File name:

Sandboxie-Plus-x64-v1.14.10.exe

Full analysis: https://app.any.run/tasks/fc6cee01-76fc-4fd6-8f69-2be8c9640693
Verdict: Malicious activity
Analysis date: October 22, 2024, 19:27:42
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-scr
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

8EDA881C7416AFD588CCA4A4ED796A19

SHA1:

93A8615DE547D36E8815C9E5200874EA78329058

SHA256:

41C46BB9EEAD3F4F69D3BAD8C16C072D18880C1B2CDC87F8EDFCE86A7A5C2A7E

SSDEEP:

196608:zpH9akrTccWPmPkWZm3bWKwgGwiEk95RIyeO2Qx4hKb4lO:zpdaSWPmPC3blGwkbIHax4448

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Sandboxie-Plus-x64-v1.14.10.tmp (PID: 6480)

    • Executable content was dropped or overwritten

      • Sandboxie-Plus-x64-v1.14.10.exe (PID: 4308)
      • Sandboxie-Plus-x64-v1.14.10.tmp (PID: 692)
      • Sandboxie-Plus-x64-v1.14.10.exe (PID: 6240)

    • Reads the Windows owner or organization settings

      • Sandboxie-Plus-x64-v1.14.10.tmp (PID: 692)

    • Drops 7-zip archiver for unpacking

      • Sandboxie-Plus-x64-v1.14.10.tmp (PID: 692)

    • Uses TASKKILL.EXE to kill process

      • Sandboxie-Plus-x64-v1.14.10.tmp (PID: 692)

    • Process drops legitimate windows executable

      • Sandboxie-Plus-x64-v1.14.10.tmp (PID: 692)

    • The process drops C-runtime libraries

      • Sandboxie-Plus-x64-v1.14.10.tmp (PID: 692)

    • Drops a system driver (possible attempt to evade defenses)

      • Sandboxie-Plus-x64-v1.14.10.tmp (PID: 692)

    • Executes as Windows Service

      • SbieSvc.exe (PID: 4448)

  • INFO

    • Create files in a temporary directory

      • Sandboxie-Plus-x64-v1.14.10.exe (PID: 4308)
      • Sandboxie-Plus-x64-v1.14.10.tmp (PID: 692)
      • Sandboxie-Plus-x64-v1.14.10.exe (PID: 6240)

    • Reads the computer name

      • Sandboxie-Plus-x64-v1.14.10.tmp (PID: 6480)
      • Sandboxie-Plus-x64-v1.14.10.tmp (PID: 692)

    • Checks supported languages

      • Sandboxie-Plus-x64-v1.14.10.exe (PID: 4308)
      • Sandboxie-Plus-x64-v1.14.10.tmp (PID: 6480)
      • Sandboxie-Plus-x64-v1.14.10.tmp (PID: 692)
      • Sandboxie-Plus-x64-v1.14.10.exe (PID: 6240)

    • Manual execution by a user

      • wscript.exe (PID: 6768)
      • wscript.exe (PID: 2620)
      • wscript.exe (PID: 6936)
      • wscript.exe (PID: 6888)
      • wscript.exe (PID: 2588)
      • wscript.exe (PID: 7152)
      • wscript.exe (PID: 5524)
      • wscript.exe (PID: 6448)
      • wscript.exe (PID: 6244)
      • wscript.exe (PID: 6300)
      • wscript.exe (PID: 4376)
      • wscript.exe (PID: 5048)
      • wscript.exe (PID: 4380)
      • wscript.exe (PID: 6260)
      • wscript.exe (PID: 6392)

    • Process checks computer location settings

      • Sandboxie-Plus-x64-v1.14.10.tmp (PID: 6480)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (67.7)
.exe | Win32 EXE PECompact compressed (generic) (25.6)
.exe | Win32 Executable (generic) (2.7)
.exe | Win16/32 Executable Delphi generic (1.2)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 48640
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 1.14.10.0
ProductVersionNumber: 1.14.10.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: http://xanasoft.com/
FileDescription: Sandboxie-Plus Setup
FileVersion: 1.14.10
LegalCopyright: Copyright © 2020-2024 by David Xanatos (xanasoft.com)
OriginalFileName:
ProductName: Sandboxie-Plus
ProductVersion: 1.14.10
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
147
Monitored processes
28
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start sandboxie-plus-x64-v1.14.10.exe sandboxie-plus-x64-v1.14.10.tmp no specs sandboxie-plus-x64-v1.14.10.exe sandboxie-plus-x64-v1.14.10.tmp taskkill.exe no specs conhost.exe no specs kmdutil.exe no specs kmdutil.exe no specs updutil.exe kmdutil.exe no specs sbiesvc.exe no specs start.exe no specs sandman.exe wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
692"C:\Users\admin\AppData\Local\Temp\is-8KUGG.tmp\Sandboxie-Plus-x64-v1.14.10.tmp" /SL5="$502EE,20581921,791552,C:\Users\admin\Desktop\Sandboxie-Plus-x64-v1.14.10.exe" /SPAWNWND=$70214 /NOTIFYWND=$7020C C:\Users\admin\AppData\Local\Temp\is-8KUGG.tmp\Sandboxie-Plus-x64-v1.14.10.tmp
Sandboxie-Plus-x64-v1.14.10.exe
User:
admin
Company:
http://xanasoft.com/
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-8kugg.tmp\sandboxie-plus-x64-v1.14.10.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
1744"C:\Program Files\Sandboxie-Plus\KmdUtil.exe" install SbieSvc "C:\Program Files\Sandboxie-Plus\SbieSvc.exe" type=own start=auto msgfile="C:\Program Files\Sandboxie-Plus\SbieMsg.dll" display="Sandboxie Service" group=UIGroupC:\Program Files\Sandboxie-Plus\KmdUtil.exeSandboxie-Plus-x64-v1.14.10.tmp
User:
admin
Company:
Sandboxie-Plus.com
Integrity Level:
HIGH
Description:
Sandboxie configuration file utility
Exit code:
0
Version:
5.69.10
Modules
Images
c:\program files\sandboxie-plus\kmdutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
1952\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2588"C:\Windows\System32\WScript.exe" C:\Users\admin\Desktop\shell.jsC:\Windows\System32\wscript.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Version:
5.812.10240.16384
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2620"C:\Windows\System32\WScript.exe" C:\Users\admin\Desktop\SBIE1308.jsC:\Windows\System32\wscript.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Version:
5.812.10240.16384
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4308"C:\Users\admin\Desktop\Sandboxie-Plus-x64-v1.14.10.exe" C:\Users\admin\Desktop\Sandboxie-Plus-x64-v1.14.10.exe
explorer.exe
User:
admin
Company:
http://xanasoft.com/
Integrity Level:
MEDIUM
Description:
Sandboxie-Plus Setup
Exit code:
0
Version:
1.14.10
Modules
Images
c:\users\admin\desktop\sandboxie-plus-x64-v1.14.10.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
4376"C:\Windows\System32\WScript.exe" C:\Users\admin\Desktop\game_fps.jsC:\Windows\System32\wscript.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
1
Version:
5.812.10240.16384
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4380"C:\Windows\System32\WScript.exe" C:\Users\admin\Desktop\SBIE2204.jsC:\Windows\System32\wscript.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.812.10240.16384
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4448"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"C:\Program Files\Sandboxie-Plus\SbieSvc.exeservices.exe
User:
SYSTEM
Company:
Sandboxie-Plus.com
Integrity Level:
SYSTEM
Description:
Sandboxie Service
Version:
5.69.10
Modules
Images
c:\program files\sandboxie-plus\sbiesvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\program files\sandboxie-plus\sbiedll.dll
5048"C:\Windows\System32\WScript.exe" C:\Users\admin\Desktop\SBIECOPY.jsC:\Windows\System32\wscript.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
1
Version:
5.812.10240.16384
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
5 932
Read events
5 897
Write events
35
Delete events
0

Modification events

(PID) Process:(692) Sandboxie-Plus-x64-v1.14.10.tmpKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SbieSvc
Operation:writeName:PreferExternalManifest
Value:
1
(PID) Process:(692) Sandboxie-Plus-x64-v1.14.10.tmpKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SbieSvc
Operation:writeName:Language
Value:
1033
(PID) Process:(692) Sandboxie-Plus-x64-v1.14.10.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie-Plus_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.2
(PID) Process:(692) Sandboxie-Plus-x64-v1.14.10.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie-Plus_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\Sandboxie-Plus
(PID) Process:(692) Sandboxie-Plus-x64-v1.14.10.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie-Plus_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\Sandboxie-Plus\
(PID) Process:(692) Sandboxie-Plus-x64-v1.14.10.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie-Plus_is1
Operation:writeName:Inno Setup: Icon Group
Value:
Sandboxie-Plus
(PID) Process:(692) Sandboxie-Plus-x64-v1.14.10.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie-Plus_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(692) Sandboxie-Plus-x64-v1.14.10.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie-Plus_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
desktopicon,refreshbuild
(PID) Process:(692) Sandboxie-Plus-x64-v1.14.10.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie-Plus_is1
Operation:writeName:Inno Setup: Deselected Tasks
Value:
(PID) Process:(692) Sandboxie-Plus-x64-v1.14.10.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie-Plus_is1
Operation:writeName:Inno Setup: Language
Value:
english
Executable files
99
Suspicious files
27
Text files
32
Unknown types
0

Dropped files

PID
Process
Filename
Type
4308Sandboxie-Plus-x64-v1.14.10.exeC:\Users\admin\AppData\Local\Temp\is-O5A75.tmp\Sandboxie-Plus-x64-v1.14.10.tmpexecutable
MD5:707D99BC95F3BA7ABF5D31F54A2E8466
SHA256:B2B37EF28D79EA0BA52D3215B66E8FB81403A9C27573964DDE6E0E9CB998BC0A
692Sandboxie-Plus-x64-v1.14.10.tmpC:\Program Files\Sandboxie-Plus\is-CJ6L9.tmpexecutable
MD5:EA3460F722991C7EE2FB8275AF35DD88
SHA256:87304468D88A1F1CD66E9F0641FFABA60C2B8F964EB8068FED294DBF99E868E0
692Sandboxie-Plus-x64-v1.14.10.tmpC:\Program Files\Sandboxie-Plus\ImBox.exeexecutable
MD5:4C9CE7346F77DDCDAE660A619788AFF6
SHA256:D41FBDEF86253627CB1F436AB443DEA609FEFDBA8093EF3A6D516F3A470A6C3D
692Sandboxie-Plus-x64-v1.14.10.tmpC:\Users\admin\AppData\Local\Temp\is-KGVBU.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
6240Sandboxie-Plus-x64-v1.14.10.exeC:\Users\admin\AppData\Local\Temp\is-8KUGG.tmp\Sandboxie-Plus-x64-v1.14.10.tmpexecutable
MD5:707D99BC95F3BA7ABF5D31F54A2E8466
SHA256:B2B37EF28D79EA0BA52D3215B66E8FB81403A9C27573964DDE6E0E9CB998BC0A
692Sandboxie-Plus-x64-v1.14.10.tmpC:\Program Files\Sandboxie-Plus\is-7TKHE.tmpexecutable
MD5:328C61212C6E9A26BBA9C5A09B3EB14A
SHA256:2321D38014705629FFB90DEB9230B04F842981FE97E2EA529120A13A1FD65CB8
692Sandboxie-Plus-x64-v1.14.10.tmpC:\Program Files\Sandboxie-Plus\is-V3LMA.tmpexecutable
MD5:AB0E788FC7A4DC29D6F7DA39470555C7
SHA256:EC1E49B8447DE3D5E6DF8445846798CF107AD12DA994E92BC40B61A9EE66B21B
692Sandboxie-Plus-x64-v1.14.10.tmpC:\Program Files\Sandboxie-Plus\is-ODPC5.tmpexecutable
MD5:59D8A1E454E670379570B3AC731878E6
SHA256:AC565DC5A795E1952A47AF1D49E8EA02B77513D8E04448A48BDF6B48044C38A2
692Sandboxie-Plus-x64-v1.14.10.tmpC:\Program Files\Sandboxie-Plus\7z.dllexecutable
MD5:59D8A1E454E670379570B3AC731878E6
SHA256:AC565DC5A795E1952A47AF1D49E8EA02B77513D8E04448A48BDF6B48044C38A2
692Sandboxie-Plus-x64-v1.14.10.tmpC:\Program Files\Sandboxie-Plus\is-94M44.tmpexecutable
MD5:4C9CE7346F77DDCDAE660A619788AFF6
SHA256:D41FBDEF86253627CB1F436AB443DEA609FEFDBA8093EF3A6D516F3A470A6C3D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
20
DNS requests
10
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6944
svchost.exe
GET
200
23.48.23.177:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.48.23.177:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6944
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
302
188.114.97.3:443
https://sandboxie-plus.com/update.php?software=sandboxie-plus&action=install&version=1.14.10&system=windows-10.0.19045-x64&language=en_US
unknown
GET
200
188.114.96.3:443
https://xanasoft.com/update/get.php?software=sandboxie-plus&action=install&version=1.14.10&system=windows-10.0.19045-x64&language=en_US
unknown
binary
21.0 Kb
unknown
POST
204
104.126.37.131:443
https://www.bing.com/threshold/xls.aspx
unknown
whitelisted
POST
204
104.126.37.128:443
https://www.bing.com/threshold/xls.aspx
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
23.48.23.177:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.48.23.177:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6944
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4020
svchost.exe
239.255.255.250:1900
whitelisted
6944
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
  • 51.104.136.2
whitelisted
google.com
  • 216.58.206.46
whitelisted
crl.microsoft.com
  • 23.48.23.177
  • 23.48.23.162
  • 23.48.23.193
  • 23.48.23.167
  • 23.48.23.169
  • 23.48.23.159
  • 23.48.23.180
  • 23.48.23.194
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
sandboxie-plus.com
  • 188.114.96.3
  • 188.114.97.3
unknown
www.bing.com
  • 104.126.37.131
  • 104.126.37.185
  • 104.126.37.138
  • 104.126.37.137
  • 104.126.37.186
  • 104.126.37.184
  • 104.126.37.136
  • 104.126.37.139
  • 104.126.37.128
whitelisted
xanasoft.com
  • 188.114.96.3
  • 188.114.97.3
unknown
self.events.data.microsoft.com
  • 13.89.179.9
whitelisted

Threats

No threats detected
Process
Message
SandMan.exe
Clear took 1.8e-05 s
SandMan.exe
QObject::connect: No such slot CSandMan::OnDismissUpdate()
SandMan.exe
QFileSystemWatcher::removePath: path is empty
SandMan.exe
Config file: "C:\\WINDOWS\\Sandboxie.ini" (system)
SandMan.exe
QString::arg: Argument missing: Sandboxie config has been reloaded,
SandMan.exe
QString::arg: Argument missing: Sandboxie config has been reloaded,
SandMan.exe
QString::arg: Argument missing: Sandboxie config has been reloaded,
SandMan.exe
QString::arg: Argument missing: Sandboxie config has been reloaded,
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Sandboxie-Plus-x64-v1.14.10.exe