a7c02c784c49253d6272d33cc2b5e3a5e59222fb81525e9e152fce8b21da2d24

Analysis

max time kernel
146s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
14/05/2024, 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

log.txt
Size

349B
MD5

afafba9827d8dce0007c2daa54737fce
SHA1

5868580dc513db7429aed5fe779f1cd742764c95
SHA256

a7c02c784c49253d6272d33cc2b5e3a5e59222fb81525e9e152fce8b21da2d24
SHA512

7d3dcc99af48853204ff6975aec4bed01363529c2474b26434a0fc092c48b5ed6922c20e684ccca0a5e06ed6f0a4f3b0b7fec6ccc619b788fb46e8a9479cc1f6

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 23 IoCs

pid	Process
3928	Sandboxie-Plus-ARM64-v1.13.7.exe
5020	Sandboxie-Plus-ARM64-v1.13.7.tmp
3428	Sandboxie-Plus-ARM64-v1.13.7.exe
2408	Sandboxie-Plus-ARM64-v1.13.7.tmp
1208	Sandboxie-Plus-x64-v1.13.7.exe
1584	Sandboxie-Plus-x64-v1.13.7.tmp
4488	KmdUtil.exe
396	KmdUtil.exe
4808	UpdUtil.exe
1508	KmdUtil.exe
1188	SbieSvc.exe
5220	Start.exe
5236	SbieSvc.exe
5376	SbieSvc.exe
5556	SbieSvc.exe
5652	SbieSvc.exe
5756	SbieSvc.exe
5876	SbieSvc.exe
5976	SbieSvc.exe
6136	SbieSvc.exe
5136	SbieSvc.exe
1356	SbieSvc.exe
5512	SbieSvc.exe

Loads dropped DLL 16 IoCs

pid	Process
4488	KmdUtil.exe
396	KmdUtil.exe
1508	KmdUtil.exe
1188	SbieSvc.exe
5220	Start.exe
5236	SbieSvc.exe
5376	SbieSvc.exe
5556	SbieSvc.exe
5652	SbieSvc.exe
5756	SbieSvc.exe
5876	SbieSvc.exe
5976	SbieSvc.exe
6136	SbieSvc.exe
5136	SbieSvc.exe
1356	SbieSvc.exe
5512	SbieSvc.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Sandboxie-Plus\32\SbieDll.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-0JGOO.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-T0TLP.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-U08EA.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-D6DLS.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\Qt5Widgets.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SandboxieDcomLaunch.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-K11RG.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\platforms\is-N2AA1.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\MiscHelpers.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\Qt5WinExtras.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\platforms\qdirect2d.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-N1NQD.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-UF8GF.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\Qt5Core.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\msvcp140_atomic_wait.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\qtsingleapp.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\platforms\is-GCNN6.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\UpdUtil.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-VMGCI.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-PK0DR.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SboxHostDll.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-IJKGT.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-86G7N.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\msvcp140.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SbieMsg.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-E2HMK.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\libssl-1_1-x64.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-77PV4.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-6UP21.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-R3HJS.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-980GA.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-IP66J.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-4A2RD.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-3HEHH.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\msvcp140_codecvt_ids.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-3958C.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\unins000.dat	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SbieSvc.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\Qt5Network.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\unins000.dat	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-LVMPN.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\7z.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-S4ROD.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-3RR37.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-8UPIP.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-F2IG8.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SandboxieBITS.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SandboxieCrypto.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\platforms\qwindows.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\vcruntime140_1.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-VKVCD.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-QCS5O.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SbieShellExt.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\KmdUtil.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-0M4P7.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-47E6O.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SbieIni.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-96CCS.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\platforms\is-HS7PR.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\Start.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SbieDll.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\msvcp140_1.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SandboxieRpcSs.exe	Sandboxie-Plus-x64-v1.13.7.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
2508	taskkill.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings	firefox.exe

NTFS ADS 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Sandboxie-Plus-ARM64-v1.13.7.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.13.7.exe:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3744	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
1584	Sandboxie-Plus-x64-v1.13.7.tmp
1584	Sandboxie-Plus-x64-v1.13.7.tmp

Suspicious behavior: LoadsDriver 12 IoCs

pid	Process
1188	SbieSvc.exe
5236	SbieSvc.exe
5376	SbieSvc.exe
5556	SbieSvc.exe
5652	SbieSvc.exe
5756	SbieSvc.exe
5876	SbieSvc.exe
5976	SbieSvc.exe
6136	SbieSvc.exe
5136	SbieSvc.exe
1356	SbieSvc.exe
5512	SbieSvc.exe

Suspicious use of AdjustPrivilegeToken 62 IoCs

description	pid	Process
Token: SeDebugPrivilege	4932	firefox.exe
Token: SeDebugPrivilege	4932	firefox.exe
Token: SeDebugPrivilege	4932	firefox.exe
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2508	taskkill.exe
Token: SeDebugPrivilege	4932	firefox.exe
Token: SeDebugPrivilege	4932	firefox.exe
Token: SeDebugPrivilege	4932	firefox.exe
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1584	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeBackupPrivilege	1188	SbieSvc.exe
Token: SeRestorePrivilege	1188	SbieSvc.exe
Token: SeBackupPrivilege	5236	SbieSvc.exe
Token: SeRestorePrivilege	5236	SbieSvc.exe
Token: SeBackupPrivilege	5376	SbieSvc.exe
Token: SeRestorePrivilege	5376	SbieSvc.exe
Token: SeBackupPrivilege	5556	SbieSvc.exe
Token: SeRestorePrivilege	5556	SbieSvc.exe
Token: SeBackupPrivilege	5652	SbieSvc.exe
Token: SeRestorePrivilege	5652	SbieSvc.exe
Token: SeBackupPrivilege	5756	SbieSvc.exe
Token: SeRestorePrivilege	5756	SbieSvc.exe
Token: SeBackupPrivilege	5876	SbieSvc.exe
Token: SeRestorePrivilege	5876	SbieSvc.exe
Token: SeBackupPrivilege	5976	SbieSvc.exe
Token: SeRestorePrivilege	5976	SbieSvc.exe
Token: SeBackupPrivilege	6136	SbieSvc.exe
Token: SeRestorePrivilege	6136	SbieSvc.exe
Token: SeBackupPrivilege	5136	SbieSvc.exe
Token: SeRestorePrivilege	5136	SbieSvc.exe
Token: SeBackupPrivilege	1356	SbieSvc.exe
Token: SeRestorePrivilege	1356	SbieSvc.exe
Token: SeBackupPrivilege	5512	SbieSvc.exe
Token: SeRestorePrivilege	5512	SbieSvc.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
1584	Sandboxie-Plus-x64-v1.13.7.tmp

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe
4932	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 3744	1912	cmd.exe	80
PID 1912 wrote to memory of 3744	1912	cmd.exe	80
PID 3088 wrote to memory of 4932	3088	firefox.exe	86
PID 3088 wrote to memory of 4932	3088	firefox.exe	86
PID 3088 wrote to memory of 4932	3088	firefox.exe	86
PID 3088 wrote to memory of 4932	3088	firefox.exe	86
PID 3088 wrote to memory of 4932	3088	firefox.exe	86
PID 3088 wrote to memory of 4932	3088	firefox.exe	86
PID 3088 wrote to memory of 4932	3088	firefox.exe	86
PID 3088 wrote to memory of 4932	3088	firefox.exe	86
PID 3088 wrote to memory of 4932	3088	firefox.exe	86
PID 3088 wrote to memory of 4932	3088	firefox.exe	86
PID 3088 wrote to memory of 4932	3088	firefox.exe	86
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 1580	4932	firefox.exe	87
PID 4932 wrote to memory of 2972	4932	firefox.exe	88
PID 4932 wrote to memory of 2972	4932	firefox.exe	88
PID 4932 wrote to memory of 2972	4932	firefox.exe	88
PID 4932 wrote to memory of 2972	4932	firefox.exe	88
PID 4932 wrote to memory of 2972	4932	firefox.exe	88
PID 4932 wrote to memory of 2972	4932	firefox.exe	88
PID 4932 wrote to memory of 2972	4932	firefox.exe	88
PID 4932 wrote to memory of 2972	4932	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\log.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\log.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3744

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4932.0.1245305643\238698626" -parentBuildID 20230214051806 -prefsHandle 1800 -prefMapHandle 1792 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c3cdafe-d61b-40f5-9fd8-c599b2e9e465} 4932 "\\.\pipe\gecko-crash-server-pipe.4932" 1880 1e3c2f10e58 gpu
    3⤵
    PID:1580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4932.1.376664196\1307933698" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0265fa75-c072-4bd1-9577-b46a6813c249} 4932 "\\.\pipe\gecko-crash-server-pipe.4932" 2404 1e3b6085658 socket
    3⤵
    PID:2972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4932.2.32055420\1995907377" -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 2944 -prefsLen 22213 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad63b126-5008-453c-89a0-b3255a05c7ba} 4932 "\\.\pipe\gecko-crash-server-pipe.4932" 2964 1e3c5c04558 tab
    3⤵
    PID:2820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4932.3.306651475\728378547" -childID 2 -isForBrowser -prefsHandle 3552 -prefMapHandle 3548 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0ddf56a-cec0-4d35-9aa5-a731e34825e1} 4932 "\\.\pipe\gecko-crash-server-pipe.4932" 3564 1e3c8839558 tab
    3⤵
    PID:1456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4932.4.530964572\2146537337" -childID 3 -isForBrowser -prefsHandle 5124 -prefMapHandle 4972 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fae544c0-80da-438c-be1f-f7a63c5bc38b} 4932 "\\.\pipe\gecko-crash-server-pipe.4932" 5136 1e3c9866b58 tab
    3⤵
    PID:3980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4932.5.1247422222\411969856" -childID 4 -isForBrowser -prefsHandle 5272 -prefMapHandle 5276 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {619eaf6e-971a-480d-9f68-de42f0dba247} 4932 "\\.\pipe\gecko-crash-server-pipe.4932" 5264 1e3cae9ca58 tab
    3⤵
    PID:3760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4932.6.1831623298\2108323618" -childID 5 -isForBrowser -prefsHandle 5296 -prefMapHandle 5492 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d6f35d9-0ee6-40b8-add5-e2ade6481ab0} 4932 "\\.\pipe\gecko-crash-server-pipe.4932" 1560 1e3cb873958 tab
    3⤵
    PID:1448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4932.7.2082797497\645978591" -childID 6 -isForBrowser -prefsHandle 5868 -prefMapHandle 5864 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb51bb14-c491-44aa-a962-49e1508983e0} 4932 "\\.\pipe\gecko-crash-server-pipe.4932" 5876 1e3cc945858 tab
    3⤵
    PID:3268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4932.8.930849957\843034753" -childID 7 -isForBrowser -prefsHandle 1336 -prefMapHandle 5756 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95631a95-34b8-40ea-8dad-d08b759ed307} 4932 "\\.\pipe\gecko-crash-server-pipe.4932" 1596 1e3c583bb58 tab
    3⤵
    PID:2292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4932.9.283764879\392759373" -childID 8 -isForBrowser -prefsHandle 5240 -prefMapHandle 5160 -prefsLen 28039 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dab926b7-5209-42b5-8194-75cb8a95ea0c} 4932 "\\.\pipe\gecko-crash-server-pipe.4932" 5744 1e3c8446e58 tab
    3⤵
    PID:3584
- - C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
    "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\3e9e0a89-349b-4226-82ff-55e666559a30.dmp"
    3⤵
    PID:2684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4932.10.861462155\824689340" -childID 9 -isForBrowser -prefsHandle 5256 -prefMapHandle 6448 -prefsLen 28039 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab43d460-c95e-461a-8f27-d9d185b31cac} 4932 "\\.\pipe\gecko-crash-server-pipe.4932" 5340 1e3b606f258 tab
    3⤵
    PID:3980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4932.11.938190433\1169167651" -childID 10 -isForBrowser -prefsHandle 5864 -prefMapHandle 6644 -prefsLen 28264 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f41b880f-c04d-428d-adbb-d2affab2f8bb} 4932 "\\.\pipe\gecko-crash-server-pipe.4932" 6628 1e3c8477e58 tab
    3⤵
    PID:4776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4932.12.1653993548\740356408" -childID 11 -isForBrowser -prefsHandle 6012 -prefMapHandle 5336 -prefsLen 28264 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85633a69-7cbb-40d1-a1fd-c9760565d369} 4932 "\\.\pipe\gecko-crash-server-pipe.4932" 5916 1e3b606f258 tab
    3⤵
    PID:4820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4932.13.1695275125\1862871269" -childID 12 -isForBrowser -prefsHandle 10516 -prefMapHandle 10520 -prefsLen 28264 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc3702e2-ea46-43be-bbb5-585ca0f6a663} 4932 "\\.\pipe\gecko-crash-server-pipe.4932" 10508 1e3c9fd3d58 tab
    3⤵
    PID:4948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4932.14.2005154563\1103180849" -childID 13 -isForBrowser -prefsHandle 5960 -prefMapHandle 5936 -prefsLen 28264 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bacc4c4-7515-40ad-aa43-0346ea035046} 4932 "\\.\pipe\gecko-crash-server-pipe.4932" 5972 1e3cc73ff58 tab
    3⤵
    PID:2980
- - C:\Users\Admin\Downloads\Sandboxie-Plus-ARM64-v1.13.7.exe
    "C:\Users\Admin\Downloads\Sandboxie-Plus-ARM64-v1.13.7.exe"
    3⤵
    - Executes dropped EXE
    PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\is-JF6QH.tmp\Sandboxie-Plus-ARM64-v1.13.7.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-JF6QH.tmp\Sandboxie-Plus-ARM64-v1.13.7.tmp" /SL5="$7020C,16549566,791552,C:\Users\Admin\Downloads\Sandboxie-Plus-ARM64-v1.13.7.exe"
      4⤵
      Executes dropped EXE
      PID:5020
- - C:\Users\Admin\Downloads\Sandboxie-Plus-ARM64-v1.13.7.exe
    "C:\Users\Admin\Downloads\Sandboxie-Plus-ARM64-v1.13.7.exe"
    3⤵
    - Executes dropped EXE
    PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\is-1SR97.tmp\Sandboxie-Plus-ARM64-v1.13.7.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-1SR97.tmp\Sandboxie-Plus-ARM64-v1.13.7.tmp" /SL5="$130204,16549566,791552,C:\Users\Admin\Downloads\Sandboxie-Plus-ARM64-v1.13.7.exe"
      4⤵
      Executes dropped EXE
      PID:2408
- - C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.13.7.exe
    "C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.13.7.exe"
    3⤵
    - Executes dropped EXE
    PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\is-BT848.tmp\Sandboxie-Plus-x64-v1.13.7.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-BT848.tmp\Sandboxie-Plus-x64-v1.13.7.tmp" /SL5="$A016C,20081407,791552,C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.13.7.exe"
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      PID:1584
    - - C:\Windows\system32\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /IM Sandman.exe /IM SbieCtrl.exe /IM Start.exe /F
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2508
    - - C:\Program Files\Sandboxie-Plus\KmdUtil.exe
        
        "C:\Program Files\Sandboxie-Plus\KmdUtil.exe" install SbieDrv "C:\Program Files\Sandboxie-Plus\SbieDrv.sys" type=kernel start=demand msgfile="C:\Program Files\Sandboxie-Plus\SbieMsg.dll" altitude=86900
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4488
    - - C:\Program Files\Sandboxie-Plus\KmdUtil.exe
        
        "C:\Program Files\Sandboxie-Plus\KmdUtil.exe" install SbieSvc "C:\Program Files\Sandboxie-Plus\SbieSvc.exe" type=own start=auto msgfile="C:\Program Files\Sandboxie-Plus\SbieMsg.dll" display="Sandboxie Service" group=UIGroup
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:396
    - - C:\Program Files\Sandboxie-Plus\UpdUtil.exe
        
        "C:\Program Files\Sandboxie-Plus\UpdUtil.exe" install sandboxie-plus /embedded /scope:meta /version:1.13.7
        5⤵
        Executes dropped EXE
        
        PID:4808
    - - C:\Program Files\Sandboxie-Plus\KmdUtil.exe
        
        "C:\Program Files\Sandboxie-Plus\KmdUtil.exe" start SbieSvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1508
    - - C:\Program Files\Sandboxie-Plus\Start.exe
        
        "C:\Program Files\Sandboxie-Plus\Start.exe" open_agent:sandman.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5220

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:1188

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:5236

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:5376

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:5556

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:5652

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:5756

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:5876

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:5976

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:6136

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:5136

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:1356

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5420

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:5512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Sandboxie-Plus\7z.dll

Filesize
1.8MB

MD5
016455167158ad8932e1c661f882b791

SHA1
91ba7dca87ca8605394ebedb12a35408d716d8ad

SHA256
9d654177210e1d24dd1809c2917e23cd5044e672029488bba06d62f0936a1274

SHA512
8be7420d7c1eb3b0022d0022e026dd585e513f5e8f48b249bce19134f6053cc0985f44d48f5065f17710b2d20f15b6baabeef7356d6c18ccd915cbd08ef8f78c

Download Submit
C:\Program Files\Sandboxie-Plus\ImBox.exe

Filesize
178KB

MD5
344503bf5b7b82ad2770b445015961b4

SHA1
c94442d3ee453effb95e01dfaf82f67c71e80bc1

SHA256
1d96e44393c9fbfd813ac4364126672a34f51feadf58e04dd66372831f913e0c

SHA512
498786b92d906e6c722f9c39f3d4c424c6bad75e7a0ba965f40af289a94200184e3a6fd0d12cfdf9a3824bb9000601c236a4ae31fe5223d798b9050c00b59af0

Download Submit
C:\Program Files\Sandboxie-Plus\KmdUtil.exe

Filesize
210KB

MD5
d5e48be290003e4edcc9875f916f4b65

SHA1
28f7c3846a07d373ef39a09fc1e7e1337dc901d9

SHA256
6f913c193fc6b1a8ad23054398bb3a646ff433e520555577ae8255d28783eec8

SHA512
29aa31c03b726265d99b0ee9757b5d1f8ad51c1ea239bc79798756ea55e4d8f05fa162757c2d4cd6a1ce9e68bb96653459fde9468adc2750314f789f19aea0d4

Download Submit
C:\Program Files\Sandboxie-Plus\Manifest0.txt

Filesize
2B

MD5
81051bcc2cf1bedf378224b0a93e2877

SHA1
ba8ab5a0280b953aa97435ff8946cbcbb2755a27

SHA256
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

SHA512
1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

Download Submit
C:\Program Files\Sandboxie-Plus\Manifest1.txt

Filesize
364B

MD5
1689ab6cf954209a1286a88c5ddee65a

SHA1
4028a3db74cc240643027cbb9946d3f03162f2ba

SHA256
de0167798a89a4b80ec2ccb4cb4ab95bfe4da2e91666f27fb83dcb75c71206ac

SHA512
aca0e04f607cf15ed8aeb707d6d6acb103278d2cd2fb27a3139904351c64a2c95f1857ee57c1d44cb3268bf07e1b112b91055427809a518fc1697872d048b7ec

Download Submit
C:\Program Files\Sandboxie-Plus\Manifest2.txt

Filesize
92B

MD5
9bc1b27cc08b3673686fa4ecf793a278

SHA1
67b588168dc8c8667343443d0a23cac59cab234b

SHA256
55e7b42230dffab5e4f1a13476e888eea5850ec8ee121e23a7b1c48836299335

SHA512
0bd40ead34aa1fc40aa25f4c59068026724e7f7cf5dfa8f3142cea00fd5804ba9309f4e92db2e36a72c7ee15ca3d6a5fbf0700429347ebfcd650a1cb1ea557ed

Download Submit
C:\Program Files\Sandboxie-Plus\MiscHelpers.dll

Filesize
617KB

MD5
c4f9619697e7c8831f85776a7531ab26

SHA1
a4870134bad3df3c4d880a0559f2da45dcd97bbf

SHA256
493dc5b6a538ae9f514ed243ced9efd58ef8e61e8a76faf33ed5c6578344a839

SHA512
922770658159d80eebc7d9e5e232d29a0b1aa48914911956df5d20edc564e9dc963e15cf81fa7dcdb8c4aefcdae0e6ebdc0f170d555dc22508ceb24044323a0c

Download Submit
C:\Program Files\Sandboxie-Plus\QSbieAPI.dll

Filesize
452KB

MD5
e22a534e260be44af2b80febdbbc970f

SHA1
232abfa7ecb1c7477a29674429efdeccc7e1ea4e

SHA256
b56f0f8da27865f2831eb3d820f009ea1955e715bb2b964474202ceb8a734a06

SHA512
8501bc528750801e965a06b043dae61def582418f58ab59268c048c664d68408736682bb81e9f9ca8e86d2d7d707cde49adc71fca285816a158b45eb91df4320

Download Submit
C:\Program Files\Sandboxie-Plus\Qt5Core.dll

Filesize
5.9MB

MD5
7a3a908f3f221256283489591ed92ec2

SHA1
c0f304687916fa9b079abfe19856d6646809c66e

SHA256
ba06570557f3936f3a968808e52d2d811bd0e3da06556b7cc14d23f8006e64d5

SHA512
58704da13bff66fa15d394e69c0b75623e87f8f011ae78e51c84108ce0969a08173e9e248191339fddc615fc108e422d00a79f4bf642deeee439086113bbd63c

Download Submit
C:\Program Files\Sandboxie-Plus\Qt5Gui.dll

Filesize
6.5MB

MD5
98b2db746ce372de20b84bd3b234d17a

SHA1
5c72aafe882db1a19f8c60b8bac5a2d942eb92ad

SHA256
7b9526a854347ae56550125171628a989566386e2b594a00cc37e6719941cc7e

SHA512
4c2d67018bb48b7377b09956a29bd86198d2cda46886ca69f3132010c6059661b4cbab95e9e9fa02d4a2301867b80abceb4ff1001e513d1517e7d39159eefe9c

Download Submit
C:\Program Files\Sandboxie-Plus\Qt5Network.dll

Filesize
1.2MB

MD5
dbe97a62b1541340ddaf77f83026fe1e

SHA1
8af053f60a52f59a178dc30de8362aa524d8dea6

SHA256
91a3ea0ecef950a0de2cd91f2d3cbd992a066126bfee8b62872b8f6758c18e7e

SHA512
7e1f3fefa1e24d0a017103be293dd6c795e38ac393df1be61642b49aa143531f8654b823d4dfc8aa935a133d3663216e023a68d08fa9d4f82869f923f0a6a6da

Download Submit
C:\Program Files\Sandboxie-Plus\Qt5Qml.dll

Filesize
3.4MB

MD5
db5d6a01ac4a3b63f98852f5128909a1

SHA1
e324e532573790d638bb06c8f6eec2a7593dce50

SHA256
46a5d7b219a43ebf9ba9527b842101bbff7d2bed873518e70f0ad8e5b73a65e4

SHA512
d3bbcc491cf22a2aa709864210855ee92d3590d7a418c84721b71059a73b24875b8041f2e75446637819e98546b26f37c07e3945714131ff0a780499754574b3

Download Submit
C:\Program Files\Sandboxie-Plus\Qt5Widgets.dll

Filesize
5.3MB

MD5
1514da054ff6b151a224ceaa057a651f

SHA1
e189cd4dbe803a90a81ef7bff663e79924228015

SHA256
cda42931821882a7131b2e1511527197d6ea29c6dc413bfce998187a93d8129c

SHA512
1419eb4fb30d3b75ae24e383b3413e74d1d0ab2316026bc54101f11f82fdcba82cc313977248d544e039e240b3865ced0661172e4dd8849f42bef1731540324b

Download Submit
C:\Program Files\Sandboxie-Plus\Qt5WinExtras.dll

Filesize
225KB

MD5
1aaafe83fd3af7f2c15ccaecd75f87d6

SHA1
b2d2a872aff818254133bc4ac71f321d64f99ded

SHA256
b7b873403190f29c6e7f22421470bc6e6ad7bd1c4afd40d64325f626248043c7

SHA512
ffd120cf9a6ee3bd0cd3930451c60bc4710300caf3d0540bc7fb05bc50faff9fdd8b6023f9d3d0b6950fa9485e9448f3f402e040f552fc552dd15045a73a9f4f

Download Submit
C:\Program Files\Sandboxie-Plus\SandMan.exe

Filesize
2.9MB

MD5
e91a35cc14f4f117da6f4c91a0c8d048

SHA1
6642e207e3e7b4ad2f380bd51860aef616925077

SHA256
00090d289035749bdd0a25ad1990be32b12e3d1ae03bc58891f8b1df00bb2f5f

SHA512
5ed134c3ab9c0153576487a5f65ddf29b3e787237e56ad0d26292444426eff484c37285ecafc735c59f69caad7e6bbf81c5f322f3f7cf600978b88b188b15785

Download Submit
C:\Program Files\Sandboxie-Plus\SandMan.exe.sig

Filesize
64B

MD5
763007b2ffd35425de2606ff9df75a3f

SHA1
e22bb3bcc0237baad0711973b3d4a8ef536ee829

SHA256
0180cddd4f936f8ae66441114effafdc1fc1e624e40bf46b293e97390fd2cc6b

SHA512
21dc4ba6cd078cef03b94cef24b5891b23cbbaa4fefdfdf1d074cd4351ef699fae2e3fba5646706d792b4a809194faf87dbb4b6af09fcf90c73f8fad818415a9

Download Submit
C:\Program Files\Sandboxie-Plus\SandboxieBITS.exe

Filesize
116KB

MD5
59abdd32e66b6aa2dc3e5b4cd76bb409

SHA1
0e4d02294fbb60b2fd41f486160f548d35896dfe

SHA256
f786f0ddb73719f1937965232bfad5538213aa8e7232c490ef26de0f6dd83f71

SHA512
b89b4f2ace1a94891f63dcb78de81406e2a44b60afd9e9295c748f7981137a65b2ce6111bdd4f15aedec7c5fda41513d10a5c5a986c34f173cb817242429f7d9

Download Submit
C:\Program Files\Sandboxie-Plus\SandboxieCrypto.exe

Filesize
147KB

MD5
916f963dc8cae8f4ef14f2a113a526fd

SHA1
bf57a4cae9d48b15c73b42f7b1f500aee5944e6f

SHA256
ebef4062b305fbeb25f6314449fb9dfb5f1a5fe5f41a83d931f2a59775f1f556

SHA512
bcfd38affd17cea1e03f32fa67d7796dcc2dcf1a1efe6bb80a817b2d9c611f9bb3c43d93d07038a20c75dda8a128952ae444e270c034029e4e4c4f65fd9fd0b8

Download Submit
C:\Program Files\Sandboxie-Plus\SandboxieDcomLaunch.exe

Filesize
150KB

MD5
9af2d1765147735a3a5bc4f773b3d3e0

SHA1
336cf073ccdcf319ef9ead136e169fb30617cb77

SHA256
11cb9d8fcd8e2d0646a90fbcc99f951cd5854d3d575cf97a0d23b6ad667e9f0a

SHA512
ed8d5018dd09dfcb77f32fef146f95b571628ead0c867e6a7abb5616e2a30e3f6c4a8a1456086d640d8b801ad211172e7389096f23d295a1b178be7e65324818

Download Submit
C:\Program Files\Sandboxie-Plus\SandboxieRpcSs.exe

Filesize
165KB

MD5
102bffd2c8a821d4dee6f84d7756899a

SHA1
b5fd34f826a4e538d7488ea0ed2ce4b644619ca1

SHA256
a32dd97f41c1293e6991b648055b571a241cc1f6fb5c93f51cf901280580176c

SHA512
db3f4f01b03819c4091b89377a23444b6acd178964a2b1bd07a469872d4e80ad3c8809eb157b28ebd07cc59f0fb2cd5c1f1d27fd4c05dae8eb3c78eb6bb4fdf9

Download Submit
C:\Program Files\Sandboxie-Plus\SandboxieWUAU.exe

Filesize
119KB

MD5
32fbf3bcc55f61246a58bd267a9ceeb6

SHA1
cbb3db79dd2b4e9f760f795396ddaca5e71b799c

SHA256
0ec1e3969da6960dad14cc18c8f36a2d5ab09e3582d94142cc60709eebe7062a

SHA512
fed59d5afd9d861bbc3c02dc10b7e34becae43d2ebbceb918ace62e844353d2f0452cfa6947c781d5d126b5c016e02ccc227ac1350b2a0bbec8e613c9564d61c

Download Submit
C:\Program Files\Sandboxie-Plus\SbieCtrl.exe

Filesize
3.2MB

MD5
4f7b761fc9c84d93856baada32c66c29

SHA1
4acf76d29ad22abcba7fac8cf335378fe64577f8

SHA256
2476c2b0d2cdc4cf69ed74fd5a6b22bb90bf3f8e363768ce8381bc6d4dfefad7

SHA512
e2e78d869006e53d5caf25b4b526ac29e127fac17bb7b187636db9508927e665e9481024ad645cc0c6fdbb653a209f993420c364518512f64165cb2d2e623b36

Download Submit
C:\Program Files\Sandboxie-Plus\SbieCtrl.exe.sig

Filesize
64B

MD5
2befb4e3637457f7ca69f50b17ae36aa

SHA1
26ea0d4416c1305f562c4790d66fb07fbaa444a1

SHA256
62b79dd71cf65f909689881619d8c741be66afdde4c6188c075927be711a8481

SHA512
7c53b751f72254974f7a7d0c593bfe3dae7f04fafcfaa5ca20b5194985d536468f9526f43858c361501e2bd26bbb08e1e24ac5c3b43ccd34b0f60fbe277f9be8

Download Submit
C:\Program Files\Sandboxie-Plus\SbieDll.dll

Filesize
877KB

MD5
d8d4b52948e4c8ae256560c01a7f3f8a

SHA1
1dd4ce1b40399a24059059d867c95a5e1b74e4cf

SHA256
955fffc1c4eb639491e1531fee61a33161edad42a3eccf292ed202c8348fbd8b

SHA512
d8c0320e30bf2f4ec37f627e4b7969ff5070ef8c59692063951139e2742298a881a0dbc1aa789c725e628dd1cf3226a556c207d295c4f79968e5fd6969933dcb

Download Submit
C:\Program Files\Sandboxie-Plus\SbieDll.pdb

Filesize
3.1MB

MD5
a7cc1e0eaaca89cd6443d234642a6003

SHA1
83fe7f7054644814b0c5808e8058d62d3cd2e858

SHA256
798f2d7e180210693a1becfda26f10e8d51f32fa009429c0da698a1495dc3f04

SHA512
c323694a7b621b73f732760235ce30c01acc9653584b384adb121ab420870c406098b2a57031ca6ef2b02acb224fe62ec2609d5b9e75e1deb4ca912ab635ea88

Download Submit
C:\Program Files\Sandboxie-Plus\SbieDrv.pdb

Filesize
1.7MB

MD5
ac44d3759578ef66cac4b7725a5dde7b

SHA1
1c52e80f1f30cc9523563c65144e7d716bc48e5b

SHA256
4cd6726866171cd63081c674383635c5ead6fa07982efcf7ac2c7dafd3352ef1

SHA512
7190d9b078e13156277764f9be25e242bfd553244faad2d7c7a0e66d1fab2d9a55df9d7d2a34a6f50b955ce2f3b85c51b2f74ade215094d7cbee473de5313baf

Download Submit
C:\Program Files\Sandboxie-Plus\SbieDrv.sys

Filesize
240KB

MD5
3c89ff1f12da386dc3bae95bdaeeb45c

SHA1
73b15930ba31c9142d8673774edfdbf4bd7335ae

SHA256
378fb8c178e176629c6d27ef79c0c463521cca375080a0fe6796878d42af79d3

SHA512
38753b325c0c9c334b5f4d343dd7351af0d2c0b9b32a8d16a96b95a1647d27e222e3bef4857fe5ac9f5adc1bfcbc3f4f70e49c9acb10df67f9dda69108159d1c

Download Submit
C:\Program Files\Sandboxie-Plus\SbieIni.exe

Filesize
147KB

MD5
3dc9c5ba6da3d5f2df33fdf1b9e8218d

SHA1
b0b5ded4d894accce518b65613f833b5b6f2a42e

SHA256
5008aedfdd873d9ba39e68be87362594d7e065795ab3648aa03e4ec27e256587

SHA512
d9009649e853db68b0614b20b59a5a3041e6b81fc22253cd25aeb6ea8dc7fe1334bde3b620cb24731007f133de7cae96bc59a57f46b87f61e117a9b0f886f945

Download Submit
C:\Program Files\Sandboxie-Plus\SbieMsg.dll

Filesize
3.1MB

MD5
3765214ad3b86f6d00b54c7195d0f543

SHA1
7b7cce5ac90ec62b63995c0e60cf76dff0b7f45e

SHA256
4cfa82c91672784e5cca3c831579463cd25b96b398c809afd553eabade96bcf6

SHA512
b841071d37002d7651e785c8008e6b83f360e82c727f4751b021b371ceb759c08c1cae8c9fedce36ab14cbd6eabada4a751487fb6d4b4bce3a37018b95d352a6

Download Submit
C:\Program Files\Sandboxie-Plus\SbieShellExt.dll

Filesize
72KB

MD5
d75a458d4885037fce786fa5345068f6

SHA1
faef7d3f22f5ce67a29db4ae4f0d1c6f0ed70c8d

SHA256
c8d013b0e3e88e9c46b9b533c7327c58e40acb74491bec3252a3279f10a2230e

SHA512
aac6b93b139941f069af3b8afc06a4b1003220fc98415ecd6ef14c8660bcae345e5733b9ec345ce46cc165234fbcaa7bf2f7edce3ca36585dab3b86982f32348

Download Submit
C:\Program Files\Sandboxie-Plus\SbieShellPkg.msix

Filesize
10KB

MD5
474e5f07aeac40208cca5a7cd30ae092

SHA1
44ad36a978cec60dfae08b550c040e90cd9bc345

SHA256
3a40dc51680eb354267e4d53c7e8d6176fb2eb793031009581e421a478903c8c

SHA512
c69b84c00d965ae545a690c0be57e3ae8cd86e739424c3a0a2a8b74a71c9e28b1a5d8e6afbd6836db6fba54dfc0dd7bd74dbdbd6f20c558041d460b919425e54

Download Submit
C:\Program Files\Sandboxie-Plus\SbieSvc.exe

Filesize
402KB

MD5
d51eec123da839dd9b8fe2841a6ad4f8

SHA1
0efbe63bbc2b17cee6e30cd2bff39d172ace2448

SHA256
40646981b6b360953ada98667195a0890ffb1fd23f73d576056d554d458dcfe7

SHA512
8c0bdcc881de1b3c91a60d63c2b73878e7e27a9dccf88205691ce7936b326fa3fc34619c64a02730207930e6896c1c185bd0449813a31ce6263e19c02580e67f

Download Submit
C:\Program Files\Sandboxie-Plus\SbieSvc.exe.sig

Filesize
64B

MD5
d9e4ed7e35fda153407b85a2b0278844

SHA1
e46e084d94c606917bf8d84b68dcf7fda2272c70

SHA256
b0934c6177abb736647d59fd09efb6c6a52a3af6db700ae3291e0d83e24348c4

SHA512
2d91540738ae1ee7d85689e0b9776704e9e8451e47c643c0a2c75ec738117f98e73c4e615d26ba9d264eda2954afb33e3b56c4af5640000e8c52d7a6cb30f4c3

Download Submit
C:\Program Files\Sandboxie-Plus\SboxHostDll.dll

Filesize
141KB

MD5
de94dec9e08ac5f85be279379ba7293e

SHA1
6571cac41a891273cc3cc52106ba240bd2f2191e

SHA256
2e75fb1c3adce77de23d26ee42eb6c9f953ff2bf21a39b3350bc603615386dbc

SHA512
ed681a54e6ef97643b12061ba6a30961f7178943b36f3d8728723c32a474742d808e17f4d8edc5286deee8b3e1207f333db062e8abf5b25517a4be838dc991d8

Download Submit
C:\Program Files\Sandboxie-Plus\Start.exe

Filesize
328KB

MD5
8c569deac8f343779b9058c718aef6ea

SHA1
93ffb32cd8a2a2ae4f77852c13687a36a52b68e0

SHA256
d6644ff66f5f6648c90011b4e12cd7e7b682d9edb5f4f4084737f1bd0b10b838

SHA512
30c1459973b7b4ca3522e8e223c8e7cdb6b26747e11cfba6ac3d9603549ff85cff5a6ea69b4f9ded843f44e334da6a8bbe6ea1b0c6441ee0d52e256653d319b8

Download Submit
C:\Program Files\Sandboxie-Plus\UpdUtil.exe

Filesize
176KB

MD5
de9b3053d8bb3a1b6bbb912fb920f71a

SHA1
9dd0e520936b19a4d183f4469a6d8521ab1da102

SHA256
1cbe32444858c845166595fb83c2b80bdef491ace7129be022c635012015f836

SHA512
f83b490ca69895ae66e2a8b632a99daadac4ea14a9e4ad855b9814ab5c7d1b263309a097c490d3ce761d157fd7ae71de81c240c240af88075426d56d323a726e

Download Submit
C:\Program Files\Sandboxie-Plus\concrt140.dll

Filesize
310KB

MD5
44240c846cfa74af233c58983ff2d2b5

SHA1
e7caa56beb7e02fd30ce5ad449f19964529d8706

SHA256
f0d83677b5296ff90d22959aa425b2d249145d894200a33ec10c001191523c74

SHA512
fbb32ac42cff9e07c0667c8cbe118f7f9c030207c8f525176c796003cd3ce6ac08e18ed7fb7ab85a713f0a0bdf9aef60b794eb1b6b74370b379c13c54085bb51

Download Submit
C:\Program Files\Sandboxie-Plus\libcrypto-1_1-x64.dll

Filesize
3.3MB

MD5
95190986990d331bdd760b4e6790b2dc

SHA1
6e0c0b7bc1c8076c8ca72723efffddb3ed2cc41a

SHA256
2cbf8402bbc1e0a20e5399b3f05f8fc6ef7dd271f1547bb9cc82d7a21b912e91

SHA512
843b48049a6f63863caab947cec94a2bb30001d48277ceda7b5ca17f2cb9fb25d98238ed0498342fbf8acf9c4763fd767904b1fa70f5bff8bd901aeb03eefd5b

Download Submit
C:\Program Files\Sandboxie-Plus\libssl-1_1-x64.dll

Filesize
672KB

MD5
45f0c10f0e1683f40b26529e37acd526

SHA1
67a4a29a066950be1d8fbdfe754386b556df5810

SHA256
d7e91180194d341dd129b52c6833c2b89d7a32f65808204491bab632cfed13fd

SHA512
8b1300676372d958b119e5e19dfef4a8d733ceabec83362e126cc4c06e3eec6dbf6823fa824cb6380465927b6358b9da8e787b8e026654f4cd2b3169a7cbc8f6

Download Submit
C:\Program Files\Sandboxie-Plus\msvcp140.dll

Filesize
554KB

MD5
0d89995cc45c7eb40e5a7e287506c1e9

SHA1
096c27b06ee7fff2bcd290af0264cdafd04cded9

SHA256
e0a22a594e148fa55ceef3e49969bfa77011a801267a0bd7805b681b593c9d0b

SHA512
3497c2957d10fcddeec8f312fb15c53f82d770dcc3e771a94daf4f4435c3ddf323ecd33310baaf1ad56673bac7c6268a9ef921d5f32cf7e4a7c9dcb0d8aafa63

Download Submit
C:\Program Files\Sandboxie-Plus\msvcp140_1.dll

Filesize
24KB

MD5
c060bb176a671f068362db2673a08c5e

SHA1
1d6b4ae5e778f1daf3573d4817777a51c35cbac4

SHA256
768e0829decea713afb35a7de07e276f051581c8ff2c17e1bae9b07dd1445dd0

SHA512
78a6c8f76d3ebd8db9c784d7775ec44647c4776fcb11d0b32ae2b3a6f2837c0b3be12f053ef6a25811a68da17d0eea83077521f496e238757f5539b445a58a7d

Download Submit
C:\Program Files\Sandboxie-Plus\msvcp140_2.dll

Filesize
182KB

MD5
94bc7a22ec7308f851cc58fd6de90b2d

SHA1
cb4d8dcd2c8e9bbf049c1628246cb12cdd34b353

SHA256
5c12eaef6db18b168f712bff9b55793e0effddf15b89552e7f5ca4f8f1887b9b

SHA512
87791e992ccb43c833ea6ef2b0fa146031e0fd26305c93d77bc693473292f5b54d36516f3294edcc1c253d2decc166fdd1767c659f65e7d7e447cd8c318b7c96

Download Submit
C:\Program Files\Sandboxie-Plus\msvcp140_atomic_wait.dll

Filesize
56KB

MD5
6407c40330e6081689bb702daa5aacac

SHA1
24126ff2ddd568a6ed17134e539cad94e22152a7

SHA256
0193cdcff562f12218ecab5841fd6bbc4d24295cd8e4dcae960e2fb47cceb662

SHA512
445ab6d0e1f2e5d0ef520261122fac3f6909fcdc7c39df7891b395694f31a3b54a1f7f5dadc35701baad4431ef358481e725cd19f438362c262e4f936abea7a3

Download Submit
C:\Program Files\Sandboxie-Plus\msvcp140_codecvt_ids.dll

Filesize
21KB

MD5
23efa781b89641f24c17592de857bb40

SHA1
fd537ff2cf7d09701baf6550640d6cc96bd5d284

SHA256
9c6c0d8fa51ecca5e274295cbd72d45be474f3c6ce1070ec5e90f70242ae7185

SHA512
48c541d11fae95cfd04aa00d9c769a7cb6844524cdbb2e234af471048148a6f7f20e1acf077b88cb6127e8a7c49642726745386d081d0c8d404dcbb9caa4310b

Download Submit
C:\Program Files\Sandboxie-Plus\qtsingleapp.dll

Filesize
46KB

MD5
fbd30d0467b6c6c69bea9440c9a89921

SHA1
e8881bf571600c8d10f191dd7305b0da930036b9

SHA256
d4f56ae9765d30d07d91b4027d676d69b7d13afab93ecaaa2ab2097f4adf2542

SHA512
ee4df4d4edb1521831b507648437342d99e7d2f40509c65042055d216bc5a97f375c6d75be6120d0ec5a8f510c58c181d463a519cef34a7ec939fe224e4b4300

Download Submit
C:\Program Files\Sandboxie-Plus\sbiedrv.cat

Filesize
11KB

MD5
7a64843cdbba1d99312e1f13961ed806

SHA1
efea970a56e6d07e67a5c460b4c50a37ac90e152

SHA256
357f353dd3879d84e3bd52bc3f210a62b4fa82021741137842f01da12b573e5d

SHA512
ebd9f66f1f5bf05eac03481a53829c2ae543bcf90942acb0c249c80aa3b4ac2822a85a7df0daf5e91c184e144048debca3cc011dee6d4ef023a9955ba639d690

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
9078ba6882af0e5b8fb847665821c349

SHA1
61dd74ce94ea3e3737798f566e117c2fa6e1a3d3

SHA256
ba3edb26a5746f0b68fb9572b9f10e9d2112d8452ca8cf2a6666af18cadd0657

SHA512
400074d50fe9ea5a0480dd4612ab4f82c2d386ce78a58e15c8d5c748e3f7d902d0272ed32b40bf250553663ef7c3853fc6416faadef0e7198e5392a636153ff1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\17646

Filesize
9KB

MD5
16acae6a00bf95a5211d1b4c77d909e2

SHA1
c23156a0b7a59f3231649d7fc79dfe3a4dd6726b

SHA256
b59f3d15ec9e5e785bda8b6db1a556c5499254928af47887a84f39f5f5835589

SHA512
4ebead3c3074d348734b76ed91d2dd2af404bda2285be2a7bb81ebb34164dbf29c0ff9f284c902d9bbe3b03751f7546b78310dbeee8d4b0da9e76e266da8dba9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\24930

Filesize
17KB

MD5
6a384a75d5d5fc775b0936335bb97aa7

SHA1
31aa7201bb55b1c86685941b85408a507d504f08

SHA256
9aaa5d2482976ae15d38ecedcd74f040ca53fcb42273dfeb8eb06262789ffa4c

SHA512
42c498ed4267b34e8bfecacc05eca28fed1b6c0b371b1b7e01c9b1be2048ac04d9023545734be63057cd21b795108941c2c01304b401bd3ec82f9dd1a8e3a9f3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qvsz39p.default-release\cache2\doomed\7541

Filesize
15KB

MD5
09019c44b720324236ec5ebf8c470c82

SHA1
a3fec76611659db59d1f6cf51a3f8c158d2df0a8

SHA256
404b35c44b324798c1c02da3189de5e376a63c8af4ef774985a28b4dae02bf9a

SHA512
352d0f5566574ca5c59d57d4848a6679fb94ef41e6998763c5b2180fdfc23e64ad7b505d76a76740c9a71cc35d0870d67dcb32110bf50a9cd710235a7c44148f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JF6QH.tmp\Sandboxie-Plus-ARM64-v1.13.7.tmp

Filesize
3.0MB

MD5
a17f380a3b451ebda7ed227a198c1ea6

SHA1
6d96a8591a498d6f969014648e32eaa39fd2dc4a

SHA256
ac2fd84c32326050f81686f5429f8ffb5f04eee1735d51e4ec0357dcf57b9273

SHA512
5531f5535b0b47d857272b9c6f89d1f82ecf47d9fe8185a1fa9b731e1d4f60da27afbcc4b070d78e4187b479aa0379c4e74d73c330f8068beee492555d65e47e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\3e9e0a89-349b-4226-82ff-55e666559a30.dmp

Filesize
208KB

MD5
5c19bbe6dcee9c3f386d60c2899cbb15

SHA1
1552dafb6a214a7daa184af86967aaaa82110ba0

SHA256
eb81ae906df3331687a033908e24dd93d4cfd58fc20759000c65b832255cbc02

SHA512
b5508ed7033d2d4a464af6e660f6c4a82ec1773074a624e3520626e6f3e0c310e71dc4cb4d3505a9b0cc0f6e3912b0af089330bd64b856923bafa9784c727799

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\3e9e0a89-349b-4226-82ff-55e666559a30.extra

Filesize
15KB

MD5
b6b5531148231f6197eae6706788e6fd

SHA1
70828a2516c02c65218d2821b31fffeb964e24be

SHA256
49c6b3ca7b319767586834656b25b5dfb7b3b9fac4cfb7caf86c2aff1f00e6f6

SHA512
8013b71828fe48c1797b65994ac539d6f93b62f72e8d29f460cf461f998b0959ffbc9d31bc189a74e9139f3c32a7b9831ceed4851427a5f47ba7f244201f22eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\prefs-1.js

Filesize
6KB

MD5
94aa373a6e3d5b20712d6c33fe3f6904

SHA1
eae42ab1af7a82120d3dc0bfb7afcddcc5e56620

SHA256
70212319ad4f14b6481bcc9ad8024c6f34e6007210d7d0452e396a7918cedd1a

SHA512
60d727f7aebdd3f41c78ad639f7707c7273eea737c8eaccfeb96a286c9ab32997b6bcafa34c59865757037f50ff03052d2f5197466b382238f55b21fe6ae09ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\prefs-1.js

Filesize
7KB

MD5
111ba5a5409b5fccbd95bfcd89b1dafa

SHA1
d3c0bee343f6ec03f797403dbdf66f5133a63ac1

SHA256
0b38c0f3e1484953f560880547029cad788f637b22d485f23189e02b376b40ad

SHA512
a31e4fede01c961a699d20357ff3f05cf5b91ba1d5156696a3d1561686195fb3d21dba7e5acc03fd336e3f2dcf8a1226d84a3a3aad7d5c450684b901ca0d5dba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
072962c8b782bd78ff70048a6ee514c5

SHA1
0341e59c5fae899e39535c4c905c9d96ec805b21

SHA256
ba1385bcf1e0a70ae283d550fe124db3726d0f225899086f05410accb1ab1729

SHA512
96c6bf916cee0d63b63a4054332832ee0645aa2622b0f4f2651517374f504257c1125fc1098b2e3012436c1d1520cbe84e36d4a437c4eea2cdc3efae4483b302

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
3b8afe0b619e21a419bc0dabfa62e449

SHA1
16e676e170b985cb32c84e189715c40574b32f30

SHA256
6cde3874b9d9d5e659dec67daa572fd96b9280d4587f6c268e5b679b596fe47f

SHA512
bbccdb90ce0bc24a7acb3454b10bdf2945676475b6f4fa5e1ed6e786ccc6ec6a6806cbcd7577c5f47d8a4096f7d4c49161c430ed9813ab6cef833fb0ec760d3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
8ca74567d2a515f43f7ee8f40e374cf2

SHA1
7da4654fae2976980345a5f824d2298d59419f97

SHA256
7e593adad805eeee2a253a98fb0c99e40710bbc0c62dc60279d39dd73f0930cc

SHA512
2809c94fd0fe33c96996a682350398a74de364c045dc38835c443449eb04cfb5ce4db809b57730dc123cbd74d0a862daa78af895a4cef6a4786f383527bd2aa9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
9aa972abe99aced1e0df769a7aa2869f

SHA1
646250fd9fc67a1bc218e6670231272c395348a8

SHA256
3adfbd3444c5acdbcc60ec185e7b3bbd3d25b5cb0115da9a4e250a14cbf4f4f6

SHA512
dd35a003af406fd5f66ad72d891c6a4d4fd64b1a7d8d3f606d488a20630d42b867f58d2fe03f9aa171fd02eba9299d2da8c6b2cf846cadbca33ac05aa38887f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
a5a48f3823088b95886fca54db3d8e59

SHA1
72c87934f4bf86eb58728960442ff76111e4bfab

SHA256
6558efd9d17145356cb30745b5964f80f04bc2aaafbb4e282ff6383927dcacc4

SHA512
eb6388ee8b071df4d8b1fd8d505efedf130db355cc61c18b5556bb22d09227d0693cee67e13a9e36b6a37a07c0bd65fc1461cf4f63ae06da0bf39fe0a4d5c65a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
0278931d527b7a316aa87c3be2884d9b

SHA1
1972432406ee955416bf32d2a71ba3c77f947031

SHA256
b00e8305020a057d5a0ff3fa4bac89a48eff7613cfd756d957fe6b5ea78f91c5

SHA512
48268e32aeb907ab6850315acfe01b0c285c77d5ecde9897e322a3e585cf1147378b943e7af85748c763eb520341f5b601b0013ba386c594a08f46f663f4586a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qvsz39p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
55f036fa7d38781b777f703c4de8a11b

SHA1
1ad15e872341e0d2b320c7b6e93198c950ef2bd4

SHA256
aa9f70b8ae31738b58e83a2d7e7f681547162b09222e364a9278435c8f9e4527

SHA512
48c9961508452505bd66735b98397e7bbca0ac0bad59937454cf40c8e6cb0364f0a46d4f2d146cb04aa7e83febc122e2e241d916bc964775aa3995ead09b045c

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.e7yEr93i.0-master.zip.part

Filesize
3.3MB

MD5
017f199a7a5f1e090e10bbd3e9c885ca

SHA1
4e545b77d1be2445b2f0163ab2d6f2f01ec4ca05

SHA256
761e037ee186880d5f7d1f112b839818056f160a9ba60c7fb8d23d926ac0621f

SHA512
76215a26588204247027dcfdab4ea583443b2b2873ff92ad7dd5e9a9037c77d20ab4e471b8dd83e642d8481f53dbc0f83f993548dc7d151dead48dc29c1fdc22

Download Submit
C:\Users\Admin\Downloads\Sandboxie-Plus-ARM64-v1.13.7.exe

Filesize
16.7MB

MD5
05dc0cbd84d49b6ea87e768044f8ae76

SHA1
bde7860bdbf02720f62890f04e671b13aad0cddc

SHA256
17c8ca8eee65fc9b6071b68b78f74da2e84a4f676ed40d56a8d330abfa8d6292

SHA512
0e43ad8b50165d1e6f8124d1f985ffc55e2607b8421e15ea647f829a1ee12d3077e9feac8a3a1d3794d813dae0cad1c6b486f05f129eec5433265c6a84281522

Download Submit
C:\Users\Admin\Downloads\Sandboxie-Plus-ARM64-v1.13.7.exe:Zone.Identifier

Filesize
644B

MD5
8d468801c79d0814923209a568165ae8

SHA1
ea7d0c1a69832c7702e43e5c400caeefb961a1cf

SHA256
f28889ee6b040ef308638a42213ca5745f6d250c8e8996ea62f768601d2838a9

SHA512
1ca569d0f7b0164267a7678599e8986e0550468387c4031488c11fba32e2da3e0b83e1d24aa9dd5c3a760fa3671feb84e79ac18d5797cf159dba4cc5e42700ce

Download Submit
C:\Users\Admin\Downloads\Sandboxie-Plus-ARM64-v1.rdvJc7rD.13.7.exe.part

Filesize
4KB

MD5
cb1c3424fec685589e9a9fca0dc9b0c8

SHA1
b079561da6af407f87281543b04867b569c7bc2b

SHA256
1ca6ddb67f09b5c90a1679634174c4d3ca0cd1055624f75d0acc1fdeb1fe5600

SHA512
a5dd0bc35b5792b237cce0b55207f4bb3c2c184cdf563670337f93ab0d82a859f4c96e7cc41476d151d8cbe569a73fa7c267544ba6e5d22f40325734226441d5

Download Submit
C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.13.7.exe

Filesize
20.0MB

MD5
b0a7296411bbdf3faadd889b0332de5a

SHA1
e3ae7e3327ca04404cd4ebec4c06d488f6788207

SHA256
c929eaec30989246ad3945f122ad6a134f78a8da0ca06838fee026a3ba060e86

SHA512
a93b2cc001e44e52dbd9a4625594238bf05578810c67d9200d3cfbb3fab9cf38568f39e2b038b9503db4e8a825f6d719b080a7133d6b1e990353e7bfb5d197eb

Download Submit
C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.13.7.exe:Zone.Identifier

Filesize
642B

MD5
86748ec05e0a599a7cfde7db1ed997e2

SHA1
3b1aa713f95f35de89c4b96347a8ca2283ac0653

SHA256
5c5898a9329ed1c80af222681c127ec20d26eadcf79c7ce1a428a35b7c1f05e2

SHA512
b1c0a5ce03e3d7b8e886d43427c0887d4f73600ab466e782910a1eca3c62dd6f4b0b638869e78acd08e6afadab44143cdd2a7b7036117cf5601e9253f2d6ebd2

Download Submit
C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.4QLjzkku.13.7.exe.part

Filesize
384KB

MD5
57ed15c60204651f8064a378bc73580c

SHA1
16bb3e435c9038ada668ee2795b03e07607f189b

SHA256
8fb7e48b5deb1ffb041939604ff6b172c5acb0a7a2c54525e95ba08235dbab07

SHA512
0e399c398afd2ac0eac7f9e6f7125e032ebd9c03f912975834f100c26997ff406ba51ef36049af22f573892969679a2361d29048561abb01b40cf2afe7520011

Download Submit
memory/1208-1019-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/1208-1066-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/1208-836-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/1584-1065-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/1584-1020-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/2408-794-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/3428-796-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/3428-789-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/3928-774-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/3928-767-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/5020-773-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download