Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 16, 2023, 3:18 p.m.	Nov. 16, 2023, 3:20 p.m.

Size	30.4MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fd36da278e03915e659c14f3c1b88a56`
SHA256	`5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e`
CRC32	`AA7D3F61`
ssdeep	`786432:BAdS6UmZeNZ/jXj7HmDwynADroTiaGD5Xx6lO4b0gWygR7:BRRN5j7G/AolOuWygR7`
PDB Path
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) MALWARE_Win_VT_RedLine - Detects RedLine infostealer UltraVNC_Zero - UltraVNC PE_Header_Zero - PE File Signature ftp_command - ftp command UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe "C:\Users\test22\AppData\Local\Temp\5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe"
2656

Name	Response	Post-Analysis Lookup
files.gmacro.ru	A 95.216.77.146	95.216.77.146

IP Address	Status	Action
164.124.101.2	Active	Moloch
95.216.77.146	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Nov. 16, 2023, 3:18 p.m.			0	0
IsDebuggerPresent Nov. 16, 2023, 3:18 p.m.			0	0

Uses Windows APIs to generate a cryptographic key (12 events)

Time & API	Arguments	Status	Return
CryptExportKey Nov. 16, 2023, 3:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x023bd408 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 3:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x023bd408 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 3:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x023bd448 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 3:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x023bd448 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 3:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x023bd508 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 3:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x023bdd08 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 3:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x023bdd08 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 3:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x023bdd08 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 3:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x023bd408 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 3:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x023bd408 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 3:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x023bd408 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 3:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x023bd408 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

This executable has a PDB path (1 event)

pdb_path

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Nov. 16, 2023, 3:18 p.m.		1	1	0

One or more processes crashed (50 out of 7734 events)

Time & API	Arguments	Status
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: f3 aa 8b 45 f0 8b 4d 08 8b 55 10 03 c8 2b d0 52 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf088 exception.instruction: stosb byte ptr es:[edi], al exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61576 exception.address: 0x40f088 registers.esp: 1636996 registers.edi: 4393036 registers.eax: 0 registers.ebp: 1637012 registers.edx: 0 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 4	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4394960 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 247449	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4399056 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 247417	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4403152 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 247385	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4407248 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 247353	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4411344 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 247321	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4415440 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 247289	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4419536 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 247257	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4423632 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 247225	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4427728 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 247193	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4431824 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 247161	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4435920 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 247129	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4440016 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 247097	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4444112 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 247065	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4448208 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 247033	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4452304 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 247001	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4456400 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246969	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4460496 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246937	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4464592 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246905	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4468688 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246873	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4472784 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246841	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4476880 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246809	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4480976 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246777	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4485072 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246745	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4489168 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246713	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4493264 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246681	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4497360 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246649	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4501456 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246617	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4505552 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246585	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4509648 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246553	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4513744 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246521	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4517840 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246489	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4521936 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246457	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4526032 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246425	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4530128 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246393	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4534224 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246361	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4538320 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246329	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4542416 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246297	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4546512 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246265	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4550608 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246233	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4554704 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246201	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4558800 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246169	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4562896 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246137	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4566992 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246105	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4571088 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246073	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4575184 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246041	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4579280 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 246009	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4583376 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 245977	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4587472 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 245945	1
__exception__ Nov. 16, 2023, 3:18 p.m.	stacktrace: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf054 @ 0x40f054 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xf0a0 @ 0x40f0a0 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4591568 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 106 registers.ebx: 0 registers.esi: 67108896 registers.ecx: 245913	1

Resolves a suspicious Top Level Domain (TLD) (1 event)

domain

files.gmacro.ru

description

Russian Federation domain TLD

Allocates read-write-execute memory (usually to unpack itself) (32 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 917504 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03cc0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 589824 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03cc0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 1900544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08460000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x085f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02572000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d11000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d12000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0257a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0257c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d13000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0258c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d14000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d5b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d57000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x085d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d55000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x085d1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x085d4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d0a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d07000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0258a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73272000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x085d5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d06000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d0b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x085d6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d16000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 3:18 p.m.	process_identifier: 2656 region_size: 69632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d1a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Nov. 16, 2023, 3:18 p.m.	flags: 15 family: 0		111	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x01e40400', u'virtual_address': u'0x00026000', u'entropy': 7.999993180945837, u'name': u'.rsrc', u'virtual_size': u'0x01e40204'}

entropy

7.99999318095

description

A section with a high entropy has been found

entropy

0.995660838262

description

Overall entropy of this PE file is high

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Nov. 16, 2023, 3:18 p.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

A process attempted to delay the analysis task. (1 event)

description

5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe tried to sleep 5456388 seconds, actually delayed analysis time by 5456388 seconds

File has been identified by 12 AntiVirus engines on VirusTotal as malicious (12 events)

Bkav	W32.AIDetectMalware
Elastic	malicious (moderate confidence)
APEX	Malicious
Rising	Trojan.Generic@AI.99 (RDML:6xss7+MqFrd73x7QSta7UA)
Sophos	Generic ML PUA (PUA)
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.fd36da278e03915e
Ikarus	Packed.Win32.Crypt
Google	Detected
DeepInstinct	MALICIOUS
SentinelOne	Static AI - Suspicious PE
Cybereason	malicious.15eb41

Generates some ICMP traffic

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

95.216.77.146:80

5dd663aa30da9fd0b72650d9e8c2594909ecda90e164f4aa4bda99d1fba60a7e_PUBG_NEW.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All