7f8a7557d92ed985e26d9f0bfefa7d2dec72ee38e28579aca86fcb1114e4c267

Analysis

max time kernel
62s
max time network
68s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02-03-2024 18:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sublime_text_build_4169_x64_setup.exe
Size

15.7MB
MD5

591561a993ef58f8c547f1542c1ed2d8
SHA1

1177c6451fdaa841f7a8cb0feed53b6621e3356d
SHA256

7f8a7557d92ed985e26d9f0bfefa7d2dec72ee38e28579aca86fcb1114e4c267
SHA512

4902149980eebfdd8720600002d181816d8b36292fd8b5af5a023928738aa30789b3ee3c1075f304b55f4809b2df5dc63fa453e8747672064475e07478829089
SSDEEP

393216:fXI2GZeymKWixJkWwmP7o/OVHLBL5Y7rFQD0t1/26tTK:f4NoymKPQOVHLBLG9+wN1t

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 5 IoCs

Processes:

sublime_text_build_4169_x64_setup.tmpsublime_text.execrash_handler.exeplugin_host-3.3.exeplugin_host-3.8.exe

pid process

4264 sublime_text_build_4169_x64_setup.tmp
3256 sublime_text.exe
2840 crash_handler.exe
3712 plugin_host-3.3.exe
4268 plugin_host-3.8.exe

pid	process
4264	sublime_text_build_4169_x64_setup.tmp
3256	sublime_text.exe
2840	crash_handler.exe
3712	plugin_host-3.3.exe
4268	plugin_host-3.8.exe

Loads dropped DLL 10 IoCs

Processes:

plugin_host-3.3.exeplugin_host-3.8.exe

pid	process
3712	plugin_host-3.3.exe
3712	plugin_host-3.3.exe
3712	plugin_host-3.3.exe
3712	plugin_host-3.3.exe
3712	plugin_host-3.3.exe
4268	plugin_host-3.8.exe
4268	plugin_host-3.8.exe
4268	plugin_host-3.8.exe
4268	plugin_host-3.8.exe
4268	plugin_host-3.8.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

sublime_text_build_4169_x64_setup.tmp

description	ioc	process
File created	C:\Program Files\Sublime Text\Packages\is-K3UI0.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-7B1Q8.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python33\is-ASOJJ.tmp	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\update_installer.exe	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\subl.exe	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python3\certifi\is-A08QQ.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python3\certifi\is-BVVH6.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-AS5BH.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-3OJE7.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-EN6Q1.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-B6BM9.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-JEOI7.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-VG022.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-6424A.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-K5JOC.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-1LC24.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-C9A09.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-G7NVH.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-C078B.tmp	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\sublime_text.exe	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\plugin_host-3.3.exe	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-3SV6O.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-CVL3K.tmp	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\python38.dll	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\libcrypto-1_1-x64.dll	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-32JOO.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-J4QR7.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\is-BBL44.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-FJUOC.tmp	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\plugin_host-3.8.exe	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-GVVMA.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-NS5DV.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-0ST20.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-1E0HF.tmp	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\python33.dll	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python3\certifi\is-H015Q.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-LPGOV.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\is-6JTH8.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-SRR19.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-LF0ND.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-T79L3.tmp	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\libssl-1_1-x64.dll	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\unins000.dat	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-TJLHI.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-21NQC.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-OTB1H.tmp	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\vcruntime140.dll	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-ENRN5.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-O7DHB.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-1PFJ9.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-PQ38C.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-F4SR6.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-R4MKT.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-F7I6U.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\unins000.msg	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\crash_handler.exe	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-5MDD0.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-5OJM0.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-93D7N.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-MONSO.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python38\is-GQM54.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python3\certifi\is-HP0RG.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-IIE68.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-0QJ4T.tmp	sublime_text_build_4169_x64_setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

Processes:

sublime_text_build_4169_x64_setup.tmpsublime_text.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.completions\DefaultIcon	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-snippet\OpenWithProgids\com.sublimehq.sublimetext.snippet	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.sublime-syntax\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings	sublime_text.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.color-scheme\shell	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.sublime-project\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.settings\DefaultIcon	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.theme\shell\open	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.macro\DefaultIcon	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.sublime-mousemap\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.theme\shell\open\command\ = "\"C:\\Program Files\\Sublime Text\\sublime_text.exe\" \"%1\""	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.sublime-build\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.mousemap\DefaultIcon	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-theme\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.workspace\DefaultIcon\ = "C:\\Program Files\\Sublime Text\\sublime_text.exe,1"	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.workspace	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.build-system\ = "Sublime Build System"	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.syntax\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.workspace\shell\open\command\ = "\"C:\\Program Files\\Sublime Text\\sublime_text.exe\" \"%1\""	sublime_text_build_4169_x64_setup.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	sublime_text.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	sublime_text.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-macro	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.mousemap\ = "Sublime Mousemap"	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.syntax\DefaultIcon\ = "C:\\Program Files\\Sublime Text\\sublime_text.exe,1"	sublime_text_build_4169_x64_setup.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	sublime_text.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	sublime_text.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-completions\OpenWithProgids\com.sublimehq.sublimetext.completions	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.macro	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.theme\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	sublime_text.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	sublime_text.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	sublime_text.exe
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.commands	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.mousemap\shell\open	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\sublime_text.exe\SupportedTypes\.sublime-settings	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.theme\ = "Sublime Theme"	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.completions\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.keymap\shell	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.keymap\shell\open\command\ = "\"C:\\Program Files\\Sublime Text\\sublime_text.exe\" \"%1\""	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-macro\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-mousemap	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	sublime_text.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	sublime_text.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.keymap\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.menu\shell\open\command\ = "\"C:\\Program Files\\Sublime Text\\sublime_text.exe\" \"%1\""	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.settings\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.syntax\shell\open	sublime_text_build_4169_x64_setup.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	sublime_text.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.mousemap	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.workspace\DefaultIcon	sublime_text_build_4169_x64_setup.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	sublime_text.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-keymap\OpenWithProgids\com.sublimehq.sublimetext.keymap	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.settings\shell	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-workspace\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 620031000000000062586f9310005355424c494d7e3100004a0009000400efbe62586d9362586f932e000000123202000000080000000000000000000000000000003613bb005300750062006c0069006d00650020005400650078007400000018000000	sublime_text.exe
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	sublime_text.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.build-system\DefaultIcon\ = "C:\\Program Files\\Sublime Text\\sublime_text.exe,1"	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.commands\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.theme	sublime_text_build_4169_x64_setup.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	sublime_text.exe
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	sublime_text.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-settings	sublime_text_build_4169_x64_setup.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	sublime_text.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "1"	sublime_text.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

sublime_text_build_4169_x64_setup.tmp

pid process

4264 sublime_text_build_4169_x64_setup.tmp
4264 sublime_text_build_4169_x64_setup.tmp
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

plugin_host-3.3.exe

description pid process

Token: 35 3712 plugin_host-3.3.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

sublime_text_build_4169_x64_setup.tmp

pid process

4264 sublime_text_build_4169_x64_setup.tmp
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

sublime_text.exe

pid process

3256 sublime_text.exe

pid	process
4264	sublime_text_build_4169_x64_setup.tmp
4264	sublime_text_build_4169_x64_setup.tmp

description	pid	process
Token: 35	3712	plugin_host-3.3.exe

pid	process
4264	sublime_text_build_4169_x64_setup.tmp

pid	process
3256	sublime_text.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

sublime_text_build_4169_x64_setup.exesublime_text.exe

description	pid	process	target process
PID 2620 wrote to memory of 4264	2620	sublime_text_build_4169_x64_setup.exe	sublime_text_build_4169_x64_setup.tmp
PID 2620 wrote to memory of 4264	2620	sublime_text_build_4169_x64_setup.exe	sublime_text_build_4169_x64_setup.tmp
PID 2620 wrote to memory of 4264	2620	sublime_text_build_4169_x64_setup.exe	sublime_text_build_4169_x64_setup.tmp
PID 3256 wrote to memory of 2840	3256	sublime_text.exe	crash_handler.exe
PID 3256 wrote to memory of 2840	3256	sublime_text.exe	crash_handler.exe
PID 3256 wrote to memory of 3712	3256	sublime_text.exe	plugin_host-3.3.exe
PID 3256 wrote to memory of 3712	3256	sublime_text.exe	plugin_host-3.3.exe
PID 3256 wrote to memory of 4268	3256	sublime_text.exe	plugin_host-3.8.exe
PID 3256 wrote to memory of 4268	3256	sublime_text.exe	plugin_host-3.8.exe

C:\Users\Admin\AppData\Local\Temp\sublime_text_build_4169_x64_setup.exe
"C:\Users\Admin\AppData\Local\Temp\sublime_text_build_4169_x64_setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2620

C:\Users\Admin\AppData\Local\Temp\is-NNQHR.tmp\sublime_text_build_4169_x64_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-NNQHR.tmp\sublime_text_build_4169_x64_setup.tmp" /SL5="$A0044,16071622,121344,C:\Users\Admin\AppData\Local\Temp\sublime_text_build_4169_x64_setup.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:4264

C:\Program Files\Sublime Text\sublime_text.exe
"C:\Program Files\Sublime Text\sublime_text.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3256

C:\Program Files\Sublime Text\crash_handler.exe
"C:\Program Files\Sublime Text\crash_handler.exe" --no-rate-limit "--database=C:\Users\Admin\AppData\Local\Sublime Text\Crash Reports" "--metrics-dir=C:\Users\Admin\AppData\Local\Sublime Text\Crash Reports" --url=https://crash-server.sublimehq.com/api/upload --annotation=hash=9841736165743280861 --annotation=ident=sublime_text_4169 --initial-client-data=0x304,0x308,0x30c,0x2e0,0x310,0x7ff62a934820,0x7ff62a934830,0x7ff62a934840
2⤵
- Executes dropped EXE
PID:2840

C:\Program Files\Sublime Text\plugin_host-3.3.exe
"/C/Program Files/Sublime Text/plugin_host-3.3.exe" 3256 "/C/Program Files/Sublime Text/sublime_text.exe" \\.\pipe\crashpad_3256_QXACJCKBSMHOOANL "/C/Users/Admin/AppData/Roaming/Sublime Text" "/C/Users/Admin/AppData/Local/Sublime Text" "/C/Program Files/Sublime Text/Packages"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:3712

C:\Program Files\Sublime Text\plugin_host-3.8.exe
"/C/Program Files/Sublime Text/plugin_host-3.8.exe" 3256 "/C/Program Files/Sublime Text/sublime_text.exe" \\.\pipe\crashpad_3256_QXACJCKBSMHOOANL "/C/Users/Admin/AppData/Roaming/Sublime Text" "/C/Users/Admin/AppData/Local/Sublime Text" "/C/Program Files/Sublime Text/Packages"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4268

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Sublime Text\Packages\ASP.sublime-package
Filesize
111KB

MD5
a6d9884f73bc5e2220d80bee4e76f84e

SHA1
031c68cc096e04c5a6d0b1fe4363ce4cc54965a0

SHA256
d7a1b194c653d75278b221deaea1e7e05eee5951e8d476e01c84a4b5e7c46b90

SHA512
a3e7e48b6eed9595096f311beb0be8571e65bd94aa77ea030ec7bcb9681eba558ccdd62054854c47ca72b1d0ec0a2ff44e662137a70633ea16acf14a17be67c2

Download Submit
C:\Program Files\Sublime Text\Packages\ActionScript.sublime-package
Filesize
16KB

MD5
bfc0ce28d2c805843c85ffc64ed5a5f0

SHA1
ee3f144bb606ec8b12b2f37b0fdde86bfa23ec0d

SHA256
aeb55f3050f9bf6557c5b7512b37e8931851e5fea77615121c704e65ea39c661

SHA512
df9ac18689dac46cf5bead0701f53adaec074ae4e1853c50142843a1078822ac12d998319c13ec7e98eeadc8184ddcf24145de46156d6ccea687db0f5b15b91c

Download Submit
C:\Program Files\Sublime Text\Packages\AppleScript.sublime-package
Filesize
33KB

MD5
f198f42bd9f0dbc83049563cf04d20ca

SHA1
62ce5f4e67ec0ec282fe3d3e7273b5ec88e05946

SHA256
b22df40512887e3f2f2a852efbab83003277cbf97081288da4ce1b4c50059ff9

SHA512
e7a27f7db369cd33e68d1ee44bd666d044ca47beb7939d4fa60d3fbfaad3630fa8f294d160ba98d87a7a922f3972df50ee81335d6ba940caf0ac4d4d7a80f3b7

Download Submit
C:\Program Files\Sublime Text\Packages\Batch File.sublime-package
Filesize
311KB

MD5
781985669880fb1302c4e2b429096346

SHA1
e96de238035734624442e676752a160815522f2e

SHA256
bb958ccfb9d1bcb0fb354357d6546bd090dfe590ba3745c1d9b14192766b787a

SHA512
36f306ebe4ef6d12a2bb9bb034206c3e4b118f73992174e5762eb357ce07b727c8e14d4b5190599ce6c6378a5b585801e8f82faa57a12d1eeb71f556e49ad3c6

Download Submit
C:\Program Files\Sublime Text\Packages\Binary.sublime-package
Filesize
496B

MD5
54fee1be1e3d9f5d3294946d9a06bf91

SHA1
cab47647967f484ff6bdf959635fcc78cd8f60ca

SHA256
28e2bbb2865ded552217a92f4d9a3c749fb49fbe7a27935594f80fc3a90317e6

SHA512
82870ab62c82da8b2579e75572dd17f4a7006e9c490a3f9f3f51b878248c04f7b3ae94488e69dc498ac956ab14b1c87b15252239cb9782533251cf15a0f9c0e2

Download Submit
C:\Program Files\Sublime Text\Packages\C#.sublime-package
Filesize
289KB

MD5
296a448229fcb06224faa40d538dcf64

SHA1
9bd864a9a6f7e12c31e185c6ff3e272d2d13bf0c

SHA256
0ad3dff84216b06cc0728a6b4ecd6721f1580cb6ddf57fe809588b9f4d276b62

SHA512
55cc1d0f031599bc4cb8cb8ebb2a4e7e01b0e5dc81cf7c653c0feb7764f1c71b0e12de9242fc5837fb881a60b98f486d125e0224eb51ec0821cc5e85988e5dfd

Download Submit
C:\Program Files\Sublime Text\Packages\C++.sublime-package
Filesize
365KB

MD5
d805943b48a2b02775fed8255470aac7

SHA1
b605f369a1414df75389e6cb5c7b65748f35bd30

SHA256
474c41c3aa62796c6ef52b3fc3bb1bc6dcb5a9af63448dca42fbb240eaa9c9d1

SHA512
bb7cb0f3b3fdf228d80b61daa61eadf8022eb9741cf531ddf2b9f4b852e1794f5e5bcfffcf8809df23682b805a5b4282df3fa055c3c2bbd63d2146ae07c34b53

Download Submit
C:\Program Files\Sublime Text\Packages\CSS.sublime-package
Filesize
428KB

MD5
1051271da7da5f11104f3c84e7fce57d

SHA1
b5c4870c88ee75696defa0e7085ed9055b55cbd9

SHA256
2a1219dd78130a374b1eee8e5b66b7f1d0e9b8139a38a2e25def9d4f266b19c3

SHA512
352df1882cff1ade58d0dab2db0c115354aca8858e2bccc49f5d353382d09fb86d342dc1a52161b74ba1cb85905f22280985dc79435d360c3601461592528f4e

Download Submit
C:\Program Files\Sublime Text\Packages\Clojure.sublime-package
Filesize
96KB

MD5
76222018c14983a3875860388aa97025

SHA1
d3e9147297a8ae0b5191de73f98e43640367d2eb

SHA256
0edd21d6509ac517b144ad74e8963ef942d0bb29cdbef7c29961f3a6da637bfd

SHA512
a75877648873af0913b548ca94f8e3b515dcef7b796a85882dca31ed3579c18ecdde5fce36996cc4bd5ebda889f9833a17c02d809629884fba4cbf7746642a25

Download Submit
C:\Program Files\Sublime Text\Packages\Color Scheme - Default.sublime-package
Filesize
50KB

MD5
4aa558def7a1f3e0c232f43377818b3a

SHA1
b20d8a740a4aff18a6a300513bba376964227575

SHA256
1ed899e3ccbb3b9ed0c3dc26191b8f51f0b7166ed5aa22869ed1138f8e78c7cd

SHA512
569eacf99359a162a904f42f0e003d9f5a0613ec420ac960f09768a951cb2bcb578b3ca58a11bd4bb34e0f34273ae831c9267fdd147e39380531d24b2cb361ed

Download Submit
C:\Program Files\Sublime Text\Packages\Color Scheme - Legacy.sublime-package
Filesize
259KB

MD5
38bfd6a3b889b9c718be9790873a5766

SHA1
6afd749587d425d10a9dd7ca8e7099ae0a53ed0b

SHA256
be8c2b8e40e89fb5ccf71eb7745621ac1001d2db8ce118879cba33ca9c386363

SHA512
493b76fdc75d569437421eecba213d9ed503ed6b2fc4f5e53b43d07a92b554262c32d64b1ebd77ad561acc7d8de63559220c0c4eb3aaa58b687dfa7dcc40090b

Download Submit
C:\Program Files\Sublime Text\Packages\D.sublime-package
Filesize
225KB

MD5
1e7eba6bc100e0c4731d96cc048648c9

SHA1
415c9f431c01d1745cb5fe0f1c3c51db785679b2

SHA256
653edffef22fe124e9cc0d4acf305ecd7c33edab4dd5e064bae9675f5fa3d65c

SHA512
8cf4d9ee46c7035557d4270e5b7cf5ba513a1258c5ded0dd6b8ed888d8c0063d09ff68cd301da3bb3c158010d67f97f229540b6a9d267879073bdbd74b8e489e

Download Submit
C:\Program Files\Sublime Text\Packages\Default.sublime-package
Filesize
531KB

MD5
4a3d57031290e59d915fd1c14f687cc3

SHA1
4fa1fc87445668cc7520683991eb2a176dceab65

SHA256
03836c79cf01ce1618a76bc960641c3108464ff1dfd373492a2b98feb835f710

SHA512
debe7a6297b605a89b20e6100a2f3a761cb45e84514cbaca4c7137a23769a0b0fafa64a15615c55d5030d4c3078e66d44c8c5e4c31ff12d59f135d016a7e7cb3

Download Submit
C:\Program Files\Sublime Text\Packages\Diff.sublime-package
Filesize
13KB

MD5
8044981429777c80ab2b8be783666c37

SHA1
0f6634ceef284ac7d3a96e13ea30bb22a7dc6d36

SHA256
1cc6036699a37bfd4a6d95de597529b430512d69395200571fce9919faf50200

SHA512
a07205223fa299e33a592058778ec86e3be68d1b6220c1c601c7943078fe4781b45cde972ee9c5e2c01daeb8be8772195b5feaaae6a5fd40964be3e28f904d76

Download Submit
C:\Program Files\Sublime Text\Packages\Erlang.sublime-package
Filesize
392KB

MD5
84dce3f197f8f579d8843ad42123ea98

SHA1
00f5af1ec08a9bdba623b9d6930fbd5113f8f225

SHA256
5ee0f147280f66fcf011ee18d6bdf6685f5dcee1682c48df2f212d91293306e6

SHA512
e78d5abf2a84e32cc758dac1c0ebe4c5eef987bb20f00e4d3fb0026e3f37593cd1b1f93d179ff7927f00ee6eb5ac8a8faa06b6b8ed6a4e3cda84fdbacb285bb4

Download Submit
C:\Program Files\Sublime Text\Packages\Git Formats.sublime-package
Filesize
224KB

MD5
90c5e6ff60f5a86e1cbd09ffec0504b1

SHA1
3fe1ae3c73e6c8cc589482eb8a3c2414a155b398

SHA256
8e11257870035fefde534b518ce231cac50f87f96d6c98b430f22146b0f172fc

SHA512
f09f2e96c87f237324cd1677a9e1d13a748ad5e7a2d7c7d4c4247163397131218e2eb258def7a7bed38f53591355121c9410c68991350da3918a5e47f58edc8e

Download Submit
C:\Program Files\Sublime Text\Packages\Go.sublime-package
Filesize
379KB

MD5
3d68e03e4feb633243bdf43801d7dfe9

SHA1
73fd739da5319613c9c17145b7ba2ebc2dbf7826

SHA256
695e87f39a972edeaa88f5b1fd8a0e5c466c13f031d6332205ec48940eea0963

SHA512
b1a5601888aa66d5ffc8d71dfbb9d25866b85ed91fedce594cf4866161b42ee04cbb6fa8d68aa8eb6c62f7d60753b2fdc1b7a4d5e78ffed94b1920f0a2a4c854

Download Submit
C:\Program Files\Sublime Text\Packages\Graphviz.sublime-package
Filesize
71KB

MD5
878849cc2f27721e7677583400131fb3

SHA1
884fb8f95f9e4c45e43d8cfac60c14c6b38071fe

SHA256
bea0a17992ecd61aa2cc513777c8ea9c64368026ceb96efb5856e42d25bb1b39

SHA512
49a032ca7353ebf57be52679c3141b30f9363efe5b9b6a89e250027f1c6fd224d70ef7b8b0afd8ef33a2a2393c919bfe339501bdfc82b15da05ccee3fe327fd8

Download Submit
C:\Program Files\Sublime Text\Packages\Groovy.sublime-package
Filesize
86KB

MD5
48fb35dedad0a0cf3db8f62e5e545f11

SHA1
76de5ee52b7e7c060968749b61d093aa45e2da15

SHA256
25b65f1bc89d265c4969f53b409b4d5e4393e15b28932eca58cfd56726f80bc7

SHA512
e784bac997f2e686d9a0c8bc2c0de52f93204630ac86071852782db955ea3f2a9f939ae17a6686b3eb2cb5b375122922aaf3768abb34b6551aca19077b5fccb6

Download Submit
C:\Program Files\Sublime Text\Packages\HTML.sublime-package
Filesize
122KB

MD5
8a1487a871bba077694a03a63c07e12a

SHA1
cb4c40cd3f59a8792e3db1397b47c607d88b79e1

SHA256
41029b3de142f15690d95bc840a8080b251afd3940f045c855ba3008d4b88345

SHA512
49670e86aa88b007220ccfddf8fb6fc7d9e0cad802022def81a43fe98e485ad460cc20d7aeb564b9c61c66d91fc791ba315b27e66b76bf55a2b25ce94eab8f9f

Download Submit
C:\Program Files\Sublime Text\Packages\Haskell.sublime-package
Filesize
363KB

MD5
4b3de3944f75b3553e903da5dc9b537f

SHA1
0ca27962cbf2450f9cca40fc1c257f8e8b16dc56

SHA256
bc78e929fd0ce819fe2d1c9a43a667fe0fda4fee2844c6da6ba14b2ef3214da6

SHA512
3d5701d16a3995226b101cebe7cb0385e2367dd026d04963b99f6af34d4a509c9962a1fe91900bdf97927f7791aa92cd8d75a4431ec8cf8765546cc42cad3ded

Download Submit
C:\Program Files\Sublime Text\Packages\JSON.sublime-package
Filesize
14KB

MD5
627850cbc10db5fcfb5223155cb581a1

SHA1
93469559a6530f41ebd7974194eb1a5f090f01f9

SHA256
acbb27e6bc892c6ed87f7584508e6804cd3740cfcb94ea2bf46defc0f57b97a4

SHA512
1bfeab76ec0ec15aa767885337686e6e930b17e9de227ba1ab72d2091b844716c782f296617a6d66e9a840538fc52f7f621843a18e45355c6f7b37c019ca58a0

Download Submit
C:\Program Files\Sublime Text\Packages\Java.sublime-package
Filesize
870KB

MD5
d60067436492d811f13624b859274a69

SHA1
73eea2da3699871d1aa427e40235f6be76d70135

SHA256
060dfad7b44f70f9591eec79e7e42d7ef6fa11779811f74dd020baaf5c80da39

SHA512
653c29fa17effaaca34d28b0259755d4a85a8b934c8a64017214ef543820de0c35a6f5848530d9a7a243f69515ef721364694e89abfb4ecf0bacfe704c8e9d1f

Download Submit
C:\Program Files\Sublime Text\Packages\JavaScript.sublime-package
Filesize
369KB

MD5
9666be6812cb6cd89a7e787aa5935671

SHA1
7db0078a6c516c8ce997b7b3d6235aba87bd0db6

SHA256
6af28318529df765d1c1e61b5574b3d0cb377a6a7c3dfa9c11d5961dfe3af0c5

SHA512
2762108b2c9620ca6f6c8b1d66c1af7e20e354ab1ff4d51e3d0e30ffc9bde7cd02804999ea751d9c5e979cde239a348bb4e515c54aa80c5a1f0c77d5688898d4

Download Submit
C:\Program Files\Sublime Text\Packages\LaTeX.sublime-package
Filesize
133KB

MD5
068391e35ab49fb5a9ca18f8abead5bf

SHA1
68a941eecd06ef6086a0ec375e3b36d8bc486301

SHA256
5396bab5e0521da2fbc7b8ee43c2eb7a13cd68cdb5281a01e93de0f7c91403dd

SHA512
e68effcf65e0bf403322021f319108e50c689379820be9392ad63d1bf808a6d1eb5726eebe07d952b6f4aa946cd252c22e18133db2b88f91bc13a0717ddeb506

Download Submit
C:\Program Files\Sublime Text\Packages\Language - English.sublime-package
Filesize
1.6MB

MD5
1f2e42713458733f9ab01c3991b91ff4

SHA1
aaa7c135279c5d718ccf4a54a2506d50baebf63c

SHA256
cd148c04e9f233a371a4c9759e2a84552fd5d437b75025ec4db7e2f951d1eb64

SHA512
fe31ced8e34b0b69a098024a2ce73c561b90a5b52824af8b05b362e194c0f66ff09ffdc26fbacd1e7e25dd97b933eab8f57201dac79a658614cb868addadafb6

Download Submit
C:\Program Files\Sublime Text\Packages\Lisp.sublime-package
Filesize
22KB

MD5
40e3205a6b48d2b66808f88aa72c4701

SHA1
fa995adda4e70c918aefc9f4ad6bedc85109ad35

SHA256
f149f244e3d2eb911558815c4dac2cc16b5f6747c9c951024cae8a75a783150a

SHA512
a40d61e2488d76273dd8f1b0d377f14bfcd1bb356c46f31fe08202183ee823d48bdef88b30ae152475ed1f24c3095779e4d96cdf55856a2701ddcb1fc1012af2

Download Submit
C:\Program Files\Sublime Text\Packages\Lua.sublime-package
Filesize
78KB

MD5
16aa1a1ebb20037486db4980cc604957

SHA1
e6d15a93af50369b3e1097420a3fec336b50c7e3

SHA256
f508648745b745e6c2901137f66a000b3ec2fb5af20f1ce0346916d082607c23

SHA512
0620f3dbc0cabc9998fa632984fd99cb786535615c0c79b5fb2ffd495d3e437e498f942abd37ffadea63c6ea7af121614db1b054a41606a38c0a114ac5e00f5c

Download Submit
C:\Program Files\Sublime Text\Packages\Makefile.sublime-package
Filesize
62KB

MD5
6bc60bd9bc1367f7a4d2db59e3cc01b5

SHA1
4398234f9d8e8bf4783a9a822955ce167f8fc942

SHA256
cb2514b51c2085e3e9d1bf5015d3ff70fd22cea6d3033bfe0f19ce00c882c1ff

SHA512
d723a71d5186ef10328041597a5bccf7df3c70253dc14f8489cce7c4e173ca42f052d33732e8b0836d266d075bac12cf4310c03946d9ef617f9a13b34ee3ffcc

Download Submit
C:\Program Files\Sublime Text\Packages\Markdown.sublime-package
Filesize
449KB

MD5
1213caa118a5116fdab3f2131dedb25c

SHA1
607448a7547a282cf2fb1cc8d45a923cbd361b2e

SHA256
98bce03206946e87cdb26557e319957c19e3cf4ba98e677549705d9178693f02

SHA512
4e0756c41e14566169e5043fdc211676a55bd3c183069e910c1eed0353de629a7e43db76c92fd2ca6edf56cec2e853495c8bb9a9df76a8c79e33585a95b28c9e

Download Submit
C:\Program Files\Sublime Text\Packages\Matlab.sublime-package
Filesize
138KB

MD5
a410f1bbece3ec2ae8f1e568da0364ca

SHA1
2177cfcdb96ae3ea4179176e0ca61d5ded3570df

SHA256
062b3606f10f02e330720bf875a1ad3f766b6d79619dfc6e589bf6e48857eb7f

SHA512
c1f420930a72e23d0063b13dd359de3fc8b1b53651ff5678af0bc03d14dbbbd77716de628b459658a3fca95d6d4189968a5c1a3b5b0da9b5cb110b82ec914c25

Download Submit
C:\Program Files\Sublime Text\Packages\OCaml.sublime-package
Filesize
55KB

MD5
369ec3bd2e2831d5f857823f033d41d4

SHA1
18613c5065171c959c8d07e970965245562ae1b7

SHA256
b0107591f2180dc3b9549c9b99b3371828a92bc6a57bb985d06f1d0b84cfb319

SHA512
b8b44ef0fe790b64bfe3f604f90c3ecbc2166346cfd4b60c33691c6e86874dacd1badd0a5fd1f78d33b93b33ba0e2607d2c2d0fde01436f6bd15af52a00eee34

Download Submit
C:\Program Files\Sublime Text\Packages\Objective-C.sublime-package
Filesize
294KB

MD5
bc033f59e7a9bf3796070dfc222e1792

SHA1
ab64fd27923a1bc770f961384b3d9dd580ec2e7d

SHA256
8e09ad1ca7ef39e643ec5d14a3e2d5ea7fe756d2eceba9326f0d7307c4ff8f70

SHA512
db1018ceb1e23fc520afa2e019213a1859bb1b7791d4372479eff677a8885faaac1e12938b1d80fff0747d62fa5d600c56663dde6f9114952ef5e50a4bc7824c

Download Submit
C:\Program Files\Sublime Text\Packages\PHP.sublime-package
Filesize
1.2MB

MD5
c615a897f34ba917de9a7d8b6a14f252

SHA1
11bbbef24c08cd9865b8c8c7c3df3827174289b0

SHA256
364d672be4127bc578c792eaa6872231a618e4550638138707cb48c67fcaa5d7

SHA512
61693f5eb5d9f20168eb2feb98864fb678a4ed7155f00e86e18917e8b2ecbd41811057375d22f27004956e04e1951f0d63d87d9d327dad1e5aa0e4c64d278d6f

Download Submit
C:\Program Files\Sublime Text\Packages\Pascal.sublime-package
Filesize
5KB

MD5
03e1ce7b9568907f6e2171b1b3e671ad

SHA1
f634924e154933a11be1e3c0c26bda6a32060465

SHA256
343e89615583859d4a92e497924f8a64c14efbd803516a9b9a3e85798596d5d9

SHA512
47c65db26ad9ba5b8769aa4deab769a4dce86f908501eaa7eab8ff841deb65512ca148a5b176879353510c26dd795bb21cfe90b6f923bd7b620ff950013713aa

Download Submit
C:\Program Files\Sublime Text\Packages\Perl.sublime-package
Filesize
321KB

MD5
e53c56af16da5b95a831f498d18b7463

SHA1
dc3f23de81c56e97681b2a6352302cbf8e68e4da

SHA256
5f6bb00dcfe8db03b62838ad090fb5714b90b0cb485bbd8645dabc446a7c0675

SHA512
959c518719a98bc163421b3d116e2bbdaa975c0baf8edff05168d6d2a66497a78bb48948683e33a02ea14f37dcf45b305908ee7aeb98268ed5f278eea1c914a0

Download Submit
C:\Program Files\Sublime Text\Packages\Python.sublime-package
Filesize
381KB

MD5
8839efff1dcd1b999012264191a79d80

SHA1
e780f0dd6a02b7bf3bb0a15cc914e958714a6bc2

SHA256
e6b4e79c2de8734586f6426dd1c4122de329d6c6312dabece64bcd2f05a75955

SHA512
78e48d29f1335ef840c11e9dd388f8bba0fec80bbfbeef8cdb7518622b7f962d22a48a4e30a65dc7c2eb19a9588eff75c8f5b91f22f28150c48fb7598198013c

Download Submit
C:\Program Files\Sublime Text\Packages\R.sublime-package
Filesize
79KB

MD5
a3f0e837f1d01db5320f11a32c55fa84

SHA1
b707157193b542fe9c1f5eacea2b0015816a1a4c

SHA256
2bea66164c06a4b3e5b3300c6e62460eb782d7d34b4b375bcdcaf1cf89d9da06

SHA512
a914116f040820258163d0de1d8617e8d5a7e4faa4abfece38d5af120e8656385c2a5969a304a1f42e807544045c19ddc51687d6d3dd833000871d8c520741f0

Download Submit
C:\Program Files\Sublime Text\Packages\Rails.sublime-package
Filesize
151KB

MD5
cb0a89be165e4b830ad9fd476483d6e9

SHA1
b8852fb64bea8ae6d25323195d4496496791f43d

SHA256
8e8ebcef61f92c44425a8d7440bd2e5b2e4e4018e548292cd22a01f4bf4b48fa

SHA512
7d20c494c708329373fbc8dd1eddf4c61df99224c162e5a58a434250c6173166048b6d54c1bfe4914a7ae25c669ac70f14dc9deaa30d14122da96fd66193f58b

Download Submit
C:\Program Files\Sublime Text\Packages\Regular Expressions.sublime-package
Filesize
53KB

MD5
b02af72938fa145b757a9100a103fc43

SHA1
76f79eab181552645f2bfe174265707ae894c015

SHA256
a560125e9fff43acd1ce161f6b971c3451129a129a7c4ef3644d3e201304e2a1

SHA512
2823f3fe290291c044ca16d812f9c6475cb335ddaa107025f6afd4ed8f44889a67171c23056bf5f3687b922878e52568677c2b0a4fb18ec49abf2ec3c9208c72

Download Submit
C:\Program Files\Sublime Text\Packages\RestructuredText.sublime-package
Filesize
11KB

MD5
0e74cfa3a8ad6ccd6b4df58d1e1fefbd

SHA1
71f08eba0d83c365ad90d6cfe6738e09b6661916

SHA256
d96d2e6b7c20337bb6717b8e5fab0c3e38cd654dc15a7e3b0259caaf3aa3ae46

SHA512
5d4f9cfdb4fd5d1e2fa7dd9e7e591bcff0a1b465f3cd8c2f3299fa2d1041659c6af3e88b30661c0b2807f8447bd34c82362fcfa20043ef3c26636bf04308e52b

Download Submit
C:\Program Files\Sublime Text\Packages\Ruby.sublime-package
Filesize
203KB

MD5
cf9e463c0d71ce0ed2d9763e3dab556f

SHA1
3696054e4b34e4594765072dfe903ab1bc9b0741

SHA256
4d7342d0bf7eb878d6f9d1a0d554695ad086bbc99a32b03cec21557b39c19024

SHA512
d554392edcd20edd3dffee301f1abf4a038cc706c26008cf69ea665f6da63a1b902efceff4f56d7f7bdf896579caaf404c35d884ae86c033201b5a19e78e08a1

Download Submit
C:\Program Files\Sublime Text\Packages\Rust.sublime-package
Filesize
186KB

MD5
5952997ea3f3fe978ceade7bb10ae93e

SHA1
a6df60f116f4f551ad77dc5cca70d22acda9f2fb

SHA256
61a8f3a15b098f3298630cb1e3cf14611fd9bce1a91e4e264e39d4e011b1d95e

SHA512
87eb5f707c3d13a4067445064cba21cc0b492543ee8575679f7c3d6d24d68c30175ae45a46ef7022e21364a13f0c3afae9422fa66561f32d72d2e82b1ef059e4

Download Submit
C:\Program Files\Sublime Text\Packages\SQL.sublime-package
Filesize
28KB

MD5
58d1b10c3ae981b42cec7d6ed5de4577

SHA1
790d11dfa4769f44d312948bdaeed1e776a654b9

SHA256
3b0a13c3ae0ec110ace72c34f523ea280be480b744d0a7e13c1b86aa9853b640

SHA512
ffbe266eda2ac72fe19ca4766d82fa4aeb25182969295e905855e232ec02ddc347b606eb096abe3088f61f2180280c819a49725f9345950b44bb15d41a1ac0ec

Download Submit
C:\Program Files\Sublime Text\Packages\Scala.sublime-package
Filesize
129KB

MD5
a88e407e33d76c40f8da0e4e8cbdb709

SHA1
c8e231f972fbc5c2dc81ca077e23118b1263f84c

SHA256
5068c04efee2da6dda1848e5772c241cfdf13563701a05b101f1e537e036e1a1

SHA512
4abd2250b337eb6cd2fa6297d1d482f45177b43cbeb6addefaf497fc82ef47abf21623ba40dcd7a1e6a70c490adf5dfa0bbacba1330fe9344bf7aaffe1fe9a93

Download Submit
C:\Program Files\Sublime Text\Packages\ShellScript.sublime-package
Filesize
425KB

MD5
97c4c57ac8d7d980544cb7e082e8ac92

SHA1
239d937a0a78472dcd8a78f6bb16ed857f668d38

SHA256
9f540a764ce247e2597f512eafcd55da9415c8075d501afd0bd5cca81a033f18

SHA512
a6b924e0f278fb5d20b35594c2f5c9b10639c0dc4c00e94abff068c853f9eadf9407b1c0f8139bde344966b0c2807abaa87f8caebc2003d8c059a97f2db702d0

Download Submit
C:\Program Files\Sublime Text\Packages\TCL.sublime-package
Filesize
35KB

MD5
6400eb8d14fa2b2bd7aa14d44485f78b

SHA1
7d6b6b0b307e27f89427b4967bb0331e166a70af

SHA256
a522cf82f8cf560f19ce950c3572c97bce8c28ef1e0c575d09e26fac5f62d24b

SHA512
1bf8446c0cfea4ffbd2825102e18dc6bf111d7f23d3c68ca8b1a6e351e4763f376b69183dc6eaa6b0a9088050be9ddc865a79a4835dc3e60f6eb85582b8fea6e

Download Submit
C:\Program Files\Sublime Text\Packages\Text.sublime-package
Filesize
1KB

MD5
31c37338e3413420cd79e71752951f86

SHA1
d281a92334370215a08f3bb8fee1b003b60eb83a

SHA256
5ec1a1f172ad0ecd1392ba3c2ea161d892be06b122469b87b6e1a913635a1dc9

SHA512
a5f081e3b30f9434428a4df8aafc5ce426dca561736adcabd226830825a1d808d4040d2c6fdc757e701de402b02d0c79635ad415015d05d2593984eb75968e29

Download Submit
C:\Program Files\Sublime Text\Packages\Textile.sublime-package
Filesize
12KB

MD5
1c548117df8a0a33d00755b6d813065d

SHA1
f15af4211f3562633a3e2d7e9a67fc8bacee19e6

SHA256
9e90da09427a38d99721799ec1418c59263dff67788680ae2f76f26e2a6afd1d

SHA512
e3a57c9b0d98108f80612dc93582a10808377e7af06a973f0ad016ffbf486ceb22f9ac4b56cdae822fa319bbc905b253313cfb3ab57a7f6fe58e68b3fc128e24

Download Submit
C:\Program Files\Sublime Text\Packages\Theme - Default.sublime-package
Filesize
393KB

MD5
baa58b0a478d7e0a012e8392a6e56f71

SHA1
3274d40afbf052383d82094f9d24102d8068e84e

SHA256
ab48cc0eaa156e5141c9e932396e97e08debd60ee45ce94a11c168e129fa855c

SHA512
aa01d498b9dc1dfec2874ab004ba2a4e5ab806b6b9b63011606798df75cda2f492ecfd889191424a90ba1e4339c6e2702d144f960823c5af247afcaafb998966

Download Submit
C:\Program Files\Sublime Text\Packages\XML.sublime-package
Filesize
110KB

MD5
f382c50276c8f03bb869693165dd87e2

SHA1
d08d483e5fa20bc8c4804160f69ebdfc7e752003

SHA256
bb79c3953134dd8d40bb4fb3b5fca8f23349179d3c2499d73efb86b6b7b3924a

SHA512
2930a8d1f980ea37adcbfe52ecc5107e9655fdffc3dfc876c3b55eec3f622d696ef112550a2b6a8122bf1ed6fcf85009dd39a9839b1e3a1a2bf2a82ebf17e0b0

Download Submit
C:\Program Files\Sublime Text\Packages\YAML.sublime-package
Filesize
61KB

MD5
ad0664b3865000c0cf2df8953b9a32af

SHA1
2edb85349449a40394237fa1aa1c1aa5a0dd9dc2

SHA256
42c12ae51ee09e2139a6e8899ff15e0aa7df90503fcbb1f9eebf8d2168a7f158

SHA512
7b3334d641b955273bc22cf3d6aec5fce6dca1e7964923bb8772010c1b0201d73dcd3e8c555be18409c01cef4c06e5efe75252ecece2160b4b8aee217abd6853

Download Submit
C:\Program Files\Sublime Text\crash_handler.exe
Filesize
841KB

MD5
7b7bc5178dc8466fa9b7a032fe092fc8

SHA1
c1b7b23f6a724a083ca2de18ff6679f1f0ce777a

SHA256
e4e6cc89c939ee75ddfa6a7eac1c196cc218688fa4451c5d3796d9ebbe4e77e8

SHA512
e1d3ae0b3d45421733f33ce9db50cecc71f4f5511f625ff6de7a6d1195b6556d38828d59b4ba9d80f128c87989d8dae7e005f1b5c2b6bb9d927f47e2bb146079

Download Submit
C:\Program Files\Sublime Text\libcrypto-1_1-x64.dll
Filesize
3.3MB

MD5
92cfb46c938c0da2191a97f281f16b06

SHA1
5be8da0d1b42c4eca86358bc74bcbe86787ded49

SHA256
6103fa5180ccb090629457abe21ef7a62525b1d4de2c353480d52431921d676c

SHA512
e6ecfb1169b463ce7837572452a95ae2ae5055a39d4e075ea910d3f5f8471997bfe9b60289c4b41a1c43ffa3d06f8139db88e35cb0ec3ad80968ad1a1e65782a

Download Submit
C:\Program Files\Sublime Text\plugin_host-3.3.exe
Filesize
2.9MB

MD5
42addcc12071e034b40e667947b6ab50

SHA1
17e582ce8288a7c45f601914610ff809fc894c6b

SHA256
be33652bbb21b9901db919c654b53cfa97ec00ba76d6eca0bc82b6ba330533d8

SHA512
14f463149e6b44cbabc536a71a02154e35b51753619caa1d1834a11bb39b230033240ff92609b9e58616e58624c23656ae0fba90782211a8b220c50f0093d048

Download Submit
C:\Program Files\Sublime Text\plugin_host-3.8.exe
Filesize
64KB

MD5
334330dde01a5002745d8fbd956726c3

SHA1
cf717cbbfcf207d78db71249dc0ffe814dd60c62

SHA256
fbf775516a2de01747b89b14d534ac714970d944d96177cae050275a38cf1fb4

SHA512
1deaa431153f3cdbad68ee1b045a842684a05207d69a2ce3d6159adfab18c471bce19fc6268f58d5956608810389a65cf354127939be0e7c6e8cfba2cfe8908e

Download Submit
C:\Program Files\Sublime Text\python33.dll
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Program Files\Sublime Text\python33.dll
Filesize
3.9MB

MD5
daf8f411c292cea715c7f63d6327d520

SHA1
abd23a20c7a9e7bf2c1b5bd1116cd9f88c37086f

SHA256
f4d18fad893cba2ca22a9f9fbd8f3392e3e2797527277f23f0d5914af2cf2ab3

SHA512
ecb73b787c8025e69ec41ddb0dcbfe15a79fe055e7d5f7d86ea7845aa5df358817ee80742c03ae139f3b80be1770d5221700755c0b868ad7bab513ea45f80562

Download Submit
C:\Program Files\Sublime Text\sublime_text.exe
Filesize
7.1MB

MD5
2129368b359f510498347c694c86ade9

SHA1
84213c1417ea1c1dea5dc0efe3290ab8e760e07c

SHA256
f30a01bd926acb5d248a75ebad58428590faedb99532fca1db83235d0bad9394

SHA512
cdc2b93e478e4ba6e4a2b799056d3cb1b4f0ee320dae5b9203fb47c299cf561fad871ea20928bb4dd39c8f1c06e9bc881d31ccf47256ed90a1625e5468a242ca

Download Submit
C:\Program Files\Sublime Text\sublime_text.exe
Filesize
7.7MB

MD5
f2aeb34835d9765797858cad5680f768

SHA1
878fb1d20e7a62e278464964fbc49d7bf7fa35b3

SHA256
36815fe4001fc895927c8e61ebcd446662096f290387178ac37ac587d7761e92

SHA512
3811a8af4e71efe0f3d909ac8f5cdef5565ac44d1440e8d002f0aa1e98d9963121e972b90ca3ce068ec1f73ff22897d9876c8adc90ccd75716ec543ec072f7f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NNQHR.tmp\sublime_text_build_4169_x64_setup.tmp
Filesize
1.1MB

MD5
8f7da348d1de78061ff3923fc50a24d5

SHA1
117257f0ad968f65c3a51010ffce82fae9411fb0

SHA256
5f417318ca2e2b98b9b781106fd9fbb64e959685ca697e017c4365c449baa7ce

SHA512
52552bced567566ffe4210cb6ddd27a1f7482559c7574bde0607ce22ae9980b57794cb3d0c4cee63768f69cc9b16336c2540141ff99e57e9c5c33cfc21ff602c

Download Submit
memory/2620-176-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2620-167-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2620-1-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4264-6-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/4264-169-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/4264-175-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download