Cuckoo Sandbox

File 1ada0de73e605878_erp_lot4va_spa.rtf

Summary
Download Resubmit sample

Size	55.4KB
Type	Rich Text Format data, version 1, ANSI, code page 932, default middle east language ID 1025
MD5	`ce9a883357c16bd8cc425854257c6a2a`
SHA1	`752cb13bacc25db1a709ec290671b12be980ad1b`
SHA256	`1ada0de73e605878fe250c56628a0e7fbd59468e6a8df8b1be9264180f5a90c0`
SHA512	`ed2e12dc930d2b234692eb6a8dff595c00935c5c7a188a07b547ac2ae24c0c00864a1baf697cd9f8d6632624b73a8b07d151ffe4b2970db60f161cbc350d603d`
CRC32	`9A91B245`
ssdeep	`None`
Yara	None matched

Score

This file appears fairly benign with a score of 0.7 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:7221142

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	Dec. 12, 2025, 11:19 a.m.	Dec. 12, 2025, 11:23 a.m.	237 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-12-12 10:19:23,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpwwr_kc
2025-12-12 10:19:23,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\qppyqreqZEaVmpWkEabLD
2025-12-12 10:19:23,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\CkDosKSwxbSJOGyilkNCMurnqXIIU
2025-12-12 10:19:23,015 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-12-12 10:19:23,030 [analyzer] INFO: Automatically selected analysis package "doc"
2025-12-12 10:19:23,296 [analyzer] DEBUG: Started auxiliary module Curtain
2025-12-12 10:19:23,296 [analyzer] DEBUG: Started auxiliary module DbgView
2025-12-12 10:19:23,828 [analyzer] DEBUG: Started auxiliary module Disguise
2025-12-12 10:19:24,046 [analyzer] DEBUG: Loaded monitor into process with pid 504
2025-12-12 10:19:24,046 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-12-12 10:19:24,046 [analyzer] DEBUG: Started auxiliary module Human
2025-12-12 10:19:24,046 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-12-12 10:19:24,046 [analyzer] DEBUG: Started auxiliary module Reboot
2025-12-12 10:19:24,125 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-12-12 10:19:24,125 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-12-12 10:19:24,125 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-12-12 10:19:24,125 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-12-12 10:19:24,280 [lib.api.process] INFO: Successfully executed process from path 'C:\\Program Files\\Microsoft Office\\Office14\\WINWORD.EXE' with arguments [u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\1ada0de73e605878_erp_lot4va_spa.rtf'] and pid 856
2025-12-12 10:19:24,405 [analyzer] DEBUG: Loaded monitor into process with pid 856
2025-12-12 10:19:28,890 [analyzer] INFO: Added new file to list with pid 856 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Office\MSO1033.acl
2025-12-12 10:19:30,500 [analyzer] INFO: Added new file to list with pid 856 and path C:\Users\Administrator\AppData\Local\Temp\~$da0de73e605878_erp_lot4va_spa.rtf
2025-12-12 10:19:32,203 [analyzer] INFO: Added new file to list with pid 856 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B94CD06A-A9C3-4B61-8670-7393E9ED0C4B}.tmp
2025-12-12 10:19:34,953 [analyzer] INFO: Added new file to list with pid 856 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx
2025-12-12 10:23:23,973 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-12-12 10:23:24,473 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-12-12 10:23:24,473 [lib.api.process] INFO: Successfully terminated process with pid 856.
2025-12-12 10:23:24,598 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-12-12 11:19:42,053 [cuckoo.core.scheduler] INFO: Task #7221148: acquired machine win7x645 (label=win7x645)
2025-12-12 11:19:42,053 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.205 for task #7221148
2025-12-12 11:19:42,650 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 26345 (interface=vboxnet0, host=192.168.168.205)
2025-12-12 11:19:42,696 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x645
2025-12-12 11:19:44,424 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x645 to vmcloak
2025-12-12 11:19:56,109 [cuckoo.core.guest] INFO: Starting analysis #7221148 on guest (id=win7x645, ip=192.168.168.205)
2025-12-12 11:19:57,114 [cuckoo.core.guest] DEBUG: win7x645: not ready yet
2025-12-12 11:20:02,142 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x645, ip=192.168.168.205)
2025-12-12 11:20:02,216 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x645, ip=192.168.168.205, monitor=latest, size=6660546)
2025-12-12 11:20:03,583 [cuckoo.core.resultserver] DEBUG: Task #7221148: live log analysis.log initialized.
2025-12-12 11:20:04,585 [cuckoo.core.resultserver] DEBUG: Task #7221148 is sending a BSON stream
2025-12-12 11:20:04,944 [cuckoo.core.resultserver] DEBUG: Task #7221148 is sending a BSON stream
2025-12-12 11:20:05,864 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'shots/0001.jpg'
2025-12-12 11:20:05,885 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 133573
2025-12-12 11:20:09,054 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'shots/0002.jpg'
2025-12-12 11:20:09,069 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 123448
2025-12-12 11:20:10,174 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'shots/0003.jpg'
2025-12-12 11:20:10,191 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 123845
2025-12-12 11:20:11,317 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'shots/0004.jpg'
2025-12-12 11:20:11,336 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 123698
2025-12-12 11:20:12,465 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'shots/0005.jpg'
2025-12-12 11:20:12,481 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 124273
2025-12-12 11:20:13,602 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'shots/0006.jpg'
2025-12-12 11:20:13,615 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 123953
2025-12-12 11:20:14,721 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'shots/0007.jpg'
2025-12-12 11:20:14,741 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 123958
2025-12-12 11:20:15,837 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'shots/0008.jpg'
2025-12-12 11:20:15,850 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 124028
2025-12-12 11:20:16,952 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'shots/0009.jpg'
2025-12-12 11:20:16,963 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 123922
2025-12-12 11:20:18,088 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'shots/0010.jpg'
2025-12-12 11:20:18,097 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 81909
2025-12-12 11:20:18,208 [cuckoo.core.guest] DEBUG: win7x645: analysis #7221148 still processing
2025-12-12 11:20:19,190 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'shots/0011.jpg'
2025-12-12 11:20:19,204 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 110427
2025-12-12 11:20:20,282 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'shots/0012.jpg'
2025-12-12 11:20:20,295 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 109575
2025-12-12 11:20:21,402 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'shots/0013.jpg'
2025-12-12 11:20:21,414 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 86619
2025-12-12 11:20:33,292 [cuckoo.core.guest] DEBUG: win7x645: analysis #7221148 still processing
2025-12-12 11:20:48,375 [cuckoo.core.guest] DEBUG: win7x645: analysis #7221148 still processing
2025-12-12 11:21:03,459 [cuckoo.core.guest] DEBUG: win7x645: analysis #7221148 still processing
2025-12-12 11:21:18,543 [cuckoo.core.guest] DEBUG: win7x645: analysis #7221148 still processing
2025-12-12 11:21:33,631 [cuckoo.core.guest] DEBUG: win7x645: analysis #7221148 still processing
2025-12-12 11:21:48,958 [cuckoo.core.guest] DEBUG: win7x645: analysis #7221148 still processing
2025-12-12 11:22:04,113 [cuckoo.core.guest] DEBUG: win7x645: analysis #7221148 still processing
2025-12-12 11:22:19,290 [cuckoo.core.guest] DEBUG: win7x645: analysis #7221148 still processing
2025-12-12 11:22:34,421 [cuckoo.core.guest] DEBUG: win7x645: analysis #7221148 still processing
2025-12-12 11:22:49,550 [cuckoo.core.guest] DEBUG: win7x645: analysis #7221148 still processing
2025-12-12 11:23:04,689 [cuckoo.core.guest] DEBUG: win7x645: analysis #7221148 still processing
2025-12-12 11:23:19,949 [cuckoo.core.guest] DEBUG: win7x645: analysis #7221148 still processing
2025-12-12 11:23:24,273 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'curtain/1765531404.26.curtain.log'
2025-12-12 11:23:24,278 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 36
2025-12-12 11:23:24,478 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'sysmon/1765531404.47.sysmon.xml'
2025-12-12 11:23:24,492 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'files/ec35f12f679df4bc_~wrs{b94cd06a-a9c3-4b61-8670-7393e9ed0c4b}.tmp'
2025-12-12 11:23:24,496 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 3470
2025-12-12 11:23:24,510 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'files/7aea3ff1bfd57255_~$da0de73e605878_erp_lot4va_spa.rtf'
2025-12-12 11:23:24,514 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 162
2025-12-12 11:23:24,516 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'files/d5749ed75a088654_mso1033.acl'
2025-12-12 11:23:24,519 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 37762
2025-12-12 11:23:24,522 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 989178
2025-12-12 11:23:24,556 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'files/5e9b4e081abe7439_built-in building blocks.dotx'
2025-12-12 11:23:24,613 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 4187307
2025-12-12 11:23:25,119 [cuckoo.core.resultserver] DEBUG: Task #7221148: File upload for 'shots/0014.jpg'
2025-12-12 11:23:25,146 [cuckoo.core.resultserver] DEBUG: Task #7221148 uploaded file length: 139830
2025-12-12 11:23:25,163 [cuckoo.core.resultserver] DEBUG: Task #7221148 had connection reset for <Context for LOG>
2025-12-12 11:23:25,984 [cuckoo.core.guest] INFO: win7x645: analysis completed successfully
2025-12-12 11:23:25,997 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-12-12 11:23:26,028 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-12-12 11:23:27,327 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x645 to path /srv/cuckoo/cwd/storage/analyses/7221148/memory.dmp
2025-12-12 11:23:27,329 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x645
2025-12-12 11:23:39,077 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.205 for task #7221148
2025-12-12 11:23:39,428 [cuckoo.core.scheduler] DEBUG: Released database task #7221148
2025-12-12 11:23:39,446 [cuckoo.core.scheduler] INFO: Task #7221148: analysis procedure completed

Signatures

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Dec. 12, 2025, 11:19 a.m.	stacktrace: RaiseException+0x3d NlsValidateLocale-0x13 kernelbase+0x9e5d @ 0x7fefd5f9e5d RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefd8f73c3 NdrClientCall2+0x6b3 NdrClearOutParameters-0xf3d rpcrt4+0xe1493 @ 0x7fefd9c1493 NdrClientCall2+0x1d NdrClearOutParameters-0x15d3 rpcrt4+0xe0dfd @ 0x7fefd9c0dfd SLGetEncryptedPIDEx+0xac57 SLCallServer-0x63d osppc+0x1a0af @ 0x7452a0af SLpVLActivateProduct+0xe9 SLpGetMSPidInformation-0xcb osppc+0xc7cd @ 0x7451c7cd SLActivateProduct+0x3df SLGetServerStatus-0xca1 osppcext+0x3a48f @ 0x7407a48f ??0OdfStgParams@@QEAA@XZ+0xe6804 mso+0x1013a38 @ 0x7feee4d3a38 MsoCompareStringA+0x145a5a MsoGetTextExtentExPointW-0x1ed15a mso+0x59c84e @ 0x7feeda5c84e MsoFreeCvsList+0x18ee2 MsoFreeFlinfo-0x3fc8a mso+0x1d4e1e @ 0x7feed694e1e MsoFreeCvsList+0x19202 MsoFreeFlinfo-0x3f96a mso+0x1d513e @ 0x7feed69513e MsoFreeCvsList+0x18d23 MsoFreeFlinfo-0x3fe49 mso+0x1d4c5f @ 0x7feed694c5f MsoFreeCvsList+0x18c9c MsoFreeFlinfo-0x3fed0 mso+0x1d4bd8 @ 0x7feed694bd8 MsoFGetButtonSize+0x7e280 MsoPwlfFromFlinfo-0x10af0 mso+0x12511c @ 0x7feed5e511c MsoFGetButtonSize+0x7df94 MsoPwlfFromFlinfo-0x10ddc mso+0x124e30 @ 0x7feed5e4e30 MsoFGetButtonSize+0x7de30 MsoPwlfFromFlinfo-0x10f40 mso+0x124ccc @ 0x7feed5e4ccc MsoFGetButtonSize+0x7d934 MsoPwlfFromFlinfo-0x1143c mso+0x1247d0 @ 0x7feed5e47d0 MsoUninitOffice+0x99d MsoFHideTaiwan-0xf57 mso+0x21c11 @ 0x7feed4e1c11 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x774f652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c541 @ 0x7762c541 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 90 90 90 90 90 90 90 90 exception.symbol: RaiseException+0x3d NlsValidateLocale-0x13 kernelbase+0x9e5d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0x8007007b exception.offset: 40541 exception.address: 0x7fefd5f9e5d registers.r14: 0 registers.r15: 0 registers.rcx: 139651888 registers.rsi: 0 registers.r10: 96403680 registers.rbx: 0 registers.rsp: 139657104 registers.r11: 5423808 registers.r8: 0 registers.r9: 0 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2133529387 registers.r13: 0	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

Dec. 12, 2025, 11:19 a.m.

stacktrace:

RaiseException+0x3d NlsValidateLocale-0x13 kernelbase+0x9e5d @ 0x7fefd5f9e5d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefd8f73c3
NdrClientCall2+0x6b3 NdrClearOutParameters-0xf3d rpcrt4+0xe1493 @ 0x7fefd9c1493
NdrClientCall2+0x1d NdrClearOutParameters-0x15d3 rpcrt4+0xe0dfd @ 0x7fefd9c0dfd
SLGetEncryptedPIDEx+0xac57 SLCallServer-0x63d osppc+0x1a0af @ 0x7452a0af
SLpVLActivateProduct+0xe9 SLpGetMSPidInformation-0xcb osppc+0xc7cd @ 0x7451c7cd
SLActivateProduct+0x3df SLGetServerStatus-0xca1 osppcext+0x3a48f @ 0x7407a48f
??0OdfStgParams@@QEAA@XZ+0xe6804 mso+0x1013a38 @ 0x7feee4d3a38
MsoCompareStringA+0x145a5a MsoGetTextExtentExPointW-0x1ed15a mso+0x59c84e @ 0x7feeda5c84e
MsoFreeCvsList+0x18ee2 MsoFreeFlinfo-0x3fc8a mso+0x1d4e1e @ 0x7feed694e1e
MsoFreeCvsList+0x19202 MsoFreeFlinfo-0x3f96a mso+0x1d513e @ 0x7feed69513e
MsoFreeCvsList+0x18d23 MsoFreeFlinfo-0x3fe49 mso+0x1d4c5f @ 0x7feed694c5f
MsoFreeCvsList+0x18c9c MsoFreeFlinfo-0x3fed0 mso+0x1d4bd8 @ 0x7feed694bd8
MsoFGetButtonSize+0x7e280 MsoPwlfFromFlinfo-0x10af0 mso+0x12511c @ 0x7feed5e511c
MsoFGetButtonSize+0x7df94 MsoPwlfFromFlinfo-0x10ddc mso+0x124e30 @ 0x7feed5e4e30
MsoFGetButtonSize+0x7de30 MsoPwlfFromFlinfo-0x10f40 mso+0x124ccc @ 0x7feed5e4ccc
MsoFGetButtonSize+0x7d934 MsoPwlfFromFlinfo-0x1143c mso+0x1247d0 @ 0x7feed5e47d0
MsoUninitOffice+0x99d MsoFHideTaiwan-0xf57 mso+0x21c11 @ 0x7feed4e1c11
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x774f652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c541 @ 0x7762c541

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 90 90 90 90 90 90 90 90
exception.symbol: RaiseException+0x3d NlsValidateLocale-0x13 kernelbase+0x9e5d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x8007007b
exception.offset: 40541
exception.address: 0x7fefd5f9e5d
registers.r14: 0
registers.r15: 0
registers.rcx: 139651888
registers.rsi: 0
registers.r10: 96403680
registers.rbx: 0
registers.rsp: 139657104
registers.r11: 5423808
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 2133529387
registers.r13: 0

An application raised an exception which may be indicative of an exploit crash (2 events)

Application Crash

Process WINWORD.EXE with pid 856 crashed

Time & API	Arguments	Status	Return	Repeated
__exception__ Dec. 12, 2025, 11:19 a.m.	stacktrace: RaiseException+0x3d NlsValidateLocale-0x13 kernelbase+0x9e5d @ 0x7fefd5f9e5d RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefd8f73c3 NdrClientCall2+0x6b3 NdrClearOutParameters-0xf3d rpcrt4+0xe1493 @ 0x7fefd9c1493 NdrClientCall2+0x1d NdrClearOutParameters-0x15d3 rpcrt4+0xe0dfd @ 0x7fefd9c0dfd SLGetEncryptedPIDEx+0xac57 SLCallServer-0x63d osppc+0x1a0af @ 0x7452a0af SLpVLActivateProduct+0xe9 SLpGetMSPidInformation-0xcb osppc+0xc7cd @ 0x7451c7cd SLActivateProduct+0x3df SLGetServerStatus-0xca1 osppcext+0x3a48f @ 0x7407a48f ??0OdfStgParams@@QEAA@XZ+0xe6804 mso+0x1013a38 @ 0x7feee4d3a38 MsoCompareStringA+0x145a5a MsoGetTextExtentExPointW-0x1ed15a mso+0x59c84e @ 0x7feeda5c84e MsoFreeCvsList+0x18ee2 MsoFreeFlinfo-0x3fc8a mso+0x1d4e1e @ 0x7feed694e1e MsoFreeCvsList+0x19202 MsoFreeFlinfo-0x3f96a mso+0x1d513e @ 0x7feed69513e MsoFreeCvsList+0x18d23 MsoFreeFlinfo-0x3fe49 mso+0x1d4c5f @ 0x7feed694c5f MsoFreeCvsList+0x18c9c MsoFreeFlinfo-0x3fed0 mso+0x1d4bd8 @ 0x7feed694bd8 MsoFGetButtonSize+0x7e280 MsoPwlfFromFlinfo-0x10af0 mso+0x12511c @ 0x7feed5e511c MsoFGetButtonSize+0x7df94 MsoPwlfFromFlinfo-0x10ddc mso+0x124e30 @ 0x7feed5e4e30 MsoFGetButtonSize+0x7de30 MsoPwlfFromFlinfo-0x10f40 mso+0x124ccc @ 0x7feed5e4ccc MsoFGetButtonSize+0x7d934 MsoPwlfFromFlinfo-0x1143c mso+0x1247d0 @ 0x7feed5e47d0 MsoUninitOffice+0x99d MsoFHideTaiwan-0xf57 mso+0x21c11 @ 0x7feed4e1c11 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x774f652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c541 @ 0x7762c541 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 90 90 90 90 90 90 90 90 exception.symbol: RaiseException+0x3d NlsValidateLocale-0x13 kernelbase+0x9e5d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0x8007007b exception.offset: 40541 exception.address: 0x7fefd5f9e5d registers.r14: 0 registers.r15: 0 registers.rcx: 139651888 registers.rsi: 0 registers.r10: 96403680 registers.rbx: 0 registers.rsp: 139657104 registers.r11: 5423808 registers.r8: 0 registers.r9: 0 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2133529387 registers.r13: 0	1	0	0