Malware Analysis Report

2024-10-18 22:30

Sample ID 240922-hf5mdawgjh
Target https://data.nephobox.com/issue/terabox/PCTeraBox/channel/TeraBox_sl_b_1.32.0.1.exe
Tags
zloader botnet defense_evasion discovery persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://data.nephobox.com/issue/terabox/PCTeraBox/channel/TeraBox_sl_b_1.32.0.1.exe was found to be: Known bad.

Malicious Activity Summary

zloader botnet defense_evasion discovery persistence privilege_escalation trojan

Zloader, Terdot, DELoader, ZeusSphinx

Downloads MZ/PE file

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

Modifies system executable filetype association

Executes dropped EXE

Checks installed software on the system

Drops Chrome extension

Adds Run key to start application

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

Browser Information Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-22 06:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-22 06:41

Reported

2024-09-22 06:43

Platform

win11-20240802-en

Max time kernel

105s

Max time network

104s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://data.nephobox.com/issue/terabox/PCTeraBox/channel/TeraBox_sl_b_1.32.0.1.exe

Signatures

Zloader, Terdot, DELoader, ZeusSphinx

trojan botnet zloader

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\YunShellExt C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\YunShellExt\ = "{6D85624F-305A-491d-8848-C1927AA0D790}" C:\Windows\system32\regsvr32.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Microsoft\Windows\CurrentVersion\Run\TeraBox = "\"C:\\Users\\Admin\\AppData\\Roaming\\TeraBox\\TeraBox.exe\" AutoRun" C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Microsoft\Windows\CurrentVersion\Run\TeraBoxWeb = "\"C:\\Users\\Admin\\AppData\\Roaming\\TeraBox\\TeraBoxWebService.exe\"" C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A

Checks installed software on the system

discovery

Drops Chrome extension

Description Indicator Process Target
File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpadflhmiohjfhhaehelneimpllfbpcg\0.0.5_0\manifest.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\AutoUpdate\AutoUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133714609157433654" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57A35E8A-E3AE-482E-9E6D-6DF71D4464AC}\Version C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F20F2E1A-D834-48BA-A5E2-73A31BE77EEC}\1.0\0 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7AE98A84-835E-44B4-9145-9DFFA5F43F3B}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57A35E8A-E3AE-482E-9E6D-6DF71D4464AC}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57A35E8A-E3AE-482E-9E6D-6DF71D4464AC}\Version\ = "1.0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YunShellExt.YunShellExtContextMenu\CLSID\ = "{6D85624F-305A-491d-8848-C1927AA0D790}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57A35E8A-E3AE-482E-9E6D-6DF71D4464AC}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\TeraBox\\YunOfficeAddin.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C5F2E83-848F-4741-9C87-47D21BF65FC2}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\TeraBox\\YunOfficeAddin64.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7AE98A84-835E-44B4-9145-9DFFA5F43F3B}\TypeLib\ = "{F20F2E1A-D834-48BA-A5E2-73A31BE77EEC}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E163184-F702-4DA9-972E-CC2993F9AC25}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71CD4110-1E24-4B80-B699-9A982584CD3F}\ProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F20F2E1A-D834-48BA-A5E2-73A31BE77EEC}\1.0\0\win32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2FD26065-6B24-4B20-83AB-5BB041D24A79} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{21FF7AFE-087C-4A99-928B-1EF3EE99ED6C} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71CD4110-1E24-4B80-B699-9A982584CD3F}\VersionIndependentProgID\ = "YunOfficeAddin.YunPPTConnect" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TeraBox\shell\open\command C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1434B2F5-5B9C-44C2-938D-2A11E03CEED9}\ = "IYunShellExtContextMenu" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E1E5FCC7-D26F-41BC-A0C1-3D584EBEEBF5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57A35E8A-E3AE-482E-9E6D-6DF71D4464AC}\ProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YunOfficeAddin.YunPPTConnect.1\ = "YunPPTConnect Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2FD26065-6B24-4B20-83AB-5BB041D24A79}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2FD26065-6B24-4B20-83AB-5BB041D24A79}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E1E5FCC7-D26F-41BC-A0C1-3D584EBEEBF5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YunOfficeAddin.YunExcelConnect.1\ = "YunExcelConnect Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YunOfficeAddin.YunExcelConnect\CurVer\ = "YunOfficeAddin.YunExcelConnect.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57A35E8A-E3AE-482E-9E6D-6DF71D4464AC}\ = "YunExcelConnect Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57A35E8A-E3AE-482E-9E6D-6DF71D4464AC} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71CD4110-1E24-4B80-B699-9A982584CD3F}\Programmable C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YunOfficeAddin.YunExcelConnect.1\CLSID\ = "{57A35E8A-E3AE-482E-9E6D-6DF71D4464AC}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8C5F2E83-848F-4741-9C87-47D21BF65FC2}\Version C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57A35E8A-E3AE-482E-9E6D-6DF71D4464AC}\TypeLib\ = "{F20F2E1A-D834-48BA-A5E2-73A31BE77EEC}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\YunShellExt C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71CD4110-1E24-4B80-B699-9A982584CD3F}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C5F2E83-848F-4741-9C87-47D21BF65FC2}\Programmable C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71CD4110-1E24-4B80-B699-9A982584CD3F}\VersionIndependentProgID\ = "YunOfficeAddin.YunPPTConnect" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{21FF7AFE-087C-4A99-928B-1EF3EE99ED6C}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{75711486-6BB1-4C76-853A-F3B7763FACF4}\1.0\0 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BAC6C6DA-893B-4F4D-8CD7-153A718C6B25} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8C5F2E83-848F-4741-9C87-47D21BF65FC2}\Programmable C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8C5F2E83-848F-4741-9C87-47D21BF65FC2}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2FD26065-6B24-4B20-83AB-5BB041D24A79}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7AE98A84-835E-44B4-9145-9DFFA5F43F3B}\ = "IYunPPTConnect" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{21FF7AFE-087C-4A99-928B-1EF3EE99ED6C}\ = "IYunExcelConnect" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790}\TypeLib\ = "{75711486-6BB1-4c76-853A-F3B7763FACF4}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{75711486-6BB1-4C76-853A-F3B7763FACF4}\1.0\0\win64\ = "C:\\Users\\Admin\\AppData\\Roaming\\TeraBox\\YunShellExt64.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71CD4110-1E24-4B80-B699-9A982584CD3F}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F20F2E1A-D834-48BA-A5E2-73A31BE77EEC}\1.0\0\win64\ = "C:\\Users\\Admin\\AppData\\Roaming\\TeraBox\\YunOfficeAddin64.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57A35E8A-E3AE-482E-9E6D-6DF71D4464AC}\ProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71CD4110-1E24-4B80-B699-9A982584CD3F}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\TeraBox\\YunOfficeAddin64.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YunOfficeAddin.YunPPTConnect.1 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\YunOfficeAddin.YunWordConnect.1 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7AE98A84-835E-44B4-9145-9DFFA5F43F3B} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57A35E8A-E3AE-482E-9E6D-6DF71D4464AC}\Version C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YunOfficeAddin.YunWordConnect.1\CLSID\ = "{8C5F2E83-848F-4741-9C87-47D21BF65FC2}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C5F2E83-848F-4741-9C87-47D21BF65FC2}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1434B2F5-5B9C-44C2-938D-2A11E03CEED9}\TypeLib\ = "{75711486-6BB1-4C76-853A-F3B7763FACF4}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\YunOfficeAddin.YunWordConnect.1\ = "YunWordConnect Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57A35E8A-E3AE-482E-9E6D-6DF71D4464AC}\VersionIndependentProgID\ = "YunOfficeAddin.YunExcelConnect" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7AE98A84-835E-44B4-9145-9DFFA5F43F3B}\ = "IYunPPTConnect" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7AE98A84-835E-44B4-9145-9DFFA5F43F3B}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2FD26065-6B24-4B20-83AB-5BB041D24A79}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7AE98A84-835E-44B4-9145-9DFFA5F43F3B}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{21FF7AFE-087C-4A99-928B-1EF3EE99ED6C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df12000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 040000000100000010000000d5e98140c51869fc462c8975620faa780f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a52000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 5c0000000100000004000000000800001900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df1040000000100000010000000d5e98140c51869fc462c8975620faa782000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1956 wrote to memory of 1028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 1028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1956 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://data.nephobox.com/issue/terabox/PCTeraBox/channel/TeraBox_sl_b_1.32.0.1.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff136acc40,0x7fff136acc4c,0x7fff136acc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,5487939279636702267,3262783112354805342,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1800 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,5487939279636702267,3262783112354805342,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,5487939279636702267,3262783112354805342,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2388 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,5487939279636702267,3262783112354805342,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,5487939279636702267,3262783112354805342,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3128 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4516,i,5487939279636702267,3262783112354805342,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4532 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4996,i,5487939279636702267,3262783112354805342,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5004 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4968,i,5487939279636702267,3262783112354805342,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5140 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5172,i,5487939279636702267,3262783112354805342,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4736 /prefetch:8

C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe

"C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe"

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe" -install "createdetectstartup" -install "btassociation" -install "createshortcut" "0" -install "createstartup"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" "/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunShellExt64.dll"

C:\Windows\system32\regsvr32.exe

"/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunShellExt64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" "/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunOfficeAddin.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" "/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunOfficeAddin64.dll"

C:\Windows\system32\regsvr32.exe

"/s" "C:\Users\Admin\AppData\Roaming\TeraBox\YunOfficeAddin64.dll"

C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exe" --install

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5588,i,5487939279636702267,3262783112354805342,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5252 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,5487939279636702267,3262783112354805342,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5284 /prefetch:8

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe" reg

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5536,i,5487939279636702267,3262783112354805342,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5888 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5564,i,5487939279636702267,3262783112354805342,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5548 /prefetch:8

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=gpu-process --field-trial-handle=2536,4698660514874354225,15858979989743555959,131072 --enable-features=CastMediaRouteProvider --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.32.0.1;PC;PC-Windows;10.0.22000;WindowsTeraBox" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --mojo-platform-channel-handle=2548 /prefetch:2

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2536,4698660514874354225,15858979989743555959,131072 --enable-features=CastMediaRouteProvider --lang=en-US --service-sandbox-type=network --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.32.0.1;PC;PC-Windows;10.0.22000;WindowsTeraBox" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --mojo-platform-channel-handle=2576 /prefetch:8

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --field-trial-handle=2536,4698660514874354225,15858979989743555959,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.32.0.1;PC;PC-Windows;10.0.22000;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Roaming\TeraBox\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --field-trial-handle=2536,4698660514874354225,15858979989743555959,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.32.0.1;PC;PC-Windows;10.0.22000;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Roaming\TeraBox\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe

-PluginId 1502 -PluginPath "C:\Users\Admin\AppData\Roaming\TeraBox\kernel.dll" -ChannelName terabox.4520.0.1656197412\1494200554 -QuitEventName TERABOX_KERNEL_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.1.76" -PcGuid "TBIMXV2-O_7C5739A2317B4F8CA2F787CB76F7EBDF-C_0-D_232138804165-M_7E4E4CCB7521-V_AD94A806" -Version "1.32.0.1" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe" -PluginId 1502 -PluginPath "C:\Users\Admin\AppData\Roaming\TeraBox\kernel.dll" -ChannelName terabox.4520.0.1656197412\1494200554 -QuitEventName TERABOX_KERNEL_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.1.76" -PcGuid "TBIMXV2-O_7C5739A2317B4F8CA2F787CB76F7EBDF-C_0-D_232138804165-M_7E4E4CCB7521-V_AD94A806" -Version "1.32.0.1" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxHost.exe" -PluginId 1501 -PluginPath "C:\Users\Admin\AppData\Roaming\TeraBox\module\VastPlayer\VastPlayer.dll" -ChannelName terabox.4520.1.55561508\231013683 -QuitEventName TERABOX_VIDEO_PLAY_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.1.76" -PcGuid "TBIMXV2-O_7C5739A2317B4F8CA2F787CB76F7EBDF-C_0-D_232138804165-M_7E4E4CCB7521-V_AD94A806" -Version "1.32.0.1" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --field-trial-handle=2536,4698660514874354225,15858979989743555959,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\Admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.32.0.1;PC;PC-Windows;10.0.22000;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Roaming\TeraBox\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1

C:\Users\Admin\AppData\Roaming\TeraBox\AutoUpdate\AutoUpdate.exe

"C:\Users\Admin\AppData\Roaming\TeraBox\AutoUpdate\AutoUpdate.exe" -client_info "C:\Users\Admin\AppData\Local\Temp\TeraBox_status" -update_cfg_url "aHR0cHM6Ly90ZXJhYm94LmNvbS9hdXRvdXBkYXRl" -srvwnd 1001ec -unlogin

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 data.nephobox.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
JP 98.98.225.244:443 data.nephobox.com tcp
JP 98.98.225.244:443 data.nephobox.com tcp
JP 98.98.225.244:443 data.nephobox.com tcp
US 8.8.8.8:53 issuepcdn.freeterabox.com udp
US 8.8.8.8:53 244.225.98.98.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 104.18.53.69:443 issuepcdn.freeterabox.com tcp
US 104.18.53.69:443 issuepcdn.freeterabox.com tcp
US 8.8.8.8:53 69.53.18.104.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
GB 23.48.165.202:80 repository.certum.pl tcp
JP 210.148.85.47:80 www.terabox.com tcp
JP 210.148.85.47:80 www.terabox.com tcp
JP 210.148.85.47:443 www.terabox.com tcp
JP 210.148.85.47:443 www.terabox.com tcp
CN 123.235.31.38:443 global-staticplat.cdn.bcebos.com tcp
N/A 127.0.0.1:50265 tcp
N/A 127.0.0.1:50287 tcp
JP 210.148.85.47:443 www.terabox.com tcp
JP 210.148.85.47:443 www.terabox.com tcp
JP 210.148.85.47:443 www.terabox.com tcp
JP 210.148.85.47:443 www.terabox.com tcp
JP 210.148.85.47:443 www.terabox.com tcp
JP 210.148.85.47:443 www.terabox.com tcp
GB 193.118.32.53:443 www.staticcc.com tcp
GB 193.118.32.53:443 www.staticcc.com tcp
GB 193.118.32.53:443 www.staticcc.com tcp
GB 193.118.32.53:443 www.staticcc.com tcp
GB 193.118.32.53:443 www.staticcc.com tcp
CN 114.232.92.38:443 global-staticplat.cdn.bcebos.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 sofire.bdstatic.com udp
US 8.8.8.8:53 static.line-scdn.net udp
NL 108.177.127.84:443 accounts.google.com tcp
GB 108.138.233.101:443 static.line-scdn.net tcp
GB 169.197.114.137:443 s2.teraboxcdn.com tcp
GB 169.197.114.137:443 s2.teraboxcdn.com tcp
GB 169.197.114.137:443 s2.teraboxcdn.com tcp
GB 169.197.114.137:443 s2.teraboxcdn.com tcp
GB 169.197.114.137:443 s2.teraboxcdn.com tcp
GB 169.197.114.137:443 s2.teraboxcdn.com tcp
CN 60.190.116.48:443 sofire.bdstatic.com tcp
CN 60.190.116.48:443 sofire.bdstatic.com tcp
US 8.8.8.8:53 137.114.197.169.in-addr.arpa udp
US 8.8.8.8:53 79.9.84.99.in-addr.arpa udp
GB 172.217.169.10:443 firebase.googleapis.com tcp
CN 118.180.40.38:443 global-staticplat.cdn.bcebos.com tcp
JP 210.148.85.47:443 www.terabox.com tcp
JP 210.148.85.47:443 www.terabox.com tcp
JP 210.148.85.47:443 www.terabox.com tcp
JP 210.148.85.47:443 www.terabox.com tcp
JP 111.108.51.10:443 ymg-api.terabox.com tcp
JP 210.148.85.32:443 sofire.terabox.com tcp
JP 111.108.51.10:443 ymg-api.terabox.com tcp
JP 210.148.85.32:443 sofire.terabox.com tcp
IT 157.240.231.1:443 connect.facebook.net tcp
CN 111.225.213.38:443 global-staticplat.cdn.bcebos.com tcp
GB 216.58.204.68:443 www.google.com tcp
CN 111.174.9.38:443 global-staticplat.cdn.bcebos.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 142.250.180.3:443 www.google.co.uk tcp
GB 74.125.71.156:443 stats.g.doubleclick.net tcp
CN 117.68.52.38:443 global-staticplat.cdn.bcebos.com tcp
CN 121.14.156.38:443 global-staticplat.cdn.bcebos.com tcp
CN 117.33.185.38:443 global-staticplat.cdn.bcebos.com tcp
CN 120.41.32.38:443 global-staticplat.cdn.bcebos.com tcp
CN 113.219.142.38:443 global-staticplat.cdn.bcebos.com tcp
CN 123.235.31.38:443 global-staticplat.cdn.bcebos.com tcp
CN 114.232.92.38:443 global-staticplat.cdn.bcebos.com tcp
GB 142.250.187.238:443 play.google.com tcp
CN 118.180.40.38:443 global-staticplat.cdn.bcebos.com tcp
CN 111.225.213.38:443 global-staticplat.cdn.bcebos.com tcp
CN 111.174.9.38:443 global-staticplat.cdn.bcebos.com tcp
CN 117.68.52.38:443 global-staticplat.cdn.bcebos.com tcp
CN 121.14.156.38:443 global-staticplat.cdn.bcebos.com tcp
CN 117.33.185.38:443 global-staticplat.cdn.bcebos.com tcp
CN 120.41.32.38:443 global-staticplat.cdn.bcebos.com tcp
CN 113.219.142.38:443 global-staticplat.cdn.bcebos.com tcp
CN 123.235.31.38:443 global-staticplat.cdn.bcebos.com tcp
JP 210.148.85.47:443 www.terabox.com tcp
CN 114.232.92.38:443 global-staticplat.cdn.bcebos.com tcp
JP 210.148.85.47:443 www.terabox.com tcp
CN 118.180.40.38:443 global-staticplat.cdn.bcebos.com tcp
CN 111.225.213.38:443 global-staticplat.cdn.bcebos.com tcp
CN 111.174.9.38:443 global-staticplat.cdn.bcebos.com tcp
CN 117.68.52.38:443 global-staticplat.cdn.bcebos.com tcp
CN 121.14.156.38:443 global-staticplat.cdn.bcebos.com tcp
CN 117.33.185.38:443 global-staticplat.cdn.bcebos.com tcp
CN 120.41.32.38:443 global-staticplat.cdn.bcebos.com tcp
CN 113.219.142.38:443 global-staticplat.cdn.bcebos.com tcp

Files

\??\pipe\crashpad_1956_MUSJHOIXRCEKCKQX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 94682dbdd2a288a8402e8651564c83fc
SHA1 8adb5d707fe47466ba952b1a78b07a24d260aaa6
SHA256 827a689d25f64cd9e78cb06a846c63215d182cfe382751a5f57d563b4f725e37
SHA512 913a4f9cfe6851881eeb6645941d86ad83cb138be2fac515bf8434141ad5bdfac135faa43dc048b370c41600144014cc1862108d62fc059c7860439c19acf894

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cd0e9541733483828dbedb0409141bee
SHA1 7c064a4856e5de420d8f6765d303e5ad56918fe9
SHA256 89016e9f24edbe7960b2708e5668d5e37dc86b42d58ef9b5bc764322a5efcd57
SHA512 4c8578f426a365af6f63af7db0e59c7d0e7d0fd37b4adf66fa9b158f97e5bf3cc3a6d7deee7419a9bbc1def6a89c0fe107eea14a1134b9c021d1dc1000baf163

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f1cb38d9720d047db4c86729b331a214
SHA1 bbd58735ba793da95a9acb2eea933e778f78edf2
SHA256 eed6a5414b18a1af55f3c0d46af6d27cb4c2cd628f09a0fd01536b38ee3a56cf
SHA512 cd51196db5c395a27e55c63835a52f31b6a2b67fe1bf3644fbe5629690a85e6f58f9829c5e10b790d36eae155f87626933ad9d2443ba8f0f383670d388918504

C:\Users\Admin\Downloads\TeraBox_sl_b_1.32.0.1.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d9eb649fad891ffd1a54bc874b6e4b30
SHA1 d153c88eee97169b190e0e22a487cf586dccbe91
SHA256 740be8267538826181ee4f0c3542d31f81c651059c3b23fcee6d99c73177fba5
SHA512 903ef47c66c600098d4bcfeb403c3501b3330fa49516bd4fa94092c789c45e52e0f32c2f4e4698c166fd1842da3b6bac3922e6050439d47af16f6d6c12d69c31

C:\Users\Admin\AppData\Local\Temp\nsgD9D4.tmp\NsisInstallUI.dll

MD5 69b36f5513e880105fe0994feef54e70
SHA1 57b689dbf36719e17a9f16ad5245c8605d59d4c0
SHA256 531d1191eded0bf76abb40f0367efa2f4e4554123dc2373cf23ee3af983b6d5f
SHA512 c5c09d81a601f8060acf6d9eeaa9e417843bb37b81d5de6b5c70fb404a529c2b906d4bb0995d574dd5a3b4986e3cbe20882aa3e8349e31ff26bdb832692596bd

C:\Users\Admin\AppData\Local\Temp\nsgD9D4.tmp\System.dll

MD5 8cf2ac271d7679b1d68eefc1ae0c5618
SHA1 7cc1caaa747ee16dc894a600a4256f64fa65a9b8
SHA256 6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
SHA512 ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

C:\Users\Admin\AppData\Local\Temp\nsgD9D4.tmp\nsProcessW.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

memory/2656-101-0x0000000003380000-0x0000000003390000-memory.dmp

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBox.exe

MD5 117c541f80c5e6706e722f9431d9fef6
SHA1 d19eb357c221f4802e0c342da69bcdd463400b80
SHA256 e6435157581258557202d04b08ebda3c87d52e5354ccc33825d80673c6b16e30
SHA512 8239044b8b08d5743d09118c5db1a0e5dac8b77482b8d9b6146130df397d4a1b00427b6049bc82f14e6f6cf67a5dc8cdc3387931e28544277fe4fd9c912c0328

C:\Users\Admin\AppData\Roaming\TeraBox\appUtil.DLL

MD5 2b01d156bf9857a17daa46979218fa4c
SHA1 591285020e8525ca51d1021ef8b4267d22b07329
SHA256 b36a5d808f8e64ba0635c72c7c9049453a98edf160083df05a0311dff471030f
SHA512 8afcfdf2d745cc634fa9440b7792b5d1477b1a15838a787aab9f4be4ee5cf0b81e08f4322a96ece37ff31f19fa4bf1f74463b3c908f0d532d1b25cee0d59bd3e

C:\Users\Admin\AppData\Roaming\TeraBox\msvcp140.dll

MD5 1d8c79f293ca86e8857149fb4efe4452
SHA1 7474e7a5cb9c79c4b99fdf9fb50ef3011bef7e8f
SHA256 c09b126e7d4c1e6efb3ffcda2358252ce37383572c78e56ca97497a7f7c793e4
SHA512 83c4d842d4b07ba5cec559b6cd1c22ab8201941a667e7b173c405d2fc8862f7e5d9703e14bd7a1babd75165c30e1a2c95f9d1648f318340ea5e2b145d54919b1

C:\Users\Admin\AppData\Roaming\TeraBox\minosagent.dll

MD5 216a2dd23f95bdd63cd88a50eb7e69bd
SHA1 9c63635c26e276179f8dba9e02079bb3170b0321
SHA256 63da24020a82333c79806f3f8aa92fb9103f20b0b90ab095ee52601f6b154ada
SHA512 390ff16e8b0c07c1bda03584096404bdd22d69a0eb39a76fc6155c81584e1a7737f8f9d359a7be8e861bcfb02ced46950a8ef6c20a896774647086c21ee7edf0

C:\Users\Admin\AppData\Roaming\TeraBox\vcruntime140.dll

MD5 b77eeaeaf5f8493189b89852f3a7a712
SHA1 c40cf51c2eadb070a570b969b0525dc3fb684339
SHA256 b7c13f8519340257ba6ae3129afce961f137e394dde3e4e41971b9f912355f5e
SHA512 a09a1b60c9605969a30f99d3f6215d4bf923759b4057ba0a5375559234f17d47555a84268e340ffc9ad07e03d11f40dd1f3fb5da108d11eb7f7933b7d87f2de3

C:\Users\Admin\AppData\Roaming\TeraBox\updateagent.dll

MD5 1605626fc49e04528739581c8805e227
SHA1 c3a3f8b626b99c5c8ca41b5fa181681f571f4825
SHA256 8ed13ef0a5372d46ecfa82dd66e3f8bb963c3db7d9442d11ac33aa9ad34d37e6
SHA512 975e211ec53d54d434692c48cbb86bb843f314bd2c6ac5dbeed6155097c7a7a59cb7e3df119ce463c2895755be9ded6012bab59b2a7b7dd22dc6acc600a7ef8a

C:\Users\Admin\AppData\Roaming\TeraBox\Bull140U.DLL

MD5 aed059c46be32077f7b63ab9349eee76
SHA1 cc84ed3fe63e110f489111d7acefe9effb389aac
SHA256 b7234ea6641f484834412a6edf820a56b7b26257e8780bff70f1c9d7cf02b9ee
SHA512 f829e6d503f88f3cb50c1142a024368ca8cd787a9a85f6955fa5092cb5c06f679bdf5377718f97e1077a89a8606c3698839e344524f9d43629cdf02a4306da27

C:\Users\Admin\AppData\Roaming\TeraBox\uninst.exe

MD5 af58fb8e4130fd3779a743f05a17524d
SHA1 c1b1d0e256a58c3f148d818aa79b2a7429e8a8ea
SHA256 e02a12cda93ff7f02539661d5e7459550cb2c72047c034e357af3d641785ab5f
SHA512 27a7681a07d6c3f3f5f18ab8c9ad3fafd2352c6fd10e00544b51bf7314e5e603e556b153ffdfdfa0ccaa0110a53022ea535549de8886f689ff9ebbec25262480

C:\Users\Admin\AppData\Roaming\TeraBox\YunShellExt64.dll

MD5 3a70aef3153e58a9624ef1bcaa63fbbb
SHA1 9f6a9f877a2153294687cdc5e661c6c539b3136d
SHA256 aede12d6e7221cdf81ca4dd73c7961a7d5bd4313f7793f5437a64ac271844317
SHA512 4d131f536f560207f7d259144327625d7c352c93979f663212d0fc430840757239e9be9c7030bc1826765d078fdaa9cb730e0cf2d217ff8203f6742547ffdaac

C:\Users\Admin\AppData\Roaming\TeraBox\YunOfficeAddin.dll

MD5 4fffd9ffde2d48f474f9280c944b6940
SHA1 2dc56ab63e3241eadbb3e39ef697d2d468d4a57e
SHA256 635e8364383318f04667524663191e03fbcab9359006a1e829902bce7e19544d
SHA512 d40e5ff0a2f1a8ff38c159c149bb71456f59b9ca277b0e8a2c88e61b258db8142c7ab942817a0c28cac47635cfc300b10dd955fdf1bcb8078122a6d66cd10f85

C:\Users\Admin\AppData\Roaming\TeraBox\YunOfficeAddin64.dll

MD5 aa257db82af0ce00192bfc3a72c47d56
SHA1 bbfa65b9512dbca06985fca1534c1178b331ab7b
SHA256 1083ea29c46cc3fdd3324a1887b6e3489e98076e9cc1b941f363ebd2225cbbff
SHA512 b45706e23f8f394e2693c49ad1410ddd3012fda01c3d88778f9d8c0ecf23b498fcd9e75d2eb45bb7032ec940bd81f568ace9830d0ef634d989f7408b03104b78

C:\Users\Admin\AppData\Roaming\TeraBox\terabox_ext_chrome.crx

MD5 d1228d3f6008b5ab6bfeae22e47163d5
SHA1 c9daa88047adaf64f79ab8eb39c638fb49d7c40c
SHA256 abd139cf05cfb99922766f68292791ef239b589acd0e78e6623b6cd57dcfbee2
SHA512 3fab9d678d9a890cd954958fc06b9d97d09bbe843d2c6a563c7a42ac615d2e36c4255a0a362f716e0549282d635ae8532d68c4da6513e345511fc31c791be5b4

C:\Users\Admin\AppData\Roaming\TeraBox\YunUtilityService.exe

MD5 666302bb1ecf9edb2445d390e52c737e
SHA1 df8272fcabaa673bfe2e135d9f351f5ec366f077
SHA256 48a15f0945dd83ec074066e7a47131f1f48e85e31fb26280c8a70753d7584b2b
SHA512 ad0850f7d8985dca12cb06b2837c3791e75aba35e74243f13e143c423b116338b4ff5531e2f77b5c778a83926f5dc5ce801f23013ca1e5334ceca36ebd302e6a

C:\Users\Admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe

MD5 1e77999ac64fd309a200921c646ef7c0
SHA1 53679977c98b484e24e7d8c0810c695c99c98be5
SHA256 5700ddbcd18561e1bd14c1de034fff226038e36e3bfd2451b5678fd6028d5aab
SHA512 e1cd7332d9aaf6dd1de0cd053e47d54334b6fadd2fdf78fba33420cd9437d3ace463222bd62ef974a68ac0f752d052f73e45a92899e0ff4a926612ee07d34b17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1956_1728947543\CRX_INSTALL\tabs\upload.html

MD5 ce0dbe45c168444b4044186fe777ae6e
SHA1 10935a714d607e9c187922990d758d9c44707892
SHA256 0a38553872d8ba828acd117a9351495d8751e37068b889583821f18e759ba18c
SHA512 aad5cf5b199bc0b2a1d4d057dd18153159a80bfc64ed73610dd3d7700e4a8d2a595109a9e6d1b76f7de58d9ff19809d5ef4c2e7ff1281ca2f31edcf4b89f5ce7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1956_1728947543\CRX_INSTALL\tabs\upload.fff2005f.js

MD5 bf8ee3296e5286ce9cfe4d5bfd0dcf05
SHA1 3caa16b5e1f2393b6d5e4f1d0c92344e30b02982
SHA256 388db65bc068294f230d3b29e4f57899b2fd8a8b33bb597fa277db4d7bad9726
SHA512 2de06740275131e5b0edabedbfa07ef86431f41c55ae7d7c896d051fbf71cb59d4c9cfd9a53ff89a47468ca378b5c2a0092ce5e556a83b4b38084159cc781b74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1956_1728947543\CRX_INSTALL\_metadata\verified_contents.json

MD5 3f53538fea29780d614d868ec535c656
SHA1 8a5e38c8e37b8c8c4e9c92da71b73cfd73735fd3
SHA256 3971200c9ff31a4246c2d1e5fa7b7736dbe0e08ac5e35e9193d61267e1f9beb2
SHA512 ee76edbea6b520a61ba09e18864bdf9c93d231a665ace46ab10069b14987096374c67d73626ce88aac4248240519d9a1c16a1b54b772023b0b0c9f63ff59ea9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1956_1728947543\CRX_INSTALL\popup.html

MD5 aebaafaf40e4efbcdae29865c5f15e45
SHA1 4c8d363885b86ea344c2bb4ed56420c9c498dbf5
SHA256 6600a4b34d070ebcc773ebec3b87043772ad7c45ad46d8677d820c6a4b21c994
SHA512 12dcdaed13823c3e1e03c499fbeb51831e5318afd2ca535ea2118e53724fbdf7b533207f660d4579010a286bda494c543354e2a464651f6325b0ee07f87c6ace

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1956_1728947543\CRX_INSTALL\popup.82bbf211.css

MD5 3db5fa906ed2537d677ed16ee400cee8
SHA1 1a3dd114649a3fcc7eaaf4d0853cccc2375deea6
SHA256 6e5e196aabb6097fd688f75f976dcae2d7c367f73ee29151b6fc567fb11e4f0a
SHA512 c748ba696e39bf2bf51643f5180711f38583c201eba59ee430a3e85042ff78ca4d8b9e6f80cbac83a65c40b5e5a7af5fe5ed2627c90ee0eb43eed1442e53aebf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9837f849e061eaafa0d23bf6c7207495
SHA1 e91022e641b4d48a66d10119291cbca6f3435112
SHA256 7d112ac2c155882cb00f60286975e482040a3f94db03b41d770159efde88da8e
SHA512 72de65963644bc26982053eda3398a00942816c21075fc89c5776e651caa5bde27f9002e268fcc95775c572378234fc37225b6dbff81d317d5f5a4a9c2615e86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1956_1728947543\CRX_INSTALL\popup.49fbeb31.js

MD5 b8cb1f92eb5ff732eb84facd56739b47
SHA1 cc5719e299003ee07223eb1816ab1e8e2e39aecd
SHA256 ccf4f29d0ddb966793774f4ba875b5e39124657a8ccf0458785a4cd98145ef6e
SHA512 d5b65d551bf5be6ee8f1e58341249cd08d4c14b133c05fd5a11333dfed8bb946425869faabd05a35a5a8ea79716c842284cd034d5625f2eea1be598bb9ee847b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d8d239b8a0fce2b5517c3fcd5cf72119
SHA1 c20bb0af9eae274fca61374bb203b577e10e29a8
SHA256 3e0441734a53b7ed97820fe9a336c7f55ee14c589f8ee4a1f3db5cd9700d22c9
SHA512 81f1f2f9954f67d2a4d1553db2bcf95899e2701b347618ca0f616b13f78633067ba9936a78f2cc7795ba99d4e348a01e2804341a96f70bb9365b5b2f01657bfd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1956_1728947543\CRX_INSTALL\manifest.json

MD5 82ade69e0a61d4a5a52599e47d1ded48
SHA1 b7cb43601818557e96022e6e14e14c9a608b1ac3
SHA256 13c6cd7e1c850769d452c2f971ffbd4cdd37eb6ca0deeb3e670b25766be3eec4
SHA512 ea8f112b717f96a5ec61228626ac7f520ec013d4ff9f7d139fdf113841a1ca3cab344a9adad9ce2d87bb76e286ea085a8e751d404c84c42ca6bc0392e2ac8a4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1956_1728947543\CRX_INSTALL\icon64.plasmo.e4b604fc.png

MD5 410b633662ef1689f2ef0238442ce935
SHA1 87e5060d0fea11a07b11434b7d16b019f2896960
SHA256 8f11e60a86c5ebfb4909213048c62c641532c248a7c7ef2ca4d789cd5f2f5365
SHA512 4e64ee7d3739cda2870f27a7249e5bcabe2c516bdd956109d5193a237b499bc3035e8488da5deeb284cce3820eba4131d3f5da83e51e1ed265e3fb595527cc47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1956_1728947543\CRX_INSTALL\icon512.9f01ba5c.png

MD5 5b7857e25912eb814ad3fd6033682576
SHA1 8a6eccff0db631b298bb4ba265f9758885486c2a
SHA256 a22b5ab578c98de4113a0f0b91106a703fdb543e1a11e6d7594b48cc6090657a
SHA512 58c51b9b3bb68216437dc17f969adff663b89bde63187bc107814a0955ee0430a74063f9a2359b6445aff1909348b65f197b5143ef228238635ea2f15b811476

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1956_1728947543\CRX_INSTALL\icon48.plasmo.cae3a6b3.png

MD5 78c0b51f85bc143297a5219abd4e10f6
SHA1 a6f8db876af4cc28d43f91a8eed001852c7d6bf3
SHA256 e5d369ffeaa96219d797467f37827237cc307a739e428446a240c968864926c6
SHA512 e062ee1fa5dfa09aa2d0fb64b911a2ba4fde60988e22c75515f40c02cbb9519d58ebb5b8860b2672c50c1d2ce95b1757cecfda731328cc0aaa2c3768dca49c7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1956_1728947543\CRX_INSTALL\icon32.plasmo.9ad0c5b6.png

MD5 3e70a490ec41a716816b2c7a932eb907
SHA1 c347fa82aea65bb5b067a182f7343ae4bd78f40c
SHA256 288e661fb7827f84266d385f641514dded71eaafe6073e843e8ad7859f63db91
SHA512 91fd8e0bc1924a09b7665cd38ef3ab4baade82c0af773285eda45df33254a0d6b796c1fb4b4b6a6eeccf8a028163b2688cc8539f441f941b6edf214da585633c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1956_1728947543\CRX_INSTALL\icon16.plasmo.00ac8b83.png

MD5 95f0cecb2dd7458e7e89435bb31dcbdb
SHA1 27c7c1313086ed3b4b03f7c578fb9ef2d23bf618
SHA256 d491250304085f79022f9751707ab692fa7499a386188e2b157ae1344be40c07
SHA512 a50aaf164720d17c2c7a1af08474291869d842cc229a0ebe1d1d557db1b7fa14584864e05f91c7c256e415ff1e9d8ff3e766d766f4a247d688a00b8b78eef4d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1956_1728947543\CRX_INSTALL\icon128.plasmo.b89b7dfa.png

MD5 3209591bb33cf1325b759a3d4a52cdf8
SHA1 5bf5d653efe8c59941db96939c882ffddddc4966
SHA256 f294dda542ccf32621e8d80806ed03ead3c800ea5ccfd73dbb8db1622de77113
SHA512 af02794bf80233644ea18bc144b46ead45b164162b871d89c2ab3db00aa45120c21ae55f8b83d67a8ea743886a6f63b6145bc58cc3b78fd894b2de3feaf82bb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1956_1728947543\CRX_INSTALL\background.d0591844.js

MD5 ee3827d15e9b168553f227839314692a
SHA1 9058e257870ac5b8c3dfd689ec37ab59a4828cfd
SHA256 599bcdcaba9a6990d913c7b4a7b82e131c457bf3903a5469647a85553517a6cd
SHA512 e3cb4fe1c2e7e571767bc36382ec30bde3bfc3896a22f417168084783da4c123d7056bee4461675b1b93d8cce5f3b4f9b51bafe3c2c2362cf994abad5b48cdbe

C:\Users\Admin\AppData\Local\Temp\scoped_dir1956_212078853\CRX_INSTALL\contents.c10c11b1.js

MD5 16b38d2d77cb0b5da5d28403946a6a2f
SHA1 9b129decbf92a0c40006cb08c4d5dd80094676b7
SHA256 30994e98ee7992ff32bf1ae2fe6ae5341074ffd29dac3cf3c23569a6549a0571
SHA512 c1c575204e49b642ad7db2c7534d33509debb705a6ff66888220a783bcc80d19ad82d9297523e50bd10dc2a30a2b9bd9f215f3c9371d99c731b03c2b7905f290

C:\Users\Admin\AppData\Local\Temp\scoped_dir1956_212078853\CRX_INSTALL\contents.4683de87.js

MD5 66fd5b0645cff76133c84e98227fa5ef
SHA1 415c40936b7440d23695e9d5229ea0da3d640c7e
SHA256 8100e3821f040f50b51a5224736f629b01e6b38acaea835eba1d6c68bcfca189
SHA512 9bfc3b173ab90a9a39ba5efca4d78bc5c10a71da8dc84f1f5e2cb141704a03c02e8104432f8bc8c538d030bd3ba69071d5912dea46f4990d4c2f5dce8ccde16e

C:\Users\Admin\AppData\Local\Temp\nsgD9D4.tmp\SetupCfg.ini

MD5 86daef0a1abf90f934b20119d95e8b73
SHA1 fa9170644b102c598005d1764a16aba54314ab69
SHA256 a5b0e58f66055ba5c9730dd7983946f92075bcf7052343b8d64ee95faa99eaaa
SHA512 1e95d6b697621f5c8bd194b5252f7717c3aa48a25d91d80fcd5fb0f1d06747c5f39708255bd85f18f776468dcde5645a8ac088431d412af1b10932d7f0df67b7

C:\Users\Admin\AppData\Roaming\TeraBox\AutoUpdate\AutoUpdateUtil.dll

MD5 bf5e773b31cea30b6a8388c719cf0342
SHA1 db300c09fce3c878225146f0ef1d07dcc15e54af
SHA256 7a7e10507d07f8da2866233143e77ce7a3590c745300f08334d8e6308ab39115
SHA512 52d37d86de26635caf46f49fd3c03d2530b57402a3dfbb21e6281c0331ec6e53a730ef0ab55c39d56eaf92308fe2efeb8c1ea4cfe1fed0b03f459fbe450e7a06

C:\Users\Admin\AppData\Roaming\TeraBox\VersionInfo

MD5 aef980496e31ca94eddcff0044a32549
SHA1 ed3f1474c6c8b09c8da07bbac61f5c03aa60d992
SHA256 7c71738efeb52cc51e923b4aa64fa29af5a99f60802fd922394e7ad30d25574f
SHA512 5144db5524ddf448a7764b7c5c9312c335a4b19365ba813303a0dd1abdbe2a6fc74291bf39df27416cd7503cd3ba85eaaca5e4a3c59c44e655292dadf4b31fbc

memory/3776-521-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

memory/3776-522-0x0000000000FB0000-0x0000000000FB1000-memory.dmp

memory/3776-524-0x0000000002FE0000-0x0000000002FE1000-memory.dmp

memory/3776-523-0x0000000002FB0000-0x0000000002FB1000-memory.dmp

memory/3776-526-0x0000000003110000-0x0000000003111000-memory.dmp

memory/3776-525-0x0000000002FF0000-0x0000000002FF1000-memory.dmp

memory/3776-527-0x0000000003120000-0x0000000003121000-memory.dmp

memory/3776-528-0x0000000065A10000-0x0000000066E3C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\IndexedDB\https_www.terabox.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 156f2b058ceca4def98cd7b8d3d40103
SHA1 62abd8ac977f75d286e9a829a5571e1400d201ac
SHA256 d2cf6c86c3d983434ead94d3dd30d1d809e587fd21427c28d8824213cf7b601d
SHA512 932564cea94b77d63317d90e7f99d825ccb492a822d06ab373688c84ce803ca6d22f0d44c5d35fdfcc2b81bf7093a1c4c309c28d6e60498d272d39f634c8c4cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 397d09d6a1c87353866dadf7b7277eb1
SHA1 67188f76c2ac9ad2030238715e1cc8cceb5dc00c
SHA256 e8c971e83c4d71d0bc665df324e5f75440e2ed9e8a4e882daac9d07e77680116
SHA512 bdbf21114bfcc6a97a468884691e5bb1b7511e043f21a99d694342e5a0ebfe43b491ad73455670b27561f594f1ca1af2bc1e20c9e35af51898e7a7aa5a3042de

C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Cache\f_000057

MD5 08ec57068db9971e917b9046f90d0e49
SHA1 28b80d73a861f88735d89e301fa98f2ae502e94b
SHA256 7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512 b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dde67fb615016ea9fd1714d9c17d3ae9
SHA1 48f9841c04e87a5ddb19d24c787e6a207190d7be
SHA256 71c458aa23b27ce54de5e01576fdd975b0650b4296039855e91a0fe298a02f83
SHA512 b66f26d01e49a670d61edab39c0f34aa3ee0d4a04f8a109e1d929d1269ab4966b743f6d06acf8c891fddac6dd50faf3d7ab3952016899cbb73efeb5ff183e733

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d7b9c97fa74e66561b7cf16aea7018fd
SHA1 5b86732b2795e496af7a3625dffb01e057e7bcbe
SHA256 70187b45e81bbd8d058af0886b60599ed6e05e04902fbd0d076e094d009ad339
SHA512 0f5a0d3a865fa29f62f015726d1362063769c78157d8729ccfc55aaf28f1e9a4c70c0b80c88bb4f01620776b7fcf0ef44f9a611add45110f6f4e518e5af514bc

C:\Users\Admin\AppData\Roaming\TeraBox\AutoUpdate\Download\AutoUpdate.xml

MD5 3c20637d0f03f1d738b7ed4bd188f6cc
SHA1 962dfe88ea36e784041153b7bc8d590aadaad8bc
SHA256 74d964f69c722b49398f949a76a8e2d7546c8fbd0148e7ebec9834a374386066
SHA512 7c3cbdffcb4eec2789f30cea93a58bfc90e7f11625b5ba915a2986aff7f818a92aa8ab134efffe2f3b8d6d4efed389ae547a3aca5ed42af8b031e47af29f5dac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 69011a250604bd20f655ee813ec2af0a
SHA1 1ef1c4908429b800deec01d1732ed002485c435f
SHA256 cd30cac72e1e4a3903120286fdd72bcd7b6063e65ae65ff6e9f1f74234784aea
SHA512 4aea3436cd1c7a22dcac6d5de76ec2a3a70cab225cd8ff5a03f62dbd4c89b2953c3ddf613e172515c1f164e8418369a2b9252c2593b972afce213d093f7435cc

C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Code Cache\js\index-dir\the-real-index

MD5 cef1d338ecd43fd0a118183300ccf017
SHA1 fa15652a56dd1a5075284c5123eed033fb52d713
SHA256 d723676f4dbef380b1cb068f37023d0b19697245c582817994d21fe51b5d8d08
SHA512 fb034540698982a4e9274bc01a1e2fdd6fb0cf8671aac8ebc7d4fd90f62c5aeb60c22aaa409817809f87657ef23c6e9974d13faa655a33bf719ffbb30b64cc33

C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Code Cache\js\index-dir\the-real-index

MD5 e0391137742fac4d53ae909a0e164907
SHA1 6988eb7057eaab71eeefd3922a34b6c5cab3f21f
SHA256 b8e0f41eceaf7a8c783615591150fc22ade34e5cccf34dd3fac4b8c48dbbd499
SHA512 5b257310b48c4235acc1f1344f1ab52e72bed69227a3e75b53ff3e0ac3c8235947c7f581feac704058e9e354aed0d7d551dccfc76091225212d6495dd875a705

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7d39a724dac68ca18987c080464ec655
SHA1 0ea0993cd399a0a5664ef1b69de21bb178f93670
SHA256 a1bf2797dfe81c52bac43c776561ab7183dbabb271eb262cfd5f7e4ad64e4a5c
SHA512 823e441b4569e22561b94e1c794d3052e650ee3187ca9c64c286b8dfacbd1f7d1e84b6f1bda4fbf322daf58a6e16fd595b5592f7704bf819a0c1ea1a3b38a691

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 6bf98831a201afd4f5bc0de861999eca
SHA1 96d534d1e22d37a70ad3e9eb271edb3afe76f65b
SHA256 1a8505322472480b627d3b14d20a0f573b79b543453774d1946f4771539b204d
SHA512 633cbf7269bd5b70ead66d23f095b75af11b7ed10e41a067e1562278a33cff9ce023df7a5b37ff8b8ced880fa0278b49bb225c85697edcf4018e7c05bc0032a8

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 fadef3e4ad65a1eb0f91683b7ec189c5
SHA1 2dfaf13098f8570fd2dacfbbc27fd2bcc8f39c89
SHA256 dd2ce96e542590448fa8849366e618d8613406fc3261d9ce9319d4424caf470e
SHA512 ed8df3a7bd2bdadf8f62356b44c1678f8f007289361abeac528c21ccedeab2d349d4301ea7da703f88915f43980e934a2196d8e2868bd49894ef4cb49998b650