540b734c0f28db97285e938c115da9c2ff0dc097dadabcb89ae55e875557d8e7

Analysis

max time kernel
146s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24/04/2024, 20:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SMEditor/SMEditor.exe
Size

2.0MB
MD5

229f350c161ad42758226aacc5d365bc
SHA1

f5c4be3ccb979d7941e5bb1c9d25605e6b5ff835
SHA256

08c7c5878ca2a3efa1a6f3e712d8c0ccb2eaecc36e69028dceb35b4b0c0e9e76
SHA512

d20a7a2fcdfbc73f6cf8feeac6a6c16cfd0db708664306b7e24a1ff88fa75e489f4f25dc84c5e7ba8545a335c823bdda5a1eac1796fc6ad48059cd069ccb87b1
SSDEEP

49152:mMR/uUCKE5X/Uh6xy7vPsSChCf17T6VQXI:jqsYXa7T6B

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Control Panel\International\Geo\Nation	SMEditor.exe
Key value queried	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Control Panel\International\Geo\Nation	SMEditor.exe
Key value queried	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Control Panel\International\Geo\Nation	SMEditor.exe

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	SMEditor.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	SMEditor.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	SMEditor.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	SMEditor.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SMEditor.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	SMEditor.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	SMEditor.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584639915636507"	SMEditor.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	SMEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	SMEditor.exe
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	SMEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000885891e1cc8cda01223c7d5bd98cda01d0babfed8596da0114000000	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	SMEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	SMEditor.exe
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	SMEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	SMEditor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	SMEditor.exe
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	SMEditor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2"	SMEditor.exe
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings	SMEditor.exe
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	SMEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	SMEditor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	SMEditor.exe
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	SMEditor.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	SMEditor.exe
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	SMEditor.exe
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	SMEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	SMEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	SMEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	SMEditor.exe
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings	SMEditor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1"	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	SMEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000d0bb93e1cc8cda01257536e4cc8cda01e558fce4cc8cda0114000000	SMEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	SMEditor.exe
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	SMEditor.exe
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	SMEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	SMEditor.exe
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	SMEditor.exe
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	SMEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	SMEditor.exe
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	SMEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	SMEditor.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	SMEditor.exe
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	SMEditor.exe
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	SMEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	SMEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	SMEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff	SMEditor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	SMEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	SMEditor.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
2116	SMEditor.exe
2116	SMEditor.exe
2116	SMEditor.exe
2116	SMEditor.exe
2120	SMEditor.exe
2120	SMEditor.exe
2116	SMEditor.exe
2116	SMEditor.exe
2116	SMEditor.exe
2116	SMEditor.exe
2116	SMEditor.exe
2116	SMEditor.exe
2116	SMEditor.exe
2116	SMEditor.exe
4376	SMEditor.exe
4376	SMEditor.exe
4376	SMEditor.exe
4376	SMEditor.exe
4056	SMEditor.exe
4056	SMEditor.exe
4056	SMEditor.exe
4056	SMEditor.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: 33	1600	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1600	AUDIODG.EXE
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe
Token: SeShutdownPrivilege	2120	SMEditor.exe
Token: SeCreatePagefilePrivilege	2120	SMEditor.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2120	SMEditor.exe
2120	SMEditor.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4440	SMEditor.exe
848	SMEditor.exe
848	SMEditor.exe
848	SMEditor.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2116	2120	SMEditor.exe	88
PID 2120 wrote to memory of 2116	2120	SMEditor.exe	88
PID 2116 wrote to memory of 3712	2116	SMEditor.exe	89
PID 2116 wrote to memory of 3712	2116	SMEditor.exe	89
PID 2120 wrote to memory of 3948	2120	SMEditor.exe	90
PID 2120 wrote to memory of 3948	2120	SMEditor.exe	90
PID 2120 wrote to memory of 1876	2120	SMEditor.exe	91
PID 2120 wrote to memory of 1876	2120	SMEditor.exe	91
PID 2120 wrote to memory of 3336	2120	SMEditor.exe	92
PID 2120 wrote to memory of 3336	2120	SMEditor.exe	92
PID 2120 wrote to memory of 4376	2120	SMEditor.exe	93
PID 2120 wrote to memory of 4376	2120	SMEditor.exe	93
PID 2120 wrote to memory of 484	2120	SMEditor.exe	99
PID 2120 wrote to memory of 484	2120	SMEditor.exe	99
PID 2120 wrote to memory of 1944	2120	SMEditor.exe	106
PID 2120 wrote to memory of 1944	2120	SMEditor.exe	106
PID 2120 wrote to memory of 3492	2120	SMEditor.exe	111
PID 2120 wrote to memory of 3492	2120	SMEditor.exe	111
PID 2120 wrote to memory of 4040	2120	SMEditor.exe	112
PID 2120 wrote to memory of 4040	2120	SMEditor.exe	112
PID 2120 wrote to memory of 4440	2120	SMEditor.exe	124
PID 2120 wrote to memory of 4440	2120	SMEditor.exe	124
PID 2120 wrote to memory of 4056	2120	SMEditor.exe	126
PID 2120 wrote to memory of 4056	2120	SMEditor.exe	126
PID 2120 wrote to memory of 848	2120	SMEditor.exe	127
PID 2120 wrote to memory of 848	2120	SMEditor.exe	127

C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe
"C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe"
1⤵
- Checks computer location settings
- Checks system information in the registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe
  C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\SMEditor\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\SMEditor\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\SMEditor\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\SMEditor\User Data" --annotation=plat=Win64 --annotation=prod=SMEditor --annotation=ver=0.1.1-beta --initial-client-data=0x290,0x294,0x298,0x28c,0x29c,0x7fff3e97a970,0x7fff3e97a980,0x7fff3e97a990
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe
    C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\SMEditor\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\SMEditor\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=SMEditor --annotation=ver=0.1.1-beta --initial-client-data=0x1b4,0x1b8,0x1bc,0x110,0x1c0,0x7ff74e78ca30,0x7ff74e78ca40,0x7ff74e78ca50
    3⤵
    PID:3712
- C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe
  "C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe" --type=gpu-process --disable-gpu-sandbox --no-sandbox --enable-logging --v=1 --user-data-dir="C:\Users\Admin\AppData\Local\SMEditor\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\SMEditor\package.nw" --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --enable-logging --v=1 --mojo-platform-channel-handle=1968 --field-trial-handle=1972,i,1721684516321687084,9110115159010768054,262144 /prefetch:2
  2⤵
  PID:3948
- C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe
  "C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --enable-logging --v=1 --user-data-dir="C:\Users\Admin\AppData\Local\SMEditor\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\SMEditor\package.nw" --start-stack-profiler --enable-logging --v=1 --mojo-platform-channel-handle=2060 --field-trial-handle=1972,i,1721684516321687084,9110115159010768054,262144 /prefetch:8
  2⤵
  PID:1876
- C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe
  "C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --enable-logging --v=1 --user-data-dir="C:\Users\Admin\AppData\Local\SMEditor\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\SMEditor\package.nw" --enable-logging --v=1 --mojo-platform-channel-handle=2268 --field-trial-handle=1972,i,1721684516321687084,9110115159010768054,262144 /prefetch:8
  2⤵
  - Checks computer location settings
  PID:3336
- C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe
  "C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\SMEditor\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\SMEditor\package.nw" --nwjs --extension-process --first-renderer-process --no-sandbox --autoplay-policy --enable-logging --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Temp\SMEditor\gen" --no-zygote --v=1 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1972,i,1721684516321687084,9110115159010768054,262144 /prefetch:1
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4376
- C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe
  "C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --enable-logging --v=1 --user-data-dir="C:\Users\Admin\AppData\Local\SMEditor\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\SMEditor\package.nw" --enable-logging --v=1 --mojo-platform-channel-handle=4044 --field-trial-handle=1972,i,1721684516321687084,9110115159010768054,262144 /prefetch:8
  2⤵
  PID:484
- C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe
  "C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --enable-logging --v=1 --user-data-dir="C:\Users\Admin\AppData\Local\SMEditor\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\SMEditor\package.nw" --enable-logging --v=1 --mojo-platform-channel-handle=4260 --field-trial-handle=1972,i,1721684516321687084,9110115159010768054,262144 /prefetch:8
  2⤵
  PID:1944
- C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe
  "C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --enable-logging --v=1 --user-data-dir="C:\Users\Admin\AppData\Local\SMEditor\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\SMEditor\package.nw" --enable-logging --v=1 --mojo-platform-channel-handle=3820 --field-trial-handle=1972,i,1721684516321687084,9110115159010768054,262144 /prefetch:8
  2⤵
  PID:3492
- C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe
  "C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --enable-logging --v=1 --user-data-dir="C:\Users\Admin\AppData\Local\SMEditor\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\SMEditor\package.nw" --enable-logging --v=1 --mojo-platform-channel-handle=4380 --field-trial-handle=1972,i,1721684516321687084,9110115159010768054,262144 /prefetch:8
  2⤵
  PID:4040
- C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe
  "C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --enable-logging --v=1 --user-data-dir="C:\Users\Admin\AppData\Local\SMEditor\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\SMEditor\package.nw" --enable-logging --v=1 --mojo-platform-channel-handle=4360 --field-trial-handle=1972,i,1721684516321687084,9110115159010768054,262144 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4440
- C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe
  "C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --disable-gpu-sandbox --no-sandbox --enable-logging --v=1 --user-data-dir="C:\Users\Admin\AppData\Local\SMEditor\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\SMEditor\package.nw" --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --enable-logging --v=1 --mojo-platform-channel-handle=516 --field-trial-handle=1972,i,1721684516321687084,9110115159010768054,262144 /prefetch:2
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4056
- C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe
  "C:\Users\Admin\AppData\Local\Temp\SMEditor\SMEditor.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --enable-logging --v=1 --user-data-dir="C:\Users\Admin\AppData\Local\SMEditor\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\SMEditor\package.nw" --enable-logging --v=1 --mojo-platform-channel-handle=520 --field-trial-handle=1972,i,1721684516321687084,9110115159010768054,262144 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:848

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x4c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\SMEditor\User Data\Crashpad\reports\2d76e6b0-7fc4-4dac-be7a-ff017e68c74c.dmp

Filesize
2.0MB

MD5
a213d485edb7f91dcf584cafe6be2a80

SHA1
956b19c252b3b164b49b3c585103d36533c3a5af

SHA256
9604b77390c03c35d6d7bf84ac43d83bd310e4c3a8a0be9c0d5d7851c5a8fc4a

SHA512
4528d163d64c5a2b52f677e7f20cb1a5bf71ef5dcad3142c5fbe1968500868834270b324ee405e1d92c2a0754019839370cef7949524fa057f79d159567c7f3c

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Crashpad\reports\acef2534-5b7d-40fb-8f76-735327087996.dmp

Filesize
2.0MB

MD5
3695a9948d56c909115e844e4056bdec

SHA1
43675c94233cb6ab3c723f5da0195880fc2fe49f

SHA256
a1bc9a6d38a050b09fbc64039937191a35030508ef453b7f440e5512be1bea87

SHA512
24d8f9fbba711e3ece4f2aad51629aa36fb571b1019ba2628415aaab02ec2b59e3b66f37e2c8dcac003bd886e614e259579d5d305504dc09a918f9a4d26794eb

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Crashpad\settings.dat

Filesize
40B

MD5
31f8575a65640d62b77ad890607a1241

SHA1
0edac2dd86aefbd8b46c9bf0728d6e0c894fa9f8

SHA256
5a1044a19bd536005b665539477b96d4ddc0ce50a2257bba882c76ddd4ea2a1d

SHA512
1a77826d5f9792ccfe7ec6b82f1d7f55976e00f0c8672dcfe13232dc7a7accf91d463f6bf56a7381a6a69b33506ac46ce770c7f95628362869a51e033d05dd26

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f835044010846cd420b5a26011677c82

SHA1
295e64d6edaf36eb21a7865ce52b12fdf2e0c5d2

SHA256
73aafde490091fc3fe370f6d67d52a639aa5d720e4bb747e7c58c611162847fc

SHA512
5f9f46cf7f8ebe279265b7a7519f61e277234ae69be58f85ebea0fc1951d9ba7602f27f8488477777efc8e1a3512e4742e9dd27a2c8bee317738b69c6209428d

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
01269911d57683763afb946d0946b279

SHA1
d03c187f0400ec526b370a24c3bf7f8d8dead8b0

SHA256
f8c749d6153c5212a93334eb6bbdb43b9989b45e301f92ce8f617cb39b37bf2e

SHA512
b947800444ef2aeed0cb38602ee843d20028de31c94f6d76986c9b96f6240839f4685f2fa01ca980bd28d6ace5d847f7c26ce7beef7ac77f29519cce95abc34a

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe582054.TMP

Filesize
48B

MD5
e9faf1f0ebd7e221044519686e76822c

SHA1
425bbce7da6f2087a0cb6c39f8a6ad57fcd5300b

SHA256
80f3eb384a661551d528952161be5176e9d779ea8b67a4bf845038b527b6b8d9

SHA512
deabc9e2776b9bef191a3ca72708588bba886ec52c62f55bfe93d68e398b49c30486c4c6ba7733e33cab9b93d4a0b2c6681c8df8a2f16529aee536c88d590f20

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Google Profile.ico

Filesize
148KB

MD5
728fe78292f104659fea5fc90570cc75

SHA1
11b623f76f31ec773b79cdb74869acb08c4052cb

SHA256
d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

SHA512
91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\History

Filesize
160KB

MD5
82d6abd3f7cd3c0e144e4818fc0ee8ca

SHA1
55883f5aaaf210c4eb2246345bfd3302d9a69668

SHA256
990f9febdf23112b622777faec105e62fb4a5ddf9e294f04704489e06b336c8d

SHA512
49fc1799a3299e54ede163d574217997dce3b9beef29c21e2812d0cb3eafdee99ed680b2feecfd80fe37ca5aded9883b03949057c09d3d32f7e6e171c9a0f322

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e6eb7576440198ed4a10bc9e62cf6f32

SHA1
b5fe6e20ee59f6608482975cc1aedcf00fd44688

SHA256
453d2251fdb2c48849842c4aa018009158a11bf257c3908b2c365ab58d9f62d1

SHA512
27c8342c3610df8ab162fc90cd2cb047318dc03e487e77e07da5852222bec908d01ada33ab62094ef7e4c1bff4fc4e1e3745822ee93f27113a760b5ca1dd89d0

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Network\Network Persistent State~RFe5808c5.TMP

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Network\TransportSecurity

Filesize
355B

MD5
cd605b17699d0e33ae9bae7ab9be39e1

SHA1
c7e2a45a6cba1f76badaef8450abc5ba433d97ad

SHA256
c3a9009eae71f792a4422c45700096494ebd1b9a1ef423e06a6d259860477fe5

SHA512
d24c3388e27376f7f6a7450e5d14d695b470c1315779fa4d19c5dc6b9e60628dadcb917716035cba052e146444a2914e2694088c64ca9a65f88b0967bfc93730

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Network\TransportSecurity

Filesize
355B

MD5
128f841bd0c4ba76b05fa67ed3d5b19a

SHA1
c4c28279bc8a72964e95b65e4b04c193df787f89

SHA256
22306652ea889f79ff54d592a40f47ea1089085eec9ea84243e329437685ef7e

SHA512
f121c40728f9e33a5f28a5649c3754ec1fcb3ba33a98fd9113a9421dfa9a00da08fe5dc91d67588387bc4c2994a350262827c25c5df7527fbc38e70539278417

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Network\TransportSecurity

Filesize
355B

MD5
7eae03073618069cca15388b27fb9977

SHA1
c4677e2c209072fda7fee7febaae9dd64c611941

SHA256
3066e37b22092066eff7ed3b1020ec0b84d0744ed266b71230ec75ff9d42471a

SHA512
aa843ab04ab6671082a73e3377672b6abfb242a1ce9a875505e45e3dd5703f0ef78915c9663d4151ffaa0ceaaffaa5edaaf0c682259590e7afe60e6918786789

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Network\TransportSecurity~RFe57e6e5.TMP

Filesize
355B

MD5
2c5f2737e9133dd84ec239df90fb0ffc

SHA1
734dd0c87fba691634706238a2f2933abc36c888

SHA256
667e31ab264eb420a7ad0e6635bbef2a742507e930b766a589b39767399c0fd5

SHA512
af421a2efb645e9f1b38add6ed2c340bcbeea0ed9b5977259752772ebb4c0fed85f57c38cc8030a095f0256151cca258877f7a9724d32556d801d2f9b4b109d8

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Preferences

Filesize
5KB

MD5
1ba03b589465e75d75078ac95552af08

SHA1
edb4518c106fc4b7abf8ed9639d0d296ba26bd29

SHA256
1ddef7e5588fc77bd24bd25ed4607a61199547fee81ab7470a7e1613a2d46f60

SHA512
fd80a7e6f8a42a9db5372d40c1c10508816e3a695d899ce6b4f0852a445aa52537959d4b4763b82b0dbdf1ebe5a94de86561cd77be98dbbc7ca0f26599c1ddb3

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Preferences

Filesize
5KB

MD5
0712d35788733e60ca549afe64a1d655

SHA1
b9154517afc30209d684a7ddee2a3fceb20cba5b

SHA256
72890c84b72ac7da1e7d562a0a600b9a2c6a046237855e847671f14a61fab42f

SHA512
a08d9ef8807d792ed41b63714751e83757cd88d0b4c9640c0b0fc0eb33b69e14400caf8bda907ec4d39e5916aa8090558723cd79360c2316063541d414433214

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Preferences

Filesize
4KB

MD5
e5e5ab2cf73c46345022df8001d86cca

SHA1
b89dd026dabaf7de2cb6c0be4013c1327d0e5dc0

SHA256
4a16f9761bf2082a0c28555b85904798def51b6da9fec19b465d92b438fc1969

SHA512
d830b54812f3eb893f4ec409fd9e70d5fcc535ccba967d9f303ee2d9cd926b4f1fb1d11cdae3bee0f0434a6ab3138da9d124a4bc2e286fcb564942a7e5541423

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Preferences

Filesize
4KB

MD5
2568b2c7ed47c5976b040d429b70c2a0

SHA1
9204be7b86137cd96dedfaaf5f089cc4f6e2bccd

SHA256
1460e19381f39f921606643dbb039fa647d90fe09102560e19d4aad33040cace

SHA512
96198d576f0c3ac566c930c6a4fbd4f6c9709c90ba2370f86a85a6432825070a1e82c800a1c1427bbff71ed22532aa1505669f7b9a35bfd792f0bed92bed5974

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Preferences~RFe5828e0.TMP

Filesize
4KB

MD5
62354344bf71d751c37e54f4bcdc93f4

SHA1
4ddfc8d391b7d6c47439a13958051068de8ee91c

SHA256
c33c1696a4519dcdc533bb4e4ef5bffc292a59c6b8528d910ce07fec62376de5

SHA512
7e081dd466adc25d8ef1ff43608581fdc4157042b3ef5b87f6fbdefd8e794aee44521d9eea54a9021173d267493cf1c858d327509ebf1331d1cc450d9d047a1f

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Service Worker\CacheStorage\8572995fd71996d058344497046a30a5a27e6cbc\f26a253f-ceb4-48a4-b6c8-8ae3098c536a\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Service Worker\CacheStorage\8572995fd71996d058344497046a30a5a27e6cbc\f26a253f-ceb4-48a4-b6c8-8ae3098c536a\index-dir\the-real-index

Filesize
48B

MD5
48dfe3f118ac6a7ff348984bd226a39d

SHA1
a091b550606d267c8c6c0820f90faadf6c9617f2

SHA256
aea1e6e215c46833b94844f363181a7e275eb47cb6e65be303cee5c051637e3a

SHA512
5df2d8020c238a61bc4889187851596fc001d28c897a406472f14d47e2e7de841d9b79b94fd7797c8d75a462ecfd908a0bd7baeee9f4f1671bccbe8e14a85322

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Service Worker\CacheStorage\8572995fd71996d058344497046a30a5a27e6cbc\f26a253f-ceb4-48a4-b6c8-8ae3098c536a\index-dir\the-real-index

Filesize
672B

MD5
4411ed93ff1d4b6b076aa619691468a8

SHA1
4b6f31adef562c6abc6f1e0e6f56d39fefc96edf

SHA256
456642aeb93745ba911982d10b736665cecfb8da6c60fd2c802d3f344a4ce2ab

SHA512
99e841c824328df98f2af03971ebc27da922799ffee76217dd106226e3b6d845de288b0c4e9ce6ede639edc45920e60601e6a4b1d248f5994db0a66399a937ac

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Service Worker\CacheStorage\8572995fd71996d058344497046a30a5a27e6cbc\index.txt

Filesize
166B

MD5
5c581df8e64d2daab14eaf77c48e6759

SHA1
2a8671c192bfa2f9734db51fc564ebb2fa2f3f04

SHA256
f815849f91cc60bef2789c12ed202758a9cd4d77d50091099a0d62e6c4e5f540

SHA512
b8aa70d3b61b96f606a375e8999541215a54f75cc36da3b2f208e8e2a9fbca52aba57932f589cd8130cc1be85f79ab7416d909de3fadbc730d38a4d9e4d0b244

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Service Worker\CacheStorage\8572995fd71996d058344497046a30a5a27e6cbc\index.txt~RFe58cca2.TMP

Filesize
170B

MD5
9936cf6387f164a97492a5378be2005e

SHA1
ccb2001c9b83451a6a721cf02fa261df9ecb3c2a

SHA256
0087c90c885c804d00c5890a8e7eee8c76d6cf690735b05a2479df0f9b0d411a

SHA512
a4b9bf7fa2f437bed74408974c7ba1384cbda5056b314d42a0be147c6c345e0ac44f2fbc09b9f39324cf6fec860577d8f1f2642cac2a9a18d859f03abcab50c6

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
68b448bf979f5e783c5f5719a7bf1787

SHA1
79f3f4b12d0b21a94eaaef54e59f08a2181a70ff

SHA256
b9118afec04925b2d4b3480bde2fc5677695907f60a0242e693cb5b517495a4b

SHA512
f6cef6d5a9ea8c9f0707a295aa9ac0b583bba41917622f6831810d6f30ba6512c2f0e6ccded1421c0a970b0ff042456d7b1ccd6700ee420a9d40fcdab1b09718

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582ebc.TMP

Filesize
48B

MD5
5ffa8b215581095d662a96413af91ed5

SHA1
150a0acdfbd2bd40cc8d29ceeb62eebc286db6ed

SHA256
438c380fb2c2a3efcacd99e506e7944a13b3d2680061bcaeeedce0af951ca1f6

SHA512
bf186b72dfd1350286bf12c9cf49658b9cd3117858b23447f2d8f395bad34f73b9576170930858c21c277ed3c4ea25226e5f52500e59e862462a4e623b1a67a9

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Site Characteristics Database\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Local State

Filesize
2KB

MD5
685d97d9db01c072dbc90fd0728ec7bf

SHA1
07ec180194395ca7a0ee041e71b04318c94d74cd

SHA256
031ae425d3eb993208b5b73712a0cf46b66c44bd9d3b5a7447efd1deda4495fb

SHA512
ee7202f8f0449c7a7249c9dc1aff63dfd61d41d1037b94d38d7a6d7290f46b0d6973d7bf21c6e4279e46487cfd3a18900a8f26a02532af26601d67ea44cc209f

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\Local State~RFe57b381.TMP

Filesize
868B

MD5
9f8359226b3f63e752c0278fdcfdfdeb

SHA1
610e564ebf818e1523b9fcb316c23947c5fea8e7

SHA256
1d453d5e939e4de0c00f3608853237accd0ffc17347f4ef8e0a8352778c27875

SHA512
e886f9340569b8638aca94fba5b6c120cfa4ccc38accd12d8ea472efcbe43396616decd19088cb5a50ad8ebc1873160bfbe5092bed93b5ba71412120d2ab8e0d

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\ShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\ShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\ShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\ShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\ShaderCache\index

Filesize
256KB

MD5
d04e6c10ac3f3239f8f8749a84bd9b58

SHA1
b2cbc2372bde6cf1955781ab51970a26d00e9be9

SHA256
8d39e14c82122b9a32575c3be5a0d8abf92ad36609fbba6415acb4d2e252ff8d

SHA512
2832594a46bd0c5e6961e4ca71d1950ca9a75b308d5214fe8884c8ed469ce29ce4a4b059466a6a423feec14f10be0e2a10290c5a2096662b8dc2284c0664662e

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\chrome_debug.log

Filesize
3KB

MD5
98d94950afa7fb5b3e328e673b12a4c9

SHA1
eb8bc4a36e99f234cd453364e103418a7721cf6b

SHA256
7c27cdc4d2047b2af5ef33cddb8cfba012ec9e7cc8f7ab71c7808a6efbbe1b57

SHA512
156b8300a12944ca0d416492b72e1c5794e063cb5f3bb20f21c81b3f1a614ff7d974093d21cd7525e9307105d9d335aea1f25d45c70f0ad11d8eace1898d5b8d

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\chrome_debug.log

Filesize
7KB

MD5
3b8ae80371712deb3ee9f76805a544ae

SHA1
f65c67cc46566615ad0c6563943a4cf644859d83

SHA256
9b91b6b657d68c8e9aa72d1f28f849ebe8ae4b58bcf0933e546f10ac05063da3

SHA512
94ee139df3eb8c8fd8e7ac774ec96a701e252ae6f52091681611d6ef34ba4ae95fd2fa2beb95f1d811882908a0778e1b11c37cee048cb7bb81e0f60715023f73

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\chrome_debug.log

Filesize
13KB

MD5
d3c28100f353ecf3494d5939d009829f

SHA1
a6cf720b36e6da2ae4bed5b6aa77eab2586b0f44

SHA256
43f2896d7acc608fcd641852adca02021dc38d349cc9084d945dffcaae88950f

SHA512
67e4d874b2d4c3cfacc4153dbe87fda0bb09c72291d7f647110c6c3f1d3c323a230cdbaae8e042f6cdd36439087cc6333a0a8f446706bfb432e492dea1ea39b1

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\chrome_debug.log

Filesize
34KB

MD5
dafbef173372bdccb0f473d19a85e40f

SHA1
2d026fd59cb34ffc11e96acd6df8013f5adf1fac

SHA256
ffab495b8dabec93ec1c13771af264c3fe40170696d0fbe645c37cc2658f6273

SHA512
782659ffab63bf70fbbc21f59f40065d5308e949f6b792f4d08f8fad2e340653eac43b7f017f85b8dbf20828e95a0febc6a790cefcd04767eef84c9ffa61fa0b

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\chrome_debug.log

Filesize
70KB

MD5
3d27e249e550ac33c2d919df07ba87c0

SHA1
24959f83d453bf7df226a8fd4c436ac38ac3d43e

SHA256
6dfd53d7611f6662d3f1a24a65eb5a2895960ff92574e7f538bb306db8cd30ca

SHA512
b550dc0b8e6b9312e762a77593b628661f5f11461abfa9958043e80ce6f4a726a2e9a8b3d85176d15690623097884873f3c828edbf198e9db288efffeebbcfcd

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\chrome_debug.log

Filesize
72KB

MD5
07fabd6b18e55b0865c7fdd81b9bd465

SHA1
34c0b081f95a54e8b584d097289360324c72fc00

SHA256
b589883246cc3660701e5154c24c6bbe3dde361a298ceee35c3816bf7ea53422

SHA512
48e962d68418653e7c309db3d3dd0efe475b53f093470960d5e0db50c1ba1cbc6cdeca276c8a38560999e11442854df9d0e4e1f0ea89e7268236c0246271513e

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\chrome_debug.log

Filesize
86KB

MD5
865a9286c5956a599c890fc7448e69b1

SHA1
f51909904082d30db43b11981792e90525731e2b

SHA256
5d629e58a460b28de55c166585054c2d6a2d96c91697212d5d90d81441adaf74

SHA512
bc5962eb57857cbcea9e8cd01061f0eb7b6159f1bdba7ea7a4eaa2ef8ab7e4083cfd4ab12be54962a3f098f1db8979f7c1fa28473c91fd67e570d19cdf285292

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\chrome_debug.log

Filesize
91KB

MD5
52c75d6603953d4c6e33a965efc9060e

SHA1
13840acbc1dc43b5396a172c6acfc45dda85854d

SHA256
f6f739c491b464ab6e3fa09c7cf50e16f4de556ff418a826c802d09212403196

SHA512
bafbeb7d4af4b33a85dd02c35724c0b07f3c1fde537c8009bb26f8e74053410cb0f8ecab9d8a8c1f57a03b736fddb64be75c8cc7710c274e7171584133afdf96

Download Submit
C:\Users\Admin\AppData\Local\SMEditor\User Data\chrome_debug.log

Filesize
94KB

MD5
715f13d9e6c7dcdb1f5975e03c8543ec

SHA1
c8877f143ca94f223d016ecc345b644483bc68f5

SHA256
95ff17675b36f6044842ea86ec6be7e22fb98c8778f3d8bb9fcb2672e31fd90d

SHA512
408d4de59a96664b199896d9d3be41b071d0de157ba2b11ec7b9be8065bb7c104429f6dee2996c6a014775c092ba6590994c2e78e3d76992240df5e6511c339f

Download Submit
C:\Users\Admin\Desktop\New Song.sm

Filesize
244B

MD5
21f6f968b8e25206b7277f987352e095

SHA1
c507fbab8a0d720d9fbf8bcf37254d5e1514dace

SHA256
0f34050703a3efdd0126341783a4119b0bfb230c1426eb6496f80c9dddb38daa

SHA512
920d66403919f9d3df36ba69d31c207a35f8115b39b38cc1d5968f0e58e5d79ae3d379a0e7c25099abc252889d748990c44b54d152963c9bd287b2dc41763c0a

Download Submit
memory/4056-519-0x0000017531A50000-0x0000017531A51000-memory.dmp

Filesize
4KB

Download
memory/4056-517-0x0000017531A50000-0x0000017531A51000-memory.dmp

Filesize
4KB

Download
memory/4056-516-0x0000017531A50000-0x0000017531A51000-memory.dmp

Filesize
4KB

Download
memory/4056-515-0x0000017531A50000-0x0000017531A51000-memory.dmp

Filesize
4KB

Download
memory/4056-518-0x0000017531A50000-0x0000017531A51000-memory.dmp

Filesize
4KB

Download
memory/4056-514-0x0000017531A50000-0x0000017531A51000-memory.dmp

Filesize
4KB

Download
memory/4056-513-0x0000017531A50000-0x0000017531A51000-memory.dmp

Filesize
4KB

Download
memory/4056-509-0x0000017531A50000-0x0000017531A51000-memory.dmp

Filesize
4KB

Download
memory/4056-508-0x0000017531A50000-0x0000017531A51000-memory.dmp

Filesize
4KB

Download
memory/4056-507-0x0000017531A50000-0x0000017531A51000-memory.dmp

Filesize
4KB

Download