Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 16, 2023, 4:19 p.m.	Nov. 16, 2023, 4:22 p.m.

Size	28.5MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`01244c0aaa1117bb904d354dc8f5729f`
SHA256	`02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f`
CRC32	`05F948EA`
ssdeep	`393216:94MepXCx05KQgV6R3zOuGamuZcUlgUDt36e8n5bComN/Z87pgdBABXMP:94MexsOgVoqbuZ7lgUpr8nBF4/2gdQ8P`
PDB Path
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) MALWARE_Win_VT_RedLine - Detects RedLine infostealer UltraVNC_Zero - UltraVNC PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe "C:\Users\test22\AppData\Local\Temp\02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe"
2656

Name	Response	Post-Analysis Lookup
gmacro.ru	A 194.67.207.88	194.67.207.88

IP Address	Status	Action
164.124.101.2	Active	Moloch
194.67.207.88	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Nov. 16, 2023, 4:19 p.m.			0	0
IsDebuggerPresent Nov. 16, 2023, 4:19 p.m.			0	0

Uses Windows APIs to generate a cryptographic key (27 events)

Time & API	Arguments	Status	Return
CryptExportKey Nov. 16, 2023, 4:19 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b1ca0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:19 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b1ca0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:19 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b1ce0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:19 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b1ce0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:19 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b1da0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:19 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b25a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:19 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b25a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:19 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b25a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:19 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b1f20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:19 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b1f20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:19 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b1f20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:19 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b1f20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b2aa0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b2aa0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b1ee0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b2320 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b2320 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b2320 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b2320 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b2320 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b2320 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b21a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b21a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b21a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b21a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b21a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 16, 2023, 4:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x021b21a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

This executable has a PDB path (1 event)

pdb_path

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Nov. 16, 2023, 4:19 p.m.		1	1	0

One or more processes crashed (50 out of 7264 events)

Time & API	Arguments	Status
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: f3 aa 8b 45 f0 8b 4d 08 8b 55 10 03 c8 2b d0 52 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf088 exception.instruction: stosb byte ptr es:[edi], al exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61576 exception.address: 0x40f088 registers.esp: 1636996 registers.edi: 4393036 registers.eax: 0 registers.ebp: 1637012 registers.edx: 0 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 4	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4394960 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 232391	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4399056 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 232359	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4403152 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 232327	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4407248 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 232295	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4411344 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 232263	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4415440 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 232231	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4419536 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 232199	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4423632 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 232167	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4427728 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 232135	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4431824 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 232103	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4435920 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 232071	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4440016 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 232039	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4444112 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 232007	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4448208 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231975	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4452304 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231943	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4456400 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231911	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4460496 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231879	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4464592 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231847	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4468688 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231815	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4472784 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231783	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4476880 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231751	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4480976 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231719	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4485072 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231687	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4489168 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231655	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4493264 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231623	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4497360 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231591	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4501456 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231559	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4505552 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231527	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4509648 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231495	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4513744 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231463	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4517840 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231431	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4521936 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231399	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4526032 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231367	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4530128 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231335	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4534224 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231303	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4538320 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231271	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4542416 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231239	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4546512 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231207	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4550608 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231175	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4554704 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231143	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4558800 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231111	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4562896 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231079	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4566992 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231047	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4571088 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 231015	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4575184 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 230983	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4579280 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 230951	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4583376 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 230919	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4587472 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 230887	1
__exception__ Nov. 16, 2023, 4:19 p.m.	stacktrace: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf054 @ 0x40f054 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xf0a0 @ 0x40f0a0 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 30 66 0f 7f 47 40 66 0f 7f 47 50 66 exception.symbol: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_pubg_new+0xeff5 exception.address: 0x40eff5 exception.module: 02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe exception.exception_code: 0xc0000005 exception.offset: 61429 registers.esp: 1636940 registers.edi: 4591568 registers.eax: 4393040 registers.ebp: 1636944 registers.edx: 35 registers.ebx: 0 registers.esi: 62062624 registers.ecx: 230855	1

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

GET method with no useragent header

suspicious_request

GET http://gmacro.ru/files/pubg/versionpubg.txt

Performs some HTTP requests (1 event)

request

GET http://gmacro.ru/files/pubg/versionpubg.txt

Resolves a suspicious Top Level Domain (TLD) (1 event)

domain

gmacro.ru

description

Russian Federation domain TLD

Allocates read-write-execute memory (usually to unpack itself) (50 out of 73 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 1769472 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x077b0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07920000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 2228224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07960000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07b40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 2097152 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07b80000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07d40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020e2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07b41000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07b42000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020ea000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020ec000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07b43000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07b44000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0211b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02117000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x078d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02115000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x078d1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x078d4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0210a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02107000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020fa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x078d5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73272000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x078d6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02106000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x078d7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0210b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x078d8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x078d9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:19 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020fd000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:20 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020fe000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:20 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020ff000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:20 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0da20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:20 p.m.	process_identifier: 2656 region_size: 671744 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0da21000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:20 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0dac5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:20 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0dac6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:20 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0dac7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:20 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0dac8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:20 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0dac9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:20 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0af80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:20 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0daca000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:20 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0dacb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:20 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0dacc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:20 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0dacd000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:20 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0dace000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 16, 2023, 4:20 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0dacf000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Nov. 16, 2023, 4:20 p.m.	flags: 15 family: 0		111	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x01c69a00', u'virtual_address': u'0x00026000', u'entropy': 7.999993544272279, u'name': u'.rsrc', u'virtual_size': u'0x01c698bc'}

entropy

7.99999354427

description

A section with a high entropy has been found

entropy

0.995381378402

description

Overall entropy of this PE file is high

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Nov. 16, 2023, 4:19 p.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

A process attempted to delay the analysis task. (1 event)

description

02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe tried to sleep 40922508 seconds, actually delayed analysis time by 40922508 seconds

Installs an hook procedure to monitor for mouse events (1 event)

Time & API	Arguments	Status	Return	Repeated
SetWindowsHookExA Nov. 16, 2023, 4:20 p.m.	thread_identifier: 0 callback_function: 0x07b599fa hook_identifier: 14 (WH_MOUSE_LL) module_address: 0x6e7c0000	1	589937	0

Creates a windows hook that monitors keyboard input (keylogger) (1 event)

Time & API	Arguments	Status	Return	Repeated
SetWindowsHookExA Nov. 16, 2023, 4:20 p.m.	thread_identifier: 0 callback_function: 0x07b599ca hook_identifier: 13 (WH_KEYBOARD_LL) module_address: 0x00400000	1	2687407	0

Generates some ICMP traffic

File has been identified by 20 AntiVirus engines on VirusTotal as malicious (20 events)

FireEye	Generic.mg.01244c0aaa1117bb
Malwarebytes	Malware.AI.1046322563
Sangfor	Trojan.Win32.Agent.Vq8l
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
APEX	Malicious
Rising	Trojan.Generic@AI.90 (RDML:cvyHYlwUE4aNFpXjwL+M2w)
TrendMicro	TrojanSpy.Win32.REDLINE.YXDBSZ
McAfee-GW-Edition	Artemis
Trapmine	suspicious.low.ml.score
Sophos	Generic Reputation PUA (PUA)
Ikarus	Packed.Win32.Crypt
GData	Win32.Packed.Kryptik.AUGKF7
Google	Detected
McAfee	Artemis!01244C0AAA11
Cylance	unsafe
TrendMicro-HouseCall	TrojanSpy.Win32.REDLINE.YXDBSZ
Fortinet	W32/PossibleThreat
AVG	Win32:Malware-gen
Avast	Win32:Malware-gen

02390d465ec5ef463741f737b0d0980e41661346e6bd0c5be40140427224cb1f_PUBG_NEW.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All