Source: UemxXC3jyR.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: UemxXC3jyR.exe |
String found in binary or memory: http://IasWS.samur.sgicntt |
Source: UemxXC3jyR.exe |
String found in binary or memory: http://correo.ws.emergencias.munimadrid.es/ |
Source: UemxXC3jyR.exe |
String found in binary or memory: http://dgegis.emergencias.munimadrid.es/intervencionesencurso/inicio.html?colectivo=samur&intervenci |
Source: UemxXC3jyR.exe |
String found in binary or memory: http://maps.googleapis.com/maps/api/distancematrix/xml?origins= |
Source: UemxXC3jyR.exe |
String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/ |
Source: UemxXC3jyR.exe |
String found in binary or memory: http://www.madrid.es/UnidadesDescentralizadas/Emergencias/Samur/aqui.html?li= |
Source: UemxXC3jyR.exe |
String found in binary or memory: https://cardiomad.desarrollo.emtmadrid.es/cardioapi/v1/alarms/pcr/ |
Source: UemxXC3jyR.exe |
String found in binary or memory: https://cardiomad.desarrollo.emtmadrid.es/visor/Nhttps://encuesta.com/survey/P6gm6cW1J4/ |
Source: UemxXC3jyR.exe |
String found in binary or memory: https://maps.google.com/maps?saddr= |
Source: UemxXC3jyR.exe, 00000000.00000000.1726937098.0000000000AE5000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameNUEVO STE.EXE vs UemxXC3jyR.exe |
Source: UemxXC3jyR.exe |
Binary or memory string: OriginalFilenameNUEVO STE.EXE vs UemxXC3jyR.exe |
Source: UemxXC3jyR.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine |
Classification label: clean1.winEXE@1/1@0/0 |
Source: C:\Users\user\Desktop\UemxXC3jyR.exe |
Mutant created: NULL |
Source: C:\Users\user\Desktop\UemxXC3jyR.exe |
File created: C:\Users\user\AppData\Local\Temp\~DF8E8EEF2E32582658.TMP |
Jump to behavior |
Source: UemxXC3jyR.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\UemxXC3jyR.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: UemxXC3jyR.exe |
String found in binary or memory: chrome.exe -start-maximized -url https://maps.google.com/maps?saddr= |
Source: UemxXC3jyR.exe |
String found in binary or memory: chrome.exe -start -maximized -url https://maps.google.com/maps?saddr= ImgRuta_DragDrop\UPDATE PROTOCOLO SET COD_PDI = 2 WHERE PKID = FUPDATE PROTOCOLO SET COD_ESQUINA = NUPDATE PROTOCOLO_2_1 SET COD_ESQUINA = |
Source: UemxXC3jyR.exe |
String found in binary or memory: chrome.exe --start-maximized -url https://maps.google.com/maps?saddr= |
Source: UemxXC3jyR.exe |
String found in binary or memory: respuestaDchrome.exe --start-maximized -url VEleja hora de entrada o quitarsela para la |
Source: C:\Users\user\Desktop\UemxXC3jyR.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\UemxXC3jyR.exe |
Section loaded: msvbvm60.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\UemxXC3jyR.exe |
Section loaded: vb6zz.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\UemxXC3jyR.exe |
Section loaded: vb6es.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\UemxXC3jyR.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\UemxXC3jyR.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\UemxXC3jyR.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\UemxXC3jyR.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\UemxXC3jyR.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\UemxXC3jyR.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\UemxXC3jyR.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\UemxXC3jyR.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\UemxXC3jyR.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\UemxXC3jyR.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\UemxXC3jyR.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: UemxXC3jyR.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: UemxXC3jyR.exe |
Static file information: File size 7110656 > 1048576 |
Source: UemxXC3jyR.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x6c5000 |
Source: C:\Users\user\Desktop\UemxXC3jyR.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |