Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
2_2_02DCF21B |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
2_2_02DCF03B |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 02DCF7A1h |
2_2_02DCF4E8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
2_2_02DCEA08 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 02DCFBF9h |
2_2_02DCF941 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B42658h |
2_2_05B42586 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B42091h |
2_2_05B41DE0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B417D1h |
2_2_05B41520 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B4F7D1h |
2_2_05B4F528 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B4C809h |
2_2_05B4C560 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B4EF21h |
2_2_05B4EC78 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B40F11h |
2_2_05B40C60 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B4E219h |
2_2_05B4DF70 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B4D969h |
2_2_05B4D6C0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B4D0B9h |
2_2_05B4CE10 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B4CC61h |
2_2_05B4C9B8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B41C31h |
2_2_05B41980 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B4FC29h |
2_2_05B4F980 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B4C3B1h |
2_2_05B4C108 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B4F379h |
2_2_05B4F0D0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B41371h |
2_2_05B410C0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B4EAC9h |
2_2_05B4E820 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B4021Dh |
2_2_05B40040 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B40BA7h |
2_2_05B40040 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B4E671h |
2_2_05B4E3C8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B4DDC1h |
2_2_05B4DB18 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B4D511h |
2_2_05B4D268 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 05B42658h |
2_2_05B42240 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 06C08D95h |
2_2_06C08A58 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 06C0774Ah |
2_2_06C074A0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 06C06169h |
2_2_06C05EC0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 06C05D11h |
2_2_06C05A68 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 06C088A9h |
2_2_06C08600 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 06C06E71h |
2_2_06C06BC8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then lea esp, dword ptr [ebp-04h] |
2_2_06C037FA |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 06C06A19h |
2_2_06C06770 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 06C065C1h |
2_2_06C06318 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 06C00B99h |
2_2_06C008F0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 06C07BA1h |
2_2_06C078F8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 06C00741h |
2_2_06C00498 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 06C002E9h |
2_2_06C00040 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then lea esp, dword ptr [ebp-04h] |
2_2_06C03808 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 06C072C9h |
2_2_06C07020 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 06C05891h |
2_2_06C055E8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 06C01449h |
2_2_06C011A0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 06C08451h |
2_2_06C081A8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 06C00FF1h |
2_2_06C00D48 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 4x nop then jmp 06C07FF9h |
2_2_06C07D50 |
Source: e-dekont.exe, 00000002.00000002.4088425866.0000000003124000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003116000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030FB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003150000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003068000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.com |
Source: e-dekont.exe, 00000002.00000002.4088425866.0000000003124000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003116000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030AB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030FB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003150000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003068000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003056000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003131000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org |
Source: e-dekont.exe, 00000002.00000002.4088425866.0000000002FA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: e-dekont.exe, 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/q |
Source: e-dekont.exe, 00000002.00000002.4088425866.0000000003124000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003116000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030FB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003150000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003081000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://reallyfreegeoip.org |
Source: e-dekont.exe, 00000002.00000002.4088425866.0000000002FA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://scratchdreams.tk |
Source: e-dekont.exe |
String found in binary or memory: http://tempuri.org/DataSet1.xsd |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.carterandcone.coml |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/? |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers8 |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers? |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designersG |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fonts.com |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn/bThe |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn/cThe |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.galapagosdesign.com/DPlease |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.goodfont.co.kr |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.jiyu-kobo.co.jp/ |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.sajatypeworks.com |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000000.00000002.1664762334.00000000054D0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.sakkal.com |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.sandoll.co.kr |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.tiro.com |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.typography.netD |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.urwpp.deDPlease |
Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.zhongyicts.com.cn |
Source: e-dekont.exe, 00000002.00000002.4088425866.0000000003124000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003116000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030AB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030FB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003150000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003068000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org |
Source: e-dekont.exe, 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003068000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: e-dekont.exe, 00000002.00000002.4088425866.0000000003068000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/154.16.105.36 |
Source: e-dekont.exe, 00000002.00000002.4088425866.0000000003124000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003116000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030AB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030FB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003150000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/154.16.105.36$ |
Source: e-dekont.exe, 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000002FA1000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://scratchdreams.tk |
Source: e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://scratchdreams.tk/_send_.php?TS |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_0295DA4C |
0_2_0295DA4C |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_05066880 |
0_2_05066880 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_05060120 |
0_2_05060120 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_05060130 |
0_2_05060130 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_05066870 |
0_2_05066870 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073F7F50 |
0_2_073F7F50 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073F7C48 |
0_2_073F7C48 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073F3BF0 |
0_2_073F3BF0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073F4AB0 |
0_2_073F4AB0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073F2910 |
0_2_073F2910 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073F3650 |
0_2_073F3650 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073FC4CC |
0_2_073FC4CC |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073FC310 |
0_2_073FC310 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073FC301 |
0_2_073FC301 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073FA200 |
0_2_073FA200 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073F318A |
0_2_073F318A |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073FA1F0 |
0_2_073FA1F0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073FA1C9 |
0_2_073FA1C9 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073F6E00 |
0_2_073F6E00 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073F8EE0 |
0_2_073F8EE0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073F8ED0 |
0_2_073F8ED0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073F1DF0 |
0_2_073F1DF0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073F7C38 |
0_2_073F7C38 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073F2BE1 |
0_2_073F2BE1 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073F6BC8 |
0_2_073F6BC8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073F59A0 |
0_2_073F59A0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073F5990 |
0_2_073F5990 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073F49C1 |
0_2_073F49C1 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073F6848 |
0_2_073F6848 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_073F2889 |
0_2_073F2889 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_07619180 |
0_2_07619180 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_07610040 |
0_2_07610040 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_07614D18 |
0_2_07614D18 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_076155F0 |
0_2_076155F0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_07612CA8 |
0_2_07612CA8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_0761001E |
0_2_0761001E |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_076148E0 |
0_2_076148E0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 0_2_076130D0 |
0_2_076130D0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_02DCB388 |
2_2_02DCB388 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_02DCC1F0 |
2_2_02DCC1F0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_02DC6168 |
2_2_02DC6168 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_02DC6790 |
2_2_02DC6790 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_02DCC7B1 |
2_2_02DCC7B1 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_02DCC4D0 |
2_2_02DCC4D0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_02DCCA91 |
2_2_02DCCA91 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_02DC4B31 |
2_2_02DC4B31 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_02DC98B8 |
2_2_02DC98B8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_02DCBF10 |
2_2_02DCBF10 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_02DCBC32 |
2_2_02DCBC32 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_02DCF4E8 |
2_2_02DCF4E8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_02DC35C8 |
2_2_02DC35C8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_02DCB552 |
2_2_02DCB552 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_02DCEA08 |
2_2_02DCEA08 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_02DCE9F8 |
2_2_02DCE9F8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_02DCF941 |
2_2_02DCF941 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B44490 |
2_2_05B44490 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B489B0 |
2_2_05B489B0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B49080 |
2_2_05B49080 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B41DE0 |
2_2_05B41DE0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B41DD0 |
2_2_05B41DD0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B41520 |
2_2_05B41520 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4F528 |
2_2_05B4F528 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B41510 |
2_2_05B41510 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4F518 |
2_2_05B4F518 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4C560 |
2_2_05B4C560 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4C550 |
2_2_05B4C550 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B44486 |
2_2_05B44486 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4EC78 |
2_2_05B4EC78 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B40C60 |
2_2_05B40C60 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4EC69 |
2_2_05B4EC69 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B40C50 |
2_2_05B40C50 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4DF70 |
2_2_05B4DF70 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4DF60 |
2_2_05B4DF60 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4D6B0 |
2_2_05B4D6B0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4D6C0 |
2_2_05B4D6C0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4CE10 |
2_2_05B4CE10 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4CE01 |
2_2_05B4CE01 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4C9B8 |
2_2_05B4C9B8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4C9A9 |
2_2_05B4C9A9 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B41980 |
2_2_05B41980 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4F980 |
2_2_05B4F980 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4C108 |
2_2_05B4C108 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B41970 |
2_2_05B41970 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4F971 |
2_2_05B4F971 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B410B0 |
2_2_05B410B0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4C0F7 |
2_2_05B4C0F7 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4F0D0 |
2_2_05B4F0D0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B410C0 |
2_2_05B410C0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4F0C0 |
2_2_05B4F0C0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4E820 |
2_2_05B4E820 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B40011 |
2_2_05B40011 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4E811 |
2_2_05B4E811 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B48008 |
2_2_05B48008 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B40040 |
2_2_05B40040 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4E3B9 |
2_2_05B4E3B9 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4E3C8 |
2_2_05B4E3C8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4DB18 |
2_2_05B4DB18 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4DB09 |
2_2_05B4DB09 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4D268 |
2_2_05B4D268 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_05B4D258 |
2_2_05B4D258 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C0DAC0 |
2_2_06C0DAC0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C0AEA8 |
2_2_06C0AEA8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C08A58 |
2_2_06C08A58 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C0CE28 |
2_2_06C0CE28 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C0C7D8 |
2_2_06C0C7D8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C0BB38 |
2_2_06C0BB38 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C0B4F0 |
2_2_06C0B4F0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C09091 |
2_2_06C09091 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C074A0 |
2_2_06C074A0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C0A858 |
2_2_06C0A858 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C0D478 |
2_2_06C0D478 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C015F8 |
2_2_06C015F8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C0C188 |
2_2_06C0C188 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C05EC0 |
2_2_06C05EC0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C0AE98 |
2_2_06C0AE98 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C0DAAF |
2_2_06C0DAAF |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C05EB0 |
2_2_06C05EB0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C08A48 |
2_2_06C08A48 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C05A58 |
2_2_06C05A58 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C05A68 |
2_2_06C05A68 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C08600 |
2_2_06C08600 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C0CE18 |
2_2_06C0CE18 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C06BC8 |
2_2_06C06BC8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C0C7C9 |
2_2_06C0C7C9 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C037FA |
2_2_06C037FA |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C03B80 |
2_2_06C03B80 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C06BB8 |
2_2_06C06BB8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C06760 |
2_2_06C06760 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C06770 |
2_2_06C06770 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C06308 |
2_2_06C06308 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C06318 |
2_2_06C06318 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C0BB27 |
2_2_06C0BB27 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C0B4E0 |
2_2_06C0B4E0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C008E1 |
2_2_06C008E1 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C078E7 |
2_2_06C078E7 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C008F0 |
2_2_06C008F0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C078F8 |
2_2_06C078F8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C04880 |
2_2_06C04880 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C00488 |
2_2_06C00488 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C07490 |
2_2_06C07490 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C00498 |
2_2_06C00498 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C00040 |
2_2_06C00040 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C0A848 |
2_2_06C0A848 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C02C68 |
2_2_06C02C68 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C0D468 |
2_2_06C0D468 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C00007 |
2_2_06C00007 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C03808 |
2_2_06C03808 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C07010 |
2_2_06C07010 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C07020 |
2_2_06C07020 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C055D9 |
2_2_06C055D9 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C055E8 |
2_2_06C055E8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C085F1 |
2_2_06C085F1 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C01191 |
2_2_06C01191 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C0819A |
2_2_06C0819A |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C011A0 |
2_2_06C011A0 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C081A8 |
2_2_06C081A8 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C07D40 |
2_2_06C07D40 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C00D48 |
2_2_06C00D48 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C07D50 |
2_2_06C07D50 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C0C178 |
2_2_06C0C178 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C00D38 |
2_2_06C00D38 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C2043C |
2_2_06C2043C |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C23570 |
2_2_06C23570 |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C2BFEC |
2_2_06C2BFEC |
Source: C:\Users\user\Desktop\e-dekont.exe |
Code function: 2_2_06C2DC48 |
2_2_06C2DC48 |
Source: 0.2.e-dekont.exe.4720090.8.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.e-dekont.exe.4720090.8.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.e-dekont.exe.4720090.8.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.e-dekont.exe.4720090.8.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 2.2.e-dekont.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.e-dekont.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 2.2.e-dekont.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.e-dekont.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.e-dekont.exe.4720090.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.e-dekont.exe.4720090.8.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.e-dekont.exe.4720090.8.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.e-dekont.exe.4720090.8.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: e-dekont.exe PID: 7268, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: e-dekont.exe PID: 7268, type: MEMORYSTR |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: e-dekont.exe PID: 7424, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: e-dekont.exe PID: 7424, type: MEMORYSTR |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, GFmq6jeWw2VPHLdjXQ.cs |
High entropy of concatenated method names: 'PRL0M0SX9U', 'NuD0Ca4lgp', 'S3u0pLnMDB', 'hp20DsVE5H', 'hOB03rn42v', 'ffj04xGQTX', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, SBhr37Eba3HGHsc4GS.cs |
High entropy of concatenated method names: 'FrsFiYwdUH', 'CgEFJFbBj6', 'v1G0TuhbKD', 'IFn0StgSqy', 'prAFZkVctd', 'gQbFxw7Btq', 'pkuFByijjg', 'rc3F3v6M8i', 'MvNFcZrPNx', 'zniF1Nn5Us' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, SokUCaY3uiJOKtiAys2.cs |
High entropy of concatenated method names: 'eDWjUoqhn4', 'nFyjsbI1r5', 'HiojPcDeCw', 'eW2jEELp8N', 'gx5jtvIBvd', 'IxjjngxuBg', 'o0KjfiX5ye', 'RFijAgOQES', 'vRajq8Fcec', 'cOYjQf5x9T' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, YSg4KxWDvO5g0WLFjV.cs |
High entropy of concatenated method names: 'cweYEQc6ed', 'HjDYnXUG6F', 'fMMYAaLRY6', 'AdFYqZUW1F', 'RN3Y2a2CwI', 'QjkYgWVBDN', 'PNvYF7Qi9l', 'TmfY08ys7p', 'wXtYjouk3Z', 'fE9Yr18YDF' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, K0BC4Ea55hp7C27VHS.cs |
High entropy of concatenated method names: 'TQKNo1LuXs', 'kQtNUhxOUD', 'KI1NPFiESx', 'OyqNETO8S4', 'npmNn4TV2v', 'mYCNfHbjhD', 'Q7uNqoAhdw', 'SfrNQKxNU3', 'UrfqPBZeGWxXjrgcSRs', 'UQ5KDuZq40ZgwfJdeiB' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, gKGHQrtfF8pAIlCF7W.cs |
High entropy of concatenated method names: 'ay4jSBJLtc', 'QehjbSroLC', 'lCAje9gyo9', 'DGYjKLWkry', 'K7sjWu06va', 'nD8j6wAQ9Y', 'OBljNvBXQk', 'GcG0H2dZd6', 'G1o0igXqop', 'RZf0aqYqL4' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, mg7ueT58ImXGqb211X.cs |
High entropy of concatenated method names: 'N4IFONfuOj', 'D91FkosvTG', 'ToString', 'NDYFKb8j0E', 'gA0FWa4Sf0', 'HcjFYjbqZK', 'PmWF6MVbbI', 'uiQFNbM75v', 'xGwFh4tYNp', 'DoGFugXCgZ' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, LIgXRi1giEMrRmxvTU.cs |
High entropy of concatenated method names: 'BAX2my8DYJ', 'PAu2xNOBiy', 'oHf23v0pYJ', 'G6V2ckQNRu', 'jtc2CcDpVO', 'z0N2pacRBT', 'dvQ2DmDIIE', 'c1124pxbyn', 'AGX29ygSkw', 'WEM2lE8isd' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, eNAIGeMhT6QTnJZQ2c.cs |
High entropy of concatenated method names: 'S5bPtZHrU', 'Xu4E0Z48e', 'oPfnqwjRY', 'D9qfdNRD9', 'RyZqD81iX', 'x1CQbZpV3', 'cwDIZU5gTwhp5CqvsF', 'LwFq4PIDUU5RVsWInQ', 'FmO0Qc1iG', 'SXsr21pK9' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, CY9iQ9UQIfrGylb4q6.cs |
High entropy of concatenated method names: 'vpWhK7orJA', 'dvrhY5ZOms', 'MebhN8rPCo', 'yt1NJsdvTr', 'qovNzBxmLh', 'GiKhTD63Sb', 'YkohSFYS9F', 'FHJhGlO2cB', 'towhb2BRAP', 'eEbheCq6ha' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, mleEQrRUKsxHalQgKV.cs |
High entropy of concatenated method names: 'sR2hUjkjuY', 'CI7hswiGpZ', 'udihPInVh4', 'u1MhEAlS8C', 'RCchtH9qYP', 'YgGhnIoph7', 'G0Ghf5q8jx', 'pAAhAk5lSV', 'RZFhq2f2o4', 'fVchQpnF2G' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, sZO3HFIRxWuEpruDfq.cs |
High entropy of concatenated method names: 'hXybwoSpjL', 'wwLbKT9WiK', 'A66bWtOqX8', 'Gi9bYQAxOl', 'YQJb61AoqN', 'RmNbNdJuAm', 'h6AbhK2Ief', 'kQHbuDpAmO', 'NnmbLym8SI', 'gh6bO74BP5' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, dTtXywlp86sra2ZdK5.cs |
High entropy of concatenated method names: 'YfvW3Nv924', 'k5HWcdw4bv', 'UjCW1lP4XK', 'XX4WyG6Vc1', 'BLNW59pmUg', 'R5aWdX9baC', 'FNqWH3Yeyj', 'qTsWikWrAt', 'Ix9WaKtdJK', 'yVoWJxDpV8' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, vCntCIAQv8LQSynJxw.cs |
High entropy of concatenated method names: 'b8tNwgwHEK', 'lKlNWSxC3u', 'aFsN6K63RU', 'I4gNhheH02', 'CONNuBxD25', 'sfI652WpJf', 'q6a6dcQdbc', 'NYA6HrqfEI', 'CG96i8YQBS', 'eRV6aL0xFc' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, sIoks92u7sGwTcwfTc.cs |
High entropy of concatenated method names: 'Dispose', 'PUwSaYWp5V', 'uy7GC2ZiSR', 'KU977WqTaB', 'gvQSJ5BSZb', 'ra0SzybWl7', 'ProcessDialogKey', 'Er8GTL9Oe5', 'lqtGSfZrZc', 'RkVGGBEoHK' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, o9fI1yvIhFCGn4Lj8I.cs |
High entropy of concatenated method names: 'enFShZH9cB', 'ff0SuUUkHH', 'Ae2SOkAwoN', 'vQWSkKm5Ay', 'XfcS2KAMMc', 'nVeSg1ZQfL', 'iLaCOt7LcTlUfSLaac', 'Mhx1tcyPEOXdEtyN5n', 'AOPoATGyn5Dr9cLuQ5', 'pI3SSHISBU' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, sbP0BMFZWXXPlLosyI.cs |
High entropy of concatenated method names: 'DpLVAQa1xh', 'aiyVqdWXLN', 'qpQVMYLlQp', 'N39VCYn3OK', 'q3kVD4HA5h', 'DyeV4BscSc', 'Wn4VlZc1bS', 'kNHVvxfJfo', 'oNSVm6vDpK', 'fnvVZcAeYl' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, knCdjVGr83uL8hhtgn.cs |
High entropy of concatenated method names: 'WXw0K1hMX7', 'alD0WekIPk', 'etV0YUMVTL', 'Thw06l0ppY', 'bSU0Nr1UdS', 'xNJ0h3Yk9G', 'rFu0uNj1WT', 'AUD0L9p0sn', 'jQX0OiuP6m', 'PVA0kfpP3C' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, EP2N8kZihyVdcM1idG.cs |
High entropy of concatenated method names: 'YR5N1GnYKI', 'LxxNybEF8e', 'RNON5OPUi1', 'ToString', 'cIlNdolAZ6', 'RcKNH7G8bx', 'BywWSQZI3G7SFrmadrb', 'usOr7lZ9hQ2J7wMoraq', 'c8A6MhZU2edj2bXVebJ' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, iJAQ07YkZftAiMs5moQ.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'yrnr3CSHWV', 'XnUrcHUgFo', 'OyVr17lhjB', 'AfUryghEWy', 'RaXr5Y9XA3', 'O1urds94Gx', 'YQjrHK7qmG' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, sW8unUTVCmAe5wJ2kF.cs |
High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'Ax2GarCKHH', 'sMcGJpgUx7', 'AIWGzj3W4M', 'BYbbT69Si4', 'Dj5bS11gX1', 'ykhbGOpRYb', 'YsSbbh072T', 'P1f8RgOu7Vv5tcGXTlT' |
Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, KWjDk4zb0JGixMxZ7j.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'a3TjVatgX3', 'f2oj2h02U9', 'zHTjgcjwR9', 'D6kjFPJYem', 'Vanj0B7qac', 'GQdjjYvP3s', 'HEyjrIHOVT' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, GFmq6jeWw2VPHLdjXQ.cs |
High entropy of concatenated method names: 'PRL0M0SX9U', 'NuD0Ca4lgp', 'S3u0pLnMDB', 'hp20DsVE5H', 'hOB03rn42v', 'ffj04xGQTX', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, SBhr37Eba3HGHsc4GS.cs |
High entropy of concatenated method names: 'FrsFiYwdUH', 'CgEFJFbBj6', 'v1G0TuhbKD', 'IFn0StgSqy', 'prAFZkVctd', 'gQbFxw7Btq', 'pkuFByijjg', 'rc3F3v6M8i', 'MvNFcZrPNx', 'zniF1Nn5Us' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, SokUCaY3uiJOKtiAys2.cs |
High entropy of concatenated method names: 'eDWjUoqhn4', 'nFyjsbI1r5', 'HiojPcDeCw', 'eW2jEELp8N', 'gx5jtvIBvd', 'IxjjngxuBg', 'o0KjfiX5ye', 'RFijAgOQES', 'vRajq8Fcec', 'cOYjQf5x9T' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, YSg4KxWDvO5g0WLFjV.cs |
High entropy of concatenated method names: 'cweYEQc6ed', 'HjDYnXUG6F', 'fMMYAaLRY6', 'AdFYqZUW1F', 'RN3Y2a2CwI', 'QjkYgWVBDN', 'PNvYF7Qi9l', 'TmfY08ys7p', 'wXtYjouk3Z', 'fE9Yr18YDF' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, K0BC4Ea55hp7C27VHS.cs |
High entropy of concatenated method names: 'TQKNo1LuXs', 'kQtNUhxOUD', 'KI1NPFiESx', 'OyqNETO8S4', 'npmNn4TV2v', 'mYCNfHbjhD', 'Q7uNqoAhdw', 'SfrNQKxNU3', 'UrfqPBZeGWxXjrgcSRs', 'UQ5KDuZq40ZgwfJdeiB' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, gKGHQrtfF8pAIlCF7W.cs |
High entropy of concatenated method names: 'ay4jSBJLtc', 'QehjbSroLC', 'lCAje9gyo9', 'DGYjKLWkry', 'K7sjWu06va', 'nD8j6wAQ9Y', 'OBljNvBXQk', 'GcG0H2dZd6', 'G1o0igXqop', 'RZf0aqYqL4' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, mg7ueT58ImXGqb211X.cs |
High entropy of concatenated method names: 'N4IFONfuOj', 'D91FkosvTG', 'ToString', 'NDYFKb8j0E', 'gA0FWa4Sf0', 'HcjFYjbqZK', 'PmWF6MVbbI', 'uiQFNbM75v', 'xGwFh4tYNp', 'DoGFugXCgZ' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, LIgXRi1giEMrRmxvTU.cs |
High entropy of concatenated method names: 'BAX2my8DYJ', 'PAu2xNOBiy', 'oHf23v0pYJ', 'G6V2ckQNRu', 'jtc2CcDpVO', 'z0N2pacRBT', 'dvQ2DmDIIE', 'c1124pxbyn', 'AGX29ygSkw', 'WEM2lE8isd' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, eNAIGeMhT6QTnJZQ2c.cs |
High entropy of concatenated method names: 'S5bPtZHrU', 'Xu4E0Z48e', 'oPfnqwjRY', 'D9qfdNRD9', 'RyZqD81iX', 'x1CQbZpV3', 'cwDIZU5gTwhp5CqvsF', 'LwFq4PIDUU5RVsWInQ', 'FmO0Qc1iG', 'SXsr21pK9' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, CY9iQ9UQIfrGylb4q6.cs |
High entropy of concatenated method names: 'vpWhK7orJA', 'dvrhY5ZOms', 'MebhN8rPCo', 'yt1NJsdvTr', 'qovNzBxmLh', 'GiKhTD63Sb', 'YkohSFYS9F', 'FHJhGlO2cB', 'towhb2BRAP', 'eEbheCq6ha' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, mleEQrRUKsxHalQgKV.cs |
High entropy of concatenated method names: 'sR2hUjkjuY', 'CI7hswiGpZ', 'udihPInVh4', 'u1MhEAlS8C', 'RCchtH9qYP', 'YgGhnIoph7', 'G0Ghf5q8jx', 'pAAhAk5lSV', 'RZFhq2f2o4', 'fVchQpnF2G' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, sZO3HFIRxWuEpruDfq.cs |
High entropy of concatenated method names: 'hXybwoSpjL', 'wwLbKT9WiK', 'A66bWtOqX8', 'Gi9bYQAxOl', 'YQJb61AoqN', 'RmNbNdJuAm', 'h6AbhK2Ief', 'kQHbuDpAmO', 'NnmbLym8SI', 'gh6bO74BP5' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, dTtXywlp86sra2ZdK5.cs |
High entropy of concatenated method names: 'YfvW3Nv924', 'k5HWcdw4bv', 'UjCW1lP4XK', 'XX4WyG6Vc1', 'BLNW59pmUg', 'R5aWdX9baC', 'FNqWH3Yeyj', 'qTsWikWrAt', 'Ix9WaKtdJK', 'yVoWJxDpV8' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, vCntCIAQv8LQSynJxw.cs |
High entropy of concatenated method names: 'b8tNwgwHEK', 'lKlNWSxC3u', 'aFsN6K63RU', 'I4gNhheH02', 'CONNuBxD25', 'sfI652WpJf', 'q6a6dcQdbc', 'NYA6HrqfEI', 'CG96i8YQBS', 'eRV6aL0xFc' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, sIoks92u7sGwTcwfTc.cs |
High entropy of concatenated method names: 'Dispose', 'PUwSaYWp5V', 'uy7GC2ZiSR', 'KU977WqTaB', 'gvQSJ5BSZb', 'ra0SzybWl7', 'ProcessDialogKey', 'Er8GTL9Oe5', 'lqtGSfZrZc', 'RkVGGBEoHK' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, o9fI1yvIhFCGn4Lj8I.cs |
High entropy of concatenated method names: 'enFShZH9cB', 'ff0SuUUkHH', 'Ae2SOkAwoN', 'vQWSkKm5Ay', 'XfcS2KAMMc', 'nVeSg1ZQfL', 'iLaCOt7LcTlUfSLaac', 'Mhx1tcyPEOXdEtyN5n', 'AOPoATGyn5Dr9cLuQ5', 'pI3SSHISBU' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, sbP0BMFZWXXPlLosyI.cs |
High entropy of concatenated method names: 'DpLVAQa1xh', 'aiyVqdWXLN', 'qpQVMYLlQp', 'N39VCYn3OK', 'q3kVD4HA5h', 'DyeV4BscSc', 'Wn4VlZc1bS', 'kNHVvxfJfo', 'oNSVm6vDpK', 'fnvVZcAeYl' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, knCdjVGr83uL8hhtgn.cs |
High entropy of concatenated method names: 'WXw0K1hMX7', 'alD0WekIPk', 'etV0YUMVTL', 'Thw06l0ppY', 'bSU0Nr1UdS', 'xNJ0h3Yk9G', 'rFu0uNj1WT', 'AUD0L9p0sn', 'jQX0OiuP6m', 'PVA0kfpP3C' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, EP2N8kZihyVdcM1idG.cs |
High entropy of concatenated method names: 'YR5N1GnYKI', 'LxxNybEF8e', 'RNON5OPUi1', 'ToString', 'cIlNdolAZ6', 'RcKNH7G8bx', 'BywWSQZI3G7SFrmadrb', 'usOr7lZ9hQ2J7wMoraq', 'c8A6MhZU2edj2bXVebJ' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, iJAQ07YkZftAiMs5moQ.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'yrnr3CSHWV', 'XnUrcHUgFo', 'OyVr17lhjB', 'AfUryghEWy', 'RaXr5Y9XA3', 'O1urds94Gx', 'YQjrHK7qmG' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, sW8unUTVCmAe5wJ2kF.cs |
High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'Ax2GarCKHH', 'sMcGJpgUx7', 'AIWGzj3W4M', 'BYbbT69Si4', 'Dj5bS11gX1', 'ykhbGOpRYb', 'YsSbbh072T', 'P1f8RgOu7Vv5tcGXTlT' |
Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, KWjDk4zb0JGixMxZ7j.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'a3TjVatgX3', 'f2oj2h02U9', 'zHTjgcjwR9', 'D6kjFPJYem', 'Vanj0B7qac', 'GQdjjYvP3s', 'HEyjrIHOVT' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, GFmq6jeWw2VPHLdjXQ.cs |
High entropy of concatenated method names: 'PRL0M0SX9U', 'NuD0Ca4lgp', 'S3u0pLnMDB', 'hp20DsVE5H', 'hOB03rn42v', 'ffj04xGQTX', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, SBhr37Eba3HGHsc4GS.cs |
High entropy of concatenated method names: 'FrsFiYwdUH', 'CgEFJFbBj6', 'v1G0TuhbKD', 'IFn0StgSqy', 'prAFZkVctd', 'gQbFxw7Btq', 'pkuFByijjg', 'rc3F3v6M8i', 'MvNFcZrPNx', 'zniF1Nn5Us' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, SokUCaY3uiJOKtiAys2.cs |
High entropy of concatenated method names: 'eDWjUoqhn4', 'nFyjsbI1r5', 'HiojPcDeCw', 'eW2jEELp8N', 'gx5jtvIBvd', 'IxjjngxuBg', 'o0KjfiX5ye', 'RFijAgOQES', 'vRajq8Fcec', 'cOYjQf5x9T' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, YSg4KxWDvO5g0WLFjV.cs |
High entropy of concatenated method names: 'cweYEQc6ed', 'HjDYnXUG6F', 'fMMYAaLRY6', 'AdFYqZUW1F', 'RN3Y2a2CwI', 'QjkYgWVBDN', 'PNvYF7Qi9l', 'TmfY08ys7p', 'wXtYjouk3Z', 'fE9Yr18YDF' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, K0BC4Ea55hp7C27VHS.cs |
High entropy of concatenated method names: 'TQKNo1LuXs', 'kQtNUhxOUD', 'KI1NPFiESx', 'OyqNETO8S4', 'npmNn4TV2v', 'mYCNfHbjhD', 'Q7uNqoAhdw', 'SfrNQKxNU3', 'UrfqPBZeGWxXjrgcSRs', 'UQ5KDuZq40ZgwfJdeiB' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, gKGHQrtfF8pAIlCF7W.cs |
High entropy of concatenated method names: 'ay4jSBJLtc', 'QehjbSroLC', 'lCAje9gyo9', 'DGYjKLWkry', 'K7sjWu06va', 'nD8j6wAQ9Y', 'OBljNvBXQk', 'GcG0H2dZd6', 'G1o0igXqop', 'RZf0aqYqL4' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, mg7ueT58ImXGqb211X.cs |
High entropy of concatenated method names: 'N4IFONfuOj', 'D91FkosvTG', 'ToString', 'NDYFKb8j0E', 'gA0FWa4Sf0', 'HcjFYjbqZK', 'PmWF6MVbbI', 'uiQFNbM75v', 'xGwFh4tYNp', 'DoGFugXCgZ' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, LIgXRi1giEMrRmxvTU.cs |
High entropy of concatenated method names: 'BAX2my8DYJ', 'PAu2xNOBiy', 'oHf23v0pYJ', 'G6V2ckQNRu', 'jtc2CcDpVO', 'z0N2pacRBT', 'dvQ2DmDIIE', 'c1124pxbyn', 'AGX29ygSkw', 'WEM2lE8isd' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, eNAIGeMhT6QTnJZQ2c.cs |
High entropy of concatenated method names: 'S5bPtZHrU', 'Xu4E0Z48e', 'oPfnqwjRY', 'D9qfdNRD9', 'RyZqD81iX', 'x1CQbZpV3', 'cwDIZU5gTwhp5CqvsF', 'LwFq4PIDUU5RVsWInQ', 'FmO0Qc1iG', 'SXsr21pK9' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, CY9iQ9UQIfrGylb4q6.cs |
High entropy of concatenated method names: 'vpWhK7orJA', 'dvrhY5ZOms', 'MebhN8rPCo', 'yt1NJsdvTr', 'qovNzBxmLh', 'GiKhTD63Sb', 'YkohSFYS9F', 'FHJhGlO2cB', 'towhb2BRAP', 'eEbheCq6ha' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, mleEQrRUKsxHalQgKV.cs |
High entropy of concatenated method names: 'sR2hUjkjuY', 'CI7hswiGpZ', 'udihPInVh4', 'u1MhEAlS8C', 'RCchtH9qYP', 'YgGhnIoph7', 'G0Ghf5q8jx', 'pAAhAk5lSV', 'RZFhq2f2o4', 'fVchQpnF2G' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, sZO3HFIRxWuEpruDfq.cs |
High entropy of concatenated method names: 'hXybwoSpjL', 'wwLbKT9WiK', 'A66bWtOqX8', 'Gi9bYQAxOl', 'YQJb61AoqN', 'RmNbNdJuAm', 'h6AbhK2Ief', 'kQHbuDpAmO', 'NnmbLym8SI', 'gh6bO74BP5' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, dTtXywlp86sra2ZdK5.cs |
High entropy of concatenated method names: 'YfvW3Nv924', 'k5HWcdw4bv', 'UjCW1lP4XK', 'XX4WyG6Vc1', 'BLNW59pmUg', 'R5aWdX9baC', 'FNqWH3Yeyj', 'qTsWikWrAt', 'Ix9WaKtdJK', 'yVoWJxDpV8' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, vCntCIAQv8LQSynJxw.cs |
High entropy of concatenated method names: 'b8tNwgwHEK', 'lKlNWSxC3u', 'aFsN6K63RU', 'I4gNhheH02', 'CONNuBxD25', 'sfI652WpJf', 'q6a6dcQdbc', 'NYA6HrqfEI', 'CG96i8YQBS', 'eRV6aL0xFc' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, sIoks92u7sGwTcwfTc.cs |
High entropy of concatenated method names: 'Dispose', 'PUwSaYWp5V', 'uy7GC2ZiSR', 'KU977WqTaB', 'gvQSJ5BSZb', 'ra0SzybWl7', 'ProcessDialogKey', 'Er8GTL9Oe5', 'lqtGSfZrZc', 'RkVGGBEoHK' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, o9fI1yvIhFCGn4Lj8I.cs |
High entropy of concatenated method names: 'enFShZH9cB', 'ff0SuUUkHH', 'Ae2SOkAwoN', 'vQWSkKm5Ay', 'XfcS2KAMMc', 'nVeSg1ZQfL', 'iLaCOt7LcTlUfSLaac', 'Mhx1tcyPEOXdEtyN5n', 'AOPoATGyn5Dr9cLuQ5', 'pI3SSHISBU' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, sbP0BMFZWXXPlLosyI.cs |
High entropy of concatenated method names: 'DpLVAQa1xh', 'aiyVqdWXLN', 'qpQVMYLlQp', 'N39VCYn3OK', 'q3kVD4HA5h', 'DyeV4BscSc', 'Wn4VlZc1bS', 'kNHVvxfJfo', 'oNSVm6vDpK', 'fnvVZcAeYl' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, knCdjVGr83uL8hhtgn.cs |
High entropy of concatenated method names: 'WXw0K1hMX7', 'alD0WekIPk', 'etV0YUMVTL', 'Thw06l0ppY', 'bSU0Nr1UdS', 'xNJ0h3Yk9G', 'rFu0uNj1WT', 'AUD0L9p0sn', 'jQX0OiuP6m', 'PVA0kfpP3C' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, EP2N8kZihyVdcM1idG.cs |
High entropy of concatenated method names: 'YR5N1GnYKI', 'LxxNybEF8e', 'RNON5OPUi1', 'ToString', 'cIlNdolAZ6', 'RcKNH7G8bx', 'BywWSQZI3G7SFrmadrb', 'usOr7lZ9hQ2J7wMoraq', 'c8A6MhZU2edj2bXVebJ' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, iJAQ07YkZftAiMs5moQ.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'yrnr3CSHWV', 'XnUrcHUgFo', 'OyVr17lhjB', 'AfUryghEWy', 'RaXr5Y9XA3', 'O1urds94Gx', 'YQjrHK7qmG' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, sW8unUTVCmAe5wJ2kF.cs |
High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'Ax2GarCKHH', 'sMcGJpgUx7', 'AIWGzj3W4M', 'BYbbT69Si4', 'Dj5bS11gX1', 'ykhbGOpRYb', 'YsSbbh072T', 'P1f8RgOu7Vv5tcGXTlT' |
Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, KWjDk4zb0JGixMxZ7j.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'a3TjVatgX3', 'f2oj2h02U9', 'zHTjgcjwR9', 'D6kjFPJYem', 'Vanj0B7qac', 'GQdjjYvP3s', 'HEyjrIHOVT' |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 599891 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 599766 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 599656 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 599543 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 599422 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 599312 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 599202 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 599094 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598984 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598875 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598765 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598656 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598547 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598437 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598328 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598219 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598109 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598000 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 597890 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 597781 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 597672 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 597562 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 597446 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 597328 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 597219 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 597094 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 596984 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 596875 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 596766 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 596656 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 596547 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 596438 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 596313 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 596188 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 596078 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 595969 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 595844 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 595734 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 595625 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 595515 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 595406 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 595297 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 595188 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 595063 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 594953 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 594844 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 594719 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 594609 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 594500 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7288 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep count: 31 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -28592453314249787s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -600000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -599891s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7508 |
Thread sleep count: 1400 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7508 |
Thread sleep count: 8446 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -599766s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -599656s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -599543s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -599422s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -599312s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -599202s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -599094s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -598984s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -598875s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -598765s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -598656s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -598547s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -598437s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -598328s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -598219s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -598109s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -598000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -597890s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -597781s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -597672s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -597562s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -597446s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -597328s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -597219s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -597094s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -596984s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -596875s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -596766s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -596656s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -596547s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -596438s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -596313s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -596188s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -596078s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -595969s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -595844s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -595734s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -595625s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -595515s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -595406s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -595297s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -595188s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -595063s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -594953s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -594844s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -594719s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -594609s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504 |
Thread sleep time: -594500s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 599891 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 599766 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 599656 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 599543 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 599422 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 599312 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 599202 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 599094 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598984 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598875 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598765 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598656 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598547 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598437 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598328 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598219 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598109 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 598000 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 597890 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 597781 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 597672 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 597562 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 597446 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 597328 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 597219 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 597094 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 596984 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 596875 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 596766 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 596656 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 596547 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 596438 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 596313 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 596188 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 596078 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 595969 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 595844 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 595734 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 595625 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 595515 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 595406 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 595297 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 595188 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 595063 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 594953 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 594844 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 594719 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 594609 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Thread delayed: delay time: 594500 |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Users\user\Desktop\e-dekont.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Users\user\Desktop\e-dekont.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e-dekont.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |