7f8a7557d92ed985e26d9f0bfefa7d2dec72ee38e28579aca86fcb1114e4c267

General

Target

sublime_text_build_4169_x64_setup.exe
Size

15.7MB
MD5

591561a993ef58f8c547f1542c1ed2d8
SHA1

1177c6451fdaa841f7a8cb0feed53b6621e3356d
SHA256

7f8a7557d92ed985e26d9f0bfefa7d2dec72ee38e28579aca86fcb1114e4c267
SHA512

4902149980eebfdd8720600002d181816d8b36292fd8b5af5a023928738aa30789b3ee3c1075f304b55f4809b2df5dc63fa453e8747672064475e07478829089
SSDEEP

393216:fXI2GZeymKWixJkWwmP7o/OVHLBL5Y7rFQD0t1/26tTK:f4NoymKPQOVHLBLG9+wN1t

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

sublime_text_build_4169_x64_setup.tmp

pid process

836 sublime_text_build_4169_x64_setup.tmp
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
836	sublime_text_build_4169_x64_setup.tmp

Drops file in Program Files directory 64 IoCs

Processes:

sublime_text_build_4169_x64_setup.tmp

description	ioc	process
File opened for modification	C:\Program Files\Sublime Text\python38.dll	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\crash_handler.exe	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\vcruntime140.dll	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-HVO4G.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-75TQ5.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-9UN9Q.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-KDGC3.tmp	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\plugin_host-3.3.exe	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-OI7UQ.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-DK8AR.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-QFB58.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-BHS2U.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-UBJR6.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-V5UC6.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-PP9AH.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\unins000.msg	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-983LN.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python33\is-8TTC9.tmp	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\sublime_text.exe	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\libcrypto-1_1-x64.dll	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-LOJKN.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-4L7VH.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-V33FP.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-MSL96.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-3HNLR.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python38\is-PI753.tmp	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\python33.dll	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-8IKS8.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-L01IG.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-T50FE.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-QPGJ4.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-9KAB4.tmp	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\plugin_host-3.8.exe	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-4N8F8.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-BN72J.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-65BKN.tmp	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\update_installer.exe	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-15HMM.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-LLNIG.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-LHH0P.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python38\is-VD5T6.tmp	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\libssl-1_1-x64.dll	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python3\certifi\is-O0GBP.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-D8FQ5.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-RCE42.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-ODVT4.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-2ELRT.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-O6TO6.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python38\is-PA58D.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-HQDPH.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-6JOR2.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-P469D.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-NJU2L.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-HSIPD.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-QMUTP.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-M3B0L.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-OQ0E1.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-DPHD7.tmp	sublime_text_build_4169_x64_setup.tmp
File opened for modification	C:\Program Files\Sublime Text\sqlite3.dll	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\is-OQ6MP.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\is-1PKU6.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Lib\python3\certifi\is-6EKEK.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-6724J.tmp	sublime_text_build_4169_x64_setup.tmp
File created	C:\Program Files\Sublime Text\Packages\is-9327J.tmp	sublime_text_build_4169_x64_setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

Processes:

sublime_text_build_4169_x64_setup.tmp

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.color-scheme\shell\open\command\ = "\"C:\\Program Files\\Sublime Text\\sublime_text.exe\" \"%1\""	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-mousemap\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.project\ = "Sublime Project"	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.snippet	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-syntax\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.syntax	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.project\shell\open	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.keymap\shell\open\command\ = "\"C:\\Program Files\\Sublime Text\\sublime_text.exe\" \"%1\""	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-mousemap\OpenWithProgids\com.sublimehq.sublimetext.mousemap	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.project\DefaultIcon\ = "C:\\Program Files\\Sublime Text\\sublime_text.exe,1"	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.project\shell\open\command\ = "\"C:\\Program Files\\Sublime Text\\sublime_text.exe\" \"%1\""	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.sublime-syntax\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-build\OpenWithProgids\com.sublimehq.sublimetext.build-system	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-syntax	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.macro\ = "Sublime Macro"	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.macro\DefaultIcon	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.menu\DefaultIcon\ = "C:\\Program Files\\Sublime Text\\sublime_text.exe,1"	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.settings\DefaultIcon\ = "C:\\Program Files\\Sublime Text\\sublime_text.exe,1"	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.workspace	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-color-scheme	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.color-scheme\DefaultIcon\ = "C:\\Program Files\\Sublime Text\\sublime_text.exe,1"	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.sublime-menu\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.syntax\shell	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-settings\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.settings\ = "Sublime Settings"	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-theme\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.color-scheme\shell	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.menu\ = "Sublime Menu"	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.sublime-project\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\sublime_text.exe\shell\open	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.macro	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\sublime_text.exe\SupportedTypes\.sublime-menu	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.snippet\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.syntax\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.commands\shell	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.completions\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\sublime_text.exe\SupportedTypes\.sublime-completions	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.menu	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.sublime-mousemap\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.syntax\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\sublime_text.exe\SupportedTypes\.sublime-workspace	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.completions\DefaultIcon\ = "C:\\Program Files\\Sublime Text\\sublime_text.exe,1"	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.mousemap	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.theme	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.sublime-build\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-macro	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\sublime_text.exe\SupportedTypes\.sublime-macro	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-menu\OpenWithProgids	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.menu\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.snippet\ = "Sublime Snippet"	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-snippet\OpenWithProgids\com.sublimehq.sublimetext.snippet	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.theme\DefaultIcon\ = "C:\\Program Files\\Sublime Text\\sublime_text.exe,1"	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.color-scheme\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.commands\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sublime-completions\OpenWithProgids\com.sublimehq.sublimetext.completions	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.menu\shell\open	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.workspace\DefaultIcon	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.workspace\shell\open\command\ = "\"C:\\Program Files\\Sublime Text\\sublime_text.exe\" \"%1\""	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\com.sublimehq.sublimetext.build-system\shell\open\command	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.commands	sublime_text_build_4169_x64_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\sublime_text.exe\SupportedTypes\.sublime-commands	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.completions\shell\open	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.workspace\shell	sublime_text_build_4169_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\com.sublimehq.sublimetext.color-scheme	sublime_text_build_4169_x64_setup.tmp

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

sublime_text_build_4169_x64_setup.tmp

pid process

836 sublime_text_build_4169_x64_setup.tmp
836 sublime_text_build_4169_x64_setup.tmp
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

sublime_text_build_4169_x64_setup.tmp

pid process

836 sublime_text_build_4169_x64_setup.tmp

pid	process
836	sublime_text_build_4169_x64_setup.tmp
836	sublime_text_build_4169_x64_setup.tmp

pid	process
836	sublime_text_build_4169_x64_setup.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

sublime_text_build_4169_x64_setup.exe

description	pid	process	target process
PID 2960 wrote to memory of 836	2960	sublime_text_build_4169_x64_setup.exe	sublime_text_build_4169_x64_setup.tmp
PID 2960 wrote to memory of 836	2960	sublime_text_build_4169_x64_setup.exe	sublime_text_build_4169_x64_setup.tmp
PID 2960 wrote to memory of 836	2960	sublime_text_build_4169_x64_setup.exe	sublime_text_build_4169_x64_setup.tmp

C:\Users\Admin\AppData\Local\Temp\sublime_text_build_4169_x64_setup.exe
"C:\Users\Admin\AppData\Local\Temp\sublime_text_build_4169_x64_setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2960

C:\Users\Admin\AppData\Local\Temp\is-6LEQR.tmp\sublime_text_build_4169_x64_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-6LEQR.tmp\sublime_text_build_4169_x64_setup.tmp" /SL5="$4021C,16071622,121344,C:\Users\Admin\AppData\Local\Temp\sublime_text_build_4169_x64_setup.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:836

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-6LEQR.tmp\sublime_text_build_4169_x64_setup.tmp
Filesize
1.1MB

MD5
8f7da348d1de78061ff3923fc50a24d5

SHA1
117257f0ad968f65c3a51010ffce82fae9411fb0

SHA256
5f417318ca2e2b98b9b781106fd9fbb64e959685ca697e017c4365c449baa7ce

SHA512
52552bced567566ffe4210cb6ddd27a1f7482559c7574bde0607ce22ae9980b57794cb3d0c4cee63768f69cc9b16336c2540141ff99e57e9c5c33cfc21ff602c

Download Submit
memory/836-6-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/836-32-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/836-175-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/2960-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2960-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/2960-31-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2960-176-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads