General Info

File name

Sandboxie.v5.30.exe

Full analysis
https://app.any.run/tasks/bf9102a6-90b3-4adf-96d3-bac0eae3cf0c
Verdict
Malicious activity
Analysis date
5/15/2019, 13:56:55
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

b683407b3dcdbe53eb7c72aa53419840

SHA1

1432e2151e1d9e9c1a1980a80cadcc43ef96c31c

SHA256

92622500e31d5f103f96faadf2a93c8e1f7f9c2efd90fce02794fd4eefdc3142

SSDEEP

98304:HbVSoDLZWFpiY/kGoQT2JcLS5v6+MyoclvgD3F8yUNZWCRXdSVR+lSUs0ZG/0iRv:ZRL/qFgi+nopF8XZpXd0wlJ4aa39Mw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • License.exe (PID: 3008)
  • SbieCtrl.exe (PID: 2152)
  • Start.exe (PID: 2812)
  • SbieCtrl.exe (PID: 3016)
  • License.exe (PID: 1856)
  • SbieSvc.exe (PID: 2688)
  • KmdUtil.exe (PID: 3572)
  • KmdUtil.exe (PID: 2588)
  • KmdUtil.exe (PID: 3648)
  • KmdUtil.exe (PID: 1876)
  • KmdUtil.exe (PID: 3144)
  • KmdUtil.exe (PID: 2160)
  • sbie32inst.exe (PID: 3044)
  • Sandboxie.v5.30.exe (PID: 2772)
Application was dropped or rewritten from another process
  • License.exe (PID: 3008)
  • SbieCtrl.exe (PID: 2152)
  • sbiekg.exe (PID: 2480)
  • License.exe (PID: 1856)
  • SbieCtrl.exe (PID: 3016)
  • SbieSvc.exe (PID: 2688)
  • Start.exe (PID: 2812)
  • KmdUtil.exe (PID: 2588)
  • KmdUtil.exe (PID: 3572)
  • KmdUtil.exe (PID: 3648)
  • KmdUtil.exe (PID: 1876)
  • KmdUtil.exe (PID: 2160)
  • sbie32inst.exe (PID: 3044)
  • KmdUtil.exe (PID: 3144)
Changes the autorun value in the registry
  • SbieCtrl.exe (PID: 2152)
Creates files in the user directory
  • SbieCtrl.exe (PID: 2152)
Removes files from Windows directory
  • SbieSvc.exe (PID: 2688)
Creates or modifies windows services
  • Sandboxie.v5.30.exe (PID: 2772)
  • sbie32inst.exe (PID: 3044)
  • KmdUtil.exe (PID: 3572)
Creates files in the Windows directory
  • SbieSvc.exe (PID: 2688)
Creates a software uninstall entry
  • sbie32inst.exe (PID: 3044)
Creates files in the program directory
  • Sandboxie.v5.30.exe (PID: 2772)
  • sbie32inst.exe (PID: 3044)
Executable content was dropped or overwritten
  • sbie32inst.exe (PID: 3044)
  • Sandboxie.v5.30.exe (PID: 2772)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2012:02:24 20:19:59+01:00
PEType:
PE32
LinkerVersion:
10
CodeSize:
28672
InitializedDataSize:
445952
UninitializedDataSize:
16896
EntryPoint:
0x39e3
OSVersion:
5
ImageVersion:
6
SubsystemVersion:
5
Subsystem:
Windows GUI
FileVersionNumber:
5.30.0.0
ProductVersionNumber:
5.30.0.0
FileFlagsMask:
0x0000
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
null
CompanyName:
Sandboxie Holdings, LLC
FileDescription:
Sandboxie v5.30
FileVersion:
5.30.0.0
LegalCopyright:
© Sandboxie Holdings, LLC
ProductName:
Sandboxie v5.30
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
24-Feb-2012 19:19:59
Detected languages
English - United States
Comments:
null
CompanyName:
Sandboxie Holdings, LLC
FileDescription:
Sandboxie v5.30
FileVersion:
5.30.0.0
LegalCopyright:
© Sandboxie Holdings, LLC
ProductName:
Sandboxie v5.30
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D0
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
6
Time date stamp:
24-Feb-2012 19:19:59
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00006F10 0x00007000 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.49816
.rdata 0x00008000 0x00002A92 0x00002C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.39389
.data 0x0000B000 0x00067EBC 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 1.47278
.ndata 0x00073000 0x000A1000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x00114000 0x00010E10 0x00011000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 6.93635
.reloc 0x00125000 0x00000F8A 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 7.88751
Resources
1

2

3

4

5

6

7

103

105

106

111

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

    VERSION.dll

Exports

    No exports.

Screenshots

Processes

Total processes
51
Monitored processes
16
Malicious processes
3
Suspicious processes
8

Behavior graph

+
drop and start drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start sandboxie.v5.30.exe no specs sandboxie.v5.30.exe sbie32inst.exe kmdutil.exe no specs kmdutil.exe no specs kmdutil.exe no specs kmdutil.exe no specs kmdutil.exe no specs kmdutil.exe no specs sbiesvc.exe no specs start.exe no specs sbiectrl.exe no specs license.exe no specs sbiekg.exe no specs license.exe no specs sbiectrl.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1336
CMD
"C:\Users\admin\AppData\Local\Temp\Sandboxie.v5.30.exe"
Path
C:\Users\admin\AppData\Local\Temp\Sandboxie.v5.30.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Sandboxie Holdings, LLC
Description
Sandboxie v5.30
Version
5.30.0.0
Modules
Image
c:\users\admin\appdata\local\temp\sandboxie.v5.30.exe
c:\systemroot\system32\ntdll.dll

PID
2772
CMD
"C:\Users\admin\AppData\Local\Temp\Sandboxie.v5.30.exe"
Path
C:\Users\admin\AppData\Local\Temp\Sandboxie.v5.30.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Sandboxie Holdings, LLC
Description
Sandboxie v5.30
Version
5.30.0.0
Modules
Image
c:\users\admin\appdata\local\temp\sandboxie.v5.30.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nsf4b37.tmp\system.dll
c:\users\admin\appdata\local\temp\nsf4b37.tmp\newadvsplash.dll
c:\windows\system32\winmm.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\riched20.dll
c:\windows\system32\uxtheme.dll
c:\users\admin\appdata\local\temp\nsf4b37.tmp\aero.dll
c:\windows\system32\dwmapi.dll
c:\users\admin\appdata\local\temp\nsf4b37.tmp\sbie32inst.exe
c:\users\admin\appdata\local\temp\nsf4b37.tmp\nsprocess.dll
c:\program files\sandboxie\license.exe
c:\users\admin\appdata\local\temp\nsf4b37.tmp\sbiekg.exe
c:\program files\sandboxie\sbiectrl.exe

PID
3044
CMD
C:\Users\admin\AppData\Local\Temp\nsf4B37.tmp\sbie32inst.exe
Path
C:\Users\admin\AppData\Local\Temp\nsf4B37.tmp\sbie32inst.exe
Indicators
Parent process
Sandboxie.v5.30.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Sandboxie Holdings, LLC
Description
Sandboxie Installer
Version
5.30
Modules
Image
c:\users\admin\appdata\local\temp\nsf4b37.tmp\sbie32inst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nsc5d48.tmp\system.dll
c:\users\admin\appdata\local\temp\nsc5d48.tmp\langdll.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\users\admin\appdata\local\temp\nsc5d48.tmp\kmdutil.exe
c:\users\admin\appdata\local\temp\nsc5d48.tmp\inetc.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\sandboxie\start.exe
c:\windows\system32\dui70.dll
c:\windows\system32\duser.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\program files\sandboxie\sbiectrl.exe
c:\users\admin\appdata\local\temp\nsc5d48.tmp\installoptions.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\netutils.dll

PID
3144
CMD
"C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe" /lang=1033 scandll
Path
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe
Indicators
No indicators
Parent process
sbie32inst.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsc5d48.tmp\kmdutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\users\admin\appdata\local\temp\nsc5d48.tmp\sbiedll.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
1876
CMD
"C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe" /lang=1033 stop SbieSvc
Path
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe
Indicators
No indicators
Parent process
sbie32inst.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsc5d48.tmp\kmdutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\users\admin\appdata\local\temp\nsc5d48.tmp\sbiedll.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
2160
CMD
"C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe" /lang=1033 stop SbieDrv
Path
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe
Indicators
No indicators
Parent process
sbie32inst.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsc5d48.tmp\kmdutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\users\admin\appdata\local\temp\nsc5d48.tmp\sbiedll.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
3572
CMD
"C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe" /lang=1033 install SbieDrv "C:\Program Files\Sandboxie\SbieDrv.sys" type=kernel start=demand "msgfile=C:\Program Files\Sandboxie\SbieMsg.dll" altitude=86900
Path
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe
Indicators
No indicators
Parent process
sbie32inst.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsc5d48.tmp\kmdutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\users\admin\appdata\local\temp\nsc5d48.tmp\sbiedll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
3648
CMD
"C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe" /lang=1033 install SbieSvc "\"C:\Program Files\Sandboxie\SbieSvc.exe"\" type=own start=auto "display=Sandboxie Service" group=UIGroup "msgfile=C:\Program Files\Sandboxie\SbieMsg.dll"
Path
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe
Indicators
No indicators
Parent process
sbie32inst.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsc5d48.tmp\kmdutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\users\admin\appdata\local\temp\nsc5d48.tmp\sbiedll.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
2588
CMD
"C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe" /lang=1033 start SbieSvc
Path
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe
Indicators
No indicators
Parent process
sbie32inst.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsc5d48.tmp\kmdutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\users\admin\appdata\local\temp\nsc5d48.tmp\sbiedll.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
2688
CMD
"C:\Program Files\Sandboxie\SbieSvc.exe"
Path
C:\Program Files\Sandboxie\SbieSvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Sandboxie Holdings, LLC
Description
Sandboxie Service
Version
5.30
Modules
Image
c:\program files\sandboxie\sbiesvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\sandboxie\sbiedll.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winsta.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\program files\sandboxie\sbiectrl.exe
c:\windows\system32\pstorec.dll
c:\windows\system32\atl.dll

PID
2812
CMD
"C:\Program Files\Sandboxie\Start.exe" run_sbie_ctrl
Path
C:\Program Files\Sandboxie\Start.exe
Indicators
No indicators
Parent process
sbie32inst.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Sandboxie Holdings, LLC
Description
Sandboxie Start
Version
5.30
Modules
Image
c:\program files\sandboxie\start.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\program files\sandboxie\sbiedll.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
3016
CMD
"C:\Program Files\Sandboxie\SbieCtrl.exe" /open /sync
Path
C:\Program Files\Sandboxie\SbieCtrl.exe
Indicators
No indicators
Parent process
SbieSvc.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Sandboxie Holdings, LLC
Description
Sandboxie Control
Version
5.30
Modules
Image
c:\program files\sandboxie\sbiectrl.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\sandboxie\sbiedll.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dwmapi.dll

PID
1856
CMD
"C:\Program Files\Sandboxie\License.exe" print syscode
Path
C:\Program Files\Sandboxie\License.exe
Indicators
No indicators
Parent process
Sandboxie.v5.30.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Sandboxie Holdings, LLC
Description
Sandboxie License Manager
Version
5.30
Modules
Image
c:\program files\sandboxie\license.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\sandboxie\sbiedll.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll

PID
2480
CMD
C:\Users\admin\AppData\Local\Temp\nsf4B37.tmp\sbiekg.exe
Path
C:\Users\admin\AppData\Local\Temp\nsf4B37.tmp\sbiekg.exe
Indicators
No indicators
Parent process
Sandboxie.v5.30.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
UUK
Description
Keygen for Sandboxie
Version
1.0.0.1
Modules
Image
c:\users\admin\appdata\local\temp\nsf4b37.tmp\sbiekg.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\program files\sandboxie\license.exe
c:\windows\system32\apphelp.dll

PID
3008
CMD
License.exe activate NP89ZT93PEXF53691MY2DK5B50IV1JTENWQY7O7A205I2NQV9PQUQKPXO3BAHB5KQK681N67FRLX6SNH9BRH14HQOQWC6Z39N1E7DRODLRWX52Y7J24P3JVF7E8TRIV8W5FP97OV6UR4VRE87MSC2Z1EF8CZDM1GPIF26A2XYFLXDMYIP0I5MZEMIHH6OY11HPYZN4JDK3RUWPM1U3M3JPFUNIMCTUAPDFL9J4YI8W9U4VG2EWNXU712JNZ3JL8JG6LHF7O85YBDSSPLJYSRUD5YX3SZLMJOYNJQUESTK786XM0JECD4YVYKET5L388F88UH02UFXWNI6UIJPKKS9J0OIOPSCU199CQ8WO3TMJDU3U4UCJGW6FI1SC45EOYHCZY27CIBE4N4
Path
C:\Program Files\Sandboxie\License.exe
Indicators
No indicators
Parent process
sbiekg.exe
User
admin
Integrity Level
HIGH
Version:
Company
Sandboxie Holdings, LLC
Description
Sandboxie License Manager
Version
5.30
Modules
Image
c:\program files\sandboxie\license.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\sandboxie\sbiedll.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll

PID
2152
CMD
"C:\Program Files\Sandboxie\SbieCtrl.exe"
Path
C:\Program Files\Sandboxie\SbieCtrl.exe
Indicators
Parent process
Sandboxie.v5.30.exe
User
admin
Integrity Level
HIGH
Version:
Company
Sandboxie Holdings, LLC
Description
Sandboxie Control
Version
5.30
Modules
Image
c:\program files\sandboxie\sbiectrl.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\sandboxie\sbiedll.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\sandboxie\start.exe

Registry activity

Total events
924
Read events
875
Write events
49
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2772
Sandboxie.v5.30.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2772
Sandboxie.v5.30.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2772
Sandboxie.v5.30.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SbieSvc
Language
1033
2772
Sandboxie.v5.30.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Users\admin\AppData\Local\Temp\nsf4B37.tmp\nsProcess.dll
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASAPI32
EnableFileTracing
0
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASAPI32
EnableConsoleTracing
0
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASAPI32
FileTracingMask
4294901760
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASAPI32
ConsoleTracingMask
4294901760
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASAPI32
MaxFileSize
1048576
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASAPI32
FileDirectory
%windir%\tracing
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASMANCS
EnableFileTracing
0
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASMANCS
EnableConsoleTracing
0
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASMANCS
FileTracingMask
4294901760
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASMANCS
ConsoleTracingMask
4294901760
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASMANCS
MaxFileSize
1048576
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sbie32inst_RASMANCS
FileDirectory
%windir%\tracing
3044
sbie32inst.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3044
sbie32inst.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3044
sbie32inst.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3044
sbie32inst.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie
DisplayName
Sandboxie 5.30 (32-bit)
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie
DisplayIcon
C:\Program Files\Sandboxie\Start.exe
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie
DisplayVersion
5.30
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie
Publisher
Sandboxie Holdings, LLC
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie
UninstallString
"C:\Windows\Installer\SandboxieInstall32.exe" /remove
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID
7E950284-E123-49F4-B32B-A806C090D747
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SbieSvc
Language
1033
3044
sbie32inst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SbieSvc
PreferExternalManifest
1
3572
KmdUtil.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\SbieDrv
EventMessageFile
C:\Program Files\Sandboxie\SbieMsg.dll
3572
KmdUtil.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\SbieDrv
TypesSupported
7
3572
KmdUtil.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SbieDrv
DependsOnService
FltMgr
3572
KmdUtil.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SbieDrv\Instances
DefaultInstance
SbieDrv Instance
3572
KmdUtil.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SbieDrv\Instances\SbieDrv Instance
Altitude
86900
3572
KmdUtil.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SbieDrv\Instances\SbieDrv Instance
Flags
0
3648
KmdUtil.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\SbieSvc
EventMessageFile
C:\Program Files\Sandboxie\SbieMsg.dll
3648
KmdUtil.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\SbieSvc
TypesSupported
7
2152
SbieCtrl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
SandboxieControl
"C:\Program Files\Sandboxie\SbieCtrl.exe"
2152
SbieCtrl.exe
write
HKEY_CLASSES_ROOT\*\shell\sandbox
Run &Sandboxed
2152
SbieCtrl.exe
write
HKEY_CLASSES_ROOT\*\shell\sandbox
Icon
"C:\Program Files\Sandboxie\Start.exe"
2152
SbieCtrl.exe
write
HKEY_CLASSES_ROOT\*\shell\sandbox\command
"C:\Program Files\Sandboxie\Start.exe" /box:__ask__ "%1" %*
2152
SbieCtrl.exe
write
HKEY_CLASSES_ROOT\Folder\shell\sandbox
Run &Sandboxed
2152
SbieCtrl.exe
write
HKEY_CLASSES_ROOT\Folder\shell\sandbox
Icon
"C:\Program Files\Sandboxie\Start.exe"
2152
SbieCtrl.exe
write
HKEY_CLASSES_ROOT\Folder\shell\sandbox\command
"C:\Program Files\Sandboxie\Start.exe" /box:__ask__ "C:\Windows\explorer.exe" "%1"

Files activity

Executable files
31
Suspicious files
24
Text files
37
Unknown types
10

Dropped files

PID
Process
Filename
Type
2772
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\nsf4B37.tmp\sbie32inst.exe
executable
MD5: 13578bcbf82c867d31b08bc185df8bc6
SHA256: 434c122e837a5914a88b80414e955cf5d20c99468713f593a7ef9db89227964f
3044
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\SbieMsg.dll
executable
MD5: b0c9a989acf17e3e50788007e73c8087
SHA256: 1da9db646371ed6c71639f465da333bd21071e28a5078938f3f9834e1cac2489
3044
sbie32inst.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
executable
MD5: d6d22574540ff2f3da629a8a9f7707a9
SHA256: 792f07e81c8dc0c446556d4f132726c6cc4c917a388d1763e7890b4edce7ee1c
3044
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\KmdUtil.exe
executable
MD5: e59df6ca00e01ef5910c77d8ef28c718
SHA256: b5ce9eef87867fedc445923d0770fc05d33f854a06b30461fa0a8553d4363ea7
3044
sbie32inst.exe
C:\Program Files\Sandboxie\Start.exe
executable
MD5: 4303396d86997d5bc55be7aceaa13836
SHA256: d9633789ad1d19503dc4f95e8194dc9155aa7e18c4485cb20eaff6910874cde2
3044
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\LangDLL.dll
executable
MD5: 4cdaaf5da900a8eaed090cd22b8f8781
SHA256: 09477d605677bea48019b896f068ce6c2e89004e5c5f0a86c0276db30c6515a6
3044
sbie32inst.exe
C:\Program Files\Sandboxie\License.exe
executable
MD5: c674dac15969c1e9aaefb0fe2cb9ca7f
SHA256: 69ef078fe1aa69278e7d4f9be1120c6a3bf83b27c656dd59495a8e3d1bdaf380
3044
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\System.dll
executable
MD5: 0ff5120f1afd0f295c2baa0f7192d3f8
SHA256: 4ca5bf1beb4b802914c4d3e2f37861f6ba5ecf969cfeadf5855edf58f647a721
3044
sbie32inst.exe
C:\Windows\Installer\SandboxieInstall32.exe
executable
MD5: 13578bcbf82c867d31b08bc185df8bc6
SHA256: 434c122e837a5914a88b80414e955cf5d20c99468713f593a7ef9db89227964f
2772
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\nsf4B37.tmp\Aero.dll
executable
MD5: 869c5949a10b32d3a31966cc5291301b
SHA256: b19961de6ca07e08704d6372718542f70dbbb203e59bf9bbe3a58f6e069a625c
3044
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\SbieDll.dll
executable
MD5: 9a610e3fca86954885673026d17b4791
SHA256: 06c2e8a3a37077d191628a86082982f844b09a5f11a27a1b3fea573433431b92
2772
Sandboxie.v5.30.exe
C:\Program Files\Sandboxie\SbieDrv.del
executable
MD5: c6664b9cce4fc5fddd4b4277109c1aab
SHA256: 30e6004786f1e30f0296f6cfb74845a8f9683754abf14047148f57f5c151539a
3044
sbie32inst.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
executable
MD5: 3a399641b92a58f6d3874e620802931a
SHA256: 708f5bbb63321e8d6e8205ee843602087ed8b0827d7f60607aa45fc2184288d0
2772
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\nsf4B37.tmp\newadvsplash.dll
executable
MD5: 55a723e125afbc9b3a41d46f41749068
SHA256: 0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06
3044
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\INetC.dll
executable
MD5: 92ec4dd8c0ddd8c4305ae1684ab65fb0
SHA256: 5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
2772
Sandboxie.v5.30.exe
C:\Program Files\Sandboxie\SbieDrv.sys
executable
MD5: c6664b9cce4fc5fddd4b4277109c1aab
SHA256: 30e6004786f1e30f0296f6cfb74845a8f9683754abf14047148f57f5c151539a
3044
sbie32inst.exe
C:\Program Files\Sandboxie\SbieDll.dll
executable
MD5: 9a610e3fca86954885673026d17b4791
SHA256: 06c2e8a3a37077d191628a86082982f844b09a5f11a27a1b3fea573433431b92
2772
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\nsf4B37.tmp\System.dll
executable
MD5: bf712f32249029466fa86756f5546950
SHA256: 7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
3044
sbie32inst.exe
C:\Program Files\Sandboxie\SbieSvc.exe
executable
MD5: 53e18d218c85f2b9ed95a921e93cffec
SHA256: 5ac386f349aa6bdaccf194ac7c0895e11d2cc50b5dfaaeca84c2e53f162bc524
2772
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\nsf4B37.tmp\nsProcess.dll
executable
MD5: f0438a894f3a7e01a4aae8d1b5dd0289
SHA256: 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
3044
sbie32inst.exe
C:\Program Files\Sandboxie\SbieDrv.sys
executable
MD5: 1dea913c493fca2862d575b37b91699b
SHA256: a9c459eef7f065cb272ff1cee73dbb8ac169d6291ae00cedacbd8c77b93f6672
2772
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\nsf4B37.tmp\sbiekg.exe
executable
MD5: 976724e9e191dc289d226ea7f2553837
SHA256: 7f530a9cd7246cfdc2d4bb3717a74fc7925dcdda31f9f5e2e44abfb19e7ec8e0
3044
sbie32inst.exe
C:\Program Files\Sandboxie\SbieMsg.dll
executable
MD5: b0c9a989acf17e3e50788007e73c8087
SHA256: 1da9db646371ed6c71639f465da333bd21071e28a5078938f3f9834e1cac2489
3044
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\InstallOptions.dll
executable
MD5: 046074d285897c008499f7f3ad5be114
SHA256: 254c5ccbce59ad882f7f51d0bf760cabde8c88c5af84e13cc8ad77ba0361055c
3044
sbie32inst.exe
C:\Program Files\Sandboxie\SandboxieBITS.exe
executable
MD5: 54aa32384c4c8856cbb86237a6dc07f0
SHA256: 481ef9f411ab93de5a2e6a635d45eadec27f3bac93a0400e676fadacf6b925d9
2772
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\nsf4B37.tmp\sbie64inst.exe
executable
MD5: 4055456544821aeaffa4f2c315f51ee9
SHA256: aafa2739c75e0c9172092e943f8b3520f2b95bebe927760e68b70becccf99cc5
3044
sbie32inst.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
executable
MD5: 5508b02c79e993b2f2ae9ecf7cc0ac11
SHA256: c5e30b0320adfca67676f71c1cfe1365593edcb213cd2066d56382664df55f83
3044
sbie32inst.exe
C:\Program Files\Sandboxie\SboxHostDll.dll
executable
MD5: 01b2b0eaf7560bbd55b609982919e292
SHA256: 6573b580937fdb41bef2e49798f523903c091d6d0dbc8484c973476b83efc320
3044
sbie32inst.exe
C:\Program Files\Sandboxie\SandboxieWUAU.exe
executable
MD5: 771988cc474070de1b3b09c5f0072b0e
SHA256: aa32850dc776e3f5f88b4da69b15c9a98a502480f690e166899d782e55315614
3044
sbie32inst.exe
C:\Program Files\Sandboxie\SandboxieCrypto.exe
executable
MD5: 95bc273835169cedf0dc96268d48855b
SHA256: 4c1ca41f2e73446ad277b92fb2c6d35c1c989efe7213b62933a957f4dd27c220
3044
sbie32inst.exe
C:\Program Files\Sandboxie\SbieIni.exe
executable
MD5: 72ad18c7010a0ecd3382f81d23abb6c7
SHA256: 0f67381ce6990fbb021d48fa558da786efdfe714c760861520944714c7c8bcc2
2152
SbieCtrl.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\Sandboxie - DefaultBox.lnk
lnk
MD5: f9521e207a6e22ea6dfef5e362d58d47
SHA256: c4883a97893d219bee4c3c0912c90e84509d8df9fb9da5aa334eab6da29e52ce
3044
sbie32inst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Uninstall Sandboxie.lnk
lnk
MD5: f6f5da46f76de61d51d5a354acda21e1
SHA256: f29f45339cc96213745b6d7dde87beac88bda097da3ad2f2909f9d68eb3da478
3044
sbie32inst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Sandboxie Control.lnk
lnk
MD5: ded85f5f4ea932726fcf13538faa8640
SHA256: 181fc4390400ce77ba1a0f26a56e0b0d6dedd4fa752e30b3faeb030ab71aa179
3044
sbie32inst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Run Windows Explorer sandboxed.lnk
lnk
MD5: cf600c552bbc2c0ca0b85ca5c4a2dc17
SHA256: e5472ffbbb413a386ed827ac78819436d32d0f46fc502a67569bb5ea507691ca
2152
SbieCtrl.exe
C:\Users\admin\Desktop\Sandboxed Web Browser.lnk
lnk
MD5: f1cc67118266d1da250ad0d9e33d894c
SHA256: d4f9077d6092c7eac84b33e328ee974acd4800560221a516b33944e46a4d03b9
2688
SbieSvc.exe
C:\Windows\Sandboxie.ini
binary
MD5: c0f7d8166eb3a9490d55ae750fd20dfc
SHA256: 89ec17337faedbd35321d89cc148d8a17836bb5454afff594b18b1df1dd9ffaf
3044
sbie32inst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Run Web browser sandboxed.lnk
lnk
MD5: bb02906c379123bf0f8df0c68491bd53
SHA256: 630f73235c2da055975fb8d5a71335401cfaca31be45f13304473ca0d77c3fd2
2688
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1288718
––
MD5:  ––
SHA256:  ––
3044
sbie32inst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Run any program sandboxed.lnk
lnk
MD5: f0a244af4d1af082f7df740cd7f1666a
SHA256: 5a225bdd70438f8dc6b626f2118244d1f449c5a5088bdbe0e05a87ea4a616dd1
3044
sbie32inst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Sandboxie Start Menu.lnk
lnk
MD5: e11dc57e9c75794d709a4e3e6f81e960
SHA256: 4861bc9530f1422a86dbefcc303e112d21031928ba6a009a593327496f77fb76
2688
SbieSvc.exe
C:\Windows\Sandboxie.ini
binary
MD5: 4e4ec8f863a4a10645ee849a8de52586
SHA256: cbe04cdf99b108dee93cfd9442a57275216f87da7683ff8b8c7a9eeea53986a0
3044
sbie32inst.exe
C:\Program Files\Sandboxie\QuickLaunch.lnk
lnk
MD5: f1cc67118266d1da250ad0d9e33d894c
SHA256: d4f9077d6092c7eac84b33e328ee974acd4800560221a516b33944e46a4d03b9
3044
sbie32inst.exe
C:\Program Files\Sandboxie\LICENSE.TXT
text
MD5: 302870a8db2bd5410471063e0741339b
SHA256: 0d8efe585e207b91ed4a39616b95d29c12722e6be442c0e2a490d69a76d14688
2688
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1288656
––
MD5:  ––
SHA256:  ––
2688
SbieSvc.exe
C:\Windows\Sandboxie.ini
binary
MD5: 16bdee40660cbb83050bdc990e297405
SHA256: a3426fdae83c4a24f993250facc0e5e7e6264729be6adffc4262cb62d1cf7d0c
3044
sbie32inst.exe
C:\Program Files\Sandboxie\Manifest1.txt
xml
MD5: 1689ab6cf954209a1286a88c5ddee65a
SHA256: de0167798a89a4b80ec2ccb4cb4ab95bfe4da2e91666f27fb83dcb75c71206ac
3044
sbie32inst.exe
C:\Program Files\Sandboxie\Manifest0.txt
text
MD5: 81051bcc2cf1bedf378224b0a93e2877
SHA256: 7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
3044
sbie32inst.exe
C:\Program Files\Sandboxie\Manifest2.txt
xml
MD5: 9bc1b27cc08b3673686fa4ecf793a278
SHA256: 55e7b42230dffab5e4f1a13476e888eea5850ec8ee121e23a7b1c48836299335
2688
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1287734
––
MD5:  ––
SHA256:  ––
3044
sbie32inst.exe
C:\Program Files\Sandboxie\Templates.ini
text
MD5: ec4a1eac54c7a955814a5d10d84ce18c
SHA256: d7ff5ef6414beb6e6a1f49b91d334a8cce9731d644e49cbf96c639e56d8c62cb
2688
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1287718
––
MD5:  ––
SHA256:  ––
2772
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\~DF84035274415EDE7A.TMP
––
MD5:  ––
SHA256:  ––
2772
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\nsf4B36.tmp
––
MD5:  ––
SHA256:  ––
2688
SbieSvc.exe
C:\Windows\Sandboxie.ini
binary
MD5: 503d52707d035959e5313b82a78954f2
SHA256: ae3b97ce50e05a7bf57140a2e41c3663ef40ba8aceaddd736be2f45eca8fd32c
2688
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1282781
––
MD5:  ––
SHA256:  ––
2688
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1282765
––
MD5:  ––
SHA256:  ––
2688
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1282750
––
MD5:  ––
SHA256:  ––
2688
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1282734
––
MD5:  ––
SHA256:  ––
2688
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1282718
––
MD5:  ––
SHA256:  ––
2688
SbieSvc.exe
C:\Windows\Sandboxie.ini
binary
MD5: 302f2d0c1bb715fa49783fe7e7c1d598
SHA256: 83cdf9eec2f2d35c25d3cde84495f5a15243d6bce295e60dd5f5ef1490b7ab05
2688
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1282703
binary
MD5: f580f44718974cd630b9859d0fb8c177
SHA256: 9c77b577e1635dfb142f85ad2e1f00e02aba6f577a5e3fdffb67b11cd5ccc9df
2688
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1282671
––
MD5:  ––
SHA256:  ––
2688
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1282640
––
MD5:  ––
SHA256:  ––
2688
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1282625
––
MD5:  ––
SHA256:  ––
2688
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1282609
––
MD5:  ––
SHA256:  ––
3044
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\ioSpecial.ini
text
MD5: 84a8d73d0c403b80ca335cb356eba303
SHA256: 29379fec9beddd168dd2224c9f6776551696fb67381c16502d985061ff83accb
3044
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\modern-wizard.bmp
image
MD5: cbe40fd2b1ec96daedc65da172d90022
SHA256: 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
3044
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\Warning.ini
text
MD5: 4d358b27a971751e0c517061c948d96a
SHA256: 74ee005ceb920094d99aa274ed37429efe439fbc10e9d238c78db4c836018a17
3044
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\InstallType.ini
text
MD5: 46d2e7e6d3d5ee061b5646df6834af33
SHA256: a9a81ca9a2ebec41663e1da4e5d480e6eaf9bcbde266abb9a0770dc9118186b9
2688
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1282593
––
MD5:  ––
SHA256:  ––
2688
SbieSvc.exe
C:\Windows\Sandboxie.tmp-1282562
––
MD5:  ––
SHA256:  ––
3044
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsm5D47.tmp
––
MD5:  ––
SHA256:  ––
3044
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\ioSpecial.ini
––
MD5:  ––
SHA256:  ––
2772
Sandboxie.v5.30.exe
C:\Users\admin\AppData\Local\Temp\nsf4B37.tmp\repackme.gif
image
MD5: 23d3840adb8f4f1efc083a1f7e640191
SHA256: 82a1454402156d74f4f23c992d5d772b665546208eff44790871b8dcb36d2304
3044
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\ioSpecial.ini
text
MD5: ec83b57c13d97a341492c15226018d21
SHA256: c11fbaca7c2247723adc62d1ac17cb6afa09c751c1367da501856b4b42e2a73d
3044
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\Warning.ini
text
MD5: 9b9cbd751955d390e910ad32b9ff1223
SHA256: 59e95fdd2f93a499cd8dd84b8bbe0a1a49e4f1980b005f8aec369e0b1d2da2cd
3044
sbie32inst.exe
C:\Users\admin\AppData\Local\Temp\nsc5D48.tmp\Warning.ini
text
MD5: 4d146cab979292ae1670a5eb3557aaf9
SHA256: 11f4d298452599e014f1730483b8af17a125af438288b1790a01883f7cf7230f
2152
SbieCtrl.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
lnk
MD5: f1cc67118266d1da250ad0d9e33d894c
SHA256: d4f9077d6092c7eac84b33e328ee974acd4800560221a516b33944e46a4d03b9

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
8
DNS requests
1
Threats
0

HTTP requests

No HTTP requests.

Connections

PID Process IP ASN CN Reputation
3044 sbie32inst.exe 13.35.253.44:443 US suspicious
–– –– 13.35.253.44:443 US suspicious

DNS requests

Domain IP Reputation
www.sandboxie.com 13.35.253.44
13.35.253.49
13.35.253.39
13.35.253.4
suspicious

Threats

No threats detected.

Debug output strings

No debug info.