Analysis
-
max time kernel
1801s -
max time network
1598s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
08-06-2023 20:05
Behavioral task
behavioral1
Sample
SQLBOX Cracked.zip
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
SQLBOX Cracked.zip
Resource
win10v2004-20230220-en
General
-
Target
SQLBOX Cracked.zip
-
Size
228.8MB
-
MD5
fe87fd3bab3bd6ae6e22a4cd31121f99
-
SHA1
3a72748965dcc3f364ce0bef5dce6e209f5995d6
-
SHA256
95ed1d3a279976d188079477b484085fd36b6ddd1684f33c9a626df5b6821782
-
SHA512
4abaa8c58b20a9ed43944c4dbbdf8032bc18cc224ba7d86ddf26b9d93847fc3fe3d0638b6ee080d89fcc2f879fd276db9b10750e303eb89d3851589b885bf0ad
-
SSDEEP
6291456:EzsOE5KnuvKozT9kzwuM4itdmTz8lq7zeW0UgGldj+gQO:EWEQPv9kzwuUZ5UgGldiS
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
Processes:
SQLBOX.exeSQLBOX.exepid process 3316 SQLBOX.exe 3580 SQLBOX.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies registry class 6 IoCs
Processes:
OpenWith.exeOpenWith.exeOpenWith.exeOpenWith.exe7zG.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ 7zG.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ 7zG.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
OpenWith.exepid process 5000 OpenWith.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
7zG.exedescription pid process Token: SeRestorePrivilege 1928 7zG.exe Token: 35 1928 7zG.exe Token: SeSecurityPrivilege 1928 7zG.exe Token: SeSecurityPrivilege 1928 7zG.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
7zG.exepid process 1928 7zG.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
Processes:
OpenWith.exeOpenWith.exeOpenWith.exeAcroRd32.exepid process 1684 OpenWith.exe 1684 OpenWith.exe 1684 OpenWith.exe 1684 OpenWith.exe 1684 OpenWith.exe 1684 OpenWith.exe 1684 OpenWith.exe 1684 OpenWith.exe 1684 OpenWith.exe 1684 OpenWith.exe 1684 OpenWith.exe 1684 OpenWith.exe 1684 OpenWith.exe 1684 OpenWith.exe 1684 OpenWith.exe 1684 OpenWith.exe 1684 OpenWith.exe 3204 OpenWith.exe 3204 OpenWith.exe 3204 OpenWith.exe 3204 OpenWith.exe 3204 OpenWith.exe 3204 OpenWith.exe 3204 OpenWith.exe 3204 OpenWith.exe 3204 OpenWith.exe 3204 OpenWith.exe 3204 OpenWith.exe 3204 OpenWith.exe 3204 OpenWith.exe 3204 OpenWith.exe 3204 OpenWith.exe 3204 OpenWith.exe 3204 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 5000 OpenWith.exe 1568 AcroRd32.exe 1568 AcroRd32.exe 1568 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
OpenWith.exeOpenWith.exeOpenWith.exeAcroRd32.exeRdrCEF.exedescription pid process target process PID 1684 wrote to memory of 4896 1684 OpenWith.exe NOTEPAD.EXE PID 1684 wrote to memory of 4896 1684 OpenWith.exe NOTEPAD.EXE PID 3204 wrote to memory of 4964 3204 OpenWith.exe NOTEPAD.EXE PID 3204 wrote to memory of 4964 3204 OpenWith.exe NOTEPAD.EXE PID 5000 wrote to memory of 1568 5000 OpenWith.exe AcroRd32.exe PID 5000 wrote to memory of 1568 5000 OpenWith.exe AcroRd32.exe PID 5000 wrote to memory of 1568 5000 OpenWith.exe AcroRd32.exe PID 1568 wrote to memory of 732 1568 AcroRd32.exe RdrCEF.exe PID 1568 wrote to memory of 732 1568 AcroRd32.exe RdrCEF.exe PID 1568 wrote to memory of 732 1568 AcroRd32.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 1920 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 4000 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 4000 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 4000 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 4000 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 4000 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 4000 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 4000 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 4000 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 4000 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 4000 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 4000 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 4000 732 RdrCEF.exe RdrCEF.exe PID 732 wrote to memory of 4000 732 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\SQLBOX Cracked.zip"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\SQLBOX Cracked\" -ad -an -ai#7zMap31870:108:7zEvent198531⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\SQLBOX.exe"C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\SQLBOX.exe"1⤵
- Executes dropped EXE
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_env\python\Lib\site-packages\pip\_vendor\requests\auth.py2⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_tools\nmap\scripts\auth-owners.nse2⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_env\python\Lib\site-packages\pip\_vendor\requests\auth.py"2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4C2C9ECB0AF54EAF0A74CE4E31AEEDF2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9D13113958CF2A60A8306FF627AF7898 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9D13113958CF2A60A8306FF627AF7898 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:14⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2CEBA881F48C692C342B40F09565F77F --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=16FB93F59D81DA4F065E9373CF5C06A6 --mojo-platform-channel-handle=1968 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=086956B2462EA96498560314121A6631 --mojo-platform-channel-handle=2376 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_env\python\Lib\site-packages\pip\_vendor\requests\auth.py2⤵
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\SQLBOX.exe"C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\SQLBOX.exe"1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SQLBOX.exe.logFilesize
1KB
MD57ebe314bf617dc3e48b995a6c352740c
SHA1538f643b7b30f9231a3035c448607f767527a870
SHA25648178f884b8a4dd96e330b210b0530667d9473a7629fc6b4ad12b614bf438ee8
SHA5120ba9d8f4244c15285e254d27b4bff7c49344ff845c48bc0bf0d8563072fab4d6f7a6abe6b6742e8375a08e9a3b3e5d5dc4937ab428dbe2dd8e62892fda04507e
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\SQLBOX.exeFilesize
667KB
MD544f5842dd56e95e8fda423f7937c11cb
SHA1387ce287a291f5ca6a3fccc6ba5684d08e41e75a
SHA256c3b831d93604df8d708b81f1aefe32bb3016826abf8e47b6a13b110b274bc407
SHA5129210abb3ef7c094e41ba6017067cff5bb6439969dba4354b1c6acd70ff7de752f73f44af1c11ed9bc58432167a54b26492b40b717e2beb299768a708d1da53af
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\SQLBOX.exeFilesize
667KB
MD544f5842dd56e95e8fda423f7937c11cb
SHA1387ce287a291f5ca6a3fccc6ba5684d08e41e75a
SHA256c3b831d93604df8d708b81f1aefe32bb3016826abf8e47b6a13b110b274bc407
SHA5129210abb3ef7c094e41ba6017067cff5bb6439969dba4354b1c6acd70ff7de752f73f44af1c11ed9bc58432167a54b26492b40b717e2beb299768a708d1da53af
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\SQLBOX.exeFilesize
667KB
MD544f5842dd56e95e8fda423f7937c11cb
SHA1387ce287a291f5ca6a3fccc6ba5684d08e41e75a
SHA256c3b831d93604df8d708b81f1aefe32bb3016826abf8e47b6a13b110b274bc407
SHA5129210abb3ef7c094e41ba6017067cff5bb6439969dba4354b1c6acd70ff7de752f73f44af1c11ed9bc58432167a54b26492b40b717e2beb299768a708d1da53af
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_env\python\Lib\site-packages\charset_normalizer-2.0.4.dist-info\INSTALLERFilesize
4B
MD5365c9bfeb7d89244f2ce01c1de44cb85
SHA1d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_env\python\Lib\site-packages\dulwich\tests\data\repos\empty.git\refs\heads\.gitignoreFilesize
14B
MD5ff52e986b98e9119818fbe49c33b967f
SHA19f2903bb1ae955015fa8f73b6ec7a7e1a487f61b
SHA256e49bdf8c01314f987ba33b15b4ec3fae9f76321db1650773d2b5cb563b0c6917
SHA5126a48f662d60db278bd1ad5f1c261adb1e82b63238d98a4240c2b96c3bd1285edfe0b491b6f3341d12a4ed98e6b98658b3f695f409ee5663561757f66ab34b469
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_env\python\Lib\site-packages\dulwich\tests\data\repos\ooo_merge.git\HEADFilesize
24B
MD5b5f96fd6db21a15ca1b84e9f02ad5551
SHA1509e0f78e789c5517a73f9884e9c4d0c89abf07b
SHA2565ece82a78782acf6a8e184b8fcc397606b1ac4c7e3c4d379240cfb3ef3e8e1d7
SHA512dd92eb021911490e737e6cbbd7bbbe40872e93dbf79b6bcd99afcd5c8c577cfb366855b0e3d69a72e946ab0b2b6c701c47daf71fc7efae329cc7c8b16897f51c
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_env\python\Lib\site-packages\dulwich\tests\data\repos\simple_merge.git\objects\95\4a536f7819d40e6f637f849ee187dd10066349Filesize
22B
MD5f9c4b06d4556e78cc429f19f53026f9c
SHA18c114a22a853d3a928da44f2136db0e0cb78f71c
SHA2566cd77d5900e2230bb3e6bd377b5117707870ed397f8ffe5e227e43df016d5989
SHA512d9e0d934a5a6b091f664c9837e475c2f9e77b8a8b94ced71a5b5d4f8949c535c40315180bc57759017039389a1268f7e46d62b2c789db547df6543d57579fdc3
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_env\python\Lib\site-packages\dulwich\tests\data\trees\70\c190eb48fa8bbb50ddc692a17b44cb781af7f6Filesize
71B
MD56585f06697c6b9deaf7fbc488a101463
SHA173a07d7f4791583fe3bcf44a45de6e23641a8d4d
SHA2562f1ea9db1dd0be30ff1b3a00dd646447077d92ad3a98a60e14f10bdf7265c43b
SHA512aa007720aad452377046d25c06d424c1cc54b43f96f10b7e7642a5eb0f6becd0932f7cf4667dcae4ee329812cb03a8f5641b1e63ff8f06a5184a657950ab2bb9
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_env\python\Lib\site-packages\pip\_internal\network\auth.pyFilesize
11KB
MD5acc3018105dff841a20ebe9c9b3531d9
SHA1a4a81ea92a883b2d2a9e3dc3d87d48ec5e15efb3
SHA25676ddcdbd3449f35f364b756975814464c3d3d0984e287c85b51f8ef893252482
SHA5126cd80518b48c94ca02150787102a0f5779a4aef25080ca14bc66a6faf4105d4ddd15568eb58fb9cc981276dcedfe6d31ad3208dc21b263c3e25bb299f117812f
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_env\python\Lib\site-packages\pip\_vendor\requests\auth.pyFilesize
9KB
MD51a21f3f8f2851b46f099fbcbd5748867
SHA1a4ff1efafc575773b4f225721cdf83c0ee81ab39
SHA25638ca092152b244bcbd4c7afdd72f2bc72b19b9c9703c1f8ad57835cc1a265214
SHA512dc86643b6b2954f9758296045242a5f3178fad77c4c0a15295194ee28f819ec7ca7d4d9ff0e43d6170dd907734082c34d136452170dfd244964933aed12c23ce
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_env\python\Lib\site-packages\pip\_vendor\requests\auth.pyMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_env\python\Lib\site-packages\requests\auth.pyFilesize
9KB
MD51a21f3f8f2851b46f099fbcbd5748867
SHA1a4ff1efafc575773b4f225721cdf83c0ee81ab39
SHA25638ca092152b244bcbd4c7afdd72f2bc72b19b9c9703c1f8ad57835cc1a265214
SHA512dc86643b6b2954f9758296045242a5f3178fad77c4c0a15295194ee28f819ec7ca7d4d9ff0e43d6170dd907734082c34d136452170dfd244964933aed12c23ce
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_env\python\Lib\site-packages\setuptools\_vendor\packaging\__init__.pyFilesize
562B
MD52eed0787819307cc2e25cf45a4a9b5ad
SHA174e5f4a45cf9a2e4e3e1f66456676bc7c49b2fd1
SHA256e9e9dba795e045f8c18ec23df9b9f4d078c77f94c7db53c330e2a4256f31c3ec
SHA5123dbe5d38dfbafdae2bd2d0bc621996e3b5b857e714bb2f24264a88d929349255f9332256ce01121b8e19ba9f2ace51d5da9db3898066f43ad2f4975ed2692537
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_env\python\Lib\site-packages\soupsieve-2.2.1.dist-info\WHEELFilesize
92B
MD511aa48dbe7e7cc631b11dd66dc493aeb
SHA1249fdb01ad3e3f71356e33e1897d06f23cfb20c2
SHA2563aa464174798e461ecb0ca2b16395b4c8ab4ef6be91e917ad1f21003a952f710
SHA512edd5892c9b2fe1f2439c53d2cd05f4478ec360885054bd06afcf7936f6d066377fee07796dae9ecdf810e3d6100e039cad48f00ad0e3145693d53e844cc5319d
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_env\python\Scripts\normalizer.exeFilesize
103KB
MD59bc20ecb652bdd71f09b6de65923b64f
SHA1d2bd5cea969f87868db9567475c81e1de1108954
SHA2568106c3c1eded5f2a2fd4eb19419116756139647419e4d2e147b6a9842474a2c7
SHA512dc73a460a262ca0b51a8254f0687f26fac9067c6d2edda3cc6091f684a0675d261ed1ed44b155cc44f0243fcda03fa122694a8c724d74634d06d430f85d8b748
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_tools\nmap\scripts\auth-owners.nseFilesize
2KB
MD5dad4292ae11ed26b049e1cc47af63226
SHA106051af0c125324cb6bec4aafd26ea80f879430a
SHA256e15e2151926d6d3f21ad3790d62734aca9a141c24dd61e4643394e8eb5f6063a
SHA512756a986dcdb15bec4135ac74aca732455d296fbab910a3a36e904603797f156473ed88c99f9263b1cb2a95bf679ef48127fc0fe0a9d459c4b638639afc41d98e
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_tools\sqlmap\extra\dbgtool\__init__.pyFilesize
146B
MD5d51431ce81616e81ffab62e201c7976d
SHA190b1c1b085383a3f8c7a9a293b076c36e0d50180
SHA256613c052f7ad605b4cd31a604dfb697c114f4b0caf38dd6ab6c76077a3e89a067
SHA5122a50f1f11ba51f2397118d88afd160e6565223c2b8e9a08e72db1ce33ce703096e818e421db2fb6829e3cae30d98930c4d3171b8320e9b4f105d2e6a7edf5071
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_tools\sqlmap\plugins\dbms\cratedb\filesystem.pyFilesize
259B
MD5ded3f3123d4da5f240213755fad3d52a
SHA19256e406af1a1efc2d41f9d67883395ed40d1feb
SHA25641393352e30dfe0eac87ddb1c2b6521243c7e664bcca2ceb70e86e408bd31143
SHA5122275a62855b48b6629db096f41039bb67bfe393ebe4958b98e949986e25aadc34654a9502e2db47bf365ffc22014aee73e38a1239416e3499ec305b9d79f584f
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_tools\sqlmap\plugins\dbms\extremedb\syntax.pyFilesize
447B
MD502bd34acfeb582de959bb89eebb3127f
SHA1ef58708231905a6e237de713d251f8d5c453a929
SHA256b97fa025718ac94f60412803d28d02bbcd2f8488f2bd68f39b010c206dfd51e3
SHA512540da12be07a917b6a2ec9be87436ccc19e5835a014e963afac45f3386308f786a10d364cc448762ca2a03406b4d5d03c3e82984ec660fa45eb183fd574626a6
-
C:\Users\Admin\Desktop\SQLBOX Cracked\SQLBOX Cracked\XDATA\_tools\sqlmap\plugins\dbms\presto\syntax.pyFilesize
677B
MD53668cd26fbb3351accfe1f6eddd63e2d
SHA110ff437c69db25e08f513e55ca07ee2e416a3c22
SHA256aa5fdb335fa859b363e3ad0a0cf00ae411cea9f734ea333e1052d0ead0bb93a0
SHA512e6bd1f86553373357738005a72e5b5ffcc05ed507b520571d5dcc4679f11a2adb9f1b0bb62973eb8e58ecd3de6e4dcd7169c7b84f6273adfc063df6b2a20c0a3
-
memory/3316-7434-0x0000000005390000-0x0000000005934000-memory.dmpFilesize
5.6MB
-
memory/3316-7439-0x0000000005A60000-0x0000000005A70000-memory.dmpFilesize
64KB
-
memory/3316-7443-0x0000000005A60000-0x0000000005A70000-memory.dmpFilesize
64KB
-
memory/3316-7437-0x00000000059E0000-0x00000000059EA000-memory.dmpFilesize
40KB
-
memory/3316-7436-0x0000000000400000-0x0000000000492000-memory.dmpFilesize
584KB
-
memory/3316-7435-0x0000000005940000-0x00000000059D2000-memory.dmpFilesize
584KB
-
memory/3316-7438-0x0000000005A60000-0x0000000005A70000-memory.dmpFilesize
64KB
-
memory/3316-7433-0x0000000000400000-0x000000000044A000-memory.dmpFilesize
296KB
-
memory/3316-7441-0x0000000000400000-0x0000000000492000-memory.dmpFilesize
584KB
-
memory/3316-7442-0x0000000005A60000-0x0000000005A70000-memory.dmpFilesize
64KB
-
memory/3580-7490-0x0000000000400000-0x000000000044A000-memory.dmpFilesize
296KB
-
memory/3580-7491-0x0000000000400000-0x0000000000492000-memory.dmpFilesize
584KB
-
memory/3580-7492-0x0000000005900000-0x0000000005910000-memory.dmpFilesize
64KB
-
memory/3580-7493-0x0000000005900000-0x0000000005910000-memory.dmpFilesize
64KB
-
memory/3580-7495-0x0000000000400000-0x0000000000492000-memory.dmpFilesize
584KB
-
memory/3580-7496-0x0000000005900000-0x0000000005910000-memory.dmpFilesize
64KB
-
memory/3580-7497-0x0000000005900000-0x0000000005910000-memory.dmpFilesize
64KB