Sandboxie crypto query

Discussion in 'sandboxing & virtualization' started by avboy, Aug 8, 2009.

Thread Status:
Not open for further replies.
  1. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    211
    Hi,

    Can anyone throw some light on Sandboxiecrypto.exe I was testing a generic trojan (dropper) inside sandboxie. Immediately sandboxiecrypto opened a connection as shown below

    [TDI] TCP, Connect, 0.0.0.0:50175 -> 203.77.188.232:80, C:\Program Files\Sandboxie\SandboxieCrypto.exe(3884/330:cool:

    This IP details are

    MISSOURI PACIFIC LIMELIGHT NETWORKS ASIA PACIFIC

    Now can any of you tell me the significance of this?

    Regards
     
    avboy, Aug 8, 2009
    #1
  2. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    source
     
    Keyboard_Commando, Aug 8, 2009
    #2
  3. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    When testing, create a Test Box, and give it no internet access rights inside Restrictions tab. This connection *shouldn't* appear then, even though it is a legit process to verify.
     
    Keyboard_Commando, Aug 8, 2009
    #3
  4. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    211
    Thanks Keyboard Commando. Thats exactly the IP of mscrl.microsoft.com.

    Problem solved along with Tzuk's explanation of Sandboxiecrypto. And thanks for your suggestion too.
     
    avboy, Aug 8, 2009
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...