Sandboxie crypto query

Discussion in 'sandboxing & virtualization' started by avboy, Aug 8, 2009.

Thread Status:
Not open for further replies.
  1. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    165
    Hi,

    Can anyone throw some light on Sandboxiecrypto.exe I was testing a generic trojan (dropper) inside sandboxie. Immediately sandboxiecrypto opened a connection as shown below

    [TDI] TCP, Connect, 0.0.0.0:50175 -> 203.77.188.232:80, C:\Program Files\Sandboxie\SandboxieCrypto.exe(3884/330:cool:

    This IP details are

    MISSOURI PACIFIC LIMELIGHT NETWORKS ASIA PACIFIC

    Now can any of you tell me the significance of this?

    Regards
     
  2. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    source
     
  3. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    When testing, create a Test Box, and give it no internet access rights inside Restrictions tab. This connection *shouldn't* appear then, even though it is a legit process to verify.
     
  4. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    165
    Thanks Keyboard Commando. Thats exactly the IP of mscrl.microsoft.com.

    Problem solved along with Tzuk's explanation of Sandboxiecrypto. And thanks for your suggestion too.
     
Loading...
Thread Status:
Not open for further replies.