Analysis

  • max time kernel
    189s
  • max time network
    200s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    02-03-2024 14:42

General

  • Target

    https://www.terabox.com/spanish/sharing/link?surl=22v9qXFNthoVYZL4KjNmLQ

Malware Config

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 17 IoCs
  • Loads dropped DLL 64 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
  • Registers COM server for autorun 1 TTPs 12 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 27 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.terabox.com/spanish/sharing/link?surl=22v9qXFNthoVYZL4KjNmLQ
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4004
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff838fc9758,0x7ff838fc9768,0x7ff838fc9778
      2⤵
        PID:2572
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:2
        2⤵
          PID:3576
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:8
          2⤵
            PID:4592
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:8
            2⤵
              PID:3804
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:1
              2⤵
                PID:2220
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:1
                2⤵
                  PID:4700
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5824 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:1
                  2⤵
                    PID:336
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4664 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:1
                    2⤵
                      PID:3596
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5916 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:1
                      2⤵
                        PID:2924
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=6104 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:1
                        2⤵
                          PID:4304
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5288 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:1
                          2⤵
                            PID:1284
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=6388 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:1
                            2⤵
                              PID:1080
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6776 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:8
                              2⤵
                                PID:3172
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6356 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:8
                                2⤵
                                  PID:2372
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6560 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:1
                                  2⤵
                                    PID:3312
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5396 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:8
                                    2⤵
                                      PID:3184
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5880 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:8
                                      2⤵
                                        PID:4412
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4508 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:1
                                        2⤵
                                          PID:3988
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5336 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:1
                                          2⤵
                                            PID:1548
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5884 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:1
                                            2⤵
                                              PID:4576
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6948 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:1
                                              2⤵
                                                PID:2772
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6328 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:8
                                                2⤵
                                                  PID:832
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7116 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:8
                                                  2⤵
                                                    PID:640
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7092 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:8
                                                    2⤵
                                                      PID:396
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:8
                                                      2⤵
                                                        PID:1648
                                                      • C:\Users\Admin\Downloads\TeraBox_sl_b_1.28.0.3.exe
                                                        "C:\Users\Admin\Downloads\TeraBox_sl_b_1.28.0.3.exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:2188
                                                        • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe
                                                          "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe" -install "createdetectstartup" -install "btassociation" -install "createshortcut" "0" -install "createstartup"
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Adds Run key to start application
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:1532
                                                        • C:\Windows\SysWOW64\regsvr32.exe
                                                          "C:\Windows\system32\regsvr32.exe" "/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunShellExt64.dll"
                                                          3⤵
                                                          • Loads dropped DLL
                                                          PID:4200
                                                          • C:\Windows\system32\regsvr32.exe
                                                            "/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunShellExt64.dll"
                                                            4⤵
                                                            • Loads dropped DLL
                                                            • Modifies system executable filetype association
                                                            • Registers COM server for autorun
                                                            • Modifies registry class
                                                            PID:4396
                                                        • C:\Windows\SysWOW64\regsvr32.exe
                                                          "C:\Windows\system32\regsvr32.exe" "/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunOfficeAddin.dll"
                                                          3⤵
                                                          • Loads dropped DLL
                                                          • Modifies registry class
                                                          PID:4596
                                                        • C:\Windows\SysWOW64\regsvr32.exe
                                                          "C:\Windows\system32\regsvr32.exe" "/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunOfficeAddin64.dll"
                                                          3⤵
                                                          • Loads dropped DLL
                                                          PID:1688
                                                          • C:\Windows\system32\regsvr32.exe
                                                            "/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunOfficeAddin64.dll"
                                                            4⤵
                                                            • Loads dropped DLL
                                                            • Registers COM server for autorun
                                                            • Modifies registry class
                                                            PID:4892
                                                        • C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exe
                                                          "C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exe" --install
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:4112
                                                        • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe
                                                          "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe" reg
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Modifies registry class
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:4600
                                                        • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe
                                                          C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe
                                                          3⤵
                                                          • Checks computer location settings
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Modifies system certificate store
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          • Suspicious use of SendNotifyMessage
                                                          PID:2664
                                                          • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe
                                                            "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=gpu-process --field-trial-handle=2564,16051332870136409488,17454480364097085837,131072 --enable-features=CastMediaRouteProvider --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.28.0.3;PC;PC-Windows;10.0.19041;WindowsTeraBox" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --mojo-platform-channel-handle=2584 /prefetch:2
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Modifies registry class
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:384
                                                          • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe
                                                            "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2564,16051332870136409488,17454480364097085837,131072 --enable-features=CastMediaRouteProvider --lang=en-US --service-sandbox-type=network --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.28.0.3;PC;PC-Windows;10.0.19041;WindowsTeraBox" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --mojo-platform-channel-handle=2984 /prefetch:8
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:3312
                                                          • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe
                                                            "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --field-trial-handle=2564,16051332870136409488,17454480364097085837,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.28.0.3;PC;PC-Windows;10.0.19041;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Roaming\TeraBox\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
                                                            4⤵
                                                            • Checks computer location settings
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:8
                                                          • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe
                                                            "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --field-trial-handle=2564,16051332870136409488,17454480364097085837,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.28.0.3;PC;PC-Windows;10.0.19041;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Roaming\TeraBox\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
                                                            4⤵
                                                            • Checks computer location settings
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:5008
                                                          • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe
                                                            -PluginId 1502 -PluginPath "C:\Users\Admin\AppData\Roaming\TeraBox\kernel.dll" -ChannelName terabox.2664.0.600785321\2017088104 -QuitEventName TERABOX_KERNEL_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.0.28" -PcGuid "TBIMXV2-O_7D6E870CA65342A99018A79F05A5E703-C_0-D_QM00013-M_42032C623A80-V_628B780F" -Version "1.28.0.3" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:2160
                                                          • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe
                                                            "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe" -PluginId 1502 -PluginPath "C:\Users\Admin\AppData\Roaming\TeraBox\kernel.dll" -ChannelName terabox.2664.0.600785321\2017088104 -QuitEventName TERABOX_KERNEL_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.0.28" -PcGuid "TBIMXV2-O_7D6E870CA65342A99018A79F05A5E703-C_0-D_QM00013-M_42032C623A80-V_628B780F" -Version "1.28.0.3" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:5156
                                                          • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe
                                                            "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe" -PluginId 1501 -PluginPath "C:\Users\Admin\AppData\Roaming\TeraBox\module\VastPlayer\VastPlayer.dll" -ChannelName terabox.2664.1.1597034431\1294634327 -QuitEventName TERABOX_VIDEO_PLAY_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.0.28" -PcGuid "TBIMXV2-O_7D6E870CA65342A99018A79F05A5E703-C_0-D_QM00013-M_42032C623A80-V_628B780F" -Version "1.28.0.3" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1
                                                            4⤵
                                                            • Executes dropped EXE
                                                            PID:5524
                                                          • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe
                                                            "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --field-trial-handle=2564,16051332870136409488,17454480364097085837,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.28.0.3;PC;PC-Windows;10.0.19041;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Roaming\TeraBox\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
                                                            4⤵
                                                            • Checks computer location settings
                                                            • Executes dropped EXE
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:5808
                                                          • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe
                                                            "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --field-trial-handle=2564,16051332870136409488,17454480364097085837,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.28.0.3;PC;PC-Windows;10.0.19041;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Roaming\TeraBox\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
                                                            4⤵
                                                            • Checks computer location settings
                                                            • Executes dropped EXE
                                                            PID:5972
                                                          • C:\Users\Admin\AppData\Roaming\TeraBox\AutoUpdate\AutoUpdate.exe
                                                            "C:\Users\Admin\AppData\Roaming\TeraBox\AutoUpdate\AutoUpdate.exe" -client_info "C:\Users\Admin\AppData\Local\Temp\TeraBox_status" -update_cfg_url "aHR0cHM6Ly90ZXJhYm94LmNvbS9hdXRvdXBkYXRl" -srvwnd 202ac -unlogin
                                                            4⤵
                                                            • Executes dropped EXE
                                                            PID:1928
                                                        • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe
                                                          C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          PID:1288
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4724 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:2
                                                        2⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:4100
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5676 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:8
                                                        2⤵
                                                          PID:2456
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:8
                                                          2⤵
                                                            PID:4520
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4816 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:8
                                                            2⤵
                                                              PID:4960
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:8
                                                              2⤵
                                                                PID:64
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3920 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:1
                                                                2⤵
                                                                  PID:5148
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7036 --field-trial-handle=1772,i,7846827381661976478,10663502558825533217,131072 /prefetch:8
                                                                  2⤵
                                                                    PID:5320
                                                                  • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe
                                                                    "C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe" "terabox://launch-app/"
                                                                    2⤵
                                                                    • Executes dropped EXE
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:5260
                                                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                  1⤵
                                                                    PID:1244

                                                                  Network

                                                                  MITRE ATT&CK Enterprise v15

                                                                  Replay Monitor

                                                                  Loading Replay Monitor...

                                                                  Downloads

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ae

                                                                    Filesize

                                                                    195KB

                                                                    MD5

                                                                    89d79dbf26a3c2e22ddd95766fe3173d

                                                                    SHA1

                                                                    f38fd066eef4cf4e72a934548eafb5f6abb00b53

                                                                    SHA256

                                                                    367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

                                                                    SHA512

                                                                    ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    0c3a5be1409119fc01206bd4eea993c3

                                                                    SHA1

                                                                    a4d80d2b7b6c494602cfc8840dbe38d616dc7f7a

                                                                    SHA256

                                                                    b1c3f8358e4b852b3ff8eeea9e406b1e81ac7bd6a3dfcb01dfc1da78dd81f252

                                                                    SHA512

                                                                    73b7b8c6846839492b69d0ee1b9bf38805d7446263795d78461f2f278ad4e0e1de5170662fe81f3959d6ce6df0bdc01f485e0667f2b5c2e149f14ac9c9adb395

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                    Filesize

                                                                    1008B

                                                                    MD5

                                                                    9e2ffec620842b44cad68e1692b6d08e

                                                                    SHA1

                                                                    406bba4734b43a856f8579c1aa27ba957090cd40

                                                                    SHA256

                                                                    2d055ee73c9e8a1068b8f177e1c6fe77f6f1c40f8aa5324f80732f9acf52d734

                                                                    SHA512

                                                                    2ee967580c0b58789704725d6e7db0b05fdb5c62e438ba489dbe50d16d70da76177e095ad56850970e8a4d3817cce48c9adc6c0b74e9005decf18b27558f4d45

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.mediafire.com_0.indexeddb.leveldb\CURRENT

                                                                    Filesize

                                                                    16B

                                                                    MD5

                                                                    46295cac801e5d4857d09837238a6394

                                                                    SHA1

                                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                    SHA256

                                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                    SHA512

                                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.mediafire.com_0.indexeddb.leveldb\MANIFEST-000001

                                                                    Filesize

                                                                    23B

                                                                    MD5

                                                                    3fd11ff447c1ee23538dc4d9724427a3

                                                                    SHA1

                                                                    1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                                                    SHA256

                                                                    720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                                                    SHA512

                                                                    10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    1dafaa5a0244fd36bc85335fdb7163cc

                                                                    SHA1

                                                                    f6b59660117ffef4aa4c1fc30b70527d2b6f6cf5

                                                                    SHA256

                                                                    927181d27d44b329d29996f4a5febdcdaf207c7d0574f38afc36f9b172d8c0dc

                                                                    SHA512

                                                                    5ab855e7c6fdd3f61cb0f033299bc410b2064b4e96599d67985be8cddd6cbc50e02cdb209e026b8385de715c13473834a6ab67114ce33aee337d5a7a468c01e3

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                    Filesize

                                                                    5KB

                                                                    MD5

                                                                    dbe3a000fac8e8593c8b5cd71b389135

                                                                    SHA1

                                                                    93b603577fb7ece7d0a326fe529da5bd375b7bcd

                                                                    SHA256

                                                                    6ef63031f1aecbc6f2313cf680d97d09fa3231da8f1a1a80818f4ef7b36ed083

                                                                    SHA512

                                                                    6c3e7f65f978428aebfcba1a9f7835f8d032a2832df7a3e3ce7e5a47c4a6e55d3983baf23122fc7fcd6caa54b9a2d162bc50cd6e9a4bb82f099d162d29c895ca

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    4b6b39ec87d074a13c90359456b97a3c

                                                                    SHA1

                                                                    47ea1e490ac3ca8cfc546d43deaa9fdbdc394771

                                                                    SHA256

                                                                    b527f78806399491e9f92c49b05771fe12803291fa062177c4ce6d6111ed8bc3

                                                                    SHA512

                                                                    1e9897cbeaccd1dadb0a97fab1bd7352b730ca281232b9cb8c17f7b6ba016c7034d77e1d184eca055176457d49199bd8fb93ed84c21543cf5d31227030492170

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    20fd456110818698294608a150446431

                                                                    SHA1

                                                                    7092496dddec868c1cfbe48655aa68a91ade3b92

                                                                    SHA256

                                                                    a38f72ebfd9b51ba0267e041cefc08d0414d2d56a719265aedefa5bcea66230a

                                                                    SHA512

                                                                    bc115b23fe538215850544eff44e073005723e1232959002c19c3dcfa945de620796d5302dd6b4436e98b0f5f6e63c2e347b35c0025dd3d4cdbd44e870d236a5

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                    Filesize

                                                                    2KB

                                                                    MD5

                                                                    78a2c99a8e8807b1f2d3e611b3533959

                                                                    SHA1

                                                                    b95884b2f9408819ec52801003f80f4ed850f900

                                                                    SHA256

                                                                    40224ec0ac800be6aba19687ad967446a31c03f006f41a7465a2eec89208be4a

                                                                    SHA512

                                                                    d03518dd4bce03c940805c86f08d0ded4635054f13178239aadf25fe6fe3456f338b1d96e84e6f5238fcfa298f84a5ba794bc991b7e144f8c759e45b42c7ceb5

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    5e6c6ab4dda4475eb75f5052b4d548e7

                                                                    SHA1

                                                                    30cdf23f74c86a1bd898823eb6ed1b49cef8a9d3

                                                                    SHA256

                                                                    aeffab299188a5a400dbc4ca6c7a4d34189b221de19ae7116785c55a1af40c6d

                                                                    SHA512

                                                                    d5fe114424f77bd09b2c2f7921ab5fc1ed62f440d0a5288a3ae637f47084ae005d35eef649c5928af377f54114de8e35d37bea89a5abb2cbee21cd800f4d12f2

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    f269ef88c836b98e1f45af16d63714a6

                                                                    SHA1

                                                                    9951d912b78f67b0f114b0cd036ea980d2433a18

                                                                    SHA256

                                                                    0d57b8197d89777fbffe46be9e54fdccb9de22f7e1c9b4a6baa6769e47500528

                                                                    SHA512

                                                                    358b85fc97b1bca28027655864346479c6107876a0d6a3432de8ff6d6e25cadafa04e2b311387f4733086dcb6a4df74392dd00c6151ff0105668064c6338c4f7

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    e6fc64ab3030733a40334f8a08cb8ef6

                                                                    SHA1

                                                                    172f34669f4cc0face85d146b9e4d04f6bebe0f3

                                                                    SHA256

                                                                    230033e4a9a1bd1bf3d26e733b858ce7929df8876e38832ff2b0ca460fb699b9

                                                                    SHA512

                                                                    7c5702154be035129aae64e93d733e6d2f6ad9d410fbc1e30ded4b0b44cf5c56c17fec2bf1fef239a175e30d8909e1ac603114726e1dfa4c92b2d392dd62fbe3

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    634ec6d0f11f98bf16a3fe0b9b390d6a

                                                                    SHA1

                                                                    b9bc4310b0f9f2f9f3a0f8fa7587a546783bbd2d

                                                                    SHA256

                                                                    612dbfbc0a55e229def41255b4e58128befb75aaf0e21420e337735398f30907

                                                                    SHA512

                                                                    095ac60ab8dfc46293b653667423e653554531bd99f6760273cdf6a0a6044c6708576afb12e7360fc534d2251f3f112bf20c4f65121f5509fbdbfdbcc869465c

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    1c7c399a518b718c216e5efee7c29070

                                                                    SHA1

                                                                    f0153d78a72693e7c5713d1f28557363a1a46905

                                                                    SHA256

                                                                    062f7387fde12293bb6389d8d03e3a67b9eea5beaefe8b49545f9b6808e0f7e9

                                                                    SHA512

                                                                    8c565761487f04bde7053aa81788d01c8d0766d3a80acf2b4f13fc8a11bf370bba6647f6e0718eb587f3078b4f02b99e92c6cd10f6420587cd543f4e330f3d48

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    106ae9456cfe155e02101fbe329e69a6

                                                                    SHA1

                                                                    65281cfb4e992046287625907aa9c21513e087f6

                                                                    SHA256

                                                                    ba90237adc43762a2aea99041d5b8052de8b9045e668f106eb7b7c6d8b1318f7

                                                                    SHA512

                                                                    f434be227b906c196e4d8f016406c3c233a2ed0b14c7c673c9891cc9c0b3fec365e61aaf8b5e7749dc4178536f491e7dabd0f242c434ab3429519cb3525cd6bb

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    93725ea2e0433a5dae4c01e0ead1e53e

                                                                    SHA1

                                                                    859941c8bbcbc6530244b76db683dd485922cede

                                                                    SHA256

                                                                    69a4b9b18ce40f1b479f9afd0cc763718d811b60549af4396e5111a0e1e37817

                                                                    SHA512

                                                                    14c8c704bfa498388901a5825a91c7b3200caaae681f1b69e9f9457fcd72065b2dd28321e7858efc07f5377da0167261a02ca754c2e2a9d7557328bcf2934f62

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    00b2e125666577286db0660c9382ec40

                                                                    SHA1

                                                                    d2d7b586ae7c8d242f7d4d74254036ad5df2c644

                                                                    SHA256

                                                                    b900ef624bce9bbc694e2f3590fd8e9e36869f781b02d7391a109fc334a234a7

                                                                    SHA512

                                                                    01cbd2fe72f6cb58a197b2f38b934ec910033881bdc42895c92a0b0730eef978584554c8bc471d3214fe3dc63a897bc2da0348c805fa428863913cd7c0ba9e5d

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                    Filesize

                                                                    17KB

                                                                    MD5

                                                                    12c7b58ed83cbdef2a9c29f29d01aff9

                                                                    SHA1

                                                                    fe4e122e9b5063f2e34f380f0ce3728ece817202

                                                                    SHA256

                                                                    08193eaa19ae27d35ce4de5778d9b6172d5e6ad2adb54a3375b41db7883e485e

                                                                    SHA512

                                                                    8042625aa9eed313f7545b8a16ff56e0c2363b332c2f1b238464253e87154f8acdb220ffb2b709004dc389284268f415cf65c4b28c564be6c9f8f725dd37b923

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                    Filesize

                                                                    128KB

                                                                    MD5

                                                                    a143c8f671cb9602d9fcc9d95c527a03

                                                                    SHA1

                                                                    be8f17cc581b10185a2b382973d8f26b12472e05

                                                                    SHA256

                                                                    ed27c41e8ce3dee7e8a7187b4032a35eb666a91210147eb863b04aa60608acee

                                                                    SHA512

                                                                    8582d5d38acc8fab75ec5539fcfead0d53f7c41bbb430edce3337d35bb215bc3af6f4421420643a41d3c179d9e7eba0aa0645a6f9bfbdf121093d3671b50791f

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                    Filesize

                                                                    128KB

                                                                    MD5

                                                                    2ca27b77a0f0683feaac09b8bf8dfcbc

                                                                    SHA1

                                                                    b8716c72c584317972081b3c80ae5019dea9ebd6

                                                                    SHA256

                                                                    ac5f1197dea55df2a40d64d09b7a2689dc1eb61246e6ceeb185eef166348b2bd

                                                                    SHA512

                                                                    a4227fb53681809b9c76a2f87707eaca15d353f8c5e5696f0273e5aba17865107646f24115fd82d6418ac97afab32ac871f6b2b655228ebd2823d3ea7c784f53

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                    Filesize

                                                                    128KB

                                                                    MD5

                                                                    7bd2c28b60fd332166fe565a2c2149c6

                                                                    SHA1

                                                                    d2da3bf64652d64edbef34b01f3387f5aa66b93b

                                                                    SHA256

                                                                    e04f026e84b0fd68a98b4a806c36538c1d50ae37efed07311ef739d8af2d9632

                                                                    SHA512

                                                                    e54715beb5941d26e0972012f9e9a177968277ff5a938b3c3f35a77989a322638101de6680c7cf06b83aedc127b34000012336dbb8e00b874bce102ad461d6d1

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                    Filesize

                                                                    122KB

                                                                    MD5

                                                                    ae6725034ad9ccd50ef8b59111827f45

                                                                    SHA1

                                                                    15a9fd29ed64cb97650fddf288c5303020868734

                                                                    SHA256

                                                                    f394c16a3ec735d431a7f37ff982b4c54df2abf8db2925db73bf1cc9ed808f7d

                                                                    SHA512

                                                                    6f0a05e5b6ed6ca15b4728aa0aaf3efde868b8694f55b68792395ffe5b07a940927483e6a56576606af4f9cf68fde7b8106eb309afff659df7c25bdd04a8716a

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                    Filesize

                                                                    119KB

                                                                    MD5

                                                                    a5c36ba35087a7e0ff048ae2c7340816

                                                                    SHA1

                                                                    de1d82646bf3fdb4a3243200b1e24c4006788c14

                                                                    SHA256

                                                                    64a186fa134b44dc3f032755ceff10f808f8adf595f75d1f85d12a9c5e77c7df

                                                                    SHA512

                                                                    49b6696e0c6977c6088fc81f9d31fa642f20be180602fdb1c92175d8d17c557b43ec0b029eb0950578e7d8cf4a822f385fcb44b896e18ddfb98cd440c2ef778e

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590d35.TMP

                                                                    Filesize

                                                                    111KB

                                                                    MD5

                                                                    e6bea7cb57ba984bbd5b9e7f2a24a5d0

                                                                    SHA1

                                                                    46724cfa5d022cf4b37cadd25217e3f22b35c773

                                                                    SHA256

                                                                    9cd1b8c36421a7ab9d823607ae9e17f7720e6c9612ccb3ebdd468d602c91e8a7

                                                                    SHA512

                                                                    e1b3f4653d45f03d517ca1a7e310c8770dc4320ea33e0e06d381ada4fd5549d53decf743000d7f7865a2beb3d5fb99d3bfc7989b1cc70cd0e3d631f1c7257f1b

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                    Filesize

                                                                    2B

                                                                    MD5

                                                                    99914b932bd37a50b983c5e7c90ae93b

                                                                    SHA1

                                                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                    SHA256

                                                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                    SHA512

                                                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                  • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Cache\f_00000f

                                                                    Filesize

                                                                    17KB

                                                                    MD5

                                                                    97c96f912c155602a68b1af506205f35

                                                                    SHA1

                                                                    456b48e4fd238b75b2b5001d44886ef092a6ef2c

                                                                    SHA256

                                                                    edca08abd469d6495520acea7868584b6355a4111b15a1beb72e44b0862a1836

                                                                    SHA512

                                                                    88095aad0c92d6db76791f607a0a98a1988b164ccac3fc4088e61f315ff443b0d2462373a27078b79e36d5f4447031faf209cce1a888054646479048402188a8

                                                                  • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Cache\f_000010

                                                                    Filesize

                                                                    81KB

                                                                    MD5

                                                                    767bfc5a7775bed67353483b1fa453b1

                                                                    SHA1

                                                                    f5320c46db85979e482f7ce00da1bb29f100c472

                                                                    SHA256

                                                                    b3c05e112c942af1e82a83d3e93591129ba6635b414b484cd980d805ead50f25

                                                                    SHA512

                                                                    92f08f9605d5274c40e64059dc0fc5f93fb77d16bd39a51506072591488d665e09797e01c16d8d2883a17fdc1edc97f2307735da125166ba95e9c5af5397d7c9

                                                                  • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Cache\f_000014

                                                                    Filesize

                                                                    36KB

                                                                    MD5

                                                                    8b0f7f0b1d3875e84b572a4b8da14d5a

                                                                    SHA1

                                                                    78079f8d4d5512d24244b0e2a3ba6a2880af5bc1

                                                                    SHA256

                                                                    e635ce270e45d33ae75ee0b14f4598cfcd5c20c93abfd0bf562e952b95a35198

                                                                    SHA512

                                                                    e6038835d5b0030a0b3a93133e506af11cd79df4c4914d9d8be2aec8c1be4866ee65e3808108f1d0cc2abb4a8c553044bd14d3736cafd760dd10bffea8aa2485

                                                                  • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Cache\f_000017

                                                                    Filesize

                                                                    30KB

                                                                    MD5

                                                                    dc13edb4710d26a04e5cc0df97a438c5

                                                                    SHA1

                                                                    5ec051b5bdcf442cdabaca912271bc06974dea39

                                                                    SHA256

                                                                    d5fdfc459418a052b5f0635de2fae7202fa8c580e0a26ffb84e6c0e121ac3734

                                                                    SHA512

                                                                    8b9718b958d765629350bcc6b2cfca91b3aacb6cbd7b6c53187f5632a5fe4166adb0264b411b179da3aa02d46d5e2df2717ade3a6374447a4cd2d1ccb1a5e45a

                                                                  • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Cache\f_00001a

                                                                    Filesize

                                                                    26KB

                                                                    MD5

                                                                    1ccb9483a38bace92af2fc0bd59b3a8d

                                                                    SHA1

                                                                    ccd0d85e72223234e51e7e6ff81030186ceaf636

                                                                    SHA256

                                                                    ed6237029c64f97d51d29a4f042921a7c9a4024cb748b9227f039a186531e11b

                                                                    SHA512

                                                                    78275dcd8d761821ae043cf5ce57295fa2a4956a63347f877cfca59f5a6d8e6baedfe59ec763b51d37b9c9250ba05085637caf0855efc448bd06519b3ee70b17

                                                                  • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Cache\f_00001c

                                                                    Filesize

                                                                    41KB

                                                                    MD5

                                                                    b01f195e94b0848122ac3314f5395721

                                                                    SHA1

                                                                    b87bc53a44a6234f7c089f3119066f9647d21903

                                                                    SHA256

                                                                    09ae6d6c48f2c2b47426e8c362471444673201e2583c5525b442133a8b5c80cb

                                                                    SHA512

                                                                    692fcb42a168ddb939ee04daa11982030e9b3f0a7f9c5b2af35873f8257de0579a758a3f514b555f813e54bcbc5aceaa240e1b0f383133daef9c19b7ea5611d9

                                                                  • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Cache\f_00001f

                                                                    Filesize

                                                                    64KB

                                                                    MD5

                                                                    6253f54ffe983308f48d3e031ba2aee4

                                                                    SHA1

                                                                    67c2f52a26f4476ed51c6131c9a5309e0dab9d71

                                                                    SHA256

                                                                    dbd84583a764243b3aff51d77b76f323db102bbcaf2b0b3d4f6913758e0ce842

                                                                    SHA512

                                                                    6aaa73db325861ac4d8ac59b8f7b82d0e65f230399a65a7a51c576035b511fa3748e9a2d9c5c947b70eb391a7eeac946652dcb34cef8a19ae290b83500cf6e5f

                                                                  • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Cache\f_000058

                                                                    Filesize

                                                                    85KB

                                                                    MD5

                                                                    e616cd1a4cbdc5a8652f1dae78b00b8e

                                                                    SHA1

                                                                    a2365d66beb708d09f0155cb24800d1ae18b9e41

                                                                    SHA256

                                                                    5c58de0f0d6a7dbd9e61924a6e4c4e41489c2c00a143b27977c555b64b564b12

                                                                    SHA512

                                                                    c02785f007c21c952fd0ded21b721980bbea5c7c50938d730c6a9b42eb14dd7962ae7ceff27e7ade90ff621a3b821deec9603a0fa94787eb44048885708e5e23

                                                                  • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Cache\f_000098

                                                                    Filesize

                                                                    24KB

                                                                    MD5

                                                                    b82ca47ee5d42100e589bdd94e57936e

                                                                    SHA1

                                                                    0dad0cd7d0472248b9b409b02122d13bab513b4c

                                                                    SHA256

                                                                    d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

                                                                    SHA512

                                                                    58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

                                                                  • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Code Cache\js\index-dir\the-real-index

                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    20983087edff30cf559fab39083eb9da

                                                                    SHA1

                                                                    0f220bcff58e38e77dd680b477a47a37a1def2d9

                                                                    SHA256

                                                                    5a119adeaeb9539f2738bf88db7c434dc99ded2f4d1d6427d3dc122128fba1ca

                                                                    SHA512

                                                                    dfe9746054553ad57ad53928761236a34a9054a34698be2931d5248ddf9ce140211ff0ac6646fa4527c9d36a974ffc578d735a3d6b45d0d80afe2bf3d9de5ed6

                                                                  • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Code Cache\js\index-dir\the-real-index~RFe5a41dd.TMP

                                                                    Filesize

                                                                    48B

                                                                    MD5

                                                                    b45ae7a356bb87236783d543d6e05aad

                                                                    SHA1

                                                                    944e310477592cc23cb202ed670d88e224bde134

                                                                    SHA256

                                                                    e65b19be27811573bc531f912288513c5208dc488c674c54aa84cd818025515d

                                                                    SHA512

                                                                    54d74296026e119ce3fd5e6e9579f7842ca783735c98e6c6fb8a9595eb5794e76ad79056464a73a869c6b5fb0a45c335b4b9e442aab645a934b0009074feb12c

                                                                  • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Local Storage\leveldb\MANIFEST-000001

                                                                    Filesize

                                                                    41B

                                                                    MD5

                                                                    5af87dfd673ba2115e2fcf5cfdb727ab

                                                                    SHA1

                                                                    d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                    SHA256

                                                                    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                    SHA512

                                                                    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                  • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Network Persistent State

                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    c1998b2e53e17b14a1260308a8e399b6

                                                                    SHA1

                                                                    f9de48340d84a7abbba2cc4d035c353ea0aecc83

                                                                    SHA256

                                                                    f82e6d412d31cf15591033a14647b0615128911c43135f2f8f59d5d0b45b4ee9

                                                                    SHA512

                                                                    40391566b774e5bcabebefce526f44fa3fb7c07f2956309c68cd14a8089a0af366dc6b06988b0941c2faf7c9199db6f01fb5f60a10deb36310dbb90ab0f888c9

                                                                  • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Network Persistent State~RFe5a421b.TMP

                                                                    Filesize

                                                                    59B

                                                                    MD5

                                                                    78bfcecb05ed1904edce3b60cb5c7e62

                                                                    SHA1

                                                                    bf77a7461de9d41d12aa88fba056ba758793d9ce

                                                                    SHA256

                                                                    c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

                                                                    SHA512

                                                                    2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

                                                                  • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\TransportSecurity

                                                                    Filesize

                                                                    704B

                                                                    MD5

                                                                    dcb10b481698e749f5806abc76b3079e

                                                                    SHA1

                                                                    c43a70cb05ab5f0fbceafcdbdefab446a6ad1a13

                                                                    SHA256

                                                                    71dc4aefcdb0747f9fb7e1954205f3d33f57d84cdfeaea6835fca93f3699075e

                                                                    SHA512

                                                                    b824f4b0eced41761550e8d220d5ca5a9a74facabdbbe2ce183cbd8624171b264d8ca47c75121fde412a1b711b9a53b971b9d4da6780b8d2334dda6c788ae04a

                                                                  • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\TransportSecurity~RFe5a421b.TMP

                                                                    Filesize

                                                                    702B

                                                                    MD5

                                                                    b547329e23f63722b9a8ab931e7e4715

                                                                    SHA1

                                                                    ae4b5a3bfaf2f027e816bf15d878f58f46f3a3ea

                                                                    SHA256

                                                                    1dc69e282b191a9e41dea1771ca03c13514e5eaaa05fbf8a5e2ec7c21f1eb0fb

                                                                    SHA512

                                                                    506ff7e16d31a4219902d7d7fe667d622adef493aa0092c71d5eb85d99c5988c46f3477a5329fb59fc748db185143624bf028588f4e91207c6fc99c32f9ecdaf

                                                                  • C:\Users\Admin\AppData\Local\Temp\nsk295A.tmp\NsisInstallUI.dll

                                                                    Filesize

                                                                    2.1MB

                                                                    MD5

                                                                    7aad5c0c2a4a8e2d4f6c463b63dc0609

                                                                    SHA1

                                                                    f257472d5a8e441c9300a9e4dd63f6b559a98bd0

                                                                    SHA256

                                                                    03e2ac88d13ab95dbe53b037c458cc57e3ada6153022d9d2a4097aea938f89b6

                                                                    SHA512

                                                                    418498124c939a44fb1bf3ce9113bed5cf419475c430e566e93a7c493037f788d82edb4318a4f9f833e1ffb6f3dbeb145ad3ccb82517ecf4cb82bac64dd42ccf

                                                                  • C:\Users\Admin\AppData\Local\Temp\nsk295A.tmp\SetupCfg.ini

                                                                    Filesize

                                                                    80B

                                                                    MD5

                                                                    86daef0a1abf90f934b20119d95e8b73

                                                                    SHA1

                                                                    fa9170644b102c598005d1764a16aba54314ab69

                                                                    SHA256

                                                                    a5b0e58f66055ba5c9730dd7983946f92075bcf7052343b8d64ee95faa99eaaa

                                                                    SHA512

                                                                    1e95d6b697621f5c8bd194b5252f7717c3aa48a25d91d80fcd5fb0f1d06747c5f39708255bd85f18f776468dcde5645a8ac088431d412af1b10932d7f0df67b7

                                                                  • C:\Users\Admin\AppData\Local\Temp\nsk295A.tmp\System.dll

                                                                    Filesize

                                                                    12KB

                                                                    MD5

                                                                    8cf2ac271d7679b1d68eefc1ae0c5618

                                                                    SHA1

                                                                    7cc1caaa747ee16dc894a600a4256f64fa65a9b8

                                                                    SHA256

                                                                    6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

                                                                    SHA512

                                                                    ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

                                                                  • C:\Users\Admin\AppData\Local\Temp\nsk295A.tmp\nsProcessW.dll

                                                                    Filesize

                                                                    4KB

                                                                    MD5

                                                                    f0438a894f3a7e01a4aae8d1b5dd0289

                                                                    SHA1

                                                                    b058e3fcfb7b550041da16bf10d8837024c38bf6

                                                                    SHA256

                                                                    30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

                                                                    SHA512

                                                                    f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

                                                                  • C:\Users\Admin\AppData\Roaming\TeraBox\AppUtil.dll

                                                                    Filesize

                                                                    768KB

                                                                    MD5

                                                                    e7396b3cf2c1298f6f5cf3ad15608475

                                                                    SHA1

                                                                    fb275b64612116f198d0bba08e2e9d790f474f8b

                                                                    SHA256

                                                                    6802d90c869c02816ab168936652ec35976e3b1cbb36fe045d8d9a7897fa9565

                                                                    SHA512

                                                                    98506a8d69ae5e3d31566c2cda5fbd2bb4b137807e43cb08fb7b58be155a0a33631a68f04fdddb143bf8b6d2a4912d9e76ef8ce7be05d2cfe43ac06354c3e890

                                                                  • C:\Users\Admin\AppData\Roaming\TeraBox\AutoUpdate\Download\AutoUpdate.xml

                                                                    Filesize

                                                                    22KB

                                                                    MD5

                                                                    9829c6f33fab4cfca817101396683384

                                                                    SHA1

                                                                    4049f1fd48d260fbbb1c263db460a8d0c8519aa8

                                                                    SHA256

                                                                    2e76b17632034cfe30226199971403c0d86e0224c07979ca4b43cc224cebf1d2

                                                                    SHA512

                                                                    281a2215afea6f8abbb737ca3cb911fdff003bcb1dd9f2ebd58d7b9a9fffa20c3a2b9afa1cff8f0b2a2fd09bda7ab52616c134a93f0128e4cf8b0f82fea2400a

                                                                  • C:\Users\Admin\AppData\Roaming\TeraBox\Bull140U.dll

                                                                    Filesize

                                                                    896KB

                                                                    MD5

                                                                    6ff9fb813af4f4c03dac62bb3bbdf9cf

                                                                    SHA1

                                                                    24073474cdadeae2731fa40e439c718e75e5644c

                                                                    SHA256

                                                                    b33229f5e85f4e7b3c770782813a1b6b7b4b157c8f25923a94315fad033c95fe

                                                                    SHA512

                                                                    a0c8e4410ea22cb1b8aa119be4a1b5f0b27e2504acc405265d50e8afb06c89cfebcaef62fa13b5f3c50a5fb22857dee3923f295904f82b183c2a11cf40f64380

                                                                  • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe

                                                                    Filesize

                                                                    1.1MB

                                                                    MD5

                                                                    81e3b7d0e34e4ba6f87957a19ca93637

                                                                    SHA1

                                                                    fde8bc7bf17a84afbb203672f4a3be246f81346f

                                                                    SHA256

                                                                    fe1fcc57aec813253593c43833b3bad104e81c84763eb20b7addd09ebbc327c0

                                                                    SHA512

                                                                    68f79944c556bda4bb41ef3e11e34c1710d877cfe9f97c94907dd8c26e8a3672931c5ba0005ea1e938994c9f3be39060c72eb36b4057ba282f2d34240f68b6f2

                                                                  • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe

                                                                    Filesize

                                                                    896KB

                                                                    MD5

                                                                    1f6581b96874d6c42426c5c3630802da

                                                                    SHA1

                                                                    678d2b1774054bf5018e475a005b5fdf8c4f08aa

                                                                    SHA256

                                                                    147f14c4177a87de8b587fb40273a5f5907b1272fc988b7c1ce646df5f96e1db

                                                                    SHA512

                                                                    3e540e2931adf49fbb232224dda92a3254eb7ab906dd6113107d4ce24ecabd39b9d5314b4d89d70795c52a7ac06a3635ce949a7ca617153147a0dc0016e00682

                                                                  • C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe

                                                                    Filesize

                                                                    1.1MB

                                                                    MD5

                                                                    cf207fac306ba6ac97f64a7426af8e6d

                                                                    SHA1

                                                                    82eebe1113259ee70b55d28203a64ce8ae42f37f

                                                                    SHA256

                                                                    83eb7ba759266d38df6afa36b98f85a076c530f7d0d75729df29d6c5d8943182

                                                                    SHA512

                                                                    75d9beb159185f3a7e549e4605a4090aedbcb87bc216028d440fad51b804308c47c4889d488ae52cb2694d2090126b056d22ecec06200eb28a1aff6ef1dc17d5

                                                                  • C:\Users\Admin\AppData\Roaming\TeraBox\YunOfficeAddin.dll

                                                                    Filesize

                                                                    378KB

                                                                    MD5

                                                                    6cba734e4869ed04b2ccef600108f20e

                                                                    SHA1

                                                                    1c340c0ae8d24237ef2d073b3c1a80afac372f9b

                                                                    SHA256

                                                                    6ac1b5ba0719b1cb9d41eddc105acc6efc41e7515070ce304181140c6c91d806

                                                                    SHA512

                                                                    4660326b4be06ff96ad516dd7d92b511834309ebafae534d373002c1659c59e454a749c6bc2f04ffc24bc72786b86563f74b7e6c33c32b6fb29f76d154c1be73

                                                                  • C:\Users\Admin\AppData\Roaming\TeraBox\YunOfficeAddin64.dll

                                                                    Filesize

                                                                    492KB

                                                                    MD5

                                                                    eaa3632ba4e15795986d89f85561ab2b

                                                                    SHA1

                                                                    0bb4aea61a195755ab904fa99b9c8cdb74d587e3

                                                                    SHA256

                                                                    2af36eabf3a0c101348e38c7dffcfc0b8209f104f13c0febe796491e0ed7e05b

                                                                    SHA512

                                                                    40e11fc522048bf48ecbaca394e76e115d9f7d1991b0cec10d1d8d290c10905655d0ab911416207e3b6eca3d479da6f962f4255126b0a75ed84a671a5f0aae7c

                                                                  • C:\Users\Admin\AppData\Roaming\TeraBox\YunShellExt64.dll

                                                                    Filesize

                                                                    1011KB

                                                                    MD5

                                                                    82179b4413766e62e7092357a2d7d04a

                                                                    SHA1

                                                                    6de04f0ff641b065e2e19a5533a6bede85719a0d

                                                                    SHA256

                                                                    8416ce1d616f9a2c94769f2f685474bc6a9dfc16af754c0e076016a34f9153b2

                                                                    SHA512

                                                                    5305f40e29a3fd47baf3fd3275c72635d760fd5d65c13bda4f0bd8e91dce819da78d4c6c9809633d54cc5bc017cd0df2b8f37ab274fa23374bd74801a3dfe308

                                                                  • C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exe

                                                                    Filesize

                                                                    111KB

                                                                    MD5

                                                                    8fb3601137a9e65aacfd5d17cb4f1b23

                                                                    SHA1

                                                                    fab0cefb670b446165bc08ee97165ad20ce2ab65

                                                                    SHA256

                                                                    6ad80c67aa7c9ddba7ef788a7967bab06174bb541ff6e34d25f7ec0fa1ecc122

                                                                    SHA512

                                                                    9a1d07aa836aaed9d271cbe4954aff7c8e47882df0f149036d8de033f6989d13eae22752d61fad9cdf7cf3c6f329b549bd6764477cecd102e6754f18ce1a89dd

                                                                  • C:\Users\Admin\AppData\Roaming\TeraBox\appUtil.DLL

                                                                    Filesize

                                                                    704KB

                                                                    MD5

                                                                    166db09fb659c1ab987d509c49f77667

                                                                    SHA1

                                                                    7eff619d3490835ff922d32c732141a3ca061d99

                                                                    SHA256

                                                                    2b732ac8b369f1958be8d65dd5fe82b420db49e6c9ec77b89abdbc6537500df3

                                                                    SHA512

                                                                    e18dd3936c62d8f8ac7ddf89690328342ccb9a2e23dbb54ba2405e31c94a96dde69d7750311040e610ba2d60cda5d29d43d984f42834723ab9018c08f2d910d7

                                                                  • C:\Users\Admin\AppData\Roaming\TeraBox\minosagent.dll

                                                                    Filesize

                                                                    640KB

                                                                    MD5

                                                                    e742a68936858fd53ac6bc3af2f25c09

                                                                    SHA1

                                                                    16ee109b9efaf94e0e09216d72ab913e6530d10d

                                                                    SHA256

                                                                    26ba47720e2a36867275e82df0fe660204e4d026ae02383fed720e3ae20cee5f

                                                                    SHA512

                                                                    0613a5832cbcfc1259ccef008c55da41bf3fbfe81ae6c386004e0455b05deb7c42a375a17a7b8f88933cc73eda0b54ac0e481ad5fa75c07926f190eddadb7e76

                                                                  • C:\Users\Admin\AppData\Roaming\TeraBox\msvcp140.dll

                                                                    Filesize

                                                                    429KB

                                                                    MD5

                                                                    1d8c79f293ca86e8857149fb4efe4452

                                                                    SHA1

                                                                    7474e7a5cb9c79c4b99fdf9fb50ef3011bef7e8f

                                                                    SHA256

                                                                    c09b126e7d4c1e6efb3ffcda2358252ce37383572c78e56ca97497a7f7c793e4

                                                                    SHA512

                                                                    83c4d842d4b07ba5cec559b6cd1c22ab8201941a667e7b173c405d2fc8862f7e5d9703e14bd7a1babd75165c30e1a2c95f9d1648f318340ea5e2b145d54919b1

                                                                  • C:\Users\Admin\AppData\Roaming\TeraBox\terabox_ext_chrome.crx

                                                                    Filesize

                                                                    169KB

                                                                    MD5

                                                                    d1228d3f6008b5ab6bfeae22e47163d5

                                                                    SHA1

                                                                    c9daa88047adaf64f79ab8eb39c638fb49d7c40c

                                                                    SHA256

                                                                    abd139cf05cfb99922766f68292791ef239b589acd0e78e6623b6cd57dcfbee2

                                                                    SHA512

                                                                    3fab9d678d9a890cd954958fc06b9d97d09bbe843d2c6a563c7a42ac615d2e36c4255a0a362f716e0549282d635ae8532d68c4da6513e345511fc31c791be5b4

                                                                  • C:\Users\Admin\AppData\Roaming\TeraBox\uninst.exe

                                                                    Filesize

                                                                    697KB

                                                                    MD5

                                                                    3c2b6acab01820bd74fc22be0b07614b

                                                                    SHA1

                                                                    dd6e56ee9855a12db7b8bc315fa21c03186ec072

                                                                    SHA256

                                                                    8d6ec84fd334f9816c9bbc751587ceaa7c1f1029be8497241fe22c237e937094

                                                                    SHA512

                                                                    4e69d8b534242c84b489405651915b4c1b567c71a4018f953ed6c3c8a466941fcf780c4b40ce0f16125556ee41dc7672177c81aef270c43ac59958157392c6d5

                                                                  • C:\Users\Admin\AppData\Roaming\TeraBox\updateagent.dll

                                                                    Filesize

                                                                    1.1MB

                                                                    MD5

                                                                    635b7ae278f9b9cb4427f81bdf6ef41b

                                                                    SHA1

                                                                    598f211f3a15d98788d0428e0c2bb2b23625e349

                                                                    SHA256

                                                                    f15129d4cb3440c003e3847519957ab367dc95cde15aa5087f8286374b924fc3

                                                                    SHA512

                                                                    62a3e11f8a922f349b30811cbf44503eb0f96b5121c131f407e766a31ade85926a9c4fd4fe6327e8120970a4a23ad38f62541a9681d11b875fa93fe50c4c28d8

                                                                  • C:\Users\Admin\AppData\Roaming\TeraBox\updateagent.dll

                                                                    Filesize

                                                                    1024KB

                                                                    MD5

                                                                    797d0f1de6dc1ffd16578eebbbca924d

                                                                    SHA1

                                                                    c1cf87c0855396af8c307898fd353e3e10572f4b

                                                                    SHA256

                                                                    6e25a4d4d4a1207d1960adee5eeef9a34df8356990efb5e4ebe0852c7ce0ec7c

                                                                    SHA512

                                                                    90e0ea994073d81c2feb17e696171f1e3bd9dfcd8dd1716622cc960548e223944a7bb84789d2f503e2a77b16709c8a75d2fb2f05012cd2e1128d43a5ac3ce312

                                                                  • C:\Users\Admin\AppData\Roaming\TeraBox\vcruntime140.dll

                                                                    Filesize

                                                                    83KB

                                                                    MD5

                                                                    b77eeaeaf5f8493189b89852f3a7a712

                                                                    SHA1

                                                                    c40cf51c2eadb070a570b969b0525dc3fb684339

                                                                    SHA256

                                                                    b7c13f8519340257ba6ae3129afce961f137e394dde3e4e41971b9f912355f5e

                                                                    SHA512

                                                                    a09a1b60c9605969a30f99d3f6215d4bf923759b4057ba0a5375559234f17d47555a84268e340ffc9ad07e03d11f40dd1f3fb5da108d11eb7f7933b7d87f2de3

                                                                  • C:\Users\Admin\Downloads\TeraBox_sl_b_1.28.0.3.exe

                                                                    Filesize

                                                                    16.3MB

                                                                    MD5

                                                                    951a1cbaf78565d47547bbfb86c44eff

                                                                    SHA1

                                                                    4c5c7ce8fa628b86df65f8025b0f68b532bf4914

                                                                    SHA256

                                                                    5291d08a8ea0153f952d6e25802e2bcd642d320f85a0ecccd816a682e8907b70

                                                                    SHA512

                                                                    9ac2051f39f4259c6e6c639fa3748aa202d7ae8c96ea3348d7e6462a5dae4aa947fc4ecd788225d726f3f6d80cb62c080ff75c6494e70aceafd593530f38de32

                                                                  • C:\Users\Admin\Downloads\TeraBox_sl_b_1.28.0.3.exe

                                                                    Filesize

                                                                    4.5MB

                                                                    MD5

                                                                    3cca2b9d9df38943e8a18bf52f9c4fea

                                                                    SHA1

                                                                    019d1da89a1dca223c65a7f325becf2a8db92035

                                                                    SHA256

                                                                    f283f1ba17e0305c33d326a0f797ab2ef27aa0c51cef7f83ab579c0f91fb5422

                                                                    SHA512

                                                                    1704b82233ce99fa7a8802eb8abb6b28c3c5f00288d5d589522c646ff81be09cd1fad286061d8b19994cd68ecd4b2cde1035d903587f47a566348ba5a7e01c3f

                                                                  • C:\Users\Admin\Downloads\TeraBox_sl_b_1.28.0.3.exe

                                                                    Filesize

                                                                    4.6MB

                                                                    MD5

                                                                    e5087bb6266c083e1ab0f76058614d83

                                                                    SHA1

                                                                    552d72288d40178a549c3028f3cb49a2e496c96e

                                                                    SHA256

                                                                    42ed4ae76d5624a92c8bc5e5e99f4df88dc2777862f70bd9433e8cf4d3a72aa8

                                                                    SHA512

                                                                    111e8ee454385ad0d1af452377e618f6cad1413b04e122981c30561ff65c37abdd260b540e90f1ea731581ad704bdee4740b78ab135a6efb8b54f2b6d19e5032

                                                                  • memory/2160-1036-0x0000000001360000-0x0000000001480000-memory.dmp

                                                                    Filesize

                                                                    1.1MB

                                                                  • memory/2160-1039-0x0000000001360000-0x0000000001388000-memory.dmp

                                                                    Filesize

                                                                    160KB

                                                                  • memory/2160-1037-0x0000000001360000-0x00000000013DA000-memory.dmp

                                                                    Filesize

                                                                    488KB

                                                                  • memory/2160-1035-0x0000000001360000-0x0000000001384000-memory.dmp

                                                                    Filesize

                                                                    144KB

                                                                  • memory/2188-718-0x0000000002A90000-0x0000000002AA0000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                  • memory/2664-1457-0x0000000000540000-0x0000000000C24000-memory.dmp

                                                                    Filesize

                                                                    6.9MB

                                                                  • memory/2664-1558-0x0000000003EA0000-0x0000000003EB0000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                  • memory/2664-1467-0x0000000009C30000-0x0000000009C31000-memory.dmp

                                                                    Filesize

                                                                    4KB

                                                                  • memory/2664-1805-0x0000000000540000-0x0000000000C24000-memory.dmp

                                                                    Filesize

                                                                    6.9MB

                                                                  • memory/2664-1002-0x0000000003EA0000-0x0000000003EB0000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                  • memory/2664-999-0x0000000009C30000-0x0000000009C31000-memory.dmp

                                                                    Filesize

                                                                    4KB

                                                                  • memory/2664-985-0x0000000000540000-0x0000000000C24000-memory.dmp

                                                                    Filesize

                                                                    6.9MB

                                                                  • memory/5156-1382-0x0000000003420000-0x0000000003421000-memory.dmp

                                                                    Filesize

                                                                    4KB

                                                                  • memory/5156-1379-0x0000000003410000-0x0000000003411000-memory.dmp

                                                                    Filesize

                                                                    4KB

                                                                  • memory/5156-1385-0x0000000064F60000-0x000000006638C000-memory.dmp

                                                                    Filesize

                                                                    20.2MB

                                                                  • memory/5156-1371-0x0000000001910000-0x0000000001911000-memory.dmp

                                                                    Filesize

                                                                    4KB

                                                                  • memory/5156-1372-0x0000000001920000-0x0000000001921000-memory.dmp

                                                                    Filesize

                                                                    4KB

                                                                  • memory/5156-1375-0x00000000033D0000-0x00000000033D1000-memory.dmp

                                                                    Filesize

                                                                    4KB

                                                                  • memory/5156-1378-0x0000000003400000-0x0000000003401000-memory.dmp

                                                                    Filesize

                                                                    4KB

                                                                  • memory/5156-1386-0x0000000003430000-0x0000000003431000-memory.dmp

                                                                    Filesize

                                                                    4KB

                                                                  • memory/5156-1784-0x0000000000190000-0x0000000000230000-memory.dmp

                                                                    Filesize

                                                                    640KB

                                                                  • memory/5156-1785-0x0000000064F60000-0x000000006638C000-memory.dmp

                                                                    Filesize

                                                                    20.2MB

                                                                  • memory/5156-1041-0x0000000000190000-0x0000000000230000-memory.dmp

                                                                    Filesize

                                                                    640KB

                                                                  • memory/5524-1410-0x0000000000190000-0x0000000000230000-memory.dmp

                                                                    Filesize

                                                                    640KB

                                                                  • memory/5524-1411-0x0000000000190000-0x0000000000230000-memory.dmp

                                                                    Filesize

                                                                    640KB