Summary | ZeroBOX

dyno.exe

Gorgon Group Generic Malware UPX PE32 PE File
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 24, 2021, 5:14 p.m. Aug. 24, 2021, 5:17 p.m.
Size 124.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 256876a198e1b3f8e579ab00a4615e73
SHA256 f5502d660f4b1f1110b7ba4fd0eab36ec5b44ff97c12b146a48ff8e38efa4745
CRC32 3B9E25C4
ssdeep 1536:xjHslPpuCTL13mdJlU25vO5l5b9bBIb49RVxFMy/Y5SqYzAtnRGfa8ethrYUVDV7:quK13y5lW51BM4p/QtRGC7hrY+VEosW
Yara
  • PE_Header_Zero - PE File Signature
  • Gorgon_Group_IN - Gorgon Group
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • IsPE32 - (no description)

IP Address Status Action
156.96.119.123 Active Moloch
164.124.101.2 Active Moloch
23.146.242.94 Active Moloch

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

1 1 0
resource name CUSTOM
Time & API Arguments Status Return Repeated

__exception__

stacktrace:
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x42f76c
exception.symbol: dyno+0x2f76c
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 194412
registers.esp: 502267788
registers.edi: 0
registers.eax: 4388716
registers.ebp: 502267796
registers.edx: 2022605
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

stacktrace:
dyno+0x2f771 @ 0x42f771
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: a1 0c a0 46 00 56 57 bf 4e e6 40 bb be 00 00 ff
exception.symbol: dyno+0x2fc19
exception.instruction: mov eax, dword ptr [0x46a00c]
exception.module: dyno.exe
exception.exception_code: 0xc0000005
exception.offset: 195609
exception.address: 0x42fc19
registers.esp: 502267760
registers.edi: 0
registers.eax: 4388716
registers.ebp: 502267780
registers.edx: 2022605
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

stacktrace:
dyno+0x2f771 @ 0x42f771
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: ff 15 e0 32 45 00 8b 45 f8 33 45 f4 89 45 fc ff
exception.symbol: dyno+0x2fc3f
exception.instruction: call dword ptr [0x4532e0]
exception.module: dyno.exe
exception.exception_code: 0xc0000005
exception.offset: 195647
exception.address: 0x42fc3f
registers.esp: 502267748
registers.edi: 3141592654
registers.eax: 502267768
registers.ebp: 502267780
registers.edx: 2022605
registers.ebx: 0
registers.esi: 4294901760
registers.ecx: 0
1 0 0

__exception__

stacktrace:
dyno+0x2f328 @ 0x42f328
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x4507ca
exception.symbol: dyno+0x507ca
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 329674
registers.esp: 502267660
registers.edi: 0
registers.eax: 502267768
registers.ebp: 502267712
registers.edx: 0
registers.ebx: 1
registers.esi: 0
registers.ecx: 2953532505
1 0 0

__exception__

stacktrace:
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x431d51
exception.symbol: dyno+0x31d51
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 204113
registers.esp: 502267716
registers.edi: 0
registers.eax: 0
registers.ebp: 502267720
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

stacktrace:
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x434f91
exception.symbol: dyno+0x34f91
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 216977
registers.esp: 502267712
registers.edi: 0
registers.eax: 0
registers.ebp: 502267720
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

stacktrace:
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: a3 20 b3 46 00 c3 cc cc 83 3d 0c ad 46 00 01 72
exception.symbol: dyno+0x34fa8
exception.instruction: mov dword ptr [0x46b320], eax
exception.module: dyno.exe
exception.exception_code: 0xc0000005
exception.offset: 217000
exception.address: 0x434fa8
registers.esp: 502267712
registers.edi: 0
registers.eax: 1341434790
registers.ebp: 502267720
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 26
1 0 0

__exception__

stacktrace:
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x4351e5
exception.symbol: dyno+0x351e5
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 217573
registers.esp: 502267712
registers.edi: 0
registers.eax: 4633372
registers.ebp: 502267720
registers.edx: 9
registers.ebx: 0
registers.esi: 0
registers.ecx: 9
1 0 0

__exception__

stacktrace:
dyno+0x31cb9 @ 0x431cb9
dyno+0x351fb @ 0x4351fb
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: ff 36 e8 59 00 00 00 59 85 c0 75 2f 83 c6 04 3b
exception.symbol: dyno+0x31ad3
exception.instruction: push dword ptr [esi]
exception.module: dyno.exe
exception.exception_code: 0xc0000005
exception.offset: 203475
exception.address: 0x431ad3
registers.esp: 502267644
registers.edi: 4294967295
registers.eax: 1341434790
registers.ebp: 502267656
registers.edx: 1341434790
registers.ebx: 4633368
registers.esi: 4548744
registers.ecx: 6
1 0 0

__exception__

stacktrace:
dyno+0x31afd @ 0x431afd
dyno+0x31cb9 @ 0x431cb9
dyno+0x351fb @ 0x4351fb
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: f2 ae f7 d1 81 f9 ff ff 00 00 76 05 b9 ff ff 00
exception.symbol: RtlInitString+0x1b RtlInitAnsiString-0x1d ntdll+0x2e1b3
exception.instruction: scasb al, byte ptr es:[edi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 188851
exception.address: 0x773ce1b3
registers.esp: 502267596
registers.edi: 4539212
registers.eax: 0
registers.ebp: 502267628
registers.edx: 502267620
registers.ebx: 65535
registers.esi: 4548744
registers.ecx: 4294967295
1 0 0

__exception__

stacktrace:
dyno+0x351a1 @ 0x4351a1
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x40e06b
exception.symbol: dyno+0xe06b
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 57451
registers.esp: 502267688
registers.edi: 0
registers.eax: 1970491179
registers.ebp: 502267700
registers.edx: 2130328564
registers.ebx: 0
registers.esi: 1970491179
registers.ecx: 1970491179
1 0 0

__exception__

stacktrace:
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x43d983
exception.symbol: dyno+0x3d983
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 252291
registers.esp: 502267716
registers.edi: 0
registers.eax: 1
registers.ebp: 502267720
registers.edx: 2130328564
registers.ebx: 0
registers.esi: 0
registers.ecx: 4633380
1 0 0

__exception__

stacktrace:
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x447e38
exception.symbol: dyno+0x47e38
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 294456
registers.esp: 502267704
registers.edi: 0
registers.eax: 1
registers.ebp: 502267720
registers.edx: 2130328564
registers.ebx: 0
registers.esi: 0
registers.ecx: 4633380
1 0 0

__exception__

stacktrace:
dyno+0x3d992 @ 0x43d992
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 8b 1e 85 db 74 0e 8b cb ff 15 74 34 45 00 ff d3
exception.symbol: dyno+0x47e59
exception.instruction: mov ebx, dword ptr [esi]
exception.module: dyno.exe
exception.exception_code: 0xc0000005
exception.offset: 294489
exception.address: 0x447e59
registers.esp: 502267684
registers.edi: 4551376
registers.eax: 1377522834
registers.ebp: 502267700
registers.edx: 2130328564
registers.ebx: 0
registers.esi: 4551376
registers.ecx: 4633380
1 0 0

__exception__

stacktrace:
dyno+0x3d992 @ 0x43d992
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x4428a3
exception.symbol: dyno+0x428a3
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 272547
registers.esp: 502267672
registers.edi: 4551376
registers.eax: 1377522834
registers.ebp: 502267700
registers.edx: 2130328564
registers.ebx: 4446354
registers.esi: 4551376
registers.ecx: 4634196
1 0 0

__exception__

stacktrace:
dyno+0x3d992 @ 0x43d992
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x436939
exception.symbol: dyno+0x36939
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 223545
registers.esp: 502267668
registers.edi: 4551376
registers.eax: 6
registers.ebp: 502267700
registers.edx: 4628968
registers.ebx: 4446406
registers.esi: 1341434790
registers.ecx: 26
1 0 0

__exception__

stacktrace:
dyno+0x3d992 @ 0x43d992
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x43c855
exception.symbol: dyno+0x3c855
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 247893
registers.esp: 502267664
registers.edi: 4551376
registers.eax: 1
registers.ebp: 502267700
registers.edx: 1341434790
registers.ebx: 4446406
registers.esi: 1341434790
registers.ecx: 4633512
1 0 0

__exception__

stacktrace:
dyno+0x3d992 @ 0x43d992
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x44800b
exception.symbol: dyno+0x4800b
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 294923
registers.esp: 502267660
registers.edi: 4551376
registers.eax: 1
registers.ebp: 502267700
registers.edx: 1341434790
registers.ebx: 4446406
registers.esi: 1341434790
registers.ecx: 4633528
1 0 0

__exception__

stacktrace:
dyno+0x3d992 @ 0x43d992
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x403f84
exception.symbol: dyno+0x3f84
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 16260
registers.esp: 502267680
registers.edi: 4551376
registers.eax: 1341434625
registers.ebp: 502267700
registers.edx: 1341434790
registers.ebx: 4210564
registers.esi: 4551400
registers.ecx: 4210564
1 0 0

__exception__

stacktrace:
dyno+0x3d992 @ 0x43d992
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x43f0ec
exception.symbol: dyno+0x3f0ec
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 258284
registers.esp: 502267680
registers.edi: 4551376
registers.eax: 1341434625
registers.ebp: 502267700
registers.edx: 1341434790
registers.ebx: 4452588
registers.esi: 4551408
registers.ecx: 4452588
1 0 0

__exception__

stacktrace:
dyno+0x3f104 @ 0x43f104
dyno+0x3d992 @ 0x43d992
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x441fe7
exception.symbol: dyno+0x41fe7
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 270311
registers.esp: 502267624
registers.edi: 4633872
registers.eax: 1377522850
registers.ebp: 502267652
registers.edx: 1341434790
registers.ebx: 4452588
registers.esi: 0
registers.ecx: 4452588
1 0 0

__exception__

stacktrace:
dyno+0x425c8 @ 0x4425c8
dyno+0x3f104 @ 0x43f104
dyno+0x3d992 @ 0x43d992
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: ff 36 e8 59 00 00 00 59 85 c0 75 2f 83 c6 04 3b
exception.symbol: dyno+0x42023
exception.instruction: push dword ptr [esi]
exception.module: dyno.exe
exception.exception_code: 0xc0000005
exception.offset: 270371
exception.address: 0x442023
registers.esp: 502267608
registers.edi: 4294967295
registers.eax: 1341434790
registers.ebp: 502267620
registers.edx: 1341434790
registers.ebx: 4634360
registers.esi: 4559064
registers.ecx: 6
1 0 0

__exception__

stacktrace:
dyno+0x4202a @ 0x44202a
dyno+0x425c8 @ 0x4425c8
dyno+0x3f104 @ 0x43f104
dyno+0x3d992 @ 0x43d992
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 8b 1c 85 78 8b 45 00 56 68 00 08 00 00 6a 00 53
exception.symbol: dyno+0x420a5
exception.instruction: mov ebx, dword ptr [eax*4 + 0x458b78]
exception.module: dyno.exe
exception.exception_code: 0xc0000005
exception.offset: 270501
exception.address: 0x4420a5
registers.esp: 502267588
registers.edi: 4634232
registers.eax: 8
registers.ebp: 502267596
registers.edx: 1341434790
registers.ebx: 4634360
registers.esi: 4559064
registers.ecx: 0
1 0 0

__exception__

stacktrace:
dyno+0x419ee @ 0x4419ee
dyno+0x41b50 @ 0x441b50
dyno+0x41c16 @ 0x441c16
dyno+0x41e16 @ 0x441e16
dyno+0x3d992 @ 0x43d992
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x449519
exception.symbol: dyno+0x49519
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 300313
registers.esp: 502267520
registers.edi: 10481096
registers.eax: 4628968
registers.ebp: 502267528
registers.edx: 2130328564
registers.ebx: 0
registers.esi: 87
registers.ecx: 502267640
1 0 0

__exception__

stacktrace:
dyno+0x3d992 @ 0x43d992
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x440245
exception.symbol: dyno+0x40245
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 262725
registers.esp: 502267648
registers.edi: 10481096
registers.eax: 0
registers.ebp: 502267700
registers.edx: 0
registers.ebx: 0
registers.esi: 87
registers.ecx: 4463105
1 0 0

__exception__

stacktrace:
dyno+0x3d992 @ 0x43d992
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x443504
exception.symbol: dyno+0x43504
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 275716
registers.esp: 502267680
registers.edi: 4551376
registers.eax: 10480897
registers.ebp: 502267700
registers.edx: 87
registers.ebx: 4470020
registers.esi: 4551440
registers.ecx: 4470020
1 0 0

__exception__

stacktrace:
dyno+0x4733b @ 0x44733b
dyno+0x3d992 @ 0x43d992
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x446fbc
exception.symbol: dyno+0x46fbc
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 290748
registers.esp: 502267644
registers.edi: 4551376
registers.eax: 4630400
registers.ebp: 502267664
registers.edx: 87
registers.ebx: 4485929
registers.esi: 4551456
registers.ecx: 4486120
1 0 0

__exception__

stacktrace:
dyno+0x4728a @ 0x44728a
dyno+0x4733b @ 0x44733b
dyno+0x3d992 @ 0x43d992
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x431ffd
exception.symbol: dyno+0x31ffd
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 204797
registers.esp: 502267564
registers.edi: 10310512
registers.eax: 0
registers.ebp: 502267624
registers.edx: 0
registers.ebx: 1252
registers.esi: 10310352
registers.ecx: 249
1 0 0

__exception__

stacktrace:
dyno+0x4712f @ 0x44712f
dyno+0x475c6 @ 0x4475c6
dyno+0x4728a @ 0x44728a
dyno+0x4733b @ 0x44733b
dyno+0x3d992 @ 0x43d992
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x430bf0
exception.symbol: dyno+0x30bf0
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 199664
registers.esp: 502265128
registers.edi: 1
registers.eax: 1
registers.ebp: 502265696
registers.edx: 3016362
registers.ebx: 512
registers.esi: 502265144
registers.ecx: 1990921984
1 0 0

__exception__

stacktrace:
dyno+0x475c6 @ 0x4475c6
dyno+0x4728a @ 0x44728a
dyno+0x4733b @ 0x44733b
dyno+0x3d992 @ 0x43d992
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x44485c
exception.symbol: dyno+0x4485c
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 280668
registers.esp: 502265664
registers.edi: 256
registers.eax: 502267308
registers.ebp: 502267568
registers.edx: 3016362
registers.ebx: 0
registers.esi: 10310352
registers.ecx: 1341434790
1 0 0

__exception__

stacktrace:
dyno+0x46eb6 @ 0x446eb6
dyno+0x47312 @ 0x447312
dyno+0x4733b @ 0x44733b
dyno+0x3d992 @ 0x43d992
dyno+0x2f617 @ 0x42f617
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x44e7e6
exception.symbol: dyno+0x4e7e6
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 321510
registers.esp: 502267524
registers.edi: 0
registers.eax: 10310364
registers.ebp: 502267592
registers.edx: 502265080
registers.ebx: 0
registers.esi: 502267652
registers.ecx: 502267652
1 0 0

__exception__

stacktrace:
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 39 05 50 dd 46 00 0f 95 c0 c3 cc cc cc cc cc cc
exception.symbol: dyno+0x2fb9f
exception.instruction: cmp dword ptr [0x46dd50], eax
exception.module: dyno.exe
exception.exception_code: 0xc0000005
exception.offset: 195487
exception.address: 0x42fb9f
registers.esp: 502267724
registers.edi: 0
registers.eax: 0
registers.ebp: 502267784
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1
1 0 0

__exception__

stacktrace:
dyno+0x2f659 @ 0x42f659
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x43ee1f
exception.symbol: dyno+0x3ee1f
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 257567
registers.esp: 502267684
registers.edi: 4388166
registers.eax: 0
registers.ebp: 502267716
registers.edx: 0
registers.ebx: 0
registers.esi: 4535664
registers.ecx: 4635228
1 0 0

__exception__

stacktrace:
dyno+0x2f659 @ 0x42f659
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x40dddb
exception.symbol: dyno+0xdddb
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 56795
registers.esp: 502267684
registers.edi: 4388166
registers.eax: 4633868
registers.ebp: 502267716
registers.edx: 0
registers.ebx: 0
registers.esi: 4633868
registers.ecx: 4635228
1 0 0

__exception__

stacktrace:
dyno+0x2f659 @ 0x42f659
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x40bb08
exception.symbol: dyno+0xbb08
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 47880
registers.esp: 502267692
registers.edi: 4388166
registers.eax: 0
registers.ebp: 502267716
registers.edx: 1341434790
registers.ebx: 0
registers.esi: 4535664
registers.ecx: 4390208
1 0 0

__exception__

stacktrace:
dyno+0x2fcca @ 0x42fcca
dyno+0x2f659 @ 0x42f659
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x44ac70
exception.symbol: dyno+0x4ac70
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 306288
registers.esp: 502267660
registers.edi: 4388166
registers.eax: 65536
registers.ebp: 502267676
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 196608
1 0 0

__exception__

stacktrace:
dyno+0x2f659 @ 0x42f659
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x40480a
exception.symbol: dyno+0x480a
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 18442
registers.esp: 502267692
registers.edi: 4388330
registers.eax: 0
registers.ebp: 502267716
registers.edx: 10108292
registers.ebx: 0
registers.esi: 4535668
registers.ecx: 4388330
1 0 0

__exception__

stacktrace:
dyno+0x2f659 @ 0x42f659
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x44f6b4
exception.symbol: dyno+0x4f6b4
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 325300
registers.esp: 502267700
registers.edi: 4519604
registers.eax: 0
registers.ebp: 502267716
registers.edx: 4294963696
registers.ebx: 0
registers.esi: 4535688
registers.ecx: 4519604
1 0 0

__exception__

stacktrace:
dyno+0x2f659 @ 0x42f659
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x44bce4
exception.symbol: dyno+0x4bce4
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 310500
registers.esp: 502267700
registers.edi: 4504804
registers.eax: 0
registers.ebp: 502267716
registers.edx: 4294963696
registers.ebx: 0
registers.esi: 4535692
registers.ecx: 4504804
1 0 0

__exception__

stacktrace:
dyno+0x2f67f @ 0x42f67f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x4014a2
exception.symbol: dyno+0x14a2
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 5282
registers.esp: 502267692
registers.edi: 2
registers.eax: 4199586
registers.ebp: 502267716
registers.edx: 2130328564
registers.ebx: 60
registers.esi: 4535424
registers.ecx: 4199586
1 0 0

__exception__

stacktrace:
dyno+0x2f67f @ 0x42f67f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x402213
exception.symbol: dyno+0x2213
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 8723
registers.esp: 502267680
registers.edi: 7
registers.eax: 4198400
registers.ebp: 502267716
registers.edx: 10123792
registers.ebx: 60
registers.esi: 4636896
registers.ecx: 4636896
1 0 0

__exception__

stacktrace:
dyno+0x1f75 @ 0x401f75
dyno+0x2f67f @ 0x42f67f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 83 61 10 00 8b c1 83 61 14 00 c3 55 8b ec 53 56
exception.symbol: dyno+0x31e7
exception.instruction: and dword ptr [ecx + 0x10], 0
exception.module: dyno.exe
exception.exception_code: 0xc0000005
exception.offset: 12775
exception.address: 0x4031e7
registers.esp: 502267652
registers.edi: 7
registers.eax: 4198400
registers.ebp: 502267676
registers.edx: 10123792
registers.ebx: 60
registers.esi: 4636896
registers.ecx: 4636896
1 0 0

__exception__

stacktrace:
dyno+0x1049 @ 0x401049
dyno+0x2f67f @ 0x42f67f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x439546
exception.symbol: dyno+0x39546
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 234822
registers.esp: 502267672
registers.edi: 10
registers.eax: 4198466
registers.ebp: 502267680
registers.edx: 10123792
registers.ebx: 60
registers.esi: 4535456
registers.ecx: 4198466
1 0 0

__exception__

stacktrace:
dyno+0x2f67f @ 0x42f67f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x4510f8
exception.symbol: dyno+0x510f8
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 332024
registers.esp: 502267680
registers.edi: 11
registers.eax: 4531776
registers.ebp: 502267716
registers.edx: 10123792
registers.ebx: 60
registers.esi: 4535460
registers.ecx: 4198480
1 0 0

__exception__

stacktrace:
dyno+0x2f67f @ 0x42f67f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x41747d
exception.symbol: dyno+0x1747d
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 95357
registers.esp: 502267688
registers.edi: 16
registers.eax: 4198590
registers.ebp: 502267716
registers.edx: 10224160
registers.ebx: 60
registers.esi: 4535480
registers.ecx: 4637240
1 0 0

__exception__

stacktrace:
dyno+0x250c @ 0x40250c
dyno+0x20a4 @ 0x4020a4
dyno+0x17496 @ 0x417496
dyno+0x10c8 @ 0x4010c8
dyno+0x2f67f @ 0x42f67f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 38 00 75 04 33 c0 5d c3 8d 50 01 8a 08 40 84
exception.symbol: dyno+0x15e0
exception.instruction: cmp byte ptr [eax], 0
exception.module: dyno.exe
exception.exception_code: 0xc0000005
exception.offset: 5600
exception.address: 0x4015e0
registers.esp: 502267624
registers.edi: 4584660
registers.eax: 4584660
registers.ebp: 502267624
registers.edx: 10224160
registers.ebx: 4637240
registers.esi: 4637240
registers.ecx: 4637240
1 0 0

__exception__

stacktrace:
dyno+0x10c8 @ 0x4010c8
dyno+0x2f67f @ 0x42f67f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x405220
exception.symbol: dyno+0x5220
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 21024
registers.esp: 502267660
registers.edi: 4584659
registers.eax: 4637240
registers.ebp: 502267684
registers.edx: 505290620
registers.ebx: 4637240
registers.esi: 0
registers.ecx: 4637240
1 0 0

__exception__

stacktrace:
dyno+0x2f67f @ 0x42f67f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.address: 0x4080db
exception.symbol: dyno+0x80db
exception.exception_code: 0xc0000005
exception.module: dyno.exe
exception.offset: 32987
registers.esp: 502267688
registers.edi: 21
registers.eax: 4198704
registers.ebp: 502267716
registers.edx: 505290620
registers.ebx: 60
registers.esi: 4535500
registers.ecx: 4198704
1 0 0

__exception__

stacktrace:
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x76aa6753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x76a81f1c
dyno+0x13bd @ 0x4013bd
dyno+0x2f67f @ 0x42f67f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x773cf7ba
registers.esp: 502267624
registers.edi: 50
registers.eax: 4610312
registers.ebp: 502267628
registers.edx: 1341434790
registers.ebx: 60
registers.esi: 4610313
registers.ecx: 502267644
1 0 0

__exception__

stacktrace:
LoadLibraryA+0x1b HeapCreate-0x3b kernel32+0x149f2 @ 0x757349f2
dyno+0x1495 @ 0x401495
dyno+0x2f67f @ 0x42f67f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 8a 27 83 c7 01 3a e0 74 ee 2c 41 3c 1a 1a c9 80
exception.symbol: _strcmpi+0x40 LdrpResGetMappingSize-0x203 ntdll+0x3c7f9
exception.instruction: mov ah, byte ptr [edi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 247801
exception.address: 0x773dc7f9
registers.esp: 502267636
registers.edi: 4588800
registers.eax: 4199540
registers.ebp: 502267648
registers.edx: 2130328564
registers.ebx: 60
registers.esi: 1970489873
registers.ecx: 4199557
1 0 0
domain d-wave.duckdns.org
domain d-bins.duckdns.org
request GET http://d-bins.duckdns.org/remcos_d_fIqfwC80.bin
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 1016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72d72000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1016
region_size: 77824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03a40000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 876544
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x773b0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 876544
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x773b0000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 1016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x00460000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

EnumServicesStatusA

service_handle: 0x004e75d0
service_type: 48
service_status: 3
0 0
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
FireEye Generic.mg.256876a198e1b3f8
CrowdStrike win/malicious_confidence_60% (D)
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/GenKryptik.FJKT
APEX Malicious
BitDefender Gen:Variant.Razy.913027
SentinelOne Static AI - Suspicious PE
Avira TR/Dropper.Gen
Cynet Malicious (score: 100)
eGambit Unsafe.AI_Score_99%
BitDefenderTheta Gen:NN.ZevbaF.34088.hm0@aWl78ypO
dead_host 192.168.56.101:49222
dead_host 192.168.56.101:49202
dead_host 192.168.56.101:49211
dead_host 192.168.56.101:49206
dead_host 192.168.56.101:49219
dead_host 192.168.56.101:49215
dead_host 156.96.119.123:1144
dead_host 192.168.56.101:49223
dead_host 192.168.56.101:49203
dead_host 192.168.56.101:49207
dead_host 192.168.56.101:49208
dead_host 192.168.56.101:49216
dead_host 192.168.56.101:49212
dead_host 192.168.56.101:49220
dead_host 192.168.56.101:49209
dead_host 192.168.56.101:49204
dead_host 192.168.56.101:49217
dead_host 192.168.56.101:49213
dead_host 192.168.56.101:49221
dead_host 192.168.56.101:49210
dead_host 192.168.56.101:49205
dead_host 192.168.56.101:49218
dead_host 192.168.56.101:49214