General Info

File name

Sandboxie.v5.30.exe

Full analysis
https://app.any.run/tasks/15f9c2bd-86c8-47ca-8c2a-87f75192afab
Verdict
Malicious activity
Analysis date
5/15/2019, 12:50:08
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

b683407b3dcdbe53eb7c72aa53419840

SHA1

1432e2151e1d9e9c1a1980a80cadcc43ef96c31c

SHA256

92622500e31d5f103f96faadf2a93c8e1f7f9c2efd90fce02794fd4eefdc3142

SSDEEP

98304:HbVSoDLZWFpiY/kGoQT2JcLS5v6+MyoclvgD3F8yUNZWCRXdSVR+lSUs0ZG/0iRv:ZRL/qFgi+nopF8XZpXd0wlJ4aa39Mw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Changes the autorun value in the registry
  • SbieCtrl.exe (PID: 2664)
Application was dropped or rewritten from another process
  • SbieCtrl.exe (PID: 2664)
  • License.exe (PID: 3484)
  • sbiekg.exe (PID: 312)
  • SbieCtrl.exe (PID: 2516)
  • License.exe (PID: 2368)
  • Start.exe (PID: 3448)
  • SbieSvc.exe (PID: 2076)
  • KmdUtil.exe (PID: 3496)
  • KmdUtil.exe (PID: 1700)
  • KmdUtil.exe (PID: 2436)
  • sbie32inst.exe (PID: 2100)
  • KmdUtil.exe (PID: 3096)
  • KmdUtil.exe (PID: 796)
  • KmdUtil.exe (PID: 936)
Loads dropped or rewritten executable
  • SbieCtrl.exe (PID: 2664)
  • License.exe (PID: 3484)
  • License.exe (PID: 2368)
  • Start.exe (PID: 3448)
  • SbieCtrl.exe (PID: 2516)
  • KmdUtil.exe (PID: 3496)
  • SbieSvc.exe (PID: 2076)
  • KmdUtil.exe (PID: 2436)
  • KmdUtil.exe (PID: 1700)
  • Sandboxie.v5.30.exe (PID: 1672)
  • KmdUtil.exe (PID: 936)
  • KmdUtil.exe (PID: 3096)
  • KmdUtil.exe (PID: 796)
  • sbie32inst.exe (PID: 2100)
Creates files in the user directory
  • SbieCtrl.exe (PID: 2664)
Creates files in the Windows directory
  • SbieSvc.exe (PID: 2076)
Removes files from Windows directory
  • SbieSvc.exe (PID: 2076)
Creates or modifies windows services
  • Sandboxie.v5.30.exe (PID: 1672)
  • sbie32inst.exe (PID: 2100)
  • KmdUtil.exe (PID: 1700)
Creates a software uninstall entry
  • sbie32inst.exe (PID: 2100)
Creates files in the program directory
  • Sandboxie.v5.30.exe (PID: 1672)
  • sbie32inst.exe (PID: 2100)
Executable content was dropped or overwritten
  • sbie32inst.exe (PID: 2100)
  • Sandboxie.v5.30.exe (PID: 1672)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2012:02:24 20:19:59+01:00
PEType:
PE32
LinkerVersion:
10
CodeSize:
28672
InitializedDataSize:
445952
UninitializedDataSize:
16896
EntryPoint:
0x39e3
OSVersion:
5
ImageVersion:
6
SubsystemVersion:
5
Subsystem:
Windows GUI
FileVersionNumber:
5.30.0.0
ProductVersionNumber:
5.30.0.0
FileFlagsMask:
0x0000
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
null
CompanyName:
Sandboxie Holdings, LLC
FileDescription:
Sandboxie v5.30
FileVersion:
5.30.0.0
LegalCopyright:
© Sandboxie Holdings, LLC
ProductName:
Sandboxie v5.30
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
24-Feb-2012 19:19:59
Detected languages
English - United States
Comments:
null
CompanyName:
Sandboxie Holdings, LLC
FileDescription:
Sandboxie v5.30
FileVersion:
5.30.0.0
LegalCopyright:
© Sandboxie Holdings, LLC
ProductName:
Sandboxie v5.30
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D0
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
6
Time date stamp:
24-Feb-2012 19:19:59
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00006F10 0x00007000 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.49816
.rdata 0x00008000 0x00002A92 0x00002C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.39389
.data 0x0000B000 0x00067EBC 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 1.47278
.ndata 0x00073000 0x000A1000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x00114000 0x00010E10 0x00011000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 6.93635
.reloc 0x00125000 0x00000F8A 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 7.88751
Resources
1

2

3

4

5

6

7

103

105

106

111

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

    VERSION.dll

Exports

    No exports.

Screenshots

Processes

Total processes
54
Monitored processes
16
Malicious processes
4
Suspicious processes
4

Behavior graph

+
drop and start drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start sandboxie.v5.30.exe no specs sandboxie.v5.30.exe sbie32inst.exe kmdutil.exe no specs kmdutil.exe no specs kmdutil.exe no specs kmdutil.exe no specs kmdutil.exe no specs kmdutil.exe no specs sbiesvc.exe no specs start.exe no specs sbiectrl.exe no specs license.exe no specs sbiekg.exe no specs license.exe no specs sbiectrl.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3336
CMD
"C:\Users\admin\AppData\Local\Temp\Sandboxie.v5.30.exe"
Path
C:\Users\admin\AppData\Local\Temp\Sandboxie.v5.30.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Sandboxie Holdings, LLC
Description
Sandboxie v5.30
Version
5.30.0.0
Modules
Image

PID
1672
CMD
"C:\Users\admin\AppData\Local\Temp\Sandboxie.v5.30.exe"
Path
C:\Users\admin\AppData\Local\Temp\Sandboxie.v5.30.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Sandboxie Holdings, LLC
Description
Sandboxie v5.30
Version
5.30.0.0
Modules
Image
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nsf5a4f.tmp\system.dll
c:\users\admin\appdata\local\temp\nsf5a4f.tmp\newadvsplash.dll
c:\windows\system32\winmm.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\riched20.dll
c:\windows\system32\uxtheme.dll
c:\users\admin\appdata\local\temp\nsf5a4f.tmp\aero.dll
c:\windows\system32\dwmapi.dll
c:\users\admin\appdata\local\temp\nsf5a4f.tmp\sbie32inst.exe
c:\users\admin\appdata\local\temp\nsf5a4f.tmp\nsprocess.dll
c:\program files\sandboxie\license.exe
c:\users\admin\appdata\local\temp\nsf5a4f.tmp\sbiekg.exe
c:\program files\sandboxie\sbiectrl.exe
c:\windows\system32\profapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\version.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\systemroot\system32\ntdll.dll
c:\users\admin\appdata\local\temp\sandboxie.v5.30.exe

PID
2100
CMD
C:\Users\admin\AppData\Local\Temp\nsf5A4F.tmp\sbie32inst.exe
Path
C:\Users\admin\AppData\Local\Temp\nsf5A4F.tmp\sbie32inst.exe
Indicators
Parent process
Sandboxie.v5.30.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Sandboxie Holdings, LLC
Description
Sandboxie Installer
Version
5.30
Modules
Image
c:\users\admin\appdata\local\temp\nsf5a4f.tmp\sbie32inst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nsi6cce.tmp\system.dll
c:\users\admin\appdata\local\temp\nsi6cce.tmp\langdll.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\users\admin\appdata\local\temp\nsi6cce.tmp\kmdutil.exe
c:\users\admin\appdata\local\temp\nsi6cce.tmp\inetc.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\sandboxie\start.exe
c:\windows\system32\dui70.dll
c:\windows\system32\duser.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\program files\sandboxie\sbiectrl.exe
c:\users\admin\appdata\local\temp\nsi6cce.tmp\installoptions.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\netutils.dll

PID
796
CMD
"C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe" /lang=1033 scandll
Path
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe
Indicators
No indicators
Parent process
sbie32inst.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsi6cce.tmp\kmdutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\users\admin\appdata\local\temp\nsi6cce.tmp\sbiedll.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
3096
CMD
"C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe" /lang=1033 stop SbieSvc
Path
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe
Indicators
No indicators
Parent process
sbie32inst.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsi6cce.tmp\kmdutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\users\admin\appdata\local\temp\nsi6cce.tmp\sbiedll.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
936
CMD
"C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe" /lang=1033 stop SbieDrv
Path
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe
Indicators
No indicators
Parent process
sbie32inst.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsi6cce.tmp\kmdutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\users\admin\appdata\local\temp\nsi6cce.tmp\sbiedll.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
1700
CMD
"C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe" /lang=1033 install SbieDrv "C:\Program Files\Sandboxie\SbieDrv.sys" type=kernel start=demand "msgfile=C:\Program Files\Sandboxie\SbieMsg.dll" altitude=86900
Path
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe
Indicators
No indicators
Parent process
sbie32inst.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsi6cce.tmp\kmdutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\users\admin\appdata\local\temp\nsi6cce.tmp\sbiedll.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
2436
CMD
"C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe" /lang=1033 install SbieSvc "\"C:\Program Files\Sandboxie\SbieSvc.exe"\" type=own start=auto "display=Sandboxie Service" group=UIGroup "msgfile=C:\Program Files\Sandboxie\SbieMsg.dll"
Path
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe
Indicators
No indicators
Parent process
sbie32inst.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsi6cce.tmp\kmdutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\users\admin\appdata\local\temp\nsi6cce.tmp\sbiedll.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
3496
CMD
"C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe" /lang=1033 start SbieSvc
Path
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe
Indicators
No indicators
Parent process
sbie32inst.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsi6cce.tmp\kmdutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\users\admin\appdata\local\temp\nsi6cce.tmp\sbiedll.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
2076
CMD
"C:\Program Files\Sandboxie\SbieSvc.exe"
Path
C:\Program Files\Sandboxie\SbieSvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Sandboxie Holdings, LLC
Description
Sandboxie Service
Version
5.30
Modules
Image
c:\program files\sandboxie\sbiesvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\sandboxie\sbiedll.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winsta.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\program files\sandboxie\sbiectrl.exe
c:\windows\system32\pstorec.dll
c:\windows\system32\atl.dll

PID
3448
CMD
"C:\Program Files\Sandboxie\Start.exe" run_sbie_ctrl
Path
C:\Program Files\Sandboxie\Start.exe
Indicators
No indicators
Parent process
sbie32inst.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Sandboxie Holdings, LLC
Description
Sandboxie Start
Version
5.30
Modules
Image
c:\program files\sandboxie\start.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\program files\sandboxie\sbiedll.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
2516
CMD
"C:\Program Files\Sandboxie\SbieCtrl.exe" /open /sync
Path
C:\Program Files\Sandboxie\SbieCtrl.exe
Indicators
No indicators
Parent process
SbieSvc.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Sandboxie Holdings, LLC
Description
Sandboxie Control
Version
5.30
Modules
Image
c:\program files\sandboxie\sbiectrl.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\sandboxie\sbiedll.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dwmapi.dll

PID
2368
CMD
"C:\Program Files\Sandboxie\License.exe" print syscode
Path
C:\Program Files\Sandboxie\License.exe
Indicators
No indicators
Parent process
Sandboxie.v5.30.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Sandboxie Holdings, LLC
Description
Sandboxie License Manager
Version
5.30
Modules
Image
c:\program files\sandboxie\license.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\sandboxie\sbiedll.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll

PID
312
CMD
C:\Users\admin\AppData\Local\Temp\nsf5A4F.tmp\sbiekg.exe
Path
C:\Users\admin\AppData\Local\Temp\nsf5A4F.tmp\sbiekg.exe
Indicators
No indicators
Parent process
Sandboxie.v5.30.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
UUK
Description
Keygen for Sandboxie
Version
1.0.0.1
Modules
Image
c:\users\admin\appdata\local\temp\nsf5a4f.tmp\sbiekg.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\program files\sandboxie\license.exe
c:\windows\system32\apphelp.dll

PID
3484
CMD
License.exe activate NP89ZT93PEXF53691MY2DK5B50IV1JTENWQY7O7A205I2NQV9PQUQKPXO3BAHB5KQK681N67FRLX6SNH9BRH14HQOQWC6Z39N1E7DRODLRWX52Y7J24P3JVF7E8TRIV8W5FP97OV6UR4VRE87MSC2Z1EF8CZDM1GPIF26A2XYFLXDMYIP0I5MZEMIHH6OY11HPYZN4JDK3RUWPM1U3M3JPFUNIMCTUAPDFL9J4YI8W9U4VG2EWNXU712JNZ3JL8JG6LHF7O85YBDSSPLJYSRUD5YX3SZLMJOYNJQUESTK786XM0JECD4YVYKET5L388F88UH02UFXWNI6UIJPKKS9J0OIOPSCU199CQ8WO3TMJDU3U4UCJGW6FI1SC45EOYHCZY27CIBE4N4
Path
C:\Program Files\Sandboxie\License.exe
Indicators
No indicators
Parent process
sbiekg.exe
User
admin
Integrity Level
HIGH
Version:
Company
Sandboxie Holdings, LLC
Description
Sandboxie License Manager
Version
5.30
Modules
Image
c:\program files\sandboxie\license.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\sandboxie\sbiedll.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll

PID
2664
CMD
"C:\Program Files\Sandboxie\SbieCtrl.exe"
Path
C:\Program Files\Sandboxie\SbieCtrl.exe
Indicators
Parent process
Sandboxie.v5.30.exe
User
admin
Integrity Level
HIGH
Version:
Company
Sandboxie Holdings, LLC
Description
Sandboxie Control
Version
5.30
Modules
Image
c:\program files\sandboxie\sbiectrl.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\sandboxie\sbiedll.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\sandboxie\start.exe

Registry activity

Total events
816
Read events
767
Write events
49
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
1672
Sandboxie.v5.30.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1672
Sandboxie.v5.30.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1672
Sandboxie.v5.30.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SbieSvc
Language
1033
1672
Sandboxie.v5.30.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Users\admin\AppData\Local\Temp\nsf5A4F.tmp\nsProcess.dll
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASAPI32
EnableFileTracing
0
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASAPI32
EnableConsoleTracing
0
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASAPI32
FileTracingMask
4294901760
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASAPI32
ConsoleTracingMask
4294901760
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASAPI32
MaxFileSize
1048576
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASAPI32
FileDirectory
%windir%\tracing
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASMANCS
EnableFileTracing
0
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASMANCS
EnableConsoleTracing
0
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASMANCS
FileTracingMask
4294901760
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASMANCS
ConsoleTracingMask
4294901760
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASMANCS
MaxFileSize
1048576
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASMANCS
FileDirectory
%windir%\tracing
2100
sbie32inst.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2100
sbie32inst.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2100
sbie32inst.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2100
sbie32inst.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie
DisplayName
Sandboxie 5.30 (32-bit)
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie
DisplayIcon
C:\Program Files\Sandboxie\Start.exe
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie
DisplayVersion
5.30
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie
Publisher
Sandboxie Holdings, LLC
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie
UninstallString
"C:\Windows\Installer\SandboxieInstall32.exe" /remove
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID
7E950284-E123-49F4-B32B-A806C090D747
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SbieSvc
Language
1033
2100
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SbieSvc
PreferExternalManifest
1
1700
KmdUtil.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\SbieDrv
EventMessageFile
C:\Program Files\Sandboxie\SbieMsg.dll
1700
KmdUtil.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\SbieDrv
TypesSupported
7
1700
KmdUtil.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SbieDrv
DependsOnService
FltMgr
1700
KmdUtil.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SbieDrv\Instances
DefaultInstance
SbieDrv Instance
1700
KmdUtil.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SbieDrv\Instances\SbieDrv Instance
Altitude
86900
1700
KmdUtil.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SbieDrv\Instances\SbieDrv Instance
Flags
0
2436
KmdUtil.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\SbieSvc
EventMessageFile
C:\Program Files\Sandboxie\SbieMsg.dll
2436
KmdUtil.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\SbieSvc
TypesSupported
7
2664
SbieCtrl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
SandboxieControl
"C:\Program Files\Sandboxie\SbieCtrl.exe"
2664
SbieCtrl.exe
write
HKEY_CLASSES_ROOT\*\shell\sandbox
Run &Sandboxed
2664
SbieCtrl.exe
write
HKEY_CLASSES_ROOT\*\shell\sandbox
Icon
"C:\Program Files\Sandboxie\Start.exe"
2664
SbieCtrl.exe
write
HKEY_CLASSES_ROOT\*\shell\sandbox\command
"C:\Program Files\Sandboxie\Start.exe" /box:__ask__ "%1" %*
2664
SbieCtrl.exe
write
HKEY_CLASSES_ROOT\Folder\shell\sandbox
Run &Sandboxed
2664
SbieCtrl.exe
write
HKEY_CLASSES_ROOT\Folder\shell\sandbox
Icon
"C:\Program Files\Sandboxie\Start.exe"
2664
SbieCtrl.exe
write
HKEY_CLASSES_ROOT\Folder\shell\sandbox\command
"C:\Program Files\Sandboxie\Start.exe" /box:__ask__ "C:\Windows\explorer.exe" "%1"

Files activity

Executable files
31
Suspicious files
22
Text files
38
Unknown types
10

Dropped files

PID
Process
Filename
Type
1672
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\nsf5A4F.tmp\sbie32inst.exe
executable
MD5: 13578bcbf82c867d31b08bc185df8bc6
SHA256: 434c122e837a5914a88b80414e955cf5d20c99468713f593a7ef9db89227964f
2100
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\KmdUtil.exe
executable
MD5: e59df6ca00e01ef5910c77d8ef28c718
SHA256: b5ce9eef87867fedc445923d0770fc05d33f854a06b30461fa0a8553d4363ea7
2100
sbie32inst.exe
C:\Program Files\Sandboxie\Start.exe
executable
MD5: 4303396d86997d5bc55be7aceaa13836
SHA256: d9633789ad1d19503dc4f95e8194dc9155aa7e18c4485cb20eaff6910874cde2
2100
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\LangDLL.dll
executable
MD5: 4cdaaf5da900a8eaed090cd22b8f8781
SHA256: 09477d605677bea48019b896f068ce6c2e89004e5c5f0a86c0276db30c6515a6
2100
sbie32inst.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
executable
MD5: 3a399641b92a58f6d3874e620802931a
SHA256: 708f5bbb63321e8d6e8205ee843602087ed8b0827d7f60607aa45fc2184288d0
2100
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\System.dll
executable
MD5: 0ff5120f1afd0f295c2baa0f7192d3f8
SHA256: 4ca5bf1beb4b802914c4d3e2f37861f6ba5ecf969cfeadf5855edf58f647a721
2100
sbie32inst.exe
C:\Program Files\Sandboxie\SbieIni.exe
executable
MD5: 72ad18c7010a0ecd3382f81d23abb6c7
SHA256: 0f67381ce6990fbb021d48fa558da786efdfe714c760861520944714c7c8bcc2
1672
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\nsf5A4F.tmp\Aero.dll
executable
MD5: 869c5949a10b32d3a31966cc5291301b
SHA256: b19961de6ca07e08704d6372718542f70dbbb203e59bf9bbe3a58f6e069a625c
2100
sbie32inst.exe
C:\Program Files\Sandboxie\License.exe
executable
MD5: c674dac15969c1e9aaefb0fe2cb9ca7f
SHA256: 69ef078fe1aa69278e7d4f9be1120c6a3bf83b27c656dd59495a8e3d1bdaf380
1672
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\nsf5A4F.tmp\newadvsplash.dll
executable
MD5: 55a723e125afbc9b3a41d46f41749068
SHA256: 0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06
2100
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\SbieMsg.dll
executable
MD5: b0c9a989acf17e3e50788007e73c8087
SHA256: 1da9db646371ed6c71639f465da333bd21071e28a5078938f3f9834e1cac2489
2100
sbie32inst.exe
C:\Windows\Installer\SandboxieInstall32.exe
executable
MD5: 13578bcbf82c867d31b08bc185df8bc6
SHA256: 434c122e837a5914a88b80414e955cf5d20c99468713f593a7ef9db89227964f
2100
sbie32inst.exe
C:\Program Files\Sandboxie\SandboxieCrypto.exe
executable
MD5: 95bc273835169cedf0dc96268d48855b
SHA256: 4c1ca41f2e73446ad277b92fb2c6d35c1c989efe7213b62933a957f4dd27c220
1672
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\nsf5A4F.tmp\System.dll
executable
MD5: bf712f32249029466fa86756f5546950
SHA256: 7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
2100
sbie32inst.exe
C:\Program Files\Sandboxie\SandboxieBITS.exe
executable
MD5: 54aa32384c4c8856cbb86237a6dc07f0
SHA256: 481ef9f411ab93de5a2e6a635d45eadec27f3bac93a0400e676fadacf6b925d9
1672
Sandboxie.v5.30.exe
C:\Program Files\Sandboxie\SbieDrv.del
executable
MD5: c6664b9cce4fc5fddd4b4277109c1aab
SHA256: 30e6004786f1e30f0296f6cfb74845a8f9683754abf14047148f57f5c151539a
2100
sbie32inst.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
executable
MD5: 5508b02c79e993b2f2ae9ecf7cc0ac11
SHA256: c5e30b0320adfca67676f71c1cfe1365593edcb213cd2066d56382664df55f83
1672
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\nsf5A4F.tmp\sbiekg.exe
executable
MD5: 976724e9e191dc289d226ea7f2553837
SHA256: 7f530a9cd7246cfdc2d4bb3717a74fc7925dcdda31f9f5e2e44abfb19e7ec8e0
2100
sbie32inst.exe
C:\Program Files\Sandboxie\SandboxieWUAU.exe
executable
MD5: 771988cc474070de1b3b09c5f0072b0e
SHA256: aa32850dc776e3f5f88b4da69b15c9a98a502480f690e166899d782e55315614
1672
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\nsf5A4F.tmp\nsProcess.dll
executable
MD5: f0438a894f3a7e01a4aae8d1b5dd0289
SHA256: 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
2100
sbie32inst.exe
C:\Program Files\Sandboxie\SboxHostDll.dll
executable
MD5: 01b2b0eaf7560bbd55b609982919e292
SHA256: 6573b580937fdb41bef2e49798f523903c091d6d0dbc8484c973476b83efc320
1672
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\nsf5A4F.tmp\sbie64inst.exe
executable
MD5: 4055456544821aeaffa4f2c315f51ee9
SHA256: aafa2739c75e0c9172092e943f8b3520f2b95bebe927760e68b70becccf99cc5
2100
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\SbieDll.dll
executable
MD5: 9a610e3fca86954885673026d17b4791
SHA256: 06c2e8a3a37077d191628a86082982f844b09a5f11a27a1b3fea573433431b92
2100
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\InstallOptions.dll
executable
MD5: 046074d285897c008499f7f3ad5be114
SHA256: 254c5ccbce59ad882f7f51d0bf760cabde8c88c5af84e13cc8ad77ba0361055c
2100
sbie32inst.exe
C:\Program Files\Sandboxie\SbieMsg.dll
executable
MD5: b0c9a989acf17e3e50788007e73c8087
SHA256: 1da9db646371ed6c71639f465da333bd21071e28a5078938f3f9834e1cac2489
2100
sbie32inst.exe
C:\Program Files\Sandboxie\SbieDrv.sys
executable
MD5: 1dea913c493fca2862d575b37b91699b
SHA256: a9c459eef7f065cb272ff1cee73dbb8ac169d6291ae00cedacbd8c77b93f6672
2100
sbie32inst.exe
C:\Program Files\Sandboxie\SbieSvc.exe
executable
MD5: 53e18d218c85f2b9ed95a921e93cffec
SHA256: 5ac386f349aa6bdaccf194ac7c0895e11d2cc50b5dfaaeca84c2e53f162bc524
1672
Sandboxie.v5.30.exe
C:\Program Files\Sandboxie\SbieDrv.sys
executable
MD5: c6664b9cce4fc5fddd4b4277109c1aab
SHA256: 30e6004786f1e30f0296f6cfb74845a8f9683754abf14047148f57f5c151539a
2100
sbie32inst.exe
C:\Program Files\Sandboxie\SbieDll.dll
executable
MD5: 9a610e3fca86954885673026d17b4791
SHA256: 06c2e8a3a37077d191628a86082982f844b09a5f11a27a1b3fea573433431b92
2100
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\INetC.dll
executable
MD5: 92ec4dd8c0ddd8c4305ae1684ab65fb0
SHA256: 5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
2100
sbie32inst.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
executable
MD5: d6d22574540ff2f3da629a8a9f7707a9
SHA256: 792f07e81c8dc0c446556d4f132726c6cc4c917a388d1763e7890b4edce7ee1c
2076
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1237906
––
MD5:  ––
SHA256:  ––
2100
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\Warning.ini
text
MD5: 273dc4d0b57b746c4a5501ff358549fc
SHA256: daa5346092e7eb8ac8212994873b06e071ed316dcfedd43399b61751c8cdc816
2100
sbie32inst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Sandboxie Control.lnk
lnk
MD5: 0685f56d63133ba3f4efa431911786e2
SHA256: 867246edc98d8d18458162425fd8aae9f4643b1af882d302277729907885d24b
2100
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\Warning.ini
text
MD5: eabadffcfbf0a92437c2082ab5fdb350
SHA256: 24b7321fe51b838e151cc8a4a44d34964eda541ff15e33a097bc0e8ae7a45ad9
2100
sbie32inst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Run Windows Explorer sandboxed.lnk
lnk
MD5: 102b6b5618b632718cfd2c06c0276413
SHA256: 66e5a64aca47a8e8fc7e9e4d21c4ca7ce31f4e7236e34e47c5a23053406bcceb
2100
sbie32inst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Run Web browser sandboxed.lnk
lnk
MD5: ecd33811632944a501f8fcca6ffe9c7e
SHA256: 5c64122d455ddd585fd774ee862ca12fec7c3215048367873c40f231b1946a05
2100
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\Warning.ini
text
MD5: 0ed78255ca8086b271a3927d62ff9057
SHA256: 809192a924f77da1cda6fef7e33076246553a1ac02f1753853cb1a623953a0c8
2100
sbie32inst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Sandboxie Start Menu.lnk
lnk
MD5: bc6ab2055ed52a307efbeaabd3fc31bd
SHA256: 32d5e1642432077eb4446fafccef4e9a6cc515608e2cdf116bfa82fa549c5bf9
2664
SbieCtrl.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\Sandboxie - DefaultBox.lnk
lnk
MD5: 9cef9798cfe388017b43f2420f3d4865
SHA256: 9ade35449030c0490648e7210135141afd0d1ac717e2fd09b865ee3d2fb53bd3
2100
sbie32inst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Run any program sandboxed.lnk
lnk
MD5: 07712251c6cfef2c6240d79203b7a1af
SHA256: 385494fb9e0690de74213e27a35ef027f317f5fcc538cfb386bb8477b1ab3f26
2100
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\ioSpecial.ini
text
MD5: 2c9e37527c0bbe916a5c6329f2575ef0
SHA256: 7469670c286e936df61945beb95f0ac1957011fef34ba40d4657ac786b055d4f
2100
sbie32inst.exe
C:\Program Files\Sandboxie\QuickLaunch.lnk
lnk
MD5: 3e410b17834eb58481adba5059a2af70
SHA256: ae30dedbf77cf5afdf8ee2cc35e98771c52794077f9467bca843282085ba62eb
2100
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\ioSpecial.ini
text
MD5: 146d016750c24235c6e29f1c966b9987
SHA256: 649c2393af50fdce533412737f00ccb9b282fbd3bb584ca3ab74c3647a969d96
2100
sbie32inst.exe
C:\Program Files\Sandboxie\LICENSE.TXT
text
MD5: 302870a8db2bd5410471063e0741339b
SHA256: 0d8efe585e207b91ed4a39616b95d29c12722e6be442c0e2a490d69a76d14688
2100
sbie32inst.exe
C:\Program Files\Sandboxie\Manifest2.txt
xml
MD5: 9bc1b27cc08b3673686fa4ecf793a278
SHA256: 55e7b42230dffab5e4f1a13476e888eea5850ec8ee121e23a7b1c48836299335
2100
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nss6CBD.tmp
––
MD5:  ––
SHA256:  ––
2100
sbie32inst.exe
C:\Program Files\Sandboxie\Manifest0.txt
text
MD5: 81051bcc2cf1bedf378224b0a93e2877
SHA256: 7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
2100
sbie32inst.exe
C:\Program Files\Sandboxie\Manifest1.txt
xml
MD5: 1689ab6cf954209a1286a88c5ddee65a
SHA256: de0167798a89a4b80ec2ccb4cb4ab95bfe4da2e91666f27fb83dcb75c71206ac
2100
sbie32inst.exe
C:\Program Files\Sandboxie\Templates.ini
text
MD5: ec4a1eac54c7a955814a5d10d84ce18c
SHA256: d7ff5ef6414beb6e6a1f49b91d334a8cce9731d644e49cbf96c639e56d8c62cb
2076
SbieSvc.exe
C:\Windows\Sandboxie.ini
binary
MD5: 2d1777723d478ddc040cc09e3e6d8c5e
SHA256: 3bb79aff1e2cb15a366a0ad4370824b39bc64be968968e742ddd46b96fd03759
2076
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1237796
––
MD5:  ––
SHA256:  ––
2076
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1237812
––
MD5:  ––
SHA256:  ––
2076
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1237843
––
MD5:  ––
SHA256:  ––
2076
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1237875
––
MD5:  ––
SHA256:  ––
2100
sbie32inst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Uninstall Sandboxie.lnk
lnk
MD5: 277f1245f802200371366e725aa9b39a
SHA256: 584fb9919c88d0207e5f503e6acfd88267d93019c3484725b9822cef0d379f1b
2076
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1237937
––
MD5:  ––
SHA256:  ––
2076
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1237953
––
MD5:  ––
SHA256:  ––
2076
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1237968
––
MD5:  ––
SHA256:  ––
2076
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1237984
––
MD5:  ––
SHA256:  ––
2076
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1238031
––
MD5:  ––
SHA256:  ––
2076
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1238046
––
MD5:  ––
SHA256:  ––
2076
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1238062
––
MD5:  ––
SHA256:  ––
2076
SbieSvc.exe
C:\Windows\Sandboxie.ini
binary
MD5: 503d52707d035959e5313b82a78954f2
SHA256: ae3b97ce50e05a7bf57140a2e41c3663ef40ba8aceaddd736be2f45eca8fd32c
1672
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\nsq5A3F.tmp
––
MD5:  ––
SHA256:  ––
1672
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\~DF01AE1ADF08994D96.TMP
––
MD5:  ––
SHA256:  ––
2100
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\ioSpecial.ini
text
MD5: 26689911522b87dd73234b59f59e55d9
SHA256: d0825185c65bf250d2df6b69c053228aa19471530128b2b43fb2654df2da5155
2100
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\modern-wizard.bmp
image
MD5: cbe40fd2b1ec96daedc65da172d90022
SHA256: 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
2100
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\Warning.ini
text
MD5: 4d358b27a971751e0c517061c948d96a
SHA256: 74ee005ceb920094d99aa274ed37429efe439fbc10e9d238c78db4c836018a17
2100
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsi6CCE.tmp\InstallType.ini
text
MD5: 46d2e7e6d3d5ee061b5646df6834af33
SHA256: a9a81ca9a2ebec41663e1da4e5d480e6eaf9bcbde266abb9a0770dc9118186b9
2076
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1243000
––
MD5:  ––
SHA256:  ––
2076
SbieSvc.exe
C:\Windows\Sandboxie.ini
binary
MD5: 1ab45cb5329908b22c3f8aee83d2565f
SHA256: b5ebe0c82d3ed62ba24a3cddc1c86f700b577bb22a6e13365bb00d6f7f2d6b5a
2076
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1245359
––
MD5:  ––
SHA256:  ––
2076
SbieSvc.exe
C:\Windows\Sandboxie.ini
binary
MD5: 802eb4c4cab677a94ba37f65780c7f7f
SHA256: 50ce2c850947746b45264d63e64667a7736ebb90f1b9d4dc88edba7fdf9c65b2
1672
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\nsf5A4F.tmp\repackme.gif
image
MD5: 23d3840adb8f4f1efc083a1f7e640191
SHA256: 82a1454402156d74f4f23c992d5d772b665546208eff44790871b8dcb36d2304
2076
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1245984
––
MD5:  ––
SHA256:  ––
2076
SbieSvc.exe
C:\Windows\Sandboxie.ini
binary
MD5: 1a34034ac45d8b4313e6f4536fac34e3
SHA256: 7c8cd38263a79d7e15e53bfcccdde8b8acdef6ef44bc1ab38827414d9100be6d
2664
SbieCtrl.exe
C:\Users\admin\Desktop\Sandboxed Web Browser.lnk
lnk
MD5: 3e410b17834eb58481adba5059a2af70
SHA256: ae30dedbf77cf5afdf8ee2cc35e98771c52794077f9467bca843282085ba62eb
2664
SbieCtrl.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
lnk
MD5: 3e410b17834eb58481adba5059a2af70
SHA256: ae30dedbf77cf5afdf8ee2cc35e98771c52794077f9467bca843282085ba62eb

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
8
DNS requests
1
Threats
0

HTTP requests

No HTTP requests.

Connections

PID Process IP ASN CN Reputation
2100 sbie32inst.exe 143.204.101.109:443 US unknown

DNS requests

Domain IP Reputation
www.sandboxie.com 143.204.101.109
143.204.101.50
143.204.101.51
143.204.101.85
unknown

Threats

No threats detected.

Debug output strings

No debug info.