URL:

https://freeterabox.com/s/1lj95hERPjZ2oZvNCYgmiig

Full analysis: https://app.any.run/tasks/9e3ed85d-ffcb-4e58-9fd9-daf51672dc8a
Verdict: Malicious activity
Analysis date: July 01, 2024, 18:46:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
vmprotect
Indicators:
MD5:

B8F21BE8C4A73B68E63D937A508FA257

SHA1:

F6AED6D495DF2867736985C6A86051458BF2D515

SHA256:

7B1A0B89E138739138DAE9092E74C16E2F4BEA71930CBBE1A980A0A6B16B311F

SSDEEP:

3:N8lAUJEF6eENC:23Q6eEQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • TeraBox_sl_b_1.31.0.1.exe (PID: 4036)
      • TeraBoxHost.exe (PID: 2296)

    • Changes the autorun value in the registry

      • TeraBox.exe (PID: 3832)

    • Registers / Runs the DLL via REGSVR32.EXE

      • TeraBox_sl_b_1.31.0.1.exe (PID: 4036)

    • Creates a writable file in the system directory

      • YunUtilityService.exe (PID: 3256)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • TeraBox_sl_b_1.31.0.1.exe (PID: 4036)

    • Process drops legitimate windows executable

      • TeraBox_sl_b_1.31.0.1.exe (PID: 4036)

    • The process creates files with name similar to system file names

      • TeraBox_sl_b_1.31.0.1.exe (PID: 4036)
      • TeraBoxRender.exe (PID: 2912)

    • Executable content was dropped or overwritten

      • TeraBox_sl_b_1.31.0.1.exe (PID: 4036)

    • The process drops C-runtime libraries

      • TeraBox_sl_b_1.31.0.1.exe (PID: 4036)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 2736)
      • regsvr32.exe (PID: 1100)

    • Reads security settings of Internet Explorer

      • TeraBoxWebService.exe (PID: 3864)
      • TeraBox.exe (PID: 2964)
      • AutoUpdate.exe (PID: 3100)
      • TeraBox.exe (PID: 2516)

    • Reads the Internet Settings

      • TeraBoxWebService.exe (PID: 3864)
      • TeraBox.exe (PID: 2964)
      • AutoUpdate.exe (PID: 3100)
      • TeraBox.exe (PID: 2516)

    • Reads the date of Windows installation

      • TeraBox.exe (PID: 3832)

    • Creates a software uninstall entry

      • TeraBox_sl_b_1.31.0.1.exe (PID: 4036)

    • Reads settings of System Certificates

      • TeraBox.exe (PID: 2964)
      • TeraBoxRender.exe (PID: 1748)
      • AutoUpdate.exe (PID: 3100)
      • TeraBox.exe (PID: 2516)
      • TeraBoxRender.exe (PID: 2252)

    • Checks Windows Trust Settings

      • TeraBox.exe (PID: 2964)
      • YunUtilityService.exe (PID: 3256)
      • AutoUpdate.exe (PID: 3100)
      • TeraBox.exe (PID: 2516)
      • YunUtilityService.exe (PID: 2652)

    • Adds/modifies Windows certificates

      • YunUtilityService.exe (PID: 3256)

    • Executes as Windows Service

      • YunUtilityService.exe (PID: 3256)
      • YunUtilityService.exe (PID: 2652)

  • INFO

    • Reads the computer name

      • TeraBox_sl_b_1.31.0.1.exe (PID: 4036)
      • TeraBox.exe (PID: 3832)
      • YunUtilityService.exe (PID: 1568)
      • TeraBoxWebService.exe (PID: 3864)
      • TeraBox.exe (PID: 2964)
      • TeraBoxRender.exe (PID: 2912)
      • TeraBoxRender.exe (PID: 1748)
      • YunUtilityService.exe (PID: 3256)
      • TeraBoxHost.exe (PID: 2296)
      • TeraBoxRender.exe (PID: 932)
      • TeraBoxHost.exe (PID: 2676)
      • AutoUpdate.exe (PID: 3100)
      • TeraBox.exe (PID: 2516)
      • TeraBoxRender.exe (PID: 3060)
      • TeraBoxRender.exe (PID: 2252)
      • TeraBoxRender.exe (PID: 648)
      • TeraBoxHost.exe (PID: 1020)
      • YunUtilityService.exe (PID: 2652)
      • TeraBoxHost.exe (PID: 3672)

    • The process uses the downloaded file

      • msedge.exe (PID: 3416)
      • msedge.exe (PID: 3356)

    • Checks supported languages

      • TeraBox_sl_b_1.31.0.1.exe (PID: 4036)
      • TeraBox.exe (PID: 3832)
      • TeraBox.exe (PID: 2964)
      • YunUtilityService.exe (PID: 1568)
      • TeraBoxWebService.exe (PID: 832)
      • TeraBoxWebService.exe (PID: 3864)
      • TeraBoxRender.exe (PID: 2912)
      • TeraBoxRender.exe (PID: 1748)
      • TeraBoxRender.exe (PID: 2688)
      • TeraBoxRender.exe (PID: 1952)
      • TeraBoxRender.exe (PID: 932)
      • YunUtilityService.exe (PID: 3256)
      • TeraBoxHost.exe (PID: 2296)
      • TeraBoxHost.exe (PID: 2676)
      • AutoUpdate.exe (PID: 3100)
      • TeraBoxWebService.exe (PID: 3592)
      • TeraBoxWebService.exe (PID: 2056)
      • TeraBoxRender.exe (PID: 3060)
      • TeraBox.exe (PID: 2516)
      • TeraBoxRender.exe (PID: 2252)
      • TeraBoxRender.exe (PID: 3488)
      • TeraBoxRender.exe (PID: 2884)
      • TeraBoxRender.exe (PID: 648)
      • TeraBoxHost.exe (PID: 3672)
      • TeraBoxHost.exe (PID: 1020)
      • YunUtilityService.exe (PID: 2652)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 3416)

    • Reads Environment values

      • TeraBox_sl_b_1.31.0.1.exe (PID: 4036)

    • Create files in a temporary directory

      • TeraBox_sl_b_1.31.0.1.exe (PID: 4036)
      • TeraBox.exe (PID: 2964)
      • TeraBoxRender.exe (PID: 1748)
      • TeraBox.exe (PID: 2516)
      • TeraBoxRender.exe (PID: 2252)

    • Creates files or folders in the user directory

      • TeraBox_sl_b_1.31.0.1.exe (PID: 4036)
      • TeraBox.exe (PID: 3832)
      • TeraBoxWebService.exe (PID: 3864)
      • TeraBox.exe (PID: 2964)
      • TeraBoxHost.exe (PID: 2296)
      • AutoUpdate.exe (PID: 3100)
      • TeraBoxHost.exe (PID: 2676)
      • TeraBox.exe (PID: 2516)
      • TeraBoxHost.exe (PID: 3672)
      • TeraBoxHost.exe (PID: 1020)

    • Drops the executable file immediately after the start

      • msedge.exe (PID: 3416)

    • Application launched itself

      • msedge.exe (PID: 3416)

    • Reads the machine GUID from the registry

      • TeraBox.exe (PID: 3832)
      • TeraBox.exe (PID: 2964)
      • TeraBoxWebService.exe (PID: 3864)
      • TeraBoxRender.exe (PID: 1748)
      • YunUtilityService.exe (PID: 3256)
      • TeraBoxHost.exe (PID: 2296)
      • AutoUpdate.exe (PID: 3100)
      • TeraBox.exe (PID: 2516)
      • TeraBoxHost.exe (PID: 3672)
      • TeraBoxRender.exe (PID: 2252)
      • YunUtilityService.exe (PID: 2652)

    • Checks proxy server information

      • TeraBoxWebService.exe (PID: 3864)
      • TeraBox.exe (PID: 2964)
      • AutoUpdate.exe (PID: 3100)
      • TeraBox.exe (PID: 2516)

    • Process checks computer location settings

      • TeraBox.exe (PID: 2964)
      • TeraBoxRender.exe (PID: 2688)
      • TeraBoxRender.exe (PID: 1952)
      • TeraBox.exe (PID: 2516)
      • TeraBoxRender.exe (PID: 3488)
      • TeraBoxRender.exe (PID: 2884)

    • Reads the software policy settings

      • TeraBox.exe (PID: 2964)
      • YunUtilityService.exe (PID: 3256)
      • TeraBoxRender.exe (PID: 1748)
      • AutoUpdate.exe (PID: 3100)
      • TeraBox.exe (PID: 2516)
      • TeraBoxRender.exe (PID: 2252)
      • YunUtilityService.exe (PID: 2652)

    • Creates files in the program directory

      • TeraBoxHost.exe (PID: 2296)

    • VMProtect protector has been detected

      • TeraBoxHost.exe (PID: 2296)
      • TeraBoxHost.exe (PID: 3672)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
107
Monitored processes
60
Malicious processes
9
Suspicious processes
1

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs terabox_sl_b_1.31.0.1.exe no specs terabox_sl_b_1.31.0.1.exe terabox.exe regsvr32.exe no specs regsvr32.exe no specs yunutilityservice.exe no specs msedge.exe no specs teraboxwebservice.exe no specs msedge.exe no specs msedge.exe no specs terabox.exe teraboxwebservice.exe msedge.exe no specs msedge.exe no specs teraboxrender.exe no specs teraboxrender.exe teraboxrender.exe no specs teraboxrender.exe no specs teraboxrender.exe no specs yunutilityservice.exe THREAT teraboxhost.exe teraboxhost.exe autoupdate.exe msedge.exe no specs teraboxwebservice.exe no specs msedge.exe no specs teraboxwebservice.exe no specs terabox.exe teraboxrender.exe no specs teraboxrender.exe teraboxrender.exe no specs teraboxrender.exe no specs teraboxrender.exe no specs yunutilityservice.exe no specs THREAT teraboxhost.exe teraboxhost.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
448"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1040 --field-trial-handle=1332,i,17294837882088045445,5168148676314276202,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
648"C:\Users\admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=gpu-process --field-trial-handle=1948,8749339438483087859,18245675301878893992,131072 --enable-features=CastMediaRouteProvider --no-sandbox --locales-dir-path="C:\Users\admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 6.1); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.31.0.1;PC;PC-Windows;6.1.7601;WindowsTeraBox" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --log-file="C:\Users\admin\AppData\Roaming\TeraBox\debug.log" --mojo-platform-channel-handle=2008 /prefetch:2C:\Users\admin\AppData\Roaming\TeraBox\TeraBoxRender.exeTeraBox.exe
User:
admin
Company:
Flextech Inc.
Integrity Level:
MEDIUM
Description:
TeraBoxRender
Exit code:
0
Version:
2.0.1.1
Modules
Images
c:\users\admin\appdata\roaming\terabox\teraboxrender.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\roaming\terabox\libcef.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
684"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4904 --field-trial-handle=1332,i,17294837882088045445,5168148676314276202,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
832"C:\Users\admin\AppData\Roaming\TeraBox\TeraBoxWebService.exe" regC:\Users\admin\AppData\Roaming\TeraBox\TeraBoxWebService.exeTeraBox_sl_b_1.31.0.1.exe
User:
admin
Company:
Flextech Inc.
Integrity Level:
HIGH
Description:
TeraBoxWebService
Exit code:
0
Version:
1.31.0.1
Modules
Images
c:\users\admin\appdata\roaming\terabox\teraboxwebservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
880"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3800 --field-trial-handle=1332,i,17294837882088045445,5168148676314276202,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
932"C:\Users\admin\AppData\Roaming\TeraBox\TeraBoxRender.exe" --type=gpu-process --field-trial-handle=2060,12691049306851785934,11024031738142552990,131072 --enable-features=CastMediaRouteProvider --no-sandbox --locales-dir-path="C:\Users\admin\AppData\Roaming\TeraBox\browserres\locales" --log-file="C:\Users\admin\AppData\Roaming\TeraBox\debug.log" --log-severity=disable --resources-dir-path="C:\Users\admin\AppData\Roaming\TeraBox\browserres" --user-agent="Mozilla/5.0; (Windows NT 6.1); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.31.0.1;PC;PC-Windows;6.1.7601;WindowsTeraBox" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --log-file="C:\Users\admin\AppData\Roaming\TeraBox\debug.log" --mojo-platform-channel-handle=2088 /prefetch:2C:\Users\admin\AppData\Roaming\TeraBox\TeraBoxRender.exeTeraBox.exe
User:
admin
Company:
Flextech Inc.
Integrity Level:
MEDIUM
Description:
TeraBoxRender
Exit code:
0
Version:
2.0.1.1
Modules
Images
c:\users\admin\appdata\roaming\terabox\teraboxrender.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\roaming\terabox\libcef.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
952"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=1332,i,17294837882088045445,5168148676314276202,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1020"C:\Users\admin\AppData\Roaming\TeraBox\TeraBoxHost.exe" -PluginId 1501 -PluginPath "C:\Users\admin\AppData\Roaming\TeraBox\module\VastPlayer\VastPlayer.dll" -ChannelName terabox.2516.1.1326615769\1891145188 -QuitEventName TERABOX_VIDEO_PLAY_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "192.168.100.64" -PcGuid "TBIMXV2-O_59979D97811647C3989FC36CBB193277-C_0-D_4d51303030302031202020202020202020202020-M_12A9866C77DE-V_C4BA3647" -Version "1.31.0.1" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1C:\Users\admin\AppData\Roaming\TeraBox\TeraBoxHost.exe
TeraBox.exe
User:
admin
Company:
Flextech Inc.
Integrity Level:
MEDIUM
Description:
TeraBoxHost
Version:
1.31.0.1
Modules
Images
c:\users\admin\appdata\roaming\terabox\teraboxhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\roaming\terabox\bull140u.dll
c:\users\admin\appdata\roaming\terabox\minosagent.dll
c:\users\admin\appdata\roaming\terabox\msvcp140.dll
c:\users\admin\appdata\roaming\terabox\vcruntime140.dll
c:\users\admin\appdata\roaming\terabox\api-ms-win-crt-runtime-l1-1-0.dll
c:\users\admin\appdata\roaming\terabox\ucrtbase.dll
1100"C:\Windows\system32\regsvr32.exe" "/s" "C:\Users\admin\AppData\Roaming\TeraBox\YunOfficeAddin.dll"C:\Windows\System32\regsvr32.exeTeraBox_sl_b_1.31.0.1.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1172"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4104 --field-trial-handle=1332,i,17294837882088045445,5168148676314276202,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
79 481
Read events
78 873
Write events
562
Delete events
46

Modification events

(PID) Process:(3416) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3416) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3416) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(3416) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(3416) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3416) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:dr
Value:
1
(PID) Process:(3416) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(3416) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
7A7C604DCA7A2F00
(PID) Process:(3416) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\FirstNotDefault
Operation:delete valueName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
(PID) Process:(3416) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge
Operation:writeName:UsageStatsInSample
Value:
1
Executable files
82
Suspicious files
407
Text files
84
Unknown types
19

Dropped files

PID
Process
Filename
Type
3416msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF4eaca.TMP
MD5:
SHA256:
3416msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3416msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF4ead9.TMP
MD5:
SHA256:
3416msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
3416msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF4eae9.TMP
MD5:
SHA256:
3416msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF4eb75.TMP
MD5:
SHA256:
3416msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
3416msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\d5a87391-86de-48c4-972d-cbce8ac109b8.tmpbinary
MD5:9A5715FE96A76197F9AB4269DBEF7C1B
SHA256:098CCB0DA475B681933D223A3BFC69A0BDE9D4DA44A1EBB66242F95FAC2B883D
3568msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics.pmabinary
MD5:886E82F2CA62ECCCE64601B30592078A
SHA256:E5E13D53601100FF3D6BB71514CBCCC4C73FE9B7EF5E930100E644187B42948E
3416msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\a1a9e918-5fdb-420a-b3e9-5e39a1b7e728.tmpbinary
MD5:5058F1AF8388633F609CADB75A75DC9D
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
142
DNS requests
118
Threats
41

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
304
217.20.57.34:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
unknown
1372
svchost.exe
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
1060
svchost.exe
GET
304
217.20.57.18:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a9f83325acc8ca75
unknown
unknown
1372
svchost.exe
GET
200
23.211.9.92:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
3864
TeraBoxWebService.exe
GET
404
210.148.85.47:80
http://www.terabox.com/box-static/base/widget/httpProxy/_nomd5/crossdomain.xml
unknown
unknown
3256
YunUtilityService.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/gsgccr45evcodesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQaCbVYh07WONuW4e63Ydlu4AlbDAQUJZ3Q%2FFkJhmPF7POxEztXHAOSNhECDBLeGItEWTEgQyVFBw%3D%3D
unknown
unknown
3256
YunUtilityService.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/rootr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDQHuXxad%2F5c1K2Rl1mo%3D
unknown
unknown
3256
YunUtilityService.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/codesigningrootr45/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVFZP5vqhCrtRN5SWf40Rn6NM1IAQUHwC%2FRoAK%2FHg5t6W0Q9lWULvOljsCEHe9DgW3WQu2HUdhUx4%2Fde0%3D
unknown
unknown
3256
YunUtilityService.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEHgDGEJFcIpBz28BuO60qVQ%3D
unknown
unknown
2964
TeraBox.exe
POST
200
210.148.85.47:80
http://terabox.com/statistics?clienttype=8&devuid=TBIMXV2%2DO%5F59979D97811647C3989FC36CBB193277%2DC%5F0%2DD%5F4d51303030302031202020202020202020202020%2DM%5F12A9866C77DE%2DV%5FC4BA3647&channel=00000000000000000000000001000002&version=1.31.0.1&ver=1&id=17198597351F4B9ED776FD4F2284EBBFF4F2CF0E00&vip=0
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1372
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
3416
msedge.exe
239.255.255.250:1900
whitelisted
1504
msedge.exe
111.108.51.78:443
freeterabox.com
KDDI CORPORATION
JP
unknown
1060
svchost.exe
224.0.0.252:5355
unknown
1504
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1504
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1504
msedge.exe
210.148.85.59:443
www.1024tera.com
Internet Initiative Japan Inc.
JP
unknown
1504
msedge.exe
128.1.34.162:443
www.staticcc.com
ZEN-ECN
DE
unknown

DNS requests

Domain
IP
Reputation
freeterabox.com
  • 111.108.51.78
unknown
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.1024tera.com
  • 210.148.85.59
unknown
www.staticcc.com
  • 128.1.34.162
  • 128.1.34.163
  • 128.1.34.164
  • 128.1.34.165
  • 128.1.34.166
unknown
blog.terabox.com
  • 15.206.13.88
  • 3.6.221.111
  • 13.200.155.212
unknown
data.1024tera.com
  • 98.98.225.230
unknown
ymg-api.1024tera.com
  • 111.108.51.117
unknown
s2.teraboxcdn.com
  • 23.90.149.105
  • 90.84.161.17
  • 90.84.161.21
  • 90.84.161.18
  • 90.84.161.16
  • 23.90.149.103
unknown
accounts.google.com
  • 173.194.79.84
shared

Threats

PID
Process
Class
Message
1504
msedge.exe
Misc activity
ET INFO DNS Query to File Sharing Domain (terabox .com)
1504
msedge.exe
Misc activity
ET INFO DNS Query to File Sharing Domain (terabox .com)
1504
msedge.exe
Misc activity
ET INFO DNS Query to File Sharing Domain (terabox .com)
1504
msedge.exe
Misc activity
ET INFO DNS Query to File Sharing Domain (terabox .com)
1504
msedge.exe
Misc activity
ET INFO DNS Query to File Sharing Domain (terabox .com)
1504
msedge.exe
Misc activity
ET INFO DNS Query to File Sharing Domain (terabox .com)
1504
msedge.exe
Misc activity
ET INFO Observed File Sharing Domain (terabox .com in TLS SNI)
1504
msedge.exe
Misc activity
ET INFO Observed File Sharing Domain (terabox .com in TLS SNI)
1504
msedge.exe
Misc activity
ET INFO Observed File Sharing Domain (terabox .com in TLS SNI)
1504
msedge.exe
Misc activity
ET INFO Observed File Sharing Domain (terabox .com in TLS SNI)
Process
Message
TeraBoxHost.exe
vast_media--[2024-07-01 19:49:04:253] Initialized sdl_video_render_driver=software
TeraBoxHost.exe
vast_media--[2024-07-01 19:49:04:253] Initialized sdl_audio_play_driver=directsound
TeraBoxHost.exe
vast_media--[2024-07-01 19:49:04:253] Initialized hardware_type=3001
TeraBoxHost.exe
vast_media--[2024-07-01 19:50:07:504] Initialized sdl_video_render_driver=software
TeraBoxHost.exe
vast_media--[2024-07-01 19:50:07:504] Initialized sdl_audio_play_driver=directsound
TeraBoxHost.exe
vast_media--[2024-07-01 19:50:07:504] Initialized hardware_type=3001
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://freeterabox.com/s/1lj95hERPjZ2oZvNCYgmiig