Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 07489F97h |
0_2_0748A076 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A40F11h |
3_2_00A40C60 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A4021Dh |
3_2_00A40040 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A40BA7h |
3_2_00A40040 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A42091h |
3_2_00A41DE0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A4D969h |
3_2_00A4D6C0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A42658h |
3_2_00A42240 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A41371h |
3_2_00A410C0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A4F379h |
3_2_00A4F0D0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A4EAC9h |
3_2_00A4E820 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A4EF21h |
3_2_00A4EC78 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A4CC61h |
3_2_00A4C9B8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A42658h |
3_2_00A42586 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A4FC29h |
3_2_00A4F980 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A41C31h |
3_2_00A41980 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A417D1h |
3_2_00A41520 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A4F7D1h |
3_2_00A4F528 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A4C3B1h |
3_2_00A4C108 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A4C809h |
3_2_00A4C560 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A42658h |
3_2_00A4223B |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A4D0B9h |
3_2_00A4CE10 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A4D511h |
3_2_00A4D268 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A4E671h |
3_2_00A4E3C8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A4DDC1h |
3_2_00A4DB18 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A4E219h |
3_2_00A4DF70 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A58D95h |
3_2_00A58A58 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A56E71h |
3_2_00A56BC8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A5774Ah |
3_2_00A574A0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A50741h |
3_2_00A50498 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A50B99h |
3_2_00A508F0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A57BA1h |
3_2_00A578F8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A572C9h |
3_2_00A57020 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then lea esp, dword ptr [ebp-04h] |
3_2_00A53800 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then lea esp, dword ptr [ebp-04h] |
3_2_00A53808 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A502E9h |
3_2_00A50040 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A51449h |
3_2_00A511A0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A58451h |
3_2_00A581A8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A55891h |
3_2_00A555E8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A50FF1h |
3_2_00A50D48 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A57FF9h |
3_2_00A57D50 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A56169h |
3_2_00A55EC0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A588A9h |
3_2_00A58600 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A55D11h |
3_2_00A55A68 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then lea esp, dword ptr [ebp-04h] |
3_2_00A53B1E |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A565C1h |
3_2_00A56318 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00A56A19h |
3_2_00A56770 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00DAF7A1h |
3_2_00DAF4E8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then jmp 00DAFBF9h |
3_2_00DAF941 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
3_2_00DAEA08 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.221.246.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.221.246.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.221.246.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.221.246.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.221.246.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.221.246.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.221.246.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.221.246.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.221.246.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.221.246.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.221.246.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.221.246.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.221.246.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.221.246.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.221.246.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.221.246.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.221.246.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.221.246.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.221.246.93 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.25.241.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: global traffic |
HTTP traffic detected: GET /xml/89.187.182.8 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlKHLAQj6mM0BCIWgzQEI3L3NAQiQys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlKHLAQj6mM0BCIWgzQEI3L3NAQiQys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /xml/89.187.182.8 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlKHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /xml/89.187.182.8 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/89.187.182.8 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BC9MUCnVktG364a&MD=Uf4OaXNr HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /xml/89.187.182.8 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/89.187.182.8 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/89.187.182.8 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/89.187.182.8 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /_send_.php?TS HTTP/1.1Host: scratchdreams.tkConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BC9MUCnVktG364a&MD=Uf4OaXNr HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en HTTP/1.1Host: ogs.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlKHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlKHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=N-xjjYnpCh4mWhLSwjGFoxB19Kcui5XTCgWik9DtR6c91VY2vRMtIXVM1S2a0e8pFg9KglwhSibOtP54sh6z7ax94dYPAoyulIodtCNXrb5qS35mpRmcUk-yCAZ3rLtlSdiop2SxQbOFa7yDZsSla9Ld1BfCbnJLCt_3O_nBsXI |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: DEKONT.exe, 00000003.00000002.4533476899.00000000029B7000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.000000000296F000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.000000000298B000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.00000000028CF000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.0000000002962000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.000000000297D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.com |
Source: DEKONT.exe, 00000003.00000002.4533476899.00000000029B7000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.000000000296F000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.000000000298B000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.0000000002912000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.00000000028CF000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.00000000028C3000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.0000000002962000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.0000000002998000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.000000000297D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org |
Source: DEKONT.exe, 00000003.00000002.4533476899.0000000002811000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: DEKONT.exe, 00000000.00000002.2104390909.00000000042CE000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4528022712.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/q |
Source: DEKONT.exe, 00000003.00000002.4533476899.00000000029B7000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.000000000296F000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.000000000298B000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.00000000028E7000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.0000000002962000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.000000000297D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://reallyfreegeoip.org |
Source: DEKONT.exe, 00000003.00000002.4533476899.0000000002811000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: DEKONT.exe, 00000003.00000002.4533476899.00000000029C7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://scratchdreams.tk |
Source: chromecache_63.6.dr |
String found in binary or memory: http://www.broofa.com |
Source: chromecache_76.6.dr |
String found in binary or memory: https://accounts.google.com/o/oauth2/auth |
Source: chromecache_76.6.dr |
String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay |
Source: chromecache_63.6.dr, chromecache_76.6.dr |
String found in binary or memory: https://apis.google.com |
Source: chromecache_68.6.dr |
String found in binary or memory: https://apis.google.com/js/api.js |
Source: chromecache_76.6.dr |
String found in binary or memory: https://clients6.google.com |
Source: chromecache_76.6.dr |
String found in binary or memory: https://content.googleapis.com |
Source: chromecache_76.6.dr |
String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/ |
Source: chromecache_76.6.dr |
String found in binary or memory: https://domains.google.com/suggest/flow |
Source: chromecache_63.6.dr |
String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3 |
Source: chromecache_63.6.dr |
String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3 |
Source: chromecache_63.6.dr |
String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2 |
Source: chromecache_63.6.dr |
String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2 |
Source: chromecache_79.6.dr |
String found in binary or memory: https://ogs.google.com/ |
Source: chromecache_79.6.dr |
String found in binary or memory: https://ogs.google.com/widget/app/so |
Source: chromecache_70.6.dr |
String found in binary or memory: https://play.google.com/log?format=json&hasfast=true |
Source: chromecache_76.6.dr |
String found in binary or memory: https://plus.google.com |
Source: chromecache_76.6.dr |
String found in binary or memory: https://plus.googleapis.com |
Source: DEKONT.exe, 00000003.00000002.4533476899.000000000296F000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.000000000298B000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.0000000002912000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.00000000028CF000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.0000000002962000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.000000000297D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org |
Source: DEKONT.exe, 00000000.00000002.2104390909.00000000042CE000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.00000000028CF000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4528022712.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: DEKONT.exe, 00000003.00000002.4533476899.000000000297D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/89.187.182.8 |
Source: DEKONT.exe, 00000003.00000002.4533476899.00000000029B7000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.000000000296F000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.000000000298B000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.0000000002912000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.0000000002962000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.000000000297D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/89.187.182.8$ |
Source: DEKONT.exe, 00000000.00000002.2104390909.00000000042CE000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.0000000002811000.00000004.00000800.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4528022712.0000000000402000.00000040.00000400.00020000.00000000.sdmp, DEKONT.exe, 00000003.00000002.4533476899.00000000029C7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://scratchdreams.tk |
Source: DEKONT.exe, 00000003.00000002.4533476899.00000000029C7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://scratchdreams.tk/_send_.php?TS |
Source: chromecache_79.6.dr |
String found in binary or memory: https://ssl.gstatic.com |
Source: chromecache_68.6.dr |
String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url= |
Source: chromecache_76.6.dr |
String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1 |
Source: chromecache_68.6.dr |
String found in binary or memory: https://www.google.com/log?format=json&hasfast=true |
Source: chromecache_76.6.dr |
String found in binary or memory: https://www.googleapis.com/auth/plus.me |
Source: chromecache_76.6.dr |
String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended |
Source: chromecache_79.6.dr |
String found in binary or memory: https://www.gstatic.com |
Source: chromecache_79.6.dr |
String found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.kIS1Dzh9gxA. |
Source: chromecache_63.6.dr |
String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html |
Source: chromecache_63.6.dr |
String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css |
Source: chromecache_63.6.dr |
String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49744 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49672 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49741 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49740 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49727 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49762 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49738 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49736 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49736 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49735 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49753 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49734 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49772 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49732 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49732 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49774 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49773 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49772 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49724 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49763 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49752 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49714 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49727 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49726 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49773 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49718 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49725 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49735 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49724 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49723 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49756 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49674 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49758 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49706 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49763 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49762 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49760 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49725 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49741 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49748 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49760 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49745 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49718 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49715 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49715 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49714 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49758 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49774 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49738 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49755 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49756 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49755 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49734 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49754 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49753 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49673 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49752 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49750 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49726 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49740 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49744 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49723 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49706 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49750 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49748 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49754 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49745 |
Source: 0.2.DEKONT.exe.42ce5e0.8.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.DEKONT.exe.42ce5e0.8.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.DEKONT.exe.42ce5e0.8.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.DEKONT.exe.42ce5e0.8.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.DEKONT.exe.42ef000.7.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.DEKONT.exe.42ef000.7.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.DEKONT.exe.42ef000.7.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.DEKONT.exe.42ef000.7.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 3.2.DEKONT.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 3.2.DEKONT.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.2.DEKONT.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 3.2.DEKONT.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.DEKONT.exe.42ef000.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.DEKONT.exe.42ef000.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.DEKONT.exe.42ef000.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.DEKONT.exe.42ce5e0.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.DEKONT.exe.42ce5e0.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.DEKONT.exe.42ce5e0.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000003.00000002.4528022712.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000003.00000002.4528022712.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000000.00000002.2104390909.00000000042CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000000.00000002.2104390909.00000000042CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: Process Memory Space: DEKONT.exe PID: 1708, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: DEKONT.exe PID: 1708, type: MEMORYSTR |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: Process Memory Space: DEKONT.exe PID: 7100, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: DEKONT.exe PID: 7100, type: MEMORYSTR |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_013DDCD4 |
0_2_013DDCD4 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_05640040 |
0_2_05640040 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_0564001A |
0_2_0564001A |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_05CA2409 |
0_2_05CA2409 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_05CA2418 |
0_2_05CA2418 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_05CA2791 |
0_2_05CA2791 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_05CA27A0 |
0_2_05CA27A0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_05CAF108 |
0_2_05CAF108 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_05CAD018 |
0_2_05CAD018 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07482E28 |
0_2_07482E28 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_0748BE38 |
0_2_0748BE38 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_074885E8 |
0_2_074885E8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07486318 |
0_2_07486318 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07488018 |
0_2_07488018 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07482E18 |
0_2_07482E18 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07485EE0 |
0_2_07485EE0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_07485AA8 |
0_2_07485AA8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 0_2_05CA9160 |
0_2_05CA9160 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A49080 |
3_2_00A49080 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A44490 |
3_2_00A44490 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A40C60 |
3_2_00A40C60 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A40040 |
3_2_00A40040 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A489B0 |
3_2_00A489B0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A41DE0 |
3_2_00A41DE0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4D6C0 |
3_2_00A4D6C0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A410B0 |
3_2_00A410B0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A44480 |
3_2_00A44480 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4C0F7 |
3_2_00A4C0F7 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A410C0 |
3_2_00A410C0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4F0C0 |
3_2_00A4F0C0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4F0D0 |
3_2_00A4F0D0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4E820 |
3_2_00A4E820 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A48008 |
3_2_00A48008 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A40011 |
3_2_00A40011 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4E811 |
3_2_00A4E811 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4EC69 |
3_2_00A4EC69 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4906B |
3_2_00A4906B |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4EC78 |
3_2_00A4EC78 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A40C50 |
3_2_00A40C50 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4C9A9 |
3_2_00A4C9A9 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4C9B8 |
3_2_00A4C9B8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4F980 |
3_2_00A4F980 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A41980 |
3_2_00A41980 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A41DD0 |
3_2_00A41DD0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A41520 |
3_2_00A41520 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4F528 |
3_2_00A4F528 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4C108 |
3_2_00A4C108 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A41510 |
3_2_00A41510 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4F518 |
3_2_00A4F518 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4C560 |
3_2_00A4C560 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4F975 |
3_2_00A4F975 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A41970 |
3_2_00A41970 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4C550 |
3_2_00A4C550 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4D6B0 |
3_2_00A4D6B0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4CE01 |
3_2_00A4CE01 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4CE10 |
3_2_00A4CE10 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4D268 |
3_2_00A4D268 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4D258 |
3_2_00A4D258 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4E3BC |
3_2_00A4E3BC |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A47FF8 |
3_2_00A47FF8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4E3C8 |
3_2_00A4E3C8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4DB09 |
3_2_00A4DB09 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4DB18 |
3_2_00A4DB18 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4DF60 |
3_2_00A4DF60 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A4DF70 |
3_2_00A4DF70 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A590A1 |
3_2_00A590A1 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A5B4F0 |
3_2_00A5B4F0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A5D478 |
3_2_00A5D478 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A5A858 |
3_2_00A5A858 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A5C188 |
3_2_00A5C188 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A515F8 |
3_2_00A515F8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A5AEA8 |
3_2_00A5AEA8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A5DAC0 |
3_2_00A5DAC0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A5CE28 |
3_2_00A5CE28 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A58A58 |
3_2_00A58A58 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A56BC8 |
3_2_00A56BC8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A5C7D8 |
3_2_00A5C7D8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A5BB38 |
3_2_00A5BB38 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A574A0 |
3_2_00A574A0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A54880 |
3_2_00A54880 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A50488 |
3_2_00A50488 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A57490 |
3_2_00A57490 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A50498 |
3_2_00A50498 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A578E7 |
3_2_00A578E7 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A508E1 |
3_2_00A508E1 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A5B4E0 |
3_2_00A5B4E0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A508F0 |
3_2_00A508F0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A578F8 |
3_2_00A578F8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A57020 |
3_2_00A57020 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A53800 |
3_2_00A53800 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A53808 |
3_2_00A53808 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A50015 |
3_2_00A50015 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A57010 |
3_2_00A57010 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A5D473 |
3_2_00A5D473 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A50040 |
3_2_00A50040 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A5A848 |
3_2_00A5A848 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A52C57 |
3_2_00A52C57 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A511A0 |
3_2_00A511A0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A581A8 |
3_2_00A581A8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A51191 |
3_2_00A51191 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A5819B |
3_2_00A5819B |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A555E8 |
3_2_00A555E8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A585F1 |
3_2_00A585F1 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A555D9 |
3_2_00A555D9 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A50D38 |
3_2_00A50D38 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A52D00 |
3_2_00A52D00 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A5C178 |
3_2_00A5C178 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A57D40 |
3_2_00A57D40 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A50D48 |
3_2_00A50D48 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A57D50 |
3_2_00A57D50 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A5DAB7 |
3_2_00A5DAB7 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A55EB1 |
3_2_00A55EB1 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A55EC0 |
3_2_00A55EC0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A5CE24 |
3_2_00A5CE24 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A58600 |
3_2_00A58600 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A55A68 |
3_2_00A55A68 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A58A48 |
3_2_00A58A48 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A55A58 |
3_2_00A55A58 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A56BB8 |
3_2_00A56BB8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A53B80 |
3_2_00A53B80 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A5C7C9 |
3_2_00A5C7C9 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A5BB27 |
3_2_00A5BB27 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A56308 |
3_2_00A56308 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A56318 |
3_2_00A56318 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A56760 |
3_2_00A56760 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00A56770 |
3_2_00A56770 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00C4ACC0 |
3_2_00C4ACC0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00C4DC48 |
3_2_00C4DC48 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00C4BFEC |
3_2_00C4BFEC |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00DAC1F0 |
3_2_00DAC1F0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00DA6168 |
3_2_00DA6168 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00DAB388 |
3_2_00DAB388 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00DAC4D0 |
3_2_00DAC4D0 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00DA6790 |
3_2_00DA6790 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00DAC7B1 |
3_2_00DAC7B1 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00DA98B8 |
3_2_00DA98B8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00DACA91 |
3_2_00DACA91 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00DA4B31 |
3_2_00DA4B31 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00DABC32 |
3_2_00DABC32 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00DAF4E8 |
3_2_00DAF4E8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00DA35C8 |
3_2_00DA35C8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00DAB552 |
3_2_00DAB552 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00DAE9F8 |
3_2_00DAE9F8 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00DAF941 |
3_2_00DAF941 |
Source: C:\Users\user\Desktop\DEKONT.exe |
Code function: 3_2_00DAEA08 |
3_2_00DAEA08 |
Source: 0.2.DEKONT.exe.42ce5e0.8.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.DEKONT.exe.42ce5e0.8.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.DEKONT.exe.42ce5e0.8.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.DEKONT.exe.42ce5e0.8.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.DEKONT.exe.42ef000.7.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.DEKONT.exe.42ef000.7.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.DEKONT.exe.42ef000.7.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.DEKONT.exe.42ef000.7.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 3.2.DEKONT.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 3.2.DEKONT.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.DEKONT.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 3.2.DEKONT.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.DEKONT.exe.42ef000.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.DEKONT.exe.42ef000.7.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.DEKONT.exe.42ef000.7.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.DEKONT.exe.42ce5e0.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.DEKONT.exe.42ce5e0.8.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.DEKONT.exe.42ce5e0.8.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000003.00000002.4528022712.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000003.00000002.4528022712.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000000.00000002.2104390909.00000000042CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000000.00000002.2104390909.00000000042CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: DEKONT.exe PID: 1708, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: DEKONT.exe PID: 1708, type: MEMORYSTR |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: DEKONT.exe PID: 7100, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: DEKONT.exe PID: 7100, type: MEMORYSTR |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: unknown |
Process created: C:\Users\user\Desktop\DEKONT.exe "C:\Users\user\Desktop\DEKONT.exe" |
|
Source: C:\Users\user\Desktop\DEKONT.exe |
Process created: C:\Users\user\Desktop\DEKONT.exe "C:\Users\user\Desktop\DEKONT.exe" |
|
Source: unknown |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://545930702158920859543557034480401517872328570392444593641395838190185/ |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1984,i,5147701504775830983,442634706255467901,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
|
Source: C:\Users\user\Desktop\DEKONT.exe |
Process created: C:\Users\user\Desktop\DEKONT.exe "C:\Users\user\Desktop\DEKONT.exe" |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1984,i,5147701504775830983,442634706255467901,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, qbuvMY9nYgOiahLHGN.cs |
High entropy of concatenated method names: 'kX5ILgoH5N', 'veWIC6aagK', 'OsupNVHFY4', 'VOjpkV0B0S', 'WY0pWjbOPL', 'CdApo6aUU8', 'GkmpXhefTR', 'x2Tp3npuG1', 'EhXp2VKFGo', 'YOYpFEpu2U' |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, w3n7b6b5gig4cCuCAH.cs |
High entropy of concatenated method names: 'XbeEFa9yFJ', 'FL6Eb7DZLU', 'HsQE8eKBtu', 'iiXEaQHBg3', 'GA6EUU0p5e', 'ofIENySLZQ', 'gY0EkeAXdZ', 'cApEWS9rDr', 'c97Eol4V8T', 'rE7EXqu7cl' |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, RMFPqapjPx5moASObE.cs |
High entropy of concatenated method names: 'MIuqROUGdY', 'wtbqUZ9asd', 'lsWqN1R4mk', 'UoKqk6to0K', 'uh7q8FK8tI', 'Y00qWE7ql2', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, W8W5N7ENh8ACDxU1kK.cs |
High entropy of concatenated method names: 's0tpA6L3dP', 'utEpSob2gd', 'cDmpmDTaly', 'i2dpfNkxKc', 'L24pE9CUpl', 'QZGpZI4fmr', 'Utip4HCfoE', 'HgFpqdZDJC', 'PNWp5vApeN', 'HMbp7UvI9K' |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, vMp9LsRA7QCZ8oGxWN.cs |
High entropy of concatenated method names: 'I98HDj685d', 'nuVHdJ6JOp', 'VuoHIAfCP3', 'JZtHTC2KUU', 'j8XHyoaZ0y', 'cI9IvPPKBC', 'MxuIgvaxus', 'D3cI6STuRd', 'X7KIrJvIJm', 'NMNIcoYe7y' |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, vYiLgv6e8R8TROKat6.cs |
High entropy of concatenated method names: 'Rg44rudrVt', 'tBi4G6gLyx', 'S8sqeyIrQS', 'KrDqhkZ2AA', 'rAs4KASVDe', 'cP04b82QMw', 'Y3H4t8U27G', 'RGw48uZwMG', 'Nu34aIATQl', 'jN741NcjBI' |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, EeidQb3U77hIwCeGlt.cs |
High entropy of concatenated method names: 'KUQ49KlI95', 'DK14wTZBCg', 'ToString', 'lOM4MKRoqv', 'dVp4d1nrIA', 'n8k4pyKVke', 'Oa04IULHvR', 'EHA4H2qZfa', 'vnt4TKTa8d', 'QJ54yeC9hr' |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, e48bQ74u1cvmidxw22.cs |
High entropy of concatenated method names: 'I6fhTZQSFd', 'I4phyluEFs', 'c3Uh9c9Fb2', 'b9ohwcy4oi', 'cUphEea8Ne', 'YwihZJrWZj', 'zLDJ4CJlL88ovaHCE6', 'GAf42qski9M6wyueh0', 'uurhh6goKj', 'F9fhYDcPUm' |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, xEj1AS5IVVQise3Q27.cs |
High entropy of concatenated method names: 'DwyOX2oXF', 'qDlAvXdpD', 'f0jSrKBYq', 'UP4CTg1wm', 'qW0fPk0Fe', 'zAvu0SN5y', 'IchoNB00JJYkwT4RiX', 'v932m4jwcLTx6pp9Yd', 'HkEqHK1ko', 'OoQ7NKo5T' |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, my4K8mm3A1hmgXQ4Oq.cs |
High entropy of concatenated method names: 'rbyTn3XmDL', 'yKpTP0rkTB', 'TjqTOlqemo', 'zbmTAtEPNM', 'D8TTLlTrL5', 'ajwTS10kIP', 'clGTCErc4M', 'AhDTmRCQ8R', 'n1GTfFXbge', 'nbhTudTLVt' |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, Bg8RblqlIMvTjS1vCQj.cs |
High entropy of concatenated method names: 'ae45nvyE8t', 'vp65PP7FtF', 'XdK5OhkSZs', 'I6B5A7caG0', 'pBG5LR310j', 'hw05SQnJ8L', 'MuP5C6YAd9', 'axM5mgHrMx', 'D3Q5fEOBkY', 'GKK5ufGkWZ' |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, JKCd0lY9dTMYJoohVk.cs |
High entropy of concatenated method names: 'MKKYDHEUyR', 'jqjYMsuVZS', 'XLvYdq4sFi', 'W7sYp2vQGn', 'rX4YIhYmXs', 'WWeYHk3mix', 'fVWYTAVqy8', 'sKQYyCEyjY', 'g6xYJ1uZVw', 'denY9ay8Eo' |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, UiDmLUXfmyWZZuBa9Z.cs |
High entropy of concatenated method names: 'BwV5hRodk5', 'uQ95YBjlnk', 'BVP5iavV04', 'VhW5MyxtXC', 'uCg5dHCcHn', 'bbx5Ik2AsG', 'u5S5HgNjOe', 'bMTq6W5vW9', 'QFvqrWP073', 'vMLqc2yoLt' |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, lNKeBIKN3fti5yQLCC.cs |
High entropy of concatenated method names: 'aOLd8La7dJ', 'WyXdakQp6U', 'rEFd1PTPi3', 'b2GdB0V2Ww', 'luFdv6IcdX', 'OOcdgxm7yI', 'xkQd6uUlb3', 'hBKdruOFBk', 'vlMdcmFfkr', 'wqwdGpWNhp' |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, kLyua9qAP1ejx84DB0m.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'fH178GOdZe', 'ihR7a7COyx', 'PPK71PccSG', 'tjC7BOKVCj', 'BPx7vOE9KR', 'HGH7gXu4Fk', 'IAN76pjWOE' |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, McwMUU1auLDl3bufoF.cs |
High entropy of concatenated method names: 'L3RqMh1c5K', 'hDFqdIKqjj', 'ewcqpJVhng', 'imxqIkphfa', 'EewqHt2wqC', 'K0CqTZFx2e', 'gWSqypWmLO', 'n8LqJkyRwe', 'sCNq9atuu9', 'em3qwkGJ90' |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, VpmQKLk5tAQvLX5JE3.cs |
High entropy of concatenated method names: 'Dispose', 'FuJhccEpBX', 'W0ksU95j2I', 'ksKjjfxVdp', 'KTrhG3PS8h', 'ruPhzEXklS', 'ProcessDialogKey', 'NUMse56tPX', 'UpCshMcLVX', 'uJXssrg4hG' |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, xlmpsTrQBbWHH5IhLW.cs |
High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'K92sc7G05n', 'oKtsGgFeJ0', 'QoHsz0jwOu', 'iycYeNyFTV', 'T8oYhfsBRW', 'qUVYsVVI97', 'genYYr1g9D', 'nw8tJsD7sXZbLK65FOy' |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, vIQjNbiKj6KV7deLBl.cs |
High entropy of concatenated method names: 'IxlTMVYEQG', 'sNITpErgSu', 'VybTH6rMGO', 'duUHGZA3Wv', 'yuPHzXivrx', 'HQOTeUmISS', 'u7sThIsK0x', 'HuUTskixIu', 'gqITYRXE8E', 'nDlTier0TC' |
Source: 0.2.DEKONT.exe.4407110.9.raw.unpack, m4c5odd4pG9rZoGDrs.cs |
High entropy of concatenated method names: 'rciVm1r07O', 'BpdVfZs3no', 'LSlVRyru1B', 'BM4VUqvCYh', 'nXvVkuejZY', 'qwhVWiUIju', 'hYDVX1Y4kx', 'Id7V3tNg1V', 'J1lVF7iVrj', 'sqyVKcJBUk' |
Source: 0.2.DEKONT.exe.5c90000.12.raw.unpack, XG.cs |
High entropy of concatenated method names: 'S1d', 'RgtTUJcyZL', 'n1Q', 'M1r', 'Y1a', 'U1m', 'k2an4M', 'gt', 'kU', 'rK' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, qbuvMY9nYgOiahLHGN.cs |
High entropy of concatenated method names: 'kX5ILgoH5N', 'veWIC6aagK', 'OsupNVHFY4', 'VOjpkV0B0S', 'WY0pWjbOPL', 'CdApo6aUU8', 'GkmpXhefTR', 'x2Tp3npuG1', 'EhXp2VKFGo', 'YOYpFEpu2U' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, w3n7b6b5gig4cCuCAH.cs |
High entropy of concatenated method names: 'XbeEFa9yFJ', 'FL6Eb7DZLU', 'HsQE8eKBtu', 'iiXEaQHBg3', 'GA6EUU0p5e', 'ofIENySLZQ', 'gY0EkeAXdZ', 'cApEWS9rDr', 'c97Eol4V8T', 'rE7EXqu7cl' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, RMFPqapjPx5moASObE.cs |
High entropy of concatenated method names: 'MIuqROUGdY', 'wtbqUZ9asd', 'lsWqN1R4mk', 'UoKqk6to0K', 'uh7q8FK8tI', 'Y00qWE7ql2', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, W8W5N7ENh8ACDxU1kK.cs |
High entropy of concatenated method names: 's0tpA6L3dP', 'utEpSob2gd', 'cDmpmDTaly', 'i2dpfNkxKc', 'L24pE9CUpl', 'QZGpZI4fmr', 'Utip4HCfoE', 'HgFpqdZDJC', 'PNWp5vApeN', 'HMbp7UvI9K' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, vMp9LsRA7QCZ8oGxWN.cs |
High entropy of concatenated method names: 'I98HDj685d', 'nuVHdJ6JOp', 'VuoHIAfCP3', 'JZtHTC2KUU', 'j8XHyoaZ0y', 'cI9IvPPKBC', 'MxuIgvaxus', 'D3cI6STuRd', 'X7KIrJvIJm', 'NMNIcoYe7y' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, vYiLgv6e8R8TROKat6.cs |
High entropy of concatenated method names: 'Rg44rudrVt', 'tBi4G6gLyx', 'S8sqeyIrQS', 'KrDqhkZ2AA', 'rAs4KASVDe', 'cP04b82QMw', 'Y3H4t8U27G', 'RGw48uZwMG', 'Nu34aIATQl', 'jN741NcjBI' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, EeidQb3U77hIwCeGlt.cs |
High entropy of concatenated method names: 'KUQ49KlI95', 'DK14wTZBCg', 'ToString', 'lOM4MKRoqv', 'dVp4d1nrIA', 'n8k4pyKVke', 'Oa04IULHvR', 'EHA4H2qZfa', 'vnt4TKTa8d', 'QJ54yeC9hr' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, e48bQ74u1cvmidxw22.cs |
High entropy of concatenated method names: 'I6fhTZQSFd', 'I4phyluEFs', 'c3Uh9c9Fb2', 'b9ohwcy4oi', 'cUphEea8Ne', 'YwihZJrWZj', 'zLDJ4CJlL88ovaHCE6', 'GAf42qski9M6wyueh0', 'uurhh6goKj', 'F9fhYDcPUm' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, xEj1AS5IVVQise3Q27.cs |
High entropy of concatenated method names: 'DwyOX2oXF', 'qDlAvXdpD', 'f0jSrKBYq', 'UP4CTg1wm', 'qW0fPk0Fe', 'zAvu0SN5y', 'IchoNB00JJYkwT4RiX', 'v932m4jwcLTx6pp9Yd', 'HkEqHK1ko', 'OoQ7NKo5T' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, my4K8mm3A1hmgXQ4Oq.cs |
High entropy of concatenated method names: 'rbyTn3XmDL', 'yKpTP0rkTB', 'TjqTOlqemo', 'zbmTAtEPNM', 'D8TTLlTrL5', 'ajwTS10kIP', 'clGTCErc4M', 'AhDTmRCQ8R', 'n1GTfFXbge', 'nbhTudTLVt' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, Bg8RblqlIMvTjS1vCQj.cs |
High entropy of concatenated method names: 'ae45nvyE8t', 'vp65PP7FtF', 'XdK5OhkSZs', 'I6B5A7caG0', 'pBG5LR310j', 'hw05SQnJ8L', 'MuP5C6YAd9', 'axM5mgHrMx', 'D3Q5fEOBkY', 'GKK5ufGkWZ' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, JKCd0lY9dTMYJoohVk.cs |
High entropy of concatenated method names: 'MKKYDHEUyR', 'jqjYMsuVZS', 'XLvYdq4sFi', 'W7sYp2vQGn', 'rX4YIhYmXs', 'WWeYHk3mix', 'fVWYTAVqy8', 'sKQYyCEyjY', 'g6xYJ1uZVw', 'denY9ay8Eo' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, UiDmLUXfmyWZZuBa9Z.cs |
High entropy of concatenated method names: 'BwV5hRodk5', 'uQ95YBjlnk', 'BVP5iavV04', 'VhW5MyxtXC', 'uCg5dHCcHn', 'bbx5Ik2AsG', 'u5S5HgNjOe', 'bMTq6W5vW9', 'QFvqrWP073', 'vMLqc2yoLt' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, lNKeBIKN3fti5yQLCC.cs |
High entropy of concatenated method names: 'aOLd8La7dJ', 'WyXdakQp6U', 'rEFd1PTPi3', 'b2GdB0V2Ww', 'luFdv6IcdX', 'OOcdgxm7yI', 'xkQd6uUlb3', 'hBKdruOFBk', 'vlMdcmFfkr', 'wqwdGpWNhp' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, kLyua9qAP1ejx84DB0m.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'fH178GOdZe', 'ihR7a7COyx', 'PPK71PccSG', 'tjC7BOKVCj', 'BPx7vOE9KR', 'HGH7gXu4Fk', 'IAN76pjWOE' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, McwMUU1auLDl3bufoF.cs |
High entropy of concatenated method names: 'L3RqMh1c5K', 'hDFqdIKqjj', 'ewcqpJVhng', 'imxqIkphfa', 'EewqHt2wqC', 'K0CqTZFx2e', 'gWSqypWmLO', 'n8LqJkyRwe', 'sCNq9atuu9', 'em3qwkGJ90' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, VpmQKLk5tAQvLX5JE3.cs |
High entropy of concatenated method names: 'Dispose', 'FuJhccEpBX', 'W0ksU95j2I', 'ksKjjfxVdp', 'KTrhG3PS8h', 'ruPhzEXklS', 'ProcessDialogKey', 'NUMse56tPX', 'UpCshMcLVX', 'uJXssrg4hG' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, xlmpsTrQBbWHH5IhLW.cs |
High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'K92sc7G05n', 'oKtsGgFeJ0', 'QoHsz0jwOu', 'iycYeNyFTV', 'T8oYhfsBRW', 'qUVYsVVI97', 'genYYr1g9D', 'nw8tJsD7sXZbLK65FOy' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, vIQjNbiKj6KV7deLBl.cs |
High entropy of concatenated method names: 'IxlTMVYEQG', 'sNITpErgSu', 'VybTH6rMGO', 'duUHGZA3Wv', 'yuPHzXivrx', 'HQOTeUmISS', 'u7sThIsK0x', 'HuUTskixIu', 'gqITYRXE8E', 'nDlTier0TC' |
Source: 0.2.DEKONT.exe.74a0000.13.raw.unpack, m4c5odd4pG9rZoGDrs.cs |
High entropy of concatenated method names: 'rciVm1r07O', 'BpdVfZs3no', 'LSlVRyru1B', 'BM4VUqvCYh', 'nXvVkuejZY', 'qwhVWiUIju', 'hYDVX1Y4kx', 'Id7V3tNg1V', 'J1lVF7iVrj', 'sqyVKcJBUk' |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599874 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599763 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599651 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599543 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599435 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599310 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599189 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599064 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598938 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598828 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598719 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598610 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598485 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596759 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596641 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596528 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596407 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596282 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596156 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596047 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595935 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595784 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595657 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595533 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595233 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595124 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595001 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 594861 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 592094 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 591978 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 591874 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 591765 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 591644 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 591475 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 591353 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 591247 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 591137 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 591028 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 590918 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 590809 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 590688 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 590577 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 590453 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 590343 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 590232 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 590124 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 590014 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 589905 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 589791 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 589687 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 589573 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 589454 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7060 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep count: 42 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -38738162554790034s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -600000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7408 |
Thread sleep count: 3078 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -599874s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7408 |
Thread sleep count: 6735 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -599763s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -599651s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -599543s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -599435s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -599310s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -599189s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -599064s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -598938s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -598828s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -598719s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -598610s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -598485s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -596759s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -596641s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -596528s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -596407s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -596282s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -596156s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -596047s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -595935s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -595784s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -595657s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -595533s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -595233s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -595124s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -595001s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -594861s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -592094s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -591978s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -591874s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -591765s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -591644s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -591475s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -591353s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -591247s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -591137s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -591028s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -590918s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -590809s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -590688s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -590577s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -590453s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -590343s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -590232s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -590124s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -590014s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -589905s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -589791s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -589687s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -589573s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe TID: 7392 |
Thread sleep time: -589454s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599874 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599763 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599651 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599543 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599435 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599310 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599189 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 599064 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598938 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598828 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598719 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598610 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 598485 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596759 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596641 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596528 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596407 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596282 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596156 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 596047 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595935 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595784 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595657 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595533 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595233 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595124 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 595001 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 594861 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 592094 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 591978 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 591874 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 591765 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 591644 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 591475 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 591353 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 591247 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 591137 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 591028 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 590918 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 590809 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 590688 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 590577 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 590453 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 590343 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 590232 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 590124 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 590014 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 589905 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 589791 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 589687 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 589573 |
Jump to behavior |
Source: C:\Users\user\Desktop\DEKONT.exe |
Thread delayed: delay time: 589454 |
Jump to behavior |