Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then mov ecx, dword ptr [ebp-38h] |
0_2_05972E10 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then mov ecx, dword ptr [ebp-38h] |
0_2_05972E08 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then mov ecx, dword ptr [ebp-38h] |
0_2_05972880 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h |
0_2_07AB1C08 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then push dword ptr [ebp-24h] |
0_2_07AB24A0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh |
0_2_07AB24A0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then push dword ptr [ebp-24h] |
0_2_07AB2495 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh |
0_2_07AB2495 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 07ABFA6Ah |
0_2_07ABF1EC |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then xor edx, edx |
0_2_07AB1FC5 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then xor edx, edx |
0_2_07AB1FD0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then push dword ptr [ebp-20h] |
0_2_07AB1D6C |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh |
0_2_07AB1D6C |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then push dword ptr [ebp-20h] |
0_2_07AB1D78 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh |
0_2_07AB1D78 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h |
0_2_07AB1BFD |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 02DCF7A1h |
3_2_02DCF4E8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
3_2_02DCEA08 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 02DCFBF9h |
3_2_02DCF941 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B2DDC1h |
3_2_05B2DB18 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B22658h |
3_2_05B22586 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B22091h |
3_2_05B21DE0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B217D1h |
3_2_05B21520 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B2F7D1h |
3_2_05B2F528 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B2C809h |
3_2_05B2C560 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B2EF21h |
3_2_05B2EC78 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B20F11h |
3_2_05B20C60 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B2E219h |
3_2_05B2DF70 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B2D969h |
3_2_05B2D6C0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B2D0B9h |
3_2_05B2CE10 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B2CC61h |
3_2_05B2C9B8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B21C31h |
3_2_05B21980 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B2FC29h |
3_2_05B2F980 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B2C3B1h |
3_2_05B2C108 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B2F379h |
3_2_05B2F0D0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B21371h |
3_2_05B210C0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B2EAC9h |
3_2_05B2E820 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B2021Dh |
3_2_05B20040 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B20BA7h |
3_2_05B20040 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B2E671h |
3_2_05B2E3C8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B2D511h |
3_2_05B2D268 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 05B22658h |
3_2_05B22240 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 06CE8D95h |
3_2_06CE8A58 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 06CE72C9h |
3_2_06CE7020 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 06CE6169h |
3_2_06CE5EC0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 06CE5D11h |
3_2_06CE5A68 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 06CE88A9h |
3_2_06CE8600 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 06CE6E71h |
3_2_06CE6BC8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then lea esp, dword ptr [ebp-04h] |
3_2_06CE37FB |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 06CE6A19h |
3_2_06CE6770 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 06CE65C1h |
3_2_06CE6318 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 06CE7BA1h |
3_2_06CE78F8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 06CE0B99h |
3_2_06CE08F0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 06CE0741h |
3_2_06CE0498 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 06CE774Ah |
3_2_06CE74A0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 06CE02E9h |
3_2_06CE0040 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then lea esp, dword ptr [ebp-04h] |
3_2_06CE3808 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 06CE5891h |
3_2_06CE55E8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 06CE8451h |
3_2_06CE81A8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 06CE1449h |
3_2_06CE11A0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 06CE0FF1h |
3_2_06CE0D48 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 06CE7FF9h |
3_2_06CE7D50 |
Source: DEKONT.exe, 00000003.00000002.3822157482.0000000003099000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003155000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003191000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003182000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003147000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.000000000312C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.com |
Source: DEKONT.exe, 00000003.00000002.3822157482.00000000030DC000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003099000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003155000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003191000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003163000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003182000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003147000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.000000000312C000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.000000000308D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org |
Source: DEKONT.exe, 00000003.00000002.3822157482.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: DEKONT.exe, 00000000.00000002.1375703382.0000000004DF7000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3819808283.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/q |
Source: DEKONT.exe, 00000003.00000002.3822157482.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003155000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003191000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003182000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003147000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.000000000312C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://reallyfreegeoip.org |
Source: DEKONT.exe, 00000003.00000002.3822157482.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: DEKONT.exe, 00000003.00000002.3822157482.000000000319F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://scratchdreams.tk |
Source: DEKONT.exe |
String found in binary or memory: http://tempuri.org/DataSet1.xsd |
Source: DEKONT.exe, 00000003.00000002.3822157482.00000000030DC000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003099000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003155000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003191000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003182000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003147000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.000000000312C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org |
Source: DEKONT.exe, 00000000.00000002.1375703382.0000000004DF7000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003099000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3819808283.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: DEKONT.exe, 00000003.00000002.3822157482.000000000312C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/154.16.105.36 |
Source: DEKONT.exe, 00000003.00000002.3822157482.00000000030DC000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003155000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003191000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003182000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000003147000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.000000000312C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/154.16.105.36$ |
Source: DEKONT.exe, 00000003.00000002.3822157482.0000000003147000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/154.16.105.36( |
Source: DEKONT.exe, 00000000.00000002.1375703382.0000000004DF7000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3819808283.0000000000402000.00000040.00000400.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.3822157482.000000000319F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://scratchdreams.tk |
Source: DEKONT.exe, 00000003.00000002.3822157482.000000000319F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://scratchdreams.tk/_send_.php?TS |
Source: 3.2.DEKONT.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 3.2.DEKONT.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.2.DEKONT.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 3.2.DEKONT.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.DEKONT.exe.5056a70.7.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.DEKONT.exe.5056a70.7.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.DEKONT.exe.5056a70.7.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.DEKONT.exe.5056a70.7.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.DEKONT.exe.5056a70.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.DEKONT.exe.5056a70.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.DEKONT.exe.5056a70.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.DEKONT.exe.5056a70.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.DEKONT.exe.4f92230.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.DEKONT.exe.4f92230.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.DEKONT.exe.4f92230.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000003.00000002.3819808283.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000003.00000002.3819808283.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000000.00000002.1375703382.0000000004DF7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000000.00000002.1375703382.0000000004DF7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: Process Memory Space: DEKONT.exe PID: 7384, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: DEKONT.exe PID: 7384, type: MEMORYSTR |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: Process Memory Space: DEKONT.exe PID: 7564, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: DEKONT.exe PID: 7564, type: MEMORYSTR |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_017FDFE4 |
0_2_017FDFE4 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_032A12A0 |
0_2_032A12A0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_05976E40 |
0_2_05976E40 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_05970598 |
0_2_05970598 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_05970589 |
0_2_05970589 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_05976E31 |
0_2_05976E31 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_059A7684 |
0_2_059A7684 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_059A766D |
0_2_059A766D |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_059ABC20 |
0_2_059ABC20 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07AB04B8 |
0_2_07AB04B8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07AB01A0 |
0_2_07AB01A0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07ABC7A8 |
0_2_07ABC7A8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07ABC7B8 |
0_2_07ABC7B8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07AB04A8 |
0_2_07AB04A8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07AB0190 |
0_2_07AB0190 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07AB1139 |
0_2_07AB1139 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07ABB101 |
0_2_07ABB101 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07AB1148 |
0_2_07AB1148 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07AB3FA1 |
0_2_07AB3FA1 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07AB3FB0 |
0_2_07AB3FB0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07AB3F50 |
0_2_07AB3F50 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07ABACD8 |
0_2_07ABACD8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07AB7C38 |
0_2_07AB7C38 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07ABCBF0 |
0_2_07ABCBF0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07AB2A80 |
0_2_07AB2A80 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07AB2A6F |
0_2_07AB2A6F |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_02DCB388 |
3_2_02DCB388 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_02DCC1F0 |
3_2_02DCC1F0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_02DC6168 |
3_2_02DC6168 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_02DCC7B2 |
3_2_02DCC7B2 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_02DCC4D0 |
3_2_02DCC4D0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_02DCCA92 |
3_2_02DCCA92 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_02DC4B31 |
3_2_02DC4B31 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_02DC68E0 |
3_2_02DC68E0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_02DC98B8 |
3_2_02DC98B8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_02DCBF10 |
3_2_02DCBF10 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_02DCBC32 |
3_2_02DCBC32 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_02DCF4E8 |
3_2_02DCF4E8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_02DC35CA |
3_2_02DC35CA |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_02DCB552 |
3_2_02DCB552 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_02DCEA08 |
3_2_02DCEA08 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_02DCE9F8 |
3_2_02DCE9F8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_02DCF941 |
3_2_02DCF941 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B24490 |
3_2_05B24490 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B289B0 |
3_2_05B289B0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B29080 |
3_2_05B29080 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2DB18 |
3_2_05B2DB18 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B21DE0 |
3_2_05B21DE0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B21DD0 |
3_2_05B21DD0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B21520 |
3_2_05B21520 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2F528 |
3_2_05B2F528 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B21510 |
3_2_05B21510 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2F518 |
3_2_05B2F518 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2C560 |
3_2_05B2C560 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2C550 |
3_2_05B2C550 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B24480 |
3_2_05B24480 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2EC78 |
3_2_05B2EC78 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B20C60 |
3_2_05B20C60 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2EC69 |
3_2_05B2EC69 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B20C50 |
3_2_05B20C50 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B27FF8 |
3_2_05B27FF8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2DF70 |
3_2_05B2DF70 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2DF60 |
3_2_05B2DF60 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2D6B0 |
3_2_05B2D6B0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2D6C0 |
3_2_05B2D6C0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2CE10 |
3_2_05B2CE10 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2CE01 |
3_2_05B2CE01 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2C9B8 |
3_2_05B2C9B8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2C9A9 |
3_2_05B2C9A9 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B21980 |
3_2_05B21980 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2F980 |
3_2_05B2F980 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2C108 |
3_2_05B2C108 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2F973 |
3_2_05B2F973 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B21970 |
3_2_05B21970 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B210B0 |
3_2_05B210B0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2C0F7 |
3_2_05B2C0F7 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2F0D0 |
3_2_05B2F0D0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B210C0 |
3_2_05B210C0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2F0C0 |
3_2_05B2F0C0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2E820 |
3_2_05B2E820 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2E811 |
3_2_05B2E811 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B20006 |
3_2_05B20006 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B28008 |
3_2_05B28008 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B20040 |
3_2_05B20040 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2E3BB |
3_2_05B2E3BB |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2E3C8 |
3_2_05B2E3C8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2DB09 |
3_2_05B2DB09 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2D268 |
3_2_05B2D268 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_05B2D258 |
3_2_05B2D258 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CEDAC0 |
3_2_06CEDAC0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CEAEA8 |
3_2_06CEAEA8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE8A58 |
3_2_06CE8A58 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CECE28 |
3_2_06CECE28 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CEC7D8 |
3_2_06CEC7D8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CEBB38 |
3_2_06CEBB38 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CEB4F0 |
3_2_06CEB4F0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE90A1 |
3_2_06CE90A1 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CEA858 |
3_2_06CEA858 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CED478 |
3_2_06CED478 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE7020 |
3_2_06CE7020 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE15F8 |
3_2_06CE15F8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CEC188 |
3_2_06CEC188 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE5EC0 |
3_2_06CE5EC0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CEAE98 |
3_2_06CEAE98 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CEDABB |
3_2_06CEDABB |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CEDAB7 |
3_2_06CEDAB7 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE5EB1 |
3_2_06CE5EB1 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE8A48 |
3_2_06CE8A48 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE5A58 |
3_2_06CE5A58 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE5A68 |
3_2_06CE5A68 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE8600 |
3_2_06CE8600 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CECE23 |
3_2_06CECE23 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE6BC8 |
3_2_06CE6BC8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CEC7C9 |
3_2_06CEC7C9 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE37FB |
3_2_06CE37FB |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE3B80 |
3_2_06CE3B80 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE6BB8 |
3_2_06CE6BB8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE6760 |
3_2_06CE6760 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE6770 |
3_2_06CE6770 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE6308 |
3_2_06CE6308 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE6318 |
3_2_06CE6318 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CEBB27 |
3_2_06CEBB27 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE78E7 |
3_2_06CE78E7 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CEB4E0 |
3_2_06CEB4E0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE08E1 |
3_2_06CE08E1 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE78F8 |
3_2_06CE78F8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE08F0 |
3_2_06CE08F0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE0488 |
3_2_06CE0488 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE4880 |
3_2_06CE4880 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE0498 |
3_2_06CE0498 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE7490 |
3_2_06CE7490 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE74A0 |
3_2_06CE74A0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CEA848 |
3_2_06CEA848 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE0040 |
3_2_06CE0040 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE2C68 |
3_2_06CE2C68 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CED473 |
3_2_06CED473 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE3808 |
3_2_06CE3808 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE0006 |
3_2_06CE0006 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE7010 |
3_2_06CE7010 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE55D9 |
3_2_06CE55D9 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE55E8 |
3_2_06CE55E8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE85F1 |
3_2_06CE85F1 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE819B |
3_2_06CE819B |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE1191 |
3_2_06CE1191 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE81A8 |
3_2_06CE81A8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE11A0 |
3_2_06CE11A0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE0D48 |
3_2_06CE0D48 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE7D40 |
3_2_06CE7D40 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE7D50 |
3_2_06CE7D50 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CEC178 |
3_2_06CEC178 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06CE0D38 |
3_2_06CE0D38 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06D0FA32 |
3_2_06D0FA32 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06D0BFEC |
3_2_06D0BFEC |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_06D0DC48 |
3_2_06D0DC48 |
Source: 3.2.DEKONT.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 3.2.DEKONT.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.DEKONT.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 3.2.DEKONT.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.DEKONT.exe.5056a70.7.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.DEKONT.exe.5056a70.7.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.DEKONT.exe.5056a70.7.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.DEKONT.exe.5056a70.7.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.DEKONT.exe.5056a70.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.DEKONT.exe.5056a70.7.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.DEKONT.exe.5056a70.7.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.DEKONT.exe.5056a70.7.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.DEKONT.exe.4f92230.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.DEKONT.exe.4f92230.8.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.DEKONT.exe.4f92230.8.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000003.00000002.3819808283.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000003.00000002.3819808283.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000000.00000002.1375703382.0000000004DF7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000000.00000002.1375703382.0000000004DF7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: DEKONT.exe PID: 7384, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: DEKONT.exe PID: 7384, type: MEMORYSTR |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: DEKONT.exe PID: 7564, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: DEKONT.exe PID: 7564, type: MEMORYSTR |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, j7d5IZaVDa8eflLKhe.cs |
High entropy of concatenated method names: 'Dispose', 'YQbSRd8CIr', 'NBkGmQUEBF', 'l2btt69X0M', 'lpGSjvFYN1', 'T41SzQibdE', 'ProcessDialogKey', 'DHAGT9kF5E', 'xMoGSWPl4N', 'J5RGG0yyrD' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, NrVOQ4zeWdeVemv54c.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'sqEy06EkHZ', 'i64yhNOq3b', 'CqJyZL140A', 'Ykuy83HTux', 'NF2y6ok59K', 'tv6yyGLf15', 'H9gyKWXGYY' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, muuaUoYiGSoCDdtP5k.cs |
High entropy of concatenated method names: 'WiEySSoxDY', 'r3HybsKy6r', 'KMByuWM7mR', 'daQyYEVdcn', 'NPZyVdwErR', 'sikyas3i1e', 'AtUy3Dl89Q', 'xlU6J8bIC6', 'Jga6QmZZ6c', 'Vrq6RCXOQ4' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, yF000nJfGcUm3eXcd6.cs |
High entropy of concatenated method names: 'LsTSg9qWCk', 'xvKSFUP70r', 'vXJSUjRcoZ', 'uEtS9TwUOF', 'gkqShoV01o', 'yiNSZ0Mj9A', 'gkEcbl9QpfuwCiLQcE', 'JCAj49fxwY6ICSYfRW', 'RYXSSaPVrK', 'NsUSbbFICD' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, YmAf6MkD2jSb9njWmK.cs |
High entropy of concatenated method names: 'Esd3dvXPia', 'l8j3LRaKLp', 'Wno3XihAPf', 'Pfk3fKsF7l', 'F6u3OADrMx', 'kW23e9nTgp', 'Qqe3Mj18Q6', 'IkJ3oWxDRL', 'rDxX9h4BY6BCoD2uUom', 'NVmtcI4jAGOGIfDqbJA' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, f5NFKofKgfJb7mVTpo.cs |
High entropy of concatenated method names: 'QB4hAtCDIS', 'TBUhkOP5su', 'i6WhcPjsUr', 'Tg2hnEwqNI', 'vUChmEU4y1', 'OpqhD6IYBw', 'LG7hr5EW6A', 'WFAhi6Is42', 'xd1h5NmDN6', 'c6VhNCRtrY' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, T2wON1nl2AHSS7i3Cd.cs |
High entropy of concatenated method names: 'vs6aqYDlJe', 'vIEae1JnTG', 'LL2CDM179A', 'PSiCrsb9I1', 'S9jCi1Y0VS', 'QvSC5XKyyU', 'RkmCNB2iQs', 'UGjCxsH1w9', 'cLwCvmB9p1', 'CORCAJRthF' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, e2x0LcsrhHTSFP8f88.cs |
High entropy of concatenated method names: 'qqu8QNTANw', 'tjS8jDCbGN', 'HLR6TNmS3T', 'PR06S39DBg', 'FhF823uPbT', 'qBE8khOYIe', 'cha8sH9DN2', 'WJq8cLXvwq', 'wsI8nI3iHl', 'SFX845yDgj' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, A0ifTxEhkahsKJcug7.cs |
High entropy of concatenated method names: 'qov0ILdnPw', 'Eqd0MX1MS3', 'yLc0HR4vPr', 'B9K0mQaHsB', 'uXY0rNBQKy', 'Sw00i1gugn', 'n7t0NoQMtU', 'TDf0xJfVEt', 'TJx0A82xCL', 'tX402bl8NB' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, hgicsSiWJil1ySVfNkc.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'CGJKcCiosc', 'BxcKnge9VJ', 'rgjK4IDRDk', 'tH3Kp6QFnC', 'GycKWTFqhk', 'FE0KP6U07J', 'moiKJ3XABH' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, gBrw0gPbXtcXH18PyW.cs |
High entropy of concatenated method names: 'PWHVcgh4Zo', 'rimVnfljhR', 'xNOV4ga8Wx', 'vv6VpOndoN', 'qqAVWKBehY', 'wE9VPhSDcJ', 'rMaVJaJb58', 'qNGVQPJT1b', 'KyBVRqIL8x', 'YZqVjrhrtb' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, Vu7uKBGDy1SRZu1Rwk.cs |
High entropy of concatenated method names: 'KJS3wNu6nd', 'vHZ3V0if6Y', 'DGP3aovHcZ', 'EAC3gmZJU5', 'R6p3FIvIBa', 'w2HaW6O5LH', 'NXPaPqDd8s', 'L6EaJAIPF4', 'WJdaQBrDvJ', 'XEZaRU4F80' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, dZi2dj2hRfNN8h8ksu.cs |
High entropy of concatenated method names: 'ToString', 'rDLZ2npVs2', 'fuNZmmn1P9', 'DOQZDAglPg', 'wqpZrqQ7wH', 'mhvZiaEdXb', 'HlxZ5bTTva', 'MDuZNy0fHq', 'jovZxqtMGH', 'iZ4ZvWVp7j' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, KXbphEuMQhqJVEQoHN.cs |
High entropy of concatenated method names: 'fTCXV8POU', 'YOsf4DMSK', 'zKPOQTjUT', 'vUGe7Yu1f', 's8SMVdvbn', 'ECPoxvOp1', 'wJ0l7PP7mgVKm7pksU', 'LONHPEUi8265Ew4qbO', 'aSx6QGAIn', 'M9xKlMe4m' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, lGaBmFeZoKPSkJP2Yp.cs |
High entropy of concatenated method names: 'vc5CfD3IXy', 'ASLCOnWPQI', 'L2yCIvLsAb', 'To3CMUXlDp', 'BLMChjwWcj', 'JVxCZHJC3O', 'ut0C81SnUE', 'x28C69df3j', 'UdyCyyAOmi', 'S4dCKHEocf' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, Ywj4IaidrNmP8uv9vDJ.cs |
High entropy of concatenated method names: 'Id5yLlpHWO', 'gy4yB3XQ69', 'FSwyX5YUs8', 'FL8yfTf6iA', 'SIxyqarAE2', 'rlZyOpucCs', 'xtFyeCEA0d', 'WoQyIEeMQj', 'BoOyMx7XYH', 'j92yo63jMS' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, B4811WBL5mqt3ICmNd.cs |
High entropy of concatenated method names: 'Be6gYa1Mry', 'RNhgCCPmnl', 'MT3g3r93XP', 'DFi3jou71e', 'mIk3z8TjwO', 'ujdgTSmMtM', 'KYhgSq3AZk', 'XNQgGWHuTJ', 'HS8gbK7J3w', 'G0mguGLxOI' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, rLmnNArP7PMRCd7lnZ.cs |
High entropy of concatenated method names: 'Evl6Y0Whxr', 'qgR6VsEdAm', 're76CWwgB0', 'bZC6aM43Io', 'TSg63UMjKx', 'Ivm6gFNOlM', 'byg6FFB0R0', 'UcN6EaaGCV', 'V4w6UCt7Lk', 'jX169cVtTZ' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, am6RHBVRAjP4cOtlwi.cs |
High entropy of concatenated method names: 'PxCbwXdJr5', 'D9IbYynKIL', 'l9GbVZSH7o', 'eCLbCFOomy', 'asDbaHLltO', 'GVQb33uaOD', 'HLlbgrTb6P', 'jK2bFQIlLq', 'kCHbEtCv2i', 'YhVbUAoxDl' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, FBG5j0iuYmUu2hs3rvO.cs |
High entropy of concatenated method names: 'BVSKL8JT5Y', 'VgxKB6mUN7', 'E12KXgaD9m', 'NWbo4MZp6D7eQuKkqtp', 'u4O1ncZ40P2AaXDrFJl', 'rNIAsvZDs2OwHN49hTb', 'kYjD05ZAi6Jpt0QPqwG' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, BFLjVfUFsTVdK6vfYh.cs |
High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'UBPGRQcean', 'Gh7Gj844bg', 'OZ3GzDf4N5', 'ENBbTqRG9y', 'EvRbSr2yTm', 'tq1bGYGv8l', 'T5ybb6hZCk', 'wmqQ5DplEUp2txgLK2P' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, F210rv93PN13RwKJgt.cs |
High entropy of concatenated method names: 'V51345goeB', 'zfv3pHKBAx', 'jlj3WjfsrN', 'ToString', 'jVt3PTFlX2', 'shK3Jh18kc', 'EBgIAr4FQW6NbudKLPc', 'WknDC34Eysm7R6M5wJZ' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, Lx9sgrycVNWcPtH7Mh.cs |
High entropy of concatenated method names: 'FZQgL2dWTg', 'OZdgBlfbmG', 'iGlgXJAjYy', 'bWhgfsRR8y', 'ey2gqCsvj9', 'wfigO0Ts0Q', 'm0ogeuk6h3', 'BbTgIYsToM', 'yENgMOilNQ', 'xKagoHKFjt' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, AdfsfmCabcv5q7JqiV.cs |
High entropy of concatenated method names: 'o2H8UTwoUn', 'jtJ89ykxL2', 'ToString', 'b9K8YeR9y5', 'bPX8VfyOgm', 'f228CuIvTQ', 'U3F8aQkjAE', 'A9s83iQBbF', 'MHA8gKCxxM', 'By88FKKrHU' |
Source: 0.2.DEKONT.exe.4ff4650.9.raw.unpack, tlZ78fq5Zw1LILhJLc.cs |
High entropy of concatenated method names: 'AAn6HO6HkR', 'Gjt6mhAy5U', 'qOx6DlTZMU', 'eHy6rtgrOM', 'Pba6cWLU3G', 'OJD6i0hRbv', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, j7d5IZaVDa8eflLKhe.cs |
High entropy of concatenated method names: 'Dispose', 'YQbSRd8CIr', 'NBkGmQUEBF', 'l2btt69X0M', 'lpGSjvFYN1', 'T41SzQibdE', 'ProcessDialogKey', 'DHAGT9kF5E', 'xMoGSWPl4N', 'J5RGG0yyrD' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, NrVOQ4zeWdeVemv54c.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'sqEy06EkHZ', 'i64yhNOq3b', 'CqJyZL140A', 'Ykuy83HTux', 'NF2y6ok59K', 'tv6yyGLf15', 'H9gyKWXGYY' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, muuaUoYiGSoCDdtP5k.cs |
High entropy of concatenated method names: 'WiEySSoxDY', 'r3HybsKy6r', 'KMByuWM7mR', 'daQyYEVdcn', 'NPZyVdwErR', 'sikyas3i1e', 'AtUy3Dl89Q', 'xlU6J8bIC6', 'Jga6QmZZ6c', 'Vrq6RCXOQ4' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, yF000nJfGcUm3eXcd6.cs |
High entropy of concatenated method names: 'LsTSg9qWCk', 'xvKSFUP70r', 'vXJSUjRcoZ', 'uEtS9TwUOF', 'gkqShoV01o', 'yiNSZ0Mj9A', 'gkEcbl9QpfuwCiLQcE', 'JCAj49fxwY6ICSYfRW', 'RYXSSaPVrK', 'NsUSbbFICD' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, YmAf6MkD2jSb9njWmK.cs |
High entropy of concatenated method names: 'Esd3dvXPia', 'l8j3LRaKLp', 'Wno3XihAPf', 'Pfk3fKsF7l', 'F6u3OADrMx', 'kW23e9nTgp', 'Qqe3Mj18Q6', 'IkJ3oWxDRL', 'rDxX9h4BY6BCoD2uUom', 'NVmtcI4jAGOGIfDqbJA' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, f5NFKofKgfJb7mVTpo.cs |
High entropy of concatenated method names: 'QB4hAtCDIS', 'TBUhkOP5su', 'i6WhcPjsUr', 'Tg2hnEwqNI', 'vUChmEU4y1', 'OpqhD6IYBw', 'LG7hr5EW6A', 'WFAhi6Is42', 'xd1h5NmDN6', 'c6VhNCRtrY' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, T2wON1nl2AHSS7i3Cd.cs |
High entropy of concatenated method names: 'vs6aqYDlJe', 'vIEae1JnTG', 'LL2CDM179A', 'PSiCrsb9I1', 'S9jCi1Y0VS', 'QvSC5XKyyU', 'RkmCNB2iQs', 'UGjCxsH1w9', 'cLwCvmB9p1', 'CORCAJRthF' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, e2x0LcsrhHTSFP8f88.cs |
High entropy of concatenated method names: 'qqu8QNTANw', 'tjS8jDCbGN', 'HLR6TNmS3T', 'PR06S39DBg', 'FhF823uPbT', 'qBE8khOYIe', 'cha8sH9DN2', 'WJq8cLXvwq', 'wsI8nI3iHl', 'SFX845yDgj' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, A0ifTxEhkahsKJcug7.cs |
High entropy of concatenated method names: 'qov0ILdnPw', 'Eqd0MX1MS3', 'yLc0HR4vPr', 'B9K0mQaHsB', 'uXY0rNBQKy', 'Sw00i1gugn', 'n7t0NoQMtU', 'TDf0xJfVEt', 'TJx0A82xCL', 'tX402bl8NB' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, hgicsSiWJil1ySVfNkc.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'CGJKcCiosc', 'BxcKnge9VJ', 'rgjK4IDRDk', 'tH3Kp6QFnC', 'GycKWTFqhk', 'FE0KP6U07J', 'moiKJ3XABH' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, gBrw0gPbXtcXH18PyW.cs |
High entropy of concatenated method names: 'PWHVcgh4Zo', 'rimVnfljhR', 'xNOV4ga8Wx', 'vv6VpOndoN', 'qqAVWKBehY', 'wE9VPhSDcJ', 'rMaVJaJb58', 'qNGVQPJT1b', 'KyBVRqIL8x', 'YZqVjrhrtb' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, Vu7uKBGDy1SRZu1Rwk.cs |
High entropy of concatenated method names: 'KJS3wNu6nd', 'vHZ3V0if6Y', 'DGP3aovHcZ', 'EAC3gmZJU5', 'R6p3FIvIBa', 'w2HaW6O5LH', 'NXPaPqDd8s', 'L6EaJAIPF4', 'WJdaQBrDvJ', 'XEZaRU4F80' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, dZi2dj2hRfNN8h8ksu.cs |
High entropy of concatenated method names: 'ToString', 'rDLZ2npVs2', 'fuNZmmn1P9', 'DOQZDAglPg', 'wqpZrqQ7wH', 'mhvZiaEdXb', 'HlxZ5bTTva', 'MDuZNy0fHq', 'jovZxqtMGH', 'iZ4ZvWVp7j' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, KXbphEuMQhqJVEQoHN.cs |
High entropy of concatenated method names: 'fTCXV8POU', 'YOsf4DMSK', 'zKPOQTjUT', 'vUGe7Yu1f', 's8SMVdvbn', 'ECPoxvOp1', 'wJ0l7PP7mgVKm7pksU', 'LONHPEUi8265Ew4qbO', 'aSx6QGAIn', 'M9xKlMe4m' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, lGaBmFeZoKPSkJP2Yp.cs |
High entropy of concatenated method names: 'vc5CfD3IXy', 'ASLCOnWPQI', 'L2yCIvLsAb', 'To3CMUXlDp', 'BLMChjwWcj', 'JVxCZHJC3O', 'ut0C81SnUE', 'x28C69df3j', 'UdyCyyAOmi', 'S4dCKHEocf' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, Ywj4IaidrNmP8uv9vDJ.cs |
High entropy of concatenated method names: 'Id5yLlpHWO', 'gy4yB3XQ69', 'FSwyX5YUs8', 'FL8yfTf6iA', 'SIxyqarAE2', 'rlZyOpucCs', 'xtFyeCEA0d', 'WoQyIEeMQj', 'BoOyMx7XYH', 'j92yo63jMS' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, B4811WBL5mqt3ICmNd.cs |
High entropy of concatenated method names: 'Be6gYa1Mry', 'RNhgCCPmnl', 'MT3g3r93XP', 'DFi3jou71e', 'mIk3z8TjwO', 'ujdgTSmMtM', 'KYhgSq3AZk', 'XNQgGWHuTJ', 'HS8gbK7J3w', 'G0mguGLxOI' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, rLmnNArP7PMRCd7lnZ.cs |
High entropy of concatenated method names: 'Evl6Y0Whxr', 'qgR6VsEdAm', 're76CWwgB0', 'bZC6aM43Io', 'TSg63UMjKx', 'Ivm6gFNOlM', 'byg6FFB0R0', 'UcN6EaaGCV', 'V4w6UCt7Lk', 'jX169cVtTZ' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, am6RHBVRAjP4cOtlwi.cs |
High entropy of concatenated method names: 'PxCbwXdJr5', 'D9IbYynKIL', 'l9GbVZSH7o', 'eCLbCFOomy', 'asDbaHLltO', 'GVQb33uaOD', 'HLlbgrTb6P', 'jK2bFQIlLq', 'kCHbEtCv2i', 'YhVbUAoxDl' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, FBG5j0iuYmUu2hs3rvO.cs |
High entropy of concatenated method names: 'BVSKL8JT5Y', 'VgxKB6mUN7', 'E12KXgaD9m', 'NWbo4MZp6D7eQuKkqtp', 'u4O1ncZ40P2AaXDrFJl', 'rNIAsvZDs2OwHN49hTb', 'kYjD05ZAi6Jpt0QPqwG' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, BFLjVfUFsTVdK6vfYh.cs |
High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'UBPGRQcean', 'Gh7Gj844bg', 'OZ3GzDf4N5', 'ENBbTqRG9y', 'EvRbSr2yTm', 'tq1bGYGv8l', 'T5ybb6hZCk', 'wmqQ5DplEUp2txgLK2P' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, F210rv93PN13RwKJgt.cs |
High entropy of concatenated method names: 'V51345goeB', 'zfv3pHKBAx', 'jlj3WjfsrN', 'ToString', 'jVt3PTFlX2', 'shK3Jh18kc', 'EBgIAr4FQW6NbudKLPc', 'WknDC34Eysm7R6M5wJZ' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, Lx9sgrycVNWcPtH7Mh.cs |
High entropy of concatenated method names: 'FZQgL2dWTg', 'OZdgBlfbmG', 'iGlgXJAjYy', 'bWhgfsRR8y', 'ey2gqCsvj9', 'wfigO0Ts0Q', 'm0ogeuk6h3', 'BbTgIYsToM', 'yENgMOilNQ', 'xKagoHKFjt' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, AdfsfmCabcv5q7JqiV.cs |
High entropy of concatenated method names: 'o2H8UTwoUn', 'jtJ89ykxL2', 'ToString', 'b9K8YeR9y5', 'bPX8VfyOgm', 'f228CuIvTQ', 'U3F8aQkjAE', 'A9s83iQBbF', 'MHA8gKCxxM', 'By88FKKrHU' |
Source: 0.2.DEKONT.exe.3210000.0.raw.unpack, tlZ78fq5Zw1LILhJLc.cs |
High entropy of concatenated method names: 'AAn6HO6HkR', 'Gjt6mhAy5U', 'qOx6DlTZMU', 'eHy6rtgrOM', 'Pba6cWLU3G', 'OJD6i0hRbv', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.DEKONT.exe.4409970.10.raw.unpack, V4uC3Iifq56IKQcfry.cs |
High entropy of concatenated method names: 'JcqLcnHE8kRk7VHJhl', 'baAwnpSkPWAs4YMGxr', 'wTgrto4LNQ', 'imnL6GCB6AIFRqkhxN', 'RgtTUJcyZL', 'dHYrbjNADO', 'xiCr8b7Qs6', 'PT2rZj37UR', 'P1WruDgOtu', 'd71eKLY6YVFQv' |
Source: 0.2.DEKONT.exe.4409970.10.raw.unpack, vpednoN8EZgsJ4TDwx.cs |
High entropy of concatenated method names: 'SvRTLtpnA', 'uJwWpedno', 'REZpgsJ4T', 'uwxys3A5Q', 'Tl3iTkB7U', 'EqRFtDP16', 'TW5lfqidm', 'wSKAUGlNW', 'LkrevaXpK', 'cwu0Op5AT' |
Source: 0.2.DEKONT.exe.5b20000.11.raw.unpack, V4uC3Iifq56IKQcfry.cs |
High entropy of concatenated method names: 'JcqLcnHE8kRk7VHJhl', 'baAwnpSkPWAs4YMGxr', 'wTgrto4LNQ', 'imnL6GCB6AIFRqkhxN', 'RgtTUJcyZL', 'dHYrbjNADO', 'xiCr8b7Qs6', 'PT2rZj37UR', 'P1WruDgOtu', 'd71eKLY6YVFQv' |
Source: 0.2.DEKONT.exe.5b20000.11.raw.unpack, vpednoN8EZgsJ4TDwx.cs |
High entropy of concatenated method names: 'SvRTLtpnA', 'uJwWpedno', 'REZpgsJ4T', 'uwxys3A5Q', 'Tl3iTkB7U', 'EqRFtDP16', 'TW5lfqidm', 'wSKAUGlNW', 'LkrevaXpK', 'cwu0Op5AT' |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599875 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599765 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599656 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599547 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599438 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599328 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599218 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599109 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599000 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598890 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598781 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598672 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598563 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598438 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598313 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598203 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598093 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 597984 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 597875 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 597765 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 597656 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 597547 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 597438 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 597313 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 597188 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 597063 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596938 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596828 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596719 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596594 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596485 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596360 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596235 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596110 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595985 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595860 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595735 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595610 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595485 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595360 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595235 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595110 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 594985 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 594860 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 594735 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 594610 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 594485 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 594360 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 594235 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7404 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep count: 40 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -36893488147419080s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -600000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7692 |
Thread sleep count: 2109 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -599875s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7692 |
Thread sleep count: 7718 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -599765s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -599656s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -599547s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -599438s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -599328s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -599218s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -599109s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -599000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -598890s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -598781s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -598672s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -598563s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -598438s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -598313s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -598203s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -598093s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -597984s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -597875s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -597765s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -597656s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -597547s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -597438s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -597313s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -597188s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -597063s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -596938s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -596828s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -596719s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -596594s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -596485s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -596360s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -596235s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -596110s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -595985s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -595860s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -595735s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -595610s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -595485s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -595360s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -595235s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -595110s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -594985s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -594860s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -594735s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -594610s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -594485s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -594360s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7648 |
Thread sleep time: -594235s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599875 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599765 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599656 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599547 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599438 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599328 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599218 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599109 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599000 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598890 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598781 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598672 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598563 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598438 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598313 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598203 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598093 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 597984 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 597875 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 597765 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 597656 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 597547 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 597438 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 597313 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 597188 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 597063 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596938 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596828 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596719 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596594 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596485 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596360 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596235 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596110 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595985 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595860 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595735 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595610 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595485 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595360 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595235 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595110 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 594985 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 594860 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 594735 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 594610 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 594485 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 594360 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 594235 |
Jump to behavior |