Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 22, 2023, 10:05 a.m.	June 22, 2023, 10:10 a.m.

Size	3.6MB
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`67b3201085b9b59d58c4a71c8b539bb0`
SHA256	`78f6f94aaa72e41d64e4dc309a3553399db2b4cd0edae5653ca4b6e7839e1215`
CRC32	`A2F6377F`
ssdeep	`49152:WT2PQnvmVQM0eqJAC7YaVVVVVVVVbImRPKB9bjgEge7Co1wl+MhV4Jt8tBNZZd:EIB3slN`
PDB Path	D:\JenkinsWorkspace\workspace\client_build_installer\client\build\working_directory\RelWithDebInfo\ubiorbitapi_r264.pdb
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,??0OrbitSession@orbitdll@mg@@QEAA@XZ
2548
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,??0OrbitSession@orbitdll@mg@@QEAA@XZ
  2936
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,??1OrbitSession@orbitdll@mg@@QEAA@XZ
2632
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,??1OrbitSession@orbitdll@mg@@QEAA@XZ
  2972
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?CheckUpdate@OrbitSession@orbitdll@mg@@QEAAHXZ
2724
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?CheckUpdate@OrbitSession@orbitdll@mg@@QEAAHXZ
  812
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?Close@SavegameReader@orbitdll@mg@@QEAAXXZ
2816
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?Close@SavegameReader@orbitdll@mg@@QEAAXXZ
  2068
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?Close@SavegameWriter@orbitdll@mg@@QEAAX_N@Z
2908
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?Close@SavegameWriter@orbitdll@mg@@QEAAX_N@Z
  2204
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetLocText@OrbitSession@orbitdll@mg@@QEAAPEBGPEBGPEBD@Z
1120
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetLocText@OrbitSession@orbitdll@mg@@QEAAPEBGPEBGPEBD@Z
  2244
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetLoginDetails@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetLoginDetailsListener@23@@Z
2184
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetLoginDetails@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetLoginDetailsListener@23@@Z
  2664
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetName@SavegameInfo@orbitdll@mg@@QEAAPEBGXZ
2596
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetName@SavegameInfo@orbitdll@mg@@QEAAPEBGXZ
  2780
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetNetworkTraffic@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetNetworkTrafficListener@23@@Z
2892
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetNetworkTraffic@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetNetworkTrafficListener@23@@Z
  196
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetOrbitServer@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetOrbitServerListener@23@II@Z
2408
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetOrbitServer@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetOrbitServerListener@23@II@Z
  940
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetRequestUniqueId@OrbitSession@orbitdll@mg@@QEAAIXZ
744
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetRequestUniqueId@OrbitSession@orbitdll@mg@@QEAAIXZ
  2588
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetSavegameId@SavegameInfo@orbitdll@mg@@QEAAIXZ
884
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetSavegameId@SavegameInfo@orbitdll@mg@@QEAAIXZ
  2380
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetSavegameList@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetSavegameListListener@23@I@Z
1952
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetSavegameList@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetSavegameListListener@23@I@Z
  2872
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetSavegameReader@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetSavegameReaderListener@23@II@Z
2128
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetSavegameReader@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetSavegameReaderListener@23@II@Z
  3216
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetSavegameWriter@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetSavegameWriterListener@23@II_N@Z
3456
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetSavegameWriter@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetSavegameWriterListener@23@II_N@Z
  3556
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetSize@SavegameInfo@orbitdll@mg@@QEAAIXZ
3660
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetSize@SavegameInfo@orbitdll@mg@@QEAAIXZ
  3808
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetUplayId@SavegameInfo@orbitdll@mg@@QEAAIXZ
3864
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?GetUplayId@SavegameInfo@orbitdll@mg@@QEAAIXZ
  3992
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?Read@SavegameReader@orbitdll@mg@@QEAAXIPEAVISavegameReadListener@23@IPEAXI@Z
4052
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?Read@SavegameReader@orbitdll@mg@@QEAAXIPEAVISavegameReadListener@23@IPEAXI@Z
  1016
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?RemoveSavegame@OrbitSession@orbitdll@mg@@QEAAXIPEAVIRemoveSavegameListener@23@II@Z
772
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?RemoveSavegame@OrbitSession@orbitdll@mg@@QEAAXIPEAVIRemoveSavegameListener@23@II@Z
  3296
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?SetName@SavegameWriter@orbitdll@mg@@QEAA_NPEAG@Z
3412
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?SetName@SavegameWriter@orbitdll@mg@@QEAA_NPEAG@Z
  2756
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\3052c15a0e5926da6706d7bc1440d1ad.movpkg.dll,?StartLauncher@OrbitSession@orbitdll@mg@@QEAA_NIIPEBD0@Z
3684

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (20 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 22, 2023, 9:58 a.m.			0	0
IsDebuggerPresent June 22, 2023, 9:58 a.m.			0	0
IsDebuggerPresent June 22, 2023, 9:58 a.m.			0	0
IsDebuggerPresent June 22, 2023, 9:58 a.m.			0	0
IsDebuggerPresent June 22, 2023, 9:58 a.m.			0	0
IsDebuggerPresent June 22, 2023, 9:58 a.m.			0	0
IsDebuggerPresent June 22, 2023, 9:58 a.m.			0	0
IsDebuggerPresent June 22, 2023, 9:58 a.m.			0	0
IsDebuggerPresent June 22, 2023, 9:58 a.m.			0	0
IsDebuggerPresent June 22, 2023, 9:58 a.m.			0	0
IsDebuggerPresent June 22, 2023, 9:59 a.m.			0	0
IsDebuggerPresent June 22, 2023, 9:59 a.m.			0	0
IsDebuggerPresent June 22, 2023, 9:59 a.m.			0	0
IsDebuggerPresent June 22, 2023, 9:59 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:08 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:08 a.m.			0	0

This executable has a PDB path (1 event)

pdb_path

D:\JenkinsWorkspace\workspace\client_build_installer\client\build\working_directory\RelWithDebInfo\ubiorbitapi_r264.pdb

One or more processes crashed (16 events)

Time & API	Arguments	Status
__exception__ June 22, 2023, 9:58 a.m.	stacktrace: ??0OrbitSession@orbitdll@mg@@QEAA@XZ+0x50 ?CheckUpdate@OrbitSession@orbitdll@mg@@QEAAHXZ-0x40 3052c15a0e5926da6706d7bc1440d1ad+0xd4a0 @ 0x7fef3c3d4a0 rundll32+0x2f42 @ 0xff272f42 rundll32+0x3b7a @ 0xff273b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 36 48 83 c4 08 48 89 e7 48 8b 3f 48 83 c4 exception.instruction: mov rsi, qword ptr [rsi] exception.exception_code: 0xc0000005 exception.symbol: ??0OrbitSession@orbitdll@mg@@QEAA@XZ+0x50 ?CheckUpdate@OrbitSession@orbitdll@mg@@QEAAHXZ-0x40 3052c15a0e5926da6706d7bc1440d1ad+0xd4a0 exception.address: 0x7fef3c3d4a0 registers.r14: 0 registers.r15: 0 registers.rcx: 131456 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1440560 registers.r11: 1439648 registers.r8: 3326390 registers.r9: 10 registers.rdx: 4280745984 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 131456 registers.r13: 0	1
__exception__ June 22, 2023, 9:58 a.m.	stacktrace: ??0OrbitSession@orbitdll@mg@@QEAA@XZ+0x3 ??1OrbitSession@orbitdll@mg@@QEAA@XZ-0x4d 3052c15a0e5926da6706d7bc1440d1ad+0xd453 @ 0x7fef3c3d453 0x7fffffdf000 ?Close@SavegameReader@orbitdll@mg@@QEAAXXZ-0xcb00 3052c15a0e5926da6706d7bc1440d1ad+0x120 @ 0x7fef3c30120 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 0x4 exception.instruction_r: d2 8b 14 8e 48 01 da 4c 89 f0 49 89 d2 48 8b 55 exception.instruction: ror byte ptr [rbx + 0x1488e14], cl exception.exception_code: 0xc0000005 exception.symbol: ??0OrbitSession@orbitdll@mg@@QEAA@XZ+0x3 ??1OrbitSession@orbitdll@mg@@QEAA@XZ-0x4d 3052c15a0e5926da6706d7bc1440d1ad+0xd453 exception.address: 0x7fef3c3d453 registers.r14: 0 registers.r15: 0 registers.rcx: 327962 registers.rsi: 0 registers.r10: 0 registers.rbx: 4280758082 registers.rsp: 1046392 registers.r11: 1046000 registers.r8: 2998710 registers.r9: 10 registers.rdx: 4280745984 registers.r12: 10 registers.rbp: 2998480 registers.rdi: 2998728 registers.rax: 327962 registers.r13: 0	1
__exception__ June 22, 2023, 9:59 a.m.	stacktrace: MgOrbitdllGetFakeSession+0x6d MgOrbitdllGetLocText-0xe3 3052c15a0e5926da6706d7bc1440d1ad+0xd7cd @ 0x7fef3c3d7cd 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff 0xffffffffffff exception.instruction_r: 88 07 48 ff c7 41 53 49 c7 c3 01 00 00 00 49 ff exception.instruction: mov byte ptr [rdi], al exception.exception_code: 0xc0000005 exception.symbol: MgOrbitdllGetFakeSession+0x6d MgOrbitdllGetLocText-0xe3 3052c15a0e5926da6706d7bc1440d1ad+0xd7cd exception.address: 0x7fef3c3d7cd registers.r14: 131454 registers.r15: 0 registers.rcx: 15457 registers.rsi: 151503 registers.r10: 0 registers.rbx: -65536 registers.rsp: 2533704 registers.r11: 2553200 registers.r8: -7136436391934128347 registers.r9: 0 registers.rdx: 8791592788679 registers.r12: 10 registers.rbp: 4112640 registers.rdi: 131646 registers.rax: 2624260551661515231 registers.r13: 0	1
__exception__ June 22, 2023, 9:58 a.m.	stacktrace: ?Close@SavegameWriter@orbitdll@mg@@QEAAX_N@Z+0x10 ?GetName@SavegameInfo@orbitdll@mg@@QEAAPEBGXZ-0x30 3052c15a0e5926da6706d7bc1440d1ad+0xcc70 @ 0x7fef3c3cc70 rundll32+0x2f42 @ 0xff272f42 rundll32+0x3b7a @ 0xff273b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 8b 11 4c 8d 41 08 48 8b 49 58 e8 51 cd ff ff 48 exception.instruction: mov edx, dword ptr [rcx] exception.exception_code: 0xc0000005 exception.symbol: ?Close@SavegameWriter@orbitdll@mg@@QEAAX_N@Z+0x10 ?GetName@SavegameInfo@orbitdll@mg@@QEAAPEBGXZ-0x30 3052c15a0e5926da6706d7bc1440d1ad+0xcc70 exception.address: 0x7fef3c3cc70 registers.r14: 0 registers.r15: 0 registers.rcx: -8554587492188112831 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1636400 registers.r11: 1635488 registers.r8: 3129830 registers.r9: 0 registers.rdx: 4280745984 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 524664 registers.r13: 0	1
__exception__ June 22, 2023, 9:58 a.m.	stacktrace: MgOrbitdllCheckUpdate+0x150 MgOrbitdllGetFakeSession-0x10 3052c15a0e5926da6706d7bc1440d1ad+0xd750 @ 0x7fef3c3d750 exception.instruction_r: f3 a4 48 c7 c0 7b 00 00 00 48 c7 c1 17 00 00 00 exception.instruction: movsb byte ptr [rdi], byte ptr [rsi] exception.exception_code: 0xc0000005 exception.symbol: MgOrbitdllCheckUpdate+0x150 MgOrbitdllGetFakeSession-0x10 3052c15a0e5926da6706d7bc1440d1ad+0xd750 exception.address: 0x7fef3c3d750 registers.r14: 0 registers.r15: 0 registers.rcx: 20049 registers.rsi: 0 registers.r10: 0 registers.rbx: 262462 registers.rsp: 2095648 registers.r11: 2095120 registers.r8: 3916452 registers.r9: 10 registers.rdx: 4280758082 registers.r12: 10 registers.rbp: 3916128 registers.rdi: 4280766828 registers.rax: 262462 registers.r13: 0	1
__exception__ June 22, 2023, 9:58 a.m.	stacktrace: ?GetNetworkTraffic@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetNetworkTrafficListener@23@@Z+0x9 ?GetOrbitServer@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetOrbitServerListener@23@II@Z-0x7 3052c15a0e5926da6706d7bc1440d1ad+0xd529 @ 0x7fef3c3d529 rundll32+0x2f42 @ 0xff272f42 rundll32+0x3b7a @ 0xff273b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: ec 08 48 89 e0 48 89 28 48 83 ec 08 48 89 e0 48 exception.instruction: in al, dx exception.exception_code: 0xc0000096 exception.symbol: ?GetNetworkTraffic@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetNetworkTrafficListener@23@@Z+0x9 ?GetOrbitServer@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetOrbitServerListener@23@II@Z-0x7 3052c15a0e5926da6706d7bc1440d1ad+0xd529 exception.address: 0x7fef3c3d529 registers.r14: 0 registers.r15: 0 registers.rcx: 65926 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1768240 registers.r11: 1767328 registers.r8: 2736844 registers.r9: 10 registers.rdx: 4280745984 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 65926 registers.r13: 0	1
__exception__ June 22, 2023, 9:59 a.m.	stacktrace: ?GetOrbitServer@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetOrbitServerListener@23@II@Z+0x3 ?GetRequestUniqueId@OrbitSession@orbitdll@mg@@QEAAIXZ-0x1d 3052c15a0e5926da6706d7bc1440d1ad+0xd533 @ 0x7fef3c3d533 rundll32+0x2f42 @ 0xff272f42 rundll32+0x3b7a @ 0xff273b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: ec 08 48 89 e0 48 89 18 48 83 ec 08 48 89 e0 48 exception.instruction: in al, dx exception.exception_code: 0xc0000096 exception.symbol: ?GetOrbitServer@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetOrbitServerListener@23@II@Z+0x3 ?GetRequestUniqueId@OrbitSession@orbitdll@mg@@QEAAIXZ-0x1d 3052c15a0e5926da6706d7bc1440d1ad+0xd533 exception.address: 0x7fef3c3d533 registers.r14: 0 registers.r15: 0 registers.rcx: 66070 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1768128 registers.r11: 1767216 registers.r8: 3195556 registers.r9: 10 registers.rdx: 4280745984 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 66070 registers.r13: 0	1
__exception__ June 22, 2023, 9:59 a.m.	stacktrace: 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 0x1 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x1 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 4280758082 registers.r10: 0 registers.rbx: 8791592730912 registers.rsp: 2226448 registers.r11: 2226048 registers.r8: 3916328 registers.r9: 10 registers.rdx: 1 registers.r12: 10 registers.rbp: 4 registers.rdi: 8796092887040 registers.rax: 8082972440900839010 registers.r13: 0	1
__exception__ June 22, 2023, 9:59 a.m.	stacktrace: ?GetName@SavegameInfo@orbitdll@mg@@QEAAPEBGXZ+0x180 ?GetSize@SavegameInfo@orbitdll@mg@@QEAAIXZ-0x180 3052c15a0e5926da6706d7bc1440d1ad+0xce20 @ 0x7fef3c3ce20 rundll32+0x2f42 @ 0xff272f42 rundll32+0x3b7a @ 0xff273b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 82 49 83 fc ff 74 39 49 83 fc 00 0f 84 ea 00 00 exception.exception_code: 0xc000001d exception.symbol: ?GetName@SavegameInfo@orbitdll@mg@@QEAAPEBGXZ+0x180 ?GetSize@SavegameInfo@orbitdll@mg@@QEAAIXZ-0x180 3052c15a0e5926da6706d7bc1440d1ad+0xce20 exception.address: 0x7fef3c3ce20 registers.r14: 0 registers.r15: 0 registers.rcx: 327986 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 720720 registers.r11: 719808 registers.r8: 1622526 registers.r9: 10 registers.rdx: 4280745984 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 327986 registers.r13: 0	1
__exception__ June 22, 2023, 9:59 a.m.	stacktrace: ?RemoveSavegame@OrbitSession@orbitdll@mg@@QEAAXIPEAVIRemoveSavegameListener@23@II@Z+0x1 ?StartLauncher@OrbitSession@orbitdll@mg@@QEAA_NIIPEBD0@Z-0x1f 3052c15a0e5926da6706d7bc1440d1ad+0xd5b1 @ 0x7fef3c3d5b1 rundll32+0x2f42 @ 0xff272f42 rundll32+0x3b7a @ 0xff273b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: d9 48 89 4d f8 4d 31 e4 4c 89 65 e0 48 89 55 d8 exception.exception_code: 0xc000001d exception.symbol: ?RemoveSavegame@OrbitSession@orbitdll@mg@@QEAAXIPEAVIRemoveSavegameListener@23@II@Z+0x1 ?StartLauncher@OrbitSession@orbitdll@mg@@QEAA_NIIPEBD0@Z-0x1f 3052c15a0e5926da6706d7bc1440d1ad+0xd5b1 exception.address: 0x7fef3c3d5b1 registers.r14: 0 registers.r15: 0 registers.rcx: 66081 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2358336 registers.r11: 2357424 registers.r8: 4309670 registers.r9: 10 registers.rdx: 4280745984 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 66082 registers.r13: 0	1
__exception__ June 22, 2023, 10 a.m.	stacktrace: ?GetSavegameList@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetSavegameListListener@23@I@Z+0x10 ?GetSavegameWriter@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetSavegameWriterListener@23@II_N@Z-0x20 3052c15a0e5926da6706d7bc1440d1ad+0xd570 @ 0x7fef3c3d570 rundll32+0x2f42 @ 0xff272f42 rundll32+0x3b7a @ 0xff273b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 28 48 83 ec 08 48 89 e0 4c 89 30 48 31 c0 48 ff exception.instruction: sub byte ptr [rax + 0xffffffffffffff83], cl exception.exception_code: 0xc0000005 exception.symbol: ?GetSavegameList@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetSavegameListListener@23@I@Z+0x10 ?GetSavegameWriter@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetSavegameWriterListener@23@II_N@Z-0x20 3052c15a0e5926da6706d7bc1440d1ad+0xd570 exception.address: 0x7fef3c3d570 registers.r14: 0 registers.r15: 0 registers.rcx: 131626 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1113360 registers.r11: 1112448 registers.r8: 1622736 registers.r9: 10 registers.rdx: 4280745984 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 131626 registers.r13: 0	1
__exception__ June 22, 2023, 10 a.m.	stacktrace: __wgetmainargs+0x9a rename-0x116 msvcrt+0x12fb2 @ 0x7fefdb02fb2 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 0x10025f5c00000001 exception.instruction_r: c3 90 90 90 90 90 90 90 90 90 48 8b c4 48 89 58 exception.symbol: __wgetmainargs+0x9a rename-0x116 msvcrt+0x12fb2 exception.instruction: ret exception.module: msvcrt.dll exception.exception_code: 0xc0000005 exception.offset: 77746 exception.address: 0x7fefdb02fb2 registers.r14: 8796092887040 registers.r15: 4280758082 registers.rcx: 0 registers.rsi: 8791592785296 registers.r10: 42 registers.rbx: 4280750824 registers.rsp: 1702224 registers.r11: 27 registers.r8: 10 registers.r9: 84 registers.rdx: 0 registers.r12: 4 registers.rbp: 2736670 registers.rdi: 1155744 registers.rax: 1702240 registers.r13: 8791592730912	1
__exception__ June 22, 2023, 10 a.m.	stacktrace: ?GetSavegameId@SavegameInfo@orbitdll@mg@@QEAAIXZ+0x180 ?GetUplayId@SavegameInfo@orbitdll@mg@@QEAAIXZ-0x180 3052c15a0e5926da6706d7bc1440d1ad+0xcfa0 @ 0x7fef3c3cfa0 rundll32+0x2f42 @ 0xff272f42 rundll32+0x3b7a @ 0xff273b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 8f 98 78 e9 48 f6 9c 49 c7 c1 55 01 00 00 48 83 exception.exception_code: 0xc000001d exception.symbol: ?GetSavegameId@SavegameInfo@orbitdll@mg@@QEAAIXZ+0x180 ?GetUplayId@SavegameInfo@orbitdll@mg@@QEAAIXZ-0x180 3052c15a0e5926da6706d7bc1440d1ad+0xcfa0 exception.address: 0x7fef3c3cfa0 registers.r14: 0 registers.r15: 0 registers.rcx: 66138 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1834896 registers.r11: 1833984 registers.r8: 3850722 registers.r9: 10 registers.rdx: 4280745984 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 66138 registers.r13: 0	1
__exception__ June 22, 2023, 10 a.m.	stacktrace: ?GetUplayId@SavegameInfo@orbitdll@mg@@QEAAIXZ+0x1a ?Read@SavegameReader@orbitdll@mg@@QEAAXIPEAVISavegameReadListener@23@IPEAXI@Z-0x186 3052c15a0e5926da6706d7bc1440d1ad+0xd13a @ 0x7fef3c3d13a 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 0xa4d2d125a262 exception.instruction_r: 44 8a 34 08 59 41 80 c6 02 41 80 fe 4d 74 20 51 exception.instruction: mov r14b, byte ptr [rax + rcx] exception.exception_code: 0xc0000005 exception.symbol: ?GetUplayId@SavegameInfo@orbitdll@mg@@QEAAIXZ+0x1a ?Read@SavegameReader@orbitdll@mg@@QEAAXIPEAVISavegameReadListener@23@IPEAXI@Z-0x186 3052c15a0e5926da6706d7bc1440d1ad+0xd13a exception.address: 0x7fef3c3d13a registers.r14: 0 registers.r15: 0 registers.rcx: 40 registers.rsi: 0 registers.r10: 0 registers.rbx: 8791759209743 registers.rsp: 1900104 registers.r11: 1899568 registers.r8: 2933240 registers.r9: 10 registers.rdx: 4280745984 registers.r12: 10 registers.rbp: 2932992 registers.rdi: 0 registers.rax: 12948347151581295 registers.r13: 0	1
__exception__ June 22, 2023, 10 a.m.	stacktrace: ?Read@SavegameReader@orbitdll@mg@@QEAAXIPEAVISavegameReadListener@23@IPEAXI@Z+0x6 ?SetName@SavegameWriter@orbitdll@mg@@QEAA_NPEAG@Z-0x2a 3052c15a0e5926da6706d7bc1440d1ad+0xd2c6 @ 0x7fef3c3d2c6 0x24c298 0x24c160 exception.instruction_r: ed 4d 31 f6 51 48 c7 c1 0a 00 00 00 48 83 c1 0a exception.instruction: in eax, dx exception.exception_code: 0xc0000096 exception.symbol: ?Read@SavegameReader@orbitdll@mg@@QEAAXIPEAVISavegameReadListener@23@IPEAXI@Z+0x6 ?SetName@SavegameWriter@orbitdll@mg@@QEAA_NPEAG@Z-0x2a 3052c15a0e5926da6706d7bc1440d1ad+0xd2c6 exception.address: 0x7fef3c3d2c6 registers.r14: 0 registers.r15: 0 registers.rcx: 66290 registers.rsi: 0 registers.r10: 0 registers.rbx: 66290 registers.rsp: 1177800 registers.r11: 1177344 registers.r8: 2409112 registers.r9: 10 registers.rdx: 4280745984 registers.r12: 10 registers.rbp: 2408800 registers.rdi: 2409144 registers.rax: 66290 registers.r13: 0	1
__exception__ June 22, 2023, 10:08 a.m.	stacktrace: exception.instruction_r: 48 89 4d f8 4d 31 e4 4c 89 65 e0 48 89 55 d8 4c exception.instruction: mov qword ptr [rbp + 0xfffffffffffffff8], rcx exception.exception_code: 0xc0000005 exception.symbol: ?RemoveSavegame@OrbitSession@orbitdll@mg@@QEAAXIPEAVIRemoveSavegameListener@23@II@Z+0x2 ?StartLauncher@OrbitSession@orbitdll@mg@@QEAA_NIIPEBD0@Z-0x1e 3052c15a0e5926da6706d7bc1440d1ad+0xd5b2 exception.address: 0x7fef3c3d5b2 registers.r14: 32370111954616435 registers.r15: 23925768161198147 registers.rcx: 7274572 registers.rsi: 19140779460001857 registers.r10: 0 registers.rbx: 27303497949970508 registers.rsp: 1425832 registers.r11: 1047040 registers.r8: 1426084 registers.r9: 10 registers.rdx: 8791592785328 registers.r12: 25895912609022068 registers.rbp: 28429333431058540 registers.rdi: 25896114476810337 registers.rax: 5602996941558157117 registers.r13: 32370056121024604	1

Allocates read-write-execute memory (usually to unpack itself) (20 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 22, 2023, 9:58 a.m.	process_identifier: 2972 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 9:58 a.m.	process_identifier: 2936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 9:58 a.m.	process_identifier: 812 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 9:58 a.m.	process_identifier: 2068 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 9:58 a.m.	process_identifier: 2244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 9:58 a.m.	process_identifier: 2204 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 9:58 a.m.	process_identifier: 2664 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 9:58 a.m.	process_identifier: 2780 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 9:58 a.m.	process_identifier: 196 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 9:59 a.m.	process_identifier: 940 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 9:59 a.m.	process_identifier: 2588 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 9:59 a.m.	process_identifier: 2380 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 9:59 a.m.	process_identifier: 2872 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 10 a.m.	process_identifier: 3216 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 10 a.m.	process_identifier: 3556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 10 a.m.	process_identifier: 3808 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 10 a.m.	process_identifier: 3992 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 10 a.m.	process_identifier: 1016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:08 a.m.	process_identifier: 3296 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:08 a.m.	process_identifier: 2756 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1

File has been identified by 7 AntiVirus engines on VirusTotal as malicious (7 events)

Symantec	Trojan Horse
McAfee-GW-Edition	Artemis!Trojan
GData	Trojan.GenericKD.67671411
Webroot	W32.Malware.Gen
Microsoft	Trojan:Win32/Casdet!rfn
McAfee	Artemis!67B3201085B9
Rising	Trojan.Agent!8.B1E (CLOUD)

3052c15a0e5926da6706d7bc1440d1ad.movpkg

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All