into process with pid 940
2025-06-21 09:34:25,562 [analyzer] DEBUG: Loaded monitor into process with pid 1120
2025-06-21 09:34:28,250 [analyzer] INFO: Added new file to list with pid 2504 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-13817.exe
2025-06-21 09:34:28,328 [analyzer] INFO: Injected into process with pid 2796 and name u'Unicorn-13817.exe'
2025-06-21 09:34:28,421 [analyzer] INFO: Added new file to list with pid 2188 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-44636.exe
2025-06-21 09:34:28,437 [analyzer] INFO: Added new file to list with pid 544 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-30346.exe
2025-06-21 09:34:28,515 [analyzer] DEBUG: Loaded monitor into process with pid 2796
2025-06-21 09:34:28,530 [analyzer] INFO: Injected into process with pid 3108 and name u'Unicorn-44636.exe'
2025-06-21 09:34:28,546 [analyzer] INFO: Injected into process with pid 3128 and name u'Unicorn-30346.exe'
2025-06-21 09:34:28,703 [analyzer] DEBUG: Loaded monitor into process with pid 3108
2025-06-21 09:34:28,703 [analyzer] INFO: Added new file to list with pid 1516 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-9904.exe
2025-06-21 09:34:28,717 [analyzer] DEBUG: Loaded monitor into process with pid 3128
2025-06-21 09:34:28,890 [analyzer] INFO: Added new file to list with pid 2860 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-42214.exe
2025-06-21 09:34:28,937 [analyzer] INFO: Injected into process with pid 3204 and name u'Unicorn-9904.exe'
2025-06-21 09:34:29,092 [analyzer] INFO: Injected into process with pid 3236 and name u'Unicorn-42214.exe'
2025-06-21 09:34:29,108 [analyzer] DEBUG: Loaded monitor into process with pid 3204
2025-06-21 09:34:29,108 [analyzer] INFO: Added new file to list with pid 2684 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-47813.exe
2025-06-21 09:34:29,265 [analyzer] DEBUG: Loaded monitor into process with pid 3236
2025-06-21 09:34:29,312 [analyzer] INFO: Added new file to list with pid 700 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-18670.exe
2025-06-21 09:34:29,467 [analyzer] INFO: Added new file to list with pid 1192 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-43101.exe
2025-06-21 09:34:29,483 [analyzer] INFO: Added new file to list with pid 2828 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-55618.exe
2025-06-21 09:34:29,515 [analyzer] INFO: Added new file to list with pid 940 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-14009.exe
2025-06-21 09:34:29,530 [analyzer] INFO: Injected into process with pid 3284 and name u'Unicorn-47813.exe'
2025-06-21 09:34:29,530 [analyzer] INFO: Injected into process with pid 3316 and name u'Unicorn-18670.exe'
2025-06-21 09:34:29,546 [analyzer] INFO: Added new file to list with pid 1120 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-22178.exe
2025-06-21 09:34:29,655 [analyzer] INFO: Injected into process with pid 3372 and name u'Unicorn-55618.exe'
2025-06-21 09:34:29,750 [analyzer] DEBUG: Loaded monitor into process with pid 3316
2025-06-21 09:34:29,750 [analyzer] INFO: Injected into process with pid 3364 and name u'Unicorn-43101.exe'
2025-06-21 09:34:29,765 [analyzer] DEBUG: Loaded monitor into process with pid 3284
2025-06-21 09:34:29,765 [analyzer] INFO: Added new file to list with pid 1276 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-55789.exe
2025-06-21 09:34:29,796 [analyzer] INFO: Added new file to list with pid 2904 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-10117.exe
2025-06-21 09:34:29,828 [analyzer] INFO: Added new file to list with pid 1368 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-57272.exe
2025-06-21 09:34:29,858 [analyzer] INFO: Injected into process with pid 3412 and name u'Unicorn-14009.exe'
2025-06-21 09:34:30,015 [analyzer] INFO: Injected into process with pid 3440 and name u'Unicorn-22178.exe'
2025-06-21 09:34:30,030 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-6231.exe
2025-06-21 09:34:30,046 [analyzer] DEBUG: Loaded monitor into process with pid 3372
2025-06-21 09:34:30,108 [analyzer] INFO: Added new file to list with pid 328 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-40412.exe
2025-06-21 09:34:30,125 [analyzer] DEBUG: Loaded monitor into process with pid 3364
2025-06-21 09:34:30,233 [analyzer] DEBUG: Loaded monitor into process with pid 3412
2025-06-21 09:34:30,312 [analyzer] DEBUG: Loaded monitor into process with pid 3440
2025-06-21 09:34:30,358 [analyzer] INFO: Injected into process with pid 3576 and name u'Unicorn-57272.exe'
2025-06-21 09:34:30,375 [analyzer] INFO: Injected into process with pid 3548 and name u'Unicorn-10117.exe'
2025-06-21 09:34:30,421 [analyzer] INFO: Injected into process with pid 3524 and name u'Unicorn-55789.exe'
2025-06-21 09:34:30,592 [analyzer] DEBUG: Loaded monitor into process with pid 3576
2025-06-21 09:34:30,608 [analyzer] INFO: Injected into process with pid 3648 and name u'Unicorn-40412.exe'
2025-06-21 09:34:30,655 [analyzer] INFO: Injected into process with pid 3616 and name u'Unicorn-6231.exe'
2025-06-21 09:34:30,717 [analyzer] DEBUG: Loaded monitor into process with pid 3548
2025-06-21 09:34:30,765 [analyzer] DEBUG: Loaded monitor into process with pid 3524
2025-06-21 09:34:30,780 [analyzer] DEBUG: Loaded monitor into process with pid 3648
2025-06-21 09:34:30,937 [analyzer] DEBUG: Loaded monitor into process with pid 3616
2025-06-21 09:34:31,625 [analyzer] INFO: Added new file to list with pid 2796 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-3293.exe
2025-06-21 09:34:31,812 [analyzer] INFO: Injected into process with pid 3808 and name u'Unicorn-3293.exe'
2025-06-21 09:34:31,858 [analyzer] INFO: Added new file to list with pid 2504 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-49157.exe
2025-06-21 09:34:32,000 [analyzer] INFO: Added new file to list with pid 3108 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-40434.exe
2025-06-21 09:34:32,000 [analyzer] DEBUG: Loaded monitor into process with pid 3808
2025-06-21 09:34:32,171 [analyzer] INFO: Added new file to list with pid 3128 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-41358.exe
2025-06-21 09:34:32,187 [analyzer] INFO: Injected into process with pid 3848 and name u'Unicorn-49157.exe'
2025-06-21 09:34:32,375 [analyzer] DEBUG: Loaded monitor into process with pid 3848
2025-06-21 09:34:32,421 [analyzer] INFO: Added new file to list with pid 2188 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-45369.exe
2025-06-21 09:34:32,453 [analyzer] INFO: Injected into process with pid 3884 and name u'Unicorn-40434.exe'
2025-06-21 09:34:32,578 [analyzer] INFO: Added new file to list with pid 544 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-33360.exe
2025-06-21 09:34:32,640 [analyzer] INFO: Injected into process with pid 3916 and name u'Unicorn-41358.exe'
2025-06-21 09:34:32,655 [analyzer] INFO: Added new file to list with pid 3204 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-57310.exe
2025-06-21 09:34:32,717 [analyzer] DEBUG: Loaded monitor into process with pid 3884
2025-06-21 09:34:32,796 [analyzer] INFO: Injected into process with pid 3960 and name u'Unicorn-45369.exe'
2025-06-21 09:34:32,858 [analyzer] INFO: Injected into process with pid 3996 and name u'Unicorn-33360.exe'
2025-06-21 09:34:32,875 [analyzer] INFO: Injected into process with pid 4036 and name u'Unicorn-57310.exe'
2025-06-21 09:34:32,953 [analyzer] DEBUG: Loaded monitor into process with pid 3916
2025-06-21 09:34:32,983 [analyzer] DEBUG: Loaded monitor into process with pid 3960
2025-06-21 09:34:33,046 [analyzer] DEBUG: Loaded monitor into process with pid 4036
2025-06-21 09:34:33,046 [analyzer] INFO: Added new file to list with pid 1516 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-7215.exe
2025-06-21 09:34:33,078 [analyzer] INFO: Added new file to list with pid 3284 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-50294.exe
2025-06-21 09:34:33,171 [analyzer] DEBUG: Loaded monitor into process with pid 3996
2025-06-21 09:34:33,250 [analyzer] INFO: Added new file to list with pid 3316 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-25790.exe
2025-06-21 09:34:33,358 [analyzer] INFO: Injected into process with pid 3136 and name u'Unicorn-7215.exe'
2025-06-21 09:34:33,358 [analyzer] INFO: Injected into process with pid 3168 and name u'Unicorn-50294.exe'
2025-06-21 09:34:33,405 [analyzer] INFO: Injected into process with pid 3164 and name u'Unicorn-25790.exe'
2025-06-21 09:34:33,530 [analyzer] DEBUG: Loaded monitor into process with pid 3136
2025-06-21 09:34:33,546 [analyzer] DEBUG: Loaded monitor into process with pid 3168
2025-06-21 09:34:33,578 [analyzer] DEBUG: Loaded monitor into process with pid 3164
2025-06-21 09:34:33,592 [analyzer] INFO: Added new file to list with pid 2684 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-43780.exe
2025-06-21 09:34:33,828 [analyzer] INFO: Added new file to list with pid 700 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-34320.exe
2025-06-21 09:34:33,858 [analyzer] INFO: Injected into process with pid 3332 and name u'Unicorn-43780.exe'
2025-06-21 09:34:34,046 [analyzer] DEBUG: Loaded monitor into process with pid 3332
2025-06-21 09:34:34,125 [analyzer] INFO: Injected into process with pid 2044 and name u'Unicorn-34320.exe'
2025-06-21 09:34:34,296 [analyzer] DEBUG: Loaded monitor into process with pid 2044
2025-06-21 09:34:34,530 [analyzer] INFO: Added new file to list with pid 3236 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-5561.exe
2025-06-21 09:34:34,812 [analyzer] INFO: Added new file to list with pid 2860 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-55509.exe
2025-06-21 09:34:34,812 [analyzer] INFO: Injected into process with pid 3520 and name u'Unicorn-5561.exe'
2025-06-21 09:34:34,983 [analyzer] INFO: Added new file to list with pid 3648 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-30450.exe
2025-06-21 09:34:35,125 [analyzer] DEBUG: Loaded monitor into process with pid 3520
2025-06-21 09:34:36,217 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-59997.exe
2025-06-21 09:34:36,217 [analyzer] INFO: Added new file to list with pid 328 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-13795.exe
2025-06-21 09:34:36,233 [analyzer] INFO: Added new file to list with pid 3524 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-19926.exe
2025-06-21 09:34:36,296 [analyzer] INFO: Added new file to list with pid 1276 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-62996.exe
2025-06-21 09:34:36,358 [analyzer] INFO: Injected into process with pid 3608 and name u'Unicorn-55509.exe'
2025-06-21 09:34:36,375 [analyzer] INFO: Injected into process with pid 3724 and name u'Unicorn-30450.exe'
2025-06-21 09:34:36,405 [analyzer] INFO: Added new file to list with pid 3372 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-36454.exe
2025-06-21 09:34:36,405 [analyzer] INFO: Injected into process with pid 3860 and name u'Unicorn-13795.exe'
2025-06-21 09:34:36,421 [analyzer] INFO: Injected into process with pid 3836 and name u'Unicorn-59997.exe'
2025-06-21 09:34:36,467 [analyzer] INFO: Injected into process with pid 4020 and name u'Unicorn-62996.exe'
2025-06-21 09:34:36,483 [analyzer] INFO: Injected into process with pid 3880 and name u'Unicorn-19926.exe'
2025-06-21 09:34:36,592 [analyzer] DEBUG: Loaded monitor into process with pid 3724
2025-06-21 09:34:36,592 [analyzer] INFO: Injected into process with pid 3216 and name u'Unicorn-36454.exe'
2025-06-21 09:34:36,625 [analyzer] DEBUG: Loaded monitor into process with pid 3836
2025-06-21 09:34:36,640 [analyzer] DEBUG: Loaded monitor into process with pid 3860
2025-06-21 09:34:36,655 [analyzer] DEBUG: Loaded monitor into process with pid 3608
2025-06-21 09:34:36,671 [analyzer] DEBUG: Loaded monitor into process with pid 4020
2025-06-21 09:34:36,733 [analyzer] DEBUG: Loaded monitor into process with pid 3880
2025-06-21 09:34:36,828 [analyzer] INFO: Added new file to list with pid 3412 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-56490.exe
2025-06-21 09:34:36,842 [analyzer] DEBUG: Loaded monitor into process with pid 3216
2025-06-21 09:34:37,062 [analyzer] INFO: Added new file to list with pid 2828 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-8036.exe
2025-06-21 09:34:37,078 [analyzer] INFO: Added new file to list with pid 3364 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-27902.exe
2025-06-21 09:34:37,312 [analyzer] INFO: Added new file to list with pid 3576 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-32946.exe
2025-06-21 09:34:37,328 [analyzer] INFO: Injected into process with pid 3644 and name u'Unicorn-56490.exe'
2025-06-21 09:34:37,375 [analyzer] INFO: Added new file to list with pid 940 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-45945.exe
2025-06-21 09:34:37,421 [analyzer] INFO: Injected into process with pid 3940 and name u'Unicorn-27902.exe'
2025-06-21 09:34:37,421 [analyzer] INFO: Injected into process with pid 3908 and name u'Unicorn-8036.exe'
2025-06-21 09:34:37,483 [analyzer] INFO: Injected into process with pid 3256 and name u'Unicorn-32946.exe'
2025-06-21 09:34:37,500 [analyzer] INFO: Injected into process with pid 3396 and name u'Unicorn-45945.exe'
2025-06-21 09:34:37,546 [analyzer] DEBUG: Loaded monitor into process with pid 3644
2025-06-21 09:34:37,625 [analyzer] DEBUG: Loaded monitor into process with pid 3940
2025-06-21 09:34:37,640 [analyzer] DEBUG: Loaded monitor into process with pid 3908
2025-06-21 09:34:37,655 [analyzer] DEBUG: Loaded monitor into process with pid 3256
2025-06-21 09:34:37,687 [analyzer] DEBUG: Loaded monitor into process with pid 3396
2025-06-21 09:34:37,750 [analyzer] INFO: Added new file to list with pid 1192 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-19547.exe
2025-06-21 09:34:37,953 [analyzer] INFO: Injected into process with pid 3820 and name u'Unicorn-19547.exe'
2025-06-21 09:34:38,140 [analyzer] DEBUG: Loaded monitor into process with pid 3820
2025-06-21 09:34:39,217 [analyzer] INFO: Added new file to list with pid 1368 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-21964.exe
2025-06-21 09:34:39,233 [analyzer] INFO: Added new file to list with pid 3524 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-10532.exe
2025-06-21 09:34:39,405 [analyzer] INFO: Injected into process with pid 4056 and name u'Unicorn-21964.exe'
2025-06-21 09:34:39,421 [analyzer] INFO: Injected into process with pid 1496 and name u'Unicorn-10532.exe'
2025-06-21 09:34:39,608 [analyzer] DEBUG: Loaded monitor into process with pid 4056
2025-06-21 09:34:39,717 [analyzer] DEBUG: Loaded monitor into process with pid 1496
2025-06-21 09:34:40,342 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-06-21 09:34:40,592 [analyzer] INFO: Added new file to list with pid 3548 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-55250.exe
2025-06-21 09:34:40,703 [analyzer] INFO: Injected into process with pid 4276 and name u'Unicorn-55250.exe'
2025-06-21 09:34:40,890 [analyzer] DEBUG: Loaded monitor into process with pid 4276
2025-06-21 09:34:41,265 [analyzer] INFO: Added new file to list with pid 2904 and path C:\Users\Administrator\AppData\Local\Temp\Unicorn-44897.exe
2025-06-21 09:34:41,280 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-06-21 09:34:41,280 [lib.api.process] INFO: Successfully terminated process with pid 1384.
2025-06-21 09:34:41,280 [lib.api.process] INFO: Successfully terminated process with pid 1192.
2025-06-21 09:34:41,280 [lib.api.process] INFO: Successfully terminated process with pid 2188.
2025-06-21 09:34:41,280 [lib.api.process] INFO: Successfully terminated process with pid 1368.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 2684.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 1516.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 1276.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 328.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 2860.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 2504.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 544.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 700.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 2828.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 2904.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 1120.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 940.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 2796.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 3108.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 3128.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 3204.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 3236.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 3284.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 3316.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 3364.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 3372.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 3412.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 3440.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 3524.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 3548.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 3576.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 3616.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 3648.
2025-06-21 09:34:41,296 [lib.api.process] INFO: Successfully terminated process with pid 3808.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3848.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3884.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3916.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3960.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3996.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 4036.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3136.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3168.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3164.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3332.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 2044.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3520.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3608.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3724.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3860.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3836.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3880.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 4020.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3216.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3644.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3908.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3940.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3256.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3396.
2025-06-21 09:34:41,312 [lib.api.process] INFO: Successfully terminated process with pid 3820.
2025-06-21 09:34:41,328 [lib.api.process] INFO: Successfully terminated process with pid 4056.
2025-06-21 09:34:41,328 [lib.api.process] INFO: Successfully terminated process with pid 1496.
2025-06-21 09:34:41,328 [lib.api.process] INFO: Successfully terminated process with pid 4276.
2025-06-21 09:34:41,578 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-33011.exe
2025-06-21 09:34:41,578 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-62996.exe
2025-06-21 09:34:41,578 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-13795.exe
2025-06-21 09:34:41,578 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-43780.exe
2025-06-21 09:34:41,578 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-56490.exe
2025-06-21 09:34:41,578 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-55250.exe
2025-06-21 09:34:41,578 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-27902.exe
2025-06-21 09:34:41,578 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-22104.exe
2025-06-21 09:34:41,578 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-21964.exe
2025-06-21 09:34:41,578 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-57310.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-34320.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-45369.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-6231.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-55509.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-41896.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-54222.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-13817.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-40412.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-44897.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-44636.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-50294.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-61762.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-3293.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-49157.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-7237.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-42214.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-7215.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-36454.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-5561.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-45945.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-25790.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-30346.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-57272.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-22178.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-55618.exe
2025-06-21 09:34:41,592 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\unicorn-40434.exe
2025-06-21 09:34:41,592 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-06-24 21:30:21,264 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:22,719 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:24,091 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:25,172 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:26,264 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:27,336 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:28,401 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:29,485 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:30,542 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:31,575 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:32,606 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:33,624 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:34,649 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:35,667 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:36,698 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:37,855 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:38,892 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:39,929 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:40,963 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:41,999 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:43,074 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:44,147 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:45,175 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:46,202 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:47,235 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:48,266 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:49,528 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:50,581 [cuckoo.core.scheduler] DEBUG: Task #6585883: no machine available yet
2025-06-24 21:30:51,778 [cuckoo.core.scheduler] INFO: Task #6585883: acquired machine win7x6414 (label=win7x6414)
2025-06-24 21:30:51,779 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.214 for task #6585883
2025-06-24 21:30:52,344 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2798322 (interface=vboxnet0, host=192.168.168.214)
2025-06-24 21:30:54,797 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6414
2025-06-24 21:30:55,831 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6414 to vmcloak
2025-06-24 21:33:17,642 [cuckoo.core.guest] INFO: Starting analysis #6585883 on guest (id=win7x6414, ip=192.168.168.214)
2025-06-24 21:33:18,646 [cuckoo.core.guest] DEBUG: win7x6414: not ready yet
2025-06-24 21:33:23,671 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6414, ip=192.168.168.214)
2025-06-24 21:33:23,752 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6414, ip=192.168.168.214, monitor=latest, size=6660546)
2025-06-24 21:33:25,081 [cuckoo.core.resultserver] DEBUG: Task #6585883: live log analysis.log initialized.
2025-06-24 21:33:26,104 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:26,573 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:27,348 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'shots/0001.jpg'
2025-06-24 21:33:27,358 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 133473
2025-06-24 21:33:29,871 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:33,197 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:33,228 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:36,563 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:36,674 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:36,731 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:36,775 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:39,705 [cuckoo.core.guest] DEBUG: win7x6414: analysis #6585883 still processing
2025-06-24 21:33:40,030 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:40,032 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:40,061 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:40,189 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:40,292 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:40,385 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:40,478 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:40,582 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:43,517 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:43,712 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:43,728 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:44,119 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:44,276 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:44,746 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:44,769 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:44,983 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:45,125 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:45,240 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:45,324 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:45,579 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:45,720 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:45,775 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:45,791 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:45,947 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:47,010 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:47,385 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:47,728 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:47,949 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:47,997 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:48,056 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:48,183 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:48,915 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:48,917 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:48,918 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:49,058 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:49,423 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:50,135 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:51,588 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:51,590 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:51,634 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:51,636 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:51,685 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:51,954 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:51,957 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:52,444 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'shots/0002.jpg'
2025-06-24 21:33:52,450 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 64950
2025-06-24 21:33:52,725 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:52,727 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:52,728 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:52,729 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:52,730 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:53,165 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:55,033 [cuckoo.core.guest] DEBUG: win7x6414: analysis #6585883 still processing
2025-06-24 21:33:55,049 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:55,050 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'shots/0003.jpg'
2025-06-24 21:33:55,053 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:55,055 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 115611
2025-06-24 21:33:55,825 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'curtain/1750491280.72.curtain.log'
2025-06-24 21:33:55,828 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 36
2025-06-24 21:33:55,900 [cuckoo.core.resultserver] DEBUG: Task #6585883 is sending a BSON stream
2025-06-24 21:33:56,167 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'shots/0004.jpg'
2025-06-24 21:33:56,180 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 114642
2025-06-24 21:33:56,350 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'sysmon/1750491281.25.sysmon.xml'
2025-06-24 21:33:56,379 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 2000446
2025-06-24 21:33:56,426 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/7c6e20f1b08b5437_unicorn-47813.exe'
2025-06-24 21:33:56,433 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479330
2025-06-24 21:33:56,440 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/6f2a7b7e88319229_unicorn-19926.exe'
2025-06-24 21:33:56,444 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479330
2025-06-24 21:33:56,450 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/7b1f71e9022687c3_unicorn-6277.exe'
2025-06-24 21:33:56,455 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479329
2025-06-24 21:33:56,458 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/9255bf0be51ed60e_unicorn-59930.exe'
2025-06-24 21:33:56,463 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479327
2025-06-24 21:33:56,467 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/ca2bde0493417ed3_unicorn-4393.exe'
2025-06-24 21:33:56,472 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479329
2025-06-24 21:33:56,475 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/8352f5091cbd8b54_unicorn-32946.exe'
2025-06-24 21:33:56,479 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479329
2025-06-24 21:33:56,485 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/d130f6151dcec58f_unicorn-8036.exe'
2025-06-24 21:33:56,490 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479330
2025-06-24 21:33:56,494 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/73c255214fe4db99_unicorn-14009.exe'
2025-06-24 21:33:56,498 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479328
2025-06-24 21:33:56,505 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/162f987d3c4a4dfe_unicorn-19547.exe'
2025-06-24 21:33:56,528 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479328
2025-06-24 21:33:56,532 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/c2e79bbbbc0f1ee3_unicorn-18670.exe'
2025-06-24 21:33:56,535 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/7edea0314757dba6_unicorn-41358.exe'
2025-06-24 21:33:56,537 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/32b89253784c83c6_unicorn-10117.exe'
2025-06-24 21:33:56,541 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479329
2025-06-24 21:33:56,545 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479329
2025-06-24 21:33:56,549 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479331
2025-06-24 21:33:56,552 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/6a0b858526ff21bf_unicorn-43101.exe'
2025-06-24 21:33:56,555 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479328
2025-06-24 21:33:56,560 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/a84781650f560717_unicorn-39837.exe'
2025-06-24 21:33:56,564 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479327
2025-06-24 21:33:56,571 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/901d84b32dbf9988_unicorn-55789.exe'
2025-06-24 21:33:56,575 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479329
2025-06-24 21:33:56,582 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/b2f33f154ae819dd_unicorn-10532.exe'
2025-06-24 21:33:56,586 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479330
2025-06-24 21:33:56,594 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/49ecc79336b75805_unicorn-59997.exe'
2025-06-24 21:33:56,598 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479327
2025-06-24 21:33:56,604 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/f6085079fd9f66e7_unicorn-47310.exe'
2025-06-24 21:33:56,607 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479329
2025-06-24 21:33:56,614 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/015f79173a0f0c3e_unicorn-15000.exe'
2025-06-24 21:33:56,619 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479329
2025-06-24 21:33:56,625 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/f011f286715ca26e_unicorn-14023.exe'
2025-06-24 21:33:56,630 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479327
2025-06-24 21:33:56,636 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/6b23bb47f6943a4c_unicorn-9904.exe'
2025-06-24 21:33:56,640 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479329
2025-06-24 21:33:56,643 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/8f7e92841bdf57c4_unicorn-36572.exe'
2025-06-24 21:33:56,647 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479328
2025-06-24 21:33:56,653 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/0da4d3a51248c691_unicorn-43034.exe'
2025-06-24 21:33:56,657 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479330
2025-06-24 21:33:56,663 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/ea536f24844084c2_unicorn-30450.exe'
2025-06-24 21:33:56,668 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479329
2025-06-24 21:33:56,673 [cuckoo.core.resultserver] DEBUG: Task #6585883: File upload for 'files/d33c6b4201697e08_unicorn-33360.exe'
2025-06-24 21:33:56,676 [cuckoo.core.resultserver] DEBUG: Task #6585883 uploaded file length: 479330
2025-06-24 21:33:56,738 [cuckoo.core.resultserver] DEBUG: Task #6585883 had connection reset for <Context for LOG>
2025-06-24 21:33:58,044 [cuckoo.core.guest] INFO: win7x6414: analysis completed successfully
2025-06-24 21:33:58,054 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-06-24 21:33:58,075 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-06-24 21:33:59,259 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6414 to path /srv/cuckoo/cwd/storage/analyses/6585883/memory.dmp
2025-06-24 21:33:59,260 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6414
2025-06-24 21:36:41,697 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.214 for task #6585883
2025-06-24 21:36:42,457 [cuckoo.core.scheduler] DEBUG: Released database task #6585883
2025-06-24 21:36:42,480 [cuckoo.core.scheduler] INFO: Task #6585883: analysis procedure completed

Signatures

Yara rule detected for file (1 event)

description

(no description)

rule

SEH__vba

One or more processes crashed (50 out of 85 events)

Time & API	Arguments	Status
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 c9caa8df57652fe5aec74d0c1f7b77b12902e41171c1ad808f53164f073d1c25+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: c9caa8df57652fe5aec74d0c1f7b77b12902e41171c1ad808f53164f073d1c25+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: c9caa8df57652fe5aec74d0c1f7b77b12902e41171c1ad808f53164f073d1c25.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 41053685 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 1996241066	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 2691168 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 2691168 registers.esi: 2691168 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 c9caa8df57652fe5aec74d0c1f7b77b12902e41171c1ad808f53164f073d1c25+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: c9caa8df57652fe5aec74d0c1f7b77b12902e41171c1ad808f53164f073d1c25+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: c9caa8df57652fe5aec74d0c1f7b77b12902e41171c1ad808f53164f073d1c25.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 2691168 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 2691168 registers.esi: 2691168 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 c9caa8df57652fe5aec74d0c1f7b77b12902e41171c1ad808f53164f073d1c25+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: c9caa8df57652fe5aec74d0c1f7b77b12902e41171c1ad808f53164f073d1c25+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: c9caa8df57652fe5aec74d0c1f7b77b12902e41171c1ad808f53164f073d1c25.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 41053685 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 1996241066	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 2691168 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 2691168 registers.esi: 2691168 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 c9caa8df57652fe5aec74d0c1f7b77b12902e41171c1ad808f53164f073d1c25+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: c9caa8df57652fe5aec74d0c1f7b77b12902e41171c1ad808f53164f073d1c25+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: c9caa8df57652fe5aec74d0c1f7b77b12902e41171c1ad808f53164f073d1c25.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 2691168 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 2691168 registers.esi: 2691168 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-59930+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-59930+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-59930.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 5381688 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 5381688 registers.esi: 5381688 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-59930+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-59930+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-59930.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 5381688 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 5381688 registers.esi: 5381688 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-59930+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-59930+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-59930.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 7 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 7	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 5381688 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 5381688 registers.esi: 5381688 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-59930+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-59930+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-59930.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 5381688 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 5381688 registers.esi: 5381688 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-54222+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-54222+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-54222.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 5709368 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 5709368 registers.esi: 5709368 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-54222+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-54222+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-54222.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 5709368 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 5709368 registers.esi: 5709368 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-54222+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-54222+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-54222.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 7 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 7	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 5709368 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 5709368 registers.esi: 5709368 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-54222+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-54222+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-54222.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 5709368 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 5709368 registers.esi: 5709368 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-22104+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-22104+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-22104.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 2694712 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 2694712 registers.esi: 2694712 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-22104+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-22104+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-22104.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 2694712 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 2694712 registers.esi: 2694712 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-22104+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-22104+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-22104.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 6 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 6	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 2694712 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 2694712 registers.esi: 2694712 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-22104+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-22104+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-22104.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 2694712 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 2694712 registers.esi: 2694712 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-4393+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-4393+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-4393.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 6299184 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6299184 registers.esi: 6299184 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-4393+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-4393+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-4393.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 6299184 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 6299184 registers.esi: 6299184 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-41896+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-41896+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-41896.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 2694712 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 2694712 registers.esi: 2694712 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-41896+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-41896+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-41896.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 2694712 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 2694712 registers.esi: 2694712 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-61762+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-61762+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-61762.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 2825784 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 2825784 registers.esi: 2825784 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-61762+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-61762+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-61762.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 2825784 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 2825784 registers.esi: 2825784 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-14023+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-14023+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-14023.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 5971512 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 5971512 registers.esi: 5971512 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-14023+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 18 10 40 00 c7 45 f0 00 00 00 00 9b 68 7e b0 42 exception.symbol: unicorn-14023+0x2b01e exception.instruction: sbb byte ptr [eax], dl exception.module: Unicorn-14023.exe exception.exception_code: 0xc0000005 exception.offset: 176158 exception.address: 0x42b01e registers.esp: 1636952 registers.edi: 1637135 registers.eax: 4095 registers.ebp: 1637168 registers.edx: 20 registers.ebx: 4370453 registers.esi: 4198912 registers.ecx: 0	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 5971512 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 5971512 registers.esi: 5971512 registers.ecx: 2	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33 unicorn-6277+0x297eb @ 0x4297eb IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034 IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667 DllCanUnloadNow+0x1c1d9 DllRegisterServer-0xa1b8 msvbvm60+0xbbe8b @ 0x729fbe8b IID_IVbaHost+0x2e809 UserDllMain-0x36aae msvbvm60+0x5ce49 @ 0x7299ce49 IID_IVbaHost+0x3133d UserDllMain-0x33f7a msvbvm60+0x5f97d @ 0x7299f97d gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x74e262fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x74e26d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x74e277c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x74e27bca __vbaStrToAnsi+0x2f1 EbGetObjConnectionCounts-0x479 msvbvm60+0xa6c8 @ 0x7294a6c8 __vbaStrToAnsi+0x268 EbGetObjConnectionCounts-0x502 msvbvm60+0xa63f @ 0x7294a63f __vbaStrToAnsi+0x146 EbGetObjConnectionCounts-0x624 msvbvm60+0xa51d @ 0x7294a51d exception.instruction_r: 00 00 75 fb 68 f8 c2 42 00 68 e4 9a 42 00 ff 15 exception.symbol: unicorn-6277+0x2ae48 exception.instruction: add byte ptr [eax], al exception.module: Unicorn-6277.exe exception.exception_code: 0xc0000005 exception.offset: 175688 exception.address: 0x42ae48 registers.esp: 1636952 registers.edi: 1637180 registers.eax: 0 registers.ebp: 1637168 registers.edx: 4 registers.ebx: 1 registers.esi: 1637388 registers.ecx: 4	1
__exception__ June 21, 2025, 10:34 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x74a2c41f registers.esp: 1634992 registers.edi: 3087920 registers.eax: 1634992 registers.ebp: 1635072 registers.edx: 0 registers.ebx: 3087920 registers.esi: 3087920 registers.ecx: 2	1

Foreign language identified in PE resource (1 event)

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000747c4

size

0x00000234

Creates executable files on the filesystem (50 out of 61 events)

file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-57310.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-30450.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-34320.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-19926.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-43034.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-45369.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-32946.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-41896.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-54222.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-55789.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-13817.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-40412.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-10532.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-44636.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-50294.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-33011.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-61762.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-3293.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-49157.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-42214.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-36454.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-5561.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-45945.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-25790.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-30346.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-6231.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-22178.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-55618.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-47813.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-6277.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-59930.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-15000.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-14009.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-18670.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-41358.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-10117.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-43101.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-39837.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-19547.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-14023.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-59997.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-47310.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-55509.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-44897.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-7237.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-56490.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-57272.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-36572.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-4393.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-33360.exe

Drops an executable to the user AppData folder (2 events)

file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-47813.exe
file	C:\Users\Administrator\AppData\Local\Temp\Unicorn-19926.exe

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 21, 2025, 10:34 a.m.	process_identifier: 1384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x00520000 process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0002b000', u'virtual_address': u'0x00001000', u'entropy': 7.571266185430054, u'name': u'.text', u'virtual_size': u'0x0002a5c4'}

entropy

7.57126618543

description

A section with a high entropy has been found

entropy

0.370689655172

description

Overall entropy of this PE file is high

File has been identified by 14 AntiVirus engine on IRMA as malicious (14 events)

G Data Antivirus (Windows)	Virus: Generic.Dacic.94CCEEA9.A.3F016658 (Engine A), Win32.Trojan.PSE.1FY1FUT (Engine B)
Avast Core Security (Linux)	Win32:MalwareX-gen [Wrm]
C4S ClamAV (Linux)	Win.Packed.Generic-9967832-0
Trend Micro SProtect (Linux)	Trojan.Win32.FAREIT.SME
Trellix (Linux)	GenericRXTC-TT
WithSecure (Linux)	Trojan.TR/Crypt.XPACK.Gen
eScan Antivirus (Linux)	Generic.Dacic.94CCEEA9.A.3F016658(DB)
ESET Security (Windows)	a variant of Win32/VBClone.E trojan
Sophos Anti-Virus (Linux)	Troj/VB-KCP
DrWeb Antivirus (Linux)	Trojan.Siggen31.13685
ClamAV (Linux)	Win.Packed.Generic-9967832-0
Bitdefender Antivirus (Linux)	Generic.Dacic.94CCEEA9.A.3F016658
Kaspersky Standard (Windows)	Trojan.Win32.VB.dosq
Emsisoft Commandline Scanner (Windows)	Generic.Dacic.94CCEEA9.A.3F016658 (B)