7f8a7557d92ed985e26d9f0bfefa7d2dec72ee38e28579aca86fcb1114e4c267

Analysis

max time kernel
68s
max time network
70s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
16-04-2024 10:17

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

sublime_text_build_4169_x64_setup.exe
Size

15.7MB
MD5

591561a993ef58f8c547f1542c1ed2d8
SHA1

1177c6451fdaa841f7a8cb0feed53b6621e3356d
SHA256

7f8a7557d92ed985e26d9f0bfefa7d2dec72ee38e28579aca86fcb1114e4c267
SHA512

4902149980eebfdd8720600002d181816d8b36292fd8b5af5a023928738aa30789b3ee3c1075f304b55f4809b2df5dc63fa453e8747672064475e07478829089
SSDEEP

393216:fXI2GZeymKWixJkWwmP7o/OVHLBL5Y7rFQD0t1/26tTK:f4NoymKPQOVHLBLG9+wN1t

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 5 IoCs

Processes:

sublime_text_build_4169_x64_setup.tmpsublime_text.execrash_handler.exeplugin_host-3.3.exeplugin_host-3.8.exe

pid process

848 sublime_text_build_4169_x64_setup.tmp
1148 sublime_text.exe
1812 crash_handler.exe
2168 plugin_host-3.3.exe
868 plugin_host-3.8.exe

Loads dropped DLL 33 IoCs

Processes:

sublime_text_build_4169_x64_setup.exesublime_text_build_4169_x64_setup.tmprundll32.exesublime_text.exeplugin_host-3.8.exeplugin_host-3.3.exe

pid	process
2380	sublime_text_build_4169_x64_setup.exe
848	sublime_text_build_4169_x64_setup.tmp
1372
1372
1372
1800	rundll32.exe
1800	rundll32.exe
1800	rundll32.exe
1800	rundll32.exe
1800	rundll32.exe
1800	rundll32.exe
1800	rundll32.exe
1800	rundll32.exe
1800	rundll32.exe
1148	sublime_text.exe
1148	sublime_text.exe
1372
1372
1372
1148	sublime_text.exe
1148	sublime_text.exe
1148	sublime_text.exe
1148	sublime_text.exe
868	plugin_host-3.8.exe
2168	plugin_host-3.3.exe
2168	plugin_host-3.3.exe
868	plugin_host-3.8.exe
2168	plugin_host-3.3.exe
2168	plugin_host-3.3.exe
2168	plugin_host-3.3.exe
868	plugin_host-3.8.exe
868	plugin_host-3.8.exe
868	plugin_host-3.8.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

sublime_text_build_4169_x64_setup.tmp

description	ioc	process
File opened for modification	C:\Program Files\Sublime Text\update_installer.exe	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python3\certifi\is-V86I8.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-6USUM.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-48IQB.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-95IDL.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-DAI49.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python3\certifi\is-S0QKU.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-5CHRR.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-LATK5.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-6QIUG.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-OUMTI.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-FQ6JE.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-V3P05.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-U9BMT.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-F789R.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python33\is-9ODCK.tmp	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\libcrypto-1_1-x64.dll	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-0HE1U.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-92P70.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-EQ12Q.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-QTE4P.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python3\certifi\is-5A5BO.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python3\certifi\is-RL3CU.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-4SBE6.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-F29CM.tmp	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\subl.exe	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\unins000.dat	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python3\certifi\is-AA6RD.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-QR97S.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-FSFK3.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-RM9AR.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python33\is-KJUFE.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\unins000.msg	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-V145U.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-7B995.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-8TKCD.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-J60GJ.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-GC2SK.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-P8HMJ.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-5RG90.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-1624C.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\is-BUHOS.tmp	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\crash_handler.exe	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\sqlite3.dll	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\vcruntime140.dll	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-T2M8S.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-NCKRU.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-MC2M0.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-F2A7K.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python38\is-RILHT.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-3ACMR.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-17U9I.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-U84IU.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-82Q10.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-T536C.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-04V3D.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-S8K9L.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-PSV0B.tmp	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\libssl-1_1-x64.dll	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-41590.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-2IR2C.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-J5RRV.tmp	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\python38.dll	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-P4298.tmp	sublime_text_build_4169_x64_setup.tmp

Drops file in Windows directory 1 IoCs

Processes:

mspaint.exe

description ioc process

File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Modifies registry class 64 IoCs

Processes:

sublime_text_build_4169_x64_setup.tmp

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.commands\shell\open\command\ = "\"C:\\Program Files\\Sublime Text\\sublime_text.exe\" \"%1\""	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.project	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.project\shell	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.sublime-workspace\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.workspace	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-color-scheme\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.commands\shell\open	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.build-system\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.build-system\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.settings\shell\open	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.snippet\DefaultIcon	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-syntax	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.build-system\DefaultIcon	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.project\ = "Sublime Project"	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.color-scheme\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.theme	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.theme\DefaultIcon	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-project\OpenWithProgids\com.sublimehq.sublimetext.project	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.sublime-build\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.sublime-color-scheme\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.color-scheme\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\sublime_text.exe\SupportedTypes\.sublime-commands	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\sublime_text.exe\SupportedTypes\.sublime-macro	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.menu\shell\open	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.sublime-project\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.commands\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.completions\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.settings\DefaultIcon	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.syntax	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\sublime_text.exe\SupportedTypes\.sublime-color-scheme	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.commands\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.commands\shell	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.snippet	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.completions\DefaultIcon	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.menu	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.project\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.project\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.theme\shell	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-completions\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.completions\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.keymap\DefaultIcon	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-settings\OpenWithProgids\com.sublimehq.sublimetext.settings	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-commands\OpenWithProgids\com.sublimehq.sublimetext.commands	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.mousemap\shell	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.workspace\DefaultIcon	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.color-scheme	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.color-scheme\shell\open	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.macro	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-settings	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\sublime_text.exe\SupportedTypes\.sublime-mousemap	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.commands	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-keymap\OpenWithProgids\com.sublimehq.sublimetext.keymap	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.macro\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\sublime_text.exe\SupportedTypes\.sublime-settings	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\sublime_text.exe\SupportedTypes\.sublime-syntax	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-theme\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.macro\DefaultIcon\ = "C:\\Program Files\\Sublime Text\\sublime_text.exe,1"	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.macro\shell\open	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.settings	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\sublime_text.exe\SupportedTypes\.sublime-build	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.color-scheme\ = "Sublime Color Scheme"	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.settings	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.settings\shell	sublime_text_build_4169_x64_setup.tmp

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

sublime_text.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	sublime_text.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	sublime_text.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

sublime_text_build_4169_x64_setup.tmp

pid process

848 sublime_text_build_4169_x64_setup.tmp
848 sublime_text_build_4169_x64_setup.tmp
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

rundll32.exe

pid process

1800 rundll32.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

plugin_host-3.3.exe

description pid process

Token: 35 2168 plugin_host-3.3.exe

pid	process
1800	rundll32.exe

description	pid	process
Token: 35	2168	plugin_host-3.3.exe

Suspicious use of FindShellTrayWindow 53 IoCs

Processes:

sublime_text_build_4169_x64_setup.tmp

pid	process
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp
848	sublime_text_build_4169_x64_setup.tmp

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

mspaint.exe

pid process

1820 mspaint.exe
1820 mspaint.exe
1820 mspaint.exe
1820 mspaint.exe

pid	process
1820	mspaint.exe
1820	mspaint.exe
1820	mspaint.exe
1820	mspaint.exe

Suspicious use of WriteProcessMemory 19 IoCs

Processes:

sublime_text_build_4169_x64_setup.exerundll32.exesublime_text.exe

description	pid	process	target process
PID 2380 wrote to memory of 848	2380	sublime_text_build_4169_x64_setup.exe	sublime_text_build_4169_x64_setup.tmp
PID 2380 wrote to memory of 848	2380	sublime_text_build_4169_x64_setup.exe	sublime_text_build_4169_x64_setup.tmp
PID 2380 wrote to memory of 848	2380	sublime_text_build_4169_x64_setup.exe	sublime_text_build_4169_x64_setup.tmp
PID 2380 wrote to memory of 848	2380	sublime_text_build_4169_x64_setup.exe	sublime_text_build_4169_x64_setup.tmp
PID 2380 wrote to memory of 848	2380	sublime_text_build_4169_x64_setup.exe	sublime_text_build_4169_x64_setup.tmp
PID 2380 wrote to memory of 848	2380	sublime_text_build_4169_x64_setup.exe	sublime_text_build_4169_x64_setup.tmp
PID 2380 wrote to memory of 848	2380	sublime_text_build_4169_x64_setup.exe	sublime_text_build_4169_x64_setup.tmp
PID 1800 wrote to memory of 1148	1800	rundll32.exe	sublime_text.exe
PID 1800 wrote to memory of 1148	1800	rundll32.exe	sublime_text.exe
PID 1800 wrote to memory of 1148	1800	rundll32.exe	sublime_text.exe
PID 1148 wrote to memory of 1812	1148	sublime_text.exe	crash_handler.exe
PID 1148 wrote to memory of 1812	1148	sublime_text.exe	crash_handler.exe
PID 1148 wrote to memory of 1812	1148	sublime_text.exe	crash_handler.exe
PID 1148 wrote to memory of 2168	1148	sublime_text.exe	plugin_host-3.3.exe
PID 1148 wrote to memory of 2168	1148	sublime_text.exe	plugin_host-3.3.exe
PID 1148 wrote to memory of 2168	1148	sublime_text.exe	plugin_host-3.3.exe
PID 1148 wrote to memory of 868	1148	sublime_text.exe	plugin_host-3.8.exe
PID 1148 wrote to memory of 868	1148	sublime_text.exe	plugin_host-3.8.exe
PID 1148 wrote to memory of 868	1148	sublime_text.exe	plugin_host-3.8.exe

C:\Users\Admin\AppData\Local\Temp\sublime_text_build_4169_x64_setup.exe
"C:\Users\Admin\AppData\Local\Temp\sublime_text_build_4169_x64_setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2380

C:\Users\Admin\AppData\Local\Temp\is-26CBA.tmp\sublime_text_build_4169_x64_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-26CBA.tmp\sublime_text_build_4169_x64_setup.tmp" /SL5="$4001C,16071622,121344,C:\Users\Admin\AppData\Local\Temp\sublime_text_build_4169_x64_setup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:848

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:1820

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\UnregisterRepair.asp
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:1800

C:\Program Files\Sublime Text\sublime_text.exe
"C:\Program Files\Sublime Text\sublime_text.exe" "C:\Users\Admin\Desktop\UnregisterRepair.asp"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1148

C:\Program Files\Sublime Text\crash_handler.exe
"C:\Program Files\Sublime Text\crash_handler.exe" --no-rate-limit "--database=C:\Users\Admin\AppData\Local\Sublime Text\Crash Reports" "--metrics-dir=C:\Users\Admin\AppData\Local\Sublime Text\Crash Reports" --url=https://crash-server.sublimehq.com/api/upload --annotation=hash=9841736165743280861 --annotation=ident=sublime_text_4169 --initial-client-data=0x1ac,0x1b0,0x1b4,0x180,0x1b8,0x13feb4820,0x13feb4830,0x13feb4840
3⤵
- Executes dropped EXE
PID:1812

C:\Program Files\Sublime Text\plugin_host-3.3.exe
"/C/Program Files/Sublime Text/plugin_host-3.3.exe" 1148 "/C/Program Files/Sublime Text/sublime_text.exe" \\.\pipe\crashpad_1148_UWCGMNCIUVLNRDGF "/C/Users/Admin/AppData/Roaming/Sublime Text" "/C/Users/Admin/AppData/Local/Sublime Text" "/C/Program Files/Sublime Text/Packages"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2168

C:\Program Files\Sublime Text\plugin_host-3.8.exe
"/C/Program Files/Sublime Text/plugin_host-3.8.exe" 1148 "/C/Program Files/Sublime Text/sublime_text.exe" \\.\pipe\crashpad_1148_UWCGMNCIUVLNRDGF "/C/Users/Admin/AppData/Roaming/Sublime Text" "/C/Users/Admin/AppData/Local/Sublime Text" "/C/Program Files/Sublime Text/Packages"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:868

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2624

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Sublime Text\Packages\ASP.sublime-package

Filesize
111KB

MD5
a6d9884f73bc5e2220d80bee4e76f84e

SHA1
031c68cc096e04c5a6d0b1fe4363ce4cc54965a0

SHA256
d7a1b194c653d75278b221deaea1e7e05eee5951e8d476e01c84a4b5e7c46b90

SHA512
a3e7e48b6eed9595096f311beb0be8571e65bd94aa77ea030ec7bcb9681eba558ccdd62054854c47ca72b1d0ec0a2ff44e662137a70633ea16acf14a17be67c2

Download Submit
C:\Program Files\Sublime Text\Packages\ActionScript.sublime-package

Filesize
16KB

MD5
bfc0ce28d2c805843c85ffc64ed5a5f0

SHA1
ee3f144bb606ec8b12b2f37b0fdde86bfa23ec0d

SHA256
aeb55f3050f9bf6557c5b7512b37e8931851e5fea77615121c704e65ea39c661

SHA512
df9ac18689dac46cf5bead0701f53adaec074ae4e1853c50142843a1078822ac12d998319c13ec7e98eeadc8184ddcf24145de46156d6ccea687db0f5b15b91c

Download Submit
C:\Program Files\Sublime Text\Packages\AppleScript.sublime-package

Filesize
33KB

MD5
f198f42bd9f0dbc83049563cf04d20ca

SHA1
62ce5f4e67ec0ec282fe3d3e7273b5ec88e05946

SHA256
b22df40512887e3f2f2a852efbab83003277cbf97081288da4ce1b4c50059ff9

SHA512
e7a27f7db369cd33e68d1ee44bd666d044ca47beb7939d4fa60d3fbfaad3630fa8f294d160ba98d87a7a922f3972df50ee81335d6ba940caf0ac4d4d7a80f3b7

Download Submit
C:\Program Files\Sublime Text\Packages\Batch File.sublime-package

Filesize
311KB

MD5
781985669880fb1302c4e2b429096346

SHA1
e96de238035734624442e676752a160815522f2e

SHA256
bb958ccfb9d1bcb0fb354357d6546bd090dfe590ba3745c1d9b14192766b787a

SHA512
36f306ebe4ef6d12a2bb9bb034206c3e4b118f73992174e5762eb357ce07b727c8e14d4b5190599ce6c6378a5b585801e8f82faa57a12d1eeb71f556e49ad3c6

Download Submit
C:\Program Files\Sublime Text\Packages\Binary.sublime-package

Filesize
496B

MD5
54fee1be1e3d9f5d3294946d9a06bf91

SHA1
cab47647967f484ff6bdf959635fcc78cd8f60ca

SHA256
28e2bbb2865ded552217a92f4d9a3c749fb49fbe7a27935594f80fc3a90317e6

SHA512
82870ab62c82da8b2579e75572dd17f4a7006e9c490a3f9f3f51b878248c04f7b3ae94488e69dc498ac956ab14b1c87b15252239cb9782533251cf15a0f9c0e2

Download Submit
C:\Program Files\Sublime Text\Packages\C#.sublime-package

Filesize
289KB

MD5
296a448229fcb06224faa40d538dcf64

SHA1
9bd864a9a6f7e12c31e185c6ff3e272d2d13bf0c

SHA256
0ad3dff84216b06cc0728a6b4ecd6721f1580cb6ddf57fe809588b9f4d276b62

SHA512
55cc1d0f031599bc4cb8cb8ebb2a4e7e01b0e5dc81cf7c653c0feb7764f1c71b0e12de9242fc5837fb881a60b98f486d125e0224eb51ec0821cc5e85988e5dfd

Download Submit
C:\Program Files\Sublime Text\Packages\C++.sublime-package

Filesize
365KB

MD5
d805943b48a2b02775fed8255470aac7

SHA1
b605f369a1414df75389e6cb5c7b65748f35bd30

SHA256
474c41c3aa62796c6ef52b3fc3bb1bc6dcb5a9af63448dca42fbb240eaa9c9d1

SHA512
bb7cb0f3b3fdf228d80b61daa61eadf8022eb9741cf531ddf2b9f4b852e1794f5e5bcfffcf8809df23682b805a5b4282df3fa055c3c2bbd63d2146ae07c34b53

Download Submit
C:\Program Files\Sublime Text\Packages\CSS.sublime-package

Filesize
428KB

MD5
1051271da7da5f11104f3c84e7fce57d

SHA1
b5c4870c88ee75696defa0e7085ed9055b55cbd9

SHA256
2a1219dd78130a374b1eee8e5b66b7f1d0e9b8139a38a2e25def9d4f266b19c3

SHA512
352df1882cff1ade58d0dab2db0c115354aca8858e2bccc49f5d353382d09fb86d342dc1a52161b74ba1cb85905f22280985dc79435d360c3601461592528f4e

Download Submit
C:\Program Files\Sublime Text\Packages\Clojure.sublime-package

Filesize
96KB

MD5
76222018c14983a3875860388aa97025

SHA1
d3e9147297a8ae0b5191de73f98e43640367d2eb

SHA256
0edd21d6509ac517b144ad74e8963ef942d0bb29cdbef7c29961f3a6da637bfd

SHA512
a75877648873af0913b548ca94f8e3b515dcef7b796a85882dca31ed3579c18ecdde5fce36996cc4bd5ebda889f9833a17c02d809629884fba4cbf7746642a25

Download Submit
C:\Program Files\Sublime Text\Packages\Color Scheme - Default.sublime-package

Filesize
50KB

MD5
4aa558def7a1f3e0c232f43377818b3a

SHA1
b20d8a740a4aff18a6a300513bba376964227575

SHA256
1ed899e3ccbb3b9ed0c3dc26191b8f51f0b7166ed5aa22869ed1138f8e78c7cd

SHA512
569eacf99359a162a904f42f0e003d9f5a0613ec420ac960f09768a951cb2bcb578b3ca58a11bd4bb34e0f34273ae831c9267fdd147e39380531d24b2cb361ed

Download Submit
C:\Program Files\Sublime Text\Packages\Color Scheme - Legacy.sublime-package

Filesize
259KB

MD5
38bfd6a3b889b9c718be9790873a5766

SHA1
6afd749587d425d10a9dd7ca8e7099ae0a53ed0b

SHA256
be8c2b8e40e89fb5ccf71eb7745621ac1001d2db8ce118879cba33ca9c386363

SHA512
493b76fdc75d569437421eecba213d9ed503ed6b2fc4f5e53b43d07a92b554262c32d64b1ebd77ad561acc7d8de63559220c0c4eb3aaa58b687dfa7dcc40090b

Download Submit
C:\Program Files\Sublime Text\Packages\D.sublime-package

Filesize
225KB

MD5
1e7eba6bc100e0c4731d96cc048648c9

SHA1
415c9f431c01d1745cb5fe0f1c3c51db785679b2

SHA256
653edffef22fe124e9cc0d4acf305ecd7c33edab4dd5e064bae9675f5fa3d65c

SHA512
8cf4d9ee46c7035557d4270e5b7cf5ba513a1258c5ded0dd6b8ed888d8c0063d09ff68cd301da3bb3c158010d67f97f229540b6a9d267879073bdbd74b8e489e

Download Submit
C:\Program Files\Sublime Text\Packages\Default.sublime-package

Filesize
531KB

MD5
4a3d57031290e59d915fd1c14f687cc3

SHA1
4fa1fc87445668cc7520683991eb2a176dceab65

SHA256
03836c79cf01ce1618a76bc960641c3108464ff1dfd373492a2b98feb835f710

SHA512
debe7a6297b605a89b20e6100a2f3a761cb45e84514cbaca4c7137a23769a0b0fafa64a15615c55d5030d4c3078e66d44c8c5e4c31ff12d59f135d016a7e7cb3

Download Submit
C:\Program Files\Sublime Text\Packages\Diff.sublime-package

Filesize
13KB

MD5
8044981429777c80ab2b8be783666c37

SHA1
0f6634ceef284ac7d3a96e13ea30bb22a7dc6d36

SHA256
1cc6036699a37bfd4a6d95de597529b430512d69395200571fce9919faf50200

SHA512
a07205223fa299e33a592058778ec86e3be68d1b6220c1c601c7943078fe4781b45cde972ee9c5e2c01daeb8be8772195b5feaaae6a5fd40964be3e28f904d76

Download Submit
C:\Program Files\Sublime Text\Packages\Erlang.sublime-package

Filesize
392KB

MD5
84dce3f197f8f579d8843ad42123ea98

SHA1
00f5af1ec08a9bdba623b9d6930fbd5113f8f225

SHA256
5ee0f147280f66fcf011ee18d6bdf6685f5dcee1682c48df2f212d91293306e6

SHA512
e78d5abf2a84e32cc758dac1c0ebe4c5eef987bb20f00e4d3fb0026e3f37593cd1b1f93d179ff7927f00ee6eb5ac8a8faa06b6b8ed6a4e3cda84fdbacb285bb4

Download Submit
C:\Program Files\Sublime Text\Packages\Git Formats.sublime-package

Filesize
224KB

MD5
90c5e6ff60f5a86e1cbd09ffec0504b1

SHA1
3fe1ae3c73e6c8cc589482eb8a3c2414a155b398

SHA256
8e11257870035fefde534b518ce231cac50f87f96d6c98b430f22146b0f172fc

SHA512
f09f2e96c87f237324cd1677a9e1d13a748ad5e7a2d7c7d4c4247163397131218e2eb258def7a7bed38f53591355121c9410c68991350da3918a5e47f58edc8e

Download Submit
C:\Program Files\Sublime Text\Packages\Go.sublime-package

Filesize
379KB

MD5
3d68e03e4feb633243bdf43801d7dfe9

SHA1
73fd739da5319613c9c17145b7ba2ebc2dbf7826

SHA256
695e87f39a972edeaa88f5b1fd8a0e5c466c13f031d6332205ec48940eea0963

SHA512
b1a5601888aa66d5ffc8d71dfbb9d25866b85ed91fedce594cf4866161b42ee04cbb6fa8d68aa8eb6c62f7d60753b2fdc1b7a4d5e78ffed94b1920f0a2a4c854

Download Submit
C:\Program Files\Sublime Text\Packages\Graphviz.sublime-package

Filesize
71KB

MD5
878849cc2f27721e7677583400131fb3

SHA1
884fb8f95f9e4c45e43d8cfac60c14c6b38071fe

SHA256
bea0a17992ecd61aa2cc513777c8ea9c64368026ceb96efb5856e42d25bb1b39

SHA512
49a032ca7353ebf57be52679c3141b30f9363efe5b9b6a89e250027f1c6fd224d70ef7b8b0afd8ef33a2a2393c919bfe339501bdfc82b15da05ccee3fe327fd8

Download Submit
C:\Program Files\Sublime Text\Packages\Groovy.sublime-package

Filesize
86KB

MD5
48fb35dedad0a0cf3db8f62e5e545f11

SHA1
76de5ee52b7e7c060968749b61d093aa45e2da15

SHA256
25b65f1bc89d265c4969f53b409b4d5e4393e15b28932eca58cfd56726f80bc7

SHA512
e784bac997f2e686d9a0c8bc2c0de52f93204630ac86071852782db955ea3f2a9f939ae17a6686b3eb2cb5b375122922aaf3768abb34b6551aca19077b5fccb6

Download Submit
C:\Program Files\Sublime Text\Packages\HTML.sublime-package

Filesize
122KB

MD5
8a1487a871bba077694a03a63c07e12a

SHA1
cb4c40cd3f59a8792e3db1397b47c607d88b79e1

SHA256
41029b3de142f15690d95bc840a8080b251afd3940f045c855ba3008d4b88345

SHA512
49670e86aa88b007220ccfddf8fb6fc7d9e0cad802022def81a43fe98e485ad460cc20d7aeb564b9c61c66d91fc791ba315b27e66b76bf55a2b25ce94eab8f9f

Download Submit
C:\Program Files\Sublime Text\Packages\Haskell.sublime-package

Filesize
363KB

MD5
4b3de3944f75b3553e903da5dc9b537f

SHA1
0ca27962cbf2450f9cca40fc1c257f8e8b16dc56

SHA256
bc78e929fd0ce819fe2d1c9a43a667fe0fda4fee2844c6da6ba14b2ef3214da6

SHA512
3d5701d16a3995226b101cebe7cb0385e2367dd026d04963b99f6af34d4a509c9962a1fe91900bdf97927f7791aa92cd8d75a4431ec8cf8765546cc42cad3ded

Download Submit
C:\Program Files\Sublime Text\Packages\JSON.sublime-package

Filesize
14KB

MD5
627850cbc10db5fcfb5223155cb581a1

SHA1
93469559a6530f41ebd7974194eb1a5f090f01f9

SHA256
acbb27e6bc892c6ed87f7584508e6804cd3740cfcb94ea2bf46defc0f57b97a4

SHA512
1bfeab76ec0ec15aa767885337686e6e930b17e9de227ba1ab72d2091b844716c782f296617a6d66e9a840538fc52f7f621843a18e45355c6f7b37c019ca58a0

Download Submit
C:\Program Files\Sublime Text\Packages\Java.sublime-package

Filesize
870KB

MD5
d60067436492d811f13624b859274a69

SHA1
73eea2da3699871d1aa427e40235f6be76d70135

SHA256
060dfad7b44f70f9591eec79e7e42d7ef6fa11779811f74dd020baaf5c80da39

SHA512
653c29fa17effaaca34d28b0259755d4a85a8b934c8a64017214ef543820de0c35a6f5848530d9a7a243f69515ef721364694e89abfb4ecf0bacfe704c8e9d1f

Download Submit
C:\Program Files\Sublime Text\Packages\JavaScript.sublime-package

Filesize
369KB

MD5
9666be6812cb6cd89a7e787aa5935671

SHA1
7db0078a6c516c8ce997b7b3d6235aba87bd0db6

SHA256
6af28318529df765d1c1e61b5574b3d0cb377a6a7c3dfa9c11d5961dfe3af0c5

SHA512
2762108b2c9620ca6f6c8b1d66c1af7e20e354ab1ff4d51e3d0e30ffc9bde7cd02804999ea751d9c5e979cde239a348bb4e515c54aa80c5a1f0c77d5688898d4

Download Submit
C:\Program Files\Sublime Text\Packages\LaTeX.sublime-package

Filesize
133KB

MD5
068391e35ab49fb5a9ca18f8abead5bf

SHA1
68a941eecd06ef6086a0ec375e3b36d8bc486301

SHA256
5396bab5e0521da2fbc7b8ee43c2eb7a13cd68cdb5281a01e93de0f7c91403dd

SHA512
e68effcf65e0bf403322021f319108e50c689379820be9392ad63d1bf808a6d1eb5726eebe07d952b6f4aa946cd252c22e18133db2b88f91bc13a0717ddeb506

Download Submit
C:\Program Files\Sublime Text\Packages\Language - English.sublime-package

Filesize
1.6MB

MD5
1f2e42713458733f9ab01c3991b91ff4

SHA1
aaa7c135279c5d718ccf4a54a2506d50baebf63c

SHA256
cd148c04e9f233a371a4c9759e2a84552fd5d437b75025ec4db7e2f951d1eb64

SHA512
fe31ced8e34b0b69a098024a2ce73c561b90a5b52824af8b05b362e194c0f66ff09ffdc26fbacd1e7e25dd97b933eab8f57201dac79a658614cb868addadafb6

Download Submit
C:\Program Files\Sublime Text\Packages\Lisp.sublime-package

Filesize
22KB

MD5
40e3205a6b48d2b66808f88aa72c4701

SHA1
fa995adda4e70c918aefc9f4ad6bedc85109ad35

SHA256
f149f244e3d2eb911558815c4dac2cc16b5f6747c9c951024cae8a75a783150a

SHA512
a40d61e2488d76273dd8f1b0d377f14bfcd1bb356c46f31fe08202183ee823d48bdef88b30ae152475ed1f24c3095779e4d96cdf55856a2701ddcb1fc1012af2

Download Submit
C:\Program Files\Sublime Text\Packages\Lua.sublime-package

Filesize
78KB

MD5
16aa1a1ebb20037486db4980cc604957

SHA1
e6d15a93af50369b3e1097420a3fec336b50c7e3

SHA256
f508648745b745e6c2901137f66a000b3ec2fb5af20f1ce0346916d082607c23

SHA512
0620f3dbc0cabc9998fa632984fd99cb786535615c0c79b5fb2ffd495d3e437e498f942abd37ffadea63c6ea7af121614db1b054a41606a38c0a114ac5e00f5c

Download Submit
C:\Program Files\Sublime Text\Packages\Makefile.sublime-package

Filesize
62KB

MD5
6bc60bd9bc1367f7a4d2db59e3cc01b5

SHA1
4398234f9d8e8bf4783a9a822955ce167f8fc942

SHA256
cb2514b51c2085e3e9d1bf5015d3ff70fd22cea6d3033bfe0f19ce00c882c1ff

SHA512
d723a71d5186ef10328041597a5bccf7df3c70253dc14f8489cce7c4e173ca42f052d33732e8b0836d266d075bac12cf4310c03946d9ef617f9a13b34ee3ffcc

Download Submit
C:\Program Files\Sublime Text\Packages\Markdown.sublime-package

Filesize
449KB

MD5
1213caa118a5116fdab3f2131dedb25c

SHA1
607448a7547a282cf2fb1cc8d45a923cbd361b2e

SHA256
98bce03206946e87cdb26557e319957c19e3cf4ba98e677549705d9178693f02

SHA512
4e0756c41e14566169e5043fdc211676a55bd3c183069e910c1eed0353de629a7e43db76c92fd2ca6edf56cec2e853495c8bb9a9df76a8c79e33585a95b28c9e

Download Submit
C:\Program Files\Sublime Text\Packages\Matlab.sublime-package

Filesize
138KB

MD5
a410f1bbece3ec2ae8f1e568da0364ca

SHA1
2177cfcdb96ae3ea4179176e0ca61d5ded3570df

SHA256
062b3606f10f02e330720bf875a1ad3f766b6d79619dfc6e589bf6e48857eb7f

SHA512
c1f420930a72e23d0063b13dd359de3fc8b1b53651ff5678af0bc03d14dbbbd77716de628b459658a3fca95d6d4189968a5c1a3b5b0da9b5cb110b82ec914c25

Download Submit
C:\Program Files\Sublime Text\Packages\OCaml.sublime-package

Filesize
55KB

MD5
369ec3bd2e2831d5f857823f033d41d4

SHA1
18613c5065171c959c8d07e970965245562ae1b7

SHA256
b0107591f2180dc3b9549c9b99b3371828a92bc6a57bb985d06f1d0b84cfb319

SHA512
b8b44ef0fe790b64bfe3f604f90c3ecbc2166346cfd4b60c33691c6e86874dacd1badd0a5fd1f78d33b93b33ba0e2607d2c2d0fde01436f6bd15af52a00eee34

Download Submit
C:\Program Files\Sublime Text\Packages\Objective-C.sublime-package

Filesize
294KB

MD5
bc033f59e7a9bf3796070dfc222e1792

SHA1
ab64fd27923a1bc770f961384b3d9dd580ec2e7d

SHA256
8e09ad1ca7ef39e643ec5d14a3e2d5ea7fe756d2eceba9326f0d7307c4ff8f70

SHA512
db1018ceb1e23fc520afa2e019213a1859bb1b7791d4372479eff677a8885faaac1e12938b1d80fff0747d62fa5d600c56663dde6f9114952ef5e50a4bc7824c

Download Submit
C:\Program Files\Sublime Text\Packages\PHP.sublime-package

Filesize
1.2MB

MD5
c615a897f34ba917de9a7d8b6a14f252

SHA1
11bbbef24c08cd9865b8c8c7c3df3827174289b0

SHA256
364d672be4127bc578c792eaa6872231a618e4550638138707cb48c67fcaa5d7

SHA512
61693f5eb5d9f20168eb2feb98864fb678a4ed7155f00e86e18917e8b2ecbd41811057375d22f27004956e04e1951f0d63d87d9d327dad1e5aa0e4c64d278d6f

Download Submit
C:\Program Files\Sublime Text\Packages\Pascal.sublime-package

Filesize
5KB

MD5
03e1ce7b9568907f6e2171b1b3e671ad

SHA1
f634924e154933a11be1e3c0c26bda6a32060465

SHA256
343e89615583859d4a92e497924f8a64c14efbd803516a9b9a3e85798596d5d9

SHA512
47c65db26ad9ba5b8769aa4deab769a4dce86f908501eaa7eab8ff841deb65512ca148a5b176879353510c26dd795bb21cfe90b6f923bd7b620ff950013713aa

Download Submit
C:\Program Files\Sublime Text\Packages\Perl.sublime-package

Filesize
321KB

MD5
e53c56af16da5b95a831f498d18b7463

SHA1
dc3f23de81c56e97681b2a6352302cbf8e68e4da

SHA256
5f6bb00dcfe8db03b62838ad090fb5714b90b0cb485bbd8645dabc446a7c0675

SHA512
959c518719a98bc163421b3d116e2bbdaa975c0baf8edff05168d6d2a66497a78bb48948683e33a02ea14f37dcf45b305908ee7aeb98268ed5f278eea1c914a0

Download Submit
C:\Program Files\Sublime Text\Packages\Python.sublime-package

Filesize
381KB

MD5
8839efff1dcd1b999012264191a79d80

SHA1
e780f0dd6a02b7bf3bb0a15cc914e958714a6bc2

SHA256
e6b4e79c2de8734586f6426dd1c4122de329d6c6312dabece64bcd2f05a75955

SHA512
78e48d29f1335ef840c11e9dd388f8bba0fec80bbfbeef8cdb7518622b7f962d22a48a4e30a65dc7c2eb19a9588eff75c8f5b91f22f28150c48fb7598198013c

Download Submit
C:\Program Files\Sublime Text\Packages\R.sublime-package

Filesize
79KB

MD5
a3f0e837f1d01db5320f11a32c55fa84

SHA1
b707157193b542fe9c1f5eacea2b0015816a1a4c

SHA256
2bea66164c06a4b3e5b3300c6e62460eb782d7d34b4b375bcdcaf1cf89d9da06

SHA512
a914116f040820258163d0de1d8617e8d5a7e4faa4abfece38d5af120e8656385c2a5969a304a1f42e807544045c19ddc51687d6d3dd833000871d8c520741f0

Download Submit
C:\Program Files\Sublime Text\Packages\Rails.sublime-package

Filesize
151KB

MD5
cb0a89be165e4b830ad9fd476483d6e9

SHA1
b8852fb64bea8ae6d25323195d4496496791f43d

SHA256
8e8ebcef61f92c44425a8d7440bd2e5b2e4e4018e548292cd22a01f4bf4b48fa

SHA512
7d20c494c708329373fbc8dd1eddf4c61df99224c162e5a58a434250c6173166048b6d54c1bfe4914a7ae25c669ac70f14dc9deaa30d14122da96fd66193f58b

Download Submit
C:\Program Files\Sublime Text\Packages\Regular Expressions.sublime-package

Filesize
53KB

MD5
b02af72938fa145b757a9100a103fc43

SHA1
76f79eab181552645f2bfe174265707ae894c015

SHA256
a560125e9fff43acd1ce161f6b971c3451129a129a7c4ef3644d3e201304e2a1

SHA512
2823f3fe290291c044ca16d812f9c6475cb335ddaa107025f6afd4ed8f44889a67171c23056bf5f3687b922878e52568677c2b0a4fb18ec49abf2ec3c9208c72

Download Submit
C:\Program Files\Sublime Text\Packages\RestructuredText.sublime-package

Filesize
11KB

MD5
0e74cfa3a8ad6ccd6b4df58d1e1fefbd

SHA1
71f08eba0d83c365ad90d6cfe6738e09b6661916

SHA256
d96d2e6b7c20337bb6717b8e5fab0c3e38cd654dc15a7e3b0259caaf3aa3ae46

SHA512
5d4f9cfdb4fd5d1e2fa7dd9e7e591bcff0a1b465f3cd8c2f3299fa2d1041659c6af3e88b30661c0b2807f8447bd34c82362fcfa20043ef3c26636bf04308e52b

Download Submit
C:\Program Files\Sublime Text\Packages\Ruby.sublime-package

Filesize
203KB

MD5
cf9e463c0d71ce0ed2d9763e3dab556f

SHA1
3696054e4b34e4594765072dfe903ab1bc9b0741

SHA256
4d7342d0bf7eb878d6f9d1a0d554695ad086bbc99a32b03cec21557b39c19024

SHA512
d554392edcd20edd3dffee301f1abf4a038cc706c26008cf69ea665f6da63a1b902efceff4f56d7f7bdf896579caaf404c35d884ae86c033201b5a19e78e08a1

Download Submit
C:\Program Files\Sublime Text\crash_handler.exe

Filesize
841KB

MD5
7b7bc5178dc8466fa9b7a032fe092fc8

SHA1
c1b7b23f6a724a083ca2de18ff6679f1f0ce777a

SHA256
e4e6cc89c939ee75ddfa6a7eac1c196cc218688fa4451c5d3796d9ebbe4e77e8

SHA512
e1d3ae0b3d45421733f33ce9db50cecc71f4f5511f625ff6de7a6d1195b6556d38828d59b4ba9d80f128c87989d8dae7e005f1b5c2b6bb9d927f47e2bb146079

Download Submit
\Program Files\Sublime Text\sublime_text.exe

Filesize
9.4MB

MD5
5b3c8cea0fca4323f0e8a994209042a8

SHA1
fa75cbd9a41c18f4ea90aa713ec9f8c230d3fbc5

SHA256
3bdd447101d108dec57da58b8b043019fa422081017a153d49e2a2f2e89d043d

SHA512
ccd3cc6d5771114bc3860c2aecd5e304eb091ae941b97baf5635d2dc30fbea89d69e48b4ccde19bde45429b3133758c824eefc6ff27e7260b6146f9002e2f31e

Download Submit
\Users\Admin\AppData\Local\Temp\is-26CBA.tmp\sublime_text_build_4169_x64_setup.tmp

Filesize
1.1MB

MD5
8f7da348d1de78061ff3923fc50a24d5

SHA1
117257f0ad968f65c3a51010ffce82fae9411fb0

SHA256
5f417318ca2e2b98b9b781106fd9fbb64e959685ca697e017c4365c449baa7ce

SHA512
52552bced567566ffe4210cb6ddd27a1f7482559c7574bde0607ce22ae9980b57794cb3d0c4cee63768f69cc9b16336c2540141ff99e57e9c5c33cfc21ff602c

Download Submit
memory/848-13-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/848-190-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/848-15-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/848-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1608-611-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/1820-14-0x0000000004380000-0x0000000004381000-memory.dmp

Filesize
4KB

Download
memory/1820-11-0x0000000001D90000-0x0000000001D91000-memory.dmp

Filesize
4KB

Download
memory/1820-10-0x000007FEFB500000-0x000007FEFB54C000-memory.dmp

Filesize
304KB

Download
memory/1820-20-0x000007FEFB500000-0x000007FEFB54C000-memory.dmp

Filesize
304KB

Download
memory/2380-12-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2380-1-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2380-191-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2624-610-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads