Windows Analysis Report
Comprobante.exe

AV Detection

Source: Comprobante.exe

Avira: detected

Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe

Avira: detection malicious, Label: TR/Dropper.MSIL.Gen

Source: 0.2.Comprobante.exe.28ed550.2.raw.unpack

Malware Configuration Extractor: XenoRAT {"C2 url": "dns.requimacofradian.site", "Mutex Name": "Xeno_rat_nd8818g", "Install Folder": "appdata", "Install File": "uic"}

Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe

ReversingLabs: Detection: 65%

Source: Comprobante.exe

ReversingLabs: Detection: 65%

Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe

Joe Sandbox ML: detected

Source: Comprobante.exe

Joe Sandbox ML: detected

Compliance

Source: Comprobante.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Comprobante.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Software Vulnerabilities

Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 4x nop then jmp 027017B0h		1_2_02700B60
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 4x nop then jmp 013B17B0h		2_2_013B0B60
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 4x nop then jmp 013B17B0h		2_2_013B0B51
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 4x nop then jmp 01B317B0h		9_2_01B30B60
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 4x nop then jmp 00F317B0h		11_2_00F30B60
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 4x nop then jmp 026817B0h		21_2_02680B60
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 4x nop then jmp 014717B0h		23_2_01470B60

Networking

Source: Traffic

Snort IDS: 2856829 ETPRO TROJAN XenoRAT Related CnC Domain in DNS Lookup 192.168.2.4:63756 -> 1.1.1.1:53

Source: Malware configuration extractor

URLs: dns.requimacofradian.site

Source: global traffic

TCP traffic: 192.168.2.4:49737 -> 91.92.243.131:1243

Source: Joe Sandbox View

IP Address: 91.92.243.131 91.92.243.131

Source: Joe Sandbox View

ASN Name: THEZONEBG THEZONEBG

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: dns.requimacofradian.site

Source: Comprobante.exe, 00000015.00000002.2231264271.0000000000A96000.00000004.00000020.00020000.00000000.sdmp

String found in binary or memory: http://go.microsoft.c3

System Summary

Source: Comprobante.exe	Static PE information: section name: 2Ki3}
Source: Comprobante.exe.1.dr	Static PE information: section name: 2Ki3}

Source: Comprobante.exe	Static PE information: section name:
Source: Comprobante.exe.1.dr	Static PE information: section name:

Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_0A8FC3C0 NtReadVirtualMemory,		0_2_0A8FC3C0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_0A8FCF20 NtSetContextThread,		0_2_0A8FCF20
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_0A8FC578 NtResumeThread,		0_2_0A8FC578
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_0A8FCD78 NtWriteVirtualMemory,		0_2_0A8FCD78
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AACF20 NtSetContextThread,		19_2_07AACF20
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AAC578 NtResumeThread,		19_2_07AAC578
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AACD78 NtWriteVirtualMemory,		19_2_07AACD78
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AAC3C0 NtReadVirtualMemory,		19_2_07AAC3C0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AACF18 NtSetContextThread,		19_2_07AACF18
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AACD63 NtWriteVirtualMemory,		19_2_07AACD63
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AAC571 NtResumeThread,		19_2_07AAC571
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AAC3B8 NtReadVirtualMemory,		19_2_07AAC3B8

Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_00F260B0		0_2_00F260B0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_00F2CC98		0_2_00F2CC98
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_00F25858		0_2_00F25858
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_00F20848		0_2_00F20848
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_00F23934		0_2_00F23934
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_00F26A78		0_2_00F26A78
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_00F2EFF8		0_2_00F2EFF8
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_00F2B730		0_2_00F2B730
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_00F288E0		0_2_00F288E0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_00F24CA0		0_2_00F24CA0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_00F2A008		0_2_00F2A008
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_00F29D90		0_2_00F29D90
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_00F23978		0_2_00F23978
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_00F257B8		0_2_00F257B8
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_00F29B20		0_2_00F29B20
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_00F25709		0_2_00F25709
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_028BBF28		0_2_028BBF28
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_028B4CA8		0_2_028B4CA8
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_028B9DD8		0_2_028B9DD8
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_028B12B0		0_2_028B12B0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_028B12C0		0_2_028B12C0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_028BE3D0		0_2_028BE3D0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_028B0006		0_2_028B0006
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_028B0040		0_2_028B0040
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_028BE160		0_2_028BE160
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_028B1742		0_2_028B1742
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_028B1750		0_2_028B1750
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_028B14E0		0_2_028B14E0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_028BE5B0		0_2_028BE5B0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_028BEB68		0_2_028BEB68
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_028BCE08		0_2_028BCE08
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_028BDF58		0_2_028BDF58
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_028B0C28		0_2_028B0C28
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_028B0C38		0_2_028B0C38
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_0A8FEAD8		0_2_0A8FEAD8
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_0A8FB720		0_2_0A8FB720
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_0A8F0CD0		0_2_0A8F0CD0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_0A8FD4D0		0_2_0A8FD4D0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_0A8FA580		0_2_0A8FA580
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_0A8F17D8		0_2_0A8F17D8
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_0A8F0CC1		0_2_0A8F0CC1
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_0A8F0508		0_2_0A8F0508
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 1_2_02700B60		1_2_02700B60
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 2_2_013B0B60		2_2_013B0B60
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 2_2_013B2030		2_2_013B2030
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 2_2_013B0B51		2_2_013B0B51
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_00A260B0		6_2_00A260B0
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_00A2CC98		6_2_00A2CC98
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_00A20848		6_2_00A20848
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_00A25858		6_2_00A25858
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_00A23934		6_2_00A23934
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_00A26A78		6_2_00A26A78
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_00A2EFF8		6_2_00A2EFF8
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_00A2B730		6_2_00A2B730
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_00A24CA0		6_2_00A24CA0
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_00A288E0		6_2_00A288E0
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_00A2A008		6_2_00A2A008
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_00A29D90		6_2_00A29D90
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_00A23978		6_2_00A23978
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_00A257B8		6_2_00A257B8
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_00A29B20		6_2_00A29B20
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_00A25709		6_2_00A25709
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_0228BF28		6_2_0228BF28
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_02284CA8		6_2_02284CA8
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_02289DD8		6_2_02289DD8
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_022812B0		6_2_022812B0
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_022812C0		6_2_022812C0
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_0228E3D0		6_2_0228E3D0
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_0228001F		6_2_0228001F
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_02280040		6_2_02280040
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_0228E160		6_2_0228E160
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_02281748		6_2_02281748
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_02281750		6_2_02281750
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_022814E0		6_2_022814E0
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_0228E5B0		6_2_0228E5B0
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_0228EB68		6_2_0228EB68
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_0228DF58		6_2_0228DF58
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_02280C28		6_2_02280C28
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_02280C38		6_2_02280C38
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 9_2_01B30B60		9_2_01B30B60
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 11_2_00F30B60		11_2_00F30B60
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_031FBF28		19_2_031FBF28
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_031F9DD8		19_2_031F9DD8
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_031F4CA8		19_2_031F4CA8
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_031FE3D0		19_2_031FE3D0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_031F12B0		19_2_031F12B0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_031F12C0		19_2_031F12C0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_031FE160		19_2_031FE160
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_031F0006		19_2_031F0006
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_031F0040		19_2_031F0040
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_031F1750		19_2_031F1750
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_031F1743		19_2_031F1743
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_031FE5B0		19_2_031FE5B0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_031F14D0		19_2_031F14D0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_031F14E0		19_2_031F14E0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_031FEB68		19_2_031FEB68
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_031F0BA8		19_2_031F0BA8
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_031FDF58		19_2_031FDF58
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_031F0C38		19_2_031F0C38
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_031F4C98		19_2_031F4C98
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_056EB730		19_2_056EB730
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_056ECC98		19_2_056ECC98
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_056EEFF8		19_2_056EEFF8
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_056E5FF3		19_2_056E5FF3
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_056E0848		19_2_056E0848
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_056E5858		19_2_056E5858
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_056E3BE5		19_2_056E3BE5
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_056E6A78		19_2_056E6A78
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_056E5709		19_2_056E5709
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_056E57B8		19_2_056E57B8
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_056EA008		19_2_056EA008
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_056E60B0		19_2_056E60B0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_056E9D90		19_2_056E9D90
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_056E4CA0		19_2_056E4CA0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_056E0838		19_2_056E0838
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_056E88E0		19_2_056E88E0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_056E9B20		19_2_056E9B20
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AAB720		19_2_07AAB720
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AAA580		19_2_07AAA580
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AA0CD0		19_2_07AA0CD0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AAD4D0		19_2_07AAD4D0
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AAEAD8		19_2_07AAEAD8
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AA17D8		19_2_07AA17D8
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AAB714		19_2_07AAB714
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AA0508		19_2_07AA0508
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AAA572		19_2_07AAA572
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AA04F8		19_2_07AA04F8
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AA0CC1		19_2_07AA0CC1
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AAEAC9		19_2_07AAEAC9
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 21_2_02680B60		21_2_02680B60
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 23_2_01470B60		23_2_01470B60

Source: C:\Users\user\Desktop\Comprobante.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 80

Source: Comprobante.exe, 00000000.00000000.1603632390.00000000005D0000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameserver1.exe0 vs Comprobante.exe
Source: Comprobante.exe, 00000000.00000002.1630382049.0000000002B23000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameXeno_manager.exe< vs Comprobante.exe
Source: Comprobante.exe, 00000000.00000002.1630382049.00000000028E1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameXeno_manager.exe< vs Comprobante.exe
Source: Comprobante.exe, 00000000.00000002.1634714734.000000000DB00000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameserver1.exe0 vs Comprobante.exe
Source: Comprobante.exe, 00000000.00000002.1627641217.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Comprobante.exe
Source: Comprobante.exe, 00000001.00000002.1614304395.000000000040E000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameXeno_manager.exe< vs Comprobante.exe
Source: Comprobante.exe, 00000006.00000002.1639776714.00000000026E2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameXeno_manager.exe< vs Comprobante.exe
Source: Comprobante.exe, 00000006.00000002.1639776714.00000000024B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameXeno_manager.exe< vs Comprobante.exe
Source: Comprobante.exe, 00000006.00000002.1638338431.000000000065E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Comprobante.exe
Source: Comprobante.exe, 00000009.00000002.1630377718.0000000001328000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Comprobante.exe
Source: Comprobante.exe, 00000013.00000002.2238250100.00000000032A1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameXeno_manager.exe< vs Comprobante.exe
Source: Comprobante.exe	Binary or memory string: OriginalFilenameserver1.exe0 vs Comprobante.exe
Source: Comprobante.exe.1.dr	Binary or memory string: OriginalFilenameserver1.exe0 vs Comprobante.exe

Source: Comprobante.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Comprobante.exe	Static PE information: Section: 2Ki3} ZLIB complexity 1.000344669117647
Source: Comprobante.exe.1.dr	Static PE information: Section: 2Ki3} ZLIB complexity 1.000344669117647

Source: 0.2.Comprobante.exe.28ed550.2.raw.unpack, Encryption.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 6.2.Comprobante.exe.24bed8c.0.raw.unpack, Encryption.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 19.2.Comprobante.exe.32aec74.0.raw.unpack, Encryption.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.evad.winEXE@28/4@1/1

Source: C:\Users\user\Desktop\Comprobante.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Comprobante.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\Comprobante.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8000:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7280
Source: C:\Users\user\Desktop\Comprobante.exe	Mutant created: \Sessions\1\BaseNamedObjects\Xeno_rat_nd8818g-admin
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5608
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess8108

Source: C:\Users\user\Desktop\Comprobante.exe

File created: C:\Users\user\AppData\Local\Temp\tmp9BE3.tmp

Jump to behavior

Source: Comprobante.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\Comprobante.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Comprobante.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Comprobante.exe

ReversingLabs: Detection: 65%

Source: C:\Users\user\Desktop\Comprobante.exe

File read: C:\Users\user\Desktop\Comprobante.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Comprobante.exe "C:\Users\user\Desktop\Comprobante.exe"
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\Desktop\Comprobante.exe C:\Users\user\Desktop\Comprobante.exe
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\Desktop\Comprobante.exe C:\Users\user\Desktop\Comprobante.exe
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\Desktop\Comprobante.exe C:\Users\user\Desktop\Comprobante.exe
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe "C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe"
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 80
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process created: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process created: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process created: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 80
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /Create /TN "uic" /XML "C:\Users\user\AppData\Local\Temp\tmp9BE3.tmp" /F
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Desktop\Comprobante.exe C:\Users\user\Desktop\Comprobante.exe
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\Desktop\Comprobante.exe C:\Users\user\Desktop\Comprobante.exe
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\Desktop\Comprobante.exe C:\Users\user\Desktop\Comprobante.exe
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\Desktop\Comprobante.exe C:\Users\user\Desktop\Comprobante.exe
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 80
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\Desktop\Comprobante.exe C:\Users\user\Desktop\Comprobante.exe			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\Desktop\Comprobante.exe C:\Users\user\Desktop\Comprobante.exe			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\Desktop\Comprobante.exe C:\Users\user\Desktop\Comprobante.exe			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe "C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe"			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /Create /TN "uic" /XML "C:\Users\user\AppData\Local\Temp\tmp9BE3.tmp" /F			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process created: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process created: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process created: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\Desktop\Comprobante.exe C:\Users\user\Desktop\Comprobante.exe			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\Desktop\Comprobante.exe C:\Users\user\Desktop\Comprobante.exe			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\Desktop\Comprobante.exe C:\Users\user\Desktop\Comprobante.exe			Jump to behavior

Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: amsi.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: gpapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: edputil.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: windows.staterepositoryps.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: appresolver.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: bcp47langs.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: slc.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: sppc.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: onecorecommonproxystub.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: onecoreuapcommonproxystub.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: dnsapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: rasadhlp.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: fwpuclnt.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: amsi.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: gpapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll			Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: amsi.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: gpapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior

Source: C:\Users\user\Desktop\Comprobante.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\Comprobante.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: Comprobante.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Comprobante.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

Source: C:\Users\user\Desktop\Comprobante.exe

Unpacked PE file: 0.2.Comprobante.exe.590000.0.unpack 2Ki3}:EW;.text:ER;.rsrc:R;Unknown_Section3:ER;.reloc:R; vs Unknown_Section0:EW;Unknown_Section1:ER;Unknown_Section2:R;Unknown_Section3:ER;Unknown_Section4:R;

Source: 0.2.Comprobante.exe.28ed550.2.raw.unpack, DllHandler.cs	.Net Code: DllNodeHandler System.Reflection.Assembly.Load(byte[])
Source: 0.2.Comprobante.exe.28ed550.2.raw.unpack, DllHandler.cs	.Net Code: DllNodeHandler
Source: 6.2.Comprobante.exe.24bed8c.0.raw.unpack, DllHandler.cs	.Net Code: DllNodeHandler System.Reflection.Assembly.Load(byte[])
Source: 6.2.Comprobante.exe.24bed8c.0.raw.unpack, DllHandler.cs	.Net Code: DllNodeHandler
Source: 19.2.Comprobante.exe.32aec74.0.raw.unpack, DllHandler.cs	.Net Code: DllNodeHandler System.Reflection.Assembly.Load(byte[])
Source: 19.2.Comprobante.exe.32aec74.0.raw.unpack, DllHandler.cs	.Net Code: DllNodeHandler

Source: Comprobante.exe	Static PE information: section name: 2Ki3}
Source: Comprobante.exe	Static PE information: section name:
Source: Comprobante.exe.1.dr	Static PE information: section name: 2Ki3}
Source: Comprobante.exe.1.dr	Static PE information: section name:

Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_005BA059 push esp; iretd		0_2_005BA070
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_005B9EE0 pushfd ; retf		0_2_005B9EF1
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_00F20A98 push FFFFFFBAh; iretw		0_2_00F20A9D
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_00F26F29 push edx; iretd		0_2_00F26F33
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 0_2_0A8F3598 pushad ; ret		0_2_0A8F35A1
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_00A20A98 push FFFFFFBAh; iretw		6_2_00A20A9D
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Code function: 6_2_00A26F29 push edx; iretd		6_2_00A26F33
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_056E6F29 push edx; iretd		19_2_056E6F33
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_056E0A98 push FFFFFFBAh; iretw		19_2_056E0A9D
Source: C:\Users\user\Desktop\Comprobante.exe	Code function: 19_2_07AA3598 pushad ; ret		19_2_07AA35A1

Source: Comprobante.exe	Static PE information: section name: 2Ki3} entropy: 7.998968593124106
Source: Comprobante.exe.1.dr	Static PE information: section name: 2Ki3} entropy: 7.998968593124106

Persistence and Installation Behavior

Source: C:\Users\user\Desktop\Comprobante.exe

File created: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe

Jump to dropped file

Boot Survival

Source: C:\Users\user\Desktop\Comprobante.exe

Process created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /Create /TN "uic" /XML "C:\Users\user\AppData\Local\Temp\tmp9BE3.tmp" /F

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: F20000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 28E0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 48E0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 4F30000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 5F30000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 6060000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 7060000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 73F0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 83F0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 93F0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: A670000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: B670000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: BB00000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: CB00000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 4F30000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 6060000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 73F0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 83F0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 93F0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 26C0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 28D0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 2720000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 13B0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 2F10000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 2D50000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: 9E0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: 24B0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: 2200000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: 4A80000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: 5A80000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: 5BB0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: 6BB0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: 6F00000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: 7F00000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: 4A80000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: 5BB0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: 6F00000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: 9100000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: A100000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: B100000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: B590000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: C590000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: D590000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: E590000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: 1AF0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: 3460000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: 1CE0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: F30000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: 2BF0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Memory allocated: 4BF0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 31B0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 32A0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 31B0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 5950000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 6950000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 6A80000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 7A80000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 7DD0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 8DD0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 5950000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 6A80000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 7DD0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 9FD0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: AFD0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: BFD0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: C460000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 5950000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 6960000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 7DD0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 2680000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 2800000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 4800000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 1470000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 31F0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory allocated: 2EF0000 memory reserve | memory write watch			Jump to behavior

Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Users\user\Desktop\Comprobante.exe	Window / User API: threadDelayed 2463			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Window / User API: threadDelayed 7380			Jump to behavior

Source: C:\Users\user\Desktop\Comprobante.exe TID: 5076	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 416	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -23980767295822402s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -60000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 2424	Thread sleep count: 2463 > 30			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -59797s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -59656s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -59523s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 2424	Thread sleep count: 7380 > 30			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -59405s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -59296s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -59179s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -59059s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -58771s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -58227s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -58096s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -57968s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -57843s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -57734s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -57610s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -57484s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -57375s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -57265s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -57155s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -57046s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -56937s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -56827s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -56718s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -56609s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -56500s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -56390s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -56281s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -56172s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -56062s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -55952s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -55839s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -55690s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -55515s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -55406s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -55297s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -55187s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -55078s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -54968s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -54859s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -54750s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -54640s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -54531s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -54422s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -54312s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -54203s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -54093s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -53984s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -53875s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -53765s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -53656s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -53546s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -53437s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -53315s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6532	Thread sleep time: -53187s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe TID: 7220	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe TID: 7348	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe TID: 7396	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 8068	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 6792	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe TID: 5172	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 60000			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 59797			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 59656			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 59523			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 59405			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 59296			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 59179			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 59059			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 58771			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 58227			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 58096			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 57968			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 57843			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 57734			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 57610			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 57484			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 57375			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 57265			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 57155			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 57046			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 56937			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 56827			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 56718			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 56609			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 56500			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 56390			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 56281			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 56172			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 56062			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 55952			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 55839			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 55690			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 55515			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 55406			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 55297			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 55187			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 55078			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 54968			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 54859			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 54750			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 54640			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 54531			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 54422			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 54312			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 54203			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 54093			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 53984			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 53875			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 53765			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 53656			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 53546			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 53437			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 53315			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 53187			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: Comprobante.exe, 00000002.00000002.4072276956.0000000000ED5000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging

Source: C:\Users\user\Desktop\Comprobante.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\Comprobante.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\Comprobante.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Source: C:\Users\user\Desktop\Comprobante.exe	Memory written: C:\Users\user\Desktop\Comprobante.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory written: C:\Users\user\Desktop\Comprobante.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory written: C:\Users\user\Desktop\Comprobante.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Memory written: C:\Users\user\Desktop\Comprobante.exe base: 400000 value starts with: 4D5A			Jump to behavior

Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\Desktop\Comprobante.exe C:\Users\user\Desktop\Comprobante.exe			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\Desktop\Comprobante.exe C:\Users\user\Desktop\Comprobante.exe			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\Desktop\Comprobante.exe C:\Users\user\Desktop\Comprobante.exe			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe "C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe"			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /Create /TN "uic" /XML "C:\Users\user\AppData\Local\Temp\tmp9BE3.tmp" /F			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process created: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process created: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Process created: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\Desktop\Comprobante.exe C:\Users\user\Desktop\Comprobante.exe			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\Desktop\Comprobante.exe C:\Users\user\Desktop\Comprobante.exe			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Process created: C:\Users\user\Desktop\Comprobante.exe C:\Users\user\Desktop\Comprobante.exe			Jump to behavior

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\Comprobante.exe	Queries volume information: C:\Users\user\Desktop\Comprobante.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Queries volume information: C:\Users\user\Desktop\Comprobante.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Queries volume information: C:\Users\user\Desktop\Comprobante.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Queries volume information: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Queries volume information: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe	Queries volume information: C:\Users\user\AppData\Roaming\XenoManager\Comprobante.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Queries volume information: C:\Users\user\Desktop\Comprobante.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Queries volume information: C:\Users\user\Desktop\Comprobante.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Comprobante.exe	Queries volume information: C:\Users\user\Desktop\Comprobante.exe VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\Comprobante.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Source: Yara match	File source: 6.2.Comprobante.exe.24bed8c.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Comprobante.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.Comprobante.exe.32aec74.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Comprobante.exe.28ed550.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Comprobante.exe.24bb3f8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Comprobante.exe.28ed550.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.Comprobante.exe.32ab2e0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Comprobante.exe.24bed8c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.Comprobante.exe.32aec74.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1630382049.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1614304395.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1639776714.00000000026E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1630382049.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1639776714.00000000024B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2238250100.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Comprobante.exe PID: 6900, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Comprobante.exe PID: 3804, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Comprobante.exe PID: 7184, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Comprobante.exe PID: 8048, type: MEMORYSTR

Remote Access Functionality

Source: Yara match	File source: 6.2.Comprobante.exe.24bed8c.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Comprobante.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.Comprobante.exe.32aec74.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Comprobante.exe.28ed550.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Comprobante.exe.24bb3f8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Comprobante.exe.28ed550.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.Comprobante.exe.32ab2e0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.Comprobante.exe.24bed8c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.Comprobante.exe.32aec74.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1630382049.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1614304395.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1639776714.00000000026E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1630382049.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1639776714.00000000024B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2238250100.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Comprobante.exe PID: 6900, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Comprobante.exe PID: 3804, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Comprobante.exe PID: 7184, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Comprobante.exe PID: 8048, type: MEMORYSTR