f884438e059ab4c0ade9775af9b80b2a1b0dc47f1d8ca98778f108ca98bc5915

Analysis

max time kernel
209s
max time network
714s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 13:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Sandboxie-Classic-x64-v5.67.6.exe
Size

2.9MB
MD5

c0306564bcdaee3cfde34168662d45c0
SHA1

28772b38f3347ed36c5b4f47f90494a99c592e88
SHA256

f884438e059ab4c0ade9775af9b80b2a1b0dc47f1d8ca98778f108ca98bc5915
SHA512

0259fcc97cec6658149bbdf05491dd2f60cb86308b209404c5f57e8506f38e6de2e9b45b8ed89c54f4fb80e1f3a52b68e5d7717bc0b546e42cc48519eb232109
SSDEEP

49152:c5QVgFUpnlOReGpCBYGw7evhKCiSir2FFkK2+U/k20qGZsxdnzfPAcdP9:K86qolpCBYkHiS8KKk20qGZsxhPAC9

Score

7^/10

discovery spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0007000000016c4c-2002.dat	acprotect

Executes dropped EXE 33 IoCs

pid	Process
3016	KmdUtil.exe
2596	KmdUtil.exe
2672	KmdUtil.exe
1576	UpdUtil.exe
268	KmdUtil.exe
588	KmdUtil.exe
2320	KmdUtil.exe
476	Process not Found
1916	SbieSvc.exe
2368	Start.exe
2372	SbieSvc.exe
2684	SbieSvc.exe
2616	SbieSvc.exe
2524	SbieSvc.exe
1132	SbieSvc.exe
2636	SbieSvc.exe
2948	SbieSvc.exe
2420	SbieSvc.exe
780	SbieSvc.exe
1752	SbieSvc.exe
1724	SbieSvc.exe
2588	Start.exe
2480	SbieSvc.exe
2472	SbieSvc.exe
2216	SbieSvc.exe
772	SbieSvc.exe
2848	SbieSvc.exe
1928	SbieSvc.exe
1060	SbieSvc.exe
2908	SbieSvc.exe
1936	SbieSvc.exe
2228	SbieSvc.exe
2684	SbieSvc.exe

Loads dropped DLL 56 IoCs

pid	Process
2356	Sandboxie-Classic-x64-v5.67.6.exe
2356	Sandboxie-Classic-x64-v5.67.6.exe
2356	Sandboxie-Classic-x64-v5.67.6.exe
3016	KmdUtil.exe
2356	Sandboxie-Classic-x64-v5.67.6.exe
2596	KmdUtil.exe
2356	Sandboxie-Classic-x64-v5.67.6.exe
2672	KmdUtil.exe
2356	Sandboxie-Classic-x64-v5.67.6.exe
2356	Sandboxie-Classic-x64-v5.67.6.exe
2448	Process not Found
2356	Sandboxie-Classic-x64-v5.67.6.exe
2356	Sandboxie-Classic-x64-v5.67.6.exe
2356	Sandboxie-Classic-x64-v5.67.6.exe
2356	Sandboxie-Classic-x64-v5.67.6.exe
2356	Sandboxie-Classic-x64-v5.67.6.exe
2356	Sandboxie-Classic-x64-v5.67.6.exe
2356	Sandboxie-Classic-x64-v5.67.6.exe
268	KmdUtil.exe
2356	Sandboxie-Classic-x64-v5.67.6.exe
588	KmdUtil.exe
2356	Sandboxie-Classic-x64-v5.67.6.exe
2320	KmdUtil.exe
1916	SbieSvc.exe
2356	Sandboxie-Classic-x64-v5.67.6.exe
2356	Sandboxie-Classic-x64-v5.67.6.exe
2356	Sandboxie-Classic-x64-v5.67.6.exe
2368	Start.exe
2372	SbieSvc.exe
2684	SbieSvc.exe
2616	SbieSvc.exe
2524	SbieSvc.exe
1132	SbieSvc.exe
2636	SbieSvc.exe
2948	SbieSvc.exe
2420	SbieSvc.exe
780	SbieSvc.exe
1752	SbieSvc.exe
1724	SbieSvc.exe
1348	Process not Found
1348	Process not Found
1348	Process not Found
1348	Process not Found
2588	Start.exe
2480	SbieSvc.exe
2472	SbieSvc.exe
2216	SbieSvc.exe
772	SbieSvc.exe
2848	SbieSvc.exe
1928	SbieSvc.exe
1060	SbieSvc.exe
2908	SbieSvc.exe
1936	SbieSvc.exe
2228	SbieSvc.exe
2684	SbieSvc.exe
1348	Process not Found

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000016c4c-2002.dat	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 27 IoCs

description	ioc	Process
File created	C:\Program Files\Sandboxie\SbieDll.dll	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\SbieDrv.sys	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\SandboxieBITS.exe	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\SandboxieCrypto.exe	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\SandboxieWUAU.exe	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\Manifest1.txt	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\32\SbieDll.dll	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\QuickLaunch.lnk	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\whatsnew.html	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\LICENSE.TXT	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\SbieMsg.dll	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\SboxHostDll.dll	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\SbieCtrl.exe.sig	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\Templates.ini	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\Manifest2.txt	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\SbieIni.exe	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\SbieSvc.exe	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\Start.exe	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\32\SbieSvc.exe	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\KmdUtil.exe	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\SandboxieRpcSs.exe	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\Manifest0.txt	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\SbieSvc.exe.sig	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\UpdUtil.exe	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\Start.exe.sig	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe	Sandboxie-Classic-x64-v5.67.6.exe
File created	C:\Program Files\Sandboxie\SbieCtrl.exe	Sandboxie-Classic-x64-v5.67.6.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Installer\SandboxieInstall64.exe	Sandboxie-Classic-x64-v5.67.6.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x0007000000016578-1503.dat	nsis_installer_1
behavioral1/files/0x0007000000016578-1503.dat	nsis_installer_2

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3016	KmdUtil.exe
2676	chrome.exe
2676	chrome.exe

Suspicious behavior: LoadsDriver 23 IoCs

pid	Process
1916	SbieSvc.exe
2372	SbieSvc.exe
2684	SbieSvc.exe
2616	SbieSvc.exe
2524	SbieSvc.exe
1132	SbieSvc.exe
2636	SbieSvc.exe
2948	SbieSvc.exe
2420	SbieSvc.exe
780	SbieSvc.exe
1752	SbieSvc.exe
1724	SbieSvc.exe
2480	SbieSvc.exe
2472	SbieSvc.exe
2216	SbieSvc.exe
772	SbieSvc.exe
2848	SbieSvc.exe
1928	SbieSvc.exe
1060	SbieSvc.exe
2908	SbieSvc.exe
1936	SbieSvc.exe
2228	SbieSvc.exe
2684	SbieSvc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3016	KmdUtil.exe
Token: SeBackupPrivilege	1916	SbieSvc.exe
Token: SeRestorePrivilege	1916	SbieSvc.exe
Token: SeBackupPrivilege	2372	SbieSvc.exe
Token: SeRestorePrivilege	2372	SbieSvc.exe
Token: SeBackupPrivilege	2684	SbieSvc.exe
Token: SeRestorePrivilege	2684	SbieSvc.exe
Token: SeBackupPrivilege	2616	SbieSvc.exe
Token: SeRestorePrivilege	2616	SbieSvc.exe
Token: SeBackupPrivilege	2524	SbieSvc.exe
Token: SeRestorePrivilege	2524	SbieSvc.exe
Token: SeBackupPrivilege	1132	SbieSvc.exe
Token: SeRestorePrivilege	1132	SbieSvc.exe
Token: SeBackupPrivilege	2636	SbieSvc.exe
Token: SeRestorePrivilege	2636	SbieSvc.exe
Token: SeBackupPrivilege	2948	SbieSvc.exe
Token: SeRestorePrivilege	2948	SbieSvc.exe
Token: SeBackupPrivilege	2420	SbieSvc.exe
Token: SeRestorePrivilege	2420	SbieSvc.exe
Token: SeBackupPrivilege	780	SbieSvc.exe
Token: SeRestorePrivilege	780	SbieSvc.exe
Token: SeBackupPrivilege	1752	SbieSvc.exe
Token: SeRestorePrivilege	1752	SbieSvc.exe
Token: SeBackupPrivilege	1724	SbieSvc.exe
Token: SeRestorePrivilege	1724	SbieSvc.exe
Token: SeBackupPrivilege	2480	SbieSvc.exe
Token: SeBackupPrivilege	2472	SbieSvc.exe
Token: SeRestorePrivilege	2472	SbieSvc.exe
Token: SeBackupPrivilege	2216	SbieSvc.exe
Token: SeRestorePrivilege	2216	SbieSvc.exe
Token: SeBackupPrivilege	772	SbieSvc.exe
Token: SeRestorePrivilege	772	SbieSvc.exe
Token: SeBackupPrivilege	2848	SbieSvc.exe
Token: SeRestorePrivilege	2848	SbieSvc.exe
Token: SeBackupPrivilege	1928	SbieSvc.exe
Token: SeRestorePrivilege	1928	SbieSvc.exe
Token: SeBackupPrivilege	1060	SbieSvc.exe
Token: SeRestorePrivilege	1060	SbieSvc.exe
Token: SeBackupPrivilege	2908	SbieSvc.exe
Token: SeRestorePrivilege	2908	SbieSvc.exe
Token: SeBackupPrivilege	1936	SbieSvc.exe
Token: SeRestorePrivilege	1936	SbieSvc.exe
Token: SeBackupPrivilege	2228	SbieSvc.exe
Token: SeRestorePrivilege	2228	SbieSvc.exe
Token: SeBackupPrivilege	2684	SbieSvc.exe
Token: SeRestorePrivilege	2684	SbieSvc.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2588	Start.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 3016	2356	Sandboxie-Classic-x64-v5.67.6.exe	28
PID 2356 wrote to memory of 3016	2356	Sandboxie-Classic-x64-v5.67.6.exe	28
PID 2356 wrote to memory of 3016	2356	Sandboxie-Classic-x64-v5.67.6.exe	28
PID 2356 wrote to memory of 3016	2356	Sandboxie-Classic-x64-v5.67.6.exe	28
PID 2356 wrote to memory of 2596	2356	Sandboxie-Classic-x64-v5.67.6.exe	32
PID 2356 wrote to memory of 2596	2356	Sandboxie-Classic-x64-v5.67.6.exe	32
PID 2356 wrote to memory of 2596	2356	Sandboxie-Classic-x64-v5.67.6.exe	32
PID 2356 wrote to memory of 2596	2356	Sandboxie-Classic-x64-v5.67.6.exe	32
PID 2356 wrote to memory of 2672	2356	Sandboxie-Classic-x64-v5.67.6.exe	31
PID 2356 wrote to memory of 2672	2356	Sandboxie-Classic-x64-v5.67.6.exe	31
PID 2356 wrote to memory of 2672	2356	Sandboxie-Classic-x64-v5.67.6.exe	31
PID 2356 wrote to memory of 2672	2356	Sandboxie-Classic-x64-v5.67.6.exe	31
PID 2356 wrote to memory of 1576	2356	Sandboxie-Classic-x64-v5.67.6.exe	30
PID 2356 wrote to memory of 1576	2356	Sandboxie-Classic-x64-v5.67.6.exe	30
PID 2356 wrote to memory of 1576	2356	Sandboxie-Classic-x64-v5.67.6.exe	30
PID 2356 wrote to memory of 1576	2356	Sandboxie-Classic-x64-v5.67.6.exe	30
PID 2356 wrote to memory of 268	2356	Sandboxie-Classic-x64-v5.67.6.exe	35
PID 2356 wrote to memory of 268	2356	Sandboxie-Classic-x64-v5.67.6.exe	35
PID 2356 wrote to memory of 268	2356	Sandboxie-Classic-x64-v5.67.6.exe	35
PID 2356 wrote to memory of 268	2356	Sandboxie-Classic-x64-v5.67.6.exe	35
PID 2356 wrote to memory of 588	2356	Sandboxie-Classic-x64-v5.67.6.exe	36
PID 2356 wrote to memory of 588	2356	Sandboxie-Classic-x64-v5.67.6.exe	36
PID 2356 wrote to memory of 588	2356	Sandboxie-Classic-x64-v5.67.6.exe	36
PID 2356 wrote to memory of 588	2356	Sandboxie-Classic-x64-v5.67.6.exe	36
PID 2356 wrote to memory of 2320	2356	Sandboxie-Classic-x64-v5.67.6.exe	38
PID 2356 wrote to memory of 2320	2356	Sandboxie-Classic-x64-v5.67.6.exe	38
PID 2356 wrote to memory of 2320	2356	Sandboxie-Classic-x64-v5.67.6.exe	38
PID 2356 wrote to memory of 2320	2356	Sandboxie-Classic-x64-v5.67.6.exe	38
PID 2356 wrote to memory of 2368	2356	Sandboxie-Classic-x64-v5.67.6.exe	39
PID 2356 wrote to memory of 2368	2356	Sandboxie-Classic-x64-v5.67.6.exe	39
PID 2356 wrote to memory of 2368	2356	Sandboxie-Classic-x64-v5.67.6.exe	39
PID 2356 wrote to memory of 2368	2356	Sandboxie-Classic-x64-v5.67.6.exe	39
PID 2684 wrote to memory of 2972	2684	SbieSvc.exe	74
PID 2684 wrote to memory of 2972	2684	SbieSvc.exe	74
PID 2684 wrote to memory of 2972	2684	SbieSvc.exe	74
PID 2676 wrote to memory of 2652	2676	chrome.exe	76
PID 2676 wrote to memory of 2652	2676	chrome.exe	76
PID 2676 wrote to memory of 2652	2676	chrome.exe	76
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78
PID 2676 wrote to memory of 2812	2676	chrome.exe	78

C:\Users\Admin\AppData\Local\Temp\Sandboxie-Classic-x64-v5.67.6.exe
"C:\Users\Admin\AppData\Local\Temp\Sandboxie-Classic-x64-v5.67.6.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Users\Admin\AppData\Local\Temp\nsd1595.tmp\KmdUtil.exe
  "C:\Users\Admin\AppData\Local\Temp\nsd1595.tmp\KmdUtil.exe" /lang=1033 scandll
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3016
- C:\Program Files\Sandboxie\UpdUtil.exe
  "C:\Program Files\Sandboxie\UpdUtil.exe" install sandboxie /step:scan /scope:meta /version:5.67.6
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Users\Admin\AppData\Local\Temp\nsd1595.tmp\KmdUtil.exe
  "C:\Users\Admin\AppData\Local\Temp\nsd1595.tmp\KmdUtil.exe" /lang=1033 stop SbieDrv
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2672
- C:\Users\Admin\AppData\Local\Temp\nsd1595.tmp\KmdUtil.exe
  "C:\Users\Admin\AppData\Local\Temp\nsd1595.tmp\KmdUtil.exe" /lang=1033 stop SbieSvc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2596
- C:\Users\Admin\AppData\Local\Temp\nsd1595.tmp\KmdUtil.exe
  "C:\Users\Admin\AppData\Local\Temp\nsd1595.tmp\KmdUtil.exe" /lang=1033 install SbieDrv "C:\Program Files\Sandboxie\SbieDrv.sys" type=kernel start=demand "msgfile=C:\Program Files\Sandboxie\SbieMsg.dll" altitude=86900
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:268
- C:\Users\Admin\AppData\Local\Temp\nsd1595.tmp\KmdUtil.exe
  "C:\Users\Admin\AppData\Local\Temp\nsd1595.tmp\KmdUtil.exe" /lang=1033 install SbieSvc "\"C:\Program Files\Sandboxie\SbieSvc.exe"\" type=own start=auto "display=Sandboxie Service" group=UIGroup "msgfile=C:\Program Files\Sandboxie\SbieMsg.dll"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:588
- C:\Users\Admin\AppData\Local\Temp\nsd1595.tmp\KmdUtil.exe
  "C:\Users\Admin\AppData\Local\Temp\nsd1595.tmp\KmdUtil.exe" /lang=1033 start SbieSvc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2320
- C:\Program Files\Sandboxie\Start.exe
  "C:\Program Files\Sandboxie\Start.exe" open_agent:"SbieCtrl.exe /open /sync /postsetup"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2368

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:1916

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:2372

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:2684

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:2616

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:2524

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:1132

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:2636

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:2948

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:2420

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:780

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:1752

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:1724

C:\Program Files\Sandboxie\Start.exe
"C:\Program Files\Sandboxie\Start.exe" /box:__ask__ run_dialog
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:2588

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:2480

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:2472

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:2216

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:772

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:2848

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:1928

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:1060

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:2908

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:1936

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:2228

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2684 -s 356
  2⤵
  PID:2972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d39758,0x7fef6d39768,0x7fef6d39778
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1200,i,18396514985045777564,9502601679992368863,131072 /prefetch:2
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1480 --field-trial-handle=1200,i,18396514985045777564,9502601679992368863,131072 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1200,i,18396514985045777564,9502601679992368863,131072 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2328 --field-trial-handle=1200,i,18396514985045777564,9502601679992368863,131072 /prefetch:1
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2352 --field-trial-handle=1200,i,18396514985045777564,9502601679992368863,131072 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1488 --field-trial-handle=1200,i,18396514985045777564,9502601679992368863,131072 /prefetch:2
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1464 --field-trial-handle=1200,i,18396514985045777564,9502601679992368863,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 --field-trial-handle=1200,i,18396514985045777564,9502601679992368863,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3872 --field-trial-handle=1200,i,18396514985045777564,9502601679992368863,131072 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3844 --field-trial-handle=1200,i,18396514985045777564,9502601679992368863,131072 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3720 --field-trial-handle=1200,i,18396514985045777564,9502601679992368863,131072 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3984 --field-trial-handle=1200,i,18396514985045777564,9502601679992368863,131072 /prefetch:1
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2020 --field-trial-handle=1200,i,18396514985045777564,9502601679992368863,131072 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 --field-trial-handle=1200,i,18396514985045777564,9502601679992368863,131072 /prefetch:8
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3760 --field-trial-handle=1200,i,18396514985045777564,9502601679992368863,131072 /prefetch:8
  2⤵
  PID:1160

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:788

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2956

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x578
1⤵
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d39758,0x7fef6d39768,0x7fef6d39778
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1204 --field-trial-handle=1220,i,14320227712413866987,11367684495269448482,131072 /prefetch:2
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1220,i,14320227712413866987,11367684495269448482,131072 /prefetch:8
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1220,i,14320227712413866987,11367684495269448482,131072 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2312 --field-trial-handle=1220,i,14320227712413866987,11367684495269448482,131072 /prefetch:1
  2⤵
  PID:188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2148 --field-trial-handle=1220,i,14320227712413866987,11367684495269448482,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2636 --field-trial-handle=1220,i,14320227712413866987,11367684495269448482,131072 /prefetch:2
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3228 --field-trial-handle=1220,i,14320227712413866987,11367684495269448482,131072 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3440 --field-trial-handle=1220,i,14320227712413866987,11367684495269448482,131072 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3588 --field-trial-handle=1220,i,14320227712413866987,11367684495269448482,131072 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3632 --field-trial-handle=1220,i,14320227712413866987,11367684495269448482,131072 /prefetch:1
  2⤵
  PID:2472

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
PID:2128

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2520

C:\Users\Admin\Downloads\Sandboxie.v5.22-WinXP\Sandboxie.v5.22.exe
"C:\Users\Admin\Downloads\Sandboxie.v5.22-WinXP\Sandboxie.v5.22.exe"
1⤵
PID:1340

C:\Windows\Installer\SandboxieInstall64.exe
"C:\Windows\Installer\SandboxieInstall64.exe" /remove
1⤵
PID:2236
- C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\KmdUtil.exe
  "C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\KmdUtil.exe" /lang=1033 scandll
  2⤵
  PID:2484
- C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\KmdUtil.exe
  "C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\KmdUtil.exe" /lang=1033 stop SbieSvc
  2⤵
  PID:984
- C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\KmdUtil.exe
  "C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\KmdUtil.exe" /lang=1033 stop SbieDrv
  2⤵
  PID:1732
- C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\KmdUtil.exe
  "C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\KmdUtil.exe" /lang=1033 stop SbieSvc
  2⤵
  PID:2480
- C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\KmdUtil.exe
  "C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\KmdUtil.exe" /lang=1033 stop SbieDrv
  2⤵
  PID:1236
- C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\KmdUtil.exe
  "C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\KmdUtil.exe" /lang=1033 delete SbieSvc
  2⤵
  PID:2244
- C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\KmdUtil.exe
  "C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\KmdUtil.exe" /lang=1033 delete SbieDrv
  2⤵
  PID:1484

C:\Users\Admin\Downloads\Sandboxie.v5.22-WinXP\Sandboxie.v5.22.exe
"C:\Users\Admin\Downloads\Sandboxie.v5.22-WinXP\Sandboxie.v5.22.exe"
1⤵
PID:1480
- C:\Users\Admin\AppData\Local\Temp\nsmD57A.tmp\sbie64inst.exe
  C:\Users\Admin\AppData\Local\Temp\nsmD57A.tmp\sbie64inst.exe
  2⤵
  PID:2424
- - C:\Users\Admin\AppData\Local\Temp\nswE938.tmp\KmdUtil.exe
    "C:\Users\Admin\AppData\Local\Temp\nswE938.tmp\KmdUtil.exe" /lang=1049 scandll
    3⤵
    PID:716
- - C:\Users\Admin\AppData\Local\Temp\nswE938.tmp\KmdUtil.exe
    "C:\Users\Admin\AppData\Local\Temp\nswE938.tmp\KmdUtil.exe" /lang=1049 stop SbieSvc
    3⤵
    PID:1128
- - C:\Users\Admin\AppData\Local\Temp\nswE938.tmp\KmdUtil.exe
    "C:\Users\Admin\AppData\Local\Temp\nswE938.tmp\KmdUtil.exe" /lang=1049 stop SbieDrv
    3⤵
    PID:2420
- - C:\Users\Admin\AppData\Local\Temp\nswE938.tmp\KmdUtil.exe
    "C:\Users\Admin\AppData\Local\Temp\nswE938.tmp\KmdUtil.exe" /lang=1049 install SbieDrv "C:\Program Files\Sandboxie\SbieDrv.sys" type=kernel start=demand "msgfile=C:\Program Files\Sandboxie\SbieMsg.dll" altitude=86900
    3⤵
    PID:1988
- - C:\Users\Admin\AppData\Local\Temp\nswE938.tmp\KmdUtil.exe
    "C:\Users\Admin\AppData\Local\Temp\nswE938.tmp\KmdUtil.exe" /lang=1049 install SbieSvc "\"C:\Program Files\Sandboxie\SbieSvc.exe"\" type=own start=auto "display=Sandboxie Service" group=UIGroup "msgfile=C:\Program Files\Sandboxie\SbieMsg.dll"
    3⤵
    PID:268
- - C:\Users\Admin\AppData\Local\Temp\nswE938.tmp\KmdUtil.exe
    "C:\Users\Admin\AppData\Local\Temp\nswE938.tmp\KmdUtil.exe" /lang=1049 start SbieSvc
    3⤵
    PID:588
- - C:\Program Files\Sandboxie\Start.exe
    "C:\Program Files\Sandboxie\Start.exe" run_sbie_ctrl
    3⤵
    PID:2584
- C:\Program Files\Sandboxie\License.exe
  "C:\Program Files\Sandboxie\License.exe" print syscode
  2⤵
  PID:2712
- C:\Users\Admin\AppData\Local\Temp\nsmD57A.tmp\sbiekg.exe
  C:\Users\Admin\AppData\Local\Temp\nsmD57A.tmp\sbiekg.exe
  2⤵
  PID:1312
- - C:\Program Files\Sandboxie\License.exe
    License.exe activate AIUFSXDLOCVXOVOVUKZ3EP6U172YKTRBMGC8TZ7IWVJ30LMWSQYS14JLJ4TQ5FOCSGFID0CD0I4QHEFZQJD83XYTT87H4YVZ9IPN1JSE15KGTPVKZWAZTSZLIME28IA61N6K4ZKUX4IJTBWBGUPNRUVRK80JTHUILX52Z2LGMT909DDI0027981GXVIX498DI1DR36JK2QNX01SMCWZTUSWYUV4J93DNF3CJK7N7JX06156MYV9VYG0FI1RIZBO2V52M4TYRA1APA03PDYGFIJYSF7RT3Q7MEGIYMHT1V9TXJ0QCWR1KLE3OGHHBT6JWW54JVVPJ8EZA1T8OJ8JMWX1FM8Q1GLPC5I2FA4OLVDESPVEN5WSI6BNZOJDWWTGTAFUZ8ALRXJWN
    3⤵
    PID:568
- C:\Program Files\Sandboxie\SbieCtrl.exe
  "C:\Program Files\Sandboxie\SbieCtrl.exe"
  2⤵
  PID:2432

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:1324

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:580

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:240

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:1696

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:2544

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:1888

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:1048

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:2316

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:812

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:1904

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:1472

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:2440

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:2656

C:\Program Files\Sandboxie\Start.exe
"C:\Program Files\Sandboxie\Start.exe" default_browser
1⤵
PID:188

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:1176

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:2588

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:1944

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:2148

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:2012

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:2944

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:1072

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:2332

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:1908

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:2928

C:\Program Files\Sandboxie\SbieSvc.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
1⤵
PID:3008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d39758,0x7fef6d39768,0x7fef6d39778
  2⤵
  PID:280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1428 --field-trial-handle=1184,i,14574856061068830964,3936000398060801732,131072 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1184,i,14574856061068830964,3936000398060801732,131072 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1184,i,14574856061068830964,3936000398060801732,131072 /prefetch:2
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1184,i,14574856061068830964,3936000398060801732,131072 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2392 --field-trial-handle=1184,i,14574856061068830964,3936000398060801732,131072 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1592 --field-trial-handle=1184,i,14574856061068830964,3936000398060801732,131072 /prefetch:2
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3168 --field-trial-handle=1184,i,14574856061068830964,3936000398060801732,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3408 --field-trial-handle=1184,i,14574856061068830964,3936000398060801732,131072 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3516 --field-trial-handle=1184,i,14574856061068830964,3936000398060801732,131072 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3832 --field-trial-handle=1184,i,14574856061068830964,3936000398060801732,131072 /prefetch:8
  2⤵
  PID:268

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Sandboxie\SbieMsg.dll

Filesize
1.1MB

MD5
5d99b4d0c69e869ffe27f16faa3161e8

SHA1
a901928a38a8dd2347a7c2c444fbe47969f94a36

SHA256
6b382f086b7f4cb5b8808a05af689bb36fa8f5e8f79c89e6763f47b934196d20

SHA512
75758cebdc45093bbc63768cc11991f431291d6b87e2597c32367e9ec66a41c941cdc1bb95ba12a553a54212b4f73c8dac9cd6431dab66abe776c1400a2b488e

Download Submit
C:\Program Files\Sandboxie\SbieSvc.exe

Filesize
400KB

MD5
ab213a03dc33fb2cdcabe1ed4a4089d7

SHA1
549a0c25521a22d370a31818a4661778dcc8c67e

SHA256
caef2396db5970b7b7cd4941515f9c34140daac01e3b7ebb692c871fb817f4da

SHA512
53bc29edff935780fe09163c54fcd56aebf76fd587ecabe81e6ac23dfd8ee69af4745f7b91bc24c131e72bfc8c38c47f3a3159ed4243280f30f54c7a9bc01633

Download Submit
C:\Program Files\Sandboxie\SbieSvc.exe

Filesize
93KB

MD5
6d292cf2a4035eb995e7b63803a3ac14

SHA1
6fc7bb1591ce5444eee0779dcd3f6ab6e8b63943

SHA256
342c227d18ed81c786bfa4adda3b3e65bdafec8ba5be1d4ef913e497e7232a72

SHA512
d862044ba7fa20497a9f73da67a3c5ccce0ceba278f9967e36d08bb53d21aa9a29464e61afa425cec14ec1e95573714030a58bf8f7bb634a57ba9e826b67122a

Download Submit
C:\Program Files\Sandboxie\SbieSvc.exe

Filesize
382KB

MD5
3e5715fe82f33be43f806f7f0aeca613

SHA1
b416dc6de519eb4039daf90e4d30b143ee3967e6

SHA256
d63107f959925bb1b878e230e291c19c58d04d30af08c8f2cbebad7d766310e5

SHA512
2b948cde505eb48f553f2d8621e4769198e94c12d8d4fcabf51a80c00ed934ac3618412bf8a0b146a7750f8c921ee37e570b97e9b72eba871d7fb3730ee71290

Download Submit
C:\Program Files\Sandboxie\Start.exe

Filesize
145KB

MD5
798e71cd034052f8813d8b75892253f7

SHA1
8a728729c35c858439d786a82c3cbd5cc0958f10

SHA256
095939f871298ecf596dcc8edecbd1a71facd05a0d8f0565f5c943a9225a9d4a

SHA512
7e547777f3817dac55d2806fe02a591abfc212c729476a92e1cf3bcef47e376f04415eba766097d89b5927ca3d486ea98a548d0715ff5c1bf9316cf4e2713702

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
174774838b086fb65d998775bfd5a661

SHA1
e4fb02d781094221455f545fbcc229bb7ef2d764

SHA256
e75563cf76d770c3992df3c3a5c6c3b4f183196688b0086aed504e9b5cfa5ed2

SHA512
154fe5e125caf162801a302fb8f9bf8276a1e08a7234ad08b0a7d9cc58288c583f8a4ce18d66969b6a08baa076cf009fd8b37eb42a337f93252d0124b9f436ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fd594fb3d522c7a9f8c0fb3a5681ce2d

SHA1
49754d03b252e227e501037d3aafc0833dc55b2c

SHA256
606ae4a11c4621c74b7b28c56ea91c7eed02bdfc9f97b55ac51744b7ec1b52a3

SHA512
8e28213f3d390d706bec610924ddd1158ed1980bd5369c4791d5cb78baa96ebff86f9b647ac1b02b93220117803f539870b037c93aeedcb1a6796ea6b84b3312

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6aa0a47e-2f8d-41ec-9fe8-a4c3f3bb90d9.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
62KB

MD5
61b158b15ea8bd09bb42a16251039b2a

SHA1
b04af78d05778f911f33f414733fe42f49ee9185

SHA256
2994d7131bdc6466a8dcd915939b09878f99457090028f58f5abe5edb5c6a9a4

SHA512
69724814800cfa8b2131afe5402e3fdcf9c4d3ae27a7719644d6e78223efa2bfa2a9f2aefcf7397b8f882909aca841515a5274e0dca3badeb6e858ab71346698

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
e0373f9a1bab6a184642edb9499a3c44

SHA1
92f9762e7261978ccfad21e1a43059c01794ab53

SHA256
680cd18beeb00c04a97ecdef6b3a956c05b9e31ba2055f121e83c4463a6b0806

SHA512
69df3216ce2852c3e2c22aadc980e2294443075d63126b25b0581479c34e0cf40a1a41597fcf5802dbc3c9793e494126c8a8836e622f358057c2d062583d6d25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000011.dbtmp

Filesize
16B

MD5
6de46ed1e4e3a2ca9cf0c6d2c5bb98ca

SHA1
e45e85d3d91d58698f749c321a822bcccd2e5df7

SHA256
a197cc479c3bc03ef7b8d2b228f02a9bfc8c7cc6343719c5e26bebc0ca4ecf06

SHA512
710620a671c13935820ed0f3f78269f6975c05cf5f00542ebc855498ae9f12278da85feef14774206753771a4c876ae11946f341bb6c4d72ebcd99d7cff20dcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5143f2bc3bc2690e35bef0add87f7bf3

SHA1
2f3032758d30515e79ac68cd7f757eeac6f56c85

SHA256
d245cdf980d9c6d25960b2e7788643ed0d8454718f8aa92ad7f3577853f10972

SHA512
8ad2d156d9d0bd46f59993c883c43e7b429aba369558d28f5fafb1eff1aa95b444effd28af21f12073ad04a9441aaee76d3255dd026be15d227cdf717f73a4d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fd50199d6bec5f9af6f4537c3f6ca099

SHA1
73ba0b149b3c911c7931343b1a9523331c9c0d84

SHA256
25ca9179f3b61accab9a7bf7dc86c6769f9cb72ff10e351658bc58778a8e7d9b

SHA512
b17f8f906cdc03fc5f7e0164cb8ad218b5d1bfaafdd1b464a33369115bacff77d227b404c6a920a75ea154fd0bd97bb065afc5db4d60d233c22fee8947f66a9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
043e79ad28e23b28df7aba5cee4fe07a

SHA1
cc50622750b1b011d4595912e1e39ff789426074

SHA256
ebc2c24de9a862654c6c35c1e1e2b02aba9974cea0603ba2c9de76826ddc1186

SHA512
0aabdf70ae62ee19c4ae8114df96687eaecb0e07b39ade99ad92f211a9967040165d14143938cf3c7e9b9864ae5acc6cbefc1b03713a56c376e47eaac10c26ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
46fc0847c639e71626cc127993591f08

SHA1
b047217a7a740e7609c4d723065d01665b924708

SHA256
31186fd3f102caf1d259fadb8e4ff66da8ddebd336c04289d04ed53f23d1e8a6

SHA512
3849cded0e4bd0758a84acd5b2b7c7635fb9225480105c2ce472c916473e5493ba3b448d0536074220b18f9fec41767fa23366fbe283278074f284d61b86d4db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
688B

MD5
ad71b7bcff507e70e26ae2c0f2a950f3

SHA1
9874374c1980a489ea4ba9accd4e4b5616e9757f

SHA256
f7bee942ab798fe93d55c1bf9213603127f193561f285190668983637865634d

SHA512
c285d18cb8efec796803b4af4862b007aa0654c6a71864acd9a98498bf2ee7b9a1adda0cd3beefcc41e8cdba96bd1a6ed207adb142bd43d05e4ce4031195c06e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
f064eff9d8ab43a04f0986ff9d67fd2e

SHA1
da130388393d82b5b645a63d6cf434fa0a7b6787

SHA256
aab9883a0081ff3d84dd6f165d2889d67314c7220a5ff15df3ffb2f0fcd5e624

SHA512
543357dce4481c0ffa0ec6bfda4a95fce3a0d1f60c44b3812ee48e664757c6092cf359ab6d1c6e0bf2db3a5c54fd4e46775c71f5580675f90b8fdd7d90da8c62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
735d1803900a2174ab8eb3d28fb94077

SHA1
a99583e4becf6e81b098afdcecc6c11711d847be

SHA256
6b6efb1df158cd1d41762be6bce8649debd461a269d32796ce03b371d5993e2e

SHA512
9861c41e05fdd1ff638f2ec975f959d7e10e6d8bd31150d28cfaa35b5e6f39ca1d3634164f2e58e5834e7beef85c44aee1dba6db63ae428a182fd937ced1d5dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d3d8e3c4593251f1d5b064aad6c014d2

SHA1
49c094fdf659629dac5c33fc3a437853b0fd9658

SHA256
4bd3f332dc32c32e89f313e3c0a9e0800445a4260545078e50af421490b38f2a

SHA512
bfe5ad84dddc0a73e1827dbe9396b25384645e81c77810119419b8503bf3621cb27a1c9bf136414218f85bc1f99d5650ee3a2cdad9179aa00706ccf1362c7c78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
81a13f7ef1d68fb77cab0324728e7363

SHA1
e1ed546ed0e2cbc306b3c34329fd402723e79131

SHA256
6d68d585f045d79c3e9f0b24dca042cabff91ac34a8df762ab95cfeecbca5f17

SHA512
81997d83c1ac78188f8168ced06e4c955aae1016b201e3dbbd949a70b346bf3fadee3ab2f211d5af8d5377e661e4f52147501690710805a873a152d70c116749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
214847182a29d2fa72d46864a85bb66e

SHA1
4769ef5ee0c76bd082423ba6a0ba50c9f471c89d

SHA256
151e933a71802e3b9d60df72de4af646f5fd7c9b07df86bc65fb2eb303524d8a

SHA512
05e51947e6c3491ddbe82bef05d03ce498966a461bdf0fd9ee22f4f9017e6a02bce6dc38be8a4b0b87a5982995eb1cc889c61b7cb1f03eb11503f2cc4a4b483c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cd7fc31068ad04c7f6abcbbfb5b8022c

SHA1
fddcc3c0664c3220524bd6bb2e32a3543609cc85

SHA256
11ee037be07eb56e00634520fdef52401518caa61d822b5f91b9670ab807e7de

SHA512
5182337b0776e6c379a1daf92fe51d0c9788dbff2bedd1999d4c058419e1907392ba17c1e7aa6975d232586974bebde562f997298a8c906d07e4657bcf3cc2cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
75119310cddf481c6774dd5ebfcf01fc

SHA1
17003c0b93784d0133ac8da5cfcd08628b54dc54

SHA256
7b4d0b7913273d746d6d5ec092709e59521b48413e043dd088b7b026258b5c79

SHA512
98b960ceb6c42cae809d94b1ba26f23c62be2e5493e14f8e12405e30f173de87463c6774b81e9347c30b9a2aa83ffcdec4b27e80c29ede98836e70623ab6fb91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e146b844-9102-4577-8d6d-64eef19dc978.tmp

Filesize
6KB

MD5
b404ee61cb6f06752e8bdccefb691496

SHA1
dd4032c53edc09826e770d7755ef9607edf36624

SHA256
13b1bbd5b0ea1c341f5f0a35986aa358f5ce2a35ad33d5404f7f76f73f489741

SHA512
65890de3583c9e18922e3708990c7c015e917bd425bbfd21f13d76fb780c910f0ff8708609e6f2cf0129d791a63cabdb98dfbd1119c3e8d369b4fbe236da12b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000013.dbtmp

Filesize
16B

MD5
a6813b63372959d9440379e29a2b2575

SHA1
394c17d11669e9cb7e2071422a2fd0c80e4cab76

SHA256
e6325e36f681074fccd2b1371dbf6f4535a6630e5b95c9ddff92c48ec11ce312

SHA512
3215a0b16c833b46e6be40fe8e3156e91ec0a5f5d570a5133b65c857237826053bf5d011de1fcc4a13304d7d641bcba931178f8b79ee163f97eb0db08829e711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
777ecb8c3eeef4aa662b20c767bae733

SHA1
af14a4687d90b7cda8d616db51612267dbcb29a9

SHA256
0bc02c245e8398825cb8826e12542d99acdb43ea33cdd7233548887b2ea59089

SHA512
1416722704230121954723a00cd2becb27131f0c7269f14bce4e5d4ad9314dd5cb82288a2dfed5f46b2a547b5b190df7eea325c767c775175cd9ab8e37271144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
2adced1ff3b8dfaac8b0f4b96dbec510

SHA1
5f2952efde0ff8a238b181bda59bc917753609ac

SHA256
b669595e21af4ba422fcf2a9fa704b1d30f93d04e55bd5f27a1e7de87d6d372b

SHA512
9865646e9bf091bf6480a4ed97e882cc7f9fb2cc6355c6036af1a33411f3324eac8c3d241166d4e07424abeecfef3e2030587594a016edc12d9983bdd46abe81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f388ab13-55fe-4492-af68-2c2336de06a2.tmp

Filesize
115KB

MD5
2668b7bb4e19e8eb7c7ff567f841ff31

SHA1
4d3ce51253013fe25b97ce478b5621f6a6d7c842

SHA256
1d2b7714117e6e357937cbdce47dce79c17bd2d596bb85c7c8152af79c06dcde

SHA512
b77bd9d0c59bee12a87d9a785abd1c689dcf115818ec7bc78f7d6e2f22ce2a939cbbbd45fa8369c183bfb154c51d4b62c45e56c081e411bc355413fe29dec3a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\InstallType.ini

Filesize
640B

MD5
46d2e7e6d3d5ee061b5646df6834af33

SHA1
0a18c3a1ddb2cb56abac24c4bd378d3767065290

SHA256
a9a81ca9a2ebec41663e1da4e5d480e6eaf9bcbde266abb9a0770dc9118186b9

SHA512
e344d14d0cc9ef0bb893a821fbaa9ddfcb3d1987c32228ebdae0418b3f1bf7f83435e38f87593db4de0157d45345a9f72e6c1e7ca36a46d13b7e35577292237a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\InstallType.ini

Filesize
978B

MD5
ba2c1cd2245cede0d8a3332da1c7a308

SHA1
6a242d4a7ae2f3f3e0177f9140d1a9deb9e87069

SHA256
a980db0dab01175c9f83e227d9c6542cc8846a4398da1920b4b57b0f55d11794

SHA512
e8a64a3b1fbf6fb9dbdc3e0faa508192f466af4e84d37ad1602c7d97d01f609ea77e443e9153b37526c714497eaf0b736f9c3b8ab3e1fd7c83a5f295fa1f5557

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\InstallType.ini

Filesize
1KB

MD5
e2a8ebee2c6436d6024d5029a32d8494

SHA1
044ca004f241b7d0d8814e28125338a380ab4a44

SHA256
31b95ebc563b8e18b4cb1bbf513c0ffa9bb732fcecad80f635a191160a9fe493

SHA512
0a32408de3c6fbacc37918141daf1e5b0da70065f68d7813c9331470ee450123846d605245ee9ab1b30504df1d529ee9767077e1b97df7ed3e8a6243a11365c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\SbieMsg.dll

Filesize
3.1MB

MD5
0d5d5173f6db71b37a1353745ded1447

SHA1
c52f0cbc4466911d01ceb9f384487f5dc84e5b73

SHA256
0e25135433c90976c16bcf8e5bbf0d6cf44e41c606d4b0eb205db431e925913e

SHA512
6751b3df5d8d244eb417d9dc3f7e66d84110e344453950df9976585863788a990616cf60b022086c27da1b6870a0ff6746b0c0f8b180ddf43fcbd5092d96938c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\Warning.ini

Filesize
412B

MD5
4d358b27a971751e0c517061c948d96a

SHA1
04b7bbc12f641edbcf8acb6eeb90508e0d6b810a

SHA256
74ee005ceb920094d99aa274ed37429efe439fbc10e9d238c78db4c836018a17

SHA512
753cae46b7fc94bea26fd479322395951eb64c6a1854bfc88182596a5babffae8fc51d1f36c70630ffa61abb514372f88c4063b50f7b33f9fd53f74f797e75f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\ioSpecial.ini

Filesize
757B

MD5
49f06cc9137a5e82d1cbf2b38709d433

SHA1
24e2a1d99b21ba7ed644f7e1792bb9c9bc026b04

SHA256
7cf8a77f65f0e504aab11357d826e8dc1a8eb17706f4321c22471f5f3f0eec04

SHA512
0a386d26063f5c2e78fdaeed5424c2ba45a81be3d6c7b55c85fa0677c6088167227da07908eaba406abd06acd3c4b8ceba5ff2935cf2e7a6d236d4d33a54be20

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\ioSpecial.ini

Filesize
840B

MD5
e4ee693c5a0ed1a5016c59ae71441c7e

SHA1
089a4de6a9be9516a8eb4d0a93edde118cbc4717

SHA256
a8d80cdd0f3ae5221dca018dcab3427261cd072ad89595155d5ce15bfabcf162

SHA512
4233217f9be10ba3ed263230759183bd08fd2f7f689d5a7f8bcdd2ab435039f9875c76c5e3a27c5a4d4d59748b676635619764bc1de81603a411f81b55ea234b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb72D1.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1595.tmp\SbieDll.dll

Filesize
865KB

MD5
a60ceec7e14df66ed5579e29aba25676

SHA1
5056165b7704361733680ff45771546ab7e8a4ee

SHA256
709002dbd06754f166a4fd7e6c3c808d4d58fe353508be0b51a633b8a0ffe2ad

SHA512
c0877cd9b7aef6863f216fd631adfcf2800ad82cbed2c2b31ddab61eb8746c47401b046c7acd3e3a44f54b080c746af7c4fa11d3105b4a18fc4be5eb3ec712f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1595.tmp\Warning.ini

Filesize
885B

MD5
273dc4d0b57b746c4a5501ff358549fc

SHA1
54dadb0db44b7a04d83d2dbdc43f98fb24d231fa

SHA256
daa5346092e7eb8ac8212994873b06e071ed316dcfedd43399b61751c8cdc816

SHA512
61eac4dbc3f3c7d1c8af4b5103d942c5251ecadcb0fc1d3e5cc6d3c4ea43729e7d9381037035b53493c13eaa2d262cd6ba5a82fe0fa2aa5347e9f99da4cacb47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1595.tmp\ioSpecial.ini

Filesize
548B

MD5
09fc29c8f642c12b95780544c8e04889

SHA1
fce2fcb4ce9256f295b5323c9080542147b55ea3

SHA256
fa30dfd84f7220d8c21b30d37ca590567ff24c3d1223172df129291c4961678d

SHA512
a9f5f0d57e5dd532c4e10919b3b44801c0c4228f2c9311111597fbf02d7e88bf62e6afc401e6155f2173a09ee57585cb53d8ec5f0fed0166c80482fa3dae1c68

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1595.tmp\ioSpecial.ini

Filesize
587B

MD5
5a2d81043e9ec65efd7f4e5160175c5c

SHA1
dbed4b63a7e410d96a39c13174d3bf098ed7210d

SHA256
98a678a9dc0af4bd4faa39b0fc99094f039c6ed2816067290cb8b3935854e72a

SHA512
7188236382b5c6d8427e9a6cec52ea95c9bb0c036b239c21a733010b662e128cd5a95324673d1fc250cd087bdebd6809e378ed51c32dc3f493994c3b8d3eb5e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmD57A.tmp\Aero.dll

Filesize
6KB

MD5
869c5949a10b32d3a31966cc5291301b

SHA1
329080c974d593ecdefd02afa38dd663a10331c4

SHA256
b19961de6ca07e08704d6372718542f70dbbb203e59bf9bbe3a58f6e069a625c

SHA512
3b9dde16e9ca803b1048243dbf29c717ac0472dffa764542c234318a960828834aa650b1dfb8bba66c4e7a9ce3aaf453829afc57dfb33dc8c311d203150d4fca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmD57A.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmD57A.tmp\newadvsplash.dll

Filesize
8KB

MD5
55a723e125afbc9b3a41d46f41749068

SHA1
01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c

SHA256
0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06

SHA512
559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmD57A.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmD57A.tmp\repackme.gif

Filesize
6KB

MD5
f53659c9345fcc77170a74496257cbe1

SHA1
e022d5dd14ba0eaab2256513c41112148eb79f45

SHA256
7ca7709e772ff02d99143e292f4134c6231802ef597cdc7b5e8c51d929d00cec

SHA512
5b5b9ea3dd78f5152a0add8bb175708857f197fe0599722b92ff8357a7ba387d21dd267d843e04133e547eedbd9ae8dbeac9393a8b4f9be7de1942089c319b15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmD57A.tmp\sbie64inst.exe

Filesize
5.2MB

MD5
64607ba8cb713647211f862ca4be0c4d

SHA1
406b9a356b2bd1d707d94a77bd8a37500f658324

SHA256
acbb179c72c1c518b8a445aa10135d01b4f4347987055925ebcf8a69e0683e18

SHA512
ea337f0c0490935df9e697c2c66c6b0055a852fddfbf6f10ae8c6fcef3757473c63ded5f7e778d913e484fb0856add126571fb36c578399c340f5551091d446f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmD57A.tmp\sbiekg.exe

Filesize
304KB

MD5
976724e9e191dc289d226ea7f2553837

SHA1
9c8d3529953fb33030bbf92375dee91d0154124b

SHA256
7f530a9cd7246cfdc2d4bb3717a74fc7925dcdda31f9f5e2e44abfb19e7ec8e0

SHA512
34eef6879ec62be307247074e05ca3a951b810cf996464da57a0cc06973777e09da01c3e6f2b015f22a3733b86efeb2e5ad1ea6e2c1af2e1c3c93475c4491275

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswE938.tmp\INetC.dll

Filesize
21KB

MD5
92ec4dd8c0ddd8c4305ae1684ab65fb0

SHA1
d850013d582a62e502942f0dd282cc0c29c4310e

SHA256
5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934

SHA512
581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswE938.tmp\KmdUtil.exe

Filesize
99KB

MD5
2c85f309b17a87abb3f7444e1f0c1b81

SHA1
6aa02178c51d2bdaa7663e57df6c10abc75da1e2

SHA256
aaf0f952598b46d4f86bdb3b4a9181df90341d1eed1e862ed5310a8677a9c4d8

SHA512
cf10b8abafd593bba22471d25bf7dccf79d30396162f1ff6ff021d199d0121be58a2464d91262c5afc7d0d37855feae088eb112eb83fb6aa2a34925a10e10744

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswE938.tmp\Warning.ini

Filesize
916B

MD5
c50098bbcbd63fdbcf00269ef5f007cc

SHA1
d1ffd84974ce8b9bb6d54f6487c7273dd243b139

SHA256
9f818159789b50b9875dd319892e395db2dc6db1181dcca0727c0113b7fd1623

SHA512
ed5d10093b83f56a2c778fb339c9d6d83869d8d958bd5285e0339127ceaeeab874efb5dc20c0a4cbe5f033ced6244662fc75277f801b60fe8975139941562be0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswE938.tmp\Warning.ini

Filesize
981B

MD5
e66162498d10616bb8fd726695cb750c

SHA1
37033cd334cf2717baef1424981e0bff2d9f97b3

SHA256
12305b22d45355166ed93f9272c707793d03501a54af174651cc69c0699bb263

SHA512
a8bc12b97614118962c55916805bf22fde4fcf77dbd76f8ce7df48e6620b1b946b579a725261aaf68c3c4afc4c392e9c314747fc9697e96e11420ac7f3f0c36f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswE938.tmp\ioSpecial.ini

Filesize
220B

MD5
d372884b8dd9459efc35b54298cc55d9

SHA1
f3e478006bef54dd86bc5e6a1b04e32fe18fdc70

SHA256
d03407eb978b95db34be400689a4049c75662eb7b0b719d2a6a3dc6440d0182e

SHA512
8dc1bc083828236baf000ed53363af497e977ca196fbd9cf773121d4584bd019593725dd95a84e73b78a3fa65d8b2ba7e6e451a6499d75691b9de21cdb3d7048

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswE938.tmp\ioSpecial.ini

Filesize
599B

MD5
2828b6a36d46cb303420735468a38a3f

SHA1
51f460ed5c3ab781ecbdebf9b9bfe808d1688aa8

SHA256
2ac374098edbc680a5a0057d64f136d6e5fcfd55db15ac7515aca13befdc47b3

SHA512
13f7e9c3a252a924ade6af065837611118466c4893480e8f01f09de9970b3e7393ee365ceaf5055101fc4142ef88eeea1085f58e937f3768b6d9864820c560ce

Download Submit
C:\Users\Admin\Downloads\Sandboxie.v5.22-WinXP.zip.crdownload

Filesize
8.9MB

MD5
d29c25591e525e80fb5eeab3571cf8b7

SHA1
ab7d7b55adc66cc79cd25c16e5caa80dcddb0170

SHA256
070f4044c50982f098b5023af5cb003d79a4a50bde0f3b769ba9f987be099e2e

SHA512
ac998105e600b4a66be4a944aacb676a2b90e09b959a55251f391fb0a99e4d0cc74b6c57e56fd9a225ac434636a7a65343594531590eb954c3917b440e0285b6

Download Submit
\Program Files\Sandboxie\SbieDll.dll

Filesize
345KB

MD5
a6e028fb8fa3c83f5ad49d2370001045

SHA1
ac77077da6056bae2e5bf7488df26e1547d1d097

SHA256
12af020e80ede047738ceef1ee610aeca472bbf1282d0c904beed830313a3b19

SHA512
eb7984898486c2f5434e418869ca1f38e19f0d2d56de294ae3386836d546396890e84995eff281a0382129fcbfab465107889a846e0b9d43913935c5f87582ee

Download Submit
\Program Files\Sandboxie\SbieDll.dll

Filesize
45KB

MD5
9c6eab68a5c6fb3952a649a2796f3cee

SHA1
e0bbc93adbd0b6100090324df633af3f4c23a2cf

SHA256
378fa520f9492cbf130936486cdffd4fe9de217380678671024ced7b98eea056

SHA512
08b53a71e692bdc15dcd3723d054b0a29ce1dc080c1b64b2592a94cbddeb83439bbc0e0017b43e0089fbc512d2a55e392fdcd26e1f3f1f40c6357002d9cb39f9

Download Submit
\Program Files\Sandboxie\SbieDll.dll

Filesize
382KB

MD5
efeae5671e50381184c4477764087c78

SHA1
ec048a74fab4a348ba89375ca93db7cb99ffbba2

SHA256
87aa37c669d4c98cb04d19d4d0b5369cba66c1b2b74e372e9d6adc6fd8544aff

SHA512
7e185ac4894eeb8be874b7c5127283a02e6979d245bc06859e328856128762ebaf02bca7c8887f39ced2404b15f13f642ff306c7e4d535ed172710fa0f8c0481

Download Submit
\Program Files\Sandboxie\Start.exe

Filesize
328KB

MD5
bc1e9a0e8ae5a064358ef793d38a1d0b

SHA1
c59a70b2f39305bfb638d034c0c89c19626f9e39

SHA256
43913bca0145c90174e282a42b7306c0d95b064f6cdf6fbce42f7f2f81ce053e

SHA512
88795a237b27e00f44e7b694fc8c9142a68682dfe630a12087367eee617eee00311ea8fbee3e744300da2c88895a827689604908b622dfe3f74cc26045d05f82

Download Submit
\Program Files\Sandboxie\Start.exe

Filesize
69KB

MD5
5073edd666505aa37333e068e25a255f

SHA1
8f7399717f6023e0cb5e53c61606f2558483c46d

SHA256
83f391ba8e4c0f8f0f6ab6bae1d9b889fddc6857d02443518ae1ade00e5ab287

SHA512
f5b44fa54383decfd82875207c2438402f0c7ba0092bbf1d4f3e4cdcf55e0b6b8bb289a2e4feb72b466cf1588966f87c564993891851b25f814ffa8e962a8a0b

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1595.tmp\InstallOptions.dll

Filesize
14KB

MD5
046074d285897c008499f7f3ad5be114

SHA1
159040d616a056ee3498ec86debab58ef5036a55

SHA256
254c5ccbce59ad882f7f51d0bf760cabde8c88c5af84e13cc8ad77ba0361055c

SHA512
ab7436fda44e340dd5909ddec809c6b569a90d888529ef9320375e1aae7af85afcab8c1c1618551d3fe8d6ae727f7dca97aa8781b5555da759d501d2ccd749e1

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1595.tmp\KmdUtil.exe

Filesize
210KB

MD5
8c159893e222c9fd2058b1e47b11a4fc

SHA1
0d22e25e2e6718f4d1e9fbcce953c44c587150ed

SHA256
a67cd4c928382b22cd38cb6991f1fdcc94e8836ac89a8049394de9cacb46a388

SHA512
f99ac07db800464fcddf73913735d85b252689ea8d7d1b478a8896f05d46ff6305d150e440916d2bd80bc8d556d0a9d8fe3b318c56e7a5938513c21ba867654a

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1595.tmp\LangDLL.dll

Filesize
5KB

MD5
4cdaaf5da900a8eaed090cd22b8f8781

SHA1
6c7d9cfd96e66d236b66b8d50d65083a0dbb1b11

SHA256
09477d605677bea48019b896f068ce6c2e89004e5c5f0a86c0276db30c6515a6

SHA512
3797d59aeb908dcd66c63eca76cb2064416d3b66033dc687bc7a9c50e2979c42ac94773f54bc8ec45a9cd69c8056b83a2bca6efcd703f71a4b5f67e166f1e06d

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1595.tmp\SbieDll.dll

Filesize
92KB

MD5
5d27c281a7d2aa8f89e43f88b71c2eba

SHA1
c7e7dea2b3c6e19ca03c906f97cb590ada5ad95d

SHA256
35c2b8a3c703ec89b9bca5aefef916a82d414badd33da7822447776c79f436b7

SHA512
c4fdf430d16ed52438e3bb79bf4ecf978ec10011c12fa6a11a11e6c3410bee28a6b8449cf9696bf91a3dc4e9a25a85ddd48da7cfb718bc15e90b03c3367d59a0

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1595.tmp\System.dll

Filesize
10KB

MD5
0ff5120f1afd0f295c2baa0f7192d3f8

SHA1
bde842d5d11005dcb4ff1d4ea97da31865477697

SHA256
4ca5bf1beb4b802914c4d3e2f37861f6ba5ecf969cfeadf5855edf58f647a721

SHA512
e049ffd7aace8d136eee007ee4f8dbc2ae8f3dce79d1c633d9654392240f8215787df8a6d08085257db51f28ff2a8023a13333dda3ea7f9bdc8b9c57b605f0a0

Download Submit
memory/1312-1999-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/1480-1530-0x0000000074790000-0x0000000074799000-memory.dmp

Filesize
36KB

Download
memory/1480-1501-0x0000000074790000-0x0000000074799000-memory.dmp

Filesize
36KB

Download
memory/2424-1769-0x00000000046B0000-0x00000000046B1000-memory.dmp

Filesize
4KB

Download