16930620b3b9166e0ffbd98f5d5b580c9919fd6ccdcc74fb996f53577f508267

max time kernel
78s
max time network
79s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
23-06-2024 11:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Downloaders.zip
Size

12KB
MD5

94fe78dc42e3403d06477f995770733c
SHA1

ea6ba4a14bab2a976d62ea7ddd4940ec90560586
SHA256

16930620b3b9166e0ffbd98f5d5b580c9919fd6ccdcc74fb996f53577f508267
SHA512

add85726e7d2c69068381688fe84defe820f600e6214eff029042e3002e9f4ad52dde3b8bb28f4148cca1b950cd54d3999ce9e8445c4562d1ef2efdb1c6bdeff
SSDEEP

384:6BfwcSEp9ZjKXSBIDv4dDfjlMJ7HWTHWB:efACW6Dr8HWTHWB

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 22 IoCs

Processes:

Sandboxie-Plus-x64-v1.13.7.exeSandboxie-Plus-x64-v1.13.7.tmpKmdUtil.exeKmdUtil.exeUpdUtil.exeKmdUtil.exeSbieSvc.exeStart.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSandMan.exekmdutil.exeSbieSvc.exe

pid	process
1464	Sandboxie-Plus-x64-v1.13.7.exe
2156	Sandboxie-Plus-x64-v1.13.7.tmp
2452	KmdUtil.exe
464	KmdUtil.exe
5752	UpdUtil.exe
3548	KmdUtil.exe
5764	SbieSvc.exe
5796	Start.exe
5648	SbieSvc.exe
5784	SbieSvc.exe
5944	SbieSvc.exe
5240	SbieSvc.exe
5844	SbieSvc.exe
5824	SbieSvc.exe
1668	SbieSvc.exe
3320	SbieSvc.exe
6096	SbieSvc.exe
316	SbieSvc.exe
5748	SbieSvc.exe
5588	SandMan.exe
5164	kmdutil.exe
4552	SbieSvc.exe

Loads dropped DLL 38 IoCs

Processes:

KmdUtil.exeKmdUtil.exeKmdUtil.exeSbieSvc.exeStart.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSandMan.exekmdutil.exeSbieSvc.exe

pid	process
2452	KmdUtil.exe
464	KmdUtil.exe
3548	KmdUtil.exe
5764	SbieSvc.exe
5796	Start.exe
5648	SbieSvc.exe
5784	SbieSvc.exe
5944	SbieSvc.exe
5240	SbieSvc.exe
5844	SbieSvc.exe
5824	SbieSvc.exe
1668	SbieSvc.exe
3320	SbieSvc.exe
6096	SbieSvc.exe
316	SbieSvc.exe
5748	SbieSvc.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5164	kmdutil.exe
4552	SbieSvc.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

Sandboxie-Plus-x64-v1.13.7.tmp

description	ioc	process
File opened for modification	C:\Program Files\Sandboxie-Plus\SandboxieBITS.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-3BTBR.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-CQTHN.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-OCD6I.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\Qt5Gui.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-RT251.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\vccorlib140.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SandboxieWUAU.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SbieSvc.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-GKT8J.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-CCVDD.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-L3NEM.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SbieDll.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-VDNRL.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-IHR99.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-C866R.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-GUV42.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-LCB60.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\Start.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-KUN65.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-O62FJ.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-T7H45.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-DJ6F0.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-V4CM5.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\ImBox.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-VPQTU.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-SJNP1.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-LSS1Q.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-NG0TE.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SbieCtrl.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\msvcp140_1.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\QSbieAPI.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-J57L5.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\platforms\is-7KU2K.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\platforms\qoffscreen.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\platforms\is-E6NE4.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\platforms\is-6A6KI.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\msvcp140_codecvt_ids.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\32\SbieDll.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-C6VOV.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-4T5QI.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-TF1AG.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\vcruntime140.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\unins000.dat	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\platforms\is-IEHTG.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SbieMsg.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-MLUD5.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-N0HP8.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-K9INP.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\Qt5Qml.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-N9DET.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-2QGBD.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-ML6PU.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-JD854.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\unins000.dat	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\qtsingleapp.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-ILFQ3.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-OMID5.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\7z.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-15DF6.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-6OVF4.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\32\is-3RAB2.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SbieShellExt.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-HFOAU.tmp	Sandboxie-Plus-x64-v1.13.7.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

1740 taskkill.exe
Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings firefox.exe
NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.13.7.exe:Zone.Identifier firefox.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

SandMan.exe

pid process

5588 SandMan.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Sandboxie-Plus-x64-v1.13.7.tmp

pid process

2156 Sandboxie-Plus-x64-v1.13.7.tmp
2156 Sandboxie-Plus-x64-v1.13.7.tmp
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

SandMan.exe

pid process

5588 SandMan.exe

pid	process
1740	taskkill.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings	firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.13.7.exe:Zone.Identifier	firefox.exe

pid	process
5588	SandMan.exe

pid	process
2156	Sandboxie-Plus-x64-v1.13.7.tmp
2156	Sandboxie-Plus-x64-v1.13.7.tmp

pid	process
5588	SandMan.exe

Suspicious behavior: LoadsDriver 13 IoCs

Processes:

SbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exe

pid	process
5764	SbieSvc.exe
5648	SbieSvc.exe
5784	SbieSvc.exe
5944	SbieSvc.exe
5240	SbieSvc.exe
5844	SbieSvc.exe
5824	SbieSvc.exe
1668	SbieSvc.exe
3320	SbieSvc.exe
6096	SbieSvc.exe
316	SbieSvc.exe
5748	SbieSvc.exe
4552	SbieSvc.exe

Suspicious use of AdjustPrivilegeToken 59 IoCs

Processes:

firefox.exeSandboxie-Plus-x64-v1.13.7.tmptaskkill.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exe

description	pid	process
Token: SeDebugPrivilege	3968	firefox.exe
Token: SeDebugPrivilege	3968	firefox.exe
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	1740	taskkill.exe
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeDebugPrivilege	2156	Sandboxie-Plus-x64-v1.13.7.tmp
Token: SeBackupPrivilege	5764	SbieSvc.exe
Token: SeRestorePrivilege	5764	SbieSvc.exe
Token: SeBackupPrivilege	5648	SbieSvc.exe
Token: SeRestorePrivilege	5648	SbieSvc.exe
Token: SeBackupPrivilege	5784	SbieSvc.exe
Token: SeRestorePrivilege	5784	SbieSvc.exe
Token: SeBackupPrivilege	5944	SbieSvc.exe
Token: SeRestorePrivilege	5944	SbieSvc.exe
Token: SeBackupPrivilege	5240	SbieSvc.exe
Token: SeRestorePrivilege	5240	SbieSvc.exe
Token: SeBackupPrivilege	5844	SbieSvc.exe
Token: SeBackupPrivilege	5824	SbieSvc.exe
Token: SeRestorePrivilege	5824	SbieSvc.exe
Token: SeBackupPrivilege	1668	SbieSvc.exe
Token: SeRestorePrivilege	1668	SbieSvc.exe
Token: SeBackupPrivilege	3320	SbieSvc.exe
Token: SeRestorePrivilege	3320	SbieSvc.exe
Token: SeBackupPrivilege	6096	SbieSvc.exe
Token: SeRestorePrivilege	6096	SbieSvc.exe
Token: SeBackupPrivilege	316	SbieSvc.exe
Token: SeRestorePrivilege	316	SbieSvc.exe
Token: SeBackupPrivilege	5748	SbieSvc.exe
Token: SeRestorePrivilege	5748	SbieSvc.exe
Token: SeBackupPrivilege	4552	SbieSvc.exe
Token: SeRestorePrivilege	4552	SbieSvc.exe

Suspicious use of FindShellTrayWindow 20 IoCs

Processes:

firefox.exeSandboxie-Plus-x64-v1.13.7.tmpSandMan.exe

pid	process
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
2156	Sandboxie-Plus-x64-v1.13.7.tmp
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe

Suspicious use of SendNotifyMessage 18 IoCs

Processes:

firefox.exeSandMan.exe

pid	process
3968	firefox.exe
3968	firefox.exe
3968	firefox.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe
5588	SandMan.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

firefox.exe

pid process

3968 firefox.exe
3968 firefox.exe
3968 firefox.exe
3968 firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 4268 wrote to memory of 3968	4268	firefox.exe	firefox.exe
PID 4268 wrote to memory of 3968	4268	firefox.exe	firefox.exe
PID 4268 wrote to memory of 3968	4268	firefox.exe	firefox.exe
PID 4268 wrote to memory of 3968	4268	firefox.exe	firefox.exe
PID 4268 wrote to memory of 3968	4268	firefox.exe	firefox.exe
PID 4268 wrote to memory of 3968	4268	firefox.exe	firefox.exe
PID 4268 wrote to memory of 3968	4268	firefox.exe	firefox.exe
PID 4268 wrote to memory of 3968	4268	firefox.exe	firefox.exe
PID 4268 wrote to memory of 3968	4268	firefox.exe	firefox.exe
PID 4268 wrote to memory of 3968	4268	firefox.exe	firefox.exe
PID 4268 wrote to memory of 3968	4268	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 3956	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 4132	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 4132	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 4132	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 4132	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 4132	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 4132	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 4132	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 4132	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 4132	3968	firefox.exe	firefox.exe
PID 3968 wrote to memory of 4132	3968	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Downloaders.zip
1⤵
PID:2164

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4268

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3968

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.0.1897184192\313910899" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d76ab21f-5244-4b11-a851-81b4846bc2a7} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 1836 24d7b10a458 gpu
3⤵
PID:3956

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.1.1107842405\663163199" -parentBuildID 20230214051806 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f7a92cd-167e-4db9-b702-d3f2c4f29980} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 2404 24d6e48a258 socket
3⤵
PID:4132

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.2.1489457204\1620783668" -childID 1 -isForBrowser -prefsHandle 3096 -prefMapHandle 3116 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fbddac3-90a3-4499-8913-e1ca151252c8} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 2920 24d7dbdce58 tab
3⤵
PID:4872

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.3.1620591610\1361045888" -childID 2 -isForBrowser -prefsHandle 3948 -prefMapHandle 2764 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a575d20-285b-4d5b-b77f-c9684e218ad9} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 3960 24d8017d258 tab
3⤵
PID:1516

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.4.1871600996\850915439" -childID 3 -isForBrowser -prefsHandle 5088 -prefMapHandle 5092 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73e33276-0669-4135-b28e-d419bc0eec2a} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 5076 24d81eacc58 tab
3⤵
PID:1812

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.5.1928749177\743796180" -childID 4 -isForBrowser -prefsHandle 5244 -prefMapHandle 5248 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91378a87-3705-4dd1-9545-21e0ba6909c3} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 5324 24d82014258 tab
3⤵
PID:1464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.6.576896774\483753013" -childID 5 -isForBrowser -prefsHandle 5440 -prefMapHandle 5448 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cfb328c-425a-4d89-bce7-4aef056bbb41} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 5432 24d82016958 tab
3⤵
PID:2584

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.7.1717660956\1043842576" -childID 6 -isForBrowser -prefsHandle 5948 -prefMapHandle 5856 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6d3f22c-1217-4723-9e61-00653235b108} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 5964 24d83ea1658 tab
3⤵
PID:5220

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.8.1601161944\1729344518" -childID 7 -isForBrowser -prefsHandle 5852 -prefMapHandle 6336 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f08d4007-67c1-4934-915c-2d034048db16} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 6328 24d84d6ba58 tab
3⤵
PID:5292

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.9.1075833137\1535215465" -childID 8 -isForBrowser -prefsHandle 6460 -prefMapHandle 6468 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dab49e4-3661-4861-9354-6e0639d8caf3} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 6452 24d84d6d558 tab
3⤵
PID:5296

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.10.1998555651\1175617619" -childID 9 -isForBrowser -prefsHandle 10236 -prefMapHandle 10232 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c88d1c31-89d6-4c16-bd63-0504821a2988} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 10248 24d82ca7d58 tab
3⤵
PID:5148

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.11.401176729\151514584" -childID 10 -isForBrowser -prefsHandle 10052 -prefMapHandle 10044 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df771524-d15c-40ff-b5a6-639877b158d1} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 10060 24d82ca8658 tab
3⤵
PID:5140

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.12.1510687324\398782020" -childID 11 -isForBrowser -prefsHandle 9764 -prefMapHandle 9768 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7de92ff6-a1f4-4b41-88cc-d22ce5fbb127} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 6092 24d83f24158 tab
3⤵
PID:5864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.13.1755491039\375700640" -childID 12 -isForBrowser -prefsHandle 9600 -prefMapHandle 9596 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50eabbfb-6127-4aac-a262-b166d4142d6a} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 9608 24d83f25f58 tab
3⤵
PID:5872

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.14.1650606817\2131430978" -childID 13 -isForBrowser -prefsHandle 9632 -prefMapHandle 9624 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6019838-b509-4bc2-b527-e591069318ac} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 3596 24d83f26558 tab
3⤵
PID:5904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.15.875651810\2033881199" -childID 14 -isForBrowser -prefsHandle 10060 -prefMapHandle 9644 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18af6c39-2cd3-4809-b949-6da9ef465b14} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 6616 24d8235a158 tab
3⤵
PID:6044

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.16.99131221\727898772" -childID 15 -isForBrowser -prefsHandle 10128 -prefMapHandle 9920 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9046d119-7dc6-40ea-a055-4e3e0db97273} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 10092 24d828c5258 tab
3⤵
PID:6076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3968.17.444396808\1817897293" -childID 16 -isForBrowser -prefsHandle 6516 -prefMapHandle 4468 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2886db24-ce45-4216-89fc-dba98b880d09} 3968 "\\.\pipe\gecko-crash-server-pipe.3968" 6528 24d828c7358 tab
3⤵
PID:6088

C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.13.7.exe
"C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.13.7.exe"
3⤵
- Executes dropped EXE
PID:1464

C:\Users\Admin\AppData\Local\Temp\is-FBLS4.tmp\Sandboxie-Plus-x64-v1.13.7.tmp
"C:\Users\Admin\AppData\Local\Temp\is-FBLS4.tmp\Sandboxie-Plus-x64-v1.13.7.tmp" /SL5="$D0170,20081407,791552,C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.13.7.exe"
4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2156

C:\Windows\system32\taskkill.exe
"C:\Windows\system32\taskkill.exe" /IM Sandman.exe /IM SbieCtrl.exe /IM Start.exe /F
5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1740

C:\Program Files\Sandboxie-Plus\KmdUtil.exe
"C:\Program Files\Sandboxie-Plus\KmdUtil.exe" install SbieDrv "C:\Program Files\Sandboxie-Plus\SbieDrv.sys" type=kernel start=demand msgfile="C:\Program Files\Sandboxie-Plus\SbieMsg.dll" altitude=86900
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2452

C:\Program Files\Sandboxie-Plus\KmdUtil.exe
"C:\Program Files\Sandboxie-Plus\KmdUtil.exe" install SbieSvc "C:\Program Files\Sandboxie-Plus\SbieSvc.exe" type=own start=auto msgfile="C:\Program Files\Sandboxie-Plus\SbieMsg.dll" display="Sandboxie Service" group=UIGroup
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:464

C:\Program Files\Sandboxie-Plus\UpdUtil.exe
"C:\Program Files\Sandboxie-Plus\UpdUtil.exe" install sandboxie-plus /embedded /scope:meta /version:1.13.7
5⤵
- Executes dropped EXE
PID:5752

C:\Program Files\Sandboxie-Plus\KmdUtil.exe
"C:\Program Files\Sandboxie-Plus\KmdUtil.exe" start SbieSvc
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3548

C:\Program Files\Sandboxie-Plus\Start.exe
"C:\Program Files\Sandboxie-Plus\Start.exe" open_agent:sandman.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5796

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:5764

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:5648

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:5784

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:5944

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:5240

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:5844

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:5824

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:1668

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:3320

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:6096

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:316

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:5748

C:\Program Files\Sandboxie-Plus\SandMan.exe
"C:\Program Files\Sandboxie-Plus\SandMan.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5588

C:\Program Files\Sandboxie-Plus\kmdutil.exe
kmdutil.exe start SbieSvc
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5164

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:4552

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Sandboxie-Plus\7z.dll
Filesize
1.8MB

MD5
016455167158ad8932e1c661f882b791

SHA1
91ba7dca87ca8605394ebedb12a35408d716d8ad

SHA256
9d654177210e1d24dd1809c2917e23cd5044e672029488bba06d62f0936a1274

SHA512
8be7420d7c1eb3b0022d0022e026dd585e513f5e8f48b249bce19134f6053cc0985f44d48f5065f17710b2d20f15b6baabeef7356d6c18ccd915cbd08ef8f78c

Download Submit
C:\Program Files\Sandboxie-Plus\ImBox.exe
Filesize
178KB

MD5
344503bf5b7b82ad2770b445015961b4

SHA1
c94442d3ee453effb95e01dfaf82f67c71e80bc1

SHA256
1d96e44393c9fbfd813ac4364126672a34f51feadf58e04dd66372831f913e0c

SHA512
498786b92d906e6c722f9c39f3d4c424c6bad75e7a0ba965f40af289a94200184e3a6fd0d12cfdf9a3824bb9000601c236a4ae31fe5223d798b9050c00b59af0

Download Submit
C:\Program Files\Sandboxie-Plus\KmdUtil.exe
Filesize
210KB

MD5
d5e48be290003e4edcc9875f916f4b65

SHA1
28f7c3846a07d373ef39a09fc1e7e1337dc901d9

SHA256
6f913c193fc6b1a8ad23054398bb3a646ff433e520555577ae8255d28783eec8

SHA512
29aa31c03b726265d99b0ee9757b5d1f8ad51c1ea239bc79798756ea55e4d8f05fa162757c2d4cd6a1ce9e68bb96653459fde9468adc2750314f789f19aea0d4

Download Submit
C:\Program Files\Sandboxie-Plus\Manifest0.txt
Filesize
2B

MD5
81051bcc2cf1bedf378224b0a93e2877

SHA1
ba8ab5a0280b953aa97435ff8946cbcbb2755a27

SHA256
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

SHA512
1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

Download Submit
C:\Program Files\Sandboxie-Plus\Manifest1.txt
Filesize
364B

MD5
1689ab6cf954209a1286a88c5ddee65a

SHA1
4028a3db74cc240643027cbb9946d3f03162f2ba

SHA256
de0167798a89a4b80ec2ccb4cb4ab95bfe4da2e91666f27fb83dcb75c71206ac

SHA512
aca0e04f607cf15ed8aeb707d6d6acb103278d2cd2fb27a3139904351c64a2c95f1857ee57c1d44cb3268bf07e1b112b91055427809a518fc1697872d048b7ec

Download Submit
C:\Program Files\Sandboxie-Plus\Manifest2.txt
Filesize
92B

MD5
9bc1b27cc08b3673686fa4ecf793a278

SHA1
67b588168dc8c8667343443d0a23cac59cab234b

SHA256
55e7b42230dffab5e4f1a13476e888eea5850ec8ee121e23a7b1c48836299335

SHA512
0bd40ead34aa1fc40aa25f4c59068026724e7f7cf5dfa8f3142cea00fd5804ba9309f4e92db2e36a72c7ee15ca3d6a5fbf0700429347ebfcd650a1cb1ea557ed

Download Submit
C:\Program Files\Sandboxie-Plus\MiscHelpers.dll
Filesize
617KB

MD5
c4f9619697e7c8831f85776a7531ab26

SHA1
a4870134bad3df3c4d880a0559f2da45dcd97bbf

SHA256
493dc5b6a538ae9f514ed243ced9efd58ef8e61e8a76faf33ed5c6578344a839

SHA512
922770658159d80eebc7d9e5e232d29a0b1aa48914911956df5d20edc564e9dc963e15cf81fa7dcdb8c4aefcdae0e6ebdc0f170d555dc22508ceb24044323a0c

Download Submit
C:\Program Files\Sandboxie-Plus\QSbieAPI.dll
Filesize
452KB

MD5
e22a534e260be44af2b80febdbbc970f

SHA1
232abfa7ecb1c7477a29674429efdeccc7e1ea4e

SHA256
b56f0f8da27865f2831eb3d820f009ea1955e715bb2b964474202ceb8a734a06

SHA512
8501bc528750801e965a06b043dae61def582418f58ab59268c048c664d68408736682bb81e9f9ca8e86d2d7d707cde49adc71fca285816a158b45eb91df4320

Download Submit
C:\Program Files\Sandboxie-Plus\Qt5Core.dll
Filesize
5.9MB

MD5
7a3a908f3f221256283489591ed92ec2

SHA1
c0f304687916fa9b079abfe19856d6646809c66e

SHA256
ba06570557f3936f3a968808e52d2d811bd0e3da06556b7cc14d23f8006e64d5

SHA512
58704da13bff66fa15d394e69c0b75623e87f8f011ae78e51c84108ce0969a08173e9e248191339fddc615fc108e422d00a79f4bf642deeee439086113bbd63c

Download Submit
C:\Program Files\Sandboxie-Plus\Qt5Gui.dll
Filesize
6.5MB

MD5
98b2db746ce372de20b84bd3b234d17a

SHA1
5c72aafe882db1a19f8c60b8bac5a2d942eb92ad

SHA256
7b9526a854347ae56550125171628a989566386e2b594a00cc37e6719941cc7e

SHA512
4c2d67018bb48b7377b09956a29bd86198d2cda46886ca69f3132010c6059661b4cbab95e9e9fa02d4a2301867b80abceb4ff1001e513d1517e7d39159eefe9c

Download Submit
C:\Program Files\Sandboxie-Plus\Qt5Network.dll
Filesize
1.2MB

MD5
dbe97a62b1541340ddaf77f83026fe1e

SHA1
8af053f60a52f59a178dc30de8362aa524d8dea6

SHA256
91a3ea0ecef950a0de2cd91f2d3cbd992a066126bfee8b62872b8f6758c18e7e

SHA512
7e1f3fefa1e24d0a017103be293dd6c795e38ac393df1be61642b49aa143531f8654b823d4dfc8aa935a133d3663216e023a68d08fa9d4f82869f923f0a6a6da

Download Submit
C:\Program Files\Sandboxie-Plus\Qt5Qml.dll
Filesize
3.4MB

MD5
db5d6a01ac4a3b63f98852f5128909a1

SHA1
e324e532573790d638bb06c8f6eec2a7593dce50

SHA256
46a5d7b219a43ebf9ba9527b842101bbff7d2bed873518e70f0ad8e5b73a65e4

SHA512
d3bbcc491cf22a2aa709864210855ee92d3590d7a418c84721b71059a73b24875b8041f2e75446637819e98546b26f37c07e3945714131ff0a780499754574b3

Download Submit
C:\Program Files\Sandboxie-Plus\Qt5Widgets.dll
Filesize
5.3MB

MD5
1514da054ff6b151a224ceaa057a651f

SHA1
e189cd4dbe803a90a81ef7bff663e79924228015

SHA256
cda42931821882a7131b2e1511527197d6ea29c6dc413bfce998187a93d8129c

SHA512
1419eb4fb30d3b75ae24e383b3413e74d1d0ab2316026bc54101f11f82fdcba82cc313977248d544e039e240b3865ced0661172e4dd8849f42bef1731540324b

Download Submit
C:\Program Files\Sandboxie-Plus\Qt5WinExtras.dll
Filesize
225KB

MD5
1aaafe83fd3af7f2c15ccaecd75f87d6

SHA1
b2d2a872aff818254133bc4ac71f321d64f99ded

SHA256
b7b873403190f29c6e7f22421470bc6e6ad7bd1c4afd40d64325f626248043c7

SHA512
ffd120cf9a6ee3bd0cd3930451c60bc4710300caf3d0540bc7fb05bc50faff9fdd8b6023f9d3d0b6950fa9485e9448f3f402e040f552fc552dd15045a73a9f4f

Download Submit
C:\Program Files\Sandboxie-Plus\SandMan.exe
Filesize
2.9MB

MD5
e91a35cc14f4f117da6f4c91a0c8d048

SHA1
6642e207e3e7b4ad2f380bd51860aef616925077

SHA256
00090d289035749bdd0a25ad1990be32b12e3d1ae03bc58891f8b1df00bb2f5f

SHA512
5ed134c3ab9c0153576487a5f65ddf29b3e787237e56ad0d26292444426eff484c37285ecafc735c59f69caad7e6bbf81c5f322f3f7cf600978b88b188b15785

Download Submit
C:\Program Files\Sandboxie-Plus\SandMan.exe.sig
Filesize
64B

MD5
763007b2ffd35425de2606ff9df75a3f

SHA1
e22bb3bcc0237baad0711973b3d4a8ef536ee829

SHA256
0180cddd4f936f8ae66441114effafdc1fc1e624e40bf46b293e97390fd2cc6b

SHA512
21dc4ba6cd078cef03b94cef24b5891b23cbbaa4fefdfdf1d074cd4351ef699fae2e3fba5646706d792b4a809194faf87dbb4b6af09fcf90c73f8fad818415a9

Download Submit
C:\Program Files\Sandboxie-Plus\SandboxieBITS.exe
Filesize
116KB

MD5
59abdd32e66b6aa2dc3e5b4cd76bb409

SHA1
0e4d02294fbb60b2fd41f486160f548d35896dfe

SHA256
f786f0ddb73719f1937965232bfad5538213aa8e7232c490ef26de0f6dd83f71

SHA512
b89b4f2ace1a94891f63dcb78de81406e2a44b60afd9e9295c748f7981137a65b2ce6111bdd4f15aedec7c5fda41513d10a5c5a986c34f173cb817242429f7d9

Download Submit
C:\Program Files\Sandboxie-Plus\SandboxieCrypto.exe
Filesize
147KB

MD5
916f963dc8cae8f4ef14f2a113a526fd

SHA1
bf57a4cae9d48b15c73b42f7b1f500aee5944e6f

SHA256
ebef4062b305fbeb25f6314449fb9dfb5f1a5fe5f41a83d931f2a59775f1f556

SHA512
bcfd38affd17cea1e03f32fa67d7796dcc2dcf1a1efe6bb80a817b2d9c611f9bb3c43d93d07038a20c75dda8a128952ae444e270c034029e4e4c4f65fd9fd0b8

Download Submit
C:\Program Files\Sandboxie-Plus\SandboxieDcomLaunch.exe
Filesize
150KB

MD5
9af2d1765147735a3a5bc4f773b3d3e0

SHA1
336cf073ccdcf319ef9ead136e169fb30617cb77

SHA256
11cb9d8fcd8e2d0646a90fbcc99f951cd5854d3d575cf97a0d23b6ad667e9f0a

SHA512
ed8d5018dd09dfcb77f32fef146f95b571628ead0c867e6a7abb5616e2a30e3f6c4a8a1456086d640d8b801ad211172e7389096f23d295a1b178be7e65324818

Download Submit
C:\Program Files\Sandboxie-Plus\SandboxieRpcSs.exe
Filesize
165KB

MD5
102bffd2c8a821d4dee6f84d7756899a

SHA1
b5fd34f826a4e538d7488ea0ed2ce4b644619ca1

SHA256
a32dd97f41c1293e6991b648055b571a241cc1f6fb5c93f51cf901280580176c

SHA512
db3f4f01b03819c4091b89377a23444b6acd178964a2b1bd07a469872d4e80ad3c8809eb157b28ebd07cc59f0fb2cd5c1f1d27fd4c05dae8eb3c78eb6bb4fdf9

Download Submit
C:\Program Files\Sandboxie-Plus\SandboxieWUAU.exe
Filesize
119KB

MD5
32fbf3bcc55f61246a58bd267a9ceeb6

SHA1
cbb3db79dd2b4e9f760f795396ddaca5e71b799c

SHA256
0ec1e3969da6960dad14cc18c8f36a2d5ab09e3582d94142cc60709eebe7062a

SHA512
fed59d5afd9d861bbc3c02dc10b7e34becae43d2ebbceb918ace62e844353d2f0452cfa6947c781d5d126b5c016e02ccc227ac1350b2a0bbec8e613c9564d61c

Download Submit
C:\Program Files\Sandboxie-Plus\SbieCtrl.exe
Filesize
3.2MB

MD5
4f7b761fc9c84d93856baada32c66c29

SHA1
4acf76d29ad22abcba7fac8cf335378fe64577f8

SHA256
2476c2b0d2cdc4cf69ed74fd5a6b22bb90bf3f8e363768ce8381bc6d4dfefad7

SHA512
e2e78d869006e53d5caf25b4b526ac29e127fac17bb7b187636db9508927e665e9481024ad645cc0c6fdbb653a209f993420c364518512f64165cb2d2e623b36

Download Submit
C:\Program Files\Sandboxie-Plus\SbieCtrl.exe.sig
Filesize
64B

MD5
2befb4e3637457f7ca69f50b17ae36aa

SHA1
26ea0d4416c1305f562c4790d66fb07fbaa444a1

SHA256
62b79dd71cf65f909689881619d8c741be66afdde4c6188c075927be711a8481

SHA512
7c53b751f72254974f7a7d0c593bfe3dae7f04fafcfaa5ca20b5194985d536468f9526f43858c361501e2bd26bbb08e1e24ac5c3b43ccd34b0f60fbe277f9be8

Download Submit
C:\Program Files\Sandboxie-Plus\SbieDll.dll
Filesize
877KB

MD5
d8d4b52948e4c8ae256560c01a7f3f8a

SHA1
1dd4ce1b40399a24059059d867c95a5e1b74e4cf

SHA256
955fffc1c4eb639491e1531fee61a33161edad42a3eccf292ed202c8348fbd8b

SHA512
d8c0320e30bf2f4ec37f627e4b7969ff5070ef8c59692063951139e2742298a881a0dbc1aa789c725e628dd1cf3226a556c207d295c4f79968e5fd6969933dcb

Download Submit
C:\Program Files\Sandboxie-Plus\SbieDll.pdb
Filesize
3.1MB

MD5
a7cc1e0eaaca89cd6443d234642a6003

SHA1
83fe7f7054644814b0c5808e8058d62d3cd2e858

SHA256
798f2d7e180210693a1becfda26f10e8d51f32fa009429c0da698a1495dc3f04

SHA512
c323694a7b621b73f732760235ce30c01acc9653584b384adb121ab420870c406098b2a57031ca6ef2b02acb224fe62ec2609d5b9e75e1deb4ca912ab635ea88

Download Submit
C:\Program Files\Sandboxie-Plus\SbieDrv.pdb
Filesize
1.7MB

MD5
ac44d3759578ef66cac4b7725a5dde7b

SHA1
1c52e80f1f30cc9523563c65144e7d716bc48e5b

SHA256
4cd6726866171cd63081c674383635c5ead6fa07982efcf7ac2c7dafd3352ef1

SHA512
7190d9b078e13156277764f9be25e242bfd553244faad2d7c7a0e66d1fab2d9a55df9d7d2a34a6f50b955ce2f3b85c51b2f74ade215094d7cbee473de5313baf

Download Submit
C:\Program Files\Sandboxie-Plus\SbieDrv.sys
Filesize
240KB

MD5
3c89ff1f12da386dc3bae95bdaeeb45c

SHA1
73b15930ba31c9142d8673774edfdbf4bd7335ae

SHA256
378fb8c178e176629c6d27ef79c0c463521cca375080a0fe6796878d42af79d3

SHA512
38753b325c0c9c334b5f4d343dd7351af0d2c0b9b32a8d16a96b95a1647d27e222e3bef4857fe5ac9f5adc1bfcbc3f4f70e49c9acb10df67f9dda69108159d1c

Download Submit
C:\Program Files\Sandboxie-Plus\SbieIni.exe
Filesize
147KB

MD5
3dc9c5ba6da3d5f2df33fdf1b9e8218d

SHA1
b0b5ded4d894accce518b65613f833b5b6f2a42e

SHA256
5008aedfdd873d9ba39e68be87362594d7e065795ab3648aa03e4ec27e256587

SHA512
d9009649e853db68b0614b20b59a5a3041e6b81fc22253cd25aeb6ea8dc7fe1334bde3b620cb24731007f133de7cae96bc59a57f46b87f61e117a9b0f886f945

Download Submit
C:\Program Files\Sandboxie-Plus\SbieMsg.dll
Filesize
3.1MB

MD5
3765214ad3b86f6d00b54c7195d0f543

SHA1
7b7cce5ac90ec62b63995c0e60cf76dff0b7f45e

SHA256
4cfa82c91672784e5cca3c831579463cd25b96b398c809afd553eabade96bcf6

SHA512
b841071d37002d7651e785c8008e6b83f360e82c727f4751b021b371ceb759c08c1cae8c9fedce36ab14cbd6eabada4a751487fb6d4b4bce3a37018b95d352a6

Download Submit
C:\Program Files\Sandboxie-Plus\SbieShellExt.dll
Filesize
72KB

MD5
d75a458d4885037fce786fa5345068f6

SHA1
faef7d3f22f5ce67a29db4ae4f0d1c6f0ed70c8d

SHA256
c8d013b0e3e88e9c46b9b533c7327c58e40acb74491bec3252a3279f10a2230e

SHA512
aac6b93b139941f069af3b8afc06a4b1003220fc98415ecd6ef14c8660bcae345e5733b9ec345ce46cc165234fbcaa7bf2f7edce3ca36585dab3b86982f32348

Download Submit
C:\Program Files\Sandboxie-Plus\SbieShellPkg.msix
Filesize
10KB

MD5
474e5f07aeac40208cca5a7cd30ae092

SHA1
44ad36a978cec60dfae08b550c040e90cd9bc345

SHA256
3a40dc51680eb354267e4d53c7e8d6176fb2eb793031009581e421a478903c8c

SHA512
c69b84c00d965ae545a690c0be57e3ae8cd86e739424c3a0a2a8b74a71c9e28b1a5d8e6afbd6836db6fba54dfc0dd7bd74dbdbd6f20c558041d460b919425e54

Download Submit
C:\Program Files\Sandboxie-Plus\SbieSvc.exe
Filesize
402KB

MD5
d51eec123da839dd9b8fe2841a6ad4f8

SHA1
0efbe63bbc2b17cee6e30cd2bff39d172ace2448

SHA256
40646981b6b360953ada98667195a0890ffb1fd23f73d576056d554d458dcfe7

SHA512
8c0bdcc881de1b3c91a60d63c2b73878e7e27a9dccf88205691ce7936b326fa3fc34619c64a02730207930e6896c1c185bd0449813a31ce6263e19c02580e67f

Download Submit
C:\Program Files\Sandboxie-Plus\SbieSvc.exe.sig
Filesize
64B

MD5
d9e4ed7e35fda153407b85a2b0278844

SHA1
e46e084d94c606917bf8d84b68dcf7fda2272c70

SHA256
b0934c6177abb736647d59fd09efb6c6a52a3af6db700ae3291e0d83e24348c4

SHA512
2d91540738ae1ee7d85689e0b9776704e9e8451e47c643c0a2c75ec738117f98e73c4e615d26ba9d264eda2954afb33e3b56c4af5640000e8c52d7a6cb30f4c3

Download Submit
C:\Program Files\Sandboxie-Plus\SboxHostDll.dll
Filesize
141KB

MD5
de94dec9e08ac5f85be279379ba7293e

SHA1
6571cac41a891273cc3cc52106ba240bd2f2191e

SHA256
2e75fb1c3adce77de23d26ee42eb6c9f953ff2bf21a39b3350bc603615386dbc

SHA512
ed681a54e6ef97643b12061ba6a30961f7178943b36f3d8728723c32a474742d808e17f4d8edc5286deee8b3e1207f333db062e8abf5b25517a4be838dc991d8

Download Submit
C:\Program Files\Sandboxie-Plus\Start.exe
Filesize
328KB

MD5
8c569deac8f343779b9058c718aef6ea

SHA1
93ffb32cd8a2a2ae4f77852c13687a36a52b68e0

SHA256
d6644ff66f5f6648c90011b4e12cd7e7b682d9edb5f4f4084737f1bd0b10b838

SHA512
30c1459973b7b4ca3522e8e223c8e7cdb6b26747e11cfba6ac3d9603549ff85cff5a6ea69b4f9ded843f44e334da6a8bbe6ea1b0c6441ee0d52e256653d319b8

Download Submit
C:\Program Files\Sandboxie-Plus\Start.exe.sig
Filesize
64B

MD5
8e8dfe7efe5ccf966ce70ea12fec1694

SHA1
52d95c7235e935050f112d7ee71f287f722156ca

SHA256
42d68b18d4481b12eb77ac67bfaf3d1e6d325eb40e24cc854c0d7cd760efa2ea

SHA512
1f4b8f5872a4a5e489def66dfba538706d668993a0c939309d872f8b255f36c427d14b3d4ae1802ffc7a6fc0d6256747949501f1d3c1a6bdab1aec260a9a1c35

Download Submit
C:\Program Files\Sandboxie-Plus\Templates.ini
Filesize
131KB

MD5
02d8c944a405647cd7e3ca3f1eed1edb

SHA1
30a9d0ca793e90e3339179c1d03d3cbfb60f2777

SHA256
cdd36ffc584207f373db775cd3576d18a71b0b303d949e80777fc734ebc89236

SHA512
edd0a44f43c2ff61a21fe3741b8cc2d21b35921197aab9a9e00812e9da6da4fd823f1e63e2fb3c702f6738bc32b470757ed70183517afd6da5a98d48c2edfb27

Download Submit
C:\Program Files\Sandboxie-Plus\UGlobalHotkey.dll
Filesize
55KB

MD5
06b4fa810519b020475a5edca459065a

SHA1
512453bf8aa75fd74862caa2ee3c85a740217659

SHA256
8f3b9e5d6272a04e728d30d6a2241fbdc9166e10779b06705008c76a8d6ab122

SHA512
dcf6a6e1b3e6edfc809d5bd002851b401e133dc2257b9a2c2221455f090197111f01dcab333c600120e5e15b9fb7d7159df0bd72be37464e02d572cc495f5d81

Download Submit
C:\Program Files\Sandboxie-Plus\UpdUtil.exe
Filesize
176KB

MD5
de9b3053d8bb3a1b6bbb912fb920f71a

SHA1
9dd0e520936b19a4d183f4469a6d8521ab1da102

SHA256
1cbe32444858c845166595fb83c2b80bdef491ace7129be022c635012015f836

SHA512
f83b490ca69895ae66e2a8b632a99daadac4ea14a9e4ad855b9814ab5c7d1b263309a097c490d3ce761d157fd7ae71de81c240c240af88075426d56d323a726e

Download Submit
C:\Program Files\Sandboxie-Plus\concrt140.dll
Filesize
310KB

MD5
44240c846cfa74af233c58983ff2d2b5

SHA1
e7caa56beb7e02fd30ce5ad449f19964529d8706

SHA256
f0d83677b5296ff90d22959aa425b2d249145d894200a33ec10c001191523c74

SHA512
fbb32ac42cff9e07c0667c8cbe118f7f9c030207c8f525176c796003cd3ce6ac08e18ed7fb7ab85a713f0a0bdf9aef60b794eb1b6b74370b379c13c54085bb51

Download Submit
C:\Program Files\Sandboxie-Plus\libcrypto-1_1-x64.dll
Filesize
3.3MB

MD5
95190986990d331bdd760b4e6790b2dc

SHA1
6e0c0b7bc1c8076c8ca72723efffddb3ed2cc41a

SHA256
2cbf8402bbc1e0a20e5399b3f05f8fc6ef7dd271f1547bb9cc82d7a21b912e91

SHA512
843b48049a6f63863caab947cec94a2bb30001d48277ceda7b5ca17f2cb9fb25d98238ed0498342fbf8acf9c4763fd767904b1fa70f5bff8bd901aeb03eefd5b

Download Submit
C:\Program Files\Sandboxie-Plus\libssl-1_1-x64.dll
Filesize
672KB

MD5
45f0c10f0e1683f40b26529e37acd526

SHA1
67a4a29a066950be1d8fbdfe754386b556df5810

SHA256
d7e91180194d341dd129b52c6833c2b89d7a32f65808204491bab632cfed13fd

SHA512
8b1300676372d958b119e5e19dfef4a8d733ceabec83362e126cc4c06e3eec6dbf6823fa824cb6380465927b6358b9da8e787b8e026654f4cd2b3169a7cbc8f6

Download Submit
C:\Program Files\Sandboxie-Plus\msvcp140.dll
Filesize
554KB

MD5
0d89995cc45c7eb40e5a7e287506c1e9

SHA1
096c27b06ee7fff2bcd290af0264cdafd04cded9

SHA256
e0a22a594e148fa55ceef3e49969bfa77011a801267a0bd7805b681b593c9d0b

SHA512
3497c2957d10fcddeec8f312fb15c53f82d770dcc3e771a94daf4f4435c3ddf323ecd33310baaf1ad56673bac7c6268a9ef921d5f32cf7e4a7c9dcb0d8aafa63

Download Submit
C:\Program Files\Sandboxie-Plus\msvcp140_1.dll
Filesize
24KB

MD5
c060bb176a671f068362db2673a08c5e

SHA1
1d6b4ae5e778f1daf3573d4817777a51c35cbac4

SHA256
768e0829decea713afb35a7de07e276f051581c8ff2c17e1bae9b07dd1445dd0

SHA512
78a6c8f76d3ebd8db9c784d7775ec44647c4776fcb11d0b32ae2b3a6f2837c0b3be12f053ef6a25811a68da17d0eea83077521f496e238757f5539b445a58a7d

Download Submit
C:\Program Files\Sandboxie-Plus\msvcp140_2.dll
Filesize
182KB

MD5
94bc7a22ec7308f851cc58fd6de90b2d

SHA1
cb4d8dcd2c8e9bbf049c1628246cb12cdd34b353

SHA256
5c12eaef6db18b168f712bff9b55793e0effddf15b89552e7f5ca4f8f1887b9b

SHA512
87791e992ccb43c833ea6ef2b0fa146031e0fd26305c93d77bc693473292f5b54d36516f3294edcc1c253d2decc166fdd1767c659f65e7d7e447cd8c318b7c96

Download Submit
C:\Program Files\Sandboxie-Plus\msvcp140_atomic_wait.dll
Filesize
56KB

MD5
6407c40330e6081689bb702daa5aacac

SHA1
24126ff2ddd568a6ed17134e539cad94e22152a7

SHA256
0193cdcff562f12218ecab5841fd6bbc4d24295cd8e4dcae960e2fb47cceb662

SHA512
445ab6d0e1f2e5d0ef520261122fac3f6909fcdc7c39df7891b395694f31a3b54a1f7f5dadc35701baad4431ef358481e725cd19f438362c262e4f936abea7a3

Download Submit
C:\Program Files\Sandboxie-Plus\msvcp140_codecvt_ids.dll
Filesize
21KB

MD5
23efa781b89641f24c17592de857bb40

SHA1
fd537ff2cf7d09701baf6550640d6cc96bd5d284

SHA256
9c6c0d8fa51ecca5e274295cbd72d45be474f3c6ce1070ec5e90f70242ae7185

SHA512
48c541d11fae95cfd04aa00d9c769a7cb6844524cdbb2e234af471048148a6f7f20e1acf077b88cb6127e8a7c49642726745386d081d0c8d404dcbb9caa4310b

Download Submit
C:\Program Files\Sandboxie-Plus\qtsingleapp.dll
Filesize
46KB

MD5
fbd30d0467b6c6c69bea9440c9a89921

SHA1
e8881bf571600c8d10f191dd7305b0da930036b9

SHA256
d4f56ae9765d30d07d91b4027d676d69b7d13afab93ecaaa2ab2097f4adf2542

SHA512
ee4df4d4edb1521831b507648437342d99e7d2f40509c65042055d216bc5a97f375c6d75be6120d0ec5a8f510c58c181d463a519cef34a7ec939fe224e4b4300

Download Submit
C:\Program Files\Sandboxie-Plus\sbiedrv.cat
Filesize
11KB

MD5
7a64843cdbba1d99312e1f13961ed806

SHA1
efea970a56e6d07e67a5c460b4c50a37ac90e152

SHA256
357f353dd3879d84e3bd52bc3f210a62b4fa82021741137842f01da12b573e5d

SHA512
ebd9f66f1f5bf05eac03481a53829c2ae543bcf90942acb0c249c80aa3b4ac2822a85a7df0daf5e91c184e144048debca3cc011dee6d4ef023a9955ba639d690

Download Submit
C:\Program Files\Sandboxie-Plus\translations.7z
Filesize
1.5MB

MD5
eac10fdbeb6718b4f91ab7301509416e

SHA1
065f51a8a02e84915d70b46fa0f5d246a4c34972

SHA256
7cbc25ea9bc6c563ceb2c216afb7917ea8cad6547bcff8564fcff617380f8a3a

SHA512
60fa91dad9cad4393224e613444e49e6101e00ca042486d8ec18a0fa2242ddf0f5eabf322d4e8be29790e976cd586d625e0ca192e0595f107326854d5a2d72b2

Download Submit
C:\Program Files\Sandboxie-Plus\troubleshooting.7z
Filesize
16KB

MD5
8603911b1898b4cd4c3b98784bde79b1

SHA1
33bd9562a78668de85d2674c32c97868417f4d13

SHA256
a9760c5de0da61159125f4b552d2d90e5d350f75eaa124621ea15c675f3bfa83

SHA512
e26de3774367a53b987971b0418e08679a66bc4bb739d2db672ca5e66c588eb141c8f3fe391f5b9414aecf9035bedfa3d8a34d380a3c7839acb0811a76361424

Download Submit
C:\Program Files\Sandboxie-Plus\unins000.dat
Filesize
34KB

MD5
60d32a83561e3253a898de42a0b46c56

SHA1
0829d58773fc0ccbdbbe534cf2b99cdc58c6d330

SHA256
f5252f6742a61d9302ce8d87ef9da8154cf1d5a1abea7359d4a877e6301dde76

SHA512
5128402ff6f421c5b86dd4f1a46efd653d0c0ce5225a0371be78c00dea26b44d73d73fcb5de046f4f9a46f93de958298baec092d1b6c7b29ab497701cae5c759

Download Submit
C:\Program Files\Sandboxie-Plus\unins000.exe
Filesize
3.0MB

MD5
ff6684e5ae992d7a7a14bc04d7038d4f

SHA1
7f1111236f1aadbe5ac6a133f6c2229189c7000b

SHA256
eeea913fa30a70de2703e980222884f103d82a15eb6e1177f213a5003b537700

SHA512
da264d5aa4b8d72479d6077de03da7dca411bd240c43bd0b784fe80af429d9925fd4234ab66352dbad8352a450f43f9a76d91c6fac86a0e2e57ed7e12ceff45a

Download Submit
C:\Program Files\Sandboxie-Plus\vccorlib140.dll
Filesize
328KB

MD5
6041b10ea3e291bcb38b1b6467c07c75

SHA1
c9fe0912efd22ece649ac2d4f0fef1211c5d9250

SHA256
011da00fdde5a7d4e36f1e472fe7a2918f58ee422b2c1d9c427b069f1657359c

SHA512
6d2a1439e7accace575029229acff1ee599aff5be52f9f051adebb3d8c5b130f3f9bf845a0399d670d75170a3c4850566f047d767fcd464a9d2a65e94aa2b608

Download Submit
C:\Program Files\Sandboxie-Plus\vcruntime140.dll
Filesize
96KB

MD5
a4cf5c1f71c540c69371c861abe57726

SHA1
f272b34182db8a78ffc71755b46a57a253fcd384

SHA256
c179d8914ba8e57b2f8f4d6c101c2c550c7c6712a7f0f9920a97db340f9d9574

SHA512
f2b53f28a6369f76b22e99fddfb86730f3d33e87c68dae7aa3d05808223693bb86ade263cccb99d5462cf98eeeaa6a6f1cfe5ea3aa1739f8ad6eb624caff1045

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jhlyxaos.default-release\activity-stream.discovery_stream.json.tmp
Filesize
30KB

MD5
4cc13ccb172b58ca7919bd0be6a1c999

SHA1
0e1847d91262d4af366873a8d0e82784945975c2

SHA256
595922dce22b4bdf8f668a9890c36addb9c147fedb9a219bff76cef8fe97e95f

SHA512
413607bdab249c621b61772ec2fb0a1d69b709e9f46b60d6ad71e83e0d94954bccc09ec50554a6fe29ce622aee952be2e2296609ff7972fd0f6b4c11868cf70b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jhlyxaos.default-release\cache2\doomed\16169
Filesize
21KB

MD5
27b3bb90db4348a33194a6ebc50e069e

SHA1
734a95d9949de4c6bf50377459c1ae9e8e2aa377

SHA256
46a3669494d85aa2fd482ab12ee684a3d09495a13b86b93740c9939870bf2a80

SHA512
dfad2fd2e438b1e6f3db02685a9da8d751d0847331c3b155683e366ffbb8bcf52db296065d023d8c6faa6f751f1a728fa86db068678926c60e8ad08e015150cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jhlyxaos.default-release\cache2\doomed\23552
Filesize
17KB

MD5
9ab325e9f6d1a4fe96cb53834da4aa7d

SHA1
80f5e2b222bb0f81b298d3f0c5dc4ee10b04bf26

SHA256
cfa1616c283d375a5826fde3f3efca218b853ba672514131b7245e4a8912f7ee

SHA512
26cf3f8d8b7f4f0255998f5d0dbf0c538ec051be52686416dcd3d1c708da34f742bae46f16ec9a79b725a5587e9d823f907000db448034c657373cfbe0e48d63

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jhlyxaos.default-release\cache2\doomed\27078
Filesize
20KB

MD5
29afead479b5078ff8ef98bc702975fa

SHA1
9632a658f159d5bd747f8b0f2dca43ede5129172

SHA256
0a16bbc7ddcf06736ae77c1e6920acd4e1c1280fec5751993a55154538c261a8

SHA512
d899e3209ccda5d9085c8cdce2cd683656c9e0cf25353a10491cac09adaaa8230c04f8da7fb3bcdd5699b5319d10bf883381b96d8474e6f3171c403044173515

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jhlyxaos.default-release\cache2\doomed\8438
Filesize
14KB

MD5
12b2d16d276858d00eb2426e4c3e9787

SHA1
b3ba6061853fa8d3411aa1e75b5abbcc40194dcf

SHA256
9ef760009f670b0e97125680c300175a9b406dd21997f40d8194287998faee5e

SHA512
b1317d1625a4384c211e91ff55f81a0adc18278b9c4ad78819a19fa040dfc70a4a876fe1e40412436eb14551d1420994fb60ca763f6fe3360860c7c809aa576e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jhlyxaos.default-release\cache2\entries\07EDEB37832AF77641ED39A44FF4F32338EFD644
Filesize
176KB

MD5
f8db1eb3cec3cf4995971a4484b573b0

SHA1
e57fd5330d5903e7ad01ec5be4a38e2840894d45

SHA256
ae3d2c8daebd0d1572f208a998f58bd7e58b9fca2c926b42fa41c6909c0d868b

SHA512
d30042614125708b12d3afe72d1e51771638e36346ad6feea1841ca81ebd5c7d98b420448958d01d50d288a6f483e5e19c44c0a62cd74e82b143401c7c1131db

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jhlyxaos.default-release\cache2\entries\26CB9C5F4E65C00FD6E74D4ECD081E334326CC8E
Filesize
13KB

MD5
5c7b726021ded038c1c12cfec6cac823

SHA1
93fb049e97d24e0d50085b474ed413504748247d

SHA256
161c262488d073eeec9875aac0b4ed2baca33f7ea7f93d71ad90d78b25a34453

SHA512
f185519f2c53b9644e7283ce9bdffd84ebac2d4bf87632b5f83cdb490d4a87e898c28f4c491164eebef0b46bf5e8d95db8917e4c1eb67618475e0e3f755fe0a3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jhlyxaos.default-release\cache2\entries\46C625DB4964C00323A8EF4C60828B52A454EBB4
Filesize
1.1MB

MD5
6ac06221dfd27941fc2cf7bd195596c7

SHA1
dbefea3f5d1ceb930ccd508291bab830a4f74e40

SHA256
a42722cdc81ca4003cae7bd8455df774dc540caf539122c610214256da8725de

SHA512
97cbc6a4e2ac2c0f159b7a19d59176d2b71b8c2a8aca91908435ce2a08d195c82932a0a54ea677ccf04e6f104e0107a73b94767947b582d0e2cb7bdcfa26b3af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jhlyxaos.default-release\cache2\entries\5AE6D89F9E02E65CE57A707F37A56F985F9BE4BA
Filesize
68KB

MD5
2def01d2cc25202d1bd1557157b59892

SHA1
108bd70ee1cbd92b502b245c5df5cb2c450296d5

SHA256
ceb8d213904a10d967d1f1519f35439fdd2db3721c3ebcaeb2d487fae85171b9

SHA512
15da405844b725ff0e17b4bef1c13b6a4237f041076e5143de39b6ca8c0ce8980f3eccfd604cc250fce2d6085391f4e6a73b02c8b93768fda4e2ea9dc1f4c13a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jhlyxaos.default-release\cache2\entries\5F1669055C495B3C8E0E2CE0D1E5B51594F955EA
Filesize
135KB

MD5
a06b691226ad4d9094c78132f8aae422

SHA1
63a260ed5b98709c7296642853eb3cabe0acb0f5

SHA256
c20c9b18500adddf0bdeda0056c3ce8a2ded7373b5b2c7f674b82fe90764c96e

SHA512
0d4a43e765d3b524dd6b7ee7120acc7d3ed18e1174753aa57778d6b12f0955762c890606a6b8360760b72b03998ec36abf129f359efca1d18d864e41eedb0ee7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jhlyxaos.default-release\cache2\entries\6EAC6EEB79A203A04643888B02BE01F1828F2F99
Filesize
135KB

MD5
57d5ab9ee0d88c4fdb8b34c959130827

SHA1
d0255d8ef70450233cbc0e2769c94946ad7bf8c7

SHA256
677b6fe2aeee425d058fb80f6f0e42994d16c7d3ce2b2d41b336baa63744120e

SHA512
16d583de588041958bd48dc02cce89f39fe501923c2823e34558dfd7ef7b9cff1ca7ded08f1dc577300c5e406595fed18b3c0f6c8a1c8b9c2abcd8d8ebfa38c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jhlyxaos.default-release\cache2\entries\80BB96996C8133B0FE5E0D6E5EA21B26135E8EA2
Filesize
111KB

MD5
2af68850d89cde52b9ebbbc46e45f237

SHA1
accd16ea7cfc60d67f2270c638d7ff4820e04573

SHA256
16a71ab2e088c767429c2f0bbf0c4bafd1cf751598f926979c6b8c768df45f2a

SHA512
efe012bcd9c02ae1a70eb4117fd229848eeaa44d768d8c397dbd46052ff7362a17a763bd18503b76a0114add54135b6caa232bfc72887f054704ba5585628ff9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jhlyxaos.default-release\cache2\entries\971254C7341460E85C93D0821B91E9985A0B32D6
Filesize
2.0MB

MD5
428463cc310413fa2754f8e4200686a3

SHA1
3ca0884fd9dcb84637c9643d05736ced52acb706

SHA256
cd80d4c7b8475344f09c9c3acd59d08d5f55cecffc0a3fae7e4490ecd65fe0fc

SHA512
5c93d3a8560601c392ecfe95779a47f8d75bd4e38c8c1a14abcb40ebcdfa6cfee847ce93acfa58fe2ac4da6c3f95757d2fdb2659dbd8536d98922ef4de1a2b98

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jhlyxaos.default-release\cache2\entries\BADB5A5A941150E4FA431F357C1B0429D8567C82
Filesize
1.0MB

MD5
5bc5aad59e60f52b93c42de1db766e2a

SHA1
58224434c4fc0223ada01f517c500d94a527736e

SHA256
c9f59efdd05115cb85637ba61d1d202b68f143d09e34c76c85d1a7d39a47da6b

SHA512
b43cb7e2b85ace8a146f147a101098bb1f1d33ad5d22d86651dd33524924b64d5dc36a0ca8da7b09576f097651caf82fa9d41d752a9e1ff134d4c94395dc2631

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jhlyxaos.default-release\cache2\entries\BBD0DDD40740C87A5EEFAC3B8DBFEAD5EFE8E6D9
Filesize
132KB

MD5
41e02724fa121860532bc92bccc8dc79

SHA1
1a403166c3b76344c458bdbd914ac43979188cb2

SHA256
c94bf04eb394e78241f66d7ad91eb46625840fc3f9243ad8bea8f7f68f878a95

SHA512
e2116e21780dbbcc7ca60715cc110af300ff0be7fc310d6311fc1ad3753269f0234a896dd8c6d0b5870c1c4c6f242ad34dfec4b47c94a510f27f5a73a728ab2d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jhlyxaos.default-release\cache2\entries\E8254BFA330D5945BAF042EF8F887002F85E1017
Filesize
96KB

MD5
15e5bc7f7dc4c06fdf371c2e2d2db3cc

SHA1
4a581ff8595c39d359a5226c5572184af80a0abf

SHA256
7fc01bd63a4f0bde4b1321f070cdd6e476b3de9a36281328440df020eb8d6c2b

SHA512
5d3967fc883824f580c72b9f1fce71d583e4faa701c9ee0412c7822dd427c638ebd80de1302c4708b21a873694b299b5bf8eae5a8f645e6e06f0b6981deddacf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jhlyxaos.default-release\thumbnails\447c1d819532470f427483b5c2ad32a6.png
Filesize
98KB

MD5
c39d47fcf867431f1b7ff0ffa4003c68

SHA1
bb0eafaadddaa7147c2688523da22816adec8777

SHA256
3678d7b63d1fc84fafa37ec87db0787187b8b3157646df3f13a7bd8d225b6b77

SHA512
05347a364f01bc2528f0585288af67176719c064189d4ed480a2016117c0596b866997ed91bff7e12ddec411af48f954ca4926c434e58a5fd16a8fcb92820d5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FBLS4.tmp\Sandboxie-Plus-x64-v1.13.7.tmp
Filesize
3.0MB

MD5
a17f380a3b451ebda7ed227a198c1ea6

SHA1
6d96a8591a498d6f969014648e32eaa39fd2dc4a

SHA256
ac2fd84c32326050f81686f5429f8ffb5f04eee1735d51e4ec0357dcf57b9273

SHA512
5531f5535b0b47d857272b9c6f89d1f82ecf47d9fe8185a1fa9b731e1d4f60da27afbcc4b070d78e4187b479aa0379c4e74d73c330f8068beee492555d65e47e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jhlyxaos.default-release\prefs-1.js
Filesize
6KB

MD5
234a063039ee678dd4fdbde411dfe6a0

SHA1
48d6ca564fe3b9e86c6e53b60c142dd83d0d5774

SHA256
7a5f73fac09038dba1592389958d3470a8a9e5247d6e37bdd2abbc0d4586beb0

SHA512
eecd0487d74b0bfcc3408ea0e8c767f46619034521064d586f0cbfe3522c5f17d3bc04c2a466a804339406ead1a01cdd5857772303608c3aecd3b4997595c700

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jhlyxaos.default-release\prefs.js
Filesize
6KB

MD5
cd9fd6fe74d91e4272047f77da049d97

SHA1
9e976e6905a7767ea37c82fc8db70181d6543e2e

SHA256
d06fcbe5f39a35289271a877b9c44a8dd9dead4677c793ccc93fe2d4f5a0404c

SHA512
be77d7a302fc210749eb2ee9ebfebb475813f867727e27ba095ce91f9edd3ba08ca1570a0ab948035db41e337811535e898f059b0004e46fa1b94ea9716e66d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jhlyxaos.default-release\prefs.js
Filesize
7KB

MD5
4489c99603abbb7bb52a64df6f0e997b

SHA1
12081e375e5e0e86d38a25665cb30d4f7eec0ff1

SHA256
27dd5a537b48f4eb785ee8e7be3093c0ea8f6da9c2b4b955882d8581003ff762

SHA512
ebe0a3f2345a4b672136470aa9608495f96377c5b2b17f87b0a999f28cd139b544d4a3599ab1a2fb1fce714b23e39b6d9d3c9a10d42f1778230b921575d73eb3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jhlyxaos.default-release\prefs.js
Filesize
7KB

MD5
50278a77eb83edf11823b34265008caf

SHA1
46380ac41dd6be71d516a2dcddfbb360962c7394

SHA256
c864f1b1241397b5ed6ac4bb632fc96df5c23a4fe55a2c50d88c748288e145df

SHA512
0abe534836662ec67b3968ed4c5c29d781682d6ae16ab0d9491ff21b1af2ea8c015d205880cb12f029c8672a53d17cbe844b7cc6a7b9e855358f1a7dd2db969c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jhlyxaos.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
fd44e50fb82ebd5b03acf10234f151ff

SHA1
0fb67156cecac04936a39a94be6de831c0b434c8

SHA256
8f43679e0217258664f624c36d3ec73eee90b40cb1be270455bf9a01998f3616

SHA512
1b2dfcafb95f7eff188b5bfcba4fc42f26464e0b7383d406fa73d1eb5cc33aaba687f5fd88b3687e6646235f714355961882c51b9d7720bea32a8cf3fc3e5ea6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jhlyxaos.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
5262d47908579388b6bb76072af8db66

SHA1
5a43b62973e521dc916b607d5dba0314b8724c6b

SHA256
ab4b9fbee0c322501f29b12bd3ccd91253107d9ef70bbaaee24dbff7def0eec7

SHA512
5300fdc4e2a555ef2b9ed3533c1a448f4e04340e8467d79c66f2af0b0fecc1319973be8c15fc0ec474f7b1e96cc5aaa669d04065ba28644134fc5af280100104

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jhlyxaos.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
a786e4f6d40f0e5393d23a021d91b673

SHA1
246044dba07820fb5fd30edfbb069453b1ee37c9

SHA256
5f8f7c83c1628cfa7f3dced184480bee605b3060e1577730d7cf96cef7193ec9

SHA512
57af9f319e78d1d95fe6073e824aee97a68b0bbe55b2a64b3b87d4ae6f9ae43ba852bdfb68871f096c43b1d767f9236751e391bc667492a33cd8eb9cd13b4e6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jhlyxaos.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
a7e5cf99b527c37dfa3fc7faf7bf5fa9

SHA1
66344527ed1c1757c1f0461e6d4a97f9cbbe98cb

SHA256
ef4c2b579cbcd7ae1a7525334f17ad04be7e92959b03a538b281908346216669

SHA512
85dd9117939c7d9d014f48c9189679c7163c75369c6d8f589fc4f20ffa55b3696a68254f2511a18dffc156cba908df1520a0525db9bc4c98c5e2d497b9ce16f0

Download Submit
C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.13.7.exe
Filesize
20.0MB

MD5
b0a7296411bbdf3faadd889b0332de5a

SHA1
e3ae7e3327ca04404cd4ebec4c06d488f6788207

SHA256
c929eaec30989246ad3945f122ad6a134f78a8da0ca06838fee026a3ba060e86

SHA512
a93b2cc001e44e52dbd9a4625594238bf05578810c67d9200d3cfbb3fab9cf38568f39e2b038b9503db4e8a825f6d719b080a7133d6b1e990353e7bfb5d197eb

Download Submit
C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.7uT5EPEO.13.7.exe.part
Filesize
36KB

MD5
a4a164022e291ddcb1736c58856f8b77

SHA1
d0b76ae997a8e703823c18b145044868b84d0be0

SHA256
232ab647a3cb60136767a7feab8594bcd70e602ad6d075de18b3d747efe2dfcf

SHA512
c220350e12d7044d27bf031b5fb7e77a224c1f762ba35d824c855ae1e3030be81e96664032a54bc8ce67e7fa155baeffad656dba29800e6f85d158406cf1e80f

Download Submit
memory/1464-996-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/1464-1163-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/1464-1222-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/1464-994-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/2156-1001-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/2156-1221-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/2156-1164-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/5588-1257-0x00007FFE06BB0000-0x00007FFE070FD000-memory.dmp

Filesize
5.3MB

Download
memory/5588-1258-0x00007FF76B810000-0x00007FF76BB03000-memory.dmp

Filesize
2.9MB

Download
memory/5588-1256-0x00007FF76B810000-0x00007FF76BB03000-memory.dmp

Filesize
2.9MB

Download