Source: peugeot_update.exe, 00000000.00000003.2170161196.00000000068A0000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: -----BEGIN PUBLIC KEY----- |
memstr_fc5f398d-0 |
Source: C:\Users\user\Desktop\peugeot_update.exe |
EXE: C:\Users\user\AppData\Local\Programs\Peugeot Update\resources\elevate.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\peugeot_update.exe |
EXE: C:\Users\user\AppData\Local\Programs\Peugeot Update\bin\fat32format.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\peugeot_update.exe |
EXE: C:\Users\user\AppData\Local\Programs\Peugeot Update\Uninstall Peugeot Update.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\peugeot_update.exe |
EXE: C:\Users\user\AppData\Local\connect_update-updater\installer.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\peugeot_update.exe |
EXE: C:\Users\user\AppData\Local\Programs\Peugeot Update\Peugeot Update.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\peugeot_update.exe |
EXE: cmd.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\peugeot_update.exe |
EXE: C:\Users\user\AppData\Local\Programs\Peugeot Update\resources\elevate.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\peugeot_update.exe |
EXE: C:\Users\user\AppData\Local\Programs\Peugeot Update\bin\fat32format.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\peugeot_update.exe |
EXE: C:\Users\user\AppData\Local\Programs\Peugeot Update\Uninstall Peugeot Update.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\peugeot_update.exe |
EXE: C:\Users\user\AppData\Local\connect_update-updater\installer.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\peugeot_update.exe |
EXE: C:\Users\user\AppData\Local\Programs\Peugeot Update\Peugeot Update.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\peugeot_update.exe |
EXE: cmd.exe |
Jump to behavior |
Source: peugeot_update.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\peugeot_update.exe |
Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\46cf01d6-a405-5b47-a44f-4dd61ad5f7c2 |
Jump to behavior |
Source: C:\Users\user\Desktop\peugeot_update.exe |
File created: C:\Users\user\AppData\Local\Programs\Peugeot Update\install.log |
Jump to behavior |
Source: C:\Users\user\Desktop\peugeot_update.exe |
File created: C:\Users\user\AppData\Local\Temp\nsi2C55.tmp\7z-out\LICENSE.electron.txt |
Jump to behavior |
Source: C:\Users\user\Desktop\peugeot_update.exe |
File created: C:\Users\user\AppData\Local\Programs\Peugeot Update\LICENSE.electron.txt |
Jump to behavior |
Source: peugeot_update.exe |
Static PE information: certificate valid |
Source: peugeot_update.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: peugeot_update.exe, 00000000.00000003.2293885119.0000000002F35000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\USERS\userOG\DOCUMENTS\PROYECTOS\OVIPUPDATE\SOURCE\NODE_MODULES\DRIVELIST\BUILD\RELEASE\DRIVELIST.PDB source: peugeot_update.exe, 00000000.00000003.2169890669.00000000064A0000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: D:\Tom\src\fat32formatsrc\Release\fat32format.pdb source: peugeot_update.exe, 00000000.00000003.2170714974.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, peugeot_update.exe, 00000000.00000003.2287921597.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: D3DCompiler_47.pdb source: peugeot_update.exe, 00000000.00000003.2247641319.0000000004FC8000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2017\BUILDTOOLS\VC\TOOLS\MSVC\14.16.27023\LIB\X64\LIBVCRUNTIME.AMD64.PDB source: peugeot_update.exe, 00000000.00000003.2169890669.00000000064A0000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: C:\Users\userog\Documents\proyectos\ovipupdate\source\node_modules\drivelist\build\Release\drivelist.pdb source: peugeot_update.exe, 00000000.00000003.2169890669.00000000064A0000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: C:\projects\src\out\Default\libEGL.dll.pdb source: peugeot_update.exe, 00000000.00000003.2251217658.0000000002ED0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: peugeot_update.exe, 00000000.00000003.2248587521.0000000004FCB000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: D3DCompiler_47.pdbGCTL source: peugeot_update.exe, 00000000.00000003.2247641319.0000000004FC8000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2017\BUILDTOOLS\VC\TOOLS\MSVC\14.16.27023\LIB\X64\LIBCMT.AMD64.PDB source: peugeot_update.exe, 00000000.00000003.2169890669.00000000064A0000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: D:\Tom\src\fat32formatsrc\Release\fat32format.pdb8O source: peugeot_update.exe, 00000000.00000003.2170714974.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, peugeot_update.exe, 00000000.00000003.2287921597.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: peugeot_update.exe, 00000000.00000003.2287590072.0000000004FCA000.00000004.00000020.00020000.00000000.sdmp, peugeot_update.exe, 00000000.00000003.2245220572.00000000068A0000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: peugeot_update.exe, 00000000.00000003.2178341393.00000000068A0000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: /OUT:"C:\USERS\userOG\DOCUMENTS\PROYECTOS\OVIPUPDATE\SOURCE\NODE_MODULES\DRIVELIST\BUILD\RELEASE\DRIVELIST.NODE" /NOLOGO KERNEL32.LIB USER32.LIB GDI32.LIB WINSPOOL.LIB COMDLG32.LIB ADVAPI32.LIB SHELL32.LIB OLE32.LIB OLEAUT32.LIB UUID.LIB ODBC32.LIB DELAYIMP.LIB "C:\\USERS\\userOG\\.ELECTRON-GYP\\22.0.0\\X64\\NODE.LIB" KERNEL32.LIB SHELL32.LIB SETUPAPI.LIB DELAYIMP.LIB /DELAYLOAD:NODE.EXE /MANIFEST /MANIFESTUAC:"level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:"C:\USERS\userOG\DOCUMENTS\PROYECTOS\OVIPUPDATE\SOURCE\NODE_MODULES\DRIVELIST\BUILD\RELEASE\DRIVELIST.PDB" /TLBID:1 /RELEASE /DYNAMICBASE /NXCOMPAT /MACHINE:X64 /ignore:4199 /DLL RELEASE\OBJ\DRIVELIST\WIN_DELAY_LOAD_HOOK.OBJRELEASE\OBJ\DRIVELIST\\SRC\DRIVELIST.OBJ"RELEASE\OBJ\DRIVELIST\\SRC\DEVICE-DESCRIPTOR.OBJ"RELEASE\OBJ\DRIVELIST\\SRC\WINDOWS\LIST.OBJC:\USERS\userOG\DOCUMENTS\PROYECTOS\OVIPUPDATE\SOURCE\NODE_MODULES\DRIVELIST\BUILD\RELEASE\NOTHING.LIB source: peugeot_update.exe, 00000000.00000003.2169890669.00000000064A0000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2017\BUILDTOOLS\VC\TOOLS\MSVC\14.16.27023\LIB\X64\LIBCPMT.AMD64.PDB source: peugeot_update.exe, 00000000.00000003.2169890669.00000000064A0000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: peugeot_update.exe, 00000000.00000003.2242935073.00000000059E0000.00000004.00001000.00020000.00000000.sdmp, peugeot_update.exe, 00000000.00000003.2242794750.0000000005120000.00000004.00001000.00020000.00000000.sdmp, peugeot_update.exe, 00000000.00000003.2287712779.0000000002F31000.00000004.00000020.00020000.00000000.sdmp, peugeot_update.exe, 00000000.00000003.2244948482.00000000064A0000.00000004.00001000.00020000.00000000.sdmp |
Source: C:\Users\user\Desktop\peugeot_update.exe |
Code function: 0_2_00405F27 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
0_2_00405F27 |
Source: C:\Users\user\Desktop\peugeot_update.exe |
Code function: 0_2_00406DFF FindFirstFileW,FindClose, |
0_2_00406DFF |
Source: C:\Users\user\Desktop\peugeot_update.exe |
Code function: 0_2_00402C8A FindFirstFileW, |
0_2_00402C8A |
Source: C:\Users\user\AppData\Local\Programs\Peugeot Update\Peugeot Update.exe |
File opened: C:\Users\user |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Programs\Peugeot Update\Peugeot Update.exe |
File opened: C:\Users\user\AppData\Local\Programs |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Programs\Peugeot Update\Peugeot Update.exe |
File opened: C:\Users\user\AppData |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Programs\Peugeot Update\Peugeot Update.exe |
File opened: C:\Users\user\AppData\Local\Programs\Peugeot Update\resources |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Programs\Peugeot Update\Peugeot Update.exe |
File opened: C:\Users\user\AppData\Local\Programs\Peugeot Update |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Programs\Peugeot Update\Peugeot Update.exe |
File opened: C:\Users\user\AppData\Local |
Jump to behavior |
Source: Joe Sandbox View |
IP Address: 172.64.41.3 172.64.41.3 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic |
HTTP traffic detected: GET /peugeot/latest.yml?noCache=1hq28666u HTTP/1.1Host: d1tik0o5ahgjm.cloudfront.netConnection: keep-alivex-user-staging-id: 7acf9cf0-2511-5f21-a178-359e3161dac5User-Agent: electron-builderCache-Control: no-cacheSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-GB |
Source: peugeot_update.exe, 00000000.00000003.2245459091.0000000006D7F000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: V8.MemoryHeapUsedV8.MemoryHeapCommittedmail.google.com.gmaildrive.google.com.docs.plus.inbox.calendarwww.youtube.com.youtube.top10facebook.comtwitter.com equals www.youtube.com (Youtube) |
Source: Peugeot Update.exe, 00000008.00000000.2382203652.00007FF7E3F60000.00000002.00000001.01000000.0000000F.sdmp |
String found in binary or memory: chttps://www.baidu.com/s?ie={inputEncoding}&wd={searchTerms}https://www.baidu.com/s?ie={inputEncoding}&word={searchTerms}https://www.baidu.com/{google:pathWildcard}/s?ie={inputEncoding}&word={searchTerms}{google:baseURL}#q={searchTerms}{google:baseURL}search#q={searchTerms}{google:baseURL}webhp#q={searchTerms}{google:baseURL}s#q={searchTerms}{google:baseURL}s?q={searchTerms}https://go.mail.ru/msearch?q={searchTerms}&{mailru:referralID}https://m.so.com/s?ie={inputEncoding}&q={searchTerms}https://m.so.com/index.php?ie={inputEncoding}&q={searchTerms}https://m.sogou.com/web/{google:pathWildcard}?ie={inputEncoding}&keyword={searchTerms}http://searchatlas.centrum.cz/?q={searchTerms}http://hladaj.atlas.sk/fulltext/?phrase={searchTerms}http://isearch.avg.com/search?q={searchTerms}http://search.avg.com/route/?q={searchTerms}&lng={language}https://isearch.avg.com/search?q={searchTerms}https://search.avg.com/route/?q={searchTerms}&lng={language}http://search.babylon.com/?q={searchTerms}http://search.conduit.com/Results.aspx?q={searchTerms}http://www.delfi.lt/paieska/?q={searchTerms}http://www.delta-search.com/?q={searchTerms}http://www1.delta-search.com/home?q={searchTerms}http://www1.delta-search.com/?q={searchTerms}http://www2.delta-search.com/home?q={searchTerms}http://www2.delta-search.com/?q={searchTerms}http://www.search.delta-search.com/home?q={searchTerms}http://www.search.delta-search.com/?q={searchTerms}http://www.yhs.delta-search.com/home?q={searchTerms}http://www.yhs.delta-search.com/?q={searchTerms}http://mixidj.delta-search.com/home?q={searchTerms}http://mixidj.delta-search.com/?q={searchTerms}http://search.goo.ne.jp/web.jsp?MT={searchTerms}&IE={inputEncoding}http://search.goo.ne.jp/sgt.jsp?MT={searchTerms}&CL=plugin&FM=json&IE={inputEncoding}http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx#q={searchTerms}http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx#q={searchTerms}http://start.iminent.com/?q={searchTerms}http://start.iminent.com/StartWeb/1033/homepage/#q={searchTerms}http://search.incredibar.com/?q={searchTerms}http://mystart.incredibar.com/?search={searchTerms}https://www.neti.ee/cgi-bin/otsing?query={searchTerms}&src=webhttps://www.neti.ee/api/suggestOS?suggestVersion=1&suggestQuery={searchTerms}https://nova.rambler.ru/search?query={searchTerms}https://nova.rambler.ru/suggest?v=3&query={searchTerms}http://www.search-results.com/web?q={searchTerms}http://search |